From f5d6bf6e61cea7b8935441dec6233883f9f656a9 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 1 Apr 2025 15:38:53 +1300 Subject: [PATCH] heat: Add support for using uWSGI Depends-On: https://review.opendev.org/c/openstack/kolla/+/954891 Signed-Off-By: Michal Nasiadka Change-Id: I8f6339af3b88e8cf436192d5b85abca5c4cae9c2 --- ansible/roles/heat/defaults/main.yml | 7 +++ ansible/roles/heat/tasks/config.yml | 44 ++++++++++++++++++- .../roles/heat/templates/heat-api-cfn.json.j2 | 20 ++++++--- ansible/roles/heat/templates/heat-api.json.j2 | 20 ++++++--- .../uwsgi-flamingo-5144740f1a2bb4fb.yaml | 13 ++++++ 5 files changed, 90 insertions(+), 14 deletions(-) create mode 100644 releasenotes/notes/uwsgi-flamingo-5144740f1a2bb4fb.yaml diff --git a/ansible/roles/heat/defaults/main.yml b/ansible/roles/heat/defaults/main.yml index bcc38686a4..e72b6040a1 100644 --- a/ansible/roles/heat/defaults/main.yml +++ b/ansible/roles/heat/defaults/main.yml @@ -8,6 +8,7 @@ heat_services: volumes: "{{ heat_api_default_volumes + heat_api_extra_volumes }}" dimensions: "{{ heat_api_dimensions }}" healthcheck: "{{ heat_api_healthcheck }}" + wsgi: "heat.wsgi.api:application" haproxy: heat_api: enabled: "{{ enable_heat }}" @@ -36,6 +37,7 @@ heat_services: volumes: "{{ heat_api_cfn_default_volumes + heat_api_cfn_extra_volumes }}" dimensions: "{{ heat_api_cfn_dimensions }}" healthcheck: "{{ heat_api_cfn_healthcheck }}" + wsgi: "heat.wsgi.cfn:application" haproxy: heat_api_cfn: enabled: "{{ enable_heat }}" @@ -265,3 +267,8 @@ heat_database_enable_tls_internal: "{{ database_enable_tls_internal | bool }}" # Copy certificates ################### heat_copy_certs: "{{ kolla_copy_ca_into_containers | bool or heat_enable_tls_backend | bool or heat_database_enable_tls_internal | bool }}" + +###### +# WSGI +###### +heat_wsgi_provider: "uwsgi" diff --git a/ansible/roles/heat/tasks/config.yml b/ansible/roles/heat/tasks/config.yml index ffd26b55c7..107e72198e 100644 --- a/ansible/roles/heat/tasks/config.yml +++ b/ansible/roles/heat/tasks/config.yml @@ -73,7 +73,27 @@ dest: "{{ node_config_directory }}/heat-api/wsgi-heat-api.conf" mode: "0660" become: true - when: service | service_enabled_and_mapped_to_host + when: + - service | service_enabled_and_mapped_to_host + - heat_wsgi_provider == "apache" + +- name: Configure uWSGI for heat-api + include_role: + name: service-uwsgi-config + vars: + project_services: "{{ heat_services }}" + service: "{{ heat_services['heat-api'] }}" + service_name: "heat-api" + service_uwsgi_config_http_port: "{{ heat_api_listen_port }}" + service_uwsgi_config_log_file_chmod: "644" + service_uwsgi_config_module: "{{ service.wsgi }}" + service_uwsgi_config_tls_backend: "{{ heat_enable_tls_backend | bool }}" + service_uwsgi_config_tls_cert: "/etc/heat/certs/heat-cert.pem" + service_uwsgi_config_tls_key: "/etc/heat/certs/heat-key.pem" + service_uwsgi_config_uid: "heat" + when: + - service | service_enabled_and_mapped_to_host + - heat_wsgi_provider == "uwsgi" - name: Copying over heat-api-cfn wsgi config vars: @@ -83,4 +103,24 @@ dest: "{{ node_config_directory }}/heat-api-cfn/wsgi-heat-api-cfn.conf" mode: "0660" become: true - when: service | service_enabled_and_mapped_to_host + when: + - service | service_enabled_and_mapped_to_host + - heat_wsgi_provider == "apache" + +- name: Configure uWSGI for heat-api-cfn + include_role: + name: service-uwsgi-config + vars: + project_services: "{{ heat_services }}" + service: "{{ heat_services['heat-api-cfn'] }}" + service_name: "heat-api-cfn" + service_uwsgi_config_http_port: "{{ heat_api_cfn_listen_port }}" + service_uwsgi_config_log_file_chmod: "644" + service_uwsgi_config_module: "{{ service.wsgi }}" + service_uwsgi_config_tls_backend: "{{ heat_enable_tls_backend | bool }}" + service_uwsgi_config_tls_cert: "/etc/heat/certs/heat-cert.pem" + service_uwsgi_config_tls_key: "/etc/heat/certs/heat-key.pem" + service_uwsgi_config_uid: "heat" + when: + - service | service_enabled_and_mapped_to_host + - heat_wsgi_provider == "uwsgi" diff --git a/ansible/roles/heat/templates/heat-api-cfn.json.j2 b/ansible/roles/heat/templates/heat-api-cfn.json.j2 index c1513be55b..7868e4a1a1 100644 --- a/ansible/roles/heat/templates/heat-api-cfn.json.j2 +++ b/ansible/roles/heat/templates/heat-api-cfn.json.j2 @@ -1,19 +1,27 @@ -{% set heat_api_cfn_cmd = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %} -{% set wsgi_conf_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %} +{% set apache_binary = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %} +{% set apache_conf_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %} +{% set command = ('/usr/sbin/' + apache_binary + ' -DFOREGROUND') if heat_wsgi_provider == 'apache' else 'uwsgi /etc/heat/heat-api-cfn-uwsgi.ini' %} { - "command": "/usr/sbin/{{ heat_api_cfn_cmd }} -DFOREGROUND", + "command": "{{ command }}", "config_files": [ { "source": "{{ container_config_directory }}/heat.conf", "dest": "/etc/heat/heat.conf", "owner": "heat", "perm": "0600" - },{ + }{% if heat_wsgi_provider == 'apache' %}, + { "source": "{{ container_config_directory }}/wsgi-heat-api-cfn.conf", - "dest": "/etc/{{ wsgi_conf_dir }}/wsgi-heat-api-cfn.conf", + "dest": "/etc/{{ apache_conf_dir }}/wsgi-heat-api-cfn.conf", "owner": "heat", "perm": "0600" - }{% if heat_policy_file is defined %}, + }{% elif heat_wsgi_provider == 'uwsgi' %}, + { + "source": "{{ container_config_directory }}/heat-api-cfn-uwsgi.ini", + "dest": "/etc/heat/heat-api-cfn-uwsgi.ini", + "owner": "heat", + "perm": "0600" + }{% endif %}{% if heat_policy_file is defined %}, { "source": "{{ container_config_directory }}/{{ heat_policy_file }}", "dest": "/etc/heat/{{ heat_policy_file }}", diff --git a/ansible/roles/heat/templates/heat-api.json.j2 b/ansible/roles/heat/templates/heat-api.json.j2 index dc7939b948..b3afb81820 100644 --- a/ansible/roles/heat/templates/heat-api.json.j2 +++ b/ansible/roles/heat/templates/heat-api.json.j2 @@ -1,19 +1,27 @@ -{% set heat_api_cmd = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %} -{% set wsgi_conf_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %} +{% set apache_binary = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %} +{% set apache_conf_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %} +{% set command = ('/usr/sbin/' + apache_binary + ' -DFOREGROUND') if heat_wsgi_provider == 'apache' else 'uwsgi /etc/heat/heat-api-uwsgi.ini' %} { - "command": "/usr/sbin/{{ heat_api_cmd }} -DFOREGROUND", + "command": "{{ command }}", "config_files": [ { "source": "{{ container_config_directory }}/heat.conf", "dest": "/etc/heat/heat.conf", "owner": "heat", "perm": "0600" - },{ + }{% if heat_wsgi_provider == 'apache' %}, + { "source": "{{ container_config_directory }}/wsgi-heat-api.conf", - "dest": "/etc/{{ wsgi_conf_dir }}/wsgi-heat-api.conf", + "dest": "/etc/{{ apache_conf_dir }}/wsgi-heat-api.conf", "owner": "heat", "perm": "0600" - }{% if heat_policy_file is defined %}, + }{% elif heat_wsgi_provider == 'uwsgi' %}, + { + "source": "{{ container_config_directory }}/heat-api-uwsgi.ini", + "dest": "/etc/heat/heat-api-uwsgi.ini", + "owner": "heat", + "perm": "0600" + }{% endif %}{% if heat_policy_file is defined %}, { "source": "{{ container_config_directory }}/{{ heat_policy_file }}", "dest": "/etc/heat/{{ heat_policy_file }}", diff --git a/releasenotes/notes/uwsgi-flamingo-5144740f1a2bb4fb.yaml b/releasenotes/notes/uwsgi-flamingo-5144740f1a2bb4fb.yaml new file mode 100644 index 0000000000..beac150f25 --- /dev/null +++ b/releasenotes/notes/uwsgi-flamingo-5144740f1a2bb4fb.yaml @@ -0,0 +1,13 @@ +--- +features: + - | + Adds support for running following services using uWSGI (without using + Apache+mod_wsgi) which is enabled by default. To disable it please + set _wsgi_provider to ``apache`` (default is ``uwsgi``): + + .. list-table:: + + * - Service + - Variable + * - Heat + - heat_wsgi_provider