kolla-ansible/docker/keystone/Dockerfile.j2
SamYaple 8ef7434770 Fix keystone initial auth mechanism
A recent change in keystone [1] has deprecated the token auth
mechanism that we used. We reintroduce it temporarily while a more
permanant solution is worked on.

[1] 5286b4a297

Change-Id: I4d585733a9abd201c1b0680e6196dd2a36db3c7e
Closes-Bug: #1545292
2016-02-14 08:59:13 -07:00

76 lines
2.7 KiB
Django/Jinja

FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }}
MAINTAINER {{ maintainer }}
{% if install_type == 'binary' %}
{% if base_distro in ['fedora', 'centos', 'oraclelinux', 'rhel'] %}
RUN yum -y install openstack-keystone \
python-keystoneclient \
httpd \
mod_wsgi \
&& yum clean all
RUN mkdir -p /var/www/cgi-bin/keystone \
&& cp -a /usr/share/keystone/keystone-dist-paste.ini /etc/keystone/keystone-paste.ini \
&& cp -a /usr/share/keystone/keystone.wsgi /var/www/cgi-bin/keystone/main \
&& cp -a /usr/share/keystone/keystone.wsgi /var/www/cgi-bin/keystone/admin \
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
{% elif base_distro in ['ubuntu'] %}
RUN apt-get install -y --no-install-recommends \
keystone \
apache2 \
libapache2-mod-wsgi \
&& apt-get clean
RUN mkdir -p /var/www/cgi-bin/keystone \
&& cp -a /usr/share/keystone/wsgi.py /var/www/cgi-bin/keystone/main \
&& cp -a /usr/share/keystone/wsgi.py /var/www/cgi-bin/keystone/admin \
&& echo > /etc/apache2/ports.conf
{% endif %}
{% elif install_type == 'source' %}
{% if base_distro in ['fedora', 'centos', 'oraclelinux', 'rhel'] %}
RUN yum -y install \
httpd \
mod_wsgi \
&& yum clean all \
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
{% elif base_distro in ['ubuntu', 'debian'] %}
RUN apt-get install -y --no-install-recommends \
apache2 \
libapache2-mod-wsgi \
&& echo > /etc/apache2/ports.conf \
&& apt-get clean
{% endif %}
ADD keystone-archive /keystone-source
RUN ln -s keystone-source/* keystone \
&& useradd --user-group keystone \
&& /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /keystone \
&& mkdir -p /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
&& cp -r /keystone/etc/* /etc/keystone/ \
&& cp /keystone/httpd/keystone.py /var/www/cgi-bin/keystone/admin \
&& cp /keystone/httpd/keystone.py /var/www/cgi-bin/keystone/main \
&& chown -R keystone: /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone
{% endif %}
# NOTE(SamYaple): This is to reintroduce a deprecated option as a quick-fix
# until the correct new procedure is implemented.
# TODO(SamYaple): Replace this with `keystone-manage bootstrap`
RUN sed -i 's|token_auth json_body|token_auth admin_token_auth json_body|g' /etc/keystone/keystone-paste.ini
RUN chown -R keystone: /var/www/cgi-bin/keystone \
&& chmod 755 /var/www/cgi-bin/keystone/*
COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start
{{ include_footer }}