Placement: Support uWSGI for API server

Currently Placement API server still using eventlet-based HTTP servers,
it is generally considered more performant and flexible to run them
using a generic HTTP server that supports WSGI.

Change-Id: I7c0d57a210f1a2d02d989cd8c0d25798bfabfa35

placement/.helmignore

@@ -0,0 +1 @@
+values_overrides

placement/Chart.yaml

@@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Placement
 name: placement
-version: 0.3.14
+version: 0.3.15
 home: https://docs.openstack.org/placement/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
 sources:

placement/templates/bin/_placement-api.sh.tpl

@@ -20,9 +20,8 @@ set -ex
 COMMAND="${@:-start}"
 
 function start () {
-
+{{- if .Values.manifests.certificates }}
   cp -a $(type -p placement-api) /var/www/cgi-bin/placement/
-
   if [ -f /etc/apache2/envvars ]; then
     # Loading Apache2 ENV variables
     source /etc/apache2/envvars
@@ -46,13 +45,20 @@ function start () {
     {{- end }}
   {{- end }}
   exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
+{{- else }}
+  exec uwsgi --ini /etc/placement/placement-api-uwsgi.ini
+{{- end }}
 }
 
 function stop () {
+{{- if .Values.manifests.certificates }}
   if [ -f /etc/apache2/envvars ]; then
     source /etc/apache2/envvars
   fi
   {{ .Values.conf.software.apache2.binary }} -k graceful-stop
+{{- else }}
+  kill -TERM 1
+{{- end }}
 }
 
 $COMMAND

placement/templates/configmap-etc.yaml

@@ -57,6 +57,12 @@ limitations under the License.
 {{- if empty .Values.conf.placement.keystone_authtoken.memcache_secret_key -}}
 {{- $_ := set .Values.conf.placement.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
 {{- end -}}
+
+{{- if empty (index .Values.conf.placement_api_uwsgi.uwsgi "http-socket") -}}
+{{- $http_socket_port := tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
+{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
+{{- $_ := set .Values.conf.placement_api_uwsgi.uwsgi "http-socket" $http_socket -}}
+{{- end -}}
 ---
 apiVersion: v1
 kind: Secret
@@ -66,6 +72,9 @@ type: Opaque
 data:
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
   placement.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.placement | b64enc }}
-  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+  placement-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.placement_api_uwsgi | b64enc }}
+{{- if .Values.manifests.certificates }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-placement.conf" "format" "Secret" ) | indent 2 }}
+{{- end }}
+  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
 {{- end }}

placement/templates/deployment.yaml

@@ -100,14 +100,14 @@ spec:
               scheme: {{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
               path: /
               port: {{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-            initialDelaySeconds: 15
+            initialDelaySeconds: 5
             periodSeconds: 10
           livenessProbe:
             httpGet:
               scheme: {{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
               path: /
               port: {{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-            initialDelaySeconds: 50
+            initialDelaySeconds: 5
             periodSeconds: 10
           volumeMounts:
             - name: pod-tmp
@@ -122,6 +122,10 @@ spec:
               mountPath: /etc/placement/placement.conf
               subPath: placement.conf
               readOnly: true
+            - name: placement-etc
+              mountPath: /etc/placement/placement-api-uwsgi.ini
+              subPath: placement-api-uwsgi.ini
+              readOnly: true
             {{- if .Values.conf.placement.DEFAULT.log_config_append }}
             - name: placement-etc
               mountPath: {{ .Values.conf.placement.DEFAULT.log_config_append }}

placement/values.yaml

@@ -61,18 +61,6 @@ network:
       port: 30778
 
 conf:
-  software:
-    apache2:
-      binary: apache2
-      start_parameters: -DFOREGROUND
-      # Enable/Disable modules
-      # a2enmod:
-      #   - headers
-      #   - rewrite
-      # a2dismod:
-      #   - status
-      a2enmod: null
-      a2dismod: null
   policy: {}
   placement:
     DEFAULT:
@@ -148,36 +136,23 @@ conf:
     formatter_default:
       format: "%(message)s"
       datefmt: "%Y-%m-%d %H:%M:%S"
-  wsgi_placement: |
+  placement_api_uwsgi:
-    Listen 0.0.0.0:{{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    uwsgi:
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+      processes: 1
-    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+      add-header: "Connection: close"
-    SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+      buffer-size: 65535
-    CustomLog /dev/stdout combined env=!forwarded
+      die-on-term: true
-    CustomLog /dev/stdout proxy env=forwarded
+      enable-threads: true
-    <VirtualHost *:{{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+      exit-on-reload: false
-        WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
+      hook-master-start: unix_signal:15 gracefully_kill_them_all
-        WSGIProcessGroup placement-api
+      lazy-apps: true
-        WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
+      log-x-forwarded-for: true
-        WSGIApplicationGroup %{GLOBAL}
+      master: true
-        WSGIPassAuthorization On
+      procname-prefix-spaced: "placement-api:"
-        <IfVersion >= 2.4>
+      route-user-agent: '^kube-probe.* donotlog:'
-          ErrorLogFormat "%{cu}t %M"
+      thunder-lock: true
-        </IfVersion>
+      worker-reload-mercy: 80
-        ErrorLog /dev/stdout
+      wsgi-file: /var/lib/openstack/bin/placement-api
-        SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
-        CustomLog /dev/stdout combined env=!forwarded
-        CustomLog /dev/stdout proxy env=forwarded
-    </VirtualHost>
-    Alias /placement /var/www/cgi-bin/placement/placement-api
-    <Location /placement>
-        SetHandler wsgi-script
-        Options +ExecCGI
-        WSGIProcessGroup placement-api
-        WSGIApplicationGroup %{GLOBAL}
-        WSGIPassAuthorization On
-    </Location>
-
 endpoints:
   cluster_domain_suffix: cluster.local
   local_image_registry:

placement/values_overrides/tls.yaml

@@ -7,21 +7,23 @@ network:
 conf:
   software:
     apache2:
+      binary: apache2
+      start_parameters: -DFOREGROUND
+      site_dir: /etc/apache2/sites-enabled
+      conf_dir: /etc/apache2/conf-enabled
+      mods_dir: /etc/apache2/mods-available
       a2enmod:
         - ssl
+      a2dismod: null
   placement:
     keystone_authtoken:
       cafile: /etc/placement/certs/ca.crt
   wsgi_placement: |
-    Listen 0.0.0.0:{{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    {{- $portInt := tuple "placement" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    Listen {{ $portInt }}
-    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+    <VirtualHost *:{{ $portInt }}>
-    SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
-    CustomLog /dev/stdout combined env=!forwarded
-    CustomLog /dev/stdout proxy env=forwarded
-    <VirtualHost *:{{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
       ServerName {{ printf "%s.%s.svc.%s" "placement-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
-      WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
+      WSGIDaemonProcess placement-api processes=1 threads=1 user=placement group=placement display-name=%{GROUP}
       WSGIProcessGroup placement-api
       WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
       WSGIApplicationGroup %{GLOBAL}
@@ -29,11 +31,10 @@ conf:
       <IfVersion >= 2.4>
         ErrorLogFormat "%{cu}t %M"
       </IfVersion>
-      ErrorLog /dev/stdout
       SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+      ErrorLog /dev/stdout
       CustomLog /dev/stdout combined env=!forwarded
       CustomLog /dev/stdout proxy env=forwarded
-
       SSLEngine on
       SSLCertificateFile      /etc/placement/certs/tls.crt
       SSLCertificateKeyFile   /etc/placement/certs/tls.key
@@ -41,14 +42,6 @@ conf:
       SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
       SSLHonorCipherOrder     on
     </VirtualHost>
-    Alias /placement /var/www/cgi-bin/placement/placement-api
-    <Location /placement>
-      SetHandler wsgi-script
-      Options +ExecCGI
-      WSGIProcessGroup placement-api
-      WSGIApplicationGroup %{GLOBAL}
-      WSGIPassAuthorization On
-    </Location>
 endpoints:
   identity:
     auth:

releasenotes/notes/placement.yaml

@@ -37,4 +37,5 @@ placement:
   - 0.3.12 Add 2024.1 overrides
   - 0.3.13 Enable custom annotations for Openstack secrets
   - 0.3.14 Update images used by default
+  - 0.3.15 Uses uWSGI for API service
 ...

tools/deployment/component/common/openstack.sh

@@ -120,7 +120,8 @@ helm upgrade --install $release ${OSH_HELM_REPO}/openstack \
   --set nova.conf.ceph.enabled=${CEPH_ENABLED} \
   --values=/tmp/neutron.yaml \
   --values=/tmp/glance.yaml \
-  --namespace=$namespace
+  --namespace=$namespace \
+  --timeout=1200s
 
 # If compute kit installed using Tungsten Fubric, it will be alive when Tunsten Fabric become active.
 if [[ "$FEATURE_GATES" =~ (,|^)tf(,|$) ]]; then