[Freeipa-devel] [PATCH] jderose 050 Run ipaserver under mod_wsgi

[Jason Gerard DeRose]

This patch completes the transition to running under mod_wsgi.  It
requires my previous "049 Consolidate to single WSGI entry point" patch.

This is pretty strait forward, but a few things need highlighting:

1. mod_wsgi requires an entry point script (you can't give it a Python
package name like we were doing with mod_python).  Based on my reading
of the Filesystem Hierarchy Standard, it seems this should be in
share/ipa, so that's what I did.  The script is /usr/share/ipa/wsgi.py
I was expecting this to cause SELinux problems, but things seem to work
fine.

2. We are running mod_wsgi in daemon mode, which is the preferred way of
deploying it.  The mod_wsgi daemon has both multi-process and
multi-threading capabilities.  As we haven't actually used threaded code
much in IPA thus far (although lite-server.py is threaded), for now I
have the daemon running 2 processes and 1 thread (aka it's not
threaded).  For production I think we probably should run something like
4 processes and 8 threads per process.  This can be a later change (just
requires a change in our ipa.conf Apache config file).

3. As ipaserver is now running inside the mod_wsgi daemon, we can
changed from using the Apache "prefork" MPM to using "worker", which is
far superior for static content.  I haven't changed this yet, but we
should put this on our TODO.

I pretty much had this patch all done last Friday, but I've let things
slow-roast for several days to make sure it's stable.  I feel confident
that this is a low risk change.  All the same, I think we should get
this pushed as soon as possible so we can shake out any remaining
issues.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jderose-050-Run-ipaserver-under-mod_wsgi.patch
Type: text/x-patch
Size: 12529 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100224/8d37bb77/attachment.bin>