summaryrefslogtreecommitdiffstats
path: root/docker/services
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-04-12 14:18:57 +0000
committerGerrit Code Review <review@openstack.org>2017-04-12 14:18:57 +0000
commit4df0fcdffb42977ccdb61604fdf9c7d8f54bfc45 (patch)
tree10089eb10b8358bd784e4767a9cea52f2c79e365 /docker/services
parent9584d5955c343e471a126ae1a158d2369a491f3f (diff)
parentdd43ba1cf2dc59156684c9598103f898a6f0bb5b (diff)
Merge "Bind mount directories that contain the key/certs for keystone"
Diffstat (limited to 'docker/services')
-rw-r--r--docker/services/keystone.yaml17
1 files changed, 17 insertions, 0 deletions
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 90ddeb9f..526a357b 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -36,6 +36,9 @@ parameters:
default: 'fernet'
constraints:
- allowed_values: ['uuid', 'fernet']
+ EnableInternalTLS:
+ type: boolean
+ default: false
resources:
@@ -46,6 +49,10 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
role_data:
description: Role data for the Keystone API role.
@@ -96,6 +103,16 @@ outputs:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS