From c18b56e7902ff6ac685429375ca1deae1dbcb47e Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Thu, 20 Jul 2017 19:55:04 -0400 Subject: Add keystone cron container to run token_flush The token-flush cron job is created in /var/spool/cron/keystone by puppet. This patch creates a cron container to run that in an environment where it has access to keystone.conf and the keystone-manage binaries. Change-Id: Ie305ee9990657c66938250d1d6e19fef94675997 Partial-bug: 1701254 --- docker/services/keystone.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'docker/services') diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index da04682e..7ecfc329 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -98,6 +98,17 @@ outputs: dest: "/" merge: true preserve_properties: true + /var/lib/kolla/config_files/keystone_cron.json: + command: /usr/sbin/cron -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/keystone + owner: keystone:keystone + recurse: true docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config step_2: @@ -150,6 +161,21 @@ outputs: user: root command: [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + keystone_cron: + start_order: 4 + image: *keystone_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/keystone:/var/log/keystone + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: # Keystone endpoint creation occurs only on single node step_3: -- cgit 1.2.3-korg