[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [PATCH] jderose 050 Run ipaserver under mod_wsgi



On Mon, 2010-03-01 at 14:56 -0500, Rob Crittenden wrote:
Jason Gerard DeRose wrote:
> This patch completes the transition to running under mod_wsgi.  It
> requires my previous "049 Consolidate to single WSGI entry point" patch.
> 
> This is pretty strait forward, but a few things need highlighting:
> 
> 1. mod_wsgi requires an entry point script (you can't give it a Python
> package name like we were doing with mod_python).  Based on my reading
> of the Filesystem Hierarchy Standard, it seems this should be in
> share/ipa, so that's what I did.  The script is /usr/share/ipa/wsgi.py
> I was expecting this to cause SELinux problems, but things seem to work
> fine.
> 
> 2. We are running mod_wsgi in daemon mode, which is the preferred way of
> deploying it.  The mod_wsgi daemon has both multi-process and
> multi-threading capabilities.  As we haven't actually used threaded code
> much in IPA thus far (although lite-server.py is threaded), for now I
> have the daemon running 2 processes and 1 thread (aka it's not
> threaded).  For production I think we probably should run something like
> 4 processes and 8 threads per process.  This can be a later change (just
> requires a change in our ipa.conf Apache config file).
> 
> 3. As ipaserver is now running inside the mod_wsgi daemon, we can
> changed from using the Apache "prefork" MPM to using "worker", which is
> far superior for static content.  I haven't changed this yet, but we
> should put this on our TODO.
> 
> I pretty much had this patch all done last Friday, but I've let things
> slow-roast for several days to make sure it's stable.  I feel confident
> that this is a low risk change.  All the same, I think we should get
> this pushed as soon as possible so we can shake out any remaining
> issues.
>

I'm going to go ahead and ack this if you fix one thing before you push.

In ipa.spec.in you need to change:
-%{_usr}/share/ipa/wsgi.py
+%{_usr}/share/ipa/wsgi.py*

pushed to master, along with my 051 patch making the changes you asked for.

I don't think we need the Location entries at the top of ipa.conf 
setting no handler. It worked ok for me without them, the similar 
setting in the Directory should take care of things. More testing is 
probably needed.

In my testing, the Location tag with "Handler none" was the only way I could prevent the WSGI handler from gobbling up these URIs.  I think this is because of the order in which Directory and Location are applied.

This doesn't work on my F-11 box, I think primarily because 
/var/run/httpd/ has the wrong permissions. I'll investigate fixing this 
up but since F-11 won't be supported for a whole lot longer I'm not 
going to worry about this too much. I'll fix this in a follow-up patch.

rob

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]