FROM {{ image_spec("openstack-base") }}
MAINTAINER {{ maintainer }}

#mysql-client only for provisioning need to be removed later
#netcat is for mysql alive test
RUN apt-get install -y --no-install-recommends \
        apache2 \
        libapache2-mod-wsgi \
        mysql-client \
    && echo > /etc/apache2/ports.conf \
    && apt-get clean

{{ copy_sources("openstack/keystone", "/keystone") }}

RUN useradd --user-group keystone \
    && /var/lib/microservices/venv/bin/pip install --upgrade /keystone \
    && mkdir -p /etc/keystone/fernet-keys /etc/keystone/credential-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
    && cp -r /keystone/etc/* /etc/keystone/ \
    && cp /var/lib/microservices/venv/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \
    && cp /var/lib/microservices/venv/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/public \
    && touch /etc/keystone/fernet-keys/.placeholder \
    && chown -R keystone: /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
    && chmod -R 700 /etc/keystone/fernet-keys \
    && chmod -R 500 /etc/keystone/credential-keys

COPY daemon.sh /usr/local/bin/daemon.sh
COPY keystone_sudoers /etc/sudoers.d/keystone_sudoers
RUN chmod 755 /usr/local/bin/daemon.sh \
    && chmod 440 /etc/sudoers.d/keystone_sudoers