X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=docker%2Fservices%2Fkeystone.yaml;h=a8ba5bf17dd7a48291ce69a8c5c9ebbeb541630c;hb=73616922e481b66fc2bfff145d7c1130ce1a6552;hp=772859eedf32d86e99a10499da478308a3117cba;hpb=f45d7de4088ed3ac3cd17f9c2195730a1c8e5ea1;p=apex-tripleo-heat-templates.git

diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 772859ee..a8ba5bf1 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -4,19 +4,21 @@ description: >
   OpenStack containerized Keystone service
 
 parameters:
-  DockerNamespace:
-    description: namespace
-    default: 'tripleoupstream'
-    type: string
   DockerKeystoneImage:
     description: image
-    default: 'centos-binary-keystone:latest'
+    type: string
+  DockerKeystoneConfigImage:
+    description: The container image to use for the keystone config_volume
     type: string
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -53,10 +55,14 @@ resources:
   ContainersCommon:
     type: ./containers-common.yaml
 
+  MySQLClient:
+    type: ../../puppet/services/database/mysql-client.yaml
+
   KeystoneBase:
     type: ../../puppet/services/keystone.yaml
     properties:
       EndpointMap: {get_param: EndpointMap}
+      ServiceData: {get_param: ServiceData}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
@@ -75,38 +81,57 @@ outputs:
         map_merge:
           - get_attr: [KeystoneBase, role_data, config_settings]
           - apache::default_vhost: false
+      logging_source: {get_attr: [KeystoneBase, role_data, logging_source]}
+      logging_groups: {get_attr: [KeystoneBase, role_data, logging_groups]}
       step_config: &step_config
         list_join:
           - "\n"
           - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }"
             - {get_attr: [KeystoneBase, role_data, step_config]}
+            - {get_attr: [MySQLClient, role_data, step_config]}
       service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config:
         config_volume: keystone
         puppet_tags: keystone_config
         step_config: *step_config
-        config_image: &keystone_image
-          list_join:
-            - '/'
-            - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
+        config_image: &keystone_config_image {get_param: DockerKeystoneConfigImage}
       kolla_config:
         /var/lib/kolla/config_files/keystone.json:
           command: /usr/sbin/httpd -DFOREGROUND
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+        /var/lib/kolla/config_files/keystone_cron.json:
+          # FIXME(dprince): this is unused ATM because Kolla hardcodes the
+          # args for the keystone container to -DFOREGROUND
+          command: /usr/sbin/crond -n
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+          permissions:
+            - path: /var/log/keystone
+              owner: keystone:keystone
+              recurse: true
       docker_config:
         # Kolla_bootstrap/db sync runs before permissions set by kolla_config
-        step_3:
+        step_2:
           keystone_init_log:
-            start_order: 0
-            image: *keystone_image
+            image: &keystone_image {get_param: DockerKeystoneImage}
             user: root
-            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone']
+            command: ['/bin/bash', '-c', 'chown -R keystone:keystone /var/log/keystone']
             volumes:
               - /var/log/containers/keystone:/var/log/keystone
+              - /var/log/containers/httpd/keystone:/var/log/httpd
+        step_3:
           keystone_db_sync:
-            start_order: 1
             image: *keystone_image
             net: host
+            user: root
             privileged: false
             detach: false
             volumes: &keystone_volumes
@@ -114,10 +139,9 @@ outputs:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
-                  - /var/lib/config-data/keystone/var/www/:/var/www/:ro
-                  - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
-                  - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+                  - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/keystone:/var/log/keystone
+                  - /var/log/containers/httpd/keystone:/var/log/httpd
                   -
                     if:
                       - internal_tls_enabled
@@ -144,23 +168,52 @@ outputs:
           keystone_bootstrap:
             start_order: 3
             action: exec
+            user: root
             command:
               [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+          keystone_cron:
+            start_order: 4
+            image: *keystone_image
+            user: root
+            net: host
+            privileged: false
+            restart: always
+            command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n']
+            healthcheck:
+              test: /bin/true
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
+                  - /var/log/containers/keystone:/var/log/keystone
+                  - /var/log/containers/httpd/keystone:/var/log/httpd
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       docker_puppet_tasks:
         # Keystone endpoint creation occurs only on single node
         step_3:
           config_volume: 'keystone_init_tasks'
           puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
           step_config: 'include ::tripleo::profile::base::keystone'
-          config_image: *keystone_image
+          config_image: *keystone_config_image
       host_prep_tasks:
         - name: create persistent logs directory
           file:
-            path: /var/log/containers/keystone
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/keystone
+            - /var/log/containers/httpd/keystone
       upgrade_tasks:
         - name: Stop and disable keystone service (running under httpd)
           tags: step2
           service: name=httpd state=stopped enabled=no
+        - name: remove old keystone cron jobs
+          tags: step2
+          file:
+            path: /var/spool/cron/keystone
+            state: absent
       metadata_settings:
         get_attr: [KeystoneBase, role_data, metadata_settings]