X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=docker%2Fservices%2Fkeystone.yaml;h=e7717ab0c206d7e159de9c7c74addc33cdfc0cc9;hb=48e1b90594f6cb0d91fc6eb2c989de1a043c0ee5;hp=6371367745624b82071e3210442a995dea1e5d24;hpb=0825568aa6ba2cd3567a65d14b0f8ff37a688b60;p=apex-tripleo-heat-templates.git

diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 63713677..e7717ab0 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -33,12 +33,18 @@ parameters:
   KeystoneTokenProvider:
     description: The keystone token format
     type: string
-    default: 'uuid'
+    default: 'fernet'
     constraints:
       - allowed_values: ['uuid', 'fernet']
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 resources:
 
+  ContainersCommon:
+    type: ./containers-common.yaml
+
   KeystoneBase:
     type: ../../puppet/services/keystone.yaml
     properties:
@@ -47,7 +53,8 @@ resources:
       DefaultPasswords: {get_param: DefaultPasswords}
 
 conditions:
-  keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 outputs:
   role_data:
@@ -74,55 +81,8 @@ outputs:
             - '/'
             - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
       kolla_config:
-         /var/lib/kolla/config_files/keystone.json:
-           command: /usr/sbin/httpd -DFOREGROUND
-           config_files:
-           - dest: /etc/keystone/keystone.conf
-             owner: keystone
-             perm: '0640'
-             source: /var/lib/kolla/config_files/src/etc/keystone/keystone.conf
-           - dest: /etc/keystone/credential-keys/0
-             owner: keystone
-             perm: '0600'
-             source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/0
-           - dest: /etc/keystone/credential-keys/1
-             owner: keystone
-             perm: '0600'
-             source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1
-           - dest: /etc/keystone/fernet-keys/0
-             owner: keystone
-             perm: '0600'
-             source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/0
-             optional: {if: [keystone_fernet_tokens, false, true]}
-           - dest: /etc/keystone/fernet-keys/1
-             owner: keystone
-             perm: '0600'
-             source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/1
-             optional: {if: [keystone_fernet_tokens, false, true]}
-           - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf
-             owner: root
-             perm: '0644'
-             source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_admin.conf
-           - dest: /etc/httpd/conf.d/10-keystone_wsgi_main.conf
-             owner: root
-             perm: '0644'
-             source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_main.conf
-           - dest: /etc/httpd/conf/httpd.conf
-             owner: root
-             perm: '0644'
-             source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf
-           - dest: /etc/httpd/conf/ports.conf
-             owner: root
-             perm: '0644'
-             source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf
-           - dest: /var/www/cgi-bin/keystone/keystone-admin
-             owner: keystone
-             perm: '0644'
-             source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-admin
-           - dest: /var/www/cgi-bin/keystone/keystone-public
-             owner: keystone
-             perm: '0644'
-             source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-public
+        /var/lib/kolla/config_files/keystone.json:
+          command: /usr/sbin/httpd -DFOREGROUND
       docker_config:
         step_3:
           keystone-init-log:
@@ -139,12 +99,26 @@ outputs:
             privileged: false
             detach: false
             volumes: &keystone_volumes
-              - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
-              - /var/lib/config-data/keystone/:/var/lib/kolla/config_files/src:ro
-              - /var/lib/config-data/keystone/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro
-              - /etc/hosts:/etc/hosts:ro
-              - /etc/localtime:/etc/localtime:ro
-              - logs:/var/log
+              yaql:
+                expression: $.data.common.concat($.data.service)
+                data:
+                  common: {get_attr: [ContainersCommon, volumes]}
+                  service:
+                    - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
+                    - /var/lib/config-data/keystone/var/www/:/var/www/:ro
+                    - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
+                    - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+                    - logs:/var/log
+                    -
+                      if:
+                        - internal_tls_enabled
+                        - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                        - ''
+                    -
+                      if:
+                        - internal_tls_enabled
+                        - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                        - ''
             environment:
               - KOLLA_BOOTSTRAP=True
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS