Use uwsgi role for keystone

Instead of having own implementation of uwsgi, use common role. This allows to reduce maintainable code and ease providing fixes and features to uwsgi deployment code. Change-Id: I2dc9c749c37e41959da2403fab7512ab17b859e4
2022-02-09 12:10:18 +02:00 · 2022-02-09 12:10:18 +02:00 · cb7eaa7ce3
commit cb7eaa7ce3
parent 419cb210a9
7 changed files with 43 additions and 104 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -230,6 +230,9 @@ keystone_uwsgi_ports:
    socket: 35358

 keystone_uwsgi_ini_overrides: {}
+keystone_default_uwsgi_overrides:
+  uwsgi:
+    socket: "127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}"

 # set keystone_ssl to true to enable SSL configuration on the keystone containers
 keystone_ssl: false
@ -526,9 +529,11 @@ keystone_uwsgi_init_overrides: {}
 keystone_services:
  keystone-wsgi-public:
    group: keystone_all
-    service_name: "keystone-wsgi-public"
-    init_config_overrides: "{{ keystone_uwsgi_init_overrides }}"
-    execstarts: "{{ keystone_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-public.ini"
+    wsgi_app: True
+    wsgi_path: "{{ keystone_bin }}/keystone-wsgi-public"
+    uwsgi_overrides: "{{ keystone_default_uwsgi_overrides | combine(keystone_uwsgi_ini_overrides, recursive=True) }}"
+    uwsgi_bind_address: "{{ keystone_uwsgi_bind_address }}"
+    uwsgi_port: "{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"

 ## Extra HTTP headers for Keystone
 # Add any additional headers here that Keystone should return.
--- a/releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml
+++ b/releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml
@ -0,0 +1,7 @@
+---
+upgrade:
+  - |
+    Keystone now uses common uwsgi role for uWSGI deployment. Along with that
+    variable ``keystone_services`` has been extended with required arguments
+    for uWSGI. If you override this variable locally make sure to update it's
+    structure accordingly.
--- a/tasks/keystone_service_bootstrap.yml
+++ b/tasks/keystone_service_bootstrap.yml
@ -15,7 +15,7 @@

 - name: Wait for service to be up
  uri:
-    url: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"
+    url: "http://{{ keystone_uwsgi_bind_address }}:{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"
    method: "HEAD"
    status_code: 300
  register: _wait_check
--- a/tasks/keystone_uwsgi.yml
+++ b/tasks/keystone_uwsgi.yml
@ -1,71 +0,0 @@
---
-# Copyright 2016, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
- name: Ensure uWSGI directory exists
-  file:
-    path: "/etc/uwsgi/"
-    state: directory
-    mode: "0711"
-
- name: Apply uWSGI configuration
-  openstack.config_template.config_template:
-    src: "keystone-uwsgi.ini.j2"
-    dest: "/etc/uwsgi/{{ item }}.ini"
-    mode: "0744"
-    config_overrides: "{{ keystone_uwsgi_ini_overrides }}"
-    config_type: ini
-  with_items: "{{ keystone_services.keys() | list }}"
-  notify:
-    - Manage LB
-    - Restart uWSGI
-
- name: Run the systemd service role
-  import_role:
-    name: systemd_service
-  vars:
-    systemd_user_name: "{{ keystone_system_user_name }}"
-    systemd_group_name: "{{ keystone_system_group_name }}"
-    systemd_tempd_prefix: openstack
-    systemd_slice_name: keystone
-    systemd_lock_path: /var/lock/keystone
-    systemd_CPUAccounting: true
-    systemd_BlockIOAccounting: true
-    systemd_MemoryAccounting: true
-    systemd_TasksAccounting: true
-    systemd_services: |
-      {%- set services = [] -%}
-      {%- for service in keystone_services.values() | list -%}
-      {%-   set _ = service.update({
-                      'enabled': 'yes',
-                      'state': 'started',
-                      'config_overrides': service.init_config_overrides
-                    })
-      -%}
-      {%-   set _ = service.pop('init_config_overrides') -%}
-      {%-   set _ = services.append(service) -%}
-      {%- endfor %}
-      {{- services -}}
-  tags:
-    - keystone-config
-    - systemd-service
-
-# This is to cater for Q-R, R-S upgrades and can be removed in T
- name: Stop and disable keystone-wsgi-admin
-  file:
-    path: /etc/systemd/system/keystone-wsgi-admin.service
-    state: absent
-  notify:
-    - Manage LB
-    - Restart web server
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -169,9 +169,15 @@
  tags:
    - keystone-config

- import_tasks: keystone_uwsgi.yml
+- name: Import uwsgi role
+  import_role:
+    name: uwsgi
+  vars:
+    uwsgi_services: "{{ uwsgi_keystone_services }}"
+    uwsgi_install_method: "{{ keystone_install_method }}"
  tags:
    - keystone-config
+    - uwsgi

 - name: Flush handlers
  meta: flush_handlers
--- a/templates/keystone-uwsgi.ini.j2
+++ b/templates/keystone-uwsgi.ini.j2
@ -1,28 +0,0 @@
-# {{ ansible_managed }}
-[uwsgi]
-uid = {{ keystone_system_user_name }}
-gid = {{ keystone_system_group_name }}
-
-{% if keystone_install_method == 'source' %}
-virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }}
-{% endif %}
-{% if keystone_install_method == 'distro' and (ansible_os_family | lower) == 'debian' %}
-plugin = python3
-{% endif %}
-wsgi-file = {{ keystone_bin }}/{{ item }}
-http = {{ keystone_uwsgi_bind_address }}:{{ keystone_uwsgi_ports[item]['http'] }}
-socket = 127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }}
-
-master = true
-enable-threads = true
-processes = {{ keystone_wsgi_processes }}
-threads = {{ keystone_wsgi_threads }}
-exit-on-reload = true
-die-on-term = true
-lazy-apps = true
-add-header = Connection: close
-buffer-size = 65535
-thunder-lock = true
-
-# Avoid filling up the logs with health check requests from haproxy.
-route-user-agent = ^osa-haproxy-healthcheck$ donotlog:
--- a/vars/main.yml
+++ b/vars/main.yml
@ -15,5 +15,25 @@

 keystone_core_files: []

+uwsgi_keystone_services: |-
+  {% set services = {} %}
+  {% for key, value in keystone_services.items() %}
+  {%   if (value['group'] in group_names) and
+         (('condition' not in value) or ('condition' in value and value['condition']))
+         and ('wsgi_app' in value and value['wsgi_app']) %}
+  {%     set _ = value.update(
+           {
+             'wsgi_venv': (keystone_install_method == 'source') | ternary(keystone_bin | dirname, None),
+             'uwsgi_uid': keystone_system_user_name,
+             'uwsgi_guid': keystone_system_group_name,
+             'uwsgi_processes': keystone_wsgi_processes,
+             'uwsgi_threads': keystone_wsgi_threads,
+           }
+         ) %}
+  {%     set _ = services.update({key: value}) %}
+  {%   endif %}
+  {% endfor %}
+  {{ services }}
+
 _keystone_is_first_play_host: "{{ (keystone_services['keystone-wsgi-public']['group'] in group_names and inventory_hostname == ((groups[keystone_services['keystone-wsgi-public']['group']] | intersect(ansible_play_hosts)) | list)[0]) | bool }}"
 _keystone_is_last_play_host: "{{ (keystone_services['keystone-wsgi-public']['group'] in group_names and inventory_hostname == ((groups[keystone_services['keystone-wsgi-public']['group']] | intersect(ansible_play_hosts)) | list)[-1]) | bool }}"