Red Hat Training
A Red Hat training course is available for Red Hat OpenStack Platform
Chapter 7. Additional Procedures for Non-Director Environments
The follow sections outline some additional procedures for Red Hat OpenStack Platform environments not managed with director. These steps accommodate changes within the OpenStack Platform ecosystem and are best performed after an upgrade to Red Hat OpenStack Platform 9.
7.1. Upgrading OpenStack Identity API to a WSGI Service
This step upgrades the OpenStack Identity (keystone
) API to run as a Web Server Gateway Interface (WSGI) applet under httpd
instead of a standalone service. This process disables the standalone openstack-keystone
service and installs the necessary configuration to enable the WSGI applet.
Disable the OpenStack Identity service. This step varies based on whether you use highly available controller nodes or not.
For environments without high availability:
$ sudo systemctl stop openstack-keystone
For environments with high availability:
$ sudo pcs resource disable openstack-keystone
On each controller, copy the following OpenStack Identity service WSGI applet to a new directory in
/var/www/cgi-bin/
:-
Admin WSGI Applet:
/usr/bin/keystone-wsgi-admin
Public WSGI Applet:
/usr/bin/keystone-wsgi-public
For example:
$ sudo mkdir /var/www/cgi-bin/keystone $ sudo cp /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/keystone-wsgi-admin $ sudo cp /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/keystone-wsgi-public
-
Admin WSGI Applet:
On each controller, create a virtual host configuration file (
10-keystone_wsgi_admin.conf
) for the Admin WSGI OpenStack Identity service. Save this file in/etc/httpd/conf.d/
. The contents of the virtual host file should resemble the following:Listen 35357 <VirtualHost *:35357> DocumentRoot "/var/www/cgi-bin/keystone" <Directory "/var/www/cgi-bin/keystone"> Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted </Directory> ErrorLog "/var/log/httpd/keystone_wsgi_admin_error.log" ServerSignature Off CustomLog "/var/log/httpd/keystone_wsgi_admin_access.log" combined WSGIApplicationGroup %{GLOBAL} WSGIDaemonProcess keystone_admin display-name=keystone-admin group=keystone processes=1 threads=12 user=keystone WSGIProcessGroup keystone_admin WSGIScriptAlias / "/var/www/cgi-bin/keystone/keystone-admin" WSGIPassAuthorization On </VirtualHost>
On each controller, create a virtual host configuration file (
10-keystone_wsgi_public.conf
) for the Admin WSGI OpenStack Identity service. Save this file in/etc/httpd/conf.d/
. The contents of the virtual host file should resemble the following:Listen 5000 <VirtualHost *:5000>> DocumentRoot "/var/www/cgi-bin/keystone" <Directory "/var/www/cgi-bin/keystone"> Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted </Directory> ErrorLog "/var/log/httpd/keystone_wsgi_public_error.log" ServerSignature Off CustomLog "/var/log/httpd/keystone_wsgi_public_access.log" combined WSGIApplicationGroup %{GLOBAL} WSGIDaemonProcess keystone_public display-name=keystone-public group=keystone processes=1 threads=12 user=keystone WSGIProcessGroup keystone_public WSGIScriptAlias / "/var/www/cgi-bin/keystone/keystone-public" WSGIPassAuthorization On </VirtualHost>
Restart the
httpd
service. This step varies based on whether you use highly available controller nodes or not.For environments without high availability:
$ sudo systemctl restart httpd
For environments with high availability:
$ sudo pcs resource restart httpd