Isolate mod_wsgi from Apache install
This allows deploys to elect to have Keystone run off of Apache without implying the use of mod_wsgi, such as with uwsgi. A following patch will introduce the Apache configuration needed to link Apache to uwsgi so that existing Federation support can be used. Release notes summarizing all changes for this blueprint will follow in the final patch in the series. Change-Id: Idf9e48b0c93174648982cf27cf922d3801565c74 Related: blueprint keystone-uwsgi
This commit is contained in:
parent
2b8aa0703c
commit
db7248bdc1
@ -166,7 +166,8 @@ keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"
|
||||
#keystone_public_endpoint: "{{ keystone_service_publicuri }}"
|
||||
|
||||
## Apache setup
|
||||
keystone_apache_mod_wsgi_enabled: true
|
||||
keystone_apache_enabled: true
|
||||
keystone_mod_wsgi_enabled: true
|
||||
keystone_apache_log_level: info
|
||||
keystone_apache_custom_log_format: combined
|
||||
keystone_apache_servertokens: "Prod"
|
||||
|
@ -22,7 +22,7 @@
|
||||
until: _restart|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
when: keystone_apache_mod_wsgi_enabled | bool
|
||||
when: (keystone_apache_enabled | bool) or (keystone_mod_wsgi_enabled | bool)
|
||||
|
||||
- name: Restart Nginx
|
||||
service:
|
||||
@ -32,7 +32,7 @@
|
||||
until: keystone_restart | success
|
||||
retries: 5
|
||||
delay: 2
|
||||
when: not keystone_apache_mod_wsgi_enabled | bool
|
||||
when: not keystone_apache_enabled | bool
|
||||
|
||||
- name: Restart Keystone APIs
|
||||
service:
|
||||
@ -43,7 +43,7 @@
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: keystone_wsgi_program_names
|
||||
when: not keystone_apache_mod_wsgi_enabled | bool
|
||||
when: not keystone_mod_wsgi_enabled | bool
|
||||
|
||||
- name: Restart Shibd
|
||||
service:
|
||||
|
@ -42,7 +42,18 @@
|
||||
delay: 2
|
||||
with_items: "{{ keystone_apache_distro_packages }}"
|
||||
when:
|
||||
- keystone_apache_mod_wsgi_enabled | bool
|
||||
- keystone_apache_enabled | bool
|
||||
|
||||
- name: Install mod_wsgi apt packages
|
||||
apt:
|
||||
pkg: "{{ item }}"
|
||||
state: "{{ keystone_package_state }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: "{{ keystone_mod_wsgi_distro_packages }}"
|
||||
when: keystone_mod_wsgi_enabled | bool
|
||||
|
||||
- name: Install Nginx apt packages
|
||||
apt:
|
||||
@ -54,7 +65,7 @@
|
||||
delay: 2
|
||||
with_items: "{{ keystone_nginx_distro_packages }}"
|
||||
when:
|
||||
- not keystone_apache_mod_wsgi_enabled | bool
|
||||
- not keystone_apache_enabled | bool
|
||||
|
||||
- name: Install IdP apt packages
|
||||
apt:
|
||||
@ -66,7 +77,7 @@
|
||||
delay: 2
|
||||
with_items: "{{ keystone_idp_distro_packages }}"
|
||||
when:
|
||||
- keystone_apache_mod_wsgi_enabled | bool
|
||||
- keystone_apache_enabled | bool
|
||||
- keystone_idp != {}
|
||||
|
||||
- name: Install SP apt packages
|
||||
@ -79,7 +90,7 @@
|
||||
delay: 2
|
||||
with_items: "{{ keystone_sp_distro_packages }}"
|
||||
when:
|
||||
- keystone_apache_mod_wsgi_enabled | bool
|
||||
- keystone_apache_enabled | bool
|
||||
- keystone_sp != {}
|
||||
|
||||
- name: Install developer mode apt packages
|
||||
|
@ -56,7 +56,19 @@
|
||||
delay: 2
|
||||
with_items: "{{ keystone_apache_distro_packages }}"
|
||||
when:
|
||||
- keystone_apache_mod_wsgi_enabled | bool
|
||||
- keystone_apache_enabled | bool
|
||||
|
||||
- name: Install mod_wsgi yum packages
|
||||
yum:
|
||||
pkg: "{{ item }}"
|
||||
state: "{{ keystone_package_state }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: "{{ keystone_mod_wsgi_distro_packages }}"
|
||||
when:
|
||||
- keystone_mod_wsgi_enabled | bool
|
||||
|
||||
- name: Install Nginx yum packages
|
||||
yum:
|
||||
@ -68,7 +80,7 @@
|
||||
delay: 2
|
||||
with_items: "{{ keystone_nginx_distro_packages }}"
|
||||
when:
|
||||
- not keystone_apache_mod_wsgi_enabled | bool
|
||||
- not keystone_apache_enabled | bool
|
||||
|
||||
- name: Install IdP yum packages
|
||||
yum:
|
||||
|
@ -19,7 +19,6 @@
|
||||
state: stopped
|
||||
pattern: "{{ keystone_system_service_name }}"
|
||||
failed_when: false
|
||||
when: not keystone_apache_mod_wsgi_enabled | bool
|
||||
|
||||
- name: Disable default configuration
|
||||
file:
|
||||
|
@ -21,6 +21,15 @@
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Fail if incompatible configuration detected
|
||||
fail:
|
||||
msg: "keystone_apache_enabled must be True when keystone_mod_wsgi_enabled."
|
||||
when:
|
||||
- not keystone_apache_enabled | bool
|
||||
- keystone_mod_wsgi_enabled | bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Gather variables for each operating system
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
@ -99,20 +108,19 @@
|
||||
tags:
|
||||
- keystone-install
|
||||
- keystone-config
|
||||
when: keystone_apache_mod_wsgi_enabled | bool
|
||||
when: keystone_apache_enabled | bool
|
||||
|
||||
- include: keystone_nginx.yml
|
||||
tags:
|
||||
- keystone-install
|
||||
- keystone-config
|
||||
when: not keystone_apache_mod_wsgi_enabled | bool
|
||||
when: not keystone_apache_enabled | bool
|
||||
|
||||
- include: keystone_uwsgi.yml
|
||||
tags:
|
||||
- keystone-install
|
||||
- keystone-config
|
||||
when:
|
||||
- not keystone_apache_mod_wsgi_enabled | bool
|
||||
when: not keystone_apache_enabled | bool
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
29
tox.ini
29
tox.ini
@ -144,17 +144,23 @@ commands =
|
||||
ansible-lint {toxinidir}
|
||||
|
||||
|
||||
[testenv:func_base]
|
||||
# NOTE(odyssey4me): this target does not use constraints because
|
||||
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
|
||||
# drop the install_command.
|
||||
install_command =
|
||||
pip install -U --force-reinstall {opts} {packages}
|
||||
|
||||
|
||||
[testenv:functional]
|
||||
# Ignore_errors is set to true so that the logs are collected at the
|
||||
# end of the run. This will not produce a failse positive. Any
|
||||
# exception will be mark the run as "failed" and exit 1 after all of
|
||||
# the commands have been iterated through.
|
||||
ignore_errors = True
|
||||
# NOTE(odyssey4me): this target does not use constraints because
|
||||
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
|
||||
# drop the install_command.
|
||||
# NOTE(andymccr): this target will test keystone with apache & mod_wsgi
|
||||
install_command =
|
||||
pip install -U --force-reinstall {opts} {packages}
|
||||
{[testenv:func_base]install_command}
|
||||
deps =
|
||||
{[testenv:ansible]deps}
|
||||
setenv =
|
||||
@ -168,10 +174,16 @@ commands =
|
||||
bash -c 'mkdir -p {toxinidir}/logs'
|
||||
bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
|
||||
|
||||
|
||||
[testenv:func_uwsgi_nginx]
|
||||
# Ignore_errors is set to true so that the logs are collected at the
|
||||
# end of the run. This will not produce a failse positive. Any
|
||||
# exception will be mark the run as "failed" and exit 1 after all of
|
||||
# the commands have been iterated through.
|
||||
ignore_errors = True
|
||||
# NOTE(andymccr): this will test keystone with uwsgi & nginx
|
||||
[testenv:func_uwsgi-nginx]
|
||||
install_command =
|
||||
pip install -U --force-reinstall {opts} {packages}
|
||||
{[testenv:func_base]install_command}
|
||||
deps =
|
||||
{[testenv:ansible]deps}
|
||||
setenv =
|
||||
@ -181,8 +193,11 @@ commands =
|
||||
ansible-playbook -i {toxinidir}/tests/inventory \
|
||||
-e "rolename={toxinidir}" \
|
||||
-e "install_test_packages=True" \
|
||||
-e "keystone_apache_mod_wsgi_enabled=False" \
|
||||
-e "keystone_apache_enabled=False" \
|
||||
-e "keystone_mod_wsgi_enabled=False" \
|
||||
{toxinidir}/tests/test.yml -vvvv
|
||||
bash -c 'mkdir -p {toxinidir}/logs'
|
||||
bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
|
||||
|
||||
|
||||
[testenv:linters]
|
||||
|
@ -30,8 +30,6 @@ keystone_distro_packages:
|
||||
- libgsasl-devel
|
||||
- libxml2-devel
|
||||
- libxslt-devel
|
||||
- mod_ssl
|
||||
- mod_wsgi
|
||||
- openldap
|
||||
- openldap-devel
|
||||
- openssl
|
||||
@ -41,6 +39,10 @@ keystone_distro_packages:
|
||||
keystone_apache_distro_packages:
|
||||
- httpd
|
||||
- httpd-tools
|
||||
- mod_ssl
|
||||
|
||||
keystone_mod_wsgi_distro_packages:
|
||||
- mod_wsgi
|
||||
|
||||
keystone_nginx_distro_packages:
|
||||
- nginx
|
||||
|
@ -32,6 +32,8 @@ keystone_distro_packages:
|
||||
keystone_apache_distro_packages:
|
||||
- apache2
|
||||
- apache2-utils
|
||||
|
||||
keystone_mod_wsgi_distro_packages:
|
||||
- libapache2-mod-wsgi
|
||||
|
||||
keystone_nginx_distro_packages:
|
||||
|
@ -32,6 +32,8 @@ keystone_distro_packages:
|
||||
keystone_apache_distro_packages:
|
||||
- apache2
|
||||
- apache2-utils
|
||||
|
||||
keystone_mod_wsgi_distro_packages:
|
||||
- libapache2-mod-wsgi
|
||||
|
||||
keystone_nginx_distro_packages:
|
||||
|
Loading…
Reference in New Issue
Block a user