Serve the aodh-api using mod_wsgi

aodh upstream change Iefd6f4d9f76c69ed9b49483e1feda0b7dbe2cb81
moves from Werkzeug to WSGI so we should follow suit

Without this change, the aodh-api service fails to start at all.

Apache vhost config based on https://github.com/openstack/aodh/blob/master/etc/apache2/aodh

Change-Id: I2fb1eb984949a4457ae313cffec872a0bb425eab

defaults/main.yml

@@ -48,6 +48,13 @@ aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_c
 aodh_rabbitmq_userid: aodh
 aodh_rabbitmq_vhost: /aodh
 
+## Apache setup
+aodh_apache_log_level: info
+aodh_apache_servertokens: "Prod"
+aodh_apache_serversignature: "Off"
+aodh_wsgi_threads: 10
+aodh_wsgi_processes: "{{ ansible_processor_vcpus | default (1) * 2 }}"
+
 #Aodh services info
 aodh_role_name: admin
 

handlers/main.yml

@@ -13,12 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Restart aodh api
-  service:
-    name: "{{ aodh_api_program_name }}"
-    state: "restarted"
-    pattern: "{{ aodh_api_program_name }}"
-
 - name: Restart aodh alarm_notifier
   service:
     name: "{{ aodh_alarm_notifier_program_name }}"
@@ -44,3 +38,13 @@
     pattern: "{{ item }}"
   with_items: "{{ aodh_service_names }}"
   failed_when: false
+
+- name: Restart Apache
+  service:
+    name: "apache2"
+    state: "restarted"
+    pattern: "apache2"
+  register: apache_restart
+  until: apache_restart|success
+  retries: 5
+  delay: 2

tasks/aodh_apache.yml

@@ -0,0 +1,65 @@
+---
+# Copyright 2016, Comcast Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Drop apache2 virtual host and ports file
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "root"
+    group: "root"
+  with_items:
+    - { src: "aodh-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
+    - { src: "aodh-httpd.conf.j2", dest: "/etc/apache2/sites-available/aodh-httpd.conf" }
+  notify:
+    - Restart Apache
+
+- name: Disable default apache site
+  file:
+    path: "/etc/apache2/sites-enabled/000-default.conf"
+    state: "absent"
+  notify:
+    - Restart Apache
+
+- name: Enabled aodh vhost
+  file:
+    src: "/etc/apache2/sites-available/aodh-httpd.conf"
+    dest: "/etc/apache2/sites-enabled/aodh-httpd.conf"
+    state: "link"
+  notify:
+    - Restart Apache
+
+- name: Ensure Apache ServerName
+  lineinfile:
+    dest: "/etc/apache2/apache2.conf"
+    line: "ServerName {{ inventory_hostname }}"
+  notify:
+    - Restart Apache
+
+- name: Ensure Apache ServerTokens
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerTokens'
+    line: "ServerTokens {{ aodh_apache_servertokens }}"
+  notify:
+    - Restart Apache
+
+- name: Ensure Apache ServerSignature
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerSignature'
+    line: "ServerSignature {{ aodh_apache_serversignature }}"
+  notify:
+    - Restart Apache

tasks/aodh_post_install.yml

@@ -35,4 +35,16 @@
       dest: "/etc/aodh/policy.json"
       config_overrides: "{{ aodh_policy_overrides }}"
       config_type: "json"
-  notify: Restart aodh services
+  notify:
+    - Restart aodh services
+    - Restart Apache
+
+- name: Drop aodh API WSGI Configs
+  template:
+    src: aodh-api-wsgi.py.j2
+    dest: /var/www/cgi-bin/aodh/aodh-api
+    owner: "{{ aodh_system_user_name }}"
+    group: "{{ aodh_system_group_name }}"
+    mode: "0755"
+  notify:
+    - Restart Apache

tasks/aodh_pre_install.yml

@@ -42,6 +42,17 @@
     - { path: "{{ aodh_system_user_home }}/.ssh", mode: "0700" }
     - { path: "/var/cache/aodh", mode: "0700" }
 
+- name: Create Apache mod_wsgi dirs
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner|default(aodh_system_user_name) }}"
+    group: "{{ item.group|default(aodh_system_group_name) }}"
+    mode: "{{ item.mode|default('0755') }}"
+  with_items:
+    - { path: "/var/www/cgi-bin", owner: root, group: root }
+    - { path: "/var/www/cgi-bin/aodh" }
+
 - name: Test for log directory or link
   shell: |
     if [ -h "/var/log/aodh"  ]; then

tasks/main.yml

@@ -67,6 +67,11 @@
   tags:
     - aodh-install
 
+- include: aodh_apache.yml
+  tags:
+    - aodh-install
+    - aodh-config
+
 - include: aodh_service_setup.yml
   when: >
     inventory_hostname == groups['aodh_api'][0]

templates/aodh-api-wsgi.py.j2

@@ -0,0 +1,22 @@
+# Copyright 2016 Comcast Corporation
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import os
+
+activate_this = os.path.expanduser("{{ aodh_bin }}/activate_this.py")
+execfile(activate_this, dict(__file__=activate_this))
+
+from aodh.api import app
+
+application = app.build_wsgi_app()

templates/aodh-httpd.conf.j2

@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+
+<VirtualHost *:{{ aodh_service_port }}>
+    WSGIDaemonProcess aodh-api lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ aodh_system_user_name }} group={{ aodh_system_group_name }} processes={{ aodh_wsgi_processes }} threads={{ aodh_wsgi_threads }} display-name=%{GROUP}
+    WSGIProcessGroup aodh-api
+    WSGIScriptAlias / /var/www/cgi-bin/aodh/aodh-api
+    WSGIApplicationGroup  %{GLOBAL}
+
+    <IfVersion >= 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    </IfVersion>
+
+    LogLevel  {{  aodh_apache_log_level }}
+    ErrorLog  /var/log/aodh/aodh-apache-error.log
+    CustomLog /var/log/aodh/aodh-access.log combined
+</VirtualHost>

templates/aodh-ports.conf.j2

@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+Listen {{ aodh_service_port }}