1. devstack
  2. Commit 2f8c88e0532b6b712cc386a9c15d833d3629b19a
Browse code

Factor out code to write uwsgi config files

Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.

Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe

Sean Dague authored on 2017/04/13 22:08:39
Showing 2 changed files
lib/apache
History View file @ 2f8c88e
... ... 
@@ -181,6 +181,59 @@ function reload_apache_server {
181 181 
     reload_service $APACHE_NAME
182 182 
 }
183 183
184 
+function write_uwsgi_config {
185 
+    local file=$1
186 
+    local wsgi=$2
187 
+    local url=$3
188 
+    local http=$4
189 
+    local name=""
190 
+    name=$(basename $wsgi)
191 
+    local socket="/tmp/${name}.socket"
192 
+
193 
+    # always cleanup given that we are using iniset here
194 
+    rm -rf $file
195 
+    iniset "$file" uwsgi wsgi-file "$wsgi"
196 
+    iniset "$file" uwsgi socket "$socket"
197 
+    iniset "$file" uwsgi processes $API_WORKERS
198 
+    # This is running standalone
199 
+    iniset "$file" uwsgi master true
200 
+    # Set die-on-term & exit-on-reload so that uwsgi shuts down
201 
+    iniset "$file" uwsgi die-on-term true
202 
+    iniset "$file" uwsgi exit-on-reload true
203 
+    iniset "$file" uwsgi enable-threads true
204 
+    iniset "$file" uwsgi plugins python
205 
+    # uwsgi recommends this to prevent thundering herd on accept.
206 
+    iniset "$file" uwsgi thunder-lock true
207 
+    # Override the default size for headers from the 4k default.
208 
+    iniset "$file" uwsgi buffer-size 65535
209 
+    # Make sure the client doesn't try to re-use the connection.
210 
+    iniset "$file" uwsgi add-header "Connection: close"
211 
+    # This ensures that file descriptors aren't shared between processes.
212 
+    iniset "$file" uwsgi lazy-apps true
213 
+    iniset "$file" uwsgi chmod-socket 666
214 
+
215 
+    # If we said bind directly to http, then do that and don't start the apache proxy
216 
+    if [[ -n "$http" ]]; then
217 
+        iniset "$file" uwsgi http $http
218 
+    else
219 
+        local apache_conf=""
220 
+        apache_conf=$(apache_site_config_for $name)
221 
+        echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\"" | sudo tee $apache_conf
222 
+        enable_apache_site $name
223 
+        reload_apache_server
224 
+    fi
225 
+}
226 
+
227 
+function remove_uwsgi_config {
228 
+    local file=$1
229 
+    local wsgi=$2
230 
+    local name=""
231 
+    name=$(basename $wsgi)
232 
+
233 
+    rm -rf $file
234 
+    disable_apache_site $name
235 
+}
236 
+
184 237 
 # Restore xtrace
185 238 
 $_XTRACE_LIB_APACHE
186 239
lib/keystone
History View file @ 2f8c88e
... ... 
@@ -50,6 +50,10 @@ fi
50 50 
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
51 51 
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
52 52 
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
53 
+KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
54 
+KEYSTONE_ADMIN_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
55 
+KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
56 
+KEYSTONE_ADMIN_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-admin
53 57
54 58 
 # Toggle for deploying Keystone under HTTPD + mod_wsgi
55 59 
 # Deprecated in Mitaka, use KEYSTONE_DEPLOY instead.
... ... 
@@ -293,44 +297,9 @@ function configure_keystone {
293 293 
         _config_keystone_apache_wsgi
294 294 
     else # uwsgi
295 295 
         # iniset creates these files when it's called if they don't exist.
296 
-        KEYSTONE_PUBLIC_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
297 
-        KEYSTONE_ADMIN_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
298 
-
299 
-        rm -f "$KEYSTONE_PUBLIC_UWSGI_FILE"
300 
-        rm -f "$KEYSTONE_ADMIN_UWSGI_FILE"
301 
-
302 
-        if is_ssl_enabled_service key; then
303 
-            iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi https $KEYSTONE_SERVICE_HOST:$service_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
304 
-            iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi https $KEYSTONE_ADMIN_BIND_HOST:$auth_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
305 
-        else
306 
-            iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi http $KEYSTONE_SERVICE_HOST:$service_port
307 
-            iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi http $KEYSTONE_ADMIN_BIND_HOST:$auth_port
308 
-        fi
309 296
310 
-        iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
311 
-        iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi processes $(nproc)
312 
-
313 
-        iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
314 
-        iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi processes $API_WORKERS
315 
-
316 
-        # Common settings
317 
-        for file in "$KEYSTONE_PUBLIC_UWSGI_FILE" "$KEYSTONE_ADMIN_UWSGI_FILE"; do
318 
-            # This is running standalone
319 
-            iniset "$file" uwsgi master true
320 
-            # Set die-on-term & exit-on-reload so that uwsgi shuts down
321 
-            iniset "$file" uwsgi die-on-term true
322 
-            iniset "$file" uwsgi exit-on-reload true
323 
-            iniset "$file" uwsgi enable-threads true
324 
-            iniset "$file" uwsgi plugins python
325 
-            # uwsgi recommends this to prevent thundering herd on accept.
326 
-            iniset "$file" uwsgi thunder-lock true
327 
-            # Override the default size for headers from the 4k default.
328 
-            iniset "$file" uwsgi buffer-size 65535
329 
-            # Make sure the client doesn't try to re-use the connection.
330 
-            iniset "$file" uwsgi add-header "Connection: close"
331 
-            # This ensures that file descriptors aren't shared between processes.
332 
-            iniset "$file" uwsgi lazy-apps true
333 
-        done
297 
+        write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" "$KEYSTONE_SERVICE_HOST:$service_port"
298 
+        write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin" "$KEYSTONE_ADMIN_BIND_HOST:$auth_port"
334 299 
     fi
335 300
336 301 
     iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
... ... 
@@ -604,8 +573,8 @@ function start_keystone {
604 604 
         # TODO(sdague): we should really get down to a single keystone here
605 605 
         enable_service key-p
606 606 
         enable_service key-a
607 
-        run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_FILE" ""
608 
-        run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_FILE" ""
607 
+        run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
608 
+        run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
609 609 
     fi
610 610
611 611 
     echo "Waiting for keystone to start..."