summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/README-containers.md50
-rw-r--r--docker/compute-post.yaml228
-rw-r--r--docker/copy-etc.sh3
-rw-r--r--docker/firstboot/install_docker_agents.yaml28
-rw-r--r--docker/firstboot/start_docker_agents.sh74
-rw-r--r--environments/docker-rdo.yaml17
-rw-r--r--puppet/hieradata/controller.yaml1
-rw-r--r--puppet/manifests/overcloud_controller.pp3
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp13
9 files changed, 409 insertions, 8 deletions
diff --git a/docker/README-containers.md b/docker/README-containers.md
new file mode 100644
index 00000000..0e67c183
--- /dev/null
+++ b/docker/README-containers.md
@@ -0,0 +1,50 @@
+# Using Docker Containers With TripleO
+
+## Configuring TripleO with to use a container based compute node.
+
+Steps include:
+- Adding a base OS image to glance
+- Deploy an overcloud configured to use the docker compute heat templates
+
+## Getting base OS image working.
+
+Download the fedora atomic image into glance:
+
+```
+wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2
+glance image-create --name fedora-atomic --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare
+```
+
+## Configuring TripleO
+
+You can use the tripleo.sh script up until the point of running the Overcloud.
+https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh
+
+Create the Overcloud:
+```
+$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker-rdo.yaml --libvirt-type=qemu
+```
+
+Source the overcloudrc and then you can use the overcloud.
+
+## Debugging
+
+You can ssh into the controller/compute nodes by using the heat key, eg:
+```
+nova list
+ssh heat-admin@<compute_node_ip>
+```
+
+You can check to see what docker containers are running:
+```
+sudo docker ps -a
+```
+
+To enter a container that doesn't seem to be working right:
+```
+sudo docker exec -ti <container name> /bin/bash
+```
+
+Then you can check logs etc.
+
+You can also just do a 'docker logs' on a given container.
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml
new file mode 100644
index 00000000..0d049ebc
--- /dev/null
+++ b/docker/compute-post.yaml
@@ -0,0 +1,228 @@
+heat_template_version: 2015-04-30
+
+description: >
+ OpenStack compute node post deployment for Docker.
+
+parameters:
+ servers:
+ type: json
+ NodeConfigIdentifiers:
+ type: json
+ description: Value which changes if the node configuration may need to be re-applied
+ DockerComputeImage:
+ type: string
+ DockerComputeDataImage:
+ type: string
+ DockerLibvirtImage:
+ type: string
+ DockerNeutronAgentImage:
+ type: string
+ DockerOpenvswitchImage:
+ type: string
+ DockerOvsVswitchdImage:
+ type: string
+ DockerOpenvswitchDBImage:
+ type: string
+
+resources:
+
+ ComputePuppetConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_hiera: True
+ enable_facter: False
+ tags: package,file,concat,file_line,nova_config,neutron_config,neutron_agent_ovs,neutron_plugin_ml2
+ inputs:
+ - name: tripleo::packages::enable_install
+ type: Boolean
+ default: True
+ outputs:
+ - name: result
+ config:
+ get_file: ../puppet/manifests/overcloud_compute.pp
+
+ ComputePuppetDeployment:
+ type: OS::Heat::SoftwareDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: ComputePuppetConfig}
+ input_values:
+ update_identifier: {get_param: NodeConfigIdentifiers}
+ tripleo::packages::enable_install: True
+
+ CopyEtcConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ outputs:
+ - name: result
+ config: {get_file: ./copy-etc.sh}
+
+ CopyEtcDeployment:
+ type: OS::Heat::SoftwareDeployments
+ depends_on: ComputePuppetDeployment
+ properties:
+ config: {get_resource: CopyEtcConfig}
+ servers: {get_param: servers}
+
+ NovaComputeContainersDeploymentOVS:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ config: {get_resource: NovaComputeContainersConfigOVS}
+ servers: {get_param: servers}
+
+ NovaComputeContainersConfigOVS:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: docker-compose
+ config:
+ ovsvswitchd:
+ image: {get_param: DockerOvsVswitchdImage}
+ container_name: ovs-vswitchd
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ - /run:/run
+ - /lib/modules:/lib/modules:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+
+ openvswitchdb:
+ image: {get_param: DockerOpenvswitchDBImage}
+ container_name: ovs-db-server
+ net: host
+ restart: always
+ volumes:
+ - /run:/run
+ environment:
+ - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+
+ NovaComputeContainersDeploymentNetconfig:
+ type: OS::Heat::SoftwareDeployments
+ depends_on: NovaComputeContainersDeploymentOVS
+ properties:
+ config: {get_resource: NovaComputeContainersConfigNetconfig}
+ servers: {get_param: servers}
+
+ # We run os-net-config here because we depend on the ovs containers to be up
+ # and running before we configure the network. This allows explicit timing
+ # of the network configuration.
+ NovaComputeContainersConfigNetconfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ outputs:
+ - name: result
+ config: |
+ #!/bin/bash
+ /usr/local/bin/run-os-net-config
+
+ LibvirtContainersDeployment:
+ type: OS::Heat::StructuredDeployments
+ depends_on: [CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig]
+ properties:
+ config: {get_resource: LibvirtContainersConfig}
+ servers: {get_param: servers}
+
+ LibvirtContainersConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: docker-compose
+ config:
+ computedata:
+ image: {get_param: DockerComputeDataImage}
+ container_name: computedata
+
+ libvirt:
+ image: {get_param: DockerLibvirtImage}
+ container_name: libvirt
+ net: host
+ pid: host
+ privileged: true
+ restart: always
+ volumes:
+ - /run:/run
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/etc-data/libvirt/libvirtd.conf:/opt/kolla/libvirtd/libvirtd.conf
+ - /var/lib/nova/instances:/var/lib/nova/instances
+ environment:
+ - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+ volumes_from:
+ - computedata
+
+ NovaComputeContainersDeployment:
+ type: OS::Heat::StructuredDeployments
+ depends_on: [CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment]
+ properties:
+ config: {get_resource: NovaComputeContainersConfig}
+ servers: {get_param: servers}
+
+ NovaComputeContainersConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: docker-compose
+ config:
+ openvswitch:
+ image: {get_param: DockerOpenvswitchImage}
+ container_name: openvswitch
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ - /run:/run
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/etc-data/neutron/neutron.conf:/etc/kolla/neutron-openvswitch-agent/:ro
+ - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/etc/kolla/neutron-openvswitch-agent/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+ volumes_from:
+ - computedata
+ # FIXME: Kolla now uses a JSON model to run custom commands. We rebuilt a custom container to read in KOLLA_COMMAND_ARGS
+
+ # FIXME: Here we're subjugating kolla's start scripts because we want our custom run command
+ neutronagent:
+ image: {get_param: DockerOpenvswitchImage}
+ container_name: neutronagent
+ net: host
+ pid: host
+ privileged: true
+ restart: always
+ volumes:
+ - /run:/run
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/etc-data/neutron/neutron.conf:/etc/neutron/neutron.conf:ro
+ - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+ # FIXME: Kolla now uses a JSON model to run custom commands. We rebuilt a custom container to read in KOLLA_COMMAND_ARGS
+ - KOLLA_COMMAND_ARGS=--config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ volumes_from:
+ - computedata
+
+ novacompute:
+ image: {get_param: DockerComputeImage}
+ container_name: novacompute
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ - /run:/run
+ - /sys/fs/cgroup:/sys/fs/cgroup
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/etc-data/:/etc/:ro
+ - /var/lib/nova/instances:/var/lib/nova/instances
+ volumes_from:
+ - computedata
+ # FIXME: this skips the kolla start.sh script and just starts Nova
+ # Ideally we'd have an environment that switched the kolla container
+ # to be externally configured.
+ command: /usr/bin/nova-compute
+
+ ExtraConfig:
+ depends_on: NovaComputeContainersDeployment
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: servers}
diff --git a/docker/copy-etc.sh b/docker/copy-etc.sh
new file mode 100644
index 00000000..1a6cd520
--- /dev/null
+++ b/docker/copy-etc.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+echo "Copying agent container /etc to /var/lib/etc-data"
+cp -a /etc/* /var/lib/etc-data/
diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml
new file mode 100644
index 00000000..8adc8939
--- /dev/null
+++ b/docker/firstboot/install_docker_agents.yaml
@@ -0,0 +1,28 @@
+heat_template_version: 2014-10-16
+
+parameters:
+ DockerAgentImage:
+ type: string
+ default: dprince/heat-docker-agents-centos
+
+resources:
+
+ userdata:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: install_docker_agents}
+
+ install_docker_agents:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ str_replace:
+ params:
+ $agent_image: {get_param: DockerAgentImage}
+ template: {get_file: ./start_docker_agents.sh}
+
+outputs:
+ OS::stack_id:
+ value: {get_resource: userdata}
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
new file mode 100644
index 00000000..caf511bd
--- /dev/null
+++ b/docker/firstboot/start_docker_agents.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+set -eux
+
+# firstboot isn't split out by role yet so we handle it this way
+if ! hostname | grep compute &>/dev/null; then
+ echo "Exiting. This script is only for the compute role."
+ exit 0
+fi
+
+mkdir -p /var/lib/etc-data/ #FIXME: this should be a docker data container
+
+# heat-docker-agents service
+cat <<EOF > /etc/systemd/system/heat-docker-agents.service
+
+[Unit]
+Description=Heat Docker Agent Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+User=root
+Restart=on-failure
+ExecStartPre=-/usr/bin/docker kill heat-agents
+ExecStartPre=-/usr/bin/docker rm heat-agents
+ExecStartPre=/usr/bin/docker pull $agent_image
+ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools --entrypoint=/usr/bin/os-collect-config $agent_image
+ExecStop=/usr/bin/docker stop heat-agents
+
+[Install]
+WantedBy=multi-user.target
+
+EOF
+
+# update docker for local insecure registry(optional)
+# Note: This is different for different docker versions
+# For older docker versions < 1.4.x use commented line
+#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
+#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
+
+# Local docker registry 1.8
+#/bin/sed -i s/ADD_REGISTRY/#ADD_REGISTRY/ /etc/sysconfig/docker
+
+/sbin/setenforce 0
+/sbin/modprobe ebtables
+
+# Create /var/lib/etc-data for now. FIXME: This should go into a data container.
+#mkdir -p /var/lib/etc-data
+
+echo nameserver 8.8.8.8 > /etc/resolv.conf
+
+# We need hostname -f to return in a centos container for the puppet hook
+HOSTNAME=$(hostname)
+echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
+
+# Another hack.. we need latest docker..
+/usr/bin/systemctl stop docker.service
+/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-latest
+/bin/mount -o remount,rw /usr
+/bin/rm /bin/docker
+/bin/cp /tmp/docker /bin/docker
+/bin/chmod 755 /bin/docker
+
+# enable and start docker
+/usr/bin/systemctl enable docker.service
+/usr/bin/systemctl restart --no-block docker.service
+
+# enable and start heat-docker-agents
+chmod 0640 /etc/systemd/system/heat-docker-agents.service
+/usr/bin/systemctl enable heat-docker-agents.service
+/usr/bin/systemctl start --no-block heat-docker-agents.service
+
+# Disable NetworkManager and let the ifup/down scripts work properly.
+/usr/bin/systemctl disable NetworkManager
+/usr/bin/systemctl stop NetworkManager
diff --git a/environments/docker-rdo.yaml b/environments/docker-rdo.yaml
new file mode 100644
index 00000000..d5791369
--- /dev/null
+++ b/environments/docker-rdo.yaml
@@ -0,0 +1,17 @@
+resource_registry:
+ # Docker container with heat agents for containerized compute node.
+ OS::TripleO::ComputePostDeployment: ../docker/compute-post.yaml
+ OS::TripleO::NodeUserData: ../docker/firstboot/install_docker_agents.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml
+
+parameters:
+ NovaImage: fedora-atomic
+
+parameter_defaults:
+ DockerComputeImage: rthallisey/centos-binary-nova-compute:liberty
+ DockerComputeDataImage: kollaglue/centos-rdo-nova-compute-data:liberty2
+ DockerLibvirtImage: kollaglue/centos-rdo-nova-libvirt:liberty2
+ DockerNeutronAgentImage: kollaglue/centos-rdo-neutron-agents:liberty2
+ DockerOpenvswitchImage: rthallisey/centos-rdo-neutron-openvswitch-agent:latest
+ DockerOvsVswitchdImage: kollaglue/centos-rdo-ovs-vswitchd:liberty2
+ DockerOpenvswitchDBImage: kollaglue/centos-rdo-ovs-db-server:liberty2
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index a66c1eaa..a4e2766b 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -95,7 +95,6 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
# mysql
mysql::server::manage_config_file: true
-mysql::server::remove_default_accounts: true
tripleo::loadbalancer::keystone_admin: true
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index c857c5c5..c3302362 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -84,7 +84,8 @@ if hiera('step') >= 2 {
'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
},
- }
+ },
+ remove_default_accounts => true,
}
# FIXME: this should only occur on the bootstrap host (ditto for db syncs)
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index c8a84c93..b8fa89f8 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -158,12 +158,13 @@ if hiera('step') >= 1 {
}
class { '::mysql::server':
- create_root_user => false,
- create_root_my_cnf => false,
- config_file => $mysql_config_file,
- override_options => $mysqld_options,
- service_manage => false,
- service_enabled => false,
+ create_root_user => false,
+ create_root_my_cnf => false,
+ config_file => $mysql_config_file,
+ override_options => $mysqld_options,
+ remove_default_accounts => $pacemaker_master,
+ service_manage => false,
+ service_enabled => false,
}
}