openstack/tripleo-heat-templates
Code Issues Proposed changes
5fb637c611
tripleo-heat-templates/docker/services/keystone.yaml
Martin André 91e7a548cb Remove kolla_config copy from services 
Simplify the config of the containerized services by bind mounting in
the configurations instead of specifying them all in kolla config.

This is change is useful to limit the side effects of generating the
config files and running the container is two separate steps as config
directories are now bind-mounted inside the container instead of having
files being copied to the container. We've seen examples of Apache's
mod_ssl configuration file present on the container preventing it to
start when puppet configured apache not to load the ssl module (in case
TLS is disabled).

Co-Authored-By: Ian Main <imain@redhat.com>
Change-Id: I4ec5dd8b360faea71a044894a61790997f54d48a
2017-04-03 18:24:49 +02:00

129 lines
4.7 KiB
YAML
Raw Blame History

heat_template_version: ocata
description: >
OpenStack containerized Keystone service
parameters:
DockerNamespace:
description: namespace
default: 'tripleoupstream'
type: string
DockerKeystoneImage:
description: image
default: 'centos-binary-keystone:latest'
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
KeystoneTokenProvider:
description: The keystone token format
type: string
default: 'fernet'
constraints:
- allowed_values: ['uuid', 'fernet']
resources:
KeystoneBase:
type: ../../puppet/services/keystone.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
description: Role data for the Keystone API role.
value:
service_name: {get_attr: [KeystoneBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [KeystoneBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
list_join:
- "\n"
- - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }"
- {get_attr: [KeystoneBase, role_data, step_config]}
service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: keystone
puppet_tags: keystone_config
step_config: *step_config
config_image: &keystone_image
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
kolla_config:
/var/lib/kolla/config_files/keystone.json:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
step_3:
keystone-init-log:
start_order: 0
image: *keystone_image
user: root
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/keystone && chown keystone:keystone /var/log/keystone']
volumes:
- logs:/var/log
keystone_db_sync:
start_order: 1
image: *keystone_image
net: host
privileged: false
detach: false
volumes: &keystone_volumes
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/keystone/var/www/:/var/www/:ro
- /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
- /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
keystone:
start_order: 1
image: *keystone_image
net: host
privileged: false
restart: always
volumes: *keystone_volumes
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
keystone_bootstrap:
start_order: 2
action: exec
command:
[ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
docker_puppet_tasks:
# Keystone endpoint creation occurs only on single node
step_3:
config_volume: 'keystone_init_tasks'
puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
step_config: 'include ::tripleo::profile::base::keystone'
config_image: *keystone_image
upgrade_tasks:
- name: Stop and disable keystone service (running under httpd)
tags: step2
service: name=httpd state=stopped enabled=no
metadata_settings:
get_attr: [KeystoneBase, role_data, metadata_settings]
View Git Blame Copy Permalink