kolla-ansible/ansible/roles/ironic/templates/ironic-api-wsgi.conf.j2
Doug Szumski 647ff667e6 Add variable for changing Apache HTTP timeout
In services which use the Apache HTTP server to service HTTP requests,
there exists a TimeOut directive [1] which defaults to 60 seconds. APIs
which come under heavy load, such as Cinder, can sometimes exceed this
which results in a HTTP 504 Gateway timeout, or similar. However, the
request can still be serviced without error. For example, if Nova calls
the Cinder API to detach a volume, and this operation takes longer
than the shortest of the two timeouts, Nova will emit a stack trace
with a 504 Gateway timeout. At some time later, the request to detach
the volume will succeed. The Nova and Cinder DBs then become
out-of-sync with each other, and frequently DB surgery is required.

Although strictly this category of bugs should be fixed in OpenStack
services, it is not realistic to expect this to happen in the short
term. Therefore, this change makes it easier to set the Apache HTTP
timeout via a new variable.

An example of a related bug is here:

https://bugs.launchpad.net/nova/+bug/1888665

Whilst this timeout can currently be set by overriding the WSGI
config for individual services, this change makes it much easier.

Change-Id: Ie452516655cbd40d63bdad3635fd66693e40ce34
Closes-Bug: #1917648
2021-03-04 11:25:06 +00:00

52 lines
1.8 KiB
Django/Jinja

{% set ironic_log_dir = '/var/log/kolla/ironic' %}
{% set wsgi_directory = '/usr/bin' if ironic_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
{% if ironic_enable_tls_backend | bool %}
{% if kolla_base_distro in ['centos'] %}
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
{% else %}
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
{% endif %}
{% endif %}
Listen {{ api_interface_address | put_address_in_context('url') }}:{{ ironic_api_listen_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off
TimeOut {{ kolla_httpd_timeout }}
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
<Directory "{{ wsgi_directory }}">
<FilesMatch "^ironic-api-wsgi$">
Options None
Require all granted
</FilesMatch>
</Directory>
ErrorLog "{{ ironic_log_dir }}/apache-error.log"
<IfModule log_config_module>
CustomLog "{{ ironic_log_dir }}/apache-access.log" common
</IfModule>
{% if ironic_logging_debug | bool %}
LogLevel info
{% endif %}
<VirtualHost *:{{ ironic_api_listen_port }}>
WSGIDaemonProcess ironic-api processes={{ openstack_service_workers }} threads=1 user=ironic group=ironic display-name=ironic-api
WSGIProcessGroup ironic-api
WSGIScriptAlias / {{ wsgi_directory }}/ironic-api-wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog "{{ ironic_log_dir }}/ironic-api-error.log"
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
CustomLog "{{ ironic_log_dir }}/ironic-api-access.log" logformat
{% if ironic_enable_tls_backend | bool %}
SSLEngine on
SSLCertificateFile /etc/ironic/certs/ironic-cert.pem
SSLCertificateKeyFile /etc/ironic/certs/ironic-key.pem
{% endif %}
</VirtualHost>