Merge "Migrate aodh to use uWSGI role"
This commit is contained in:
commit
ef51898fef
|
@ -87,10 +87,7 @@ aodh_oslomsg_notify_vhost: "{{ aodh_oslomsg_rpc_vhost }}"
|
|||
# TODO(ansmith): Change structure when more backends will be supported
|
||||
aodh_oslomsg_amqp1_enabled: "{{ aodh_oslomsg_rpc_transport == 'amqp' }}"
|
||||
|
||||
## Apache setup
|
||||
aodh_apache_log_level: info
|
||||
aodh_apache_servertokens: "Prod"
|
||||
aodh_apache_serversignature: "Off"
|
||||
## uWSGI setup
|
||||
aodh_wsgi_threads: 10
|
||||
aodh_wsgi_processes_max: 16
|
||||
aodh_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, aodh_wsgi_processes_max] | min }}"
|
||||
|
@ -102,6 +99,7 @@ aodh_role_name: admin
|
|||
aodh_service_region: RegionOne
|
||||
aodh_service_endpoint_type: internalURL
|
||||
aodh_service_name: aodh
|
||||
aodh_service_bind_address: 0.0.0.0
|
||||
aodh_service_port: 8042
|
||||
aodh_service_proto: http
|
||||
aodh_service_type: alarming
|
||||
|
@ -135,7 +133,6 @@ aodh_pip_packages:
|
|||
- gnocchiclient
|
||||
- osprofiler
|
||||
- PyMySQL>=0.6.2
|
||||
- python-ceilometerclient
|
||||
- python-memcached
|
||||
- sqlalchemy>=0.9.7
|
||||
- sqlalchemy-utils
|
||||
|
@ -148,10 +145,20 @@ aodh_optional_oslomsg_amqp1_pip_packages:
|
|||
|
||||
aodh_alarm_notifier_init_overrides: {}
|
||||
aodh_alarm_evaluator_init_overrides: {}
|
||||
aodh_api_init_overrides: {}
|
||||
aodh_listener_init_overrides: {}
|
||||
|
||||
## Service Name-Group Mapping
|
||||
aodh_services:
|
||||
aodh-api:
|
||||
group: aodh_api
|
||||
service-name: aodh-api
|
||||
init_config_overrides: "{{ aodh_api_init_overrides }}"
|
||||
wsgi_app: True
|
||||
wsgi_name: aodh-api
|
||||
uwsgi_overrides: "{{ aodh_uwsgi_conf_overrides }}"
|
||||
uwsgi_port: "{{ aodh_service_port }}"
|
||||
uwsgi_bind_address: "{{ aodh_service_bind_address }}"
|
||||
aodh-notifier:
|
||||
group: aodh_alarm_notifier
|
||||
service_name: aodh-notifier
|
||||
|
@ -187,3 +194,4 @@ aodh_role_project_group: aodh_all
|
|||
aodh_policy_overrides: {}
|
||||
aodh_aodh_conf_overrides: {}
|
||||
aodh_api_paste_ini_overrides: {}
|
||||
aodh_uwsgi_conf_overrides: {}
|
||||
|
|
|
@ -63,13 +63,12 @@
|
|||
- "Restart aodh services"
|
||||
- "venv changed"
|
||||
|
||||
# NOTE(noonedeadpunk): This task is created due to migration from apache to uwsgi
|
||||
# which was introduced during train release. It can be dropped afterwards.
|
||||
- name: Restart web server
|
||||
service:
|
||||
name: "{{ aodh_system_service_name }}"
|
||||
enabled: yes
|
||||
state: "restarted"
|
||||
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
||||
register: _restart
|
||||
until: _restart is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
failed_when: false
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
Aodh migrated from usage of Apache mod_wsgi or native daemon to uWSGI
|
||||
daemon. This means, that `aodh_apache_*` variables are not available and has no effect
|
||||
anymore.
|
||||
|
||||
During upgrade process role will drop `aodh_service_port` from apache
|
||||
listeners (ports.conf) and aodh virtualhost, which by default means
|
||||
misconfigured apache service (since it won't have any listeners) unless
|
||||
it's aio build and this apache server is in use by other role/service.
|
||||
Apache server won't be dropped from aodh_api hosts, so deployers
|
||||
are encoureged to remove it manually.
|
|
@ -1,90 +0,0 @@
|
|||
---
|
||||
# Copyright 2016, Comcast Corporation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# NOTE(hwoarang) default openSUSE apache2 installation is missing
|
||||
# some required modules so enable them here. This can possibly be
|
||||
# extended to other distributions if necessary.
|
||||
- name: Enable required apache2 modules (SUSE)
|
||||
apache2_module:
|
||||
name: "{{ item.name }}"
|
||||
state: "{{ item.state }}"
|
||||
with_items: "{{ aodh_apache_modules }}"
|
||||
when:
|
||||
- ansible_pkg_mgr == 'zypper'
|
||||
- aodh_apache_modules is defined
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
- name: Drop apache2 virtual host and ports file
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
with_items: "{{ aodh_apache_config }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
- name: Disable default apache site
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: "absent"
|
||||
with_items: "{{ aodh_apache_default_sites }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
- name: Enabled aodh vhost
|
||||
file:
|
||||
src: "{{ aodh_apache_site_available }}"
|
||||
dest: "{{ aodh_apache_site_enabled }}"
|
||||
state: "link"
|
||||
when:
|
||||
- aodh_apache_site_available is defined
|
||||
- aodh_apache_site_enabled is defined
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
- name: Ensure Apache ServerName
|
||||
lineinfile:
|
||||
dest: "{{ aodh_apache_conf }}"
|
||||
line: "ServerName {{ inventory_hostname }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
- name: Ensure Apache ServerTokens
|
||||
lineinfile:
|
||||
dest: "{{ aodh_apache_security_conf }}"
|
||||
regexp: '^ServerTokens'
|
||||
line: "ServerTokens {{ aodh_apache_servertokens }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
- name: Ensure Apache ServerSignature
|
||||
lineinfile:
|
||||
dest: "{{ aodh_apache_security_conf }}"
|
||||
regexp: '^ServerSignature'
|
||||
line: "ServerSignature {{ aodh_apache_serversignature }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
- name: remove Listen from Apache config
|
||||
lineinfile:
|
||||
dest: "{{ aodh_apache_security_conf }}"
|
||||
regexp: '^(Listen.*)'
|
||||
backrefs: yes
|
||||
line: '#\1'
|
||||
notify:
|
||||
- Restart web server
|
|
@ -37,14 +37,21 @@
|
|||
config_type: "json"
|
||||
notify:
|
||||
- Restart aodh services
|
||||
- Restart web server
|
||||
|
||||
- name: Drop aodh API WSGI Configs
|
||||
template:
|
||||
src: aodh-api-wsgi.py.j2
|
||||
dest: /var/www/cgi-bin/aodh/aodh-api
|
||||
owner: "{{ aodh_system_user_name }}"
|
||||
group: "{{ aodh_system_group_name }}"
|
||||
mode: "0755"
|
||||
# NOTE(noonedeadpunk): This task is created due to migration from apache to uwsgi
|
||||
# which was introduced during train release. It can be dropped afterwards.
|
||||
- name: Drop Apache related configs
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ aodh_apache_config }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
- Restart web server
|
||||
|
||||
- name: Stop Apache listening on Aodh port
|
||||
lineinfile:
|
||||
path: "{{ aodh_apache_ports }}"
|
||||
state: absent
|
||||
line: "Listen {{ aodh_service_port }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
|
|
|
@ -42,14 +42,3 @@
|
|||
- { path: "{{ aodh_system_user_home }}" }
|
||||
- { path: "{{ aodh_system_user_home }}/.ssh", mode: "0700" }
|
||||
- { path: "/var/cache/aodh", mode: "0700" }
|
||||
|
||||
- name: Create Apache mod_wsgi dirs
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
owner: "{{ item.owner|default(aodh_system_user_name) }}"
|
||||
group: "{{ item.group|default(aodh_system_group_name) }}"
|
||||
mode: "{{ item.mode|default('0755') }}"
|
||||
with_items:
|
||||
- { path: "/var/www/cgi-bin", owner: root, group: root }
|
||||
- { path: "/var/www/cgi-bin/aodh" }
|
||||
|
|
|
@ -115,9 +115,15 @@
|
|||
tags:
|
||||
- aodh-config
|
||||
|
||||
- import_tasks: aodh_apache.yml
|
||||
- name: Import uwsgi role
|
||||
import_role:
|
||||
name: uwsgi
|
||||
vars:
|
||||
uwsgi_services: "{{ uwsgi_aodh_services }}"
|
||||
uwsgi_install_method: "{{ aodh_install_method }}"
|
||||
tags:
|
||||
- aodh-config
|
||||
- uwsgi
|
||||
|
||||
- import_tasks: service_setup.yml
|
||||
vars:
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
# Copyright 2016 Comcast Corporation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
|
||||
{% if aodh_install_method == 'source' %}
|
||||
activate_this = os.path.expanduser("{{ aodh_bin }}/activate_this.py")
|
||||
execfile(activate_this, dict(__file__=activate_this))
|
||||
{% endif %}
|
||||
|
||||
from aodh.api import app
|
||||
|
||||
application = app.build_wsgi_app()
|
|
@ -1,28 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
<VirtualHost *:{{ aodh_service_port }}>
|
||||
WSGIDaemonProcess aodh-api lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ aodh_system_user_name }} group={{ aodh_system_group_name }} processes={{ aodh_wsgi_processes }} threads={{ aodh_wsgi_threads }} display-name=%{GROUP}
|
||||
WSGIProcessGroup aodh-api
|
||||
WSGIScriptAlias / /var/www/cgi-bin/aodh/aodh-api
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
|
||||
LogLevel {{ aodh_apache_log_level }}
|
||||
ErrorLog {{ aodh_apache_default_log_folder }}/aodh-apache-error.log
|
||||
CustomLog {{ aodh_apache_default_log_folder }}/aodh-access.log combined
|
||||
</VirtualHost>
|
||||
|
||||
<Directory "/var/www/cgi-bin">
|
||||
AllowOverride None
|
||||
Options +ExecCGI -Includes
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
</Directory>
|
|
@ -1,3 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Listen {{ aodh_service_port }}
|
|
@ -59,3 +59,7 @@
|
|||
src: https://opendev.org/openstack/ansible-role-python_venv_build
|
||||
scm: git
|
||||
version: master
|
||||
- name: uwsgi
|
||||
src: https://opendev.org/openstack/ansible-role-uwsgi
|
||||
scm: git
|
||||
version: master
|
||||
|
|
|
@ -19,9 +19,6 @@ cache_timeout: 600
|
|||
# Common apt packages
|
||||
aodh_distro_packages:
|
||||
- rpcbind
|
||||
- apache2
|
||||
- apache2-utils
|
||||
- libapache2-mod-wsgi-py3
|
||||
|
||||
aodh_devel_distro_packages:
|
||||
- libffi-dev
|
||||
|
@ -43,25 +40,12 @@ aodh_oslomsg_amqp1_distro_packages:
|
|||
- libsasl2-modules
|
||||
- sasl2-bin
|
||||
|
||||
# NOTE(noonedeadpunk): These variables are left for migration from apache to uwsgi
|
||||
# which was introduced during train release. They can be dropped afterwards.
|
||||
aodh_system_service_name: apache2
|
||||
|
||||
aodh_apache_config:
|
||||
- { src: "aodh-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
|
||||
- { src: "aodh-httpd.conf.j2", dest: "/etc/apache2/sites-available/aodh-httpd.conf" }
|
||||
|
||||
aodh_apache_default_sites:
|
||||
- "/etc/apache2/sites-enabled/000-default.conf"
|
||||
- "/etc/apache2/sites-available/aodh-httpd.conf"
|
||||
- "/etc/apache2/sites-enabled/aodh-httpd.conf"
|
||||
- "/etc/apache2/sites-enabled/aodh-api.conf"
|
||||
- "/etc/apache2/sites-available/aodh-api.conf"
|
||||
|
||||
aodh_apache_site_available: "/etc/apache2/sites-available/aodh-httpd.conf"
|
||||
aodh_apache_site_enabled: "/etc/apache2/sites-enabled/aodh-httpd.conf"
|
||||
|
||||
aodh_apache_conf: "/etc/apache2/apache2.conf"
|
||||
aodh_apache_security_conf: "/etc/apache2/conf-available/security.conf"
|
||||
aodh_apache_default_log_folder: "/var/log/apache2"
|
||||
|
||||
# This can be enabled when Apache2.5+ is available
|
||||
# aodh_apache_modules:
|
||||
# - name: "mod_journald"
|
||||
# state: "present
|
||||
aodh_apache_ports: "/etc/apache2/ports.conf"
|
||||
|
|
|
@ -16,7 +16,8 @@
|
|||
filtered_aodh_services: |-
|
||||
{% set services = [] %}
|
||||
{% for key, value in aodh_services.items() %}
|
||||
{% if (value['group'] in group_names) %}
|
||||
{% if (value['group'] in group_names) and
|
||||
not ('wsgi_app' in value and value['wsgi_app']) %}
|
||||
{% set _ = value.update(
|
||||
{
|
||||
'service_key': key,
|
||||
|
@ -31,3 +32,23 @@ filtered_aodh_services: |-
|
|||
{% endif %}
|
||||
{% endfor %}
|
||||
{{ services }}
|
||||
|
||||
uwsgi_aodh_services: |-
|
||||
{% set services = {} %}
|
||||
{% for key, value in aodh_services.items() %}
|
||||
{% if (value['group'] in group_names) and
|
||||
('wsgi_app' in value and value['wsgi_app']) %}
|
||||
{% set _ = value.update(
|
||||
{
|
||||
'wsgi_path': aodh_bin ~ '/' ~ value.wsgi_name,
|
||||
'wsgi_venv': ((aodh_install_method == 'source') | ternary(aodh_bin | dirname, None)),
|
||||
'uwsgi_uid': aodh_system_user_name,
|
||||
'uwsgi_guid': aodh_system_group_name,
|
||||
'uwsgi_processes': aodh_wsgi_processes,
|
||||
'uwsgi_threads': aodh_wsgi_threads
|
||||
}
|
||||
) %}
|
||||
{% set _ = services.update({key: value}) %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{{ services }}
|
|
@ -16,9 +16,6 @@
|
|||
# Common packages
|
||||
aodh_distro_packages:
|
||||
- rpcbind
|
||||
- httpd
|
||||
- httpd-tools
|
||||
- mod_wsgi
|
||||
|
||||
aodh_devel_distro_packages:
|
||||
- libffi-devel
|
||||
|
@ -44,17 +41,9 @@ aodh_oslomsg_amqp1_distro_packages:
|
|||
- cyrus-sasl-plain
|
||||
- cyrus-sasl-md5
|
||||
|
||||
# NOTE(noonedeadpunk): These variables are left for migration from apache to uwsgi
|
||||
# which was introduced during train release. They can be dropped afterwards.
|
||||
aodh_system_service_name: httpd
|
||||
|
||||
aodh_apache_config:
|
||||
- { src: "aodh-ports.conf.j2", dest: "/etc/httpd/conf.d/ports.conf" }
|
||||
- { src: "aodh-httpd.conf.j2", dest: "/etc/httpd/conf.d/aodh-httpd.conf" }
|
||||
|
||||
aodh_apache_default_sites:
|
||||
- "/etc/httpd/conf.d/userdir.conf"
|
||||
- "/etc/httpd/conf.d/welcome.conf"
|
||||
- "/etc/httpd/conf.d/ssl.conf"
|
||||
|
||||
aodh_apache_conf: "/etc/httpd/conf/httpd.conf"
|
||||
aodh_apache_security_conf: "{{ aodh_apache_conf }}"
|
||||
aodh_apache_default_log_folder: "/var/log/httpd"
|
||||
- "/etc/httpd/conf.d/aodh-httpd.conf"
|
||||
aodh_apache_ports: "/etc/httpd/conf.d/ports.conf"
|
||||
|
|
|
@ -17,9 +17,6 @@
|
|||
# Common packages
|
||||
aodh_distro_packages:
|
||||
- rpcbind
|
||||
- apache2
|
||||
- apache2-utils
|
||||
- apache2-mod_wsgi
|
||||
|
||||
aodh_devel_distro_packages:
|
||||
- libffi-devel
|
||||
|
@ -47,26 +44,9 @@ aodh_oslomsg_amqp1_distro_packages:
|
|||
- cyrus-sasl-plain
|
||||
- cyrus-sasl-digestmd5
|
||||
|
||||
# NOTE(noonedeadpunk): These variables are left for migration from apache to uwsgi
|
||||
# which was introduced during train release. They can be dropped afterwards.
|
||||
aodh_system_service_name: apache2
|
||||
|
||||
aodh_apache_config:
|
||||
- { src: "aodh-ports.conf.j2", dest: "/etc/apache2/conf.d/ports.conf" }
|
||||
- { src: "aodh-httpd.conf.j2", dest: "/etc/apache2/conf.d/aodh-httpd.conf" }
|
||||
|
||||
aodh_apache_default_sites:
|
||||
- "/etc/apache2/conf.d/gitweb.conf"
|
||||
|
||||
aodh_apache_conf: "/etc/apache2/httpd.conf"
|
||||
aodh_apache_security_conf: "{{ aodh_apache_conf }}"
|
||||
aodh_apache_default_log_folder: "/var/log/apache2"
|
||||
|
||||
aodh_apache_modules:
|
||||
- name: "authz_host"
|
||||
state: "present"
|
||||
- name: "access_compat"
|
||||
state: "present"
|
||||
- name: "version"
|
||||
state: "present"
|
||||
# This can be enabled when Apache2.5+ is available
|
||||
# - name: "mod_journald"
|
||||
# state: "present
|
||||
- "/etc/apache2/conf.d/aodh-httpd.conf"
|
||||
aodh_apache_ports: "/etc/apache2/conf.d/ports.conf"
|
||||
|
|
Loading…
Reference in New Issue