Merge "Add the option to deploy keystone without apache"
This commit is contained in:
Zuul
Gerrit Code Review
commit
3b4fc2e9aa
|
|
@ -179,12 +179,18 @@ keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_
|
|||
## Set this value to override the "public_endpoint" keystone.conf variable
|
||||
#keystone_public_endpoint: "{{ keystone_service_publicuri }}"
|
||||
|
||||
# Enable or disable uWSGI as the primary service manager. While uWSGI is used
|
||||
# for basic deployments, when this option is enabled it will become the sole
|
||||
# service manager instead of being a proxy target.
|
||||
keystone_use_uwsgi: false
|
||||
|
||||
# Apache web server will handle all requests and will act as a
|
||||
# reverse proxy to uWSGI. If internal TLS/SSL certificates are configured,
|
||||
# they are implemented in this web server's configuration. Using a web server
|
||||
# for endpoints is far better for scale and allows the use of additional
|
||||
# modules to improve performance or security, leaving uWSGI to only have
|
||||
# to be used for running the service.
|
||||
# reverse proxy to uWSGI when the `keystone_use_uwsgi` option is not enabled.
|
||||
# If internal TLS/SSL certificates are configured, they are implemented in
|
||||
# this web server's configuration. Using a web server for endpoints is
|
||||
# far better for scale and allows the use of additional modules to improve
|
||||
# performance or security, leaving uWSGI to only have to be used for running
|
||||
# the service.
|
||||
#
|
||||
keystone_web_server_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
|
||||
|
||||
|
|
@ -616,7 +622,7 @@ keystone_services:
|
|||
wsgi_path: "{{ keystone_bin }}/keystone-wsgi-public"
|
||||
uwsgi_overrides: "{{ keystone_default_uwsgi_overrides | combine(keystone_uwsgi_ini_overrides, recursive=True) }}"
|
||||
uwsgi_bind_address: "{{ keystone_uwsgi_bind_address }}"
|
||||
uwsgi_port: "{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"
|
||||
uwsgi_port: "{{ (keystone_use_uwsgi | bool) | ternary(keystone_service_port, keystone_uwsgi_ports['keystone-wsgi-public']['http']) }}"
|
||||
|
||||
## Extra HTTP headers for Keystone
|
||||
# Add any additional headers here that Keystone should return.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
The keystone role now supports the option `keystone_use_uwsgi`, which will
|
||||
allow deployers the ability to run keystone via uWSGI without needing the
|
||||
apache webserver. When the `keystone_use_uwsgi` option is enabled, it will
|
||||
setup the uWSGI process on port 5000.
|
||||
other:
|
||||
- |
|
||||
The keystone role can now has the ability to run a minimal uWSGI process
|
||||
for keystone when the option `keystone_use_uwsgi` is set **true**. This
|
||||
feature provides operators the ability to run a minimal install without
|
||||
apache. While the minimal deployment is functional, it is not featureful.
|
||||
Things like modshib and oath are not supported when running the minimal
|
||||
setup.
|
||||
|
|
@ -149,6 +149,7 @@
|
|||
- import_tasks: keystone_federation_sp_shib_setup.yml
|
||||
when:
|
||||
- keystone_sp_apache_mod_shib
|
||||
- not (keystone_use_uwsgi | bool)
|
||||
tags:
|
||||
- keystone-config
|
||||
|
||||
|
|
@ -172,6 +173,8 @@
|
|||
- keystone-config
|
||||
|
||||
- import_tasks: "keystone_apache.yml"
|
||||
when:
|
||||
- not (keystone_use_uwsgi | bool)
|
||||
tags:
|
||||
- keystone-config
|
||||
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ keystone_apache_modules:
|
|||
# - name: "mod_journald"
|
||||
# state: "present
|
||||
|
||||
keystone_system_service_name: apache2
|
||||
keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'apache2') }}"
|
||||
|
||||
keystone_uwsgi_bin: '/usr/bin'
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
# enabled.
|
||||
#
|
||||
keystone_package_list: |-
|
||||
{% set packages = keystone_distro_packages + keystone_apache_distro_packages %}
|
||||
{% set packages = keystone_distro_packages | union((keystone_use_uwsgi | bool) | ternary([], keystone_apache_distro_packages)) %}
|
||||
{% if keystone_idp != {} %}
|
||||
{% set _ = packages.extend(keystone_idp_distro_packages) %}
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ keystone_apache_configs:
|
|||
- { src: "keystone-httpd.conf.j2", dest: "/etc/httpd/conf.d/keystone-httpd.conf" }
|
||||
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/httpd/conf.modules.d/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
||||
|
||||
keystone_system_service_name: httpd
|
||||
keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'httpd') }}"
|
||||
|
||||
keystone_uwsgi_bin: '/usr/sbin'
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
# enabled.
|
||||
#
|
||||
keystone_package_list: |-
|
||||
{% set packages = keystone_distro_packages + keystone_apache_distro_packages %}
|
||||
{% set packages = keystone_distro_packages | union((keystone_use_uwsgi | bool) | ternary([], keystone_apache_distro_packages)) %}
|
||||
{% if keystone_idp != {} %}
|
||||
{% set _ = packages.extend(keystone_idp_distro_packages) %}
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ keystone_apache_modules:
|
|||
# - name: "mod_journald"
|
||||
# state: "present
|
||||
|
||||
keystone_system_service_name: apache2
|
||||
keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'apache2') }}"
|
||||
|
||||
keystone_uwsgi_bin: '/usr/bin'
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue