openstack/kolla-ansible
Code Issues Proposed changes
2cc21b0e63
kolla-ansible/ansible/roles/keystone/templates/keystone-fernet.json.j2
Michal Arbet 90fd9152a4 Use Docker healthchecks for keystone-fernet container 
This change enables the use of Docker healthchecks for
keystone-fernet container. It checks if "key 0" has
right permissions, and if rsync is able to distribute
keys to other keystones.

Implements: blueprint container-health-check
Change-Id: I17bea723d4109e869cd05d211f6f8e4653f46e17
2021-08-17 15:07:01 +02:00

68 lines
2.3 KiB
Django/Jinja
Raw Blame History

{% set cron_cmd = 'cron -f' if kolla_base_distro in ['ubuntu', 'debian'] else 'crond -s -n' %}
{% set cron_path = '/var/spool/cron/crontabs/root' if kolla_base_distro in ['ubuntu', 'debian'] else '/var/spool/cron/root' %}
{
"command": "{{ cron_cmd }}",
"config_files": [{
"source": "{{ container_config_directory }}/keystone.conf",
"dest": "/etc/keystone/keystone.conf",
"owner": "keystone",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/crontab",
"dest": "{{ cron_path }}",
"owner": "root",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/fernet-rotate.sh",
"dest": "/usr/bin/fernet-rotate.sh",
"owner": "root",
"perm": "0755"
},
{
"source": "{{ container_config_directory }}/fernet-node-sync.sh",
"dest": "/usr/bin/fernet-node-sync.sh",
"owner": "root",
"perm": "0755"
},
{
"source": "{{ container_config_directory }}/fernet-push.sh",
"dest": "/usr/bin/fernet-push.sh",
"owner": "root",
"perm": "0755"
},
{
"source": "{{ container_config_directory }}/ssh_config",
"dest": "/var/lib/keystone/.ssh/config",
"owner": "keystone",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/id_rsa",
"dest": "/var/lib/keystone/.ssh/id_rsa",
"owner": "keystone",
"perm": "0600"
}{% if keystone_policy_file is defined %},
{
"source": "{{ container_config_directory }}/{{ keystone_policy_file }}",
"dest": "/etc/keystone/{{ keystone_policy_file }}",
"owner": "keystone",
"perm": "0600"
}{% endif %}{% if keystone_fernet_enable_healthchecks | bool %},
{
"source": "{{ container_config_directory }}/fernet-healthcheck.sh",
"dest": "/usr/bin/fernet-healthcheck.sh",
"owner": "root",
"perm": "0755"
}{% endif %}
],
"permissions": [
{
"path": "/etc/keystone/fernet-keys",
"owner": "keystone:keystone",
"perm": "0770"
}
]
}
View Git Blame Copy Permalink