Merge "Migrate aodh to use uWSGI role"

2019-09-09 20:37:44 +00:00 · 2019-09-09 20:37:44 +00:00 · ef51898fef
parent 6ff08a4731 91b2196646
commit ef51898fef
15 changed files with 91 additions and 236 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -87,10 +87,7 @@ aodh_oslomsg_notify_vhost: "{{ aodh_oslomsg_rpc_vhost }}"
 # TODO(ansmith): Change structure when more backends will be supported
 aodh_oslomsg_amqp1_enabled: "{{ aodh_oslomsg_rpc_transport == 'amqp' }}"

-## Apache setup
-aodh_apache_log_level: info
-aodh_apache_servertokens: "Prod"
-aodh_apache_serversignature: "Off"
+## uWSGI setup
 aodh_wsgi_threads: 10
 aodh_wsgi_processes_max: 16
 aodh_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, aodh_wsgi_processes_max] | min }}"
@ -102,6 +99,7 @@ aodh_role_name: admin
 aodh_service_region: RegionOne
 aodh_service_endpoint_type: internalURL
 aodh_service_name: aodh
+aodh_service_bind_address: 0.0.0.0
 aodh_service_port: 8042
 aodh_service_proto: http
 aodh_service_type: alarming
@ -135,7 +133,6 @@ aodh_pip_packages:
  - gnocchiclient
  - osprofiler
  - PyMySQL>=0.6.2
-  - python-ceilometerclient
  - python-memcached
  - sqlalchemy>=0.9.7
  - sqlalchemy-utils
@ -148,10 +145,20 @@ aodh_optional_oslomsg_amqp1_pip_packages:

 aodh_alarm_notifier_init_overrides: {}
 aodh_alarm_evaluator_init_overrides: {}
+aodh_api_init_overrides: {}
 aodh_listener_init_overrides: {}

 ## Service Name-Group Mapping
 aodh_services:
+  aodh-api:
+    group: aodh_api
+    service-name: aodh-api
+    init_config_overrides: "{{ aodh_api_init_overrides }}"
+    wsgi_app: True
+    wsgi_name: aodh-api
+    uwsgi_overrides: "{{ aodh_uwsgi_conf_overrides }}"
+    uwsgi_port: "{{ aodh_service_port }}"
+    uwsgi_bind_address: "{{ aodh_service_bind_address }}"
  aodh-notifier:
    group: aodh_alarm_notifier
    service_name: aodh-notifier
@ -187,3 +194,4 @@ aodh_role_project_group: aodh_all
 aodh_policy_overrides: {}
 aodh_aodh_conf_overrides: {}
 aodh_api_paste_ini_overrides: {}
+aodh_uwsgi_conf_overrides: {}
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -63,13 +63,12 @@
    - "Restart aodh services"
    - "venv changed"

+# NOTE(noonedeadpunk): This task is created due to migration from apache to uwsgi
+# which was introduced during train release. It can be dropped afterwards.
 - name: Restart web server
  service:
    name: "{{ aodh_system_service_name }}"
    enabled: yes
    state: "restarted"
    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
-  register: _restart
-  until: _restart  is success
-  retries: 5
-  delay: 2
+  failed_when: false
--- a/releasenotes/notes/use-uwsgi-001d7b0c4d6def73.yaml
+++ b/releasenotes/notes/use-uwsgi-001d7b0c4d6def73.yaml
@ -0,0 +1,13 @@
+---
+upgrade:
+  - |
+    Aodh migrated from usage of Apache mod_wsgi or native daemon to uWSGI
+    daemon. This means, that `aodh_apache_*` variables are not available and has no effect
+    anymore.
+
+    During upgrade process role will drop `aodh_service_port` from apache
+    listeners (ports.conf) and aodh virtualhost, which by default means
+    misconfigured apache service (since it won't have any listeners) unless
+    it's aio build and this apache server is in use by other role/service.
+    Apache server won't be dropped from aodh_api hosts, so deployers
+    are encoureged to remove it manually.
--- a/tasks/aodh_apache.yml
+++ b/tasks/aodh_apache.yml
@ -1,90 +0,0 @@
---
-# Copyright 2016, Comcast Corporation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# NOTE(hwoarang) default openSUSE apache2 installation is missing
-# some required modules so enable them here. This can possibly be
-# extended to other distributions if necessary.
- name: Enable required apache2 modules (SUSE)
-  apache2_module:
-    name: "{{ item.name }}"
-    state: "{{ item.state }}"
-  with_items: "{{ aodh_apache_modules }}"
-  when:
-    - ansible_pkg_mgr ==  'zypper'
-    - aodh_apache_modules is defined
-  notify:
-    - Restart web server
-
- name: Drop apache2 virtual host and ports file
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "root"
-    group: "root"
-  with_items: "{{ aodh_apache_config }}"
-  notify:
-    - Restart web server
-
- name: Disable default apache site
-  file:
-    path: "{{ item }}"
-    state: "absent"
-  with_items: "{{ aodh_apache_default_sites }}"
-  notify:
-    - Restart web server
-
- name: Enabled aodh vhost
-  file:
-    src: "{{ aodh_apache_site_available }}"
-    dest: "{{ aodh_apache_site_enabled }}"
-    state: "link"
-  when:
-    - aodh_apache_site_available is defined
-    - aodh_apache_site_enabled is defined
-  notify:
-    - Restart web server
-
- name: Ensure Apache ServerName
-  lineinfile:
-    dest: "{{ aodh_apache_conf }}"
-    line: "ServerName {{ inventory_hostname }}"
-  notify:
-    - Restart web server
-
- name: Ensure Apache ServerTokens
-  lineinfile:
-    dest: "{{ aodh_apache_security_conf }}"
-    regexp: '^ServerTokens'
-    line: "ServerTokens {{ aodh_apache_servertokens }}"
-  notify:
-    - Restart web server
-
- name: Ensure Apache ServerSignature
-  lineinfile:
-    dest: "{{ aodh_apache_security_conf }}"
-    regexp: '^ServerSignature'
-    line: "ServerSignature {{ aodh_apache_serversignature }}"
-  notify:
-    - Restart web server
-
- name: remove Listen from Apache config
-  lineinfile:
-    dest: "{{ aodh_apache_security_conf }}"
-    regexp: '^(Listen.*)'
-    backrefs: yes
-    line: '#\1'
-  notify:
-    - Restart web server
--- a/tasks/aodh_post_install.yml
+++ b/tasks/aodh_post_install.yml
@ -37,14 +37,21 @@
      config_type: "json"
  notify:
    - Restart aodh services
-    - Restart web server

- name: Drop aodh API WSGI Configs
-  template:
-    src: aodh-api-wsgi.py.j2
-    dest: /var/www/cgi-bin/aodh/aodh-api
-    owner: "{{ aodh_system_user_name }}"
-    group: "{{ aodh_system_group_name }}"
-    mode: "0755"
+# NOTE(noonedeadpunk): This task is created due to migration from apache to uwsgi
+# which was introduced during train release. It can be dropped afterwards.
+- name: Drop Apache related configs
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items: "{{ aodh_apache_config }}"
  notify:
-    - Restart web server
+   - Restart web server
+
+- name: Stop Apache listening on Aodh port
+  lineinfile:
+    path: "{{ aodh_apache_ports }}"
+    state: absent
+    line: "Listen {{ aodh_service_port }}"
+  notify:
+   - Restart web server
--- a/tasks/aodh_pre_install.yml
+++ b/tasks/aodh_pre_install.yml
@ -42,14 +42,3 @@
    - { path: "{{ aodh_system_user_home }}" }
    - { path: "{{ aodh_system_user_home }}/.ssh", mode: "0700" }
    - { path: "/var/cache/aodh", mode: "0700" }
-
- name: Create Apache mod_wsgi dirs
-  file:
-    path: "{{ item.path }}"
-    state: directory
-    owner: "{{ item.owner|default(aodh_system_user_name) }}"
-    group: "{{ item.group|default(aodh_system_group_name) }}"
-    mode: "{{ item.mode|default('0755') }}"
-  with_items:
-    - { path: "/var/www/cgi-bin", owner: root, group: root }
-    - { path: "/var/www/cgi-bin/aodh" }
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -115,9 +115,15 @@
  tags:
    - aodh-config

- import_tasks: aodh_apache.yml
+- name: Import uwsgi role
+  import_role:
+    name: uwsgi
+  vars:
+    uwsgi_services: "{{ uwsgi_aodh_services }}"
+    uwsgi_install_method: "{{ aodh_install_method }}"
  tags:
    - aodh-config
+    - uwsgi

 - import_tasks: service_setup.yml
  vars:
--- a/templates/aodh-api-wsgi.py.j2
+++ b/templates/aodh-api-wsgi.py.j2
@ -1,24 +0,0 @@
-# Copyright 2016 Comcast Corporation
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-import os
-
-{% if aodh_install_method == 'source' %}
-activate_this = os.path.expanduser("{{ aodh_bin }}/activate_this.py")
-execfile(activate_this, dict(__file__=activate_this))
-{% endif %}
-
-from aodh.api import app
-
-application = app.build_wsgi_app()
--- a/templates/aodh-httpd.conf.j2
+++ b/templates/aodh-httpd.conf.j2
@ -1,28 +0,0 @@
-# {{ ansible_managed }}
-
-<VirtualHost *:{{ aodh_service_port }}>
-    WSGIDaemonProcess aodh-api lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ aodh_system_user_name }} group={{ aodh_system_group_name }} processes={{ aodh_wsgi_processes }} threads={{ aodh_wsgi_threads }} display-name=%{GROUP}
-    WSGIProcessGroup aodh-api
-    WSGIScriptAlias / /var/www/cgi-bin/aodh/aodh-api
-    WSGIApplicationGroup  %{GLOBAL}
-
-    <IfVersion >= 2.4>
-      ErrorLogFormat "%{cu}t %M"
-    </IfVersion>
-
-    LogLevel  {{  aodh_apache_log_level }}
-    ErrorLog  {{ aodh_apache_default_log_folder }}/aodh-apache-error.log
-    CustomLog {{ aodh_apache_default_log_folder }}/aodh-access.log combined
-</VirtualHost>
-
-<Directory "/var/www/cgi-bin">
-        AllowOverride None
-        Options +ExecCGI -Includes
-        <IfModule !mod_access_compat.c>
-                Require all granted
-        </IfModule>
-        <IfModule mod_access_compat.c>
-                Order allow,deny
-                Allow from all
-        </IfModule>
-</Directory>
--- a/templates/aodh-ports.conf.j2
+++ b/templates/aodh-ports.conf.j2
@ -1,3 +0,0 @@
-# {{ ansible_managed }}
-
-Listen {{ aodh_service_port }}
--- a/tests/ansible-role-requirements.yml
+++ b/tests/ansible-role-requirements.yml
@ -59,3 +59,7 @@
  src: https://opendev.org/openstack/ansible-role-python_venv_build
  scm: git
  version: master
+- name: uwsgi
+  src: https://opendev.org/openstack/ansible-role-uwsgi
+  scm: git
+  version: master
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -19,9 +19,6 @@ cache_timeout: 600
 # Common apt packages
 aodh_distro_packages:
  - rpcbind
-  - apache2
-  - apache2-utils
-  - libapache2-mod-wsgi-py3

 aodh_devel_distro_packages:
  - libffi-dev
@ -43,25 +40,12 @@ aodh_oslomsg_amqp1_distro_packages:
  - libsasl2-modules
  - sasl2-bin

+# NOTE(noonedeadpunk): These variables are left for migration from apache to uwsgi
+# which was introduced during train release. They can be dropped afterwards.
 aodh_system_service_name: apache2
-
 aodh_apache_config:
-  - { src: "aodh-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
-  - { src: "aodh-httpd.conf.j2", dest: "/etc/apache2/sites-available/aodh-httpd.conf" }
-
-aodh_apache_default_sites:
-  - "/etc/apache2/sites-enabled/000-default.conf"
+  - "/etc/apache2/sites-available/aodh-httpd.conf"
+  - "/etc/apache2/sites-enabled/aodh-httpd.conf"
  - "/etc/apache2/sites-enabled/aodh-api.conf"
  - "/etc/apache2/sites-available/aodh-api.conf"
-
-aodh_apache_site_available: "/etc/apache2/sites-available/aodh-httpd.conf"
-aodh_apache_site_enabled: "/etc/apache2/sites-enabled/aodh-httpd.conf"
-
-aodh_apache_conf: "/etc/apache2/apache2.conf"
-aodh_apache_security_conf: "/etc/apache2/conf-available/security.conf"
-aodh_apache_default_log_folder: "/var/log/apache2"
-
-# This can be enabled when Apache2.5+ is available
-# aodh_apache_modules:
-#  - name: "mod_journald"
-#    state: "present
+aodh_apache_ports: "/etc/apache2/ports.conf"
--- a/vars/main.yml
+++ b/vars/main.yml
@ -16,7 +16,8 @@
 filtered_aodh_services: |-
  {% set services = [] %}
  {% for key, value in aodh_services.items() %}
-  {%   if (value['group'] in group_names) %}
+  {%   if (value['group'] in group_names) and
+          not ('wsgi_app' in value and value['wsgi_app']) %}
  {%     set _ = value.update(
           {
             'service_key': key,
@ -31,3 +32,23 @@ filtered_aodh_services: |-
  {%   endif %}
  {% endfor %}
  {{ services }}
+
+uwsgi_aodh_services: |-
+  {% set services = {} %}
+  {% for key, value in aodh_services.items() %}
+  {%   if (value['group'] in group_names) and
+          ('wsgi_app' in value and value['wsgi_app']) %}
+  {%     set _ = value.update(
+            {
+             'wsgi_path':  aodh_bin ~ '/' ~ value.wsgi_name,
+             'wsgi_venv': ((aodh_install_method == 'source') | ternary(aodh_bin | dirname, None)),
+             'uwsgi_uid': aodh_system_user_name,
+             'uwsgi_guid': aodh_system_group_name,
+             'uwsgi_processes': aodh_wsgi_processes,
+             'uwsgi_threads': aodh_wsgi_threads
+           }
+         ) %}
+  {%     set _ = services.update({key: value}) %}
+  {%   endif %}
+  {% endfor %}
+  {{ services }}
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@ -16,9 +16,6 @@
 # Common packages
 aodh_distro_packages:
  - rpcbind
-  - httpd
-  - httpd-tools
-  - mod_wsgi

 aodh_devel_distro_packages:
  - libffi-devel
@ -44,17 +41,9 @@ aodh_oslomsg_amqp1_distro_packages:
  - cyrus-sasl-plain
  - cyrus-sasl-md5

+# NOTE(noonedeadpunk): These variables are left for migration from apache to uwsgi
+# which was introduced during train release. They can be dropped afterwards.
 aodh_system_service_name: httpd
-
 aodh_apache_config:
-  - { src: "aodh-ports.conf.j2", dest: "/etc/httpd/conf.d/ports.conf" }
-  - { src: "aodh-httpd.conf.j2", dest: "/etc/httpd/conf.d/aodh-httpd.conf" }
-
-aodh_apache_default_sites:
-  - "/etc/httpd/conf.d/userdir.conf"
-  - "/etc/httpd/conf.d/welcome.conf"
-  - "/etc/httpd/conf.d/ssl.conf"
-
-aodh_apache_conf: "/etc/httpd/conf/httpd.conf"
-aodh_apache_security_conf: "{{ aodh_apache_conf }}"
-aodh_apache_default_log_folder: "/var/log/httpd"
+  - "/etc/httpd/conf.d/aodh-httpd.conf"
+aodh_apache_ports: "/etc/httpd/conf.d/ports.conf"
--- a/vars/suse.yml
+++ b/vars/suse.yml
@ -17,9 +17,6 @@
 # Common packages
 aodh_distro_packages:
  - rpcbind
-  - apache2
-  - apache2-utils
-  - apache2-mod_wsgi

 aodh_devel_distro_packages:
  - libffi-devel
@ -47,26 +44,9 @@ aodh_oslomsg_amqp1_distro_packages:
  - cyrus-sasl-plain
  - cyrus-sasl-digestmd5

+# NOTE(noonedeadpunk): These variables are left for migration from apache to uwsgi
+# which was introduced during train release. They can be dropped afterwards.
 aodh_system_service_name: apache2
-
 aodh_apache_config:
-  - { src: "aodh-ports.conf.j2", dest: "/etc/apache2/conf.d/ports.conf" }
-  - { src: "aodh-httpd.conf.j2", dest: "/etc/apache2/conf.d/aodh-httpd.conf" }
-
-aodh_apache_default_sites:
-  - "/etc/apache2/conf.d/gitweb.conf"
-
-aodh_apache_conf: "/etc/apache2/httpd.conf"
-aodh_apache_security_conf: "{{ aodh_apache_conf }}"
-aodh_apache_default_log_folder: "/var/log/apache2"
-
-aodh_apache_modules:
-  - name: "authz_host"
-    state: "present"
-  - name: "access_compat"
-    state: "present"
-  - name: "version"
-    state: "present"
-# This can be enabled when Apache2.5+ is available
-#  - name: "mod_journald"
-#    state: "present
+  -  "/etc/apache2/conf.d/aodh-httpd.conf"
+aodh_apache_ports: "/etc/apache2/conf.d/ports.conf"