Provide a template for running keystone as a mod_wsgi process and enable
it from configuration.
Based on: https://review.openstack.org/#/c/36474/
Also-by: zhang-hare <zhuadl@cn.ibm.com>
Implements: blueprint devstack-setup-apache-keystone
Change-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,22 @@ |
0 |
+Listen %PUBLICPORT% |
|
1 |
+Listen %ADMINPORT% |
|
2 |
+ |
|
3 |
+<VirtualHost *:%PUBLICPORT%> |
|
4 |
+ WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% |
|
5 |
+ WSGIProcessGroup keystone-public |
|
6 |
+ WSGIScriptAlias / %PUBLICWSGI% |
|
7 |
+ WSGIApplicationGroup %{GLOBAL} |
|
8 |
+ ErrorLog /var/log/%APACHE_NAME%/keystone |
|
9 |
+ LogLevel debug |
|
10 |
+ CustomLog /var/log/%APACHE_NAME%/access.log combined |
|
11 |
+</VirtualHost> |
|
12 |
+ |
|
13 |
+<VirtualHost *:%ADMINPORT%> |
|
14 |
+ WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% |
|
15 |
+ WSGIProcessGroup keystone-admin |
|
16 |
+ WSGIScriptAlias / %ADMINWSGI% |
|
17 |
+ WSGIApplicationGroup %{GLOBAL} |
|
18 |
+ ErrorLog /var/log/%APACHE_NAME%/keystone |
|
19 |
+ LogLevel debug |
|
20 |
+ CustomLog /var/log/%APACHE_NAME%/access.log combined |
|
21 |
+</VirtualHost> |
... | ... |
@@ -14,11 +14,13 @@ |
14 | 14 |
# |
15 | 15 |
# install_keystone |
16 | 16 |
# configure_keystone |
17 |
+# _config_keystone_apache_wsgi |
|
17 | 18 |
# init_keystone |
18 | 19 |
# start_keystone |
19 | 20 |
# create_keystone_accounts |
20 | 21 |
# stop_keystone |
21 | 22 |
# cleanup_keystone |
23 |
+# _cleanup_keystone_apache_wsgi |
|
22 | 24 |
|
23 | 25 |
# Save trace setting |
24 | 26 |
XTRACE=$(set +o | grep xtrace) |
... | ... |
@@ -34,6 +36,7 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} |
34 | 34 |
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf |
35 | 35 |
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} |
36 | 36 |
KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone} |
37 |
+KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone} |
|
37 | 38 |
|
38 | 39 |
KEYSTONECLIENT_DIR=$DEST/python-keystoneclient |
39 | 40 |
|
... | ... |
@@ -86,6 +89,33 @@ function cleanup_keystone() { |
86 | 86 |
: |
87 | 87 |
} |
88 | 88 |
|
89 |
+# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file |
|
90 |
+function _cleanup_keystone_apache_wsgi() { |
|
91 |
+ sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi |
|
92 |
+ disable_apache_site keystone |
|
93 |
+ sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone |
|
94 |
+} |
|
95 |
+ |
|
96 |
+# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone |
|
97 |
+function _config_keystone_apache_wsgi() { |
|
98 |
+ sudo mkdir -p $KEYSTONE_WSGI_DIR |
|
99 |
+ |
|
100 |
+ # copy proxy vhost and wsgi file |
|
101 |
+ sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main |
|
102 |
+ sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin |
|
103 |
+ |
|
104 |
+ sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone |
|
105 |
+ sudo sed -e " |
|
106 |
+ s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g; |
|
107 |
+ s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g; |
|
108 |
+ s|%APACHE_NAME%|$APACHE_NAME|g; |
|
109 |
+ s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g; |
|
110 |
+ s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g; |
|
111 |
+ s|%USER%|$STACK_USER|g |
|
112 |
+ " -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone |
|
113 |
+ enable_apache_site keystone |
|
114 |
+} |
|
115 |
+ |
|
89 | 116 |
# configure_keystone() - Set config files, create data dirs, etc |
90 | 117 |
function configure_keystone() { |
91 | 118 |
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then |
... | ... |
@@ -204,6 +234,10 @@ function configure_keystone() { |
204 | 204 |
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf |
205 | 205 |
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG" |
206 | 206 |
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production" |
207 |
+ |
|
208 |
+ if is_apache_enabled_service key; then |
|
209 |
+ _config_keystone_apache_wsgi |
|
210 |
+ fi |
|
207 | 211 |
} |
208 | 212 |
|
209 | 213 |
# create_keystone_accounts() - Sets up common required keystone accounts |
... | ... |
@@ -316,6 +350,9 @@ function install_keystone() { |
316 | 316 |
fi |
317 | 317 |
git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH |
318 | 318 |
setup_develop $KEYSTONE_DIR |
319 |
+ if is_apache_enabled_service key; then |
|
320 |
+ install_apache_wsgi |
|
321 |
+ fi |
|
319 | 322 |
} |
320 | 323 |
|
321 | 324 |
# start_keystone() - Start running processes, including screen |
... | ... |
@@ -326,8 +363,14 @@ function start_keystone() { |
326 | 326 |
service_port=$KEYSTONE_SERVICE_PORT_INT |
327 | 327 |
fi |
328 | 328 |
|
329 |
- # Start Keystone in a screen window |
|
330 |
- screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" |
|
329 |
+ if is_apache_enabled_service key; then |
|
330 |
+ restart_apache_server |
|
331 |
+ screen_it key "cd $KEYSTONE_DIR && sudo tail -f /var/log/$APACHE_NAME/keystone" |
|
332 |
+ else |
|
333 |
+ # Start Keystone in a screen window |
|
334 |
+ screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" |
|
335 |
+ fi |
|
336 |
+ |
|
331 | 337 |
echo "Waiting for keystone to start..." |
332 | 338 |
if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then |
333 | 339 |
die $LINENO "keystone did not start" |