fuel-ccp-keystone/service/keystone.yaml

service:
  name: keystone
  ports:
    - {{ keystone.public_port }}
    - {{ keystone.admin_port }}
  containers:
    - name: keystone
      image: keystone
      probes:
        readiness: "true"
        liveness: "true"
      volumes:
        - name: keystone-logs
          path: "/var/log/ccp/keystone"
          type: host
          readOnly: False
      pre:
        - name: chown-logs-dir
          command: "sudo /bin/chown keystone:keystone /var/log/ccp/keystone"
        - name: keystone-db-create
          dependencies:
            - mariadb
          type: single
          command:
            mysql -u root -p{{ db.root_password }} -h {{ address('mariadb') }} -e "create database {{ keystone.db.name }};
            grant all privileges on {{ keystone.db.name }}.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'"
        - name: keystone-db-sync
          files:
            - keystone-conf
          dependencies:
            - keystone-db-create
          type: single
          command: keystone-manage db_sync
        - name: keystone-db-bootstrap
          files:
            - keystone-conf
          dependencies:
            - keystone-db-sync
          type: single
          command: keystone-manage bootstrap
                   --bootstrap-password {{ openstack.user_password }}
                   --bootstrap-username {{ openstack.user_name }}
                   --bootstrap-project-name {{ openstack.project_name }}
                   --bootstrap-role-name {{ openstack.role_name }}
                   --bootstrap-service-name keystone --bootstrap-region-id RegionOne
                   --bootstrap-admin-url http://{{ address('keystone') }}:{{ keystone.admin_port }}
                   --bootstrap-public-url http://{{ address('keystone') }}:{{ keystone.public_port }}
                   --bootstrap-internal-url http://{{ address('keystone') }}:{{ keystone.public_port }}

      daemon:
        dependencies:
          - memcached
        files:
          - keystone-conf
          - wsgi-keystone-conf
          - fernet-key
        command: daemon.sh
      post:
        - name: keystone-create-project
          type: single
          command: openstack project create service
        - name: keystone-create-role-member
          type: single
          command: openstack role create _member_

files:
  keystone-conf:
    path: /etc/keystone/keystone.conf
    content: keystone.conf.j2
  wsgi-keystone-conf:
    path: /etc/apache2/conf-enabled/wsgi-keystone.conf
    content: wsgi-keystone.conf.j2
  fernet-key:
    path: /etc/keystone/fernet-keys/1
    content: fernet-key.j2