[Openstack] keystone/HTTPD config issue
Ali, Haneef
haneef.ali at hp.com
Mon Mar 31 18:30:02 UTC 2014
This will work. Couple of suggestions
Create file "/usr/lib/cgi-bin/keystone/admin".
Instead of this, you can link to httpd/keystone.py
Also you may want to check the default MPM mode for Apache. Most probably it will be worker-process. There you can configure number of servers used to serve the request which is different from keystone process
Thanks
Haneef
From: Miller, Mark M (EB SW Cloud - R&D - Corvallis)
Sent: Monday, March 31, 2014 11:01 AM
To: mike.hearn; openstack at lists.openstack.org
Subject: Re: [Openstack] keystone/HTTPD config issue
This is my Icehouse documentation, I don't know if it will work with Havana:
Mark
1.2 Keystone files changed (WSGI):
NOTE: The Apache2 WSGI configuration scripts below replace the "/etc/init.d/keystone" startup script
Create/configure file "/etc/apache2/sites-available/keystone.conf" to match your keystone installation and server.
WSGIDaemonProcess keystone user=keystone group=nogroup processes=6
Listen 0.0.0.0:5000
<VirtualHost _default_:5000>
LogLevel debug
ErrorLog /var/log/keystone/keystone.log
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/keystone/ssl/certs/keystone.pem
SSLCertificateKeyFile /etc/keystone/ssl/private/keystonekey.pem
SSLProtocol all -SSLv2
SSLVerifyClient none
WSGIScriptAlias / /usr/lib/cgi-bin/keystone/main
WSGIProcessGroup keystone
SetEnv nokeepalive ssl-unclean-shutdown
</VirtualHost>
Listen 0.0.0.0:35357
<VirtualHost _default_:35357>
LogLevel debug
ErrorLog /var/log/keystone/keystone.log
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/keystone/ssl/certs/keystone.pem
SSLCertificateKeyFile /etc/keystone/ssl/private/keystonekey.pem
SSLProtocol all -SSLv2
SSLVerifyClient none
WSGIScriptAlias / /usr/lib/cgi-bin/keystone/admin
WSGIProcessGroup keystone
SetEnv nokeepalive ssl-unclean-shutdown
</VirtualHost>
Note: By changing the SSL_Engine variable in this file you can turn on and off the Apache2-SSL frontend to Keystone.
Now link keystone sites-enabled to keystone sites-available
sudo ln -s /etc/apache2/sites-available/keystone.conf /etc/apache2/sites-enabled/keystone.conf
Create directory "/usr/lib/cgi-bin/keystone"
sudo mkdir /usr/lib/cgi-bin
sudo mkdir /usr/lib/cgi-bin/keystone
Create file "/usr/lib/cgi-bin/keystone/admin".
import logging
import os
from paste import deploy
from keystone.openstack.common import gettextutils
from keystone.common import dependency
from keystone.common import environment
from keystone.common import sql
from keystone import config
from keystone.openstack.common import log
from keystone import service
# NOTE(blk-u):
# gettextutils.install() must run to set _ before importing any modules that
# contain static translated strings.
gettextutils.install('keystone', lazy=True)
CONF = config.CONF
config.configure()
sql.initialize()
config.set_default_for_default_log_levels()
CONF(project='keystone')
config.setup_logging()
environment.use_stdlib()
#name = os.path.basename(__file__)
name = "admin"
if CONF.debug:
CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)
drivers = service.load_backends()
# NOTE(ldbragst): 'application' is required in this context by WSGI spec.
# The following is a reference to Python Paste Deploy documentation
# http://pythonpaste.org/deploy/
application = deploy.loadapp('config:%s' % config.find_paste_config(),
name=name)
dependency.resolve_future_dependencies()
Also create file "/usr/lib/cgi-bin/keystone/main".
import logging
import os
from paste import deploy
from keystone.openstack.common import gettextutils
from keystone.common import dependency
from keystone.common import environment
from keystone.common import sql
from keystone import config
from keystone.openstack.common import log
from keystone import service
# NOTE(blk-u):
# gettextutils.install() must run to set _ before importing any modules that
# contain static translated strings.
gettextutils.install('keystone', lazy=True)
CONF = config.CONF
config.configure()
sql.initialize()
config.set_default_for_default_log_levels()
CONF(project='keystone')
config.setup_logging()
environment.use_stdlib()
#name = os.path.basename(__file__)
name = "main"
if CONF.debug:
CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)
drivers = service.load_backends()
# NOTE(ldbragst): 'application' is required in this context by WSGI spec.
# The following is a reference to Python Paste Deploy documentation
# http://pythonpaste.org/deploy/
application = deploy.loadapp('config:%s' % config.find_paste_config(),
name=name)
dependency.resolve_future_dependencies()
If the keystone service is running, shut it down because the Apache2 service will now start it up with as many instances of keystone as are specified on the first line of file "/etc/apache2/sites-available/keystone.conf".
sudo service keystone stop
From: mike.hearn [mailto:mike.hearn at oracle.com]
Sent: Monday, March 31, 2014 10:22 AM
To: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: [Openstack] keystone/HTTPD config issue
Hoping someone can offer some help / guidance.
I am trying to configure keystone to run in HTTPD.
Release: Havana
OS: EL 6.5
Following documentation I have configured a VirtualHost in my webserver and made the necessary updates in keystone.conf (admin_port, public_port, admin_endpoint, public_endpoint, external driver)
Before updating endpoints in the keystone repo I ran an initial keystone cmd to verify the original endpoints and to test the httpd setup was functioning correctly e.g.
$ keystone --os-endpoint http://xxxxxxx:8080/keystone/admin/v2.0 --os-token xxxxxxxx service-get keystone
This failed with errors showing up in the webserver log files.
[VirtualHost: xxxxxxx:8080] from paste import deploy
[VirtualHost: xxxxxxx:8080] ImportError: cannot import name deploy
The error is obviously linked to the keystone.wsgi file (as linked frpm keystone/admin) and its attempt to import the paste module
e.g. (extract from keystone.wsgi)
from paste import deploy
from keystone.openstack.common import gettextutils
I did some research and found an older but similar issue occurred with the keystone-all file. The fix was to ensure that the import of gettextutils occured before the import of deploy from paste. (https://github.com/redhat-openstack/keystone/commit/e053026a)
I moved the import of gettextutils above the paste import in keystone.wsgi which did remove the paste import error. However, the webserver log file now shows a segfault after re-running the keystone cmd above
[VirtualHost: xxxxxxx:8080] Premature end of script headers: admin
[VirtualHost: xxxxxxx:8080] Request Failed for : /keystone/admin/v2.0/OS-KSADM/services/keystone, Resp Code : [500]
[VirtualHost: main] child pid 9671 exit signal Segmentation fault (11)
I also looked in /var/log/messages and see:
kernel: httpd.worker[9705]: segfault at 0 ip 00007f509a7cf86f sp 00007f508e432fb8 error 4 in libc-2.12.so<http://libc-2.12.so/>[7f509a69c000+18b000]
So at this point I need to ask :
1 - Was I correct to update keystone.wsgi and move the import gettextutils above import deploy ?
2 - Has anyone come across similar issues when configuring keystone to run in HTTPD
I'd gratefully appreciate any help and advice on solving or trouble shooting
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140331/b5decd94/attachment.html>
More information about the Openstack
mailing list