From 227a672eeb2915330410090eb56983e362fc855f Mon Sep 17 00:00:00 2001 From: Andy McCrae Date: Mon, 7 Aug 2017 12:06:33 +0100 Subject: [PATCH] Implement uWSGI for ironic-api Ironic already had mod_wsgi setup, but this patch moves it to use uWSGI. Additionally, this moves to use a filtered_services_list for Ironic The ironic role should be standardized to meet the service setup of other roles, using a filtered service list, and a dict of services with settings moves us closer to this. Change-Id: Ib432380dbc2ea11f9ac005713121a7b42ab97109 --- defaults/main.yml | 35 ++++++++++++--- handlers/main.yml | 14 ++---- tasks/ironic_api_post_install.yml | 65 ---------------------------- tasks/ironic_init.yml | 24 ---------- tasks/ironic_init_common.yml | 26 ----------- tasks/ironic_init_systemd.yml | 37 +++++++--------- tasks/ironic_oneview_setup.yml | 11 +---- tasks/ironic_uwsgi.yml | 44 +++++++++++++++++++ tasks/main.yml | 9 ++-- templates/ironic-httpd.conf.j2 | 20 --------- templates/ironic-ports.conf.j2 | 7 --- templates/ironic-systemd-init.j2 | 10 ++--- templates/ironic-systemd-tmpfiles.j2 | 6 +-- templates/ironic-uwsgi.ini.j2 | 19 ++++++++ vars/main.yml | 12 +++++ vars/ubuntu-16.04.yml | 5 +-- 16 files changed, 135 insertions(+), 209 deletions(-) delete mode 100644 tasks/ironic_api_post_install.yml delete mode 100644 tasks/ironic_init.yml delete mode 100644 tasks/ironic_init_common.yml create mode 100644 tasks/ironic_uwsgi.yml delete mode 100644 templates/ironic-httpd.conf.j2 delete mode 100644 templates/ironic-ports.conf.j2 create mode 100644 templates/ironic-uwsgi.ini.j2 diff --git a/defaults/main.yml b/defaults/main.yml index d92f99a1..eb744ffd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -46,13 +46,29 @@ ironic_system_log_folder: "/var/log/{{ ironic_system_user_name }}" ironic_lock_path: /var/lock/ironic # Ironic Program and Service names -ironic_api_program_name: apache2 -ironic_conductor_program_name: ironic-conductor -ironic_oneviewd_program_name: ironic-oneviewd python_ironic_client_program_name: ironic -ironic_service_names: - - "{{ ironic_api_program_name }}" - - "{{ ironic_conductor_program_name }}" +ironic_services: + ironic-api: + group: ironic_api + service_name: ironic-api + init_config_overrides: "{{ ironic_api_init_config_overrides }}" + wsgi_overrides: "{{ ironic_api_uwsgi_ini_overrides }}" + wsgi_app: True + log_string: "--logto " + wsgi_name: ironic-api-wsgi + uwsgi_port: "{{ ironic_service_port }}" + uwsgi_bind_address: "{{ ironic_uwsgi_bind_address }}" + program_override: "{{ ironic_bin }}/uwsgi --ini /etc/uwsgi/ironic-api.ini" + ironic-conductor: + group: ironic_conductor + service_name: ironic-conductor + init_config_overrides: "{{ ironic_conductor_init_config_overrides }}" + ironic-oneviewd: + group: ironic_conductor + service_name: ironic-oneviewd + service_en: "{{ ironic_oneview_enabled | bool }}" + init_config_overrides: "{{ ironic_oneviewd_init_config_overrides }}" + ironic_service_name: ironic ironic_service_type: baremetal @@ -211,6 +227,7 @@ ironic_pip_packages: - python-ironicclient - python-memcached - python-swiftclient + - uwsgi ## RabbitMQ info ironic_rabbitmq_userid: ironic @@ -222,10 +239,12 @@ ironic_rabbitmq_port: 5672 # Auth ironic_service_user_name: "ironic" -# Apache settings +# WSGI settings ironic_wsgi_threads: 1 ironic_wsgi_processes_max: 16 ironic_wsgi_processes: "{{ [[ansible_processor_vcpus|default(4) // 4, 1] | max, ironic_wsgi_processes_max] | min }}" +ironic_wsgi_buffer_size: 65535 +ironic_uwsgi_bind_address: 0.0.0.0 ### OpenStack Services to integrate with @@ -247,9 +266,11 @@ ironic_ironic_conf_overrides: {} ironic_ironic_oneviewd_conf_overrides: {} ironic_rootwrap_conf_overrides: {} ironic_policy_overrides: {} +ironic_api_uwsgi_ini_overrides: {} # pxe boot ironic_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes" +ironic_api_init_config_overrides: {} ironic_conductor_init_config_overrides: {} ironic_oneviewd_init_config_overrides: {} diff --git a/handlers/main.yml b/handlers/main.yml index 93b18ab8..4d6a1017 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -15,17 +15,11 @@ - name: Restart ironic services service: - name: "{{ item }}" + name: "{{ item.service_name }}" state: restarted - with_items: "{{ ironic_service_names }}" - failed_when: false - -- name: Restart ironic-oneviewd - service: - name: "ironic-oneviewd" - state: restarted - pattern: "ironic-oneviewd" - failed_when: false + enabled: yes + daemon_reload: yes + with_list: "{{ filtered_ironic_services }}" - name: Restart tftpd-hpa service: diff --git a/tasks/ironic_api_post_install.yml b/tasks/ironic_api_post_install.yml deleted file mode 100644 index ccbcc764..00000000 --- a/tasks/ironic_api_post_install.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Setup Ironic Apache site conf - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "root" - group: "root" - with_items: - - { src: "ironic-ports.conf.j2", dest: "/etc/apache2/ports.conf" } - - { src: "ironic-httpd.conf.j2", dest: "/etc/apache2/sites-available/ironic-httpd.conf" } - notify: - - Restart ironic services - -- name: Disable default apache site - file: - path: "/etc/apache2/sites-enabled/000-default.conf" - state: "absent" - when: not ironic_standalone - notify: - - Restart ironic services - -- name: Enable default apache site vhost - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - with_items: - - { src: "/etc/apache2/sites-available/000-default.conf", dest: "/etc/apache2/sites-enabled/000-default.conf", state: "link" } - when: ironic_standalone - notify: - - Restart ironic services - -- name: Enable ironic vhost - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - with_items: - - { src: "/etc/apache2/sites-available/ironic-httpd.conf", dest: "/etc/apache2/sites-enabled/ironic-httpd.conf", state: "link" } - notify: - - Restart ironic services - -- name: Setup Ironic WSGI Configs - template: - src: "ironic-wsgi.py.j2" - dest: "/var/www/cgi-bin/ironic/ironic.wsgi" - owner: "{{ ironic_system_user_name }}" - group: "{{ ironic_system_group_name }}" - mode: "0755" - notify: - - Restart ironic services diff --git a/tasks/ironic_init.yml b/tasks/ironic_init.yml deleted file mode 100644 index 20e577bb..00000000 --- a/tasks/ironic_init.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: ironic_init_common.yml - vars: - program_name: "{{ ironic_conductor_program_name }}" - service_name: "{{ ironic_service_name }}" - system_user: "{{ ironic_system_user_name }}" - system_group: "{{ ironic_system_group_name }}" - service_home: "{{ ironic_system_home_folder }}" - init_config_overrides: "{{ ironic_conductor_init_config_overrides }}" - when: inventory_hostname in groups['ironic_conductor'] diff --git a/tasks/ironic_init_common.yml b/tasks/ironic_init_common.yml deleted file mode 100644 index 07704ebd..00000000 --- a/tasks/ironic_init_common.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: ironic_init_systemd.yml - static: no - when: - - ansible_service_mgr == 'systemd' - -- name: Load service - service: - name: "{{ program_name }}" - enabled: "yes" - notify: - - Restart ironic services diff --git a/tasks/ironic_init_systemd.yml b/tasks/ironic_init_systemd.yml index 47662137..e820aef5 100644 --- a/tasks/ironic_init_systemd.yml +++ b/tasks/ironic_init_systemd.yml @@ -15,49 +15,42 @@ - name: Create TEMP run dir file: - path: "/var/run/{{ program_name }}" + path: "/var/run/{{ item.service_name }}" state: directory - owner: "{{ system_user }}" - group: "{{ system_group }}" + owner: "{{ ironic_system_user_name }}" + group: "{{ ironic_system_group_name }}" mode: "02755" + with_items: "{{ filtered_ironic_services }}" - name: Create TEMP lock dir file: - path: "/var/lock/{{ program_name }}" + path: "/var/lock/{{ item.service_name }}" state: directory - owner: "{{ system_user }}" - group: "{{ system_group }}" + owner: "{{ ironic_system_user_name }}" + group: "{{ ironic_system_group_name }}" mode: "02755" - -# TODO(mgariepy): -# Remove this in Pike as it only needed to handle upgrades -# from Newton->Newton and Newton->Ocata -- name: Cleanup old tmpfiles.d entry - file: - path: "/etc/tmpfiles.d/{{ program_name }}.conf" - state: absent + with_items: "{{ filtered_ironic_services }}" - name: Create tmpfiles.d entry template: src: "ironic-systemd-tmpfiles.j2" - dest: "/etc/tmpfiles.d/openstack-{{ program_name }}.conf" + dest: "/etc/tmpfiles.d/openstack-{{ item.service_name }}.conf" mode: "0644" owner: "root" group: "root" + with_items: "{{ filtered_ironic_services }}" + notify: + - Restart ironic services - name: Place the systemd init script config_template: src: "ironic-systemd-init.j2" - dest: "/etc/systemd/system/{{ program_name }}.service" + dest: "/etc/systemd/system/{{ item.service_name }}.service" mode: "0644" owner: "root" group: "root" - config_overrides: "{{ init_config_overrides }}" + config_overrides: "{{ item.init_config_overrides }}" config_type: "ini" - register: systemd_init - -- name: Reload the systemd daemon - command: "systemctl daemon-reload" - when: systemd_init | changed + with_items: "{{ filtered_ironic_services }}" notify: - Restart ironic services diff --git a/tasks/ironic_oneview_setup.yml b/tasks/ironic_oneview_setup.yml index dca421b1..394490aa 100644 --- a/tasks/ironic_oneview_setup.yml +++ b/tasks/ironic_oneview_setup.yml @@ -38,15 +38,6 @@ retries: 5 delay: 2 -- include: ironic_init_common.yml - vars: - program_name: "{{ ironic_oneviewd_program_name }}" - service_name: "{{ ironic_service_name }}" - system_user: "{{ ironic_system_user_name }}" - system_group: "{{ ironic_system_group_name }}" - service_home: "{{ ironic_system_home_folder }}" - init_config_overrides: "{{ ironic_oneviewd_init_config_overrides }}" - - name: Generate ironic-oneviewd config config_template: src: "ironic-oneviewd.conf.j2" @@ -56,4 +47,4 @@ mode: "0644" config_overrides: "{{ ironic_ironic_oneviewd_conf_overrides }}" config_type: "ini" - notify: Restart ironic-oneviewd + notify: Restart ironic services diff --git a/tasks/ironic_uwsgi.yml b/tasks/ironic_uwsgi.yml new file mode 100644 index 00000000..33ed1fc7 --- /dev/null +++ b/tasks/ironic_uwsgi.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Setup Ironic WSGI Configs + template: + src: "ironic-wsgi.py.j2" + dest: "{{ ironic_bin }}/{{ item.wsgi_name }}.wsgi" + owner: "{{ ironic_system_user_name }}" + group: "{{ ironic_system_group_name }}" + mode: "0755" + with_list: "{{ filtered_ironic_services }}" + when: item.wsgi_app | default(False) + notify: + - Restart ironic services + +- name: Ensure uWSGI directory exists + file: + path: "/etc/uwsgi/" + state: directory + mode: "0711" + +- name: Apply uWSGI configuration + config_template: + src: "ironic-uwsgi.ini.j2" + dest: "/etc/uwsgi/{{ item.service_name }}.ini" + mode: "0744" + config_overrides: "{{ item.wsgi_overrides }}" + config_type: ini + with_list: "{{ filtered_ironic_services }}" + when: item.wsgi_app | default(False) + notify: + - Restart ironic services diff --git a/tasks/main.yml b/tasks/main.yml index 19e7bd3b..d0e64de2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -33,16 +33,13 @@ - ironic-install - include: ironic_oneview_setup.yml - when: - - ironic_oneview_enabled | bool - - inventory_hostname in groups['ironic_conductor'] + when: "'ironic-oneviewd' in (filtered_ironic_services | map(attribute='service_key') | list)" - include: ironic_post_install.yml tags: - ironic-config -- include: ironic_api_post_install.yml - when: inventory_hostname in groups['ironic_api'] +- include: ironic_uwsgi.yml tags: - ironic-config @@ -56,7 +53,7 @@ tags: - ironic-config -- include: ironic_init.yml +- include: "ironic_init_{{ ansible_service_mgr }}.yml" tags: - ironic-config diff --git a/templates/ironic-httpd.conf.j2 b/templates/ironic-httpd.conf.j2 deleted file mode 100644 index 13a9e8ea..00000000 --- a/templates/ironic-httpd.conf.j2 +++ /dev/null @@ -1,20 +0,0 @@ -# {{ ansible_managed }} - - - WSGIDaemonProcess ironic-api user={{ ironic_system_user_name }} group={{ ironic_system_group_name }} processes={{ ironic_wsgi_processes }} threads={{ ironic_wsgi_threads }} display-name=%{GROUP} - WSGIScriptAlias / /var/www/cgi-bin/ironic/ironic.wsgi - SetEnv APACHE_RUN_USER {{ ironic_system_user_name }} - SetEnv APACHE_RUN_GROUP {{ ironic_system_group_name }} - WSGIProcessGroup ironic-api - - ErrorLog /var/log/ironic/ironic_error.log - LogLevel info - CustomLog /var/log/ironic/ironic_access.log combined - - - WSGIProcessGroup ironic-api - WSGIApplicationGroup %{GLOBAL} - AllowOverride All - Require all granted - - diff --git a/templates/ironic-ports.conf.j2 b/templates/ironic-ports.conf.j2 deleted file mode 100644 index 63743852..00000000 --- a/templates/ironic-ports.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} - -Listen {{ ironic_service_port }} -{% if ironic_standalone %} -Listen 80 -{% endif %} - diff --git a/templates/ironic-systemd-init.j2 b/templates/ironic-systemd-init.j2 index 3bb5d30f..1dd7100d 100644 --- a/templates/ironic-systemd-init.j2 +++ b/templates/ironic-systemd-init.j2 @@ -7,13 +7,13 @@ After=network.target [Service] Type=simple -User={{ system_user }} -Group={{ system_group }} +User={{ ironic_system_user_name }} +Group={{ ironic_system_group_name }} -{% if program_override is defined %} -ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/ironic/{{ program_name }}.log +{% if item.program_override is defined %} +ExecStart={{ item.program_override }} {{ item.program_config_options|default('') }} {{ item.log_string | default('--log-file=') }}/var/log/ironic/{{ item.service_name }}.log {% else %} -ExecStart={{ ironic_bin }}/{{ program_name }} {{ program_config_options|default('') }} --log-file=/var/log/ironic/{{ program_name }}.log +ExecStart={{ ironic_bin }}/{{ item.service_name }} {{ item.program_config_options|default('') }} --log-file=/var/log/ironic/{{ item.service_name }}.log {% endif %} # Give a reasonable amount of time for the server to start up/shut down diff --git a/templates/ironic-systemd-tmpfiles.j2 b/templates/ironic-systemd-tmpfiles.j2 index 1e580f5f..c4340c82 100644 --- a/templates/ironic-systemd-tmpfiles.j2 +++ b/templates/ironic-systemd-tmpfiles.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -D /var/lock/{{ program_name }} 2755 {{ system_user }} {{ system_group }} -D /var/run/{{ program_name }} 2755 {{ system_user }} {{ system_group }} -D {{ ironic_lock_path }} 2755 {{ system_user }} {{ system_group }} +D /var/lock/{{ item.service_name }} 2755 {{ ironic_system_user_name }} {{ ironic_system_group_name }} +D /var/run/{{ item.service_name }} 2755 {{ ironic_system_user_name }} {{ ironic_system_group_name }} +D {{ ironic_lock_path }} 2755 {{ ironic_system_user_name }} {{ ironic_system_group_name }} diff --git a/templates/ironic-uwsgi.ini.j2 b/templates/ironic-uwsgi.ini.j2 new file mode 100644 index 00000000..6ae578db --- /dev/null +++ b/templates/ironic-uwsgi.ini.j2 @@ -0,0 +1,19 @@ +[uwsgi] +uid = {{ ironic_system_user_name }} +gid = {{ ironic_system_group_name }} + +virtualenv = /openstack/venvs/ironic-{{ ironic_venv_tag }} +wsgi-file = {{ ironic_bin }}/{{ item.wsgi_name }}.wsgi +http-socket = {{ item.uwsgi_bind_address }}:{{ item.uwsgi_port }} + +master = true +enable-threads = true +processes = {{ ironic_wsgi_processes }} +threads = {{ ironic_wsgi_threads }} +exit-on-reload = true +die-on-term = true +lazy-apps = true +add-header = Connection: close +buffer-size = {{ ironic_wsgi_buffer_size }} +thunder-lock = true +logfile-chmod = 644 diff --git a/vars/main.yml b/vars/main.yml index 23f02279..23aad273 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -30,3 +30,15 @@ ironic_packages_list: > {%- endif %} {%- endif %} {{- package_list -}} + +filtered_ironic_services: |- + {% set services = [] %} + {% for key, value in ironic_services.items() %} + {% if (value['group'] in group_names) and + (('service_en' not in value) or + ('service_en' in value and value['service_en'])) %} + {% set _ = value.update({'service_key': key}) %} + {% set _ = services.append(value) %} + {% endif %} + {% endfor %} + {{ services }} diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml index 02f1c64f..2729b070 100644 --- a/vars/ubuntu-16.04.yml +++ b/vars/ubuntu-16.04.yml @@ -19,10 +19,7 @@ ironic_developer_mode_distro_packages: - git-core - libffi-dev -ironic_api_distro_packages: - - apache2 - - apache2-utils - - libapache2-mod-wsgi +ironic_api_distro_packages: [] ironic_conductor_distro_packages: - libxml2-dev