Add template for generic wsgi app
We have a tonn of templates in each openstack formula that describes
api wsgi app. This patch adds template to apache that allows
to create custom wsgi apps from pillar. See readme for details.
In future we swich openstack api services to use this template.
Also add `available` key to site definition. This flag is used
in conjunction with `enabled` to add config to sites-available,
but actual enablement will be done when applying specific openstack
formula.
Change-Id: I008e00958f4ddb36735b6399cbc5d2957b893889
diff --git a/README.rst b/README.rst
index 6bd29ce..b4b7220 100644
--- a/README.rst
+++ b/README.rst
@@ -146,6 +146,32 @@
file: /var/log/apache2/foo.error.log
level: notice
+Apache wsgi application.
+
+.. code-block:: yaml
+
+ apache:
+ server:
+ enabled: true
+ default_mpm: event
+ site:
+ manila:
+ enabled: false
+ available: true
+ type: wsgi
+ name: manila
+ wsgi:
+ daemon_process: manila-api
+ threads: 2
+ user: manila
+ group: manila
+ display_name: '%{GROUP}'
+ script_alias: '/ /usr/bin/manila-wsgi'
+ application_group: '%{GLOBAL}'
+ authorization: 'On'
+ limits:
+ request_body: 114688
+
Roundcube webmail, postfixadmin and mailman
.. code-block:: yaml
diff --git a/apache/files/_limits.conf b/apache/files/_limits.conf
new file mode 100644
index 0000000..61d62db
--- /dev/null
+++ b/apache/files/_limits.conf
@@ -0,0 +1,27 @@
+{%- if site.limits is defined %}
+ {%- if site.limits.request_body is defined %}
+ LimitRequestBody {{ site.limits.request_body }}
+ {%- endif %}
+ {%- if site.limits.request_fieldsis is defined %}
+ LimitRequestFields {{ site.limits.request_fields}}
+ {%- endif %}
+ {%- if site.limits.request_fields_size is defined %}
+ LimitRequestFieldsize {{ site.limits.request_fields_size }}
+ {%- endif %}
+ {%- if site.limits.request_line is defined %}
+ LimitRequestLine {{ site.limits.request_line }}
+ {%- endif %}
+ {%- if site.limits.cpu is defined %}
+ RLimitCPU {{ site.limits.cpu }}
+ {%- endif %}
+ {%- if site.limits.mem is defined %}
+ RLimitMEM {{ site.limits.mem }}
+ {%- endif %}
+ {%- if site.limits.nproc is defined %}
+ RLimitNPROC {{ site.limits.nproc }}
+ {%- endif %}
+ {%- if site.limits.stack_size is defined %}
+ ThreadStackSize {{ site.limits.stack_size }}
+ {%- endif %}
+
+{%- endif %}
diff --git a/apache/files/_log.conf b/apache/files/_log.conf
index 851d60c..aa4c3e4 100644
--- a/apache/files/_log.conf
+++ b/apache/files/_log.conf
@@ -5,6 +5,9 @@
{%- if error_log.get('enabled', True) %}
LogLevel {{ error_log.level|default('warn') }}
ErrorLog {{ error_log.file|default(server.log_dir ~ '/' ~ site_name ~ '.error.log') }}
+ {%- if error_log.format is defined %}
+ ErrorLogFormat {{ error_log.format }}
+ {%- endif %}
{%- endif %}
{%- if custom_log.get('enabled', True) %}
CustomLog {{ custom_log.file|default(server.log_dir ~ '/' ~ site_name ~ '.access.log') }} "{{ custom_log.format|default('vhost_combined') }}"
diff --git a/apache/files/_wsgi.conf b/apache/files/_wsgi.conf
new file mode 100644
index 0000000..e57b766
--- /dev/null
+++ b/apache/files/_wsgi.conf
@@ -0,0 +1,14 @@
+{%- if site.wsgi is defined %}
+ WSGIDaemonProcess {{ site.wsgi.daemon_process}} processes={{ site.wsgi.get('processes', grains.num_cpus) }} threads={{ site.wsgi.get('threads', 1)}} user={{ site.wsgi.user }} group={{ site.wsgi.group }} {% if site.wsgi.display_name is defined %}display-name={{ site.wsgi.display_name }}{% endif %}
+ WSGIProcessGroup {{ site.wsgi.daemon_process}}
+ {%- if site.wsgi.script_alias is defined %}
+ WSGIScriptAlias {{ site.wsgi.script_alias }}
+ {%- endif %}
+ {%- if site.wsgi.application_group is defined %}
+ WSGIApplicationGroup {{ site.wsgi.application_group }}
+ {%- endif %}
+ {%- if site.wsgi.authorization is defined %}
+ WSGIPassAuthorization {{ site.wsgi.authorization }}
+ {%- endif %}
+
+{%- endif %}
diff --git a/apache/files/wsgi.conf b/apache/files/wsgi.conf
new file mode 100644
index 0000000..d0a88ea
--- /dev/null
+++ b/apache/files/wsgi.conf
@@ -0,0 +1,24 @@
+{%- set site = salt['pillar.get']('apache:server:site:'+site_name) %}
+{%- if site.root is defined %}
+{%- set root = site.root %}
+{%- else %}
+{%- set root = '/srv/static/sites/'+site.name %}
+{%- endif %}
+<VirtualHost {{ site.host.address }}:{{ site.host.port }}>
+ {%- include "apache/files/_name.conf" %}
+ {%- include "apache/files/_wsgi.conf" %}
+ {%- include "apache/files/_ssl.conf" %}
+ {%- include "apache/files/_log.conf" %}
+ {%- include "apache/files/_limits.conf" %}
+
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
diff --git a/apache/server/site.sls b/apache/server/site.sls
index 4b40191..e572952 100644
--- a/apache/server/site.sls
+++ b/apache/server/site.sls
@@ -6,11 +6,11 @@
{%- for site_name, site in server.site.iteritems() %}
-{% if site.enabled %}
+{% if site.enabled or site.get('available', False) %}
{{ server.vhost_dir }}/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}:
file.managed:
- {%- if site.type in ['proxy', 'redirect', 'static', 'stats'] %}
+ {%- if site.type in ['proxy', 'redirect', 'static', 'stats', 'wsgi' ] %}
- source: salt://apache/files/{{ site.type }}.conf
{%- else %}
- source: salt://{{ site.type }}/files/apache.conf
@@ -91,6 +91,8 @@
{%- if grains.os_family == "Debian" %}
+{%- if site.enabled %}
+
/etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}:
file.symlink:
- target: {{ server.vhost_dir }}/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}
@@ -101,6 +103,7 @@
/etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}:
file.absent
+{%- endif %}
{%- endif %}