Skip to content

Commit d5537c1

Browse files
committed
Add toggle to run Nova API and EC2-API under Apache2
Inspired by keystone and rcbops-cookbooks's nova scripts, this review adds apache2 templates for two of the Nova services. Also add code in lib/nova to switch between the old and new ways to these two services. The patch depends on the Nova review mentioned below as the two scripts that are needed will be in Nova's repository. TODO for later would be to switch on NOVA_USE_MOD_WSGI when ENABLE_HTTPD_MOD_WSGI_SERVICES is switched on. Related Nova blueprint: https://blueprints.launchpad.net/nova/+spec/run-nova-services-under-apache2 Depends-On: Idd7d3d1b3cc5770cdecea7afe6db3c89d5b2c0d0 Change-Id: I9fc0c601db2776d3e9084be84065e728e3f5d414
1 parent e210d26 commit d5537c1

4 files changed

Lines changed: 135 additions & 2 deletions

File tree

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,10 @@ Example (Keystone):
149149

150150
KEYSTONE_USE_MOD_WSGI="True"
151151

152+
Example (Nova):
153+
154+
NOVA_USE_MOD_WSGI="True"
155+
152156
Example (Swift):
153157

154158
SWIFT_USE_MOD_WSGI="True"

files/apache-nova-api.template

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
Listen %PUBLICPORT%
2+
3+
<VirtualHost *:%PUBLICPORT%>
4+
WSGIDaemonProcess nova-api processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
5+
WSGIProcessGroup nova-api
6+
WSGIScriptAlias / %PUBLICWSGI%
7+
WSGIApplicationGroup %{GLOBAL}
8+
WSGIPassAuthorization On
9+
<IfVersion >= 2.4>
10+
ErrorLogFormat "%{cu}t %M"
11+
</IfVersion>
12+
ErrorLog /var/log/%APACHE_NAME%/nova-api.log
13+
%SSLENGINE%
14+
%SSLCERTFILE%
15+
%SSLKEYFILE%
16+
</VirtualHost>

files/apache-nova-ec2-api.template

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
Listen %PUBLICPORT%
2+
3+
<VirtualHost *:%PUBLICPORT%>
4+
WSGIDaemonProcess nova-ec2-api processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
5+
WSGIProcessGroup nova-ec2-api
6+
WSGIScriptAlias / %PUBLICWSGI%
7+
WSGIApplicationGroup %{GLOBAL}
8+
WSGIPassAuthorization On
9+
<IfVersion >= 2.4>
10+
ErrorLogFormat "%{cu}t %M"
11+
</IfVersion>
12+
ErrorLog /var/log/%APACHE_NAME%/nova-ec2-api.log
13+
%SSLENGINE%
14+
%SSLCERTFILE%
15+
%SSLKEYFILE%
16+
</VirtualHost>

lib/nova

Lines changed: 99 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
#
1717
# - install_nova
1818
# - configure_nova
19+
# - _config_nova_apache_wsgi
1920
# - create_nova_conf
2021
# - init_nova
2122
# - start_nova
@@ -62,6 +63,15 @@ NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
6263
# Expect to remove in L or M.
6364
NOVA_API_VERSION=${NOVA_API_VERSION-default}
6465

66+
if is_suse; then
67+
NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/srv/www/htdocs/nova}
68+
else
69+
NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/var/www/nova}
70+
fi
71+
72+
# Toggle for deploying Nova-API under HTTPD + mod_wsgi
73+
NOVA_USE_MOD_WSGI=${NOVA_USE_MOD_WSGI:-False}
74+
6575
if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
6676
NOVA_SERVICE_PROTOCOL="https"
6777
EC2_SERVICE_PROTOCOL="https"
@@ -223,6 +233,64 @@ function cleanup_nova {
223233
#fi
224234
}
225235

236+
# _cleanup_nova_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
237+
function _cleanup_nova_apache_wsgi {
238+
sudo rm -f $NOVA_WSGI_DIR/*
239+
sudo rm -f $(apache_site_config_for nova-api)
240+
sudo rm -f $(apache_site_config_for nova-ec2-api)
241+
}
242+
243+
# _config_nova_apache_wsgi() - Set WSGI config files of Keystone
244+
function _config_nova_apache_wsgi {
245+
sudo mkdir -p $NOVA_WSGI_DIR
246+
247+
local nova_apache_conf=$(apache_site_config_for nova-api)
248+
local nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api)
249+
local nova_ssl=""
250+
local nova_certfile=""
251+
local nova_keyfile=""
252+
local nova_api_port=$NOVA_SERVICE_PORT
253+
local nova_ec2_api_port=$EC2_SERVICE_PORT
254+
local venv_path=""
255+
256+
if is_ssl_enabled_service nova-api; then
257+
nova_ssl="SSLEngine On"
258+
nova_certfile="SSLCertificateFile $NOVA_SSL_CERT"
259+
nova_keyfile="SSLCertificateKeyFile $NOVA_SSL_KEY"
260+
fi
261+
if [[ ${USE_VENV} = True ]]; then
262+
venv_path="python-path=${PROJECT_VENV["nova"]}/lib/python2.7/site-packages"
263+
fi
264+
265+
# copy proxy vhost and wsgi helper files
266+
sudo cp $NOVA_DIR/nova/wsgi/nova-api.py $NOVA_WSGI_DIR/nova-api
267+
sudo cp $NOVA_DIR/nova/wsgi/nova-ec2-api.py $NOVA_WSGI_DIR/nova-ec2-api
268+
269+
sudo cp $FILES/apache-nova-api.template $nova_apache_conf
270+
sudo sed -e "
271+
s|%PUBLICPORT%|$nova_api_port|g;
272+
s|%APACHE_NAME%|$APACHE_NAME|g;
273+
s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-api|g;
274+
s|%SSLENGINE%|$nova_ssl|g;
275+
s|%SSLCERTFILE%|$nova_certfile|g;
276+
s|%SSLKEYFILE%|$nova_keyfile|g;
277+
s|%USER%|$STACK_USER|g;
278+
s|%VIRTUALENV%|$venv_path|g
279+
" -i $nova_apache_conf
280+
281+
sudo cp $FILES/apache-nova-ec2-api.template $nova_ec2_apache_conf
282+
sudo sed -e "
283+
s|%PUBLICPORT%|$nova_ec2_api_port|g;
284+
s|%APACHE_NAME%|$APACHE_NAME|g;
285+
s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-ec2-api|g;
286+
s|%SSLENGINE%|$nova_ssl|g;
287+
s|%SSLCERTFILE%|$nova_certfile|g;
288+
s|%SSLKEYFILE%|$nova_keyfile|g;
289+
s|%USER%|$STACK_USER|g;
290+
s|%VIRTUALENV%|$venv_path|g
291+
" -i $nova_ec2_apache_conf
292+
}
293+
226294
# configure_nova() - Set config files, create data dirs, etc
227295
function configure_nova {
228296
# Put config files in ``/etc/nova`` for everyone to find
@@ -453,12 +521,16 @@ function create_nova_conf {
453521
iniset $NOVA_CONF DEFAULT force_config_drive "$FORCE_CONFIG_DRIVE"
454522
fi
455523
# Format logging
456-
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
524+
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$NOVA_USE_MOD_WSGI" == "False" ] ; then
457525
setup_colorized_logging $NOVA_CONF DEFAULT
458526
else
459527
# Show user_name and project_name instead of user_id and project_id
460528
iniset $NOVA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
461529
fi
530+
if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
531+
_config_nova_apache_wsgi
532+
fi
533+
462534
if is_service_enabled ceilometer; then
463535
iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
464536
iniset $NOVA_CONF DEFAULT instance_usage_audit_period "hour"
@@ -655,6 +727,13 @@ function install_nova {
655727
git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
656728
setup_develop $NOVA_DIR
657729
sudo install -D -m 0644 -o $STACK_USER {$NOVA_DIR/tools/,/etc/bash_completion.d/}nova-manage.bash_completion
730+
731+
if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
732+
install_apache_wsgi
733+
if is_ssl_enabled_service "nova-api"; then
734+
enable_mod_ssl
735+
fi
736+
fi
658737
}
659738

660739
# start_nova_api() - Start the API process ahead of other things
@@ -671,7 +750,18 @@ function start_nova_api {
671750
local old_path=$PATH
672751
export PATH=$NOVA_BIN_DIR:$PATH
673752

674-
run_process n-api "$NOVA_BIN_DIR/nova-api"
753+
# If the site is not enabled then we are in a grenade scenario
754+
local enabled_site_file=$(apache_site_config_for nova-api)
755+
if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
756+
enable_apache_site nova-api
757+
enable_apache_site nova-ec2-api
758+
restart_apache_server
759+
tail_log nova /var/log/$APACHE_NAME/nova-api.log
760+
tail_log nova /var/log/$APACHE_NAME/nova-ec2-api.log
761+
else
762+
run_process n-api "$NOVA_BIN_DIR/nova-api"
763+
fi
764+
675765
echo "Waiting for nova-api to start..."
676766
if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SERVICE_HOST:$service_port; then
677767
die $LINENO "nova-api did not start"
@@ -780,6 +870,13 @@ function stop_nova_compute {
780870
}
781871

782872
function stop_nova_rest {
873+
if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
874+
disable_apache_site nova-api
875+
disable_apache_site nova-ec2-api
876+
restart_apache_server
877+
else
878+
stop_process n-api
879+
fi
783880
# Kill the nova screen windows
784881
# Some services are listed here twice since more than one instance
785882
# of a service may be running in certain configs.

0 commit comments

Comments
 (0)