1. devstack
  2. Commit a00e5f8810b6ca3b0b5d63cc228125e19bc91955
Browse code

Allow keystone to run from apache

Provide a template for running keystone as a mod_wsgi process and enable
it from configuration.

Based on: https://review.openstack.org/#/c/36474/
Also-by: zhang-hare <zhuadl@cn.ibm.com>
Implements: blueprint devstack-setup-apache-keystone

Change-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b

Jamie Lennox authored on 2013/09/17 11:47:03
Showing 2 changed files
files/apache-keystone.template
History View file @ a00e5f8
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,22 @@
0 
+Listen %PUBLICPORT%
1 
+Listen %ADMINPORT%
2 
+
3 
+<VirtualHost *:%PUBLICPORT%>
4 
+    WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER%
5 
+    WSGIProcessGroup keystone-public
6 
+    WSGIScriptAlias / %PUBLICWSGI%
7 
+    WSGIApplicationGroup %{GLOBAL}
8 
+    ErrorLog /var/log/%APACHE_NAME%/keystone
9 
+    LogLevel debug
10 
+    CustomLog /var/log/%APACHE_NAME%/access.log combined
11 
+</VirtualHost>
12 
+
13 
+<VirtualHost *:%ADMINPORT%>
14 
+    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER%
15 
+    WSGIProcessGroup keystone-admin
16 
+    WSGIScriptAlias / %ADMINWSGI%
17 
+    WSGIApplicationGroup %{GLOBAL}
18 
+    ErrorLog /var/log/%APACHE_NAME%/keystone
19 
+    LogLevel debug
20 
+    CustomLog /var/log/%APACHE_NAME%/access.log combined
21 
+</VirtualHost>
lib/keystone
History View file @ a00e5f8
... ... 
@@ -14,11 +14,13 @@
14 14 
 #
15 15 
 # install_keystone
16 16 
 # configure_keystone
17 
+# _config_keystone_apache_wsgi
17 18 
 # init_keystone
18 19 
 # start_keystone
19 20 
 # create_keystone_accounts
20 21 
 # stop_keystone
21 22 
 # cleanup_keystone
23 
+# _cleanup_keystone_apache_wsgi
22 24
23 25 
 # Save trace setting
24 26 
 XTRACE=$(set +o | grep xtrace)
... ... 
@@ -34,6 +36,7 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
34 34 
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
35 35 
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
36 36 
 KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
37 
+KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}
37 38
38 39 
 KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
39 40
... ... 
@@ -86,6 +89,33 @@ function cleanup_keystone() {
86 86 
     :
87 87 
 }
88 88
89 
+# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
90 
+function _cleanup_keystone_apache_wsgi() {
91 
+    sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
92 
+    disable_apache_site keystone
93 
+    sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
94 
+}
95 
+
96 
+# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
97 
+function _config_keystone_apache_wsgi() {
98 
+    sudo mkdir -p $KEYSTONE_WSGI_DIR
99 
+
100 
+    # copy proxy vhost and wsgi file
101 
+    sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
102 
+    sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
103 
+
104 
+    sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
105 
+    sudo sed -e "
106 
+        s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g;
107 
+        s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g;
108 
+        s|%APACHE_NAME%|$APACHE_NAME|g;
109 
+        s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
110 
+        s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
111 
+        s|%USER%|$STACK_USER|g
112 
+    " -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
113 
+    enable_apache_site keystone
114 
+}
115 
+
89 116 
 # configure_keystone() - Set config files, create data dirs, etc
90 117 
 function configure_keystone() {
91 118 
     if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
... ... 
@@ -204,6 +234,10 @@ function configure_keystone() {
204 204 
     cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf
205 205 
     iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
206 206 
     iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
207 
+
208 
+    if is_apache_enabled_service key; then
209 
+        _config_keystone_apache_wsgi
210 
+    fi
207 211 
 }
208 212
209 213 
 # create_keystone_accounts() - Sets up common required keystone accounts
... ... 
@@ -316,6 +350,9 @@ function install_keystone() {
316 316 
     fi
317 317 
     git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
318 318 
     setup_develop $KEYSTONE_DIR
319 
+    if is_apache_enabled_service key; then
320 
+        install_apache_wsgi
321 
+    fi
319 322 
 }
320 323
321 324 
 # start_keystone() - Start running processes, including screen
... ... 
@@ -326,8 +363,14 @@ function start_keystone() {
326 326 
         service_port=$KEYSTONE_SERVICE_PORT_INT
327 327 
     fi
328 328
329 
-    # Start Keystone in a screen window
330 
-    screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
329 
+    if is_apache_enabled_service key; then
330 
+        restart_apache_server
331 
+        screen_it key "cd $KEYSTONE_DIR && sudo tail -f /var/log/$APACHE_NAME/keystone"
332 
+    else
333 
+        # Start Keystone in a screen window
334 
+        screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
335 
+    fi
336 
+
331 337 
     echo "Waiting for keystone to start..."
332 338 
     if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
333 339 
       die $LINENO "keystone did not start"