647ff667e6
In services which use the Apache HTTP server to service HTTP requests, there exists a TimeOut directive [1] which defaults to 60 seconds. APIs which come under heavy load, such as Cinder, can sometimes exceed this which results in a HTTP 504 Gateway timeout, or similar. However, the request can still be serviced without error. For example, if Nova calls the Cinder API to detach a volume, and this operation takes longer than the shortest of the two timeouts, Nova will emit a stack trace with a 504 Gateway timeout. At some time later, the request to detach the volume will succeed. The Nova and Cinder DBs then become out-of-sync with each other, and frequently DB surgery is required. Although strictly this category of bugs should be fixed in OpenStack services, it is not realistic to expect this to happen in the short term. Therefore, this change makes it easier to set the Apache HTTP timeout via a new variable. An example of a related bug is here: https://bugs.launchpad.net/nova/+bug/1888665 Whilst this timeout can currently be set by overriding the WSGI config for individual services, this change makes it much easier. Change-Id: Ie452516655cbd40d63bdad3635fd66693e40ce34 Closes-Bug: #1917648
52 lines
1.8 KiB
Django/Jinja
52 lines
1.8 KiB
Django/Jinja
{% set ironic_log_dir = '/var/log/kolla/ironic' %}
|
|
{% set wsgi_directory = '/usr/bin' if ironic_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
|
|
{% if ironic_enable_tls_backend | bool %}
|
|
{% if kolla_base_distro in ['centos'] %}
|
|
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
|
|
{% else %}
|
|
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
|
|
{% endif %}
|
|
{% endif %}
|
|
Listen {{ api_interface_address | put_address_in_context('url') }}:{{ ironic_api_listen_port }}
|
|
|
|
ServerSignature Off
|
|
ServerTokens Prod
|
|
TraceEnable off
|
|
TimeOut {{ kolla_httpd_timeout }}
|
|
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
|
|
|
|
<Directory "{{ wsgi_directory }}">
|
|
<FilesMatch "^ironic-api-wsgi$">
|
|
Options None
|
|
Require all granted
|
|
</FilesMatch>
|
|
</Directory>
|
|
|
|
ErrorLog "{{ ironic_log_dir }}/apache-error.log"
|
|
<IfModule log_config_module>
|
|
CustomLog "{{ ironic_log_dir }}/apache-access.log" common
|
|
</IfModule>
|
|
|
|
{% if ironic_logging_debug | bool %}
|
|
LogLevel info
|
|
{% endif %}
|
|
|
|
<VirtualHost *:{{ ironic_api_listen_port }}>
|
|
WSGIDaemonProcess ironic-api processes={{ openstack_service_workers }} threads=1 user=ironic group=ironic display-name=ironic-api
|
|
WSGIProcessGroup ironic-api
|
|
WSGIScriptAlias / {{ wsgi_directory }}/ironic-api-wsgi
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
WSGIPassAuthorization On
|
|
<IfVersion >= 2.4>
|
|
ErrorLogFormat "%{cu}t %M"
|
|
</IfVersion>
|
|
ErrorLog "{{ ironic_log_dir }}/ironic-api-error.log"
|
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
|
|
CustomLog "{{ ironic_log_dir }}/ironic-api-access.log" logformat
|
|
{% if ironic_enable_tls_backend | bool %}
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ironic/certs/ironic-cert.pem
|
|
SSLCertificateKeyFile /etc/ironic/certs/ironic-key.pem
|
|
{% endif %}
|
|
</VirtualHost>
|