最近一次从Github上更新Keystone的代码后,发现原来bin/keystone-all和bin/keystone-manage都不见了,取而代之的是keystone/cmd/目录下的all.py和manage.py两个python脚本.虽然在测试的virtualenv环境下仍然可以执行原来的命令,但是想试着在Apache中运行Keystone,毕竟这已经是社区力推的启动方式了.
我的系统是Ubuntu,安装了sysv-rc-conf来管理开机时启动的服务,包括Apache2, MySQL, RabbitMQ等:
# apt-get install -y sysv-rc-conf
要管理系统启动时加载的服务时只要输入 # sysv-rc-conf即可, 移动光标到对应运行级的括号内按空格就可以选择或者反选.
想要Apache加载Python服务器脚本,需要为Apache添加mod_wsgi模块,我比较喜欢简洁的方式,没有自己一步步配置,直接将其安装到Apache2中:
# apt-get install libapache2-mod-wsgi
接下来要告诉Apache每次启动的时候加载Keystone,先将Keystone源码repo中httpd/wsgi-keystone.conf复制到/etc/apache2/conf-available/
# cp /home/openstack/keystone/httpd/wsgi-keystone.conf /etc/apache2/conf-available
这里/home/openstack/keystone是我克隆Keystone源码的位置,需要根据实际情况改动. Ubuntu上Apache2的配置目录为/etc/apache2/,CentOS等系统上为/etc/httpd/,需要根据情况改动.
接着在/etc/apache2/conf-enabled/目录中创建一个指向/etc/apache2/conf-available/wsgi-keystone.conf的同名软链接:
# cd /etc/apache2/conf-enabled/ # ln -s /etc/apache2/conf-available/wsgi-keystone.conf wsgi-keystone.conf
然后根据需要修改/etc/apache2/conf-available/wsgi-keystone.conf文件
Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /var/www/cgi-bin/keystone/main WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/apache2/keystone.log CustomLog /var/log/apache2/keystone_access.log combined </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /var/www/cgi-bin/keystone/admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/apache2/keystone.log CustomLog /var/log/apache2/keystone_access.log combined </VirtualHost>
在WSGIDaemonProcess中设置启动Keystone服务器的进程数,线程数,启动服务器的用户等, 这些值需要根据具体的环境进行修改;\
在WSGIScriptAlias处设置启动脚本的位置, 如果指定/var/www/cgi-bin/keystone/main,那么这个文件(链接)必须存在;
在ErrorLog 处设置Keystone错误日志的路径,这个日志是由HTTPD根据Keystone的运行结果维护的,Ubuntu和红帽系的OS在Apache2的目 录名称上可能不同,比如Ubuntu中Apache2的日志维护在/var/log/apache2/, 而CentOS等系统中Apache2的日志维护在/var/log/httpd/;
在CustomLog处设置Keystone访问日志的路径,注意事项同ErrorLog.
conf文件配置完成后,创建目录/var/www/cgi-bin/keystone/, 为其中添加两个软链接main和admin,他们都指向keystone/httpd/keystone.py
# mkdir /var/www/cgi-bin/keystone; cd /var/www/cgi-bin/keystone # ln -s /home/openstack/keystone/httpd/keystone.py main # ln -s /home/openstack/keystone/httpd/keystone.py admin
然后重启Apache2服务即可,如果希望开机时Keystone就加载运行,使用sysv-rc-conf将Apache2设置为开机启动即可.
查看Keystone服务器进程,发现现在它已经在HTTPD中运行了,注意如果keystone.conf文件中也配置了日志文件log_file, 那么Keystone的错误日志将会输出两份,一份由HTTPD维护,一份由Keystone维护,但是二者的内容是一样的.
# ps aux | grep keystone darren 2582 0.0 0.1 176308 5692 ? Sl 12:29 0:00 (wsgi:keystone-pu -k start darren 2583 0.0 0.1 176308 5692 ? Sl 12:29 0:00 (wsgi:keystone-pu -k start darren 2584 0.0 0.1 176308 5692 ? Sl 12:29 0:00 (wsgi:keystone-pu -k start darren 2585 0.0 0.1 176308 5692 ? Sl 12:29 0:00 (wsgi:keystone-pu -k start darren 2586 0.0 0.1 176316 5692 ? Sl 12:29 0:00 (wsgi:keystone-pu -k start darren 2587 0.0 0.1 176308 5692 ? Sl 12:29 0:00 (wsgi:keystone-ad -k start darren 2588 0.0 0.1 176316 5692 ? Sl 12:29 0:00 (wsgi:keystone-ad -k start darren 2589 0.0 0.1 176308 5692 ? Sl 12:29 0:00 (wsgi:keystone-ad -k start darren 2590 0.0 0.1 176308 5692 ? Sl 12:29 0:00 (wsgi:keystone-ad -k start darren 2591 0.0 0.1 176308 5692 ? Sl 12:29 0:00 (wsgi:keystone-ad -k start