use apache2 instead of evenlet in keystone

author carey.xu <carey.xuhan@huawei.com>

Fri, 18 Mar 2016 11:21:47 +0000 (19:21 +0800)

committer carey xu <carey.xuhan@huawei.com>

Mon, 21 Mar 2016 02:07:26 +0000 (02:07 +0000)
author carey.xu <carey.xuhan@huawei.com>
Fri, 18 Mar 2016 11:21:47 +0000 (19:21 +0800)
committer carey xu <carey.xuhan@huawei.com>
Mon, 21 Mar 2016 02:07:26 +0000 (02:07 +0000)
diff --git a/deploy/adapters/ansible/roles/apache/tasks/main.yml b/deploy/adapters/ansible/roles/apache/tasks/main.yml

index 11e49c0..7053229 100755 (executable)
--- a/deploy/adapters/ansible/roles/apache/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/apache/tasks/main.yml
@@ -18,7 +18,7 @@
      dest: '{{ apache_config_dir }}/ports.conf'
      src: ports.conf.j2
    notify:
-    - restart dashboard services
+    - restart apache related services
  
  - name: remove default listen port on centos
    lineinfile:
diff --git a/deploy/adapters/ansible/roles/keystone/handlers/main.yml b/deploy/adapters/ansible/roles/keystone/handlers/main.yml

new file mode 100755 (executable)

index 0000000..608a8a0
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart keystone services
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services | union(services_noarch)
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml

index 0c4eccc..7873249 100644 (file)
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
@@ -9,19 +9,66 @@
  ---
  - include_vars: "{{ ansible_os_family }}.yml"
  
+- name: disable auto start
+  copy:
+    content: "#!/bin/sh\nexit 101"
+    dest: "/usr/sbin/policy-rc.d"
+    mode: 0755
+  when: ansible_os_family == "Debian"
+
  - name: install keystone packages
    action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
    with_items: packages | union(packages_noarch)
  
+- name: enable auto start
+  file:
+    path=/usr/sbin/policy-rc.d
+    state=absent
+  when: ansible_os_family == "Debian"
+
  - name: generate keystone service list
    lineinfile: dest=/opt/service create=yes line='{{ item }}'
    with_items: services | union(services_noarch)
  
+- name: delete sqlite database
+  file:
+    path: /var/lib/keystone/keystone.db
+    state: absent
+
  - name: update keystone conf
    template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
+  notify:
+    - restart keystone services
  
-- name: delete sqlite database
-  shell: rm /var/lib/keystone/keystone.db || echo sqllite database already removed
+- name: assure listen port exist
+  lineinfile:
+    dest: '{{ apache_config_dir }}/ports.conf'
+    regexp: '{{ item.regexp }}'
+    line: '{{ item.line}}'
+  with_items:
+    - regexp: "^Listen {{ internal_ip }}:5000"
+      line: "Listen {{ internal_ip }}:5000"
+    - regexp: "^Listen {{ internal_ip }}:35357"
+      line: "Listen {{ internal_ip }}:35357"
+  notify:
+    - restart keystone services
+
+- name: update apache2 configs
+  template:
+    src: wsgi-keystone.conf.j2
+    dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
+  when: ansible_os_family == 'Debian'
+  notify:
+    - restart keystone services
+
+- name: enable keystone server
+  file:
+    src: "/etc/apache2/sites-available/wsgi-keystone.conf"
+    dest: "/etc/apache2/sites-enabled/wsgi-keystone.conf"
+    state: "link"
+  when: ansible_os_family == 'Debian'
+  notify:
+    - restart keystone services
  
  - name: keystone source files
    template: src={{ item }} dest=/opt/{{ item }}
@@ -29,6 +76,4 @@
      - admin-openrc.sh
      - demo-openrc.sh
  
-- name: restart keystone services
-  service: name={{ item }} state=restarted enabled=yes
-  with_items: services | union(services_noarch)
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2

new file mode 100644 (file)

index 0000000..ff7526a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,46 @@
+ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+<VirtualHost {{ internal_ip }}:5000>
+    WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+    WSGIProcessGroup keystone-public
+    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    <IfVersion >= 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    </IfVersion>
+    ErrorLog /var/log/apache2/keystone.log
+    CustomLog /var/log/apache2/keystone_access.log combined
+
+    <Directory /usr/bin>
+        <IfVersion >= 2.4>
+            Require all granted
+        </IfVersion>
+        <IfVersion < 2.4>
+            Order allow,deny
+            Allow from all
+        </IfVersion>
+    </Directory>
+</VirtualHost>
+
+<VirtualHost {{ internal_ip }}:35357>
+    WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+    WSGIProcessGroup keystone-admin
+    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    <IfVersion >= 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    </IfVersion>
+    ErrorLog /var/log/apache2/keystone.log
+    CustomLog /var/log/apache2/keystone_access.log combined
+
+    <Directory /usr/bin>
+        <IfVersion >= 2.4>
+            Require all granted
+        </IfVersion>
+        <IfVersion < 2.4>
+            Order allow,deny
+            Allow from all
+        </IfVersion>
+    </Directory>
+</VirtualHost>
diff --git a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml

index 0f5f620..ea7cd9d 100644 (file)
--- a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml
@@ -14,4 +14,6 @@ packages:
    - keystone
  
  services:
-  - keystone
+  - apache2
+
+apache_config_dir: /etc/apache2
diff --git a/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml b/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml

index 9900603..1785ed5 100644 (file)
--- a/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml
@@ -13,4 +13,6 @@ packages:
    - openstack-keystone
  
  services:
-  - openstack-keystone
+  - httpd
+
+apache_config_dir: /etc/httpd/conf.d
author	carey.xu <carey.xuhan@huawei.com>
	Fri, 18 Mar 2016 11:21:47 +0000 (19:21 +0800)
committer	carey xu <carey.xuhan@huawei.com>
	Mon, 21 Mar 2016 02:07:26 +0000 (02:07 +0000)
deploy/adapters/ansible/roles/apache/tasks/main.yml		patch \| blob \| history
deploy/adapters/ansible/roles/keystone/handlers/main.yml	[new file with mode: 0755]	patch \| blob
deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml		patch \| blob \| history
deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2	[new file with mode: 0644]	patch \| blob
deploy/adapters/ansible/roles/keystone/vars/Debian.yml		patch \| blob \| history
deploy/adapters/ansible/roles/keystone/vars/RedHat.yml		patch \| blob \| history