Andrew Bogott has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/330341 )
Change subject: Revert "Keystone: Move api service to uwsgi/nginx"
......................................................................
Revert "Keystone: Move api service to uwsgi/nginx"
This works but I can't get the old keystone process to quit and relinquish the
port
This reverts commit 7122564873c55b8cb819c49786fc70f9c10de3df.
Change-Id: Idb4143fb9cb57771a43aa2e3f9c85d5a4ac08bee
---
M hieradata/common.yaml
M hieradata/eqiad.yaml
M hieradata/regex.yaml
M modules/openstack/manifests/keystone/service.pp
M modules/role/manifests/labs/openstack/keystone.pp
5 files changed, 15 insertions(+), 53 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 16ea298..93e7062 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -357,7 +357,6 @@
ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
auth_protocol: 'http'
auth_port: '35357'
- public_port: '5000'
db_host: 'm5-master.eqiad.wmnet'
ldap_host: 'ldap-labs.eqiad.wikimedia.org'
token_driver: 'normal'
diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml
index 4b9c47f..4f05197 100644
--- a/hieradata/eqiad.yaml
+++ b/hieradata/eqiad.yaml
@@ -145,7 +145,6 @@
keystoneconfig:
auth_port: '35357'
- public_port: '5000'
auth_protocol: 'http'
auth_host: 208.80.154.92
admin_project_id: 'admin'
diff --git a/hieradata/regex.yaml b/hieradata/regex.yaml
index f18e091..1e59764 100644
--- a/hieradata/regex.yaml
+++ b/hieradata/regex.yaml
@@ -455,7 +455,6 @@
ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
auth_protocol: 'http'
auth_port: '35357'
- public_port: '5000'
db_host: 'labtestcontrol2001.wikimedia.org'
ldap_host: 'labtestservices2001.wikimedia.org'
token_driver: 'normal'
diff --git a/modules/openstack/manifests/keystone/service.pp
b/modules/openstack/manifests/keystone/service.pp
index 2982a66..08d77e2 100644
--- a/modules/openstack/manifests/keystone/service.pp
+++ b/modules/openstack/manifests/keystone/service.pp
@@ -53,13 +53,15 @@
mode => '0644',
notify => Service['keystone'],
recurse => true;
- # Disable the keystone process itself; this will be handled
- # by nginx and uwsgi
- '/etc/init/keystone.conf':
- ensure => 'absent';
}
if $::fqdn == hiera('labs_nova_controller') {
+ service { 'keystone':
+ ensure => running,
+ subscribe => File['/etc/keystone/keystone.conf'],
+ require => Package['keystone'];
+ }
+
# Clean up expired keystone tokens, because keystone seems to leak them
$keystone_db_name = $keystoneconfig['db_name']
$keystone_db_user = $keystoneconfig['db_user']
@@ -73,6 +75,10 @@
command => "/usr/bin/mysql ${keystone_db_name}
-h${keystone_db_host} -u${keystone_db_user} -p${keystone_db_pass} -e 'DELETE
FROM token WHERE NOW() - INTERVAL 2 day > expires LIMIT 10000;'",
}
+ nrpe::monitor_service { 'check_keystone_process':
+ description => 'keystone process',
+ nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/keystone-all'",
+ }
monitoring::service { 'keystone-http-35357':
description => 'keystone http',
check_command => 'check_http_on_port!35357',
@@ -81,12 +87,10 @@
description => 'keystone http',
check_command => 'check_http_on_port!5000',
}
- }
-
- # stop the keystone process itself; this will be handled
- # by nginx and uwsgi
- service { 'keystone':
- ensure => stopped,
- require => Package['keystone'];
+ } else {
+ service { 'keystone':
+ ensure => stopped,
+ require => Package['keystone'];
+ }
}
}
diff --git a/modules/role/manifests/labs/openstack/keystone.pp
b/modules/role/manifests/labs/openstack/keystone.pp
index 824948b..c8a568c 100644
--- a/modules/role/manifests/labs/openstack/keystone.pp
+++ b/modules/role/manifests/labs/openstack/keystone.pp
@@ -30,43 +30,4 @@
description => 'Keystone admin and observer projects exist',
check_command => 'check_keystone_projects',
}
-
- file { '/var/log/uwsgi/keystone':
- ensure => directory,
- owner => 'www-data',
- group => 'www-data',
- mode => '0644',
- }
-
- # Keystone admin API
- service::uwsgi { 'keystone-admin':
- port => $keystoneconfig['auth_port'],
- healthcheck_url => '/',
- deployment => None,
- config => {
- wsgi-file => '/usr/bin/keystone-wsgi-admin',
- name => 'keystone',
- uid => 'keystone',
- gid => 'keystone',
- processes => '10',
- threads => '2',
- logto => '/var/log/uwsgi/keystone/keystone-admin.log',
- },
- require => File['/var/log/uwsgi/keystone'],
- }
- service::uwsgi { 'keystone-public':
- port => $keystoneconfig['public_port'],
- healthcheck_url => '/',
- deployment => None,
- config => {
- wsgi-file => '/usr/bin/keystone-wsgi-public',
- name => 'keystone',
- uid => 'keystone',
- gid => 'keystone',
- processes => '10',
- threads => '2',
- logto => '/var/log/uwsgi/keystone/keystone-public.log',
- },
- require => File['/var/log/uwsgi/keystone'],
- }
}
--
To view, visit https://gerrit.wikimedia.org/r/330341
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idb4143fb9cb57771a43aa2e3f9c85d5a4ac08bee
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <a...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
