如果部署大规模openstack,将nova-api运行在Apache上是个不错的选择。
基础环境:
ubuntu-12.04-server
openstack Grizzly
配置过程:
添加apache配置文件
# vim /etc/apache2/conf.d/nova.conf
WSGIScriptAlias /ec2 /var/www/cgi-bin/nova/ec2
WSGIScriptAlias /metadata /var/www/cgi-bin/nova/metadata
WSGIScriptAlias /osapi_compute /var/www/cgi-bin/nova/osapi_compute
<location ec2"="">
Allow from all
</location>
<location metadata"="">
Allow from all
</location>
<location osapi_compute"="">
Allow from all
</location>
# mkdir -p /var/www/cgi-bin
# vim /var/www/cgi-bin/ec2
import gettext
import logging
import os
from nova import config
from paste import deploy
from oslo.config import cfg
LOG = logging.getLogger(__name__)
import gettext
gettext.install('nova', unicode=1)
CONF = cfg.CONF
config_files = ['/etc/nova/nova.conf', '/etc/nova/api-paste.ini']
CONF(project='nova', default_config_files=config_files)
conf = CONF.config_file[1]
name = os.path.basename(__file__)
CONF.log_opt_values(logging.getLogger(CONF.prog), logging.DEBUG)
options = deploy.appconfig('config:%s' % CONF.config_file[1], name=name)
application = deploy.loadapp('config:%s' % conf, name=name)
# cp /var/www/cgi-bin/ec2 /var/www/cgi-bin/metadata
# cp /var/www/cgi-bin/ec2 /var/www/cgi-bin/osapi_compute
确保apache有权限访问/etc/nova
# chmod 777 -R /etc/nova
确保apache有权限访问keystone-signing目录
如果/etc/nova/api-paste.ini配置了
signing_dir = /tmp/keystone-signing-nova
执行:
# chown www-data:www-data /tmp/keystone-signing-nova
如果没有配置:
# mkdir /var/www/keystone-signing
# chown www-data:www-data /var/www/keystone-signing/
重启apach2
# service apache2 restart
测试配置:
# curl http://127.0.0.1/metadata
返回正确则说明配置成功
http://127.0.0.1/osapi_compute 对应原来的 http://127.0.0.1:8774
http://127.0.0.1/ec2 对应原来的 http://127.0.0.1:8773
http://127.0.0.1/metadata 对应原来的 http://127.0.0.1:8775