From cb7eaa7ce305328a8677bcbe6a34f7577b77b041 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 9 Feb 2022 12:10:18 +0200 Subject: [PATCH] Use uwsgi role for keystone Instead of having own implementation of uwsgi, use common role. This allows to reduce maintainable code and ease providing fixes and features to uwsgi deployment code. Change-Id: I2dc9c749c37e41959da2403fab7512ab17b859e4 --- defaults/main.yml | 11 ++- .../keystone_uwsgi_role-b61179e170401e21.yaml | 7 ++ tasks/keystone_service_bootstrap.yml | 2 +- tasks/keystone_uwsgi.yml | 71 ------------------- tasks/main.yml | 8 ++- templates/keystone-uwsgi.ini.j2 | 28 -------- vars/main.yml | 20 ++++++ 7 files changed, 43 insertions(+), 104 deletions(-) create mode 100644 releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml delete mode 100644 tasks/keystone_uwsgi.yml delete mode 100644 templates/keystone-uwsgi.ini.j2 diff --git a/defaults/main.yml b/defaults/main.yml index cc2e9b3a..50ae18cf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -230,6 +230,9 @@ keystone_uwsgi_ports: socket: 35358 keystone_uwsgi_ini_overrides: {} +keystone_default_uwsgi_overrides: + uwsgi: + socket: "127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}" # set keystone_ssl to true to enable SSL configuration on the keystone containers keystone_ssl: false @@ -526,9 +529,11 @@ keystone_uwsgi_init_overrides: {} keystone_services: keystone-wsgi-public: group: keystone_all - service_name: "keystone-wsgi-public" - init_config_overrides: "{{ keystone_uwsgi_init_overrides }}" - execstarts: "{{ keystone_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-public.ini" + wsgi_app: True + wsgi_path: "{{ keystone_bin }}/keystone-wsgi-public" + uwsgi_overrides: "{{ keystone_default_uwsgi_overrides | combine(keystone_uwsgi_ini_overrides, recursive=True) }}" + uwsgi_bind_address: "{{ keystone_uwsgi_bind_address }}" + uwsgi_port: "{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}" ## Extra HTTP headers for Keystone # Add any additional headers here that Keystone should return. diff --git a/releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml b/releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml new file mode 100644 index 00000000..c1c37f09 --- /dev/null +++ b/releasenotes/notes/keystone_uwsgi_role-b61179e170401e21.yaml @@ -0,0 +1,7 @@ +--- +upgrade: + - | + Keystone now uses common uwsgi role for uWSGI deployment. Along with that + variable ``keystone_services`` has been extended with required arguments + for uWSGI. If you override this variable locally make sure to update it's + structure accordingly. diff --git a/tasks/keystone_service_bootstrap.yml b/tasks/keystone_service_bootstrap.yml index e96fc5f0..8e44b18e 100644 --- a/tasks/keystone_service_bootstrap.yml +++ b/tasks/keystone_service_bootstrap.yml @@ -15,7 +15,7 @@ - name: Wait for service to be up uri: - url: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}" + url: "http://{{ keystone_uwsgi_bind_address }}:{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}" method: "HEAD" status_code: 300 register: _wait_check diff --git a/tasks/keystone_uwsgi.yml b/tasks/keystone_uwsgi.yml deleted file mode 100644 index fa2d2a84..00000000 --- a/tasks/keystone_uwsgi.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure uWSGI directory exists - file: - path: "/etc/uwsgi/" - state: directory - mode: "0711" - -- name: Apply uWSGI configuration - openstack.config_template.config_template: - src: "keystone-uwsgi.ini.j2" - dest: "/etc/uwsgi/{{ item }}.ini" - mode: "0744" - config_overrides: "{{ keystone_uwsgi_ini_overrides }}" - config_type: ini - with_items: "{{ keystone_services.keys() | list }}" - notify: - - Manage LB - - Restart uWSGI - -- name: Run the systemd service role - import_role: - name: systemd_service - vars: - systemd_user_name: "{{ keystone_system_user_name }}" - systemd_group_name: "{{ keystone_system_group_name }}" - systemd_tempd_prefix: openstack - systemd_slice_name: keystone - systemd_lock_path: /var/lock/keystone - systemd_CPUAccounting: true - systemd_BlockIOAccounting: true - systemd_MemoryAccounting: true - systemd_TasksAccounting: true - systemd_services: | - {%- set services = [] -%} - {%- for service in keystone_services.values() | list -%} - {%- set _ = service.update({ - 'enabled': 'yes', - 'state': 'started', - 'config_overrides': service.init_config_overrides - }) - -%} - {%- set _ = service.pop('init_config_overrides') -%} - {%- set _ = services.append(service) -%} - {%- endfor %} - {{- services -}} - tags: - - keystone-config - - systemd-service - -# This is to cater for Q-R, R-S upgrades and can be removed in T -- name: Stop and disable keystone-wsgi-admin - file: - path: /etc/systemd/system/keystone-wsgi-admin.service - state: absent - notify: - - Manage LB - - Restart web server diff --git a/tasks/main.yml b/tasks/main.yml index a12c9aa6..141c2f49 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -169,9 +169,15 @@ tags: - keystone-config -- import_tasks: keystone_uwsgi.yml +- name: Import uwsgi role + import_role: + name: uwsgi + vars: + uwsgi_services: "{{ uwsgi_keystone_services }}" + uwsgi_install_method: "{{ keystone_install_method }}" tags: - keystone-config + - uwsgi - name: Flush handlers meta: flush_handlers diff --git a/templates/keystone-uwsgi.ini.j2 b/templates/keystone-uwsgi.ini.j2 deleted file mode 100644 index a1b352fc..00000000 --- a/templates/keystone-uwsgi.ini.j2 +++ /dev/null @@ -1,28 +0,0 @@ -# {{ ansible_managed }} -[uwsgi] -uid = {{ keystone_system_user_name }} -gid = {{ keystone_system_group_name }} - -{% if keystone_install_method == 'source' %} -virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }} -{% endif %} -{% if keystone_install_method == 'distro' and (ansible_os_family | lower) == 'debian' %} -plugin = python3 -{% endif %} -wsgi-file = {{ keystone_bin }}/{{ item }} -http = {{ keystone_uwsgi_bind_address }}:{{ keystone_uwsgi_ports[item]['http'] }} -socket = 127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }} - -master = true -enable-threads = true -processes = {{ keystone_wsgi_processes }} -threads = {{ keystone_wsgi_threads }} -exit-on-reload = true -die-on-term = true -lazy-apps = true -add-header = Connection: close -buffer-size = 65535 -thunder-lock = true - -# Avoid filling up the logs with health check requests from haproxy. -route-user-agent = ^osa-haproxy-healthcheck$ donotlog: diff --git a/vars/main.yml b/vars/main.yml index 831245dd..e971ecf0 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -15,5 +15,25 @@ keystone_core_files: [] +uwsgi_keystone_services: |- + {% set services = {} %} + {% for key, value in keystone_services.items() %} + {% if (value['group'] in group_names) and + (('condition' not in value) or ('condition' in value and value['condition'])) + and ('wsgi_app' in value and value['wsgi_app']) %} + {% set _ = value.update( + { + 'wsgi_venv': (keystone_install_method == 'source') | ternary(keystone_bin | dirname, None), + 'uwsgi_uid': keystone_system_user_name, + 'uwsgi_guid': keystone_system_group_name, + 'uwsgi_processes': keystone_wsgi_processes, + 'uwsgi_threads': keystone_wsgi_threads, + } + ) %} + {% set _ = services.update({key: value}) %} + {% endif %} + {% endfor %} + {{ services }} + _keystone_is_first_play_host: "{{ (keystone_services['keystone-wsgi-public']['group'] in group_names and inventory_hostname == ((groups[keystone_services['keystone-wsgi-public']['group']] | intersect(ansible_play_hosts)) | list)[0]) | bool }}" _keystone_is_last_play_host: "{{ (keystone_services['keystone-wsgi-public']['group'] in group_names and inventory_hostname == ((groups[keystone_services['keystone-wsgi-public']['group']] | intersect(ansible_play_hosts)) | list)[-1]) | bool }}"