From fd2f14cbaeb680897b9c66bff2b3d1493b359f7a Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Tue, 1 Apr 2025 16:29:57 +1300
Subject: [PATCH] ironic: Add support for using uWSGI

Change-Id: I2b72712479a05a73b82d8e30235333db2c92ebfd
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
---
 ansible/roles/ironic/defaults/main.yml        |  6 +++++
 ansible/roles/ironic/tasks/config.yml         | 22 ++++++++++++++++++-
 .../roles/ironic/templates/ironic-api.json.j2 | 13 ++++++++---
 ansible/roles/ironic/templates/ironic.conf.j2 |  2 +-
 .../uwsgi-flamingo-5144740f1a2bb4fb.yaml      |  2 ++
 5 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml
index 9c27c45f3e..2c30e954e2 100644
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@@ -8,6 +8,7 @@ ironic_services:
     volumes: "{{ ironic_api_default_volumes + ironic_api_extra_volumes }}"
     dimensions: "{{ ironic_api_dimensions }}"
     healthcheck: "{{ ironic_api_healthcheck }}"
+    wsgi: "ironic.wsgi:application"
     haproxy:
       ironic_api:
         enabled: "{{ enable_ironic }}"
@@ -411,3 +412,8 @@ ironic_database_enable_tls_internal: "{{ database_enable_tls_internal | bool }}"
 # Copy certificates
 ###################
 ironic_copy_certs: "{{ kolla_copy_ca_into_containers | bool or ironic_enable_tls_backend | bool or ironic_database_enable_tls_internal | bool }}"
+
+############
+# WSGI
+############
+ironic_wsgi_provider: "uwsgi"
diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml
index 1a32811b22..bcd08a510f 100644
--- a/ansible/roles/ironic/tasks/config.yml
+++ b/ansible/roles/ironic/tasks/config.yml
@@ -262,4 +262,24 @@
     dest: "{{ node_config_directory }}/ironic-api/ironic-api-wsgi.conf"
     mode: "0660"
   become: true
-  when: service | service_enabled_and_mapped_to_host
+  when:
+    - service | service_enabled_and_mapped_to_host
+    - ironic_wsgi_provider == "apache"
+
+- name: "Configure uWSGI for ironic-api"
+  include_role:
+    name: service-uwsgi-config
+  vars:
+    project_services: "{{ ironic_services }}"
+    service: "{{ ironic_services['ironic-api'] }}"
+    service_name: "ironic-api"
+    service_uwsgi_config_http_port: "{{ ironic_api_listen_port }}"
+    service_uwsgi_config_log_file_chmod: "644"
+    service_uwsgi_config_module: "{{ service.wsgi }}"
+    service_uwsgi_config_tls_backend: "{{ ironic_enable_tls_backend | bool }}"
+    service_uwsgi_config_tls_cert: "/etc/ironic/certs/ironic-cert.pem"
+    service_uwsgi_config_tls_key: "/etc/ironic/certs/ironic-key.pem"
+    service_uwsgi_config_uid: "ironic"
+  when:
+    - service | service_enabled_and_mapped_to_host
+    - ironic_wsgi_provider == "uwsgi"
diff --git a/ansible/roles/ironic/templates/ironic-api.json.j2 b/ansible/roles/ironic/templates/ironic-api.json.j2
index d7be3589b3..7765e421f5 100644
--- a/ansible/roles/ironic/templates/ironic-api.json.j2
+++ b/ansible/roles/ironic/templates/ironic-api.json.j2
@@ -1,20 +1,27 @@
 {% set apache_binary = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
 {% set apache_conf_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
+{% set command = ('/usr/sbin/' + apache_binary + ' -DFOREGROUND') if ironic_wsgi_provider == 'apache' else 'uwsgi /etc/ironic/ironic-api-uwsgi.ini' %}
 {
-    "command": "/usr/sbin/{{ apache_binary }} -DFOREGROUND",
+    "command": "{{ command }}",
     "config_files": [
         {
             "source": "{{ container_config_directory }}/ironic.conf",
             "dest": "/etc/ironic/ironic.conf",
             "owner": "ironic",
             "perm": "0600"
-        },
+        }{% if ironic_wsgi_provider == "apache" %},
         {
             "source": "{{ container_config_directory }}/ironic-api-wsgi.conf",
             "dest": "/etc/{{ apache_conf_dir }}/ironic-api-wsgi.conf",
             "owner": "ironic",
             "perm": "0600"
-        }{% if ironic_policy_file is defined %},
+        }{% elif ironic_wsgi_provider == "uwsgi" %},
+        {
+            "source": "{{ container_config_directory }}/ironic-api-uwsgi.ini",
+            "dest": "/etc/ironic/ironic-api-uwsgi.ini",
+            "owner": "ironic",
+            "perm": "0600"
+        }{% endif %}{% if ironic_policy_file is defined %},
         {
             "source": "{{ container_config_directory }}/{{ ironic_policy_file }}",
             "dest": "/etc/ironic/{{ ironic_policy_file }}",
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index ac2386e8f5..d849ede8b7 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -4,7 +4,7 @@ auth_strategy = noauth
 {% endif %}
 debug = {{ ironic_logging_debug }}
 
-log_dir = /var/log/kolla/ironic
+log_file = /var/log/kolla/ironic/{{ service_name }}
 
 transport_url = {{ rpc_transport_url }}
 
diff --git a/releasenotes/notes/uwsgi-flamingo-5144740f1a2bb4fb.yaml b/releasenotes/notes/uwsgi-flamingo-5144740f1a2bb4fb.yaml
index 34ce62210f..40d40c968c 100644
--- a/releasenotes/notes/uwsgi-flamingo-5144740f1a2bb4fb.yaml
+++ b/releasenotes/notes/uwsgi-flamingo-5144740f1a2bb4fb.yaml
@@ -11,5 +11,7 @@ features:
         - Variable
       * - Heat
         - heat_wsgi_provider
+      * - Ironic
+        - ironic_wsgi_provider
       * - Octavia
         - octavia_wsgi_provider