Andrew Bogott has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/330341 )
Change subject: Revert "Keystone: Move api service to uwsgi/nginx" ...................................................................... Revert "Keystone: Move api service to uwsgi/nginx" This works but I can't get the old keystone process to quit and relinquish the port This reverts commit 7122564873c55b8cb819c49786fc70f9c10de3df. Change-Id: Idb4143fb9cb57771a43aa2e3f9c85d5a4ac08bee --- M hieradata/common.yaml M hieradata/eqiad.yaml M hieradata/regex.yaml M modules/openstack/manifests/keystone/service.pp M modules/role/manifests/labs/openstack/keystone.pp 5 files changed, 15 insertions(+), 53 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 16ea298..93e7062 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -357,7 +357,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' - public_port: '5000' db_host: 'm5-master.eqiad.wmnet' ldap_host: 'ldap-labs.eqiad.wikimedia.org' token_driver: 'normal' diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml index 4b9c47f..4f05197 100644 --- a/hieradata/eqiad.yaml +++ b/hieradata/eqiad.yaml @@ -145,7 +145,6 @@ keystoneconfig: auth_port: '35357' - public_port: '5000' auth_protocol: 'http' auth_host: 208.80.154.92 admin_project_id: 'admin' diff --git a/hieradata/regex.yaml b/hieradata/regex.yaml index f18e091..1e59764 100644 --- a/hieradata/regex.yaml +++ b/hieradata/regex.yaml @@ -455,7 +455,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' - public_port: '5000' db_host: 'labtestcontrol2001.wikimedia.org' ldap_host: 'labtestservices2001.wikimedia.org' token_driver: 'normal' diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index 2982a66..08d77e2 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -53,13 +53,15 @@ mode => '0644', notify => Service['keystone'], recurse => true; - # Disable the keystone process itself; this will be handled - # by nginx and uwsgi - '/etc/init/keystone.conf': - ensure => 'absent'; } if $::fqdn == hiera('labs_nova_controller') { + service { 'keystone': + ensure => running, + subscribe => File['/etc/keystone/keystone.conf'], + require => Package['keystone']; + } + # Clean up expired keystone tokens, because keystone seems to leak them $keystone_db_name = $keystoneconfig['db_name'] $keystone_db_user = $keystoneconfig['db_user'] @@ -73,6 +75,10 @@ command => "/usr/bin/mysql ${keystone_db_name} -h${keystone_db_host} -u${keystone_db_user} -p${keystone_db_pass} -e 'DELETE FROM token WHERE NOW() - INTERVAL 2 day > expires LIMIT 10000;'", } + nrpe::monitor_service { 'check_keystone_process': + description => 'keystone process', + nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/keystone-all'", + } monitoring::service { 'keystone-http-35357': description => 'keystone http', check_command => 'check_http_on_port!35357', @@ -81,12 +87,10 @@ description => 'keystone http', check_command => 'check_http_on_port!5000', } - } - - # stop the keystone process itself; this will be handled - # by nginx and uwsgi - service { 'keystone': - ensure => stopped, - require => Package['keystone']; + } else { + service { 'keystone': + ensure => stopped, + require => Package['keystone']; + } } } diff --git a/modules/role/manifests/labs/openstack/keystone.pp b/modules/role/manifests/labs/openstack/keystone.pp index 824948b..c8a568c 100644 --- a/modules/role/manifests/labs/openstack/keystone.pp +++ b/modules/role/manifests/labs/openstack/keystone.pp @@ -30,43 +30,4 @@ description => 'Keystone admin and observer projects exist', check_command => 'check_keystone_projects', } - - file { '/var/log/uwsgi/keystone': - ensure => directory, - owner => 'www-data', - group => 'www-data', - mode => '0644', - } - - # Keystone admin API - service::uwsgi { 'keystone-admin': - port => $keystoneconfig['auth_port'], - healthcheck_url => '/', - deployment => None, - config => { - wsgi-file => '/usr/bin/keystone-wsgi-admin', - name => 'keystone', - uid => 'keystone', - gid => 'keystone', - processes => '10', - threads => '2', - logto => '/var/log/uwsgi/keystone/keystone-admin.log', - }, - require => File['/var/log/uwsgi/keystone'], - } - service::uwsgi { 'keystone-public': - port => $keystoneconfig['public_port'], - healthcheck_url => '/', - deployment => None, - config => { - wsgi-file => '/usr/bin/keystone-wsgi-public', - name => 'keystone', - uid => 'keystone', - gid => 'keystone', - processes => '10', - threads => '2', - logto => '/var/log/uwsgi/keystone/keystone-public.log', - }, - require => File['/var/log/uwsgi/keystone'], - } } -- To view, visit https://gerrit.wikimedia.org/r/330341 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idb4143fb9cb57771a43aa2e3f9c85d5a4ac08bee Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: Alex Monk <a...@wikimedia.org> Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits