From a9333d0b80e5a10c269f6649f596cd93c522f2d9 Mon Sep 17 00:00:00 2001 From: Alyson Deives Pereira Date: Thu, 1 May 2025 18:55:33 -0300 Subject: [PATCH] Launch barbican-api with systemd-run instead of start-stop-daemon Change barbican-api to be launched by sm.service using systemd-run instead of start-stop-daemon. This will enable barbican-api to be launched as a transient systemd unit under system.slice instead of a subprocess of sm.service. Moreover, it will enable a better visualization and monitoring of cpu consumption via /var/log/collectd.log. The service unit is defined as openstack-barbican-api.service to not conflict with 'barbican-api' name already present on /lib/systemd/system/barbican-api.service which is used during bootstrap process. Test-Plan (AIO-SX/AIO-DX): PASS: build-pkgs PASS: Install ISO and bootstrap PASS: systemd-cgls show openstack-barbican-api.service under system.slice PASS: /var/log/collectd.log shows cpu consumption for openstack-barbican-api service Test-Plan (AIO-DX): PASS: Perform host-swact and check: - no alarms in command - no unexpected logs in sm-customer.log and sm.log Story: 2011377 Task: 52093 Change-Id: I2394948ba667328d39214dd4addac98aa731d53b Signed-off-by: Alyson Deives Pereira --- stx-ocf-scripts/src/ocf/barbican-api | 32 +++++++++++++++++----------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/stx-ocf-scripts/src/ocf/barbican-api b/stx-ocf-scripts/src/ocf/barbican-api index 0ff3c759..ce53f895 100644 --- a/stx-ocf-scripts/src/ocf/barbican-api +++ b/stx-ocf-scripts/src/ocf/barbican-api @@ -10,7 +10,7 @@ # Support: openstack@lists.launchpad.net # License: Apache Software License (ASL) 2.0 # -# Copyright (c) 2018 Wind River Systems, Inc. +# Copyright (c) 2018-2019,2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -47,6 +47,10 @@ OCF_RESKEY_server_port_default="9311" : ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}} : ${OCF_RESKEY_server_port=${OCF_RESKEY_server_port_default}} +SERVICE="openstack-barbican-api.service" +SERVICE_CPUSHARES=512 +SERVICE_DESC="OpenStack Key Management API Service (barbican-api)" + ####################################################################### usage() { @@ -184,17 +188,14 @@ barbican_api_validate() { } barbican_api_status() { - local pid local rc if [ ! -f $OCF_RESKEY_pid ]; then ocf_log info "OpenStack Key Management API (barbican-api) is not running" return $OCF_NOT_RUNNING - else - pid=`cat $OCF_RESKEY_pid` fi - ocf_run -warn kill -s 0 $pid + systemctl is-active --quiet $SERVICE rc=$? if [ $rc -eq 0 ]; then return $OCF_SUCCESS @@ -247,8 +248,17 @@ barbican_api_start() { su ${OCF_RESKEY_user} mkdir -p /run/barbican chown barbican:barbican /run/barbican - /bin/python /usr/bin/gunicorn --pid $OCF_RESKEY_pid --config /etc/barbican/gunicorn-config.py \ - --paste /etc/barbican/barbican-api-paste.ini >> /var/log/barbican/barbican-api.log 2>&1 & + systemd-run --collect --unit=${SERVICE} --slice-inherit \ + -p CPUShares=${SERVICE_CPUSHARES} \ + -p Description="${SERVICE_DESC}" \ + -p PIDFile=${OCF_RESKEY_pid} \ + -p User=barbican -p Group=barbican \ + -p RuntimeDirectory=barbican -p RuntimeDirectoryMode=770 \ + -p StandardError=file:/var/log/barbican/barbican-api.log \ + -p StandardOutput=file:/var/log/barbican/barbican-api.log \ + /usr/bin/gunicorn --pid $OCF_RESKEY_pid --config /etc/barbican/gunicorn-config.py \ + --paste /etc/barbican/barbican-api-paste.ini + # Restrict access to logfile chmod 640 /var/log/barbican/barbican-api.log @@ -283,7 +293,6 @@ barbican_api_confirm_stop() { barbican_api_stop() { local rc - local pid barbican_api_status rc=$? @@ -293,9 +302,8 @@ barbican_api_stop() { return $OCF_SUCCESS fi - # Try SIGTERM - pid=`cat $OCF_RESKEY_pid` - ocf_run kill -s TERM $pid + # Try systemctl stop + systemctl stop $SERVICE rc=$? if [ $rc -ne 0 ]; then ocf_log err "OpenStack Key Management API (barbican-api) couldn't be stopped" @@ -327,7 +335,7 @@ barbican_api_stop() { # SIGTERM didn't help either, try SIGKILL ocf_log info "OpenStack Key Management API (barbican-api) failed to stop after \ ${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..." - ocf_run kill -s KILL $pid + systemctl kill --signal=SIGKILL $SERVICE fi barbican_api_confirm_stop