Improve Keystone Apache configuration
This patch does the following: 1. Introduces two new Keystone variables which are useful for debugging the Keystone service. The values are defaulted to the same values as before the patch. - keystone_wsgi_processes: number of wsgi processes to run - keystone_wsgi_threads: number of wsgi threads to run 4. Moves the keystone service and admin processes into their own wsgi groups for better isolation. 5. Sets each wsgi process to run under the keystone group. 6. Bring the configuration file in line with the upstream recommended configuration as at 4 Aug 2015 in order to overcome import race conditions. Change-Id: I861d1ef233dd6121452dc0e9e590d2d9f9b7973e Closes-Bug: #1481339
This commit is contained in:
parent
27831a026f
commit
98c9768497
@ -124,6 +124,8 @@ keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"
|
||||
|
||||
## Apache setup
|
||||
keystone_apache_log_level: info
|
||||
keystone_wsgi_threads: "{{ ansible_processor_vcpus | default(2) // 2 }}"
|
||||
keystone_wsgi_processes: "{{ ansible_processor_vcpus | default(1) }}"
|
||||
|
||||
keystone_ssl_enabled: false
|
||||
keystone_ssl_cert_path: /etc/ssl/certs
|
||||
|
@ -1,10 +1,16 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
{% set threads = ansible_processor_vcpus|default(2) // 2 %}
|
||||
|
||||
WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup processes={{ ansible_processor_cores|default(1) }} threads={{ threads if threads > 0 else 1 }}
|
||||
|
||||
<VirtualHost *:{{ keystone_service_port }}>
|
||||
WSGIDaemonProcess keystone-service user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-service
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
WSGIPassAuthorization On
|
||||
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
|
||||
LogLevel {{ keystone_apache_log_level }}
|
||||
ErrorLog /var/log/keystone/keystone-apache-error.log
|
||||
CustomLog /var/log/keystone/ssl_access.log combined
|
||||
@ -50,12 +56,19 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
|
||||
|
||||
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/cgi-bin/keystone/main/$1
|
||||
{%- endif %}
|
||||
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
|
||||
WSGIProcessGroup keystone
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:{{ keystone_admin_port }}>
|
||||
WSGIDaemonProcess keystone-admin user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-admin
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
WSGIPassAuthorization On
|
||||
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
|
||||
LogLevel {{ keystone_apache_log_level }}
|
||||
ErrorLog /var/log/keystone/keystone-apache-error.log
|
||||
CustomLog /var/log/keystone/ssl_access.log combined
|
||||
@ -75,7 +88,4 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
|
||||
SSLCipherSuite {{ keystone_ssl_cipher_suite }}
|
||||
SSLOptions +StdEnvVars +ExportCertData
|
||||
{% endif %}
|
||||
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
|
||||
WSGIProcessGroup keystone
|
||||
</VirtualHost>
|
||||
|
Loading…
Reference in New Issue
Block a user