Factor out code to write uwsgi config files
Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.
Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
diff --git a/lib/keystone b/lib/keystone
index 3db3c8d..936af6a 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -50,6 +50,10 @@
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
+KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
+KEYSTONE_ADMIN_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
+KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
+KEYSTONE_ADMIN_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-admin
# Toggle for deploying Keystone under HTTPD + mod_wsgi
# Deprecated in Mitaka, use KEYSTONE_DEPLOY instead.
@@ -293,44 +297,9 @@
_config_keystone_apache_wsgi
else # uwsgi
# iniset creates these files when it's called if they don't exist.
- KEYSTONE_PUBLIC_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
- KEYSTONE_ADMIN_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
- rm -f "$KEYSTONE_PUBLIC_UWSGI_FILE"
- rm -f "$KEYSTONE_ADMIN_UWSGI_FILE"
-
- if is_ssl_enabled_service key; then
- iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi https $KEYSTONE_SERVICE_HOST:$service_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
- iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi https $KEYSTONE_ADMIN_BIND_HOST:$auth_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
- else
- iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi http $KEYSTONE_SERVICE_HOST:$service_port
- iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi http $KEYSTONE_ADMIN_BIND_HOST:$auth_port
- fi
-
- iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
- iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi processes $(nproc)
-
- iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
- iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi processes $API_WORKERS
-
- # Common settings
- for file in "$KEYSTONE_PUBLIC_UWSGI_FILE" "$KEYSTONE_ADMIN_UWSGI_FILE"; do
- # This is running standalone
- iniset "$file" uwsgi master true
- # Set die-on-term & exit-on-reload so that uwsgi shuts down
- iniset "$file" uwsgi die-on-term true
- iniset "$file" uwsgi exit-on-reload true
- iniset "$file" uwsgi enable-threads true
- iniset "$file" uwsgi plugins python
- # uwsgi recommends this to prevent thundering herd on accept.
- iniset "$file" uwsgi thunder-lock true
- # Override the default size for headers from the 4k default.
- iniset "$file" uwsgi buffer-size 65535
- # Make sure the client doesn't try to re-use the connection.
- iniset "$file" uwsgi add-header "Connection: close"
- # This ensures that file descriptors aren't shared between processes.
- iniset "$file" uwsgi lazy-apps true
- done
+ write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" "$KEYSTONE_SERVICE_HOST:$service_port"
+ write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin" "$KEYSTONE_ADMIN_BIND_HOST:$auth_port"
fi
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
@@ -604,8 +573,8 @@
# TODO(sdague): we should really get down to a single keystone here
enable_service key-p
enable_service key-a
- run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_FILE" ""
- run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_FILE" ""
+ run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
+ run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
fi
echo "Waiting for keystone to start..."