Add toggle to run Nova API and EC2-API under Apache2
Inspired by keystone and rcbops-cookbooks's nova scripts,
this review adds apache2 templates for two of the Nova
services. Also add code in lib/nova to switch between
the old and new ways to these two services. The patch
depends on the Nova review mentioned below as the two
scripts that are needed will be in Nova's repository.
TODO for later would be to switch on NOVA_USE_MOD_WSGI
when ENABLE_HTTPD_MOD_WSGI_SERVICES is switched on.
Related Nova blueprint:
https://blueprints.launchpad.net/nova/+spec/run-nova-services-under-apache2
Depends-On: Idd7d3d1b3cc5770cdecea7afe6db3c89d5b2c0d0
Change-Id: I9fc0c601db2776d3e9084be84065e728e3f5d414
diff --git a/README.md b/README.md
index 04f5fd9..9853c3d 100644
--- a/README.md
+++ b/README.md
@@ -149,6 +149,10 @@
KEYSTONE_USE_MOD_WSGI="True"
+Example (Nova):
+
+ NOVA_USE_MOD_WSGI="True"
+
Example (Swift):
SWIFT_USE_MOD_WSGI="True"
diff --git a/files/apache-nova-api.template b/files/apache-nova-api.template
new file mode 100644
index 0000000..70ccedd
--- /dev/null
+++ b/files/apache-nova-api.template
@@ -0,0 +1,16 @@
+Listen %PUBLICPORT%
+
+<VirtualHost *:%PUBLICPORT%>
+ WSGIDaemonProcess nova-api processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+ WSGIProcessGroup nova-api
+ WSGIScriptAlias / %PUBLICWSGI%
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/%APACHE_NAME%/nova-api.log
+ %SSLENGINE%
+ %SSLCERTFILE%
+ %SSLKEYFILE%
+</VirtualHost>
\ No newline at end of file
diff --git a/files/apache-nova-ec2-api.template b/files/apache-nova-ec2-api.template
new file mode 100644
index 0000000..ae4cf94
--- /dev/null
+++ b/files/apache-nova-ec2-api.template
@@ -0,0 +1,16 @@
+Listen %PUBLICPORT%
+
+<VirtualHost *:%PUBLICPORT%>
+ WSGIDaemonProcess nova-ec2-api processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+ WSGIProcessGroup nova-ec2-api
+ WSGIScriptAlias / %PUBLICWSGI%
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/%APACHE_NAME%/nova-ec2-api.log
+ %SSLENGINE%
+ %SSLCERTFILE%
+ %SSLKEYFILE%
+</VirtualHost>
\ No newline at end of file
diff --git a/lib/nova b/lib/nova
index 807dfce..768346a 100644
--- a/lib/nova
+++ b/lib/nova
@@ -16,6 +16,7 @@
#
# - install_nova
# - configure_nova
+# - _config_nova_apache_wsgi
# - create_nova_conf
# - init_nova
# - start_nova
@@ -62,6 +63,15 @@
# Expect to remove in L or M.
NOVA_API_VERSION=${NOVA_API_VERSION-default}
+if is_suse; then
+ NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/srv/www/htdocs/nova}
+else
+ NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/var/www/nova}
+fi
+
+# Toggle for deploying Nova-API under HTTPD + mod_wsgi
+NOVA_USE_MOD_WSGI=${NOVA_USE_MOD_WSGI:-False}
+
if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
NOVA_SERVICE_PROTOCOL="https"
EC2_SERVICE_PROTOCOL="https"
@@ -223,6 +233,64 @@
#fi
}
+# _cleanup_nova_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
+function _cleanup_nova_apache_wsgi {
+ sudo rm -f $NOVA_WSGI_DIR/*
+ sudo rm -f $(apache_site_config_for nova-api)
+ sudo rm -f $(apache_site_config_for nova-ec2-api)
+}
+
+# _config_nova_apache_wsgi() - Set WSGI config files of Keystone
+function _config_nova_apache_wsgi {
+ sudo mkdir -p $NOVA_WSGI_DIR
+
+ local nova_apache_conf=$(apache_site_config_for nova-api)
+ local nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api)
+ local nova_ssl=""
+ local nova_certfile=""
+ local nova_keyfile=""
+ local nova_api_port=$NOVA_SERVICE_PORT
+ local nova_ec2_api_port=$EC2_SERVICE_PORT
+ local venv_path=""
+
+ if is_ssl_enabled_service nova-api; then
+ nova_ssl="SSLEngine On"
+ nova_certfile="SSLCertificateFile $NOVA_SSL_CERT"
+ nova_keyfile="SSLCertificateKeyFile $NOVA_SSL_KEY"
+ fi
+ if [[ ${USE_VENV} = True ]]; then
+ venv_path="python-path=${PROJECT_VENV["nova"]}/lib/python2.7/site-packages"
+ fi
+
+ # copy proxy vhost and wsgi helper files
+ sudo cp $NOVA_DIR/nova/wsgi/nova-api.py $NOVA_WSGI_DIR/nova-api
+ sudo cp $NOVA_DIR/nova/wsgi/nova-ec2-api.py $NOVA_WSGI_DIR/nova-ec2-api
+
+ sudo cp $FILES/apache-nova-api.template $nova_apache_conf
+ sudo sed -e "
+ s|%PUBLICPORT%|$nova_api_port|g;
+ s|%APACHE_NAME%|$APACHE_NAME|g;
+ s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-api|g;
+ s|%SSLENGINE%|$nova_ssl|g;
+ s|%SSLCERTFILE%|$nova_certfile|g;
+ s|%SSLKEYFILE%|$nova_keyfile|g;
+ s|%USER%|$STACK_USER|g;
+ s|%VIRTUALENV%|$venv_path|g
+ " -i $nova_apache_conf
+
+ sudo cp $FILES/apache-nova-ec2-api.template $nova_ec2_apache_conf
+ sudo sed -e "
+ s|%PUBLICPORT%|$nova_ec2_api_port|g;
+ s|%APACHE_NAME%|$APACHE_NAME|g;
+ s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-ec2-api|g;
+ s|%SSLENGINE%|$nova_ssl|g;
+ s|%SSLCERTFILE%|$nova_certfile|g;
+ s|%SSLKEYFILE%|$nova_keyfile|g;
+ s|%USER%|$STACK_USER|g;
+ s|%VIRTUALENV%|$venv_path|g
+ " -i $nova_ec2_apache_conf
+}
+
# configure_nova() - Set config files, create data dirs, etc
function configure_nova {
# Put config files in ``/etc/nova`` for everyone to find
@@ -453,12 +521,16 @@
iniset $NOVA_CONF DEFAULT force_config_drive "$FORCE_CONFIG_DRIVE"
fi
# Format logging
- if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+ if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$NOVA_USE_MOD_WSGI" == "False" ] ; then
setup_colorized_logging $NOVA_CONF DEFAULT
else
# Show user_name and project_name instead of user_id and project_id
iniset $NOVA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
fi
+ if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+ _config_nova_apache_wsgi
+ fi
+
if is_service_enabled ceilometer; then
iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
iniset $NOVA_CONF DEFAULT instance_usage_audit_period "hour"
@@ -655,6 +727,13 @@
git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
setup_develop $NOVA_DIR
sudo install -D -m 0644 -o $STACK_USER {$NOVA_DIR/tools/,/etc/bash_completion.d/}nova-manage.bash_completion
+
+ if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+ install_apache_wsgi
+ if is_ssl_enabled_service "nova-api"; then
+ enable_mod_ssl
+ fi
+ fi
}
# start_nova_api() - Start the API process ahead of other things
@@ -671,7 +750,18 @@
local old_path=$PATH
export PATH=$NOVA_BIN_DIR:$PATH
- run_process n-api "$NOVA_BIN_DIR/nova-api"
+ # If the site is not enabled then we are in a grenade scenario
+ local enabled_site_file=$(apache_site_config_for nova-api)
+ if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+ enable_apache_site nova-api
+ enable_apache_site nova-ec2-api
+ restart_apache_server
+ tail_log nova /var/log/$APACHE_NAME/nova-api.log
+ tail_log nova /var/log/$APACHE_NAME/nova-ec2-api.log
+ else
+ run_process n-api "$NOVA_BIN_DIR/nova-api"
+ fi
+
echo "Waiting for nova-api to start..."
if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SERVICE_HOST:$service_port; then
die $LINENO "nova-api did not start"
@@ -780,6 +870,13 @@
}
function stop_nova_rest {
+ if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+ disable_apache_site nova-api
+ disable_apache_site nova-ec2-api
+ restart_apache_server
+ else
+ stop_process n-api
+ fi
# Kill the nova screen windows
# Some services are listed here twice since more than one instance
# of a service may be running in certain configs.