aboutsummaryrefslogtreecommitdiffstats
path: root/docker/services/keystone.yaml
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-03-16 13:26:25 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-03-27 07:23:28 +0000
commit656828530f331e095ea986cc102d359d6d7f429b (patch)
treec31ac52369721743c8e1a1d990ea4c5cfec82a91 /docker/services/keystone.yaml
parent82db6ab608b29e455fb2036aeb36537148b97cf9 (diff)
docker/keystone: Bind mount entire fernet keys repository
Previously only the first two intial fernet keys were mounted into the container. This is not practical, however, as doing key rotation will generate more entries in this repository. So instead we mount the whole directory, which would allow us to do rotation in the base host and seamlessly affect the container as well. Change-Id: I7763a09e57fe6a7867ffd079ab0b9222374c38c8
Diffstat (limited to 'docker/services/keystone.yaml')
-rw-r--r--docker/services/keystone.yaml15
1 files changed, 5 insertions, 10 deletions
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index b7da3cb..e50315b 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -89,16 +89,6 @@ outputs:
owner: keystone
perm: '0600'
source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1
- - dest: /etc/keystone/fernet-keys/0
- owner: keystone
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/0
- optional: {if: [keystone_fernet_tokens, false, true]}
- - dest: /etc/keystone/fernet-keys/1
- owner: keystone
- perm: '0600'
- source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/1
- optional: {if: [keystone_fernet_tokens, false, true]}
- dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf
owner: root
perm: '0644'
@@ -145,6 +135,11 @@ outputs:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
+ -
+ if:
+ - keystone_fernet_tokens
+ - /var/lib/config-data/keystone/etc/keystone/fernet-keys:/etc/keystone/fernet-keys:ro
+ - ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS