Browse Source

Remove kolla_config copy from keystone service.

Simplify the config of the keystone service by mounting in the
configurations instead of specifying them all in kolla config.

This is change is useful to limit the side effects of generating the
config files and running the container is two separate steps as config
directories are now bind-mounted inside the container instead of having
files being copied to the container. We've seen examples of Apache's
mod_ssl configuration file present on the container preventing it to
start when puppet configured apache not to load the ssl module (in case
TLS is disabled).

Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Ie33ffc7c2b1acf3e4e505d38efb104bf013f2ce6
changes/76/447676/4
Ian Main 5 years ago committed by Martin André
parent
commit
332e8ec103
  1. 50
      docker/services/keystone.yaml

50
docker/services/keystone.yaml

@ -46,9 +46,6 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
conditions:
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
outputs:
role_data:
description: Role data for the Keystone API role.
@ -76,43 +73,6 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/keystone.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- dest: /etc/keystone/keystone.conf
owner: keystone
perm: '0640'
source: /var/lib/kolla/config_files/src/etc/keystone/keystone.conf
- dest: /etc/keystone/credential-keys/0
owner: keystone
perm: '0600'
source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/0
- dest: /etc/keystone/credential-keys/1
owner: keystone
perm: '0600'
source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1
- dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf
owner: root
perm: '0644'
source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_admin.conf
- dest: /etc/httpd/conf.d/10-keystone_wsgi_main.conf
owner: root
perm: '0644'
source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_main.conf
- dest: /etc/httpd/conf/httpd.conf
owner: root
perm: '0644'
source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
- dest: /etc/httpd/conf/ports.conf
owner: root
perm: '0644'
source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
- dest: /var/www/cgi-bin/keystone/keystone-admin
owner: keystone
perm: '0644'
source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-admin
- dest: /var/www/cgi-bin/keystone/keystone-public
owner: keystone
perm: '0644'
source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-public
docker_config:
step_3:
keystone-init-log:
@ -130,16 +90,12 @@ outputs:
detach: false
volumes: &keystone_volumes
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/keystone/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/keystone/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
- /var/lib/config-data/keystone/var/www/:/var/www/:ro
- /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
- /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
-
if:
- keystone_fernet_tokens
- /var/lib/config-data/keystone/etc/keystone/fernet-keys:/etc/keystone/fernet-keys:ro
- ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS

Loading…
Cancel
Save