kolla-ansible/ansible/roles/keystone/templates/keystone.json.j2

{% set keystone_cmd = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
{% set keystone_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
{
    "command": "/usr/sbin/{{ keystone_cmd }}",
    "config_files": [
        {
            "source": "{{ container_config_directory }}/keystone.conf",
            "dest": "/etc/keystone/keystone.conf",
            "owner": "keystone",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/keystone-paste.ini",
            "dest": "/etc/keystone/keystone-paste.ini",
            "owner": "keystone",
            "perm": "0600",
            "optional": true
        },
        {
            "source": "{{ container_config_directory }}/domains",
            "dest": "/etc/keystone/domains",
            "owner": "keystone",
            "perm": "0600",
            "optional": true
        }{% if keystone_policy_file is defined %},
        {
            "source": "{{ container_config_directory }}/{{ keystone_policy_file }}",
            "dest": "/etc/keystone/{{ keystone_policy_file }}",
            "owner": "keystone",
            "perm": "0600"
        }{% endif %},
        {
            "source": "{{ container_config_directory }}/wsgi-keystone.conf",
            "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
            "owner": "keystone",
            "perm": "0600"
        }{% if keystone_enable_tls_backend | bool %},
        {
            "source": "{{ container_config_directory }}/keystone-cert.pem",
            "dest": "/etc/keystone/certs/keystone-cert.pem",
            "owner": "keystone",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/keystone-key.pem",
            "dest": "/etc/keystone/certs/keystone-key.pem",
            "owner": "keystone",
            "perm": "0600"
        }{% endif %}
    ],
    "permissions": [
        {
            "path": "/var/log/kolla",
            "owner": "keystone:kolla"
        },
        {
            "path": "/var/log/kolla/keystone/keystone.log",
            "owner": "keystone:keystone"
        },
        {
            "path": "/etc/keystone/fernet-keys",
            "owner": "keystone:keystone",
            "perm": "0770"
        },
        {
            "path": "/etc/keystone/domains",
            "owner": "keystone:keystone",
            "perm": "0700"
        }
    ]
}