Factor out code to write uwsgi config files

Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.

Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
diff --git a/lib/apache b/lib/apache
index e36d0c9..fc73b49 100644
--- a/lib/apache
+++ b/lib/apache
@@ -181,6 +181,59 @@
     reload_service $APACHE_NAME
 }
 
+function write_uwsgi_config {
+    local file=$1
+    local wsgi=$2
+    local url=$3
+    local http=$4
+    local name=""
+    name=$(basename $wsgi)
+    local socket="/tmp/${name}.socket"
+
+    # always cleanup given that we are using iniset here
+    rm -rf $file
+    iniset "$file" uwsgi wsgi-file "$wsgi"
+    iniset "$file" uwsgi socket "$socket"
+    iniset "$file" uwsgi processes $API_WORKERS
+    # This is running standalone
+    iniset "$file" uwsgi master true
+    # Set die-on-term & exit-on-reload so that uwsgi shuts down
+    iniset "$file" uwsgi die-on-term true
+    iniset "$file" uwsgi exit-on-reload true
+    iniset "$file" uwsgi enable-threads true
+    iniset "$file" uwsgi plugins python
+    # uwsgi recommends this to prevent thundering herd on accept.
+    iniset "$file" uwsgi thunder-lock true
+    # Override the default size for headers from the 4k default.
+    iniset "$file" uwsgi buffer-size 65535
+    # Make sure the client doesn't try to re-use the connection.
+    iniset "$file" uwsgi add-header "Connection: close"
+    # This ensures that file descriptors aren't shared between processes.
+    iniset "$file" uwsgi lazy-apps true
+    iniset "$file" uwsgi chmod-socket 666
+
+    # If we said bind directly to http, then do that and don't start the apache proxy
+    if [[ -n "$http" ]]; then
+        iniset "$file" uwsgi http $http
+    else
+        local apache_conf=""
+        apache_conf=$(apache_site_config_for $name)
+        echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\"" | sudo tee $apache_conf
+        enable_apache_site $name
+        reload_apache_server
+    fi
+}
+
+function remove_uwsgi_config {
+    local file=$1
+    local wsgi=$2
+    local name=""
+    name=$(basename $wsgi)
+
+    rm -rf $file
+    disable_apache_site $name
+}
+
 # Restore xtrace
 $_XTRACE_LIB_APACHE
 
diff --git a/lib/keystone b/lib/keystone
index 3db3c8d..936af6a 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -50,6 +50,10 @@
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
+KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
+KEYSTONE_ADMIN_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
+KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
+KEYSTONE_ADMIN_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-admin
 
 # Toggle for deploying Keystone under HTTPD + mod_wsgi
 # Deprecated in Mitaka, use KEYSTONE_DEPLOY instead.
@@ -293,44 +297,9 @@
         _config_keystone_apache_wsgi
     else # uwsgi
         # iniset creates these files when it's called if they don't exist.
-        KEYSTONE_PUBLIC_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
-        KEYSTONE_ADMIN_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
 
-        rm -f "$KEYSTONE_PUBLIC_UWSGI_FILE"
-        rm -f "$KEYSTONE_ADMIN_UWSGI_FILE"
-
-        if is_ssl_enabled_service key; then
-            iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi https $KEYSTONE_SERVICE_HOST:$service_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
-            iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi https $KEYSTONE_ADMIN_BIND_HOST:$auth_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
-        else
-            iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi http $KEYSTONE_SERVICE_HOST:$service_port
-            iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi http $KEYSTONE_ADMIN_BIND_HOST:$auth_port
-        fi
-
-        iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
-        iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi processes $(nproc)
-
-        iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
-        iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi processes $API_WORKERS
-
-        # Common settings
-        for file in "$KEYSTONE_PUBLIC_UWSGI_FILE" "$KEYSTONE_ADMIN_UWSGI_FILE"; do
-            # This is running standalone
-            iniset "$file" uwsgi master true
-            # Set die-on-term & exit-on-reload so that uwsgi shuts down
-            iniset "$file" uwsgi die-on-term true
-            iniset "$file" uwsgi exit-on-reload true
-            iniset "$file" uwsgi enable-threads true
-            iniset "$file" uwsgi plugins python
-            # uwsgi recommends this to prevent thundering herd on accept.
-            iniset "$file" uwsgi thunder-lock true
-            # Override the default size for headers from the 4k default.
-            iniset "$file" uwsgi buffer-size 65535
-            # Make sure the client doesn't try to re-use the connection.
-            iniset "$file" uwsgi add-header "Connection: close"
-            # This ensures that file descriptors aren't shared between processes.
-            iniset "$file" uwsgi lazy-apps true
-        done
+        write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" "$KEYSTONE_SERVICE_HOST:$service_port"
+        write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin" "$KEYSTONE_ADMIN_BIND_HOST:$auth_port"
     fi
 
     iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
@@ -604,8 +573,8 @@
         # TODO(sdague): we should really get down to a single keystone here
         enable_service key-p
         enable_service key-a
-        run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_FILE" ""
-        run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_FILE" ""
+        run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
+        run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
     fi
 
     echo "Waiting for keystone to start..."