diff --git a/defaults/main.yml b/defaults/main.yml index 59ca4286..58c72b43 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -181,6 +181,16 @@ keystone_httpd_mpm_thread_child: 25 keystone_httpd_mpm_max_requests: 150 keystone_httpd_mpm_max_conn_child: 0 +## uWSGI setup +keystone_wsgi_public_program_name: keystone-wsgi-public +keystone_wsgi_admin_program_name: keystone-wsgi-admin +keystone_wsgi_program_names: + - "{{ keystone_wsgi_public_program_name }}" + - "{{ keystone_wsgi_admin_program_name }}" +keystone_uwsgi_ports: + keystone-wsgi-public: 37358 + keystone-wsgi-admin: 37359 + # set keystone_ssl to true to enable SSL configuration on the keystone containers keystone_ssl: false keystone_ssl_cert: /etc/ssl/certs/keystone.pem @@ -403,6 +413,7 @@ keystone_pip_packages: - python-memcached - python-openstackclient - repoze.lru + - uWSGI # This variable is used by the repo_build process to determine # which host group to check for members of before building the diff --git a/handlers/main.yml b/handlers/main.yml index b51cc2c2..e1cf1fdf 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -24,6 +24,17 @@ delay: 2 when: keystone_apache_mod_wsgi_enabled | bool +- name: Restart Keystone APIs + service: + name: "{{ item }}" + state: "restarted" + register: keystone_restart + until: keystone_restart | success + retries: 5 + delay: 2 + with_items: keystone_wsgi_program_names + when: not keystone_apache_mod_wsgi_enabled | bool + - name: Restart Shibd service: name: "shibd" diff --git a/tasks/keystone_idp_metadata.yml b/tasks/keystone_idp_metadata.yml index 512bb7c0..8d5f9690 100644 --- a/tasks/keystone_idp_metadata.yml +++ b/tasks/keystone_idp_metadata.yml @@ -21,3 +21,4 @@ when: keystone_idp != {} notify: - Restart Apache + - Restart Keystone APIs \ No newline at end of file diff --git a/tasks/keystone_init_common.yml b/tasks/keystone_init_common.yml new file mode 100644 index 00000000..12234d2b --- /dev/null +++ b/tasks/keystone_init_common.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: keystone_init_upstart.yml + when: pid1_name == "init" + +- include: keystone_init_systemd.yml + when: pid1_name == "systemd" + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" diff --git a/tasks/keystone_init_systemd.yml b/tasks/keystone_init_systemd.yml new file mode 100644 index 00000000..373944f6 --- /dev/null +++ b/tasks/keystone_init_systemd.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create Keystone TEMP dirs + file: + path: "{{ item.path }}/{{ program_name }}" + state: directory + owner: "{{ system_user }}" + group: "{{ system_group }}" + mode: "02755" + with_items: + - { path: "/var/run" } + - { path: "/var/lock" } + +- name: Create tempfile.d entry + template: + src: "keystone-systemd-tempfiles.j2" + dest: "/etc/tmpfiles.d/keystone.conf" + mode: "0644" + owner: "root" + group: "root" + +- name: Place the systemd init script + template: + src: "keystone-uwsgi_systemd-init.j2" + dest: "/etc/systemd/system/{{ program_name }}.service" + mode: "0644" + owner: "root" + group: "root" + register: systemd_init + +- name: Reload the systemd daemon + command: "systemctl daemon-reload" + when: systemd_init | changed + notify: + - Restart Keystone APIs diff --git a/tasks/keystone_init_upstart.yml b/tasks/keystone_init_upstart.yml new file mode 100644 index 00000000..39f51a50 --- /dev/null +++ b/tasks/keystone_init_upstart.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "keystone-uwsgi_upstart.conf.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + register: upstart_init + notify: Restart Keystone APIs + +- name: Reload init scripts + shell: | + initctl reload-configuration + when: upstart_init | changed + notify: + - Restart Keystone APIs diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml index c64e88dc..ca12053a 100644 --- a/tasks/keystone_install.yml +++ b/tasks/keystone_install.yml @@ -133,6 +133,7 @@ - keystone_get_venv | changed or keystone_venv_dir | changed notify: - Restart Apache + - Restart Keystone APIs - name: Install pip packages pip: @@ -149,6 +150,7 @@ - keystone_get_venv | failed or keystone_developer_mode | bool notify: - Restart Apache + - Restart Keystone APIs - name: Update virtualenv path command: > diff --git a/tasks/keystone_ldap_setup.yml b/tasks/keystone_ldap_setup.yml index 8fa78136..39daf6c7 100644 --- a/tasks/keystone_ldap_setup.yml +++ b/tasks/keystone_ldap_setup.yml @@ -36,6 +36,7 @@ with_dict: "{{ keystone_ldap }}" notify: - Restart Apache + - Restart Keystone APIs # Bug 1547542 - Older versions of the keystone role would deploy a blank # keystone.Default.conf and this will cause errors when adding LDAP-backed @@ -47,3 +48,4 @@ when: keystone_ldap.Default is not defined notify: - Restart Apache + - Restart Keystone APIs diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml index 4a24c4e4..ca0abcdf 100644 --- a/tasks/keystone_post_install.yml +++ b/tasks/keystone_post_install.yml @@ -37,6 +37,7 @@ config_type: "json" notify: - Restart Apache + - Restart Keystone APIs - name: Drop Keystone Configs copy: @@ -47,4 +48,5 @@ mode: "0644" notify: - Restart Apache + - Restart Keystone APIs diff --git a/tasks/keystone_uwsgi.yml b/tasks/keystone_uwsgi.yml new file mode 100644 index 00000000..78431f31 --- /dev/null +++ b/tasks/keystone_uwsgi.yml @@ -0,0 +1,56 @@ +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Uwsgi Configuration +- name: Ensure uWSGI directory exists + file: + path: "/etc/uwsgi/" + state: directory + mode: "0711" + +- name: Apply uWSGI configuration + template: + src: "keystone-uwsgi.ini.j2" + dest: "/etc/uwsgi/{{ item }}.ini" + mode: "0744" + with_items: keystone_wsgi_program_names + notify: Restart Keystone APIs + +- include: keystone_init_common.yml + vars: + program_name: "{{ keystone_wsgi_public_program_name }}" + service_name: "{{ keystone_wsgi_public_program_name }}" + system_user: "{{ keystone_system_user_name }}" + system_group: "{{ keystone_system_group_name }}" + service_home: "{{ keystone_system_user_home }}" + notify: Restart Keystone APIs + +- include: keystone_init_common.yml + vars: + program_name: "{{ keystone_wsgi_admin_program_name }}" + service_name: "{{ keystone_wsgi_admin_program_name }}" + system_user: "{{ keystone_system_user_name }}" + system_group: "{{ keystone_system_group_name }}" + service_home: "{{ keystone_system_user_home }}" + notify: Restart Keystone APIs + +- name: Ensure uwsgi service started + service: + name: "{{ item }}" + state: started + register: keystone_start + until: keystone_start | success + retries: 5 + delay: 2 + with_items: keystone_wsgi_program_names diff --git a/tasks/main.yml b/tasks/main.yml index 9abc6a79..c1c405a1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -32,6 +32,18 @@ tags: - always +- name: Check init system + command: cat /proc/1/comm + register: _pid1_name + tags: + - always + +- name: Set the name of pid1 + set_fact: + pid1_name: "{{ _pid1_name.stdout }}" + tags: + - always + - include: keystone_pre_install.yml tags: - keystone-install @@ -88,6 +100,13 @@ - keystone-config when: keystone_apache_mod_wsgi_enabled | bool +- include: keystone_uwsgi.yml + tags: + - keystone-install + - keystone-config + when: + - not keystone_apache_mod_wsgi_enabled | bool + - name: Flush handlers meta: flush_handlers diff --git a/templates/keystone-systemd-tempfiles.j2 b/templates/keystone-systemd-tempfiles.j2 new file mode 100644 index 00000000..b723d85d --- /dev/null +++ b/templates/keystone-systemd-tempfiles.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +D /var/lock/{{ program_name }} 2755 {{ system_user }} {{ system_group }} +D /var/run/{{ program_name }} 2755 {{ system_user }} {{ system_group }} diff --git a/templates/keystone-uwsgi.ini.j2 b/templates/keystone-uwsgi.ini.j2 new file mode 100644 index 00000000..c141077e --- /dev/null +++ b/templates/keystone-uwsgi.ini.j2 @@ -0,0 +1,19 @@ +# {{ ansible_managed }} +[uwsgi] +uid = {{ keystone_system_user_name }} +gid = {{ keystone_system_group_name }} + +virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }} +wsgi-file = {{ keystone_bin }}/{{ item }} +http = 0.0.0.0:{{ keystone_uwsgi_ports[item] }} + +master = true +enable-threads = true +processes = {{ keystone_wsgi_processes }} +threads = {{ keystone_wsgi_threads }} +exit-on-reload = true +die-on-term = true +lazy-apps = true +add-header = Connection: close +buffer-size = 65535 +thunder-lock = true diff --git a/templates/keystone-uwsgi_systemd-init.j2 b/templates/keystone-uwsgi_systemd-init.j2 new file mode 100644 index 00000000..ba691734 --- /dev/null +++ b/templates/keystone-uwsgi_systemd-init.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[Unit] +Description=OpenStack Keystone service +After=syslog.target +After=network.target + +[Service] +Type=simple +User={{ system_user }} +Group={{ system_group }} + +{% if program_override is defined %} +ExecStart={{ program_override }} --ini /etc/uwsgi/{{ program_name }}.ini --logto /var/log/keystone/{{ program_name }}.log {{ program_config_options|default('') }} +{% else %} +ExecStart={{ keystone_bin }}/uwsgi --ini /etc/uwsgi/{{ program_name }}.ini --logto /var/log/keystone/{{ program_name }}.log {{ program_config_options|default('') }} +{% endif %} + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 +Restart=on-failure +RestartSec=150 + +[Install] +WantedBy=multi-user.target diff --git a/templates/keystone-uwsgi_upstart.conf.j2 b/templates/keystone-uwsgi_upstart.conf.j2 new file mode 100644 index 00000000..5a0b6bd2 --- /dev/null +++ b/templates/keystone-uwsgi_upstart.conf.j2 @@ -0,0 +1,44 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ program_name }} under uWSGI" +author "Kevin Carter " + +start on runlevel [2345] +stop on runlevel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="{{ keystone_bin }}/uwsgi" + +# Change directory to service users home +chdir "{{ service_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}" + + mkdir -p "/var/lock/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}" + + . {{ keystone_bin }}/activate + +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ program_name }}/{{ program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --make-pidfile \ + --pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" \ + -- --ini "/etc/uwsgi/{{ program_name }}.ini" \ + --logto /var/log/keystone/{{ program_name }}.log \ + -- {{ program_config_options|default('') }}