From 136d93f924efa26ab6b2bcc0e11f22f0084670a2 Mon Sep 17 00:00:00 2001
From: Corey Bryant <corey.bryant@canonical.com>
Date: Wed, 5 Apr 2017 16:09:02 +0000
Subject: [PATCH] Isolate nginx/uwsgi files to unique directories

There will be multiple OpenStack snaps that have their own nginx/uwsgi files,
such as nginx.conf template, systemd unit files, pid files, log files, and
more. This change isolates the keystone directories for nginx and uwsgi so
that they won't conflict with other OpenStack snaps that use nginx and uwsgi.

Change-Id: Ia558bed548580f4b82a85b65ec029fd534334e2c
---
 snap/snap-openstack.yaml     | 25 +++++++++++++------------
 snap/templates/nginx.conf.j2 | 14 +++++++-------
 2 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/snap/snap-openstack.yaml b/snap/snap-openstack.yaml
index bd866aa..a2ea7a6 100644
--- a/snap/snap-openstack.yaml
+++ b/snap/snap-openstack.yaml
@@ -4,27 +4,27 @@ setup:
     - "/etc/keystone"
     - "/etc/keystone/conf.d"
     - "/etc/keystone/fernet-keys"
-    - "/etc/nginx/sites-enabled"
-    - "/etc/uwsgi"
+    - "/etc/nginx/keystone/sites-enabled"
+    - "/etc/uwsgi/keystone"
     - "/var/lib/keystone"
-    - "/var/lib/nginx"
+    - "/var/lib/nginx/keystone"
     - "/var/lock/keystone"
     - "/var/log/keystone"
-    - "/var/log/uwsgi"
+    - "/var/log/uwsgi/keystone"
     - "/var/log/nginx/keystone"
     - "/var/run/keystone"
-    - "/var/www/keystone"
+    - "/var/run/nginx/keystone"
   templates:
     keystone-snap.conf.j2: "/etc/keystone/conf.d/keystone-snap.conf"
-    admin.ini.j2: "/etc/uwsgi/keystone-admin.ini"
-    public.ini.j2: "/etc/uwsgi/keystone-public.ini"
-    keystone-nginx.conf.j2: "/etc/nginx/sites-enabled/keystone.conf"
+    admin.ini.j2: "/etc/uwsgi/keystone/admin.ini"
+    public.ini.j2: "/etc/uwsgi/keystone/public.ini"
+    keystone-nginx.conf.j2: "/etc/nginx/keystone/sites-enabled/keystone.conf"
     # NOTE(coreycb): drop nginx.conf template when support lands for
     # dropping permissions to regular user.
-    nginx.conf.j2: "/etc/nginx/nginx.conf"
+    nginx.conf.j2: "/etc/nginx/keystone/nginx.conf"
   copyfiles:
     "{snap}/etc/keystone": "/etc/keystone"
-    "{snap}/etc/nginx/": "/etc/nginx"
+    "{snap}/etc/nginx/": "/etc/nginx/keystone"
 entry_points:
   keystone-manage:
     binary: keystone-manage
@@ -34,7 +34,8 @@ entry_points:
       - "/etc/keystone/conf.d"
   keystone-uwsgi:
     type: uwsgi
-    uwsgi-dir: "/etc/uwsgi"
-    log-file: "/var/log/uwsgi/keystone.log"
+    uwsgi-dir: "/etc/uwsgi/keystone"
+    log-file: "/var/log/uwsgi/keystone/uwsgi.log"
   keystone-nginx:
     type: nginx
+    config-file: "/etc/nginx/keystone/nginx.conf"
diff --git a/snap/templates/nginx.conf.j2 b/snap/templates/nginx.conf.j2
index 0b4fb45..628d057 100644
--- a/snap/templates/nginx.conf.j2
+++ b/snap/templates/nginx.conf.j2
@@ -1,7 +1,7 @@
 user root;
 worker_processes auto;
-pid /var/run/nginx/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
+pid /var/run/nginx/keystone/nginx.pid;
+include /etc/nginx/keystone/modules-enabled/*.conf;
 
 events {
         worker_connections 768;
@@ -19,7 +19,7 @@ http {
         keepalive_timeout 65;
         types_hash_max_size 2048;
 
-        include /etc/nginx/mime.types;
+        include /etc/nginx/keystone/mime.types;
         default_type application/octet-stream;
 
         ##
@@ -33,8 +33,8 @@ http {
         # Logging Settings
         ##
 
-        access_log /var/log/nginx/access.log;
-        error_log /var/log/nginx/error.log;
+        access_log /var/log/nginx/keystone/access.log;
+        error_log /var/log/nginx/keystone/error.log;
 
         ##
         # Gzip Settings
@@ -43,6 +43,6 @@ http {
         gzip on;
         gzip_disable "msie6";
 
-        include /etc/nginx/conf.d/*.conf;
-        include /etc/nginx/sites-enabled/*;
+        include /etc/nginx/keystone/conf.d/*.conf;
+        include /etc/nginx/keystone/sites-enabled/*;
 }