summaryrefslogtreecommitdiffstats
path: root/doc/markdown/apache-deploy.md
blob: 3da21922ecf83429cf34488ba278086547204072 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
## Deploying Apache as front end for Openstack Swift in Fedora/RHEL

NOTE: This guide is for manual deployment. A shell script to automate the following
is present in extras/apache-deploy.

### Architecture
Swift can be configured to work both using an integral web front-end and
using a full-fledged Web Server such as the Apache2 (HTTPD) web server. The
integral web front-end is a wsgi mini "Web Server" which opens up its own
socket and serves http requests directly. The incoming requests accepted
by the integral web front-end are then forwarded to a wsgi application
(the core swift) for further handling, possibly via wsgi middleware
sub-components.

    client<-->'integral web front-end'<-->middleware<-->'core swift'

To gain full advantage of Apache2, Swift can alternatively be configured to
work as a request processor of the Apache2 server. This alternative deployment
scenario uses mod_wsgi of Apache2 to forward requests to the swift wsgi
application and middleware.

    client<-->'Apache2 with mod_wsgi'<-->middleware<-->'core swift'

The integral web front-end offers simplicity and requires minimal config.
It is also the web front-end most commonly used with Swift. Additionally, the
integral web front-end includes support for receiving chunked transfer
encoding from a client, presently not supported by Apache2 in the operation
mode described here.

### Steps

Installing Apache with mod_wsgi module:

    yum install httpd mod_wsgi

Create a directory for Apache wsgi files:

    mkdir /var/www/swift

Create a wsgi file for each service under /var/www/swift

#### /var/www/swift/proxy-server.wsgi
    from swift.common.wsgi import init_request_processor
    application, conf, logger, log_name = \
        init_request_processor('/etc/swift/proxy-server.conf','proxy-server')

#### /var/www/swift/account-server.wsgi
    from swift.common.wsgi import init_request_processor
    application, conf, logger, log_name = \
        init_request_processor('/etc/swift/account-server.conf','account-server')

#### /var/www/swift/container-server.wsgi
    from swift.common.wsgi import init_request_processor
    application, conf, logger, log_name = \
        init_request_processor('/etc/swift/container-server.conf','container-server')

#### /var/www/swift/object-server.wsgi
    from swift.common.wsgi import init_request_processor
    application, conf, logger, log_name = \
        init_request_processor('/etc/swift/object-server.conf','object-server')


Create */etc/httpd/conf.d/swift_wsgi.conf* configuration file that will define
port and Virtual Host per each local service.

    WSGISocketPrefix /var/run/wsgi
    
    #Proxy Service
    Listen 8080
    <VirtualHost *:8080>
        ServerName proxy-server
        LimitRequestBody 5368709122
        WSGIDaemonProcess proxy-server processes=5 threads=1 user=swift
        WSGIProcessGroup proxy-server
        WSGIScriptAlias / /var/www/swift/proxy-server.wsgi
        LimitRequestFields 200
        ErrorLog /var/log/httpd/proxy-server.log
        LogLevel debug
        CustomLog /var/log/httpd/proxy.log combined
    </VirtualHost>
    
    #Object Service
    Listen 6010
    <VirtualHost *:6010>
        ServerName object-server
        WSGIDaemonProcess object-server processes=5 threads=1 user=swift
        WSGIProcessGroup object-server
        WSGIScriptAlias / /var/www/swift/object-server.wsgi
        LimitRequestFields 200
        ErrorLog /var/log/httpd/object-server.log
        LogLevel debug
        CustomLog /var/log/httpd/access.log combined
    </VirtualHost>
    
    #Container Service
    Listen 6011
    <VirtualHost *:6011>
        ServerName container-server
        WSGIDaemonProcess container-server processes=5 threads=1 user=swift
        WSGIProcessGroup container-server
        WSGIScriptAlias / /var/www/swift/container-server.wsgi
        LimitRequestFields 200
        ErrorLog /var/log/httpd/container-server.log
        LogLevel debug
        CustomLog /var/log/httpd/access.log combined
    </VirtualHost>
    
    #Account Service
    Listen 6012
    <VirtualHost *:6012>
        ServerName account-server
        WSGIDaemonProcess account-server processes=5 threads=1 user=swift
        WSGIProcessGroup account-server
        WSGIScriptAlias / /var/www/swift/account-server.wsgi
        LimitRequestFields 200
        ErrorLog /var/log/httpd/account-server.log
        LogLevel debug
        CustomLog /var/log/httpd/access.log combined
    </VirtualHost>

(Re)Start Apache server:

    service httpd stop
    service httpd start

### Troubleshooting

* Make sure you have set SElinux to Permissive or Disabled by editing
  */etc/sysconfig/selinux*. You will need to reboot your system for the
  changed value to take effect. On restart, you can confirm this by running:

        getenforce

* Make sure conf files in /etc/swift are accessible by swift user:

        chown swift:swift /etc/swift/*

* Make sure the directory */var/lib/swift* exists should you see the following
  error in /var/log/httpd/error_log

        [Fri Oct 20 02:05:25.617290 2013] [:alert] [pid 3491] (2)No such file or
        directory: mod_wsgi (pid=3491): Unable to change working directory to
        '/var/lib/swift'

* Make sure the port numbers in */etc/httpd/conf.d/swift_wsgi.conf* and
  */etc/swift/*conf* files are same.

* For errors in logs like the following:

        13)Permission denied: mod_wsgi (pid=26962): Unable to connect to WSGI
        daemon process '<process-name>' on '/etc/httpd/logs/wsgi.26957.0.1.sock'
        after multiple attempts.

  Refer: https://code.google.com/p/modwsgi/wiki/ConfigurationIssues#Location_Of_UNIX_Sockets

* If your swift deployment uses some authentication mechanism that uses
  HTTP_AUTHORIZATION variable, you need to turn on WSGIPassAuthorization as
  described here:

  https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization

#### Issue with gluster-swift
Unlike vanilla swift that runs as *swift* user, gluster-swift runs all four
swift servers as *root* user.

But mod_wsgi does not allow invoking wsgi applications as root:
https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIDaemonProcess

A workaround is to mount gluster volume as root beforehand:

    mount -t glusterfs localhost:myvolume /mnt/gluster-object/myvolume


### More information

* There is a Ubuntu specific guide to deploy Apache with Openstack Swift here:
  http://docs.openstack.org/developer/swift/apache_deployment_guide.html

* Example apache configuration from swift source can be found here:
  https://github.com/openstack/swift/tree/master/examples