From f47d6501f62661a35d554e73f1ce931603a15d2f Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Thu, 17 Jul 2014 16:23:35 -0600 Subject: [PATCH] support other components using apache mod_wsgi Keystone is moving to use apache mod_wsgi instead of standalone eventlet daemon. Packstack should support deployment of keystone using this model. A new command line switch --keystone-service-name is added, and a new config parameter CONFIG_KEYSTONE_SERVICE_NAME is added. If this is set to 'httpd', keystone will be set up to use apache mod_wsgi, otherwise, it will be a standalone eventlet service. There is some common apache configuration that must be done by every module that uses apache. There is a new class in packstack called packstack::apache_common. Each component that uses apache must call "include packstack::apache_common". This ensures that a subsequent component manifest will not wipe out apache configuration created by a previous component manifest or the initial apache configuration created by prescript.pp. Change-Id: I73b853507dffb2540638182f3072e65e4d7ad485 Closes-Bug: #1348732 --- packstack/plugins/keystone_100.py | 13 ++++++++++ .../packstack/manifests/apache_common.pp | 26 +++++++++++++++++++ packstack/puppet/templates/horizon.pp | 2 +- packstack/puppet/templates/keystone.pp | 10 +++++++ packstack/puppet/templates/nagios_server.pp | 13 +++------- packstack/puppet/templates/prescript.pp | 5 ++++ 6 files changed, 58 insertions(+), 11 deletions(-) create mode 100644 packstack/puppet/modules/packstack/manifests/apache_common.pp diff --git a/packstack/plugins/keystone_100.py b/packstack/plugins/keystone_100.py index c939f584d..904a57d75 100644 --- a/packstack/plugins/keystone_100.py +++ b/packstack/plugins/keystone_100.py @@ -104,6 +104,19 @@ def initConfig(controller): "USE_DEFAULT": True, "NEED_CONFIRM": False, "CONDITION": False}, + + {"CMD_OPTION": "keystone-service-name", + "USAGE": "Name of service to use to run keystone (keystone or httpd)", + "PROMPT": "Enter the Keystone service name.", + "OPTION_LIST": ['keystone', 'httpd'], + "VALIDATORS": [validators.validate_options], + "DEFAULT_VALUE": "keystone", + "MASK_INPUT": False, + "LOOSE_VALIDATION": False, + "CONF_NAME": 'CONFIG_KEYSTONE_SERVICE_NAME', + "USE_DEFAULT": True, + "NEED_CONFIRM": False, + "CONDITION": False}, ] group = {"GROUP_NAME": "KEYSTONE", "DESCRIPTION": "Keystone Config parameters", diff --git a/packstack/puppet/modules/packstack/manifests/apache_common.pp b/packstack/puppet/modules/packstack/manifests/apache_common.pp new file mode 100644 index 000000000..dd1007c01 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/apache_common.pp @@ -0,0 +1,26 @@ +# Code common to all classes that use Apache +# +# This allows multiple modules to safely use ::apache without +# overwriting existing config or the ports file. +# +# Any module that uses apache must include this class +# include packstack_apache_common +class packstack::apache_common { + include ::apache::params + # make sure the include ::apache in the module + # does not overwrite the contents of the config dirs + # from a previous module + if $::apache::params::confd_dir { + File<| title == $::apache::params::confd_dir |> { + purge => false, + } + } + # make sure the ports.conf concat fragments from previous + # runs are not overwritten by subsequent runs + include ::concat::setup + $my_safe_name = regsubst($::apache::params::ports_file, '[/:]', '_', 'G') + $my_fragdir = "${concat::setup::concatdir}/${my_safe_name}" + File<| title == "${my_fragdir}/fragments" |> { + purge => false, + } +} diff --git a/packstack/puppet/templates/horizon.pp b/packstack/puppet/templates/horizon.pp index 867874fcd..270039284 100644 --- a/packstack/puppet/templates/horizon.pp +++ b/packstack/puppet/templates/horizon.pp @@ -1,4 +1,4 @@ -include concat::setup +include packstack::apache_common $horizon_packages = ["python-memcached", "python-netaddr"] diff --git a/packstack/puppet/templates/keystone.pp b/packstack/puppet/templates/keystone.pp index fcec1f576..9d25f4254 100644 --- a/packstack/puppet/templates/keystone.pp +++ b/packstack/puppet/templates/keystone.pp @@ -1,3 +1,4 @@ +$keystone_use_ssl = false class {"keystone": admin_token => "%(CONFIG_KEYSTONE_ADMIN_TOKEN)s", @@ -6,6 +7,15 @@ class {"keystone": verbose => true, debug => %(CONFIG_DEBUG_MODE)s, mysql_module => '2.2', + service_name => '%(CONFIG_KEYSTONE_SERVICE_NAME)s', + enable_ssl => $keystone_use_ssl, +} + +if '%(CONFIG_KEYSTONE_SERVICE_NAME)s' == 'httpd' { + include packstack::apache_common + class {"keystone::wsgi::apache": + ssl => $keystone_use_ssl, + } } class {"keystone::roles::admin": diff --git a/packstack/puppet/templates/nagios_server.pp b/packstack/puppet/templates/nagios_server.pp index 54f732073..68ab5af8e 100644 --- a/packstack/puppet/templates/nagios_server.pp +++ b/packstack/puppet/templates/nagios_server.pp @@ -1,3 +1,5 @@ +include packstack::apache_common + package{['nagios', 'nagios-plugins-nrpe']: ensure => present, before => Class['nagios_configs'] @@ -63,11 +65,7 @@ class{'nagios_configs': notify => [Service['nagios'], Service['httpd']], } -include concat::setup - -class {'apache': - purge_configs => false, -} +include ::apache class {'apache::mod::php': } service{['nagios']: @@ -81,8 +79,3 @@ firewall { '001 nagios incoming': dport => ['80'], action => 'accept', } - -# ensure that we won't stop listening on 443 if horizon has ssl enabled -if %(CONFIG_HORIZON_SSL)s { - apache::listen { '443': } -} diff --git a/packstack/puppet/templates/prescript.pp b/packstack/puppet/templates/prescript.pp index b75874e50..f5e1858d2 100644 --- a/packstack/puppet/templates/prescript.pp +++ b/packstack/puppet/templates/prescript.pp @@ -1,4 +1,9 @@ include firewall +# This does the initial apache setup for all components that +# require apache/httpd. +# Other packstack components that use apache should do +# include packstack_apache_common +include ::apache $el_releases = ['RedHat', 'CentOS', 'Scientific']