11 files changed, 83 insertions, 142 deletions
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index 40e5248a..1c5cc18d 100755
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -1,76 +1,56 @@
 #!/bin/bash
 set -eux
 
-/sbin/setenforce 0
-/sbin/modprobe ebtables
-
-# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
-chmod 666 /dev/pts/ptmx
-
-# We need hostname -f to return in a centos container for the puppet hook
-HOSTNAME=$(hostname)
-echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-
-# update docker for local insecure registry(optional)
-# Note: This is different for different docker versions
-# For older docker versions < 1.4.x use commented line
-#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
-#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
+# TODO remove this when built image includes docker
+if [ ! -f "/usr/bin/docker" ]; then
+    yum -y install docker
+fi
 
 # Local docker registry 1.8
 # NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is
 # a place holder for text replacement done via heat
-if [ "$docker_namespace_is_registry" = True ]; then
+if [ "$docker_namespace_is_registry" = "True" ]; then
     /usr/bin/systemctl stop docker.service
     # if namespace is used with local registry, trim all namespacing
     trim_var=$docker_registry
     registry_host="${trim_var%%/*}"
     /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker
-    /usr/bin/systemctl start --no-block docker.service
 fi
 
-/usr/bin/docker pull $agent_image &
-DOCKER_PULL_PID=$!
-
 mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
 
 # NOTE(flaper87): Heat Agent required mounts
-AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \
-                      -v /run:/run \
-                      -v /etc:/host/etc \
-                      -v /usr/bin/atomic:/usr/bin/atomic \
-                      -v /var/lib/dhclient:/var/lib/dhclient \
-                      -v /var/lib/cloud:/var/lib/cloud \
-                      -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
-                      -v /etc/sysconfig/docker:/etc/sysconfig/docker \
-                      -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
-                      -v /var/lib/os-collect-config:/var/lib/os-collect-config \
-                      -v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \
-                      -v /var/lib/heat-config:/var/lib/heat-config \
-                      -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2"
-
-
-# NOTE(flaper87): Some of these commands may not be present depending on the
-# atomic version.
-for docker_cmd in docker docker-current docker-latest; do
-    if [ -f "/usr/bin/$docker_cmd" ]; then
-        AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd"
-    fi
-done
+AGENT_COMMAND_MOUNTS="\
+-v /var/lib/etc-data:/var/lib/etc-data \
+-v /run:/run \
+-v /etc/hosts:/etc/hosts \
+-v /etc:/host/etc \
+-v /var/lib/dhclient:/var/lib/dhclient \
+-v /var/lib/cloud:/var/lib/cloud \
+-v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
+-v /var/lib/os-collect-config:/var/lib/os-collect-config \
+-v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \
+-v /var/lib/heat-config:/var/lib/heat-config \
+-v /etc/sysconfig/docker:/etc/sysconfig/docker \
+-v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
+-v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2 \
+-v /usr/bin/docker:/usr/bin/docker \
+-v /usr/bin/docker-current:/usr/bin/docker-current \
+-v /var/lib/os-collect-config:/var/lib/os-collect-config"
 
 # heat-docker-agents service
 cat <<EOF > /etc/systemd/system/heat-docker-agents.service
-
 [Unit]
 Description=Heat Docker Agent Container
 After=docker.service
 Requires=docker.service
+Before=os-collect-config.service
+Conflicts=os-collect-config.service
 
 [Service]
 User=root
-Restart=on-failure
-ExecStartPre=-/usr/bin/docker kill heat-agents
-ExecStartPre=-/usr/bin/docker rm heat-agents
+Restart=always
+ExecStartPre=-/usr/bin/docker rm -f heat-agents
 ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \
     $AGENT_COMMAND_MOUNTS \
     --entrypoint=/usr/bin/os-collect-config $agent_image
@@ -78,35 +58,12 @@ ExecStop=/usr/bin/docker stop heat-agents
 
 [Install]
 WantedBy=multi-user.target
-
 EOF
 
 # enable and start heat-docker-agents
-chmod 0640 /etc/systemd/system/heat-docker-agents.service
 /usr/bin/systemctl enable heat-docker-agents.service
 /usr/bin/systemctl start --no-block heat-docker-agents.service
 
-# Disable NetworkManager and let the ifup/down scripts work properly.
-/usr/bin/systemctl disable NetworkManager
-/usr/bin/systemctl stop NetworkManager
-
-# Atomic's root partition & logical volume defaults to 3G.  In order to launch
-# larger VMs, we need to enlarge the root logical volume and scale down the
-# docker_pool logical volume. We are allocating 80% of the disk space for
-# vm data and the remaining 20% for docker images.
-ATOMIC_ROOT='/dev/mapper/atomicos-root'
-ROOT_DEVICE=`pvs -o vg_name,pv_name --no-headings | grep atomicos | awk '{ print $2}'`
-
-growpart $( echo "${ROOT_DEVICE}" | sed -r 's/([^0-9]*)([0-9]+)/\1 \2/' )
-pvresize "${ROOT_DEVICE}"
-lvresize -l +80%FREE "${ATOMIC_ROOT}"
-xfs_growfs "${ATOMIC_ROOT}"
-
-cat <<EOF > /etc/sysconfig/docker-storage-setup
-GROWPART=true
-AUTO_EXTEND_POOL=yes
-POOL_AUTOEXTEND_PERCENT=30
-POOL_AUTOEXTEND_THRESHOLD=70
-EOF
-
-wait $DOCKER_PULL_PID
+# Disable libvirtd
+/usr/bin/systemctl disable libvirtd.service
+/usr/bin/systemctl stop libvirtd.service
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
index e08de11c..41d33895 100644
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@@ -25,16 +25,6 @@ parameters:
     default: 'tripleoupstream'
     type: string
 
-  DockerOpenvswitchDBImage:
-    description: image
-    default: 'centos-binary-openvswitch-db-server'
-    type: string
-
-  DockerOvsVswitchdImage:
-    description: image
-    default: 'centos-binary-openvswitch-vswitchd'
-    type: string
-
   LibvirtConfig:
     type: string
     default: "/etc/libvirt/libvirtd.conf"
@@ -206,52 +196,6 @@ resources:
         nova_config: {get_param: NovaConfig}
         neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig}
 
-  NovaComputeContainersDeploymentOVS:
-    type: OS::Heat::StructuredDeploymentGroup
-    depends_on: CopyJsonDeployment
-    properties:
-      name: NovaComputeContainersDeploymentOVS
-      config: {get_resource: NovaComputeContainersConfigOVS}
-      servers: {get_param: [servers, {{role.name}}]}
-
-  NovaComputeContainersConfigOVS:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: docker-cmd
-      config:
-        openvswitchdb:
-          image:
-            list_join:
-              - '/'
-              - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ]
-          net: host
-          restart: always
-          volumes:
-            - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json
-            - /etc/localtime:/etc/localtime:ro
-            - /run:/run
-            - logs:/var/log/kolla/
-            - openvswitch_db:/var/lib/openvswitch/
-          environment:
-            - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
-        ovsvswitchd:
-          image:
-            list_join:
-              - '/'
-              - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ]
-          net: host
-          privileged: true
-          restart: always
-          volumes:
-            - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json
-            - /etc/localtime:/etc/localtime:ro
-            - /lib/modules:/lib/modules:ro
-            - /run:/run
-            - logs:/var/log/kolla/
-          environment:
-            - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
   {{role.name}}ContainersConfig_Step1:
     type: OS::Heat::StructuredConfig
     depends_on: CopyJsonDeployment
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 9b0f65f9..4f5b36b4 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -13,7 +13,6 @@ resource_registry:
   OS::TripleO::Services: ../docker/services/services.yaml
 
 parameter_defaults:
-  NovaImage: atomic-image
   # Defaults to 'tripleoupstream'.  Specify a local docker registry
   # Example: 192.0.2.1:8787/tripleoupstream
   DockerNamespace: tripleoupstream
@@ -24,8 +23,6 @@ parameter_defaults:
   DockerNovaComputeImage: centos-binary-nova-compute:newton
   DockerLibvirtImage: centos-binary-nova-libvirt:newton
   DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:newton
-  DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:newton
-  DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:newton
 
   ComputeServices:
     - OS::TripleO::Services::NovaCompute
diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml
index bafb2a73..3da560c8 100644
--- a/environments/neutron-ml2-ovn.yaml
+++ b/environments/neutron-ml2-ovn.yaml
@@ -8,10 +8,10 @@ resource_registry:
 # Disabling Neutron services that overlap with OVN
   OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml
 
 parameter_defaults:
   NeutronMechanismDrivers: ovn
-  OVNDbHost: '0.0.0.0'
   OVNSouthboundServerPort: 6642
   OVNNorthboundServerPort: 6641
   OVNDbConnectionTimeout: 60
@@ -19,3 +19,4 @@ parameter_defaults:
   OVNNeutronSyncMode: log
   OVNQosDriver: ovn-qos
   OVNTunnelEncapType: geneve
+  NeutronEnableDHCPAgent: false
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index a75ee56f..b2201452 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -58,6 +58,7 @@ parameters:
       CephRgwNetwork: storage
       PublicNetwork: external
       OpendaylightApiNetwork: internal_api
+      OvnDbsNetwork: internal_api
       MistralApiNetwork: internal_api
       ZaqarApiNetwork: internal_api
       # We special-case the default ResolveNetwork for the CephStorage role
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 3c1c435d..1a73b7fc 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -153,6 +153,8 @@ resource_registry:
   OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml
   OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
   OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml
+  OS::TripleO::Services::OVNDBs: OS::Heat::None
+
   OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
   OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
   OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 9022cd94..4e735b45 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -58,6 +58,7 @@ outputs:
                   "%{hiera('fqdn_$NETWORK')}"
                 params:
                   $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
+            aodh::wsgi::apache::wsgi_process_display_name: 'aodh_wsgi'
             aodh::api::service_name: 'httpd'
             aodh::api::enable_proxy_headers_parsing: true
             tripleo.aodh_api.firewall_rules:
diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml
index c7f8b924..59346edc 100644
--- a/puppet/services/neutron-plugin-ml2-ovn.yaml
+++ b/puppet/services/neutron-plugin-ml2-ovn.yaml
@@ -18,13 +18,6 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
-  OVNDbHost:
-    description: IP address on which the OVN DB servers are listening
-    type: string
-  OVNNorthboundServerPort:
-    description: Port of the OVN Northbound DB server
-    type: number
-    default: 6641
   OVNDbConnectionTimeout:
     description: Timeout in seconds for the OVSDB connection transaction
     type: number
@@ -68,9 +61,7 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [NeutronMl2Base, role_data, config_settings]
-          - ovn::northbound::port: {get_param: OVNNorthboundServerPort}
-            tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_db_host: {get_param: OVNDbHost}
-            neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
+          - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
             neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
             neutron::plugins::ovn::ovn_l3_mode: true
             neutron::plugins::ovn::vif_type: {get_param: OVNVifType}
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index 28678ff3..9793c8e1 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -123,3 +123,9 @@ outputs:
           - compute_upgrade_level_empty
           - {}
           - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute}
+      service_config_settings:
+        mysql:
+          nova::rabbit_password: {get_param: RabbitPassword}
+          nova::rabbit_userid: {get_param: RabbitUserName}
+          nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+          nova::rabbit_port: {get_param: RabbitClientPort}
diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml
new file mode 100644
index 00000000..302628d4
--- /dev/null
+++ b/puppet/services/ovn-dbs.yaml
@@ -0,0 +1,40 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OVN databases configured with puppet
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  OVNNorthboundServerPort:
+    description: Port of the OVN Northbound DB server
+    type: number
+    default: 6641
+  OVNSouthboundServerPort:
+    description: Port of the OVN Southbound DB server
+    type: number
+    default: 6642
+
+outputs:
+  role_data:
+    description: Role data for the OVN northd service
+    value:
+      service_name: ovn_dbs
+      config_settings:
+          ovn::northbound::port: {get_param: OVNNorthboundServerPort}
+          ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+          ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
+      step_config: |
+        include ::tripleo::profile::base::neutron::ovn_northd
diff --git a/roles_data.yaml b/roles_data.yaml
index 81ddf9ca..e96bd78d 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -97,6 +97,7 @@
     - OS::TripleO::Services::BarbicanApi
     - OS::TripleO::Services::PankoApi
     - OS::TripleO::Services::Zaqar
+    - OS::TripleO::Services::OVNDBs
 
 - name: Compute
   CountDefault: 1