Keystone support deploy in uwsgi
Keystone is going to remove support for eventlet. Rather than only have one way to run keystone (in Apache Httpd with mod_wsgi), we should continue to gate on multiple wsgi containers to ensure that keystone remains container-agnostic. The suggested alternative container is uwsgi. To run keystone in uwsgi rather than httpd or eventlet, set the following env var in local.conf: KEYSTONE_DEPLOY=uwsgi There's a lot of options to uwsgi. Here's some protips: http://uwsgi-docs.readthedocs.org/en/latest/ThingsToKnow.html Change-Id: If3b49879ce5181c16f0f0ab0db12fa55fe810a41
This commit is contained in:
parent
a03053660a
commit
edc11c2f83
@ -1428,14 +1428,17 @@ function run_process {
|
|||||||
local service=$1
|
local service=$1
|
||||||
local command="$2"
|
local command="$2"
|
||||||
local group=$3
|
local group=$3
|
||||||
|
local subservice=$4
|
||||||
|
|
||||||
|
local name=${subservice:-$service}
|
||||||
|
|
||||||
time_start "run_process"
|
time_start "run_process"
|
||||||
if is_service_enabled $service; then
|
if is_service_enabled $service; then
|
||||||
if [[ "$USE_SCREEN" = "True" ]]; then
|
if [[ "$USE_SCREEN" = "True" ]]; then
|
||||||
screen_process "$service" "$command" "$group"
|
screen_process "$name" "$command" "$group"
|
||||||
else
|
else
|
||||||
# Spawn directly without screen
|
# Spawn directly without screen
|
||||||
_run_process "$service" "$command" "$group" &
|
_run_process "$name" "$command" "$group" &
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
time_stop "run_process"
|
time_stop "run_process"
|
||||||
|
72
lib/keystone
72
lib/keystone
@ -62,6 +62,7 @@ KEYSTONE_USE_MOD_WSGI=${KEYSTONE_USE_MOD_WSGI:-${ENABLE_HTTPD_MOD_WSGI_SERVICES}
|
|||||||
# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values:
|
# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values:
|
||||||
# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi
|
# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi
|
||||||
# - eventlet : Run keystone-all
|
# - eventlet : Run keystone-all
|
||||||
|
# - uwsgi : Run keystone under uwsgi
|
||||||
if [ -z "$KEYSTONE_DEPLOY" ]; then
|
if [ -z "$KEYSTONE_DEPLOY" ]; then
|
||||||
if [ -z "$KEYSTONE_USE_MOD_WSGI" ]; then
|
if [ -z "$KEYSTONE_USE_MOD_WSGI" ]; then
|
||||||
KEYSTONE_DEPLOY=mod_wsgi
|
KEYSTONE_DEPLOY=mod_wsgi
|
||||||
@ -244,16 +245,15 @@ function configure_keystone {
|
|||||||
# Register SSL certificates if provided
|
# Register SSL certificates if provided
|
||||||
if is_ssl_enabled_service key; then
|
if is_ssl_enabled_service key; then
|
||||||
ensure_certificates KEYSTONE
|
ensure_certificates KEYSTONE
|
||||||
|
|
||||||
iniset $KEYSTONE_CONF eventlet_server_ssl enable True
|
|
||||||
iniset $KEYSTONE_CONF eventlet_server_ssl certfile $KEYSTONE_SSL_CERT
|
|
||||||
iniset $KEYSTONE_CONF eventlet_server_ssl keyfile $KEYSTONE_SSL_KEY
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
local service_port=$KEYSTONE_SERVICE_PORT
|
||||||
|
local auth_port=$KEYSTONE_AUTH_PORT
|
||||||
|
|
||||||
if is_service_enabled tls-proxy; then
|
if is_service_enabled tls-proxy; then
|
||||||
# Set the service ports for a proxy to take the originals
|
# Set the service ports for a proxy to take the originals
|
||||||
iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT
|
service_port=$KEYSTONE_SERVICE_PORT_INT
|
||||||
iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT
|
auth_port=$KEYSTONE_AUTH_PORT_INT
|
||||||
|
|
||||||
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
|
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
|
||||||
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
|
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
|
||||||
@ -273,7 +273,7 @@ function configure_keystone {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Format logging
|
# Format logging
|
||||||
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$KEYSTONE_DEPLOY" == "eventlet" ] ; then
|
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$KEYSTONE_DEPLOY" != "mod_wsgi" ] ; then
|
||||||
setup_colorized_logging $KEYSTONE_CONF DEFAULT
|
setup_colorized_logging $KEYSTONE_CONF DEFAULT
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -285,7 +285,58 @@ function configure_keystone {
|
|||||||
iniset $KEYSTONE_CONF DEFAULT logging_debug_format_suffix "%(asctime)s.%(msecs)03d %(funcName)s %(pathname)s:%(lineno)d"
|
iniset $KEYSTONE_CONF DEFAULT logging_debug_format_suffix "%(asctime)s.%(msecs)03d %(funcName)s %(pathname)s:%(lineno)d"
|
||||||
iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s"
|
iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s"
|
||||||
_config_keystone_apache_wsgi
|
_config_keystone_apache_wsgi
|
||||||
else
|
elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
|
||||||
|
# iniset creates these files when it's called if they don't exist.
|
||||||
|
KEYSTONE_PUBLIC_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
|
||||||
|
KEYSTONE_ADMIN_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
|
||||||
|
|
||||||
|
rm -f "$KEYSTONE_PUBLIC_UWSGI_FILE"
|
||||||
|
rm -f "$KEYSTONE_ADMIN_UWSGI_FILE"
|
||||||
|
|
||||||
|
if is_ssl_enabled_service key; then
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi https $KEYSTONE_SERVICE_HOST:$service_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi https $KEYSTONE_ADMIN_BIND_HOST:$auth_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
|
||||||
|
else
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi http $KEYSTONE_SERVICE_HOST:$service_port
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi http $KEYSTONE_ADMIN_BIND_HOST:$auth_port
|
||||||
|
fi
|
||||||
|
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
|
||||||
|
# This is running standalone
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi master true
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi threads $(nproc)
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi enable-threads true
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi plugins python
|
||||||
|
# uwsgi recommends this to prevent thundering herd on accept.
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi thunder-lock true
|
||||||
|
# Override the default size for headers from the 4k default.
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi buffer-size 65535
|
||||||
|
# Make sure the client doesn't try to re-use the connection.
|
||||||
|
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi add-header "Connection: close"
|
||||||
|
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
|
||||||
|
# This is running standalone
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi master true
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi threads $API_WORKERS
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi enable-threads true
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi plugins python
|
||||||
|
# uwsgi recommends this to prevent thundering herd on accept.
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi thunder-lock true
|
||||||
|
# Override the default size for headers from the 4k default.
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi buffer-size 65535
|
||||||
|
# Make sure the client doesn't try to re-use the connection.
|
||||||
|
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi add-header "Connection: close"
|
||||||
|
|
||||||
|
else # eventlet
|
||||||
|
if is_ssl_enabled_service key; then
|
||||||
|
iniset $KEYSTONE_CONF eventlet_server_ssl enable True
|
||||||
|
iniset $KEYSTONE_CONF eventlet_server_ssl certfile $KEYSTONE_SSL_CERT
|
||||||
|
iniset $KEYSTONE_CONF eventlet_server_ssl keyfile $KEYSTONE_SSL_KEY
|
||||||
|
fi
|
||||||
|
|
||||||
|
iniset $KEYSTONE_CONF eventlet_server public_port $service_port
|
||||||
|
iniset $KEYSTONE_CONF eventlet_server admin_port $auth_port
|
||||||
|
|
||||||
iniset $KEYSTONE_CONF eventlet_server admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
|
iniset $KEYSTONE_CONF eventlet_server admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
|
||||||
iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
|
iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
|
||||||
# Public workers will use the server default, typically number of CPU.
|
# Public workers will use the server default, typically number of CPU.
|
||||||
@ -530,7 +581,10 @@ function start_keystone {
|
|||||||
restart_apache_server
|
restart_apache_server
|
||||||
tail_log key /var/log/$APACHE_NAME/keystone.log
|
tail_log key /var/log/$APACHE_NAME/keystone.log
|
||||||
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
|
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
|
||||||
else
|
elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
|
||||||
|
run_process key "uwsgi $KEYSTONE_PUBLIC_UWSGI_FILE" "" "key-p"
|
||||||
|
run_process key "uwsgi $KEYSTONE_ADMIN_UWSGI_FILE" "" "key-a"
|
||||||
|
else # eventlet
|
||||||
# Start Keystone in a screen window
|
# Start Keystone in a screen window
|
||||||
run_process key "$KEYSTONE_BIN_DIR/keystone-all --config-file $KEYSTONE_CONF"
|
run_process key "$KEYSTONE_BIN_DIR/keystone-all --config-file $KEYSTONE_CONF"
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user