Merge "Configure Apache to proxy for Uwsgi"

2016-08-31 18:46:22 +00:00 · 2016-08-31 18:46:22 +00:00 · 6b3af85bf2
commit 6b3af85bf2
parent b9161ddabb 52b1a71759
8 changed files with 91 additions and 1 deletions
--- a/releasenotes/notes/os-keystone-uwsgi-and-nginx-options-2157f8e40a7a8156.yaml
+++ b/releasenotes/notes/os-keystone-uwsgi-and-nginx-options-2157f8e40a7a8156.yaml
@ -0,0 +1,19 @@
+---
+features:
+  - Introduced option to deploy Keystone under Uwsgi. A new variable
+    ``keystone_mod_wsgi_enabled`` is introduced to toggle this
+    behavior. The ports used by Uwsgi for socket and http connection
+    for both public and admin Keystone services are configurable
+    (see also the ``keystone_uwsgi_ports`` dictionary variable).
+    Federation features should be considered _experimental_ with
+    this configuration at this time. The default is ``true`` which
+    continues to deploy with mod_wsgi for Apache.
+  - Introduced option to deploy Keystone behind Nginx. A new
+    variable ``keystone_apache_enabled`` is introduced to toggle
+    this behavior. Additional configuration can be delivered to
+    Nginx through the use of the ``keystone_nginx_extra_conf`` list
+    variable. Federation features are not supported with this
+    configuration at this time. Use of this option requires
+    ``keystone_mod_wsgi_enabled`` to be set to ``false`` which will
+    deploy Keystone under Uwsgi. The default is ``true`` which
+    continues to deploy with Apache.
--- a/tasks/keystone_install_apt.yml
+++ b/tasks/keystone_install_apt.yml
@ -53,7 +53,20 @@
  retries: 5
  delay: 2
  with_items: "{{ keystone_mod_wsgi_distro_packages }}"
-  when: keystone_mod_wsgi_enabled | bool
+  when:
+    - keystone_mod_wsgi_enabled | bool
+
+- name: Install mod_proxy_uwsgi apt packages
+  apt:
+    pkg: "{{ item }}"
+    state: "{{ keystone_package_state }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: "{{ keystone_mod_proxy_uwsgi_distro_packages }}"
+  when:
+    - not keystone_mod_wsgi_enabled | bool

 - name: Install Nginx apt packages
  apt:
--- a/tasks/keystone_install_yum.yml
+++ b/tasks/keystone_install_yum.yml
@ -70,6 +70,18 @@
  when:
    - keystone_mod_wsgi_enabled | bool

+- name: Install mod_proxy_uwsgi apt packages
+  yum:
+    pkg: "{{ item }}"
+    state: "{{ keystone_package_state }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: "{{ keystone_mod_proxy_uwsgi_distro_packages }}"
+  when:
+    - not keystone_mod_wsgi_enabled | bool
+
 - name: Install Nginx yum packages
  yum:
    pkg: "{{ item }}"
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -57,12 +57,16 @@
    WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/cgi-bin/keystone/main/$1
    {% endif %}

+    {% if keystone_mod_wsgi_enabled | bool -%}
    <Directory /var/www/cgi-bin/keystone>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
+    {% else %}
+    ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports[keystone-wsgi-public]["socket"] }}/
+    {% endif %}

 </VirtualHost>

@ -97,10 +101,19 @@
    SSLOptions +StdEnvVars +ExportCertData
    {% endif %}

+    {% if keystone_mod_wsgi_enabled | bool -%}
    <Directory /var/www/cgi-bin/keystone>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
+    {% else -%}
+    ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports[keystone-wsgi-admin]["socket"] }}/
+    {% endif %}
+
 </VirtualHost>
+{% if not keystone_mod_wsgi_enabled | bool -%}
+ProxyPass /identity uwsgi://127.0.0.1:{{ keystone_uwsgi_ports[keystone-wsgi-public]['socket'] }}/
+ProxyPass /identity_admin uwsgi://127.0.0.1:{{ keystone_uwsgi_ports[keystone-wsgi-admin]['socket'] }}/
+{% endif %}
--- a/tox.ini
+++ b/tox.ini
@ -175,6 +175,30 @@ commands =
    bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'


+[testenv:func_uwsgi_apache]
+# Ignore_errors is set to true so that the logs are collected at the
+#  end of the run. This will not produce a failse positive. Any
+#  exception will be mark the run as "failed" and exit 1 after all of
+#  the commands have been iterated through.
+ignore_errors = True
+# NOTE(stevelle): this will test keystone with uwsgi & apache
+install_command =
+    {[testenv:func_base]install_command}
+deps =
+    {[testenv:ansible]deps}
+setenv =
+    {[testenv:ansible]setenv}
+commands =
+    {[testenv:ansible]commands}
+    ansible-playbook -i {toxinidir}/tests/inventory \
+                     -e "rolename={toxinidir}" \
+                     -e "install_test_packages=True" \
+                     -e "keystone_mod_wsgi_enabled=False" \
+                     {toxinidir}/tests/test.yml -vvvv
+    bash -c 'mkdir -p {toxinidir}/logs'
+    bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
+
+
 [testenv:func_uwsgi_nginx]
 # Ignore_errors is set to true so that the logs are collected at the
 #  end of the run. This will not produce a failse positive. Any
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@ -44,6 +44,9 @@ keystone_apache_distro_packages:
 keystone_mod_wsgi_distro_packages:
  - mod_wsgi

+keystone_mod_proxy_uwsgi_distro_packages:
+  - mod_proxy_uwsgi
+
 keystone_nginx_distro_packages:
  - nginx

--- a/vars/ubuntu-14.04.yml
+++ b/vars/ubuntu-14.04.yml
@ -36,6 +36,9 @@ keystone_apache_distro_packages:
 keystone_mod_wsgi_distro_packages:
  - libapache2-mod-wsgi

+keystone_mod_proxy_uwsgi_distro_packages:
+  - libapache2-mod-proxy-uwsgi
+
 keystone_nginx_distro_packages:
  - nginx-full

--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@ -36,6 +36,9 @@ keystone_apache_distro_packages:
 keystone_mod_wsgi_distro_packages:
  - libapache2-mod-wsgi

+keystone_mod_proxy_uwsgi_distro_packages:
+  - libapache2-mod-proxy-uwsgi
+
 keystone_nginx_distro_packages:
  - nginx-full