Isolate mod_wsgi from Apache install

This allows deploys to elect to have Keystone run off of Apache
without implying the use of mod_wsgi, such as with uwsgi. A
following patch will introduce the Apache configuration needed to
link Apache to uwsgi so that existing Federation support can be
used.

Release notes summarizing all changes for this blueprint will follow
in the final patch in the series.

Change-Id: Idf9e48b0c93174648982cf27cf922d3801565c74
Related: blueprint keystone-uwsgi
This commit is contained in:
Steve Lewis 2016-08-29 13:48:55 -07:00 committed by Jesse Pretorius (odyssey4me)
parent 2b8aa0703c
commit db7248bdc1
10 changed files with 76 additions and 24 deletions

View File

@ -166,7 +166,8 @@ keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"
#keystone_public_endpoint: "{{ keystone_service_publicuri }}"
## Apache setup
keystone_apache_mod_wsgi_enabled: true
keystone_apache_enabled: true
keystone_mod_wsgi_enabled: true
keystone_apache_log_level: info
keystone_apache_custom_log_format: combined
keystone_apache_servertokens: "Prod"

View File

@ -22,7 +22,7 @@
until: _restart|success
retries: 5
delay: 2
when: keystone_apache_mod_wsgi_enabled | bool
when: (keystone_apache_enabled | bool) or (keystone_mod_wsgi_enabled | bool)
- name: Restart Nginx
service:
@ -32,7 +32,7 @@
until: keystone_restart | success
retries: 5
delay: 2
when: not keystone_apache_mod_wsgi_enabled | bool
when: not keystone_apache_enabled | bool
- name: Restart Keystone APIs
service:
@ -43,7 +43,7 @@
retries: 5
delay: 2
with_items: keystone_wsgi_program_names
when: not keystone_apache_mod_wsgi_enabled | bool
when: not keystone_mod_wsgi_enabled | bool
- name: Restart Shibd
service:

View File

@ -42,7 +42,18 @@
delay: 2
with_items: "{{ keystone_apache_distro_packages }}"
when:
- keystone_apache_mod_wsgi_enabled | bool
- keystone_apache_enabled | bool
- name: Install mod_wsgi apt packages
apt:
pkg: "{{ item }}"
state: "{{ keystone_package_state }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: "{{ keystone_mod_wsgi_distro_packages }}"
when: keystone_mod_wsgi_enabled | bool
- name: Install Nginx apt packages
apt:
@ -54,7 +65,7 @@
delay: 2
with_items: "{{ keystone_nginx_distro_packages }}"
when:
- not keystone_apache_mod_wsgi_enabled | bool
- not keystone_apache_enabled | bool
- name: Install IdP apt packages
apt:
@ -66,7 +77,7 @@
delay: 2
with_items: "{{ keystone_idp_distro_packages }}"
when:
- keystone_apache_mod_wsgi_enabled | bool
- keystone_apache_enabled | bool
- keystone_idp != {}
- name: Install SP apt packages
@ -79,7 +90,7 @@
delay: 2
with_items: "{{ keystone_sp_distro_packages }}"
when:
- keystone_apache_mod_wsgi_enabled | bool
- keystone_apache_enabled | bool
- keystone_sp != {}
- name: Install developer mode apt packages

View File

@ -56,7 +56,19 @@
delay: 2
with_items: "{{ keystone_apache_distro_packages }}"
when:
- keystone_apache_mod_wsgi_enabled | bool
- keystone_apache_enabled | bool
- name: Install mod_wsgi yum packages
yum:
pkg: "{{ item }}"
state: "{{ keystone_package_state }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: "{{ keystone_mod_wsgi_distro_packages }}"
when:
- keystone_mod_wsgi_enabled | bool
- name: Install Nginx yum packages
yum:
@ -68,7 +80,7 @@
delay: 2
with_items: "{{ keystone_nginx_distro_packages }}"
when:
- not keystone_apache_mod_wsgi_enabled | bool
- not keystone_apache_enabled | bool
- name: Install IdP yum packages
yum:

View File

@ -19,7 +19,6 @@
state: stopped
pattern: "{{ keystone_system_service_name }}"
failed_when: false
when: not keystone_apache_mod_wsgi_enabled | bool
- name: Disable default configuration
file:

View File

@ -21,6 +21,15 @@
tags:
- always
- name: Fail if incompatible configuration detected
fail:
msg: "keystone_apache_enabled must be True when keystone_mod_wsgi_enabled."
when:
- not keystone_apache_enabled | bool
- keystone_mod_wsgi_enabled | bool
tags:
- always
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
@ -99,20 +108,19 @@
tags:
- keystone-install
- keystone-config
when: keystone_apache_mod_wsgi_enabled | bool
when: keystone_apache_enabled | bool
- include: keystone_nginx.yml
tags:
- keystone-install
- keystone-config
when: not keystone_apache_mod_wsgi_enabled | bool
when: not keystone_apache_enabled | bool
- include: keystone_uwsgi.yml
tags:
- keystone-install
- keystone-config
when:
- not keystone_apache_mod_wsgi_enabled | bool
when: not keystone_apache_enabled | bool
- name: Flush handlers
meta: flush_handlers

29
tox.ini
View File

@ -144,17 +144,23 @@ commands =
ansible-lint {toxinidir}
[testenv:func_base]
# NOTE(odyssey4me): this target does not use constraints because
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
# drop the install_command.
install_command =
pip install -U --force-reinstall {opts} {packages}
[testenv:functional]
# Ignore_errors is set to true so that the logs are collected at the
# end of the run. This will not produce a failse positive. Any
# exception will be mark the run as "failed" and exit 1 after all of
# the commands have been iterated through.
ignore_errors = True
# NOTE(odyssey4me): this target does not use constraints because
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
# drop the install_command.
# NOTE(andymccr): this target will test keystone with apache & mod_wsgi
install_command =
pip install -U --force-reinstall {opts} {packages}
{[testenv:func_base]install_command}
deps =
{[testenv:ansible]deps}
setenv =
@ -168,10 +174,16 @@ commands =
bash -c 'mkdir -p {toxinidir}/logs'
bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
[testenv:func_uwsgi_nginx]
# Ignore_errors is set to true so that the logs are collected at the
# end of the run. This will not produce a failse positive. Any
# exception will be mark the run as "failed" and exit 1 after all of
# the commands have been iterated through.
ignore_errors = True
# NOTE(andymccr): this will test keystone with uwsgi & nginx
[testenv:func_uwsgi-nginx]
install_command =
pip install -U --force-reinstall {opts} {packages}
{[testenv:func_base]install_command}
deps =
{[testenv:ansible]deps}
setenv =
@ -181,8 +193,11 @@ commands =
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-e "install_test_packages=True" \
-e "keystone_apache_mod_wsgi_enabled=False" \
-e "keystone_apache_enabled=False" \
-e "keystone_mod_wsgi_enabled=False" \
{toxinidir}/tests/test.yml -vvvv
bash -c 'mkdir -p {toxinidir}/logs'
bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
[testenv:linters]

View File

@ -30,8 +30,6 @@ keystone_distro_packages:
- libgsasl-devel
- libxml2-devel
- libxslt-devel
- mod_ssl
- mod_wsgi
- openldap
- openldap-devel
- openssl
@ -41,6 +39,10 @@ keystone_distro_packages:
keystone_apache_distro_packages:
- httpd
- httpd-tools
- mod_ssl
keystone_mod_wsgi_distro_packages:
- mod_wsgi
keystone_nginx_distro_packages:
- nginx

View File

@ -32,6 +32,8 @@ keystone_distro_packages:
keystone_apache_distro_packages:
- apache2
- apache2-utils
keystone_mod_wsgi_distro_packages:
- libapache2-mod-wsgi
keystone_nginx_distro_packages:

View File

@ -32,6 +32,8 @@ keystone_distro_packages:
keystone_apache_distro_packages:
- apache2
- apache2-utils
keystone_mod_wsgi_distro_packages:
- libapache2-mod-wsgi
keystone_nginx_distro_packages: