diff options
| author |   Dan Prince <dprince@redhat.com> | 2017-01-03 22:21:44 -0500 |
|---|---|---|
| committer | Dan Prince <dprince@redhat.com> | 2017-02-15 12:56:44 -0500 |
| commit | ad2ea290bed17bff9b53ac225d3604ed642ee8bc (patch) | |
| tree | 75e24d906374e3b17d0a9463a6c00bc44c031913 /docker/firstboot | |
| parent | b06e49302d510d0e5f28c585c41c52ef5bc8ad13 (diff) | |
docker: new hybrid deployment architecture and configuration
This patch implements a new docker deployment architecture that
should us to install docker services in a stepwise manner alongside
of baremetal puppet services. This works by using Yaql to select
docker specific services (docker/services/*.yaml) vs the puppet
specific ones and then applying the selected Json to relevant Heat
software deployments for docker and baremetal puppet in a stepwise
fashion.
Additionally the new architecture
leverages new composable services interfaces from Newton to
allow configuration of per-service container configuration
sets (directories that are bind mounted into kolla containers) by
using the Kolla containers themselves. It does this by spinning up
a throw away "configuration only" version of the container being
configured itself, then running the puppet apply in that container and
copying the generated config files into /var/lib/config-data. This
avoids having to install all of the OpenStack dependency packages
in the heat-agent-container itself (our previous approach) and should
allow us to configure a much wider variety of container config files
that would otherwise be impossible with the previous shared approach.
The new approach (combined) should allow us to configure containers in
both the undercloud and overcloud and incrementally add CI coverage to
services as we containerize them.
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Change-Id: Ibcff99f03e6751fbf3197adefd5d344178b71fc2
Diffstat (limited to 'docker/firstboot')
| -rwxr-xr-x | docker/firstboot/setup_docker_host.sh | 26 | ||||
| -rw-r--r-- | docker/firstboot/setup_docker_host.yaml (renamed from docker/firstboot/install_docker_agents.yaml) | 13 | ||||
| -rwxr-xr-x | docker/firstboot/start_docker_agents.sh | 69 |
3 files changed, 29 insertions, 79 deletions
diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh new file mode 100755 index 00000000..b2287e91 --- /dev/null +++ b/docker/firstboot/setup_docker_host.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -eux +# TODO This would be better in puppet + +# TODO remove this when built image includes docker +if [ ! -f "/usr/bin/docker" ]; then + yum -y install docker +fi + +# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is +# a place holder for text replacement done via heat +if [ "$docker_namespace_is_registry" = "True" ]; then + /usr/bin/systemctl stop docker.service + # if namespace is used with local registry, trim all namespacing + trim_var=$docker_registry + registry_host="${trim_var%%/*}" + /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker +fi + +# enable and start docker +/usr/bin/systemctl enable docker.service +/usr/bin/systemctl start docker.service + +# Disable libvirtd +/usr/bin/systemctl disable libvirtd.service +/usr/bin/systemctl stop libvirtd.service diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/setup_docker_host.yaml index 41a87406..2f258987 100644 --- a/docker/firstboot/install_docker_agents.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -1,9 +1,6 @@ heat_template_version: ocata parameters: - DockerAgentImage: - type: string - default: heat-docker-agents DockerNamespace: type: string default: tripleoupstream @@ -17,22 +14,18 @@ resources: type: OS::Heat::MultipartMime properties: parts: - - config: {get_resource: install_docker_agents} + - config: {get_resource: setup_docker_host} - install_docker_agents: + setup_docker_host: type: OS::Heat::SoftwareConfig properties: group: script config: str_replace: params: - $agent_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAgentImage} ] $docker_registry: {get_param: DockerNamespace} $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} - template: {get_file: ./start_docker_agents.sh} + template: {get_file: ./setup_docker_host.sh} outputs: OS::stack_id: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh deleted file mode 100755 index 1c5cc18d..00000000 --- a/docker/firstboot/start_docker_agents.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -set -eux - -# TODO remove this when built image includes docker -if [ ! -f "/usr/bin/docker" ]; then - yum -y install docker -fi - -# Local docker registry 1.8 -# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is -# a place holder for text replacement done via heat -if [ "$docker_namespace_is_registry" = "True" ]; then - /usr/bin/systemctl stop docker.service - # if namespace is used with local registry, trim all namespacing - trim_var=$docker_registry - registry_host="${trim_var%%/*}" - /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker -fi - -mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container - -# NOTE(flaper87): Heat Agent required mounts -AGENT_COMMAND_MOUNTS="\ --v /var/lib/etc-data:/var/lib/etc-data \ --v /run:/run \ --v /etc/hosts:/etc/hosts \ --v /etc:/host/etc \ --v /var/lib/dhclient:/var/lib/dhclient \ --v /var/lib/cloud:/var/lib/cloud \ --v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ --v /var/lib/os-collect-config:/var/lib/os-collect-config \ --v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \ --v /var/lib/heat-config:/var/lib/heat-config \ --v /etc/sysconfig/docker:/etc/sysconfig/docker \ --v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \ --v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2 \ --v /usr/bin/docker:/usr/bin/docker \ --v /usr/bin/docker-current:/usr/bin/docker-current \ --v /var/lib/os-collect-config:/var/lib/os-collect-config" - -# heat-docker-agents service -cat <<EOF > /etc/systemd/system/heat-docker-agents.service -[Unit] -Description=Heat Docker Agent Container -After=docker.service -Requires=docker.service -Before=os-collect-config.service -Conflicts=os-collect-config.service - -[Service] -User=root -Restart=always -ExecStartPre=-/usr/bin/docker rm -f heat-agents -ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \ - $AGENT_COMMAND_MOUNTS \ - --entrypoint=/usr/bin/os-collect-config $agent_image -ExecStop=/usr/bin/docker stop heat-agents - -[Install] -WantedBy=multi-user.target -EOF - -# enable and start heat-docker-agents -/usr/bin/systemctl enable heat-docker-agents.service -/usr/bin/systemctl start --no-block heat-docker-agents.service - -# Disable libvirtd -/usr/bin/systemctl disable libvirtd.service -/usr/bin/systemctl stop libvirtd.service |