Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Chapter 7. Additional Procedures for Non-Director Environments

The follow sections outline some additional procedures for Red Hat OpenStack Platform environments not managed with director. These steps accommodate changes within the OpenStack Platform ecosystem and are best performed after an upgrade to Red Hat OpenStack Platform 9.

7.1. Upgrading OpenStack Identity API to a WSGI Service

This step upgrades the OpenStack Identity (keystone) API to run as a Web Server Gateway Interface (WSGI) applet under httpd instead of a standalone service. This process disables the standalone openstack-keystone service and installs the necessary configuration to enable the WSGI applet.

  1. Disable the OpenStack Identity service. This step varies based on whether you use highly available controller nodes or not.

    • For environments without high availability: 

      $ sudo systemctl stop openstack-keystone

    • For environments with high availability: 

      $ sudo pcs resource disable openstack-keystone

  2. On each controller, copy the following OpenStack Identity service WSGI applet to a new directory in /var/www/cgi-bin/:

    • Admin WSGI Applet: /usr/bin/keystone-wsgi-admin

    • Public WSGI Applet: /usr/bin/keystone-wsgi-public

      For example: 

      $ sudo mkdir /var/www/cgi-bin/keystone
$ sudo cp /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/keystone-wsgi-admin
$ sudo cp /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/keystone-wsgi-public

  3. On each controller, create a virtual host configuration file (10-keystone_wsgi_admin.conf) for the Admin WSGI OpenStack Identity service. Save this file in /etc/httpd/conf.d/. The contents of the virtual host file should resemble the following: 

    Listen 35357

<VirtualHost *:35357>
  DocumentRoot "/var/www/cgi-bin/keystone"

  <Directory "/var/www/cgi-bin/keystone">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Require all granted
  </Directory>

  ErrorLog "/var/log/httpd/keystone_wsgi_admin_error.log"
  ServerSignature Off
  CustomLog "/var/log/httpd/keystone_wsgi_admin_access.log" combined

  WSGIApplicationGroup %{GLOBAL}
  WSGIDaemonProcess keystone_admin display-name=keystone-admin group=keystone processes=1 threads=12 user=keystone
  WSGIProcessGroup keystone_admin
  WSGIScriptAlias / "/var/www/cgi-bin/keystone/keystone-admin"
  WSGIPassAuthorization On
</VirtualHost>

  4. On each controller, create a virtual host configuration file (10-keystone_wsgi_public.conf) for the Admin WSGI OpenStack Identity service. Save this file in /etc/httpd/conf.d/. The contents of the virtual host file should resemble the following: 

    Listen 5000

<VirtualHost *:5000>>
  DocumentRoot "/var/www/cgi-bin/keystone"

  <Directory "/var/www/cgi-bin/keystone">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Require all granted
  </Directory>

  ErrorLog "/var/log/httpd/keystone_wsgi_public_error.log"
  ServerSignature Off
  CustomLog "/var/log/httpd/keystone_wsgi_public_access.log" combined

  WSGIApplicationGroup %{GLOBAL}
  WSGIDaemonProcess keystone_public display-name=keystone-public group=keystone processes=1 threads=12 user=keystone
  WSGIProcessGroup keystone_public
  WSGIScriptAlias / "/var/www/cgi-bin/keystone/keystone-public"
  WSGIPassAuthorization On
</VirtualHost>

  5. Restart the httpd service. This step varies based on whether you use highly available controller nodes or not.

    • For environments without high availability: 

      $ sudo systemctl restart httpd

    • For environments with high availability: 

      $ sudo pcs resource restart httpd