diff options
Diffstat (limited to 'deploy')
11 files changed, 157 insertions, 21 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 new file mode 100755 index 00000000..89a70686 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -0,0 +1,18 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:80> + WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }} + WSGIProcessGroup horizon + Alias /static {{ horizon_dir }}/static/ + Alias /horizon/static {{ horizon_dir }}/static/ + <Directory {{ horizon_dir }}/wsgi> + Order allow,deny + Allow from all + </Directory> +</VirtualHost> + + diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 new file mode 100644 index 00000000..f5f9d339 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -0,0 +1,50 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:5000> + WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /usr/bin/keystone-wsgi-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> + +<VirtualHost {{ internal_ip }}:35357> + WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /usr/bin/keystone-wsgi-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py index b4466ef6..f6ec8be5 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py @@ -7,7 +7,7 @@ from keystone.common import controller from keystone import config from keystone import exception from keystone.models import token_model -from keystone.contrib.moon.exception import * # noqa +from keystone.contrib.moon.exception import * # noqa: F403 from oslo_log import log from uuid import uuid4 import requests @@ -17,7 +17,7 @@ CONF = config.CONF LOG = log.getLogger(__name__) -@dependency.requires('configuration_api') +@dependency.requires('configuration_api') # noqa: F405 class Configuration(controller.V3Controller): collection_name = 'configurations' member_name = 'configuration' @@ -48,7 +48,7 @@ class Configuration(controller.V3Controller): user_id) -@dependency.requires('tenant_api', 'resource_api') +@dependency.requires('tenant_api', 'resource_api') # noqa: F405 class Tenants(controller.V3Controller): def __init__(self): @@ -152,7 +152,7 @@ def callback(self, context, prep_info, *args, **kwargs): raise exception.Unauthorized -@dependency.requires('authz_api') +@dependency.requires('authz_api') # noqa: F405 class Authz_v3(controller.V3Controller): def __init__(self): @@ -168,7 +168,7 @@ class Authz_v3(controller.V3Controller): return {'authz': False, 'comment': unicode(e)} -@dependency.requires('admin_api', 'root_api') +@dependency.requires('admin_api', 'root_api') # noqa: F405 class IntraExtensions(controller.V3Controller): collection_name = 'intra_extensions' member_name = 'intra_extension' @@ -926,7 +926,7 @@ class IntraExtensions(controller.V3Controller): user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list) -@dependency.requires('authz_api') +@dependency.requires('authz_api') # noqa: F405 class InterExtensions(controller.V3Controller): def __init__(self): @@ -968,7 +968,7 @@ class InterExtensions(controller.V3Controller): # self.interextension_api.delete_inter_extension(kw['inter_extension_id']) -@dependency.requires('moonlog_api', 'authz_api') +@dependency.requires('moonlog_api', 'authz_api') # noqa: F405 class Logs(controller.V3Controller): def __init__(self): @@ -987,7 +987,7 @@ class Logs(controller.V3Controller): return self.moonlog_api.get_logs(user_id, options) -@dependency.requires('identity_api', "token_provider_api", "resource_api") +@dependency.requires('identity_api', "token_provider_api", "resource_api") # noqa: F405 class MoonAuth(controller.V3Controller): def __init__(self): diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml index 7a507c88..95dd2e89 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml @@ -142,7 +142,7 @@ ############################################# - name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }} + wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }} #- name: cron job to purge expired tokens hourly # cron: diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 new file mode 100755 index 00000000..89a70686 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -0,0 +1,18 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:80> + WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }} + WSGIProcessGroup horizon + Alias /static {{ horizon_dir }}/static/ + Alias /horizon/static {{ horizon_dir }}/static/ + <Directory {{ horizon_dir }}/wsgi> + Order allow,deny + Allow from all + </Directory> +</VirtualHost> + + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml index 2c61ff66..f68105f1 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml @@ -19,7 +19,7 @@ service: name=neutron-server state=restarted enabled=yes - name: wait for neutron ready - wait_for: port=9696 delay=10 timeout=30 host={{ internal_vip.ip }} + wait_for: port=9696 delay=10 timeout=60 host={{ internal_ip }} - name: create external net shell: diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml index 35c84ce8..3fea6e28 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml @@ -92,7 +92,7 @@ - meta: flush_handlers - name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=30 host={{ internal_vip.ip }} + wait_for: port=35357 delay=10 timeout=60 host={{ internal_ip }} - name: cron job to purge expired tokens hourly cron: diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 new file mode 100644 index 00000000..f5f9d339 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -0,0 +1,50 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:5000> + WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /usr/bin/keystone-wsgi-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> + +<VirtualHost {{ internal_ip }}:35357> + WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /usr/bin/keystone-wsgi-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py index f55191d4..fd107a5e 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py @@ -7,7 +7,7 @@ from keystone.common import controller from keystone import config from keystone import exception from keystone.models import token_model -from keystone.contrib.moon.exception import * # noqa +from keystone.contrib.moon.exception import * # noqa: F403 from oslo_log import log from uuid import uuid4 import requests @@ -17,7 +17,7 @@ CONF = config.CONF LOG = log.getLogger(__name__) -@dependency.requires('configuration_api') +@dependency.requires('configuration_api') # noqa: 405 class Configuration(controller.V3Controller): collection_name = 'configurations' member_name = 'configuration' @@ -48,7 +48,7 @@ class Configuration(controller.V3Controller): user_id) -@dependency.requires('tenant_api', 'resource_api') +@dependency.requires('tenant_api', 'resource_api') # noqa: 405 class Tenants(controller.V3Controller): def __init__(self): @@ -152,7 +152,7 @@ def callback(self, context, prep_info, *args, **kwargs): raise exception.Unauthorized -@dependency.requires('authz_api') +@dependency.requires('authz_api') # noqa: 405 class Authz_v3(controller.V3Controller): def __init__(self): @@ -168,7 +168,7 @@ class Authz_v3(controller.V3Controller): return {'authz': False, 'comment': unicode(e)} -@dependency.requires('admin_api', 'root_api') +@dependency.requires('admin_api', 'root_api') # noqa: 405 class IntraExtensions(controller.V3Controller): collection_name = 'intra_extensions' member_name = 'intra_extension' @@ -926,7 +926,7 @@ class IntraExtensions(controller.V3Controller): user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list) -@dependency.requires('authz_api') +@dependency.requires('authz_api') # noqa: 405 class InterExtensions(controller.V3Controller): def __init__(self): @@ -968,7 +968,7 @@ class InterExtensions(controller.V3Controller): # self.interextension_api.delete_inter_extension(kw['inter_extension_id']) -@dependency.requires('moonlog_api', 'authz_api') +@dependency.requires('moonlog_api', 'authz_api') # noqa: 405 class Logs(controller.V3Controller): def __init__(self): @@ -987,7 +987,7 @@ class Logs(controller.V3Controller): return self.moonlog_api.get_logs(user_id, options) -@dependency.requires('identity_api', "token_provider_api", "resource_api") +@dependency.requires('identity_api', "token_provider_api", "resource_api") # noqa: 405 class MoonAuth(controller.V3Controller): def __init__(self): diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml index 7a507c88..95dd2e89 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml @@ -142,7 +142,7 @@ ############################################# - name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }} + wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }} #- name: cron job to purge expired tokens hourly # cron: diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml index 574ebabd..e7e9297e 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml @@ -12,7 +12,7 @@ shell: su -s /bin/sh -c 'keystone-manage db_sync' keystone - name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }} + wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }} - name: cron job to purge expired tokens hourly cron: |