c9a4b36e52
* keystone_enable_federation_openid * enable_keystone_federation Closes-Bug: #2036390 Change-Id: Ieef1dce006c339643ad4fa544218c6482c2ad32c
104 lines
3.7 KiB
Django/Jinja
104 lines
3.7 KiB
Django/Jinja
{% set keystone_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
|
|
{% set apache_user = 'www-data' if kolla_base_distro in ['ubuntu', 'debian'] else 'apache' %}
|
|
{
|
|
"command": "/usr/bin/keystone-startup.sh",
|
|
"config_files": [
|
|
{
|
|
"source": "{{ container_config_directory }}/keystone-startup.sh",
|
|
"dest": "/usr/bin/keystone-startup.sh",
|
|
"owner": "root",
|
|
"perm": "0755"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/keystone.conf",
|
|
"dest": "/etc/keystone/keystone.conf",
|
|
"owner": "keystone",
|
|
"perm": "0600"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/keystone-paste.ini",
|
|
"dest": "/etc/keystone/keystone-paste.ini",
|
|
"owner": "keystone",
|
|
"perm": "0600",
|
|
"optional": true
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/domains",
|
|
"dest": "/etc/keystone/domains",
|
|
"owner": "keystone",
|
|
"perm": "0600",
|
|
"optional": true
|
|
}{% if keystone_policy_file is defined %},
|
|
{
|
|
"source": "{{ container_config_directory }}/{{ keystone_policy_file }}",
|
|
"dest": "/etc/keystone/{{ keystone_policy_file }}",
|
|
"owner": "keystone",
|
|
"perm": "0600"
|
|
}{% endif %},
|
|
{
|
|
"source": "{{ container_config_directory }}/wsgi-keystone.conf",
|
|
"dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
|
|
"owner": "keystone",
|
|
"perm": "0600"
|
|
}{% if keystone_enable_tls_backend | bool %},
|
|
{
|
|
"source": "{{ container_config_directory }}/keystone-cert.pem",
|
|
"dest": "/etc/keystone/certs/keystone-cert.pem",
|
|
"owner": "keystone",
|
|
"perm": "0600"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/keystone-key.pem",
|
|
"dest": "/etc/keystone/certs/keystone-key.pem",
|
|
"owner": "keystone",
|
|
"perm": "0600"
|
|
}{% endif %}
|
|
{% if keystone_enable_federation_openid | bool %},
|
|
{
|
|
"source": "{{ container_config_directory }}/federation/oidc/metadata",
|
|
"dest": "{{ keystone_container_federation_oidc_metadata_folder }}",
|
|
"owner": "{{ apache_user }}:{{ apache_user }}",
|
|
"perm": "0600",
|
|
"merge": true
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/federation/oidc/cert",
|
|
"dest": "{{ keystone_container_federation_oidc_idp_certificate_folder }}",
|
|
"owner": "{{ apache_user }}:{{ apache_user }}",
|
|
"perm": "0600",
|
|
"merge": true
|
|
}
|
|
{% endif %}
|
|
],
|
|
"permissions": [
|
|
{
|
|
"path": "/var/log/kolla",
|
|
"owner": "keystone:kolla"
|
|
},
|
|
{
|
|
"path": "/var/log/kolla/keystone/keystone.log",
|
|
"owner": "keystone:keystone"
|
|
},{% if keystone_enable_federation_openid | bool %}
|
|
{
|
|
"path": "{{ keystone_container_federation_oidc_metadata_folder }}",
|
|
"owner": "{{ apache_user }}:{{ apache_user }}",
|
|
"perm": "0700"
|
|
},
|
|
{
|
|
"path": "{{ keystone_container_federation_oidc_idp_certificate_folder }}",
|
|
"owner": "{{ apache_user }}:{{ apache_user }}",
|
|
"perm": "0700"
|
|
},{% endif %}
|
|
{
|
|
"path": "/etc/keystone/fernet-keys",
|
|
"owner": "keystone:keystone",
|
|
"perm": "0770"
|
|
},
|
|
{
|
|
"path": "/etc/keystone/domains",
|
|
"owner": "keystone:keystone",
|
|
"perm": "0700"
|
|
}
|
|
]
|
|
}
|