From a669d7e4f18b5b7d089af0c7137abc30d73e5de3 Mon Sep 17 00:00:00 2001 From: Shashank Kumar Shankar Date: Fri, 3 Mar 2017 05:52:34 +0000 Subject: [PATCH] Run Octavia API in a WSGI server This patch is to enable the API to run in a WSGI server like apache2/httpd. Co-Authored-By: Adam Harwell Co-Authored-By: Michael Johnson Change-Id: I296c046f653dcf78cdca2d0df1896d27f2ba1544 --- devstack/files/wsgi/octavia-api.template | 47 ++++++++++++ devstack/plugin.sh | 76 ++++++++++++++++++- devstack/settings | 1 + doc/source/devref/apache-httpd.rst | 29 +++++++ doc/source/index.rst | 1 + httpd/octavia-api.conf | 23 ++++++ ...port-wsgi-deployment-56013fef7172e982.yaml | 3 + setup.cfg | 2 + 8 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 devstack/files/wsgi/octavia-api.template create mode 100644 doc/source/devref/apache-httpd.rst create mode 100644 httpd/octavia-api.conf create mode 100644 releasenotes/notes/support-wsgi-deployment-56013fef7172e982.yaml diff --git a/devstack/files/wsgi/octavia-api.template b/devstack/files/wsgi/octavia-api.template new file mode 100644 index 0000000000..f7e5e6de36 --- /dev/null +++ b/devstack/files/wsgi/octavia-api.template @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This is a template Apache2 configuration file for using the +# Octavia API through mod_wsgi. This version assumes you are +# running devstack to configure the software. + +Listen %OCTAVIA_SERVICE_PORT% + + + + WSGIDaemonProcess octavia-wsgi processes=%APIWORKERS% threads=1 display-name=%{GROUP} %VIRTUALENV% + WSGIProcessGroup octavia-wsgi + WSGIScriptAlias / /usr/local/bin/octavia-wsgi + WSGIApplicationGroup %{GLOBAL} + + ErrorLog /var/log/%APACHE_NAME%/octavia_error.log + = 2.4> + ErrorLogFormat "%{cu}t %M" + + CustomLog /var/log/%APACHE_NAME%/octavia_access.log combined + + %SSLENGINE% + %SSLCERTFILE% + %SSLKEYFILE% + + + WSGIProcessGroup octavia-wsgi + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + + + diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 2f099d5a04..7889fc8fa5 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -78,6 +78,65 @@ function build_octavia_worker_image { } +function _configure_octavia_apache_wsgi { + + # Make sure mod_wsgi is enabled in apache + # This is important for multinode where other services have not yet + # enabled it. + install_apache_wsgi + + local octavia_apache_conf + octavia_apache_conf=$(apache_site_config_for octavia) + + # Use the alternate port if we are running multinode behind haproxy + if [ $OCTAVIA_NODE != 'standalone' ] && [ $OCTAVIA_NODE != 'api' ]; then + local octavia_api_port=$OCTAVIA_HA_PORT + else + local octavia_api_port=$OCTAVIA_PORT + fi + local octavia_ssl="" + local octavia_certfile="" + local octavia_keyfile="" + local venv_path="" + + if is_ssl_enabled_service octavia; then + octavia_ssl="SSLEngine On" + octavia_certfile="SSLCertificateFile $OCTAVIA_SSL_CERT" + octavia_keyfile="SSLCertificateKeyFile $OCTAVIA_SSL_KEY" + fi + + if [[ ${USE_VENV} = True ]]; then + venv_path="python-path=${PROJECT_VENV["octavia"]}/lib/$(python_version)/site-packages" + fi + + sudo cp ${OCTAVIA_DIR}/devstack/files/wsgi/octavia-api.template $octavia_apache_conf + sudo sed -e " + s|%OCTAVIA_SERVICE_PORT%|$octavia_api_port|g; + s|%APACHE_NAME%|$APACHE_NAME|g; + s|%SSLENGINE%|$octavia_ssl|g; + s|%SSLCERTFILE%|$octavia_certfile|g; + s|%SSLKEYFILE%|$octavia_keyfile|g; + s|%VIRTUALENV%|$venv_path|g + s|%APIWORKERS%|$API_WORKERS|g; + " -i $octavia_apache_conf + +} + +function _cleanup_octavia_apache_wsgi { + sudo rm -f $(apache_site_config_for octavia) + restart_apache_server +} + +function _start_octavia_apache_wsgi { + enable_apache_site octavia + restart_apache_server +} + +function _stop_octavia_apache_wsgi { + disable_apache_site octavia + restart_apache_server +} + function create_octavia_accounts { create_service_user "octavia" @@ -206,6 +265,10 @@ function octavia_configure { mkdir -m755 -p $OCTAVIA_DHCLIENT_DIR cp $OCTAVIA_DIR/etc/dhcp/dhclient.conf $OCTAVIA_DHCLIENT_CONF + if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then + _configure_octavia_apache_wsgi + fi + } function create_mgmt_network_interface { @@ -386,7 +449,12 @@ function octavia_start { iniset $OCTAVIA_CONF DEFAULT bind_host 0.0.0.0 fi - run_process $OCTAVIA_API "$OCTAVIA_API_BINARY $OCTAVIA_API_ARGS" + if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then + _start_octavia_apache_wsgi + else + run_process $OCTAVIA_API "$OCTAVIA_API_BINARY $OCTAVIA_API_ARGS" + fi + run_process $OCTAVIA_CONSUMER "$OCTAVIA_CONSUMER_BINARY $OCTAVIA_CONSUMER_ARGS" run_process $OCTAVIA_HOUSEKEEPER "$OCTAVIA_HOUSEKEEPER_BINARY $OCTAVIA_HOUSEKEEPER_ARGS" run_process $OCTAVIA_HEALTHMANAGER "$OCTAVIA_HEALTHMANAGER_BINARY $OCTAVIA_HEALTHMANAGER_ARGS" @@ -404,6 +472,9 @@ function octavia_stop { sudo ip link del o-hm0 fi fi + if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then + _stop_octavia_apache_wsgi + fi } function octavia_configure_common { @@ -435,6 +506,9 @@ function octavia_cleanup { openstack keypair delete ${OCTAVIA_AMP_SSH_KEY_NAME} fi fi + if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then + _cleanup_octavia_apache_wsgi + fi sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR } diff --git a/devstack/settings b/devstack/settings index c9fa3f9d00..b080a1492e 100644 --- a/devstack/settings +++ b/devstack/settings @@ -52,6 +52,7 @@ OCTAVIA_HEALTH_KEY=${OCTAVIA_HEALTH_KEY:-"insecure"} OCTAVIA_AMP_EXPIRY_AGE=${OCTAVIA_AMP_EXPIRY_AGE:-"3600"} OCTAVIA_LB_EXPIRY_AGE=${OCTAVIA_LB_EXPIRY_AGE:-"3600"} +OCTAVIA_USE_MOD_WSGI=${OCTAVIA_USE_MOD_WSGI:-True} OCTAVIA_API_BINARY=${OCTAVIA_API_BINARY:-${OCTAVIA_BIN_DIR}/octavia-api} OCTAVIA_CONSUMER_BINARY=${OCTAVIA_CONSUMER_BINARY:-${OCTAVIA_BIN_DIR}/octavia-worker} OCTAVIA_HOUSEKEEPER_BINARY=${OCTAVIA_HOUSEKEEPER_BINARY:-${OCTAVIA_BIN_DIR}/octavia-housekeeping} diff --git a/doc/source/devref/apache-httpd.rst b/doc/source/devref/apache-httpd.rst new file mode 100644 index 0000000000..db8f8cd62b --- /dev/null +++ b/doc/source/devref/apache-httpd.rst @@ -0,0 +1,29 @@ + +.. + Copyright 2017 Intel Corporation + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + +========================= +Running Octavia in Apache +========================= + +To run Octavia in apache2, copy the ``httpd/octavia-api.conf`` sample +configuration file to the appropriate location for the Apache server. + +On Debian/Ubuntu systems it is:: + + /etc/apache2/sites-available/octavia-api.conf + +Restart Apache to have it start serving Octavia. diff --git a/doc/source/index.rst b/doc/source/index.rst index 0d1cac47c4..cb27adf5d9 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -45,6 +45,7 @@ For operators guides/operator-maintenance.rst main/configref.rst main/Anchor.rst + devref/apache-httpd.rst ==== APIs diff --git a/httpd/octavia-api.conf b/httpd/octavia-api.conf new file mode 100644 index 0000000000..4c05afb0fd --- /dev/null +++ b/httpd/octavia-api.conf @@ -0,0 +1,23 @@ +Listen 9876 + + + + WSGIDaemonProcess octavia-wsgi processes=5 threads=1 display-name=%{GROUP} + WSGIProcessGroup octavia-wsgi + WSGIScriptAlias / /usr/local/bin/octavia-wsgi + WSGIApplicationGroup %{GLOBAL} + + ErrorLog /var/log/apache2/octavia-wsgi.log + + + WSGIProcessGroup octavia-wsgi + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + + + diff --git a/releasenotes/notes/support-wsgi-deployment-56013fef7172e982.yaml b/releasenotes/notes/support-wsgi-deployment-56013fef7172e982.yaml new file mode 100644 index 0000000000..49fcdd53db --- /dev/null +++ b/releasenotes/notes/support-wsgi-deployment-56013fef7172e982.yaml @@ -0,0 +1,3 @@ +--- +features: + - Octavia API now supports WSGI deplyment. diff --git a/setup.cfg b/setup.cfg index 5fa417281b..fa30fec518 100644 --- a/setup.cfg +++ b/setup.cfg @@ -49,6 +49,8 @@ warnerrors = True universal = 1 [entry_points] +wsgi_scripts = + octavia-wsgi = octavia.api.app:setup_app console_scripts = octavia-api = octavia.cmd.api:main octavia-worker = octavia.cmd.octavia_worker:main