This is my Icehouse documentation, I don't know if it will work with Havana:
Mark
1.2 Keystone files changed (WSGI):
NOTE: The Apache2 WSGI configuration scripts below replace the
"/etc/init.d/keystone" startup script
Create/configure file "/etc/apache2/sites-available/keystone.conf" to match
your keystone installation and server.
WSGIDaemonProcess keystone user=keystone group=nogroup processes=6
Listen 0.0.0.0:5000
<VirtualHost _default_:5000>
LogLevel debug
ErrorLog /var/log/keystone/keystone.log
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/keystone/ssl/certs/keystone.pem
SSLCertificateKeyFile /etc/keystone/ssl/private/keystonekey.pem
SSLProtocol all -SSLv2
SSLVerifyClient none
WSGIScriptAlias / /usr/lib/cgi-bin/keystone/main
WSGIProcessGroup keystone
SetEnv nokeepalive ssl-unclean-shutdown
</VirtualHost>
Listen 0.0.0.0:35357
<VirtualHost _default_:35357>
LogLevel debug
ErrorLog /var/log/keystone/keystone.log
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/keystone/ssl/certs/keystone.pem
SSLCertificateKeyFile /etc/keystone/ssl/private/keystonekey.pem
SSLProtocol all -SSLv2
SSLVerifyClient none
WSGIScriptAlias / /usr/lib/cgi-bin/keystone/admin
WSGIProcessGroup keystone
SetEnv nokeepalive ssl-unclean-shutdown
</VirtualHost>
Note: By changing the SSL_Engine variable in this file you can turn on and off
the Apache2-SSL frontend to Keystone.
Now link keystone sites-enabled to keystone sites-available
sudo ln -s /etc/apache2/sites-available/keystone.conf
/etc/apache2/sites-enabled/keystone.conf
Create directory "/usr/lib/cgi-bin/keystone"
sudo mkdir /usr/lib/cgi-bin
sudo mkdir /usr/lib/cgi-bin/keystone
Create file "/usr/lib/cgi-bin/keystone/admin".
import logging
import os
from paste import deploy
from keystone.openstack.common import gettextutils
from keystone.common import dependency
from keystone.common import environment
from keystone.common import sql
from keystone import config
from keystone.openstack.common import log
from keystone import service
# NOTE(blk-u):
# gettextutils.install() must run to set _ before importing any modules that
# contain static translated strings.
gettextutils.install('keystone', lazy=True)
CONF = config.CONF
config.configure()
sql.initialize()
config.set_default_for_default_log_levels()
CONF(project='keystone')
config.setup_logging()
environment.use_stdlib()
#name = os.path.basename(__file__)
name = "admin"
if CONF.debug:
CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)
drivers = service.load_backends()
# NOTE(ldbragst): 'application' is required in this context by WSGI spec.
# The following is a reference to Python Paste Deploy documentation
# http://pythonpaste.org/deploy/
application = deploy.loadapp('config:%s' % config.find_paste_config(),
name=name)
dependency.resolve_future_dependencies()
Also create file "/usr/lib/cgi-bin/keystone/main".
import logging
import os
from paste import deploy
from keystone.openstack.common import gettextutils
from keystone.common import dependency
from keystone.common import environment
from keystone.common import sql
from keystone import config
from keystone.openstack.common import log
from keystone import service
# NOTE(blk-u):
# gettextutils.install() must run to set _ before importing any modules that
# contain static translated strings.
gettextutils.install('keystone', lazy=True)
CONF = config.CONF
config.configure()
sql.initialize()
config.set_default_for_default_log_levels()
CONF(project='keystone')
config.setup_logging()
environment.use_stdlib()
#name = os.path.basename(__file__)
name = "main"
if CONF.debug:
CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)
drivers = service.load_backends()
# NOTE(ldbragst): 'application' is required in this context by WSGI spec.
# The following is a reference to Python Paste Deploy documentation
# http://pythonpaste.org/deploy/
application = deploy.loadapp('config:%s' % config.find_paste_config(),
name=name)
dependency.resolve_future_dependencies()
If the keystone service is running, shut it down because the Apache2 service
will now start it up with as many instances of keystone as are specified on the
first line of file "/etc/apache2/sites-available/keystone.conf".
sudo service keystone stop
From: mike.hearn [mailto:[email protected]]
Sent: Monday, March 31, 2014 10:22 AM
To: [email protected]
Subject: [Openstack] keystone/HTTPD config issue
Hoping someone can offer some help / guidance.
I am trying to configure keystone to run in HTTPD.
Release: Havana
OS: EL 6.5
Following documentation I have configured a VirtualHost in my webserver and
made the necessary updates in keystone.conf (admin_port, public_port,
admin_endpoint, public_endpoint, external driver)
Before updating endpoints in the keystone repo I ran an initial keystone cmd to
verify the original endpoints and to test the httpd setup was functioning
correctly e.g.
$ keystone --os-endpoint http://xxxxxxx:8080/keystone/admin/v2.0 --os-token
xxxxxxxx service-get keystone
This failed with errors showing up in the webserver log files.
[VirtualHost: xxxxxxx:8080] from paste import deploy
[VirtualHost: xxxxxxx:8080] ImportError: cannot import name deploy
The error is obviously linked to the keystone.wsgi file (as linked frpm
keystone/admin) and its attempt to import the paste module
e.g. (extract from keystone.wsgi)
from paste import deploy
from keystone.openstack.common import gettextutils
I did some research and found an older but similar issue occurred with the
keystone-all file. The fix was to ensure that the import of gettextutils
occured before the import of deploy from paste.
(https://github.com/redhat-openstack/keystone/commit/e053026a)
I moved the import of gettextutils above the paste import in keystone.wsgi
which did remove the paste import error. However, the webserver log file now
shows a segfault after re-running the keystone cmd above
[VirtualHost: xxxxxxx:8080] Premature end of script headers: admin
[VirtualHost: xxxxxxx:8080] Request Failed for :
/keystone/admin/v2.0/OS-KSADM/services/keystone, Resp Code : [500]
[VirtualHost: main] child pid 9671 exit signal Segmentation fault (11)
I also looked in /var/log/messages and see:
kernel: httpd.worker[9705]: segfault at 0 ip 00007f509a7cf86f sp
00007f508e432fb8 error 4 in
libc-2.12.so<http://libc-2.12.so/>[7f509a69c000+18b000]
So at this point I need to ask :
1 - Was I correct to update keystone.wsgi and move the import gettextutils
above import deploy ?
2 - Has anyone come across similar issues when configuring keystone to run in
HTTPD
I'd gratefully appreciate any help and advice on solving or trouble shooting
Cheers
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
