[Freeipa-devel] [PATCH] jderose 050 Run ipaserver under mod_wsgi
Jason Gerard DeRose
jderose at redhat.com
Wed Feb 24 21:17:18 UTC 2010
This patch completes the transition to running under mod_wsgi. It
requires my previous "049 Consolidate to single WSGI entry point" patch.
This is pretty strait forward, but a few things need highlighting:
1. mod_wsgi requires an entry point script (you can't give it a Python
package name like we were doing with mod_python). Based on my reading
of the Filesystem Hierarchy Standard, it seems this should be in
share/ipa, so that's what I did. The script is /usr/share/ipa/wsgi.py
I was expecting this to cause SELinux problems, but things seem to work
fine.
2. We are running mod_wsgi in daemon mode, which is the preferred way of
deploying it. The mod_wsgi daemon has both multi-process and
multi-threading capabilities. As we haven't actually used threaded code
much in IPA thus far (although lite-server.py is threaded), for now I
have the daemon running 2 processes and 1 thread (aka it's not
threaded). For production I think we probably should run something like
4 processes and 8 threads per process. This can be a later change (just
requires a change in our ipa.conf Apache config file).
3. As ipaserver is now running inside the mod_wsgi daemon, we can
changed from using the Apache "prefork" MPM to using "worker", which is
far superior for static content. I haven't changed this yet, but we
should put this on our TODO.
I pretty much had this patch all done last Friday, but I've let things
slow-roast for several days to make sure it's stable. I feel confident
that this is a low risk change. All the same, I think we should get
this pushed as soon as possible so we can shake out any remaining
issues.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jderose-050-Run-ipaserver-under-mod_wsgi.patch
Type: text/x-patch
Size: 12529 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100224/8d37bb77/attachment.bin>
More information about the Freeipa-devel
mailing list