[keystone] Use keystone native wsgi script

Change-Id: I6c18c67c2a3d868352a5a80aac2ab99dcfd09c8f
Signed-off-by: Vladimir Kozhukalov <kozhukalov@gmail.com>

keystone/templates/bin/_keystone-api.sh.tpl

@@ -22,15 +22,13 @@ function start () {
 
   for KEYSTONE_WSGI_SCRIPT in keystone-wsgi-public; do
     script_path="$(type -p ${KEYSTONE_WSGI_SCRIPT} || true)"
-    if [[ -n "$script_path" ]]; then
-        cp -a "$script_path" /var/www/cgi-bin/keystone/
+    if [[ -z "$script_path" ]]; then
+        # In 2025.2 the keystone-wsgi-public script was removed.
+        script_path=$(python3 -c "import sysconfig; print(sysconfig.get_paths()['purelib'])")/keystone/wsgi/api.py
     fi
+    cp -a "$script_path" /var/www/cgi-bin/keystone/wsgi.py
   done
 
-  # In 2025.2 the keystone-wsgi-public script was removed.
-  # We have to use the wsgi module directly.
-  cp -a /tmp/wsgi.py /var/www/cgi-bin/keystone/
-
   {{- if .Values.conf.software.apache2.a2enmod }}
     {{- range .Values.conf.software.apache2.a2enmod }}
   a2enmod {{ . }}

keystone/templates/bin/_wsgi.py.tpl

@@ -1,5 +0,0 @@
-#!/var/lib/openstack/bin/python3
-
-from keystone.server.wsgi import initialize_public_application
-
-application = initialize_public_application()

keystone/templates/configmap-bin.yaml

@@ -43,8 +43,6 @@ data:
 {{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
   keystone-api.sh: |
 {{ tuple "bin/_keystone-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  wsgi.py: |
-{{ tuple "bin/_wsgi.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   endpoint-update.py: |
 {{ tuple "bin/_endpoint-update.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   fernet-manage.py: |

keystone/templates/deployment-api.yaml

@@ -141,10 +141,6 @@ spec:
               mountPath: /tmp/keystone-api.sh
               subPath: keystone-api.sh
               readOnly: true
-            - name: keystone-bin
-              mountPath: /tmp/wsgi.py
-              subPath: wsgi.py
-              readOnly: true
 {{- if .Values.endpoints.ldap.auth.client.tls.ca }}
             - name: keystone-ldap-tls
               mountPath: /etc/keystone/ldap/tls.ca

releasenotes/notes/keystone-dab27a4eeaab96d1.yaml

@@ -0,0 +1,7 @@
+---
+keystone:
+  - |
+    Use Keystone native wsgi script keystone/wsgi/api.py
+    instead of the wsgi wrapper script provided by the
+    keystone chart.
+...

values_overrides/keystone/2024.1-ubuntu_jammy.yaml

@@ -13,6 +13,4 @@ images:
     keystone_fernet_rotate: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
     keystone_fernet_setup: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
     ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
-conf:
-  wsgi_script_name: keystone-wsgi-public
 ...

values_overrides/keystone/2024.2-ubuntu_jammy.yaml

@@ -13,6 +13,4 @@ images:
     keystone_fernet_rotate: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
     keystone_fernet_setup: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
     ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-conf:
-  wsgi_script_name: keystone-wsgi-public
 ...

values_overrides/keystone/2025.1-ubuntu_jammy.yaml

@@ -13,6 +13,4 @@ images:
     keystone_fernet_rotate: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
     keystone_fernet_setup: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
     ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
-conf:
-  wsgi_script_name: keystone-wsgi-public
 ...

values_overrides/keystone/2025.1-ubuntu_noble.yaml

@@ -13,6 +13,4 @@ images:
     keystone_fernet_rotate: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
     keystone_fernet_setup: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
     ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
-conf:
-  wsgi_script_name: keystone-wsgi-public
 ...