作爲web服務器,nginx佔用內存少,性能高而揚名大江南北。以前我都是用apache作爲web服務器,將openstack的api服務搭建在apache上。爲了體驗nginx的高性能而換成nginx。
找一臺服務器,系統是標準的 centos7,部署keystone服務
第0步:先stop 原生的keystone服務
systmctl stop openstack-keystone
第一步: 安裝需要的軟件
yum install nginx uwsgi uwsgi-plugin-python
第二步:keystone是Python程序,監聽在兩個端口上,keystone kilo版原生就支持uwsgi,接口已經存在。只是需要和uwsgi接口
cp /usr/share/keystone/keystone.wsgi /usr/share/keystone/main
cp /usr/share/keystone/keystone.wsgi /usr/share/keystone/admin
chmod ug+x /usr/share/keystone/admin
chmod ug+x /usr/share/keystone/main
第三步:配置uwsgi進程
vim /etc/uwsgi.ini
[uwsgi]
uid = root
gid = root
socket = /var/run/uwsgi/uwsgi.socket
pidfile = /var/run/uwsgi/uwsgi.pid
emperor = /etc/uwsgi.d
#emperor-tyrant = true
master = true
autoload = true
log-date = true
logto = /var/log/uwsgi/uwsgi-emperor.log
這裏設置uid 和gid,uwsgi本身進程在運行時會使用的權限。這裏爲了和nginx匹配權限, 設置爲root
emperor:uwsgi可以使用君主制度,管理vassal。這個值指定vassal的配置文件路徑
emperor-tyrant: boole值,vassal是否有自己的運行權限,如果這個值爲true,需要設置
cap = setgid,setuid;並且在vassal裏必須設置uid和gid。這裏不使用單獨指定權限,統一使 用root
第四步:配置vassal
vim /etc/uwsgi.d/admin.ini #這個路徑必須和上面的emperor一致
[uwsgi]
chmod-socket = 666
master = true
plugin = python
socket = /run/uwsgi/keystone-admin.sock
thunder-lock = true
workers = 4
wsgi-file = /usr/share/keystone/admin
chmod-socket: 這裏設置成666,爲了能讓nginx有權限訪問socket
plugin: 因爲後端是Python,所以需要設置plugin=python
socket:定義socket的路徑,這個路徑需要保證uwsgi進程有權限訪問
wsgi-file: 指定python接口文件的具體路徑。
在這裏我卡住好長一段時間,後來發現這裏python文件的命名是有規範的,需要和keystone的ini配置文件裏定義的api接口名一致,不然是加載不了的。
vim /etc/uwsgi/main.ini
[uwsgi]
chmod-socket = 666
master = true
plugin = python
socket = /run/uwsgi/keystone-mainsock
thunder-lock = true
workers = 4
wsgi-file = /usr/share/keystone/main
第五步:驗證uwsgi能正確加載python module
$: systemctl start uwsgi
$: systemctl status uwsgi
uwsgi.service - uWSGI Emperor Service
Loaded: loaded (/usr/lib/systemd/system/uwsgi.service; enabled)
Active: active (running) since 2016-02-27 16:22:16 CST; 1 day 1h ago
Process: 11168 ExecStartPre=/bin/chown uwsgi:uwsgi /run/uwsgi (code=exited, status=0/SUCCESS)
Process: 11166 ExecStartPre=/bin/mkdir -p /run/uwsgi (code=exited, status=0/SUCCESS)
Main PID: 11172 (uwsgi)
Status: "The Emperor is governing 2 vassals"
CGroup: /system.slice/uwsgi.service
|-11172 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
|-11175 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
|-11176 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
|-11177 /usr/sbin/uwsgi --ini admin.ini
|-11178 /usr/sbin/uwsgi --ini main.ini
|-11251 /usr/sbin/uwsgi --ini main.ini
|-11252 /usr/sbin/uwsgi --ini main.ini
|-11253 /usr/sbin/uwsgi --ini main.ini
|-11254 /usr/sbin/uwsgi --ini main.ini
|-11255 /usr/sbin/uwsgi --ini admin.ini
|-11256 /usr/sbin/uwsgi --ini admin.ini
|-11257 /usr/sbin/uwsgi --ini admin.ini
`-11258 /usr/sbin/uwsgi --ini admin.ini
需要systemctl status 輸出的狀態這上面這樣,正確加載了main.ini admin.ini.
如果提示不能加載vassal配置文件,錯誤類似“no python application found, check your startup logs for errors”,原因就是python的接口不能正常加載。多半是加載python的module的名不對。
第六步:配置nginx
vim /etc/nginx/nginx.conf 添加一行引用
http{
.
.
.
.
include /etc/nginx/sites-enabled/*.conf;
}
vim /etc/nginx/sites-enabled/keystone.conf
server {
listen *:35357 ;
server_name keystone.com;
access_log /var/log/nginx/keystone_wsgi_admin.access.log;
error_log /var/log/nginx/keystone_wsgi_admin.error.log;
location / {
uwsgi_pass unix:///run/uwsgi/keystone-admin.sock;
include uwsgi_params;
uwsgi_param SCRIPT_NAME "";
}
}
server {
listen *:5000 ;
server_name keystone.com;
access_log /var/log/nginx/keystone_wsgi_main.access.log;
error_log /var/log/nginx/keystone_wsgi_main.error.log;
location / {
uwsgi_pass unix:///run/uwsgi/keystone-main.sock;
include uwsgi_params;
uwsgi_param SCRIPT_NAME "";
}
}
location 裏需要添加一個uwsgi_param SCRIPT_NAME ""。因爲keystone kilo版本代碼裏需要這個值SCRIPT_NAME。所以在報文裏需要帶着這個值
最後一步:將nginx uwsgi服務起來,驗證一下
$: systemctl restart nginx
$: systemctl restart uwsgi
$: keystone user-list
+----------------------------------+---------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+---------+---------+-------------------+
| |
| |
+----------------------------------+---------+---------+-------------------+