[install-guide] Add WSGI keystone config for SUSE

Replace default eventlet front-end with Apache front-end to provide
a more production-style deployment.

Partially implements bp installguide-kilo.

Change-Id: Id54121f89d3d522b2feafbd79c1bb31a3a84ee7b

doc/install-guide/section_keystone-install.xml

@@ -72,7 +72,7 @@
       <para>Run the following command to install the packages:</para>
       <screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache</userinput></screen>
       <screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached</userinput></screen>
-      <screen os="sles;opensuse"><prompt>#</prompt> <userinput>zypper install openstack-keystone python-openstackclient memcached python-python-memcached</userinput></screen>
+      <screen os="sles;opensuse"><prompt>#</prompt> <userinput>zypper install openstack-keystone python-openstackclient apache2-mod_wsgi memcached python-python-memcached</userinput></screen>
     </step>
     <step os="rhel;fedora;centos;sles;opensuse">
       <para>Start the Memcached service and configure it to start when the
@@ -269,19 +269,27 @@ admin_token = <replaceable>ADMIN_TOKEN</replaceable></programlisting>
       </informalfigure>
     </step>
   </procedure>
-  <procedure os="ubuntu;rhel;centos;fedora">
+  <procedure os="ubuntu;rhel;centos;fedora;opensuse;sles">
     <title>To configure the Apache HTTP server</title>
-    <step>
+    <step os="ubuntu;rhel;centos;fedora">
       <para>Edit the <filename os="ubuntu">/etc/apache2/apache2.conf</filename>
         <filename os="rhel;centos;fedora">/etc/httpd/conf/httpd.conf</filename>
         file and configure the <literal>ServerName</literal> option to
         reference the controller node:</para>
       <programlisting>ServerName <replaceable>controller</replaceable></programlisting>
     </step>
+    <step os="opensuse;sles">
+      <para>Edit the <filename>/etc/sysconf/apache2</filename>
+        file and
+        configure the <literal>APACHE_SERVERNAME</literal> option to reference the
+        controller node:</para>
+      <programlisting>APACHE_SERVERNAME="<replaceable>controller</replaceable>"</programlisting>
+    </step>
     <step>
       <para>Create the
         <filename os="ubuntu">/etc/apache2/sites-available/wsgi-keystone.conf</filename>
         <filename os="rhel;centos;fedora">/etc/httpd/conf.d/wsgi-keystone.conf</filename>
+        <filename os="opensuse;sles">/etc/apache2/conf.d/wsgi-keystone.conf</filename>
         file with the following content:</para>
       <programlisting os="ubuntu">Listen 5000
 Listen 35357
@@ -338,6 +346,32 @@ Listen 35357
     ErrorLogFormat "%{cu}t %M"
     ErrorLog /var/log/httpd/keystone-error.log
     CustomLog /var/log/httpd/keystone-access.log combined
+&lt;/VirtualHost&gt;</programlisting>
+      <programlisting os="opensuse;sles">Listen 5000
+Listen 35357
+
+&lt;VirtualHost *:5000&gt;
+    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
+    WSGIProcessGroup keystone-public
+    WSGIScriptAlias / /srv/www/cgi-bin/keystone/main
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    ErrorLogFormat "%{cu}t %M"
+    LogLevel info
+    ErrorLog /var/log/apache2/keystone-error.log
+    CustomLog /var/log/apache2/keystone-access.log combined
+&lt;/VirtualHost&gt;
+
+&lt;VirtualHost *:35357&gt;
+    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
+    WSGIProcessGroup keystone-admin
+    WSGIScriptAlias / /srv/www/cgi-bin/keystone/admin
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    ErrorLogFormat "%{cu}t %M"
+    LogLevel info
+    ErrorLog /var/log/apache2/keystone-error.log
+    CustomLog /var/log/apache2/keystone-access.log combined
 &lt;/VirtualHost&gt;</programlisting>
     </step>
     <step os="ubuntu">
@@ -346,20 +380,33 @@ Listen 35357
     </step>
     <step>
       <para>Create the directory structure for the WSGI components:</para>
-      <screen><prompt>#</prompt> <userinput>mkdir -p /var/www/cgi-bin/keystone</userinput></screen>
+      <screen os="ubuntu;fedora;centos;rhel"><prompt>#</prompt> <userinput>mkdir -p /var/www/cgi-bin/keystone</userinput></screen>
+      <screen os="opensuse;sles"><prompt>#</prompt> <userinput>mkdir -p /srv/www/cgi-bin/keystone</userinput></screen>
     </step>
     <step>
       <para>Copy the WSGI components from the upstream repository into this
         directory:</para>
-      <screen><prompt>#</prompt> <userinput>curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo \
+      <screen os="ubuntu;fedora;centos;rhel"><prompt>#</prompt> <userinput>curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo \
   | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin</userinput></screen>
+      <screen os="opensuse;sles"><prompt>#</prompt> <userinput>curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo \
+  | tee /srv/www/cgi-bin/keystone/main /srv/www/cgi-bin/keystone/admin</userinput></screen>
     </step>
     <step>
       <para>Adjust ownership and permissions on this directory and the files
         in it:</para>
-      <screen><prompt>#</prompt> <userinput>chown -R keystone:keystone /var/www/cgi-bin/keystone</userinput>
+      <screen os="ubuntu;fedora;centos;rhel"><prompt>#</prompt> <userinput>chown -R keystone:keystone /var/www/cgi-bin/keystone</userinput>
 <prompt>#</prompt> <userinput>chmod 755 /var/www/cgi-bin/keystone/*</userinput></screen>
       <screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>restorecon /var/www/cgi-bin</userinput></screen>
+      <screen os="opensuse;sles"><prompt>#</prompt> <userinput>chown -R keystone:keystone /srv/www/cgi-bin/keystone</userinput>
+<prompt>#</prompt> <userinput>chmod 755 /srv/www/cgi-bin/keystone/*</userinput></screen>
+    </step>
+    <step os="opensuse;sles">
+      <para>
+        Change the ownership of
+        <filename>/etc/keystone/keystone.conf</filename> to give the
+        <literal>keystone</literal> system access to it:
+      </para>
+      <screen><prompt>#</prompt> <userinput>chown keystone /etc/keystone/keystone.conf</userinput></screen>
     </step>
     <step os="rhel;fedora;centos">
       <para>Add the <literal>apache</literal> system user to the
@@ -370,17 +417,13 @@ Listen 35357
   </procedure>
   <procedure>
     <title>To finalize installation</title>
-    <step os="ubuntu;rhel;fedora;centos">
+    <step os="ubuntu;rhel;fedora;centos;opensuse;sles">
       <para>Restart the Apache HTTP server:</para>
       <screen os="ubuntu"><prompt>#</prompt> <userinput>service apache2 restart</userinput></screen>
       <screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>systemctl enable httpd.service</userinput>
 <prompt>#</prompt> <userinput>systemctl start httpd.service</userinput></screen>
-    </step>
+      <screen os="opensuse;sles"><prompt>#</prompt> <userinput>systemctl enable apache2.service</userinput>
-    <step os="opensuse;sles">
+<prompt>#</prompt> <userinput>systemctl start apache2.service</userinput></screen>
-      <para>Start the Identity service and configure it to start when the
-        system boots:</para>
-      <screen><prompt>#</prompt> <userinput>systemctl enable openstack-keystone.service</userinput>
-<prompt>#</prompt> <userinput>systemctl start openstack-keystone.service</userinput></screen>
     </step>
     <step os="ubuntu">
       <para>By default, the Ubuntu packages create a SQLite database.</para>