Allow keystone to run from apache

Provide a template for running keystone as a mod_wsgi process and enable
it from configuration.

Based on: https://review.openstack.org/#/c/36474/
Also-by: zhang-hare <zhuadl@cn.ibm.com>
Implements: blueprint devstack-setup-apache-keystone

Change-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b
This commit is contained in:
Jamie Lennox 2013-09-17 12:47:03 +10:00 committed by Gerrit Code Review
parent 5470701e10
commit a00e5f8810
2 changed files with 67 additions and 2 deletions

View File

@ -0,0 +1,22 @@
Listen %PUBLICPORT%
Listen %ADMINPORT%
<VirtualHost *:%PUBLICPORT%>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER%
WSGIProcessGroup keystone-public
WSGIScriptAlias / %PUBLICWSGI%
WSGIApplicationGroup %{GLOBAL}
ErrorLog /var/log/%APACHE_NAME%/keystone
LogLevel debug
CustomLog /var/log/%APACHE_NAME%/access.log combined
</VirtualHost>
<VirtualHost *:%ADMINPORT%>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER%
WSGIProcessGroup keystone-admin
WSGIScriptAlias / %ADMINWSGI%
WSGIApplicationGroup %{GLOBAL}
ErrorLog /var/log/%APACHE_NAME%/keystone
LogLevel debug
CustomLog /var/log/%APACHE_NAME%/access.log combined
</VirtualHost>

View File

@ -14,11 +14,13 @@
# #
# install_keystone # install_keystone
# configure_keystone # configure_keystone
# _config_keystone_apache_wsgi
# init_keystone # init_keystone
# start_keystone # start_keystone
# create_keystone_accounts # create_keystone_accounts
# stop_keystone # stop_keystone
# cleanup_keystone # cleanup_keystone
# _cleanup_keystone_apache_wsgi
# Save trace setting # Save trace setting
XTRACE=$(set +o | grep xtrace) XTRACE=$(set +o | grep xtrace)
@ -34,6 +36,7 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone} KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}
KEYSTONECLIENT_DIR=$DEST/python-keystoneclient KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
@ -86,6 +89,33 @@ function cleanup_keystone() {
: :
} }
# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
function _cleanup_keystone_apache_wsgi() {
sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
disable_apache_site keystone
sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
}
# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
function _config_keystone_apache_wsgi() {
sudo mkdir -p $KEYSTONE_WSGI_DIR
# copy proxy vhost and wsgi file
sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
sudo sed -e "
s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g;
s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
s|%USER%|$STACK_USER|g
" -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
enable_apache_site keystone
}
# configure_keystone() - Set config files, create data dirs, etc # configure_keystone() - Set config files, create data dirs, etc
function configure_keystone() { function configure_keystone() {
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
@ -204,6 +234,10 @@ function configure_keystone() {
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG" iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production" iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
if is_apache_enabled_service key; then
_config_keystone_apache_wsgi
fi
} }
# create_keystone_accounts() - Sets up common required keystone accounts # create_keystone_accounts() - Sets up common required keystone accounts
@ -316,6 +350,9 @@ function install_keystone() {
fi fi
git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
setup_develop $KEYSTONE_DIR setup_develop $KEYSTONE_DIR
if is_apache_enabled_service key; then
install_apache_wsgi
fi
} }
# start_keystone() - Start running processes, including screen # start_keystone() - Start running processes, including screen
@ -326,8 +363,14 @@ function start_keystone() {
service_port=$KEYSTONE_SERVICE_PORT_INT service_port=$KEYSTONE_SERVICE_PORT_INT
fi fi
if is_apache_enabled_service key; then
restart_apache_server
screen_it key "cd $KEYSTONE_DIR && sudo tail -f /var/log/$APACHE_NAME/keystone"
else
# Start Keystone in a screen window # Start Keystone in a screen window
screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
fi
echo "Waiting for keystone to start..." echo "Waiting for keystone to start..."
if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
die $LINENO "keystone did not start" die $LINENO "keystone did not start"