openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
openstack-ansible-os_keystone/templates/keystone-httpd.conf.j2
Matt Thompson 672b69ea63 Disable WSGIScriptReloading 
This change simply disables mod_wsgi from automatically restarting apps
when the wsgi scripts are touched (or updated).  This seems like the
desired outcome since we do not want keystone to reload until we
explicitly trigger an Apache restart.

Change-Id: Ib714e8de4e42c5680b3133a9df7b9748dd6c6a88
2017-01-10 16:10:21 -05:00

122 lines
4.5 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
Listen {{ keystone_service_port }}
<VirtualHost *:{{ keystone_service_port }}>
{% if keystone_mod_wsgi_enabled | bool -%}
WSGIDaemonProcess keystone-service user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
WSGIProcessGroup keystone-service
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIScriptReloading Off
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel {{ keystone_apache_log_level }}
ErrorLog /var/log/keystone/keystone-apache-error.log
CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
Options +FollowSymLinks
{% if keystone_ssl | bool and keystone_service_internaluri_proto == "https" -%}
SSLEngine on
SSLCertificateFile {{ keystone_ssl_cert }}
SSLCertificateKeyFile {{ keystone_ssl_key }}
{% if keystone_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ keystone_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ keystone_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ keystone_ssl_cipher_suite }}
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
{% if keystone_sp != {} -%}
ShibURLScheme {{ keystone_service_publicuri_proto }}
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<Location /v3/auth/OS-FEDERATION/websso/saml2>
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequestSetting exportAssertion 1
ShibRequireSession On
ShibExportAssertion On
Require valid-user
</Location>
<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/saml2/auth>
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibExportAssertion Off
Require valid-user
</LocationMatch>
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/cgi-bin/keystone/main/$1
{% endif %}
<Directory /var/www/cgi-bin/keystone>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
{% else %}
ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}/
{% endif %}
</VirtualHost>
Listen {{ keystone_admin_port }}
<VirtualHost *:{{ keystone_admin_port }}>
{% if keystone_mod_wsgi_enabled | bool -%}
WSGIDaemonProcess keystone-admin user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIScriptReloading Off
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel {{ keystone_apache_log_level }}
ErrorLog /var/log/keystone/keystone-apache-error.log
CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
Options +FollowSymLinks
{% if keystone_ssl | bool and keystone_service_adminuri_proto == "https" -%}
SSLEngine on
SSLCertificateFile {{ keystone_ssl_cert }}
SSLCertificateKeyFile {{ keystone_ssl_key }}
{% if keystone_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ keystone_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ keystone_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ keystone_ssl_cipher_suite }}
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
<Directory /var/www/cgi-bin/keystone>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
{% else -%}
ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-admin']["socket"] }}/
{% endif %}
</VirtualHost>
{% if not keystone_mod_wsgi_enabled | bool -%}
ProxyPass /identity uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}/
ProxyPass /identity_admin uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['socket'] }}/
{% endif %}
View Git Blame Copy Permalink