Merge pull request #114 from portdirect/yaodu/keystone
Keystone: Configmap Updates
This commit is contained in:
commit
d1e1736413
@ -1,22 +1,13 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
# order of kolla_keystone_bootstrap urls
|
||||
# for those of looking for a little expanation
|
||||
# to a mysterious blackbox
|
||||
#
|
||||
# these will feed into the keystone endpoints
|
||||
# so it is important they are correct
|
||||
#
|
||||
# keystone_admin_url
|
||||
# keystone_internal_url
|
||||
# keystone_public_url
|
||||
|
||||
keystone-manage db_sync
|
||||
kolla_keystone_bootstrap {{ .Values.keystone.admin_user }} {{ .Values.keystone.admin_password }} \
|
||||
{{ .Values.keystone.admin_project_name }} admin \
|
||||
{{ include "endpoint_keystone_admin" . }} \
|
||||
{{ include "endpoint_keystone_internal" . }} \
|
||||
{{ include "endpoint_keystone_internal" . }} \
|
||||
{{ .Values.keystone.admin_region_name }}
|
||||
keystone-manage --config-file=/etc/keystone/keystone.conf db_sync
|
||||
|
||||
keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \
|
||||
--bootstrap-username {{ .Values.keystone.admin_user }} \
|
||||
--bootstrap-password {{ .Values.keystone.admin_password }} \
|
||||
--bootstrap-project-name {{ .Values.keystone.admin_project_name }} \
|
||||
--bootstrap-admin-url {{ include "endpoint_keystone_admin" . }} \
|
||||
--bootstrap-public-url {{ include "endpoint_keystone_internal" . }} \
|
||||
--bootstrap-internal-url {{ include "endpoint_keystone_internal" . }} \
|
||||
--bootstrap-region-id {{ .Values.keystone.admin_region_name }}
|
||||
|
@ -2,5 +2,20 @@
|
||||
set -ex
|
||||
export HOME=/tmp
|
||||
|
||||
ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_database_name }}'"
|
||||
ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_user }}' password='{{ .Values.database.keystone_password }}' host='%' priv='{{ .Values.database.keystone_database_name }}.*:ALL' append_privs='yes'"
|
||||
ansible localhost -vvv \
|
||||
-m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \
|
||||
login_port='{{ .Values.database.port }}' \
|
||||
login_user='{{ .Values.database.root_user }}' \
|
||||
login_password='{{ .Values.database.root_password }}' \
|
||||
name='{{ .Values.database.keystone_database_name }}'"
|
||||
|
||||
ansible localhost -vvv \
|
||||
-m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \
|
||||
login_port='{{ .Values.database.port }}' \
|
||||
login_user='{{ .Values.database.root_user }}' \
|
||||
login_password='{{ .Values.database.root_password }}' \
|
||||
name='{{ .Values.database.keystone_user }}' \
|
||||
password='{{ .Values.database.keystone_password }}' \
|
||||
host='%' \
|
||||
priv='{{ .Values.database.keystone_database_name }}.*:ALL' \
|
||||
append_privs='yes'"
|
||||
|
@ -1,8 +1,10 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
if [ -f /etc/apache2/envvars ]; then
|
||||
# Loading Apache2 ENV variables
|
||||
source /etc/apache2/envvars
|
||||
fi
|
||||
|
||||
# start apache with any container arguments
|
||||
apache2 -DFOREGROUND $*
|
||||
# Start Apache2
|
||||
exec apache2 -DFOREGROUND
|
||||
|
@ -9,3 +9,9 @@ data:
|
||||
{{ tuple "etc/_mpm_event.conf.tpl" . | include "template" | indent 4 }}
|
||||
wsgi-keystone.conf: |+
|
||||
{{ tuple "etc/_wsgi-keystone.conf.tpl" . | include "template" | indent 4 }}
|
||||
policy.json: |+
|
||||
{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }}
|
||||
keystone-paste.ini: |+
|
||||
{{ tuple "etc/_keystone-paste.ini.tpl" . | include "template" | indent 4 }}
|
||||
sso_callback_template.html: |+
|
||||
{{ tuple "etc/_sso_callback_template.html.tpl" . | include "template" | indent 4 }}
|
||||
|
@ -37,26 +37,62 @@ spec:
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.public }}
|
||||
- containerPort: {{ .Values.network.port.admin }}
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- apachectl
|
||||
- -k
|
||||
- graceful-stop
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.port.public }}
|
||||
volumeMounts:
|
||||
- name: pod-etc-keystone
|
||||
mountPath: /etc/keystone
|
||||
- name: keystoneconf
|
||||
mountPath: /etc/keystone/keystone.conf
|
||||
subPath: keystone.conf
|
||||
readOnly: true
|
||||
- name: keystonepaste
|
||||
mountPath: /etc/keystone/keystone-paste.ini
|
||||
subPath: keystone-paste.ini
|
||||
readOnly: true
|
||||
- name: keystonepolicy
|
||||
mountPath: /etc/keystone/policy.json
|
||||
subPath: policy.json
|
||||
readOnly: true
|
||||
- name: keystonessotemplate
|
||||
mountPath: /etc/keystone/sso_callback_template.html
|
||||
subPath: sso_callback_template.html
|
||||
readOnly: true
|
||||
- name: wsgikeystone
|
||||
mountPath: /etc/apache2/conf-enabled/wsgi-keystone.conf
|
||||
subPath: wsgi-keystone.conf
|
||||
readOnly: true
|
||||
- name: mpmeventconf
|
||||
mountPath: /etc/apache2/mods-available/mpm_event.conf
|
||||
subPath: mpm_event.conf
|
||||
readOnly: true
|
||||
- name: startsh
|
||||
mountPath: /tmp/start.sh
|
||||
subPath: start.sh
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: pod-etc-keystone
|
||||
emptyDir: {}
|
||||
- name: keystoneconf
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
- name: keystonepaste
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
- name: keystonepolicy
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
- name: keystonessotemplate
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
- name: wsgikeystone
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
@ -66,4 +102,3 @@ spec:
|
||||
- name: startsh
|
||||
configMap:
|
||||
name: keystone-bin
|
||||
|
||||
|
97
keystone/templates/etc/_keystone-paste.ini.tpl
Normal file
97
keystone/templates/etc/_keystone-paste.ini.tpl
Normal file
@ -0,0 +1,97 @@
|
||||
# Keystone PasteDeploy configuration file.
|
||||
|
||||
[filter:debug]
|
||||
use = egg:oslo.middleware#debug
|
||||
|
||||
[filter:request_id]
|
||||
use = egg:oslo.middleware#request_id
|
||||
|
||||
[filter:build_auth_context]
|
||||
use = egg:keystone#build_auth_context
|
||||
|
||||
[filter:token_auth]
|
||||
use = egg:keystone#token_auth
|
||||
|
||||
[filter:admin_token_auth]
|
||||
# This is deprecated in the M release and will be removed in the O release.
|
||||
# Use `keystone-manage bootstrap` and remove this from the pipelines below.
|
||||
use = egg:keystone#admin_token_auth
|
||||
|
||||
[filter:json_body]
|
||||
use = egg:keystone#json_body
|
||||
|
||||
[filter:cors]
|
||||
use = egg:oslo.middleware#cors
|
||||
oslo_config_project = keystone
|
||||
|
||||
[filter:http_proxy_to_wsgi]
|
||||
use = egg:oslo.middleware#http_proxy_to_wsgi
|
||||
|
||||
[filter:healthcheck]
|
||||
use = egg:oslo.middleware#healthcheck
|
||||
|
||||
[filter:ec2_extension]
|
||||
use = egg:keystone#ec2_extension
|
||||
|
||||
[filter:ec2_extension_v3]
|
||||
use = egg:keystone#ec2_extension_v3
|
||||
|
||||
[filter:s3_extension]
|
||||
use = egg:keystone#s3_extension
|
||||
|
||||
[filter:url_normalize]
|
||||
use = egg:keystone#url_normalize
|
||||
|
||||
[filter:sizelimit]
|
||||
use = egg:oslo.middleware#sizelimit
|
||||
|
||||
[filter:osprofiler]
|
||||
use = egg:osprofiler#osprofiler
|
||||
|
||||
[app:public_service]
|
||||
use = egg:keystone#public_service
|
||||
|
||||
[app:service_v3]
|
||||
use = egg:keystone#service_v3
|
||||
|
||||
[app:admin_service]
|
||||
use = egg:keystone#admin_service
|
||||
|
||||
[pipeline:public_api]
|
||||
# The last item in this pipeline must be public_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
|
||||
|
||||
[pipeline:admin_api]
|
||||
# The last item in this pipeline must be admin_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
|
||||
|
||||
[pipeline:api_v3]
|
||||
# The last item in this pipeline must be service_v3 or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
use = egg:keystone#public_version_service
|
||||
|
||||
[app:admin_version_service]
|
||||
use = egg:keystone#admin_version_service
|
||||
|
||||
[pipeline:public_version_api]
|
||||
pipeline = healthcheck cors sizelimit osprofiler url_normalize public_version_service
|
||||
|
||||
[pipeline:admin_version_api]
|
||||
pipeline = healthcheck cors sizelimit osprofiler url_normalize admin_version_service
|
||||
|
||||
[composite:main]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = public_api
|
||||
/v3 = api_v3
|
||||
/ = public_version_api
|
||||
|
||||
[composite:admin]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = admin_api
|
||||
/v3 = api_v3
|
||||
/ = admin_version_api
|
199
keystone/templates/etc/_policy.json.tpl
Normal file
199
keystone/templates/etc/_policy.json.tpl
Normal file
@ -0,0 +1,199 @@
|
||||
{
|
||||
"admin_required": "role:admin or is_admin:1",
|
||||
"service_role": "role:service",
|
||||
"service_or_admin": "rule:admin_required or rule:service_role",
|
||||
"owner" : "user_id:%(user_id)s",
|
||||
"admin_or_owner": "rule:admin_required or rule:owner",
|
||||
"token_subject": "user_id:%(target.token.user_id)s",
|
||||
"admin_or_token_subject": "rule:admin_required or rule:token_subject",
|
||||
"service_admin_or_token_subject": "rule:service_or_admin or rule:token_subject",
|
||||
|
||||
"default": "rule:admin_required",
|
||||
|
||||
"identity:get_region": "",
|
||||
"identity:list_regions": "",
|
||||
"identity:create_region": "rule:admin_required",
|
||||
"identity:update_region": "rule:admin_required",
|
||||
"identity:delete_region": "rule:admin_required",
|
||||
|
||||
"identity:get_service": "rule:admin_required",
|
||||
"identity:list_services": "rule:admin_required",
|
||||
"identity:create_service": "rule:admin_required",
|
||||
"identity:update_service": "rule:admin_required",
|
||||
"identity:delete_service": "rule:admin_required",
|
||||
|
||||
"identity:get_endpoint": "rule:admin_required",
|
||||
"identity:list_endpoints": "rule:admin_required",
|
||||
"identity:create_endpoint": "rule:admin_required",
|
||||
"identity:update_endpoint": "rule:admin_required",
|
||||
"identity:delete_endpoint": "rule:admin_required",
|
||||
|
||||
"identity:get_domain": "rule:admin_required or token.project.domain.id:%(target.domain.id)s",
|
||||
"identity:list_domains": "rule:admin_required",
|
||||
"identity:create_domain": "rule:admin_required",
|
||||
"identity:update_domain": "rule:admin_required",
|
||||
"identity:delete_domain": "rule:admin_required",
|
||||
|
||||
"identity:get_project": "rule:admin_required or project_id:%(target.project.id)s",
|
||||
"identity:list_projects": "rule:admin_required",
|
||||
"identity:list_user_projects": "rule:admin_or_owner",
|
||||
"identity:create_project": "rule:admin_required",
|
||||
"identity:update_project": "rule:admin_required",
|
||||
"identity:delete_project": "rule:admin_required",
|
||||
|
||||
"identity:get_user": "rule:admin_or_owner",
|
||||
"identity:list_users": "rule:admin_required",
|
||||
"identity:create_user": "rule:admin_required",
|
||||
"identity:update_user": "rule:admin_required",
|
||||
"identity:delete_user": "rule:admin_required",
|
||||
"identity:change_password": "rule:admin_or_owner",
|
||||
|
||||
"identity:get_group": "rule:admin_required",
|
||||
"identity:list_groups": "rule:admin_required",
|
||||
"identity:list_groups_for_user": "rule:admin_or_owner",
|
||||
"identity:create_group": "rule:admin_required",
|
||||
"identity:update_group": "rule:admin_required",
|
||||
"identity:delete_group": "rule:admin_required",
|
||||
"identity:list_users_in_group": "rule:admin_required",
|
||||
"identity:remove_user_from_group": "rule:admin_required",
|
||||
"identity:check_user_in_group": "rule:admin_required",
|
||||
"identity:add_user_to_group": "rule:admin_required",
|
||||
|
||||
"identity:get_credential": "rule:admin_required",
|
||||
"identity:list_credentials": "rule:admin_required",
|
||||
"identity:create_credential": "rule:admin_required",
|
||||
"identity:update_credential": "rule:admin_required",
|
||||
"identity:delete_credential": "rule:admin_required",
|
||||
|
||||
"identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
|
||||
"identity:ec2_list_credentials": "rule:admin_or_owner",
|
||||
"identity:ec2_create_credential": "rule:admin_or_owner",
|
||||
"identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
|
||||
|
||||
"identity:get_role": "rule:admin_required",
|
||||
"identity:list_roles": "rule:admin_required",
|
||||
"identity:create_role": "rule:admin_required",
|
||||
"identity:update_role": "rule:admin_required",
|
||||
"identity:delete_role": "rule:admin_required",
|
||||
"identity:get_domain_role": "rule:admin_required",
|
||||
"identity:list_domain_roles": "rule:admin_required",
|
||||
"identity:create_domain_role": "rule:admin_required",
|
||||
"identity:update_domain_role": "rule:admin_required",
|
||||
"identity:delete_domain_role": "rule:admin_required",
|
||||
|
||||
"identity:get_implied_role": "rule:admin_required ",
|
||||
"identity:list_implied_roles": "rule:admin_required",
|
||||
"identity:create_implied_role": "rule:admin_required",
|
||||
"identity:delete_implied_role": "rule:admin_required",
|
||||
"identity:list_role_inference_rules": "rule:admin_required",
|
||||
"identity:check_implied_role": "rule:admin_required",
|
||||
|
||||
"identity:check_grant": "rule:admin_required",
|
||||
"identity:list_grants": "rule:admin_required",
|
||||
"identity:create_grant": "rule:admin_required",
|
||||
"identity:revoke_grant": "rule:admin_required",
|
||||
|
||||
"identity:list_role_assignments": "rule:admin_required",
|
||||
"identity:list_role_assignments_for_tree": "rule:admin_required",
|
||||
|
||||
"identity:get_policy": "rule:admin_required",
|
||||
"identity:list_policies": "rule:admin_required",
|
||||
"identity:create_policy": "rule:admin_required",
|
||||
"identity:update_policy": "rule:admin_required",
|
||||
"identity:delete_policy": "rule:admin_required",
|
||||
|
||||
"identity:check_token": "rule:admin_or_token_subject",
|
||||
"identity:validate_token": "rule:service_admin_or_token_subject",
|
||||
"identity:validate_token_head": "rule:service_or_admin",
|
||||
"identity:revocation_list": "rule:service_or_admin",
|
||||
"identity:revoke_token": "rule:admin_or_token_subject",
|
||||
|
||||
"identity:create_trust": "user_id:%(trust.trustor_user_id)s",
|
||||
"identity:list_trusts": "",
|
||||
"identity:list_roles_for_trust": "",
|
||||
"identity:get_role_for_trust": "",
|
||||
"identity:delete_trust": "",
|
||||
|
||||
"identity:create_consumer": "rule:admin_required",
|
||||
"identity:get_consumer": "rule:admin_required",
|
||||
"identity:list_consumers": "rule:admin_required",
|
||||
"identity:delete_consumer": "rule:admin_required",
|
||||
"identity:update_consumer": "rule:admin_required",
|
||||
|
||||
"identity:authorize_request_token": "rule:admin_required",
|
||||
"identity:list_access_token_roles": "rule:admin_required",
|
||||
"identity:get_access_token_role": "rule:admin_required",
|
||||
"identity:list_access_tokens": "rule:admin_required",
|
||||
"identity:get_access_token": "rule:admin_required",
|
||||
"identity:delete_access_token": "rule:admin_required",
|
||||
|
||||
"identity:list_projects_for_endpoint": "rule:admin_required",
|
||||
"identity:add_endpoint_to_project": "rule:admin_required",
|
||||
"identity:check_endpoint_in_project": "rule:admin_required",
|
||||
"identity:list_endpoints_for_project": "rule:admin_required",
|
||||
"identity:remove_endpoint_from_project": "rule:admin_required",
|
||||
|
||||
"identity:create_endpoint_group": "rule:admin_required",
|
||||
"identity:list_endpoint_groups": "rule:admin_required",
|
||||
"identity:get_endpoint_group": "rule:admin_required",
|
||||
"identity:update_endpoint_group": "rule:admin_required",
|
||||
"identity:delete_endpoint_group": "rule:admin_required",
|
||||
"identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
|
||||
"identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
|
||||
"identity:get_endpoint_group_in_project": "rule:admin_required",
|
||||
"identity:list_endpoint_groups_for_project": "rule:admin_required",
|
||||
"identity:add_endpoint_group_to_project": "rule:admin_required",
|
||||
"identity:remove_endpoint_group_from_project": "rule:admin_required",
|
||||
|
||||
"identity:create_identity_provider": "rule:admin_required",
|
||||
"identity:list_identity_providers": "rule:admin_required",
|
||||
"identity:get_identity_providers": "rule:admin_required",
|
||||
"identity:update_identity_provider": "rule:admin_required",
|
||||
"identity:delete_identity_provider": "rule:admin_required",
|
||||
|
||||
"identity:create_protocol": "rule:admin_required",
|
||||
"identity:update_protocol": "rule:admin_required",
|
||||
"identity:get_protocol": "rule:admin_required",
|
||||
"identity:list_protocols": "rule:admin_required",
|
||||
"identity:delete_protocol": "rule:admin_required",
|
||||
|
||||
"identity:create_mapping": "rule:admin_required",
|
||||
"identity:get_mapping": "rule:admin_required",
|
||||
"identity:list_mappings": "rule:admin_required",
|
||||
"identity:delete_mapping": "rule:admin_required",
|
||||
"identity:update_mapping": "rule:admin_required",
|
||||
|
||||
"identity:create_service_provider": "rule:admin_required",
|
||||
"identity:list_service_providers": "rule:admin_required",
|
||||
"identity:get_service_provider": "rule:admin_required",
|
||||
"identity:update_service_provider": "rule:admin_required",
|
||||
"identity:delete_service_provider": "rule:admin_required",
|
||||
|
||||
"identity:get_auth_catalog": "",
|
||||
"identity:get_auth_projects": "",
|
||||
"identity:get_auth_domains": "",
|
||||
|
||||
"identity:list_projects_for_user": "",
|
||||
"identity:list_domains_for_user": "",
|
||||
|
||||
"identity:list_revoke_events": "rule:service_or_admin",
|
||||
|
||||
"identity:create_policy_association_for_endpoint": "rule:admin_required",
|
||||
"identity:check_policy_association_for_endpoint": "rule:admin_required",
|
||||
"identity:delete_policy_association_for_endpoint": "rule:admin_required",
|
||||
"identity:create_policy_association_for_service": "rule:admin_required",
|
||||
"identity:check_policy_association_for_service": "rule:admin_required",
|
||||
"identity:delete_policy_association_for_service": "rule:admin_required",
|
||||
"identity:create_policy_association_for_region_and_service": "rule:admin_required",
|
||||
"identity:check_policy_association_for_region_and_service": "rule:admin_required",
|
||||
"identity:delete_policy_association_for_region_and_service": "rule:admin_required",
|
||||
"identity:get_policy_for_endpoint": "rule:admin_required",
|
||||
"identity:list_endpoints_for_policy": "rule:admin_required",
|
||||
|
||||
"identity:create_domain_config": "rule:admin_required",
|
||||
"identity:get_domain_config": "rule:admin_required",
|
||||
"identity:get_security_compliance_domain_config": "",
|
||||
"identity:update_domain_config": "rule:admin_required",
|
||||
"identity:delete_domain_config": "rule:admin_required",
|
||||
"identity:get_domain_config_default": "rule:admin_required"
|
||||
}
|
22
keystone/templates/etc/_sso_callback_template.html.tpl
Normal file
22
keystone/templates/etc/_sso_callback_template.html.tpl
Normal file
@ -0,0 +1,22 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>Keystone WebSSO redirect</title>
|
||||
</head>
|
||||
<body>
|
||||
<form id="sso" name="sso" action="$host" method="post">
|
||||
Please wait...
|
||||
<br/>
|
||||
<input type="hidden" name="token" id="token" value="$token"/>
|
||||
<noscript>
|
||||
<input type="submit" name="submit_no_javascript" id="submit_no_javascript"
|
||||
value="If your JavaScript is disabled, please click to continue"/>
|
||||
</noscript>
|
||||
</form>
|
||||
<script type="text/javascript">
|
||||
window.onload = function() {
|
||||
document.forms['sso'].submit();
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
@ -1,6 +1,9 @@
|
||||
Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.public }}
|
||||
Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
|
||||
|
||||
<VirtualHost *:{{ .Values.network.port.public }}>
|
||||
WSGIDaemonProcess keystone-public processes=16 threads=6 user=keystone group=keystone display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-public
|
||||
@ -10,8 +13,11 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
ErrorLog "|$/bin/cat 1>&2"
|
||||
CustomLog "|/bin/cat" combined
|
||||
ErrorLog /dev/stderr
|
||||
|
||||
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
||||
CustomLog /dev/stdout combined env=!forwarded
|
||||
CustomLog /dev/stdout proxy env=forwarded
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:{{ .Values.network.port.admin }}>
|
||||
@ -23,6 +29,9 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
ErrorLog "|$/bin/cat 1>&2"
|
||||
CustomLog "|/bin/cat" combined
|
||||
ErrorLog /dev/stderr
|
||||
|
||||
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
||||
CustomLog /dev/stdout combined env=!forwarded
|
||||
CustomLog /dev/stdout proxy env=forwarded
|
||||
</VirtualHost>
|
||||
|
@ -23,13 +23,19 @@ spec:
|
||||
- bash
|
||||
- /tmp/db-sync.sh
|
||||
volumeMounts:
|
||||
- name: pod-etc-keystone
|
||||
mountPath: /etc/keystone
|
||||
- name: keystoneconf
|
||||
mountPath: /etc/keystone/keystone.conf
|
||||
subPath: keystone.conf
|
||||
readOnly: true
|
||||
- name: keystone-bin
|
||||
mountPath: /tmp/db-sync.sh
|
||||
subPath: db-sync.sh
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: pod-etc-keystone
|
||||
emptyDir: {}
|
||||
- name: keystoneconf
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
|
@ -90,4 +90,3 @@ endpoints:
|
||||
port:
|
||||
admin: 35357
|
||||
public: 5000
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user