aboutsummaryrefslogtreecommitdiffstats
path: root/docker/services/keystone.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'docker/services/keystone.yaml')
-rw-r--r--docker/services/keystone.yaml62
1 files changed, 38 insertions, 24 deletions
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index e7717ab0..ca643749 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
description: >
OpenStack containerized Keystone service
@@ -26,6 +26,14 @@ parameters:
DefaultPasswords:
default: {}
type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
@@ -51,6 +59,8 @@ resources:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
conditions:
@@ -84,14 +94,15 @@ outputs:
/var/lib/kolla/config_files/keystone.json:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
+ # Kolla_bootstrap/db sync runs before permissions set by kolla_config
step_3:
- keystone-init-log:
+ keystone_init_log:
start_order: 0
image: *keystone_image
user: root
- command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/keystone && chown keystone:keystone /var/log/keystone']
+ command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone']
volumes:
- - logs:/var/log
+ - /var/log/containers/keystone:/var/log/keystone
keystone_db_sync:
start_order: 1
image: *keystone_image
@@ -99,26 +110,24 @@ outputs:
privileged: false
detach: false
volumes: &keystone_volumes
- yaql:
- expression: $.data.common.concat($.data.service)
- data:
- common: {get_attr: [ContainersCommon, volumes]}
- service:
- - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/keystone/var/www/:/var/www/:ro
- - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
- - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
- - logs:/var/log
- -
- if:
- - internal_tls_enabled
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- - ''
- -
- if:
- - internal_tls_enabled
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- - ''
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/keystone/var/www/:/var/www/:ro
+ - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
+ - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+ - /var/log/containers/keystone:/var/log/keystone
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -143,6 +152,11 @@ outputs:
puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
step_config: 'include ::tripleo::profile::base::keystone'
config_image: *keystone_image
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/keystone
+ state: directory
upgrade_tasks:
- name: Stop and disable keystone service (running under httpd)
tags: step2