docker/services/keystone.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack containerized Keystone service
   5
   6 parameters:
   7   DockerNamespace:
   8     description: namespace
   9     default: 'tripleoupstream'
  10     type: string
  11   DockerKeystoneImage:
  12     description: image
  13     default: 'centos-binary-keystone:latest'
  14     type: string
  15   EndpointMap:
  16     default: {}
  17     description: Mapping of service endpoint -> protocol. Typically set
  18                  via parameter_defaults in the resource registry.
  19     type: json
  20   ServiceNetMap:
  21     default: {}
  22     description: Mapping of service_name -> network name. Typically set
  23                  via parameter_defaults in the resource registry.  This
  24                  mapping overrides those in ServiceNetMapDefaults.
  25     type: json
  26   DefaultPasswords:
  27     default: {}
  28     type: json
  29   RoleName:
  30     default: ''
  31     description: Role name on which the service is applied
  32     type: string
  33   RoleParameters:
  34     default: {}
  35     description: Parameters specific to the role
  36     type: json
  37   AdminPassword:
  38     description: The password for the keystone admin account, used for monitoring, querying neutron etc.
  39     type: string
  40     hidden: true
  41   KeystoneTokenProvider:
  42     description: The keystone token format
  43     type: string
  44     default: 'fernet'
  45     constraints:
  46       - allowed_values: ['uuid', 'fernet']
  47   EnableInternalTLS:
  48     type: boolean
  49     default: false
  50
  51 resources:
  52
  53   ContainersCommon:
  54     type: ./containers-common.yaml
  55
  56   KeystoneBase:
  57     type: ../../puppet/services/keystone.yaml
  58     properties:
  59       EndpointMap: {get_param: EndpointMap}
  60       ServiceNetMap: {get_param: ServiceNetMap}
  61       DefaultPasswords: {get_param: DefaultPasswords}
  62       RoleName: {get_param: RoleName}
  63       RoleParameters: {get_param: RoleParameters}
  64
  65 conditions:
  66
  67   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  68
  69 outputs:
  70   role_data:
  71     description: Role data for the Keystone API role.
  72     value:
  73       service_name: {get_attr: [KeystoneBase, role_data, service_name]}
  74       config_settings:
  75         map_merge:
  76           - get_attr: [KeystoneBase, role_data, config_settings]
  77           - apache::default_vhost: false
  78       step_config: &step_config
  79         list_join:
  80           - "\n"
  81           - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }"
  82             - {get_attr: [KeystoneBase, role_data, step_config]}
  83       service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]}
  84       # BEGIN DOCKER SETTINGS
  85       puppet_config:
  86         config_volume: keystone
  87         puppet_tags: keystone_config
  88         step_config: *step_config
  89         config_image: &keystone_image
  90           list_join:
  91             - '/'
  92             - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
  93       kolla_config:
  94         /var/lib/kolla/config_files/keystone.json:
  95           command: /usr/sbin/httpd -DFOREGROUND
  96       docker_config:
  97         # Kolla_bootstrap/db sync runs before permissions set by kolla_config
  98         step_3:
  99           keystone_init_log:
 100             start_order: 0
 101             image: *keystone_image
 102             user: root
 103             command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone']
 104             volumes:
 105               - /var/log/containers/keystone:/var/log/keystone
 106           keystone_db_sync:
 107             start_order: 1
 108             image: *keystone_image
 109             net: host
 110             privileged: false
 111             detach: false
 112             volumes: &keystone_volumes
 113               list_concat:
 114                 - {get_attr: [ContainersCommon, volumes]}
 115                 -
 116                   - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
 117                   - /var/lib/config-data/keystone/var/www/:/var/www/:ro
 118                   - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
 119                   - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro
 120                   - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
 121                   - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
 122                   - /var/log/containers/keystone:/var/log/keystone
 123                   -
 124                     if:
 125                       - internal_tls_enabled
 126                       - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
 127                       - ''
 128                   -
 129                     if:
 130                       - internal_tls_enabled
 131                       - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
 132                       - ''
 133             environment:
 134               - KOLLA_BOOTSTRAP=True
 135               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 136             command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
 137           keystone:
 138             start_order: 2
 139             image: *keystone_image
 140             net: host
 141             privileged: false
 142             restart: always
 143             volumes: *keystone_volumes
 144             environment:
 145               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 146           keystone_bootstrap:
 147             start_order: 3
 148             action: exec
 149             command:
 150               [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
 151       docker_puppet_tasks:
 152         # Keystone endpoint creation occurs only on single node
 153         step_3:
 154           config_volume: 'keystone_init_tasks'
 155           puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
 156           step_config: 'include ::tripleo::profile::base::keystone'
 157           config_image: *keystone_image
 158       host_prep_tasks:
 159         - name: create persistent logs directory
 160           file:
 161             path: /var/log/containers/keystone
 162             state: directory
 163       upgrade_tasks:
 164         - name: Stop and disable keystone service (running under httpd)
 165           tags: step2
 166           service: name=httpd state=stopped enabled=no
 167       metadata_settings:
 168         get_attr: [KeystoneBase, role_data, metadata_settings]