9 files changed, 74 insertions, 46 deletions
diff --git a/all-nodes-validation.yaml b/all-nodes-validation.yaml
index 65d01d0f..eea3e40a 100644
--- a/all-nodes-validation.yaml
+++ b/all-nodes-validation.yaml
@@ -10,6 +10,10 @@ parameters:
     default: ''
     description: A string containing a space separated list of IP addresses used to ping test each available network interface.
     type: string
+  ValidateFqdn:
+    default: false
+    description: Optional validation to ensure FQDN as set by Nova matches the name set in /etc/hosts.
+    type: boolean
 
 resources:
   AllNodesValidationsImpl:
@@ -19,6 +23,8 @@ resources:
       inputs:
         - name: ping_test_ips
           default: {get_param: PingTestIps}
+        - name: validate_fqdn
+          default: {get_param: ValidateFqdn}
       config: {get_file: ./validation-scripts/all-nodes.sh}
 
 outputs:
diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh
index b2287e91..8b4c6a03 100755
--- a/docker/firstboot/setup_docker_host.sh
+++ b/docker/firstboot/setup_docker_host.sh
@@ -1,26 +1,8 @@
 #!/bin/bash
 set -eux
-# TODO This would be better in puppet
+# This file contains setup steps that can't be or have not yet been moved to
+# puppet
 
-# TODO remove this when built image includes docker
-if [ ! -f "/usr/bin/docker" ]; then
-    yum -y install docker
-fi
-
-# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is
-# a place holder for text replacement done via heat
-if [ "$docker_namespace_is_registry" = "True" ]; then
-    /usr/bin/systemctl stop docker.service
-    # if namespace is used with local registry, trim all namespacing
-    trim_var=$docker_registry
-    registry_host="${trim_var%%/*}"
-    /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker
-fi
-
-# enable and start docker
-/usr/bin/systemctl enable docker.service
-/usr/bin/systemctl start docker.service
-
-# Disable libvirtd
+# Disable libvirtd since it conflicts with nova_libvirt container
 /usr/bin/systemctl disable libvirtd.service
 /usr/bin/systemctl stop libvirtd.service
diff --git a/docker/services/README.rst b/docker/services/README.rst
index 881a2a37..71b0d3d4 100644
--- a/docker/services/README.rst
+++ b/docker/services/README.rst
@@ -65,20 +65,29 @@ are re-asserted when applying latter ones.
    below and the related docker-cmd hook documentation in the heat-agents
    project.
 
- * puppet_tags: Puppet resource tag names that are used to generate config
-   files with puppet. Only the named config resources are used to generate
-   a config file. Any service that specifies tags will have the default
-   tags of 'file,concat,file_line' appended to the setting.
-   Example: keystone_config
-
- * config_volume: The name of the volume (directory) where config files
-   will be generated for this service. Use this as the location to
-   bind mount into the running Kolla container for configuration.
-
- * config_image: The name of the docker image that will be used for
-   generating configuration files. This is often the same value as
-   'docker_image' above but some containers share a common set of
-   config files which are generated in a common base container.
+ * puppet_config: This section is a nested set of key value pairs
+   that drive the creation of config files using puppet.
+   Required parameters include:
+
+     * puppet_tags: Puppet resource tag names that are used to generate config
+       files with puppet. Only the named config resources are used to generate
+       a config file. Any service that specifies tags will have the default
+       tags of 'file,concat,file_line' appended to the setting.
+       Example: keystone_config
+
+     * config_volume: The name of the volume (directory) where config files
+       will be generated for this service. Use this as the location to
+       bind mount into the running Kolla container for configuration.
+
+     * config_image: The name of the docker image that will be used for
+       generating configuration files. This is often the same container
+       that the runtime service uses. Some services share a common set of
+       config files which are generated in a common base container.
+
+     * step_config: This setting controls the manifest that is used to
+       create docker config files via puppet. The puppet tags below are
+       used along with this manifest to generate a config directory for
+       this container.
 
  * docker_puppet_tasks: This section provides data to drive the
    docker-puppet.py tool directly. The task is executed only once
diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml
index c24d5b26..ad556e0c 100644
--- a/docker/services/nova-scheduler.yaml
+++ b/docker/services/nova-scheduler.yaml
@@ -55,13 +55,13 @@ outputs:
           - '/'
           - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ]
       puppet_config:
-      config_volume: nova
-      puppet_tags: nova_config
-      step_config: *step_config
-      config_image:
-        list_join:
-        - '/'
-        - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
+        config_volume: nova
+        puppet_tags: nova_config
+        step_config: *step_config
+        config_image:
+          list_join:
+          - '/'
+          - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ]
       kolla_config:
          /var/lib/kolla/config_files/nova_scheduler.json:
            command: /usr/bin/nova-scheduler
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 3696f908..8a977f26 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -3,6 +3,8 @@ resource_registry:
   # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
   # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
   OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
+  # The compute node still needs extra initialization steps
+  OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
 
   #NOTE (dprince) add roles to be docker enabled as we support them
   OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml
@@ -55,3 +57,4 @@ parameter_defaults:
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Docker
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index f40c8d99..f9a15391 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -232,7 +232,7 @@ outputs:
             keystone::cron::token_flush::maxdelay: 3600
             keystone::roles::admin::service_tenant: 'service'
             keystone::roles::admin::admin_tenant: 'admin'
-            keystone::cron::token_flush::destination: '/dev/null'
+            keystone::cron::token_flush::destination: '/var/log/keystone/keystone-tokenflush.log'
             keystone::config::keystone_config:
               ec2/driver:
                 value: 'keystone.contrib.ec2.backends.sql.Ec2'
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 9b0d2de1..0c3cc1ec 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -31,9 +31,9 @@ parameters:
     description: Timeout for requests going from swift-proxy to swift a/c/o services.
     type: number
   SwiftWorkers:
-    default: 0
+    default: auto
     description: Number of workers for Swift service.
-    type: number
+    type: string
   KeystoneRegion:
     type: string
     default: 'regionOne'
diff --git a/puppet/services/vpp.yaml b/puppet/services/vpp.yaml
index 59866d39..7c8f8a28 100644
--- a/puppet/services/vpp.yaml
+++ b/puppet/services/vpp.yaml
@@ -42,6 +42,16 @@ outputs:
       step_config: |
         include ::tripleo::profile::base::vpp
       upgrade_tasks:
+        - name: Check if vpp is deployed
+          command: systemctl is-enabled vpp
+          tags: common
+          ignore_errors: True
+          register: vpp_enabled
+        - name: "PreUpgrade step0,validation: Check service vpp is running"
+          shell: /usr/bin/systemctl show 'vpp' --property ActiveState | grep '\bactive\b'
+          when: vpp_enabled.rc == 0
+          tags: step0,validation
         - name: Stop vpp service
-          tags: step2
+          tags: step1
+          when: vpp_enabled.rc == 0
           service: name=vpp state=stopped
diff --git a/validation-scripts/all-nodes.sh b/validation-scripts/all-nodes.sh
index 0b8b3523..f1f4cc11 100644
--- a/validation-scripts/all-nodes.sh
+++ b/validation-scripts/all-nodes.sh
@@ -67,5 +67,23 @@ function ping_default_gateways() {
   echo "SUCCESS"
 }
 
+# Verify the FQDN from the nova/ironic deployment matches
+# FQDN in the heat templates.
+function fqdn_check() {
+  HOSTNAME=$(hostname)
+  SHORT_NAME=$(hostname -s)
+  FQDN_FROM_HOSTS=$(awk '$3 == "'${SHORT_NAME}'"{print $2}' /etc/hosts)
+  echo -n "Checking hostname vs /etc/hosts entry..."
+  if [[ $HOSTNAME != $FQDN_FROM_HOSTS ]]; then
+    echo "FAILURE"
+    echo -e "System hostname: ${HOSTNAME}\nEntry from /etc/hosts: ${FQDN_FROM_HOSTS}\n"
+    exit 1
+  fi
+  echo "SUCCESS"
+}
+
 ping_controller_ips "$ping_test_ips"
 ping_default_gateways
+if [[ $validate_fqdn == "True" ]];then
+  fqdn_check
+fi