Description of problem: TripleO allows users to configure domain-specific backends via the KeystoneLDAPBackendConfigs THT parameter. These options end up being configuration values in a file mounted into the container (/etc/keystone/domain/keystone.$DOMAIN.conf). If the end users attempts to remove the configuration file by renaming it on the host and restarting the container, the original file is still present in the container. How reproducible: 100% Steps to Reproduce: 1. Deploy the overcloud with a domain-specific backend 2. Update the domain configuration file on the controller to a different name (/var/lib/config-data/puppet-generated/keystone/etc/keystone/domains/keystone.AD.conf.bak). 3. Restart the keystone container 4. View the /etc/keystone/domains directory and verify the original domain configuration file is still present Actual results: The /etc/keystone/domains directory in the container contains stale configuration files. Expected results: The contents of /etc/keystone/domains maps to /var/lib/config-data/puppet-generated/keystone/etc/keystone/domains/
I talked to the tripleo community and we tried a quick patch to see if if helped [0], but it was unsuccessful in removing stale files. We may be able to pick-up this approach and iterate on it, though. [0] https://review.opendev.org/#/c/756874/