Add support for API through Apache + mod_wsgi
Also adds a delay and more retries to policy setup in order to ensure that step completes successfully since the API takes a moment to stop returning Status 503s.
This commit is contained in:
parent
0d0c4dc54f
commit
02aab9480f
|
@ -17,7 +17,10 @@
|
||||||
is_metal: true
|
is_metal: true
|
||||||
|
|
||||||
debug: false
|
debug: false
|
||||||
gnocchi_fatal_deprecations: False
|
gnocchi_fatal_deprecations: false
|
||||||
|
|
||||||
|
#: Set this to false to disable API service through Apache + mod_wsgi
|
||||||
|
gnocchi_use_mod_wsgi: true
|
||||||
|
|
||||||
#: Set this to enable or disable installing in a venv
|
#: Set this to enable or disable installing in a venv
|
||||||
gnocchi_venv_enabled: true
|
gnocchi_venv_enabled: true
|
||||||
|
@ -25,6 +28,7 @@ gnocchi_venv_enabled: true
|
||||||
#: Name of the virtual env to deploy into
|
#: Name of the virtual env to deploy into
|
||||||
gnocchi_venv_tag: untagged
|
gnocchi_venv_tag: untagged
|
||||||
gnocchi_venv_bin: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/bin"
|
gnocchi_venv_bin: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/bin"
|
||||||
|
gnocchi_venv_pkgs: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/lib/python2.7/site-packages"
|
||||||
|
|
||||||
#: The bin path defaults to the venv path however if installation in a
|
#: The bin path defaults to the venv path however if installation in a
|
||||||
# venv is disabled the bin path will be dynamically set based on the
|
# venv is disabled the bin path will be dynamically set based on the
|
||||||
|
@ -76,6 +80,7 @@ gnocchi_archive_policy_rules:
|
||||||
#: System info
|
#: System info
|
||||||
gnocchi_system_user_name: gnocchi
|
gnocchi_system_user_name: gnocchi
|
||||||
gnocchi_system_group_name: gnocchi
|
gnocchi_system_group_name: gnocchi
|
||||||
|
gnocchi_system_service_name: apache2
|
||||||
gnocchi_system_shell: /bin/false
|
gnocchi_system_shell: /bin/false
|
||||||
gnocchi_system_comment: gnocchi system user
|
gnocchi_system_comment: gnocchi system user
|
||||||
gnocchi_system_user_home: "/var/lib/{{ gnocchi_system_user_name }}"
|
gnocchi_system_user_home: "/var/lib/{{ gnocchi_system_user_name }}"
|
||||||
|
@ -103,6 +108,30 @@ gnocchi_service_internalurl: "{{ gnocchi_service_internaluri_proto }}://{{ inter
|
||||||
gnocchi_service_adminurl: "{{ gnocchi_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ gnocchi_service_port }}"
|
gnocchi_service_adminurl: "{{ gnocchi_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ gnocchi_service_port }}"
|
||||||
gnocchi_healthcheck_disable_path: /etc/gnocchi/healthcheck_disable
|
gnocchi_healthcheck_disable_path: /etc/gnocchi/healthcheck_disable
|
||||||
|
|
||||||
|
## Apache setup
|
||||||
|
gnocchi_apache_log_level: info
|
||||||
|
gnocchi_apache_servertokens: "Prod"
|
||||||
|
gnocchi_apache_serversignature: "Off"
|
||||||
|
gnocchi_wsgi_threads: 1
|
||||||
|
gnocchi_wsgi_processes: "{{ ansible_processor_vcpus | default (1) * 2 }}"
|
||||||
|
|
||||||
|
# set gnocchi_ssl to true to enable SSL configuration on the gnocchi containers
|
||||||
|
gnocchi_ssl: false
|
||||||
|
gnocchi_ssl_cert: /etc/ssl/certs/gnocchi.pem
|
||||||
|
gnocchi_ssl_key: /etc/ssl/private/gnocchi.key
|
||||||
|
gnocchi_ssl_ca_cert: /etc/ssl/certs/gnocchi-ca.pem
|
||||||
|
gnocchi_ssl_protocol: "{{ ssl_protocol }}"
|
||||||
|
gnocchi_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
|
||||||
|
|
||||||
|
# if using a self-signed certificate, set this to true to regenerate it
|
||||||
|
gnocchi_ssl_self_signed_regen: false
|
||||||
|
gnocchi_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
|
||||||
|
|
||||||
|
# Set these in user_variables to deploy custom certificates
|
||||||
|
#gnocchi_user_ssl_cert: <path to cert on ansible deployment host>
|
||||||
|
#gnocchi_user_ssl_key: <path to cert on ansible deployment host>
|
||||||
|
#gnocchi_user_ssl_ca_cert: <path to cert on ansible deployment host>
|
||||||
|
|
||||||
#: Gnocchi API program name
|
#: Gnocchi API program name
|
||||||
gnocchi_api_program_name: gnocchi-api
|
gnocchi_api_program_name: gnocchi-api
|
||||||
#: Gnocchi Metricd program name
|
#: Gnocchi Metricd program name
|
||||||
|
@ -110,6 +139,9 @@ gnocchi_metricd_program_name: gnocchi-metricd
|
||||||
|
|
||||||
#: Necessary packages
|
#: Necessary packages
|
||||||
gnocchi_apt_packages:
|
gnocchi_apt_packages:
|
||||||
|
- apache2
|
||||||
|
- apache2-utils
|
||||||
|
- libapache2-mod-wsgi
|
||||||
- git
|
- git
|
||||||
- build-essential
|
- build-essential
|
||||||
- python-dev
|
- python-dev
|
||||||
|
@ -131,9 +163,9 @@ gnocchi_pip_packages:
|
||||||
- python-memcached
|
- python-memcached
|
||||||
|
|
||||||
#: List of programs/services owned by gnocchi
|
#: List of programs/services owned by gnocchi
|
||||||
gnocchi_service_names:
|
gnocchi_service_names: []
|
||||||
- "{{ gnocchi_api_program_name }}"
|
|
||||||
# TODO(stevelle) needs configuration help
|
# TODO(stevelle) needs configuration help
|
||||||
|
# - "{{ gnocchi_api_program_name }}"
|
||||||
# - "{{ gnocchi_metricd_program_name }}"
|
# - "{{ gnocchi_metricd_program_name }}"
|
||||||
|
|
||||||
#: Tunable overrides
|
#: Tunable overrides
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
# gnocchi_service_names should exclude the API if {{ gnocchi_use_mod_wsgi }}
|
||||||
- name: Restart gnocchi services
|
- name: Restart gnocchi services
|
||||||
service:
|
service:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
|
@ -20,3 +21,13 @@
|
||||||
pattern: "{{ item }}"
|
pattern: "{{ item }}"
|
||||||
with_items: gnocchi_service_names
|
with_items: gnocchi_service_names
|
||||||
|
|
||||||
|
- name: Restart Apache
|
||||||
|
service:
|
||||||
|
name: "apache2"
|
||||||
|
state: "restarted"
|
||||||
|
pattern: "apache2"
|
||||||
|
when: gnocchi_use_mod_wsgi | bool
|
||||||
|
register: apache_restart
|
||||||
|
until: apache_restart|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
|
|
@ -0,0 +1,89 @@
|
||||||
|
---
|
||||||
|
# Copyright 2014, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Drop apache2 virtual host and ports file
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
with_items:
|
||||||
|
- { src: "gnocchi-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
|
||||||
|
- { src: "gnocchi-httpd.conf.j2", dest: "/etc/apache2/sites-available/gnocchi-httpd.conf" }
|
||||||
|
notify:
|
||||||
|
- Restart Apache
|
||||||
|
tags:
|
||||||
|
- gnocchi-httpd
|
||||||
|
|
||||||
|
- name: Disable default apache site
|
||||||
|
file:
|
||||||
|
path: "/etc/apache2/sites-enabled/000-default.conf"
|
||||||
|
state: "absent"
|
||||||
|
notify:
|
||||||
|
- Restart Apache
|
||||||
|
tags:
|
||||||
|
- gnocchi-httpd
|
||||||
|
|
||||||
|
- name: Enabled gnocchi vhost
|
||||||
|
file:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
state: "{{ item.state }}"
|
||||||
|
with_items:
|
||||||
|
- { src: "/etc/apache2/sites-available/gnocchi-httpd.conf", dest: "/etc/apache2/sites-enabled/gnocchi-httpd.conf", state: "link" }
|
||||||
|
notify:
|
||||||
|
- Restart Apache
|
||||||
|
tags:
|
||||||
|
- gnocchi-httpd
|
||||||
|
|
||||||
|
- name: Ensure Apache ServerName
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/apache2/apache2.conf"
|
||||||
|
line: "ServerName {{ inventory_hostname }}"
|
||||||
|
notify:
|
||||||
|
- Restart Apache
|
||||||
|
tags:
|
||||||
|
- gnocchi-httpd
|
||||||
|
|
||||||
|
- name: Ensure Apache ServerTokens
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/apache2/conf-available/security.conf"
|
||||||
|
regexp: '^ServerTokens'
|
||||||
|
line: "ServerTokens {{ gnocchi_apache_servertokens }}"
|
||||||
|
notify:
|
||||||
|
- Restart Apache
|
||||||
|
tags:
|
||||||
|
- gnocchi-httpd
|
||||||
|
|
||||||
|
- name: Ensure Apache ServerSignature
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/apache2/conf-available/security.conf"
|
||||||
|
regexp: '^ServerSignature'
|
||||||
|
line: "ServerSignature {{ gnocchi_apache_serversignature }}"
|
||||||
|
notify:
|
||||||
|
- Restart Apache
|
||||||
|
tags:
|
||||||
|
- gnocchi-httpd
|
||||||
|
|
||||||
|
- name: Enable/disable mod_ssl for apache2
|
||||||
|
apache2_module:
|
||||||
|
name: ssl
|
||||||
|
state: "{{ (gnocchi_ssl | bool) | ternary('present', 'absent') }}"
|
||||||
|
notify:
|
||||||
|
- Restart Apache
|
||||||
|
tags:
|
||||||
|
- gnocchi-httpd
|
||||||
|
- gnocchi-ssl
|
|
@ -13,13 +13,28 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Ensure gnocchi API service is started
|
- name: Ensure Gnocchi API service is (re)started
|
||||||
service:
|
meta: flush_handlers
|
||||||
name: "{{ item }}"
|
|
||||||
state: "started"
|
#- name: Ensure Gnocchi API service is started
|
||||||
pattern: "{{ item }}"
|
# service:
|
||||||
with_items:
|
# name: "{{ item }}"
|
||||||
- "{{ gnocchi_api_program_name }}"
|
# state: "started"
|
||||||
|
# pattern: "{{ item }}"
|
||||||
|
# when: not gnocchi_use_mod_wsgi | bool
|
||||||
|
# with_items:
|
||||||
|
# - "{{ gnocchi_api_program_name }}"
|
||||||
|
#
|
||||||
|
#- name: Ensure Gnocchi API is available through Apache
|
||||||
|
# service:
|
||||||
|
# name: "{{ item }}"
|
||||||
|
# state: "restarted"
|
||||||
|
# pattern: "{{ item }}"
|
||||||
|
# when: gnocchi_use_mod_wsgi | bool
|
||||||
|
# retries: 5
|
||||||
|
# delay: 3
|
||||||
|
# with_items:
|
||||||
|
# - apache2
|
||||||
|
|
||||||
- name: Ensure Archive Policies
|
- name: Ensure Archive Policies
|
||||||
gnocchi:
|
gnocchi:
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Drop gnocchi Config(s)
|
- name: Drop Gnocchi Config(s)
|
||||||
config_template:
|
config_template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
|
@ -36,22 +36,36 @@
|
||||||
config_overrides: "{{ gnocchi_policy_overrides }}"
|
config_overrides: "{{ gnocchi_policy_overrides }}"
|
||||||
config_type: "json"
|
config_type: "json"
|
||||||
notify:
|
notify:
|
||||||
- Restart gnocchi services
|
- Restart Apache
|
||||||
tags:
|
tags:
|
||||||
- gnocchi-config
|
- gnocchi-config
|
||||||
|
|
||||||
- name: Get gnocchi command path
|
- name: Get Gnocchi command path
|
||||||
command: which gnocchi
|
command: which gnocchi
|
||||||
register: gnocchi_command_path
|
register: gnocchi_command_path
|
||||||
when:
|
when:
|
||||||
- not gnocchi_venv_enabled | bool
|
- not gnocchi_venv_enabled | bool
|
||||||
tags:
|
tags:
|
||||||
- gnocchi-command-bin
|
- gnocchi-command-bin
|
||||||
|
- gnocchi-config
|
||||||
|
|
||||||
- name: Set gnocchi command path
|
- name: Set Gnocchi command path
|
||||||
set_fact:
|
set_fact:
|
||||||
gnocchi_bin: "{{ gnocchi_command_path.stdout | dirname }}"
|
gnocchi_bin: "{{ gnocchi_command_path.stdout | dirname }}"
|
||||||
when:
|
when:
|
||||||
- not gnocchi_venv_enabled | bool
|
- not gnocchi_venv_enabled | bool
|
||||||
tags:
|
tags:
|
||||||
- gnocchi-command-bin
|
- gnocchi-command-bin
|
||||||
|
- gnocchi-config
|
||||||
|
|
||||||
|
- name: Drop Gnocchi WSGI Configs
|
||||||
|
template:
|
||||||
|
src: gnocchi-wsgi.py.j2
|
||||||
|
dest: /var/www/cgi-bin/gnocchi/gnocchi-api
|
||||||
|
owner: "{{ gnocchi_system_user_name }}"
|
||||||
|
group: "{{ gnocchi_system_group_name }}"
|
||||||
|
mode: "0755"
|
||||||
|
notify:
|
||||||
|
- Restart Apache
|
||||||
|
tags:
|
||||||
|
- gnocchi-config
|
||||||
|
|
|
@ -47,6 +47,8 @@
|
||||||
- { path: "/var/lib/gnocchi/tmp" }
|
- { path: "/var/lib/gnocchi/tmp" }
|
||||||
- { path: "/var/lib/gnocchi/locks" }
|
- { path: "/var/lib/gnocchi/locks" }
|
||||||
- { path: "/var/cache/gnocchi", mode: "0700" }
|
- { path: "/var/cache/gnocchi", mode: "0700" }
|
||||||
|
- { path: "/var/www/cgi-bin", owner: root, group: root }
|
||||||
|
- { path: "/var/www/cgi-bin/gnocchi" }
|
||||||
tags:
|
tags:
|
||||||
- gnocchi-dirs
|
- gnocchi-dirs
|
||||||
|
|
||||||
|
|
|
@ -25,5 +25,15 @@
|
||||||
- include: gnocchi_service_setup.yml
|
- include: gnocchi_service_setup.yml
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
|
- include: gnocchi_apache.yml
|
||||||
|
|
||||||
- include: gnocchi_policy_setup.yml
|
- include: gnocchi_policy_setup.yml
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
|
#- include: gnocchi_ssl_self_signed.yml
|
||||||
|
# when: >
|
||||||
|
# gnocchi_user_ssl_cert is not defined or
|
||||||
|
# gnocchi_user_ssl_key is not defined
|
||||||
|
#
|
||||||
|
#- include: gnocchi_ssl_user_provided.yml
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
<VirtualHost *:{{ gnocchi_service_port }}>
|
||||||
|
WSGIDaemonProcess gnocchi lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ gnocchi_system_user_name }} group={{ gnocchi_system_group_name }} processes={{ gnocchi_wsgi_processes }} threads={{ gnocchi_wsgi_threads }} display-name=%{GROUP}
|
||||||
|
WSGIProcessGroup gnocchi
|
||||||
|
WSGIScriptAlias / /var/www/cgi-bin/gnocchi/gnocchi-api
|
||||||
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
|
|
||||||
|
<IfVersion >= 2.4>
|
||||||
|
ErrorLogFormat "%{cu}t %M"
|
||||||
|
</IfVersion>
|
||||||
|
|
||||||
|
LogLevel {{ gnocchi_apache_log_level }}
|
||||||
|
ErrorLog /var/log/gnocchi/gnocchi-apache-error.log
|
||||||
|
CustomLog /var/log/gnocchi/gnocchi-access.log combined
|
||||||
|
|
||||||
|
{% if gnocchi_ssl | bool and gnocchi_service_internaluri_proto == "https" -%}
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile {{ gnocchi_ssl_cert }}
|
||||||
|
SSLCertificateKeyFile {{ gnocchi_ssl_key }}
|
||||||
|
{% if gnocchi_user_ssl_ca_cert is defined -%}
|
||||||
|
SSLCACertificateFile {{ gnocchi_ssl_ca_cert }}
|
||||||
|
{% endif -%}
|
||||||
|
SSLCompression Off
|
||||||
|
SSLProtocol {{ gnocchi_ssl_protocol }}
|
||||||
|
SSLHonorCipherOrder On
|
||||||
|
SSLCipherSuite {{ gnocchi_ssl_cipher_suite }}
|
||||||
|
SSLOptions +StdEnvVars +ExportCertData
|
||||||
|
{% endif %}
|
||||||
|
</VirtualHost>
|
|
@ -0,0 +1,3 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
Listen {{ gnocchi_service_port }}
|
|
@ -0,0 +1,31 @@
|
||||||
|
# Copyright 2013 OpenStack Foundation
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
{% if gnocchi_venv_enabled | bool %}
|
||||||
|
activate_this = os.path.expanduser("{{ gnocchi_venv_bin }}/activate_this.py")
|
||||||
|
execfile(activate_this, dict(__file__=activate_this))
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
|
|
||||||
|
from gnocchi import service
|
||||||
|
from gnocchi.rest import app
|
||||||
|
|
||||||
|
# Initialize the oslo configuration library and logging
|
||||||
|
conf = service.prepare_service()
|
||||||
|
# The pecan debugger cannot be used in wsgi mode
|
||||||
|
conf.set_default('pecan_debug', False, group='api')
|
||||||
|
application = app.load_app(conf)
|
Loading…
Reference in New Issue