1 files changed, 32 insertions, 9 deletions

diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 0597b906..e7717ab0 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -36,9 +36,15 @@ parameters:
     default: 'fernet'
     constraints:
       - allowed_values: ['uuid', 'fernet']
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 resources:
 
+  ContainersCommon:
+    type: ./containers-common.yaml
+
   KeystoneBase:
     type: ../../puppet/services/keystone.yaml
     properties:
@@ -46,6 +52,10 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
 
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
 outputs:
   role_data:
     description: Role data for the Keystone API role.
@@ -71,8 +81,8 @@ outputs:
             - '/'
             - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
       kolla_config:
-         /var/lib/kolla/config_files/keystone.json:
-           command: /usr/sbin/httpd -DFOREGROUND
+        /var/lib/kolla/config_files/keystone.json:
+          command: /usr/sbin/httpd -DFOREGROUND
       docker_config:
         step_3:
           keystone-init-log:
@@ -89,13 +99,26 @@ outputs:
             privileged: false
             detach: false
             volumes: &keystone_volumes
-              - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
-              - /var/lib/config-data/keystone/var/www/:/var/www/:ro
-              - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
-              - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
-              - /etc/hosts:/etc/hosts:ro
-              - /etc/localtime:/etc/localtime:ro
-              - logs:/var/log
+              yaql:
+                expression: $.data.common.concat($.data.service)
+                data:
+                  common: {get_attr: [ContainersCommon, volumes]}
+                  service:
+                    - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
+                    - /var/lib/config-data/keystone/var/www/:/var/www/:ro
+                    - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
+                    - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+                    - logs:/var/log
+                    -
+                      if:
+                        - internal_tls_enabled
+                        - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                        - ''
+                    -
+                      if:
+                        - internal_tls_enabled
+                        - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                        - ''
             environment:
               - KOLLA_BOOTSTRAP=True
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS