diff options
Diffstat (limited to 'docker/services')
78 files changed, 2000 insertions, 439 deletions
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index bda5469a..fc1c3168 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-api:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,13 +77,18 @@ outputs: config_volume: aodh puppet_tags: aodh_api_paste_ini,aodh_config step_config: *step_config - config_image: &aodh_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: /var/lib/kolla/config_files/aodh_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -88,14 +97,17 @@ outputs: # db sync runs before permissions set by kolla_config step_2: aodh_init_log: - image: *aodh_image + image: &aodh_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] user: root volumes: - /var/log/containers/aodh:/var/log/aodh command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh'] step_3: aodh_db_sync: - image: *aodh_image + image: *aodh_api_image net: host privileged: false detach: false @@ -109,7 +121,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync" step_4: aodh_api: - image: *aodh_image + image: *aodh_api_image net: host privileged: false restart: always @@ -118,11 +130,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/aodh/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh - if: diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 74ac635f..2398baab 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-evaluator:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,13 +69,18 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_evaluator_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: /var/lib/kolla/config_files/aodh_evaluator.json: command: /usr/bin/aodh-evaluator + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -79,7 +88,10 @@ outputs: docker_config: step_4: aodh_evaluator: - image: *aodh_evaluator_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] net: host privileged: false restart: always @@ -88,7 +100,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 0930f42e..9e89385d 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-listener:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,13 +69,18 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_listener_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: /var/lib/kolla/config_files/aodh_listener.json: command: /usr/bin/aodh-listener + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -79,7 +88,10 @@ outputs: docker_config: step_4: aodh_listener: - image: *aodh_listener_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] net: host privileged: false restart: always @@ -88,7 +100,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index 607d9997..0fc65fff 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-notifier:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,13 +69,18 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_notifier_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: /var/lib/kolla/config_files/aodh_notifier.json: command: /usr/bin/aodh-notifier + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -79,7 +88,10 @@ outputs: docker_config: step_4: aodh_notifier: - image: *aodh_notifier_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] net: host privileged: false restart: always @@ -88,7 +100,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 9cec4a61..cef7b88d 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-central:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,18 +67,26 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_central_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: /var/lib/kolla/config_files/ceilometer_agent_central.json: command: /usr/bin/ceilometer-polling --polling-namespaces central + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_central_image + image: &ceilometer_agent_central_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -90,7 +102,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_5: diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index 8d06d094..ecb8e899 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-compute:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,17 +67,25 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_compute_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: /var/lib/kolla/config_files/ceilometer_agent_compute.json: command: /usr/bin/ceilometer-polling --polling-namespaces compute + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_4: ceilometer_agent_compute: - image: *ceilometer_agent_compute_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] net: host privileged: false restart: always @@ -82,7 +94,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro - /var/run/libvirt:/var/run/libvirt:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml index 02793e48..4bf75153 100644 --- a/docker/services/ceilometer-agent-ipmi.yaml +++ b/docker/services/ceilometer-agent-ipmi.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-ipmi:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,18 +67,26 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_ipmi_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: /var/lib/kolla/config_files/ceilometer-agent-ipmi.json: command: /usr/bin/ceilometer-polling --polling-namespaces ipmi + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_ipmi_image + image: &ceilometer_agent_ipmi_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ] user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -90,23 +102,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_5: - ceilometer_gnocchi_upgrade: - start_order: 1 - image: *ceilometer_agent_ipmi_image - net: host - detach: false - privileged: false - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - - /var/log/containers/ceilometer:/var/log/ceilometer - command: "/usr/bin/bootstrap_host_exec ceilometer su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" upgrade_tasks: - name: Stop and disable ceilometer agent ipmi service tags: step2 diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index 36424e91..a1579cc5 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-notification:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,18 +67,26 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_notification_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: /var/lib/kolla/config_files/ceilometer_agent_notification.json: command: /usr/bin/ceilometer-agent-notification + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_notification_image + image: &ceilometer_agent_notification_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -90,23 +102,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_5: - ceilometer_gnocchi_upgrade: - start_order: 1 - image: *ceilometer_agent_notification_image - net: host - detach: false - privileged: false - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - - /var/log/containers/ceilometer:/var/log/ceilometer - command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] upgrade_tasks: - name: Stop and disable ceilometer agent notification service tags: step2 diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 94bd66d8..07315e7e 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-api:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: @@ -82,6 +81,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/cinder_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -129,9 +133,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro - - /var/lib/config-data/cinder/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder - if: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 0958a7e8..8de1201f 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-backup:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: @@ -76,6 +75,19 @@ outputs: kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + # NOTE(mandre): the copy of ceph conf will need to go once we + # generate a ceph.conf for cinder in puppet + # Copy ceph config files before cinder ones as a precaution, for + # the later one to take precendence in case of duplicate files. + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/cinder owner: cinder:cinder @@ -107,8 +119,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + # FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 8199c34b..82813856 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-scheduler:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: @@ -76,6 +75,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/cinder_scheduler.json: command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -103,7 +107,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 26eb10e7..0ce098a3 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-volume:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: @@ -84,6 +83,19 @@ outputs: kolla_config: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + # NOTE(mandre): the copy of ceph conf will need to go once we + # generate a ceph.conf for cinder in puppet + # Copy ceph config files before cinder ones as a precaution, for + # the later one to take precendence in case of duplicate files. + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -112,8 +124,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + # FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index 7354898b..0593e412 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-collectd:latest' type: string + DockerCollectdConfigImage: + description: The container image to use for the collectd config_volume + default: 'centos-binary-collectd:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -55,7 +59,11 @@ outputs: description: Role data for the collectd role. value: service_name: {get_attr: [CollectdBase, role_data, service_name]} - config_settings: {get_attr: [CollectdBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [CollectdBase, role_data, config_settings] + - tripleo::profile::base::metrics::collectd::enable_file_logging: true + collectd::plugin::logfile::log_file: /var/log/collectd/collectd.log step_config: &step_config get_attr: [CollectdBase, role_data, step_config] service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]} @@ -64,17 +72,29 @@ outputs: config_volume: collectd puppet_tags: collectd_client_config step_config: *step_config - config_image: &collectd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCollectdConfigImage} ] kolla_config: /var/lib/kolla/config_files/collectd.json: command: /usr/sbin/collectd -f + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/collectd + owner: collectd:collectd + recurse: true docker_config: step_3: collectd: - image: *collectd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ] net: host privileged: true restart: always @@ -84,11 +104,15 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro + - /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/collectd + state: directory upgrade_tasks: - name: Stop and disable collectd service tags: step2 service: name=collectd.service state=stopped enabled=no - diff --git a/docker/services/congress-api.yaml b/docker/services/congress.yaml index 92b0eeb9..1d3ea0d8 100644 --- a/docker/services/congress-api.yaml +++ b/docker/services/congress.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-congress-api:latest' type: string DockerCongressConfigImage: - description: image + description: The container image to use for the congress config_volume default: 'centos-binary-congress-api:latest' type: string EndpointMap: @@ -44,7 +44,7 @@ resources: ContainersCommon: type: ./containers-common.yaml - CongressApiBase: + CongressBase: type: ../../puppet/services/congress.yaml properties: EndpointMap: {get_param: EndpointMap} @@ -57,13 +57,13 @@ outputs: role_data: description: Role data for the Congress API role. value: - service_name: {get_attr: [CongressApiBase, role_data, service_name]} + service_name: {get_attr: [CongressBase, role_data, service_name]} config_settings: map_merge: - - get_attr: [CongressApiBase, role_data, config_settings] + - get_attr: [CongressBase, role_data, config_settings] step_config: &step_config - get_attr: [CongressApiBase, role_data, step_config] - service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]} + get_attr: [CongressBase, role_data, step_config] + service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: congress @@ -76,6 +76,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/congress_api.json: command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/congress owner: congress:congress @@ -84,7 +89,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: congress_init_logs: - image: &congress_image + image: &congress_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ] @@ -95,7 +100,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress'] step_3: congress_db_sync: - image: *congress_image + image: *congress_api_image net: host privileged: false detach: false @@ -104,13 +109,16 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/congress/etc/:/etc/:ro + # FIXME(mandre) mounting /etc rw to workaround LP1696283 + # This should go away anyway and mount the exact files it + # needs or use kolla set_configs.py + - /var/lib/config-data/congress/etc/:/etc/ - /var/log/containers/congress:/var/log/congress command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'" step_4: congress_api: start_order: 15 - image: *congress_image + image: *congress_api_image net: host privileged: false restart: always @@ -119,7 +127,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro + - /var/lib/config-data/puppet-generated/congress/:/var/lib/kolla/config_files/src:ro - /var/log/containers/congress:/var/log/congress environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5d0eb79d..b5e7deab 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-mongodb:latest' type: string + DockerMongodbConfigImage: + description: The container image to use for the mongodb config_volume + default: 'centos-binary-mongodb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,13 +69,18 @@ outputs: config_volume: mongodb puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mongodb_image + config_image: &mongodb_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbConfigImage} ] kolla_config: /var/lib/kolla/config_files/mongodb.json: command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mongodb owner: mongodb:mongodb @@ -82,13 +91,15 @@ outputs: docker_config: step_2: mongodb: - image: *mongodb_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] net: host privileged: false volumes: &mongodb_volumes - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro - - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro + - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/mongodb:/var/log/mongodb - /var/lib/mongodb:/var/lib/mongodb @@ -100,7 +111,7 @@ outputs: config_volume: 'mongodb_init_tasks' puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset' step_config: 'include ::tripleo::profile::base::database::mongodb' - config_image: *mongodb_image + config_image: *mongodb_config_image volumes: - /var/lib/mongodb:/var/lib/mongodb - /var/log/containers/mongodb:/var/log/mongodb diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml new file mode 100644 index 00000000..38a31e24 --- /dev/null +++ b/docker/services/database/mysql-client.yaml @@ -0,0 +1,66 @@ +heat_template_version: pike + +description: > + Configuration for containerized MySQL clients + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlClientConfigImage: + description: The container image to use for the mysql_client config_volume + default: 'centos-binary-mariadb:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} + tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} + # BEGIN DOCKER SETTINGS # + step_config: "" + puppet_config: + config_volume: mysql_client + puppet_tags: file # set this even though file is the default + step_config: "include ::tripleo::profile::base::database::mysql::client" + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlClientConfigImage} ] + # no need for a docker config, this service only generates configuration files + docker_config: {} diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 9eabb719..61565357 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-mariadb:latest' type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume + default: 'centos-binary-mariadb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -74,13 +78,18 @@ outputs: config_volume: mysql puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mysql_image + config_image: &mysql_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlConfigImage} ] kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/bin/mysqld_safe + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mysql owner: mysql:mysql @@ -89,7 +98,10 @@ outputs: # Kolla_bootstrap runs before permissions set by kolla_config step_1: mysql_init_logs: - image: *mysql_image + image: &mysql_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] privileged: false user: root volumes: @@ -104,7 +116,7 @@ outputs: command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - /var/lib/mysql:/var/lib/mysql @@ -139,7 +151,7 @@ outputs: config_volume: 'mysql_init_tasks' puppet_tags: 'mysql_database,mysql_grant,mysql_user' step_config: 'include ::tripleo::profile::base::database::mysql' - config_image: *mysql_image + config_image: *mysql_config_image volumes: - /var/lib/mysql:/var/lib/mysql/:ro - /var/log/containers/mysql:/var/log/mariadb diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 9d0d30c8..494fe61b 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-redis:latest' type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume + default: 'centos-binary-redis:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -64,13 +68,18 @@ outputs: # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 puppet_tags: 'exec' step_config: *step_config - config_image: &redis_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/bin/redis-server /etc/redis.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/run/redis owner: redis:redis @@ -80,7 +89,10 @@ outputs: redis_init_logs: start_order: 0 detach: false - image: *redis_image + image: &redis_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] privileged: false user: root volumes: @@ -95,7 +107,7 @@ outputs: volumes: - /run:/run - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro + - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/redis:/var/log/redis environment: diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index bc3654b0..e02a1469 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ec2-api:latest' type: string + DockerEc2ApiConfigImage: + description: The container image to use for the ec2_api config_volume + default: 'centos-binary-ec2-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -60,22 +64,32 @@ outputs: service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: ec2api + config_volume: ec2_api puppet_tags: ec2api_api_paste_ini,ec2api_config step_config: *step_config - config_image: &ec2_api_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiConfigImage} ] kolla_config: /var/lib/kolla/config_files/ec2_api.json: command: /usr/bin/ec2-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ec2api owner: ec2api:ec2api recurse: true /var/lib/kolla/config_files/ec2_api_metadata.json: command: /usr/bin/ec2-api-metadata + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ec2api # default log dir for metadata service as well owner: ec2api:ec2api @@ -84,7 +98,10 @@ outputs: # db sync runs before permissions set by kolla_config step_2: ec2_api_init_logs: - image: *ec2_api_image + image: &ec2_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ] privileged: false user: root volumes: @@ -118,7 +135,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ec2_api:/var/log/ec2api environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -132,7 +149,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ec2_api_metadata:/var/log/ec2api environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml index 818bddd4..eb661af8 100644 --- a/docker/services/etcd.yaml +++ b/docker/services/etcd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-etcd:latest' type: string + DockerEtcdConfigImage: + description: The container image to use for the etcd config_volume + default: 'centos-binary-etcd:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -67,13 +71,18 @@ outputs: puppet_config: config_volume: etcd step_config: *step_config - config_image: &etcd_image + config_image: &etcd_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdConfigImage} ] kolla_config: /var/lib/kolla/config_files/etcd.json: command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/etcd owner: etcd:etcd @@ -81,7 +90,10 @@ outputs: docker_config: step_2: etcd: - image: *etcd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] net: host privileged: false restart: always @@ -89,7 +101,7 @@ outputs: - /var/lib/etcd:/var/lib/etcd - /etc/localtime:/etc/localtime:ro - /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/etcd/etc/etcd/etcd.yml:/etc/etcd/etcd.yml:ro + - /var/lib/config-data/puppet-generated/etcd/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -98,7 +110,7 @@ outputs: config_volume: 'etcd_init_tasks' puppet_tags: 'etcd_key' step_config: 'include ::tripleo::profile::base::etcd' - config_image: *etcd_image + config_image: *etcd_config_image volumes: - /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro - /var/lib/etcd:/var/lib/etcd:ro diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 5c244012..17d91107 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-glance-api:latest' type: string + DockerGlanceApiConfigImage: + description: The container image to use for the glance_api config_volume + default: 'centos-binary-glance-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -74,20 +78,33 @@ outputs: config_volume: glance_api puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config step_config: *step_config - config_image: &glance_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiConfigImage} ] kolla_config: /var/lib/kolla/config_files/glance_api.json: command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config step_2: glance_init_logs: - image: *glance_image + image: &glance_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] privileged: false user: root volumes: @@ -95,7 +112,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance'] step_3: glance_api_db_sync: - image: *glance_image + image: *glance_api_image net: host privileged: false detach: false @@ -105,7 +122,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro + - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance environment: - KOLLA_BOOTSTRAP=True @@ -115,7 +132,7 @@ outputs: map_merge: - glance_api: start_order: 2 - image: *glance_image + image: *glance_api_image net: host privileged: false restart: always @@ -126,7 +143,7 @@ outputs: - internal_tls_enabled - glance_api_tls_proxy: start_order: 2 - image: *glance_image + image: *glance_api_image net: host user: root restart: always @@ -135,9 +152,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index bd1c3168..140e93df 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-api:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,13 +77,18 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_api_paste_ini,gnocchi_config step_config: *step_config - config_image: &gnocchi_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: /var/lib/kolla/config_files/gnocchi_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -88,14 +97,17 @@ outputs: # db sync runs before permissions set by kolla_config step_2: gnocchi_init_log: - image: *gnocchi_image + image: &gnocchi_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] user: root volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] step_3: gnocchi_db_sync: - image: *gnocchi_image + image: *gnocchi_api_image net: host detach: false privileged: false @@ -109,7 +121,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" step_4: gnocchi_api: - image: *gnocchi_image + image: *gnocchi_api_image net: host privileged: false restart: always @@ -118,11 +130,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi - if: diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index ea26d838..e7ebb3c1 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-metricd:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,13 +67,18 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: &gnocchi_metricd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: /var/lib/kolla/config_files/gnocchi_metricd.json: command: /usr/bin/gnocchi-metricd + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -77,7 +86,10 @@ outputs: docker_config: step_4: gnocchi_metricd: - image: *gnocchi_metricd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] net: host privileged: false restart: always @@ -86,7 +98,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index a8ae857d..e3461821 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-statsd:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,13 +67,18 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: &gnocchi_statsd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: /var/lib/kolla/config_files/gnocchi_statsd.json: command: /usr/bin/gnocchi-statsd + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -77,7 +86,10 @@ outputs: docker_config: step_4: gnocchi_statsd: - image: *gnocchi_statsd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] net: host privileged: false restart: always @@ -86,7 +98,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 1f8bcfad..c24e1071 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-haproxy:latest' type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + default: 'centos-binary-haproxy:latest' + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,6 +42,11 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string RedisPassword: description: The password for Redis type: string @@ -85,26 +94,41 @@ outputs: config_volume: haproxy puppet_tags: haproxy_config step_config: *step_config - config_image: &haproxy_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] + volumes: &deployed_cert_mount + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: haproxy: - image: *haproxy_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] net: host privileged: false restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} + - *deployed_cert_mount - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/haproxy/etc/:/etc/:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 89ba8cbd..8dee5103 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -13,8 +13,8 @@ parameters: default: 'centos-binary-heat-api-cfn:latest' type: string # puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn - DockerHeatConfigImage: - description: image + DockerHeatApiCfnConfigImage: + description: The container image to use for the heat_api_cfn config_volume default: 'centos-binary-heat-api-cfn:latest' type: string EndpointMap: @@ -81,10 +81,15 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_api_cfn.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -107,11 +112,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat - if: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 834f2a0b..adaf9997 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -13,8 +13,8 @@ parameters: default: 'centos-binary-heat-api:latest' type: string # puppet needs the heat-wsgi-api binary from centos-binary-heat-api - DockerHeatConfigImage: - description: image + DockerHeatApiConfigImage: + description: The container image to use for the heat_api config_volume default: 'centos-binary-heat-api:latest' type: string EndpointMap: @@ -81,10 +81,15 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -107,11 +112,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/heat_api/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat - if: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 7a3312dd..14e9027b 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-heat-engine:latest' type: string + DockerHeatConfigImage: + description: The container image to use for the heat config_volume + default: 'centos-binary-heat-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -67,13 +71,18 @@ outputs: config_volume: heat puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: &heat_engine_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_engine.json: command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -82,7 +91,10 @@ outputs: # db sync runs before permissions set by kolla_config step_2: heat_init_log: - image: *heat_engine_image + image: &heat_engine_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] user: root volumes: - /var/log/containers/heat:/var/log/heat @@ -112,7 +124,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro + - /var/lib/config-data/puppet-generated/heat/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 13bd091c..c5123277 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-horizon:latest' type: string + DockerHorizonConfigImage: + description: The container image to use for the horizon config_volume + default: 'centos-binary-horizon:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -70,13 +74,18 @@ outputs: config_volume: horizon puppet_tags: horizon_config step_config: {get_attr: [HorizonBase, role_data, step_config]} - config_image: &horizon_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonConfigImage} ] kolla_config: /var/lib/kolla/config_files/horizon.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/horizon/ owner: apache:apache @@ -88,7 +97,10 @@ outputs: docker_config: step_2: horizon_fix_perms: - image: *horizon_image + image: &horizon_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] user: root # NOTE Set ownership for /var/log/horizon/horizon.log file here, # otherwise it's created by root when generating django cache. @@ -110,8 +122,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro - - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro + - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 1c8aa5bd..9583cd71 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-api:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: @@ -77,6 +77,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/ironic_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ironic owner: ironic:ironic @@ -85,7 +90,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: ironic_init_logs: - image: &ironic_image + image: &ironic_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ] @@ -97,7 +102,7 @@ outputs: step_3: ironic_db_sync: start_order: 1 - image: *ironic_image + image: *ironic_api_image net: host privileged: false detach: false @@ -112,7 +117,7 @@ outputs: step_4: ironic_api: start_order: 10 - image: *ironic_image + image: *ironic_api_image net: host user: root restart: always @@ -121,11 +126,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro - - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/ironic/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 360eb669..bf239b66 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-conductor:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: @@ -84,6 +84,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/ironic_conductor.json: command: /usr/bin/ironic-conductor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/ironic owner: ironic:ironic @@ -107,7 +112,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /sys:/sys - /dev:/dev diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index 75c70828..a82a3af9 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-pxe:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: @@ -64,8 +64,18 @@ outputs: kolla_config: /var/lib/kolla/config_files/ironic_pxe_http.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/ironic_pxe_tftp.json: command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ironic owner: ironic:ironic @@ -86,17 +96,8 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - # TODO(mandre) check how docker like mounting in a bind-mounted tree - # This directory may contain migrated data from BM + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/lib/ironic:/var/lib/ironic/ - # These files were generated by puppet inside the config container - # TODO(mandre) check the mount permission (ro/rw) - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32 - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0 - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file - /dev/log:/dev/log - /var/log/containers/ironic:/var/log/ironic environment: @@ -112,11 +113,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/ironic/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/lib/ironic:/var/lib/ironic/ - /var/log/containers/ironic:/var/log/ironic environment: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index 53f5aff2..86f2d3b4 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-iscsid:latest' type: string + DockerIscsidConfigImage: + description: The container image to use for the iscsid config_volume + default: 'centos-binary-iscsid:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -53,10 +57,10 @@ outputs: config_volume: iscsid #puppet_tags: file step_config: '' - config_image: &iscsid_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerIscsidConfigImage} ] kolla_config: /var/lib/kolla/config_files/iscsid.json: command: /usr/sbin/iscsid -f @@ -64,7 +68,10 @@ outputs: step_3: iscsid: start_order: 2 - image: *iscsid_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] net: host privileged: true restart: always diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 4cd44f21..a3f08617 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-keystone:latest' type: string + DockerKeystoneConfigImage: + description: The container image to use for the keystone config_volume + default: 'centos-binary-keystone:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -86,18 +90,26 @@ outputs: config_volume: keystone puppet_tags: keystone_config step_config: *step_config - config_image: &keystone_image + config_image: &keystone_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneConfigImage} ] kolla_config: /var/lib/kolla/config_files/keystone.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config step_2: keystone_init_log: - image: *keystone_image + image: &keystone_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] user: root command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone'] volumes: @@ -106,6 +118,7 @@ outputs: keystone_db_sync: image: *keystone_image net: host + user: root privileged: false detach: false volumes: &keystone_volumes @@ -113,11 +126,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/keystone/var/www/:/var/www/:ro - - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro - - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro - /var/log/containers/keystone:/var/log/keystone - if: @@ -145,6 +154,7 @@ outputs: keystone_bootstrap: start_order: 3 action: exec + user: root command: [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] docker_puppet_tasks: @@ -153,7 +163,7 @@ outputs: config_volume: 'keystone_init_tasks' puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' step_config: 'include ::tripleo::profile::base::keystone' - config_image: *keystone_image + config_image: *keystone_config_image host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index a203d436..f47743c0 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-manila-api:latest' type: string DockerManilaConfigImage: - description: image + description: The container image to use for the manila config_volume default: 'centos-binary-manila-api:latest' type: string EndpointMap: @@ -72,6 +72,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/manila_api.json: command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/manila owner: manila:manila @@ -94,6 +99,7 @@ outputs: net: host detach: false volumes: + list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro @@ -109,7 +115,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index fbc80fc5..a319a033 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-manila-scheduler:latest' type: string DockerManilaConfigImage: - description: image + description: The container image to use for the manila config_volume default: 'centos-binary-manila-api:latest' type: string EndpointMap: @@ -72,6 +72,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/manila_scheduler.json: command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/manila owner: manila:manila @@ -90,7 +95,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index d4539649..ef4a7ab0 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-memcached:latest' type: string + DockerMemcachedConfigImage: + description: The container image to use for the memcached config_volume + default: 'centos-binary-memcached:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,17 +67,20 @@ outputs: config_volume: 'memcached' puppet_tags: 'file' step_config: *step_config - config_image: &memcached_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedConfigImage} ] kolla_config: {} docker_config: step_1: memcached_init_logs: start_order: 0 detach: false - image: *memcached_image + image: &memcached_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] privileged: false user: root volumes: @@ -93,8 +100,6 @@ outputs: - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro # TODO(bogdando) capture memcached syslog logs from a container command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable memcached service tags: step2 diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 30c3cde1..4b2c1028 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-api:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: @@ -76,6 +76,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/mistral_api.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -84,7 +89,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: mistral_init_logs: - image: &mistral_image + image: &mistral_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ] @@ -96,7 +101,7 @@ outputs: step_3: mistral_db_sync: start_order: 0 - image: *mistral_image + image: *mistral_api_image net: host privileged: false detach: false @@ -110,7 +115,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'" mistral_db_populate: start_order: 1 - image: *mistral_image + image: *mistral_api_image net: host privileged: false detach: false @@ -127,7 +132,7 @@ outputs: step_4: mistral_api: start_order: 15 - image: *mistral_image + image: *mistral_api_image net: host privileged: false restart: always @@ -136,7 +141,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/log/containers/mistral:/var/log/mistral environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index d60d847b..8b8e32b6 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-engine:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: @@ -77,6 +77,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/mistral_engine.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -97,7 +102,7 @@ outputs: - - /run:/run - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/log/containers/mistral:/var/log/mistral environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 76ae052b..9ae07213 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-executor:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: @@ -77,6 +77,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/mistral_executor.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -96,7 +101,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /run:/run # FIXME: this is required in order for Nova cells # initialization workflows on the Undercloud. Need to diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index d8927d4b..61b05571 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-multipathd:latest' type: string + DockerMultipathdConfigImage: + description: The container image to use for the multipathd config_volume + default: 'centos-binary-multipathd:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -53,10 +57,10 @@ outputs: config_volume: multipathd #puppet_tags: file step_config: '' - config_image: &multipathd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdConfigImage} ] kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d @@ -64,7 +68,10 @@ outputs: step_3: multipathd: start_order: 1 - image: *multipathd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] net: host privileged: true restart: always diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 6c2d4cae..a2e5e174 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-server:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string EndpointMap: @@ -83,13 +82,23 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: /var/lib/kolla/config_files/neutron_api.json: - command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini + command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true /var/lib/kolla/config_files/neutron_server_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: # db sync runs before permissions set by kolla_config step_2: @@ -133,7 +142,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -149,9 +158,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index d14f5251..93401b95 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-dhcp-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string EndpointMap: @@ -76,7 +75,12 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: /var/lib/kolla/config_files/neutron_dhcp.json: - command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log + command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-dhcp-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron @@ -97,7 +101,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/:/run - /var/log/containers/neutron:/var/log/neutron diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index f3a284fe..1db48b3b 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-l3-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: @@ -72,7 +71,12 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: /var/lib/kolla/config_files/neutron_l3_agent.json: - command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini + command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron @@ -93,7 +97,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run - /var/log/containers/neutron:/var/log/neutron diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index 69bf0c4e..d03ea9a6 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-metadata-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: @@ -73,6 +72,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/neutron_metadata_agent.json: command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron @@ -93,7 +97,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run - /var/log/containers/neutron:/var/log/neutron diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 65ad21ed..de7115bf 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-neutron-openvswitch-agent:latest' type: string DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: @@ -71,7 +71,12 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: /var/lib/kolla/config_files/neutron_ovs_agent.json: - command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/common + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron @@ -79,7 +84,7 @@ outputs: docker_config: step_4: neutron_ovs_agent: - image: &neutron_ovs_agent_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] @@ -92,7 +97,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run - /var/log/containers/neutron:/var/log/neutron diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml index 1739a5b9..aa62bded 100644 --- a/docker/services/neutron-plugin-ml2.yaml +++ b/docker/services/neutron-plugin-ml2.yaml @@ -20,7 +20,7 @@ parameters: default: 'tripleoupstream' type: string DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string DefaultPasswords: @@ -38,7 +38,7 @@ parameters: resources: NeutronBase: - type: ../../puppet/services/neutron-plugin-ml2.yaml + type: OS::TripleO::Docker::NeutronMl2PluginBase properties: EndpointMap: {get_param: EndpointMap} ServiceNetMap: {get_param: ServiceNetMap} @@ -60,7 +60,7 @@ outputs: # BEGIN DOCKER SETTINGS puppet_config: config_volume: 'neutron' - puppet_tags: '' + puppet_tags: neutron_plugin_ml2 step_config: *step_config config_image: list_join: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index c97f45de..93935cad 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-api:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -62,6 +62,9 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false + nova_wsgi_enabled: false + nova::api::service_name: '%{::nova::params::api_service_name}' + nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" @@ -80,6 +83,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/nova_api.json: command: /usr/bin/nova-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -104,11 +112,10 @@ outputs: net: host detach: false user: root - volumes: &nova_api_volumes + volumes: &nova_api_bootstrap_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/log/containers/nova:/var/log/nova command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'" @@ -121,14 +128,14 @@ outputs: net: host detach: false user: root - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'" nova_api_create_default_cell: start_order: 2 image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes # NOTE: allowing the exit code 2 is a dirty way of making # this idempotent (if the resource already exists a conflict # is raised) @@ -140,7 +147,7 @@ outputs: image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'" step_4: @@ -151,7 +158,13 @@ outputs: user: nova privileged: true restart: always - volumes: *nova_api_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_5: @@ -160,7 +173,7 @@ outputs: image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" host_prep_tasks: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 9f647eba..101934ff 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-nova-compute:latest' type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + default: 'centos-binary-nova-compute:latest' + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -69,13 +73,18 @@ outputs: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini step_config: *step_config - config_image: &nova_compute_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_compute.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -87,7 +96,10 @@ outputs: # FIXME: run discover hosts here step_4: nova_compute: - image: *nova_compute_image + image: &nova_compute_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] net: host privileged: true user: nova @@ -97,7 +109,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro - /dev:/dev - /etc/iscsi:/etc/iscsi - /lib/modules:/lib/modules:ro diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 131355d7..35c361fd 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-conductor:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -75,6 +75,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/nova_conductor.json: command: /usr/bin/nova-conductor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -82,7 +87,7 @@ outputs: docker_config: step_4: nova_conductor: - image: &nova_conductor_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ] @@ -94,7 +99,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 19f25d8e..0939bba3 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-consoleauth:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -74,6 +74,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/nova_consoleauth.json: command: /usr/bin/nova-consoleauth + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -93,7 +98,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 63780fe6..294293fd 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -8,12 +8,12 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerNovaComputeImage: + DockerNovaComputeIronicImage: description: image default: 'centos-binary-nova-compute-ironic:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string ServiceNetMap: @@ -72,6 +72,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/nova_ironic.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -85,7 +90,7 @@ outputs: image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeIronicImage} ] net: host privileged: true user: root @@ -95,7 +100,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /run:/run - /dev:/dev - /etc/iscsi:/etc/iscsi diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 6c871f14..d5d80189 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -8,14 +8,14 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerLibvirtImage: + DockerNovaLibvirtImage: description: image default: 'centos-binary-nova-libvirt:latest' type: string # we configure libvirt via the nova-compute container due to coupling # in the puppet modules - DockerNovaConfigImage: - description: image + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume default: 'centos-binary-nova-compute:latest' type: string EnablePackageInstall: @@ -101,8 +101,8 @@ outputs: step_config: *step_config config_image: list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_libvirt.json: command: @@ -110,6 +110,11 @@ outputs: - use_tls_for_live_migration - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -120,7 +125,7 @@ outputs: image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtImage} ] net: host pid: host privileged: true @@ -130,7 +135,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /dev:/dev - /run:/run diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 8f06f731..464dfe70 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-nova-placement-api:latest' type: string + DockerNovaPlacementConfigImage: + description: The container image to use for the nova_placement config_volume + default: 'centos-binary-nova-placement-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -66,13 +70,18 @@ outputs: config_volume: nova_placement puppet_tags: nova_config step_config: *step_config - config_image: &nova_placement_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_placement.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -82,7 +91,10 @@ outputs: step_3: nova_placement: start_order: 1 - image: *nova_placement_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] net: host user: root restart: always @@ -91,11 +103,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 6285e98e..a2b27342 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-scheduler:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -74,6 +74,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/nova_scheduler.json: command: /usr/bin/nova-scheduler + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -93,7 +98,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /run:/run - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index 97d2d154..35e69494 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-novncproxy:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -74,6 +74,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/nova_vnc_proxy.json: command: /usr/bin/nova-novncproxy --web /usr/share/novnc/ + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -93,7 +98,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml new file mode 100644 index 00000000..075e4913 --- /dev/null +++ b/docker/services/octavia-api.yaml @@ -0,0 +1,175 @@ +heat_template_version: pike + +description: > + OpenStack Octavia service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaApiImage: + description: image + default: 'centos-binary-octavia-api:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaApiPuppetBase: + type: ../../puppet/services/octavia-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia API role. + value: + service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_api.json: + command: /usr/bin/octavia-api --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/api.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + /var/lib/kolla/config_files/octavia_api_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + # Kolla_bootstrap/db_sync runs before permissions set by kolla_config + step_2: + octavia_api_init_dirs: + start_order: 0 + image: &octavia_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaApiImage} ] + user: root + volumes: + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ + - /var/log/containers/octavia:/var/log/octavia + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia'] + step_3: + octavia_db_sync: + start_order: 0 + image: *octavia_api_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'" + step_4: + map_merge: + - octavia_api: + start_order: 2 + image: *octavia_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - octavia_api_tls_proxy: + start_order: 2 + image: *octavia_api_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_api service + tags: step2 + service: name=openstack-octavia-api state=stopped enabled=no diff --git a/docker/services/octavia-health-manager.yaml b/docker/services/octavia-health-manager.yaml new file mode 100644 index 00000000..0e493294 --- /dev/null +++ b/docker/services/octavia-health-manager.yaml @@ -0,0 +1,124 @@ +heat_template_version: pike + +description: > + OpenStack Octavia health-manager service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaHealthManagerImage: + description: image + default: 'centos-binary-octavia-health-manager:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaHealthManagerPuppetBase: + type: ../../puppet/services/octavia-health-manager.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia health-manager role. + value: + service_name: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaHealthManagerPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_health_manager.json: + command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-health-manager + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_2: + octavia_health_manager_init_dirs: + start_order: 0 + image: &octavia_health_manager_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaHealthManagerImage} ] + user: root + volumes: + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager'] + step_4: + octavia_health_manager: + start_order: 2 + image: *octavia_health_manager_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_health_manager service + tags: step2 + service: name=openstack-octavia-health-manager state=stopped enabled=no diff --git a/docker/services/octavia-housekeeping.yaml b/docker/services/octavia-housekeeping.yaml new file mode 100644 index 00000000..be2c445d --- /dev/null +++ b/docker/services/octavia-housekeeping.yaml @@ -0,0 +1,124 @@ +heat_template_version: pike + +description: > + OpenStack Octavia service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaHousekeepingImage: + description: image + default: 'centos-binary-octavia-housekeeping:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaHousekeepingPuppetBase: + type: ../../puppet/services/octavia-housekeeping.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia housekeeping role. + value: + service_name: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaHousekeepingPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_housekeeping.json: + command: /usr/bin/octavia-housekeeping --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/housekeeping.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-housekeeping + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_2: + octavia_housekeeping_init_dirs: + start_order: 0 + image: &octavia_housekeeping_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaHousekeepingImage} ] + user: root + volumes: + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-housekeeping; chown -R octavia:octavia /etc/octavia/conf.d/octavia-housekeeping'] + step_4: + octavia_housekeeping: + start_order: 2 + image: *octavia_housekeeping_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_housekeeping service + tags: step2 + service: name=openstack-octavia-housekeeping state=stopped enabled=no diff --git a/docker/services/octavia-worker.yaml b/docker/services/octavia-worker.yaml new file mode 100644 index 00000000..9becb259 --- /dev/null +++ b/docker/services/octavia-worker.yaml @@ -0,0 +1,124 @@ +heat_template_version: pike + +description: > + OpenStack Octavia worker service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaWorkerImage: + description: image + default: 'centos-binary-octavia-worker:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaWorkerPuppetBase: + type: ../../puppet/services/octavia-worker.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia worker role. + value: + service_name: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaWorkerPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_worker.json: + command: /usr/bin/octavia-worker --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/worker.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-worker + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_2: + octavia_worker_init_dirs: + start_order: 0 + image: &octavia_worker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaWorkerImage} ] + user: root + volumes: + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker'] + step_4: + octavia_worker: + start_order: 2 + image: *octavia_worker_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_worker service + tags: step2 + service: name=openstack-octavia-worker state=stopped enabled=no diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml new file mode 100644 index 00000000..5610d1ba --- /dev/null +++ b/docker/services/opendaylight-api.yaml @@ -0,0 +1,116 @@ +heat_template_version: pike + +description: > + OpenStack containerized OpenDaylight API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOpendaylightApiImage: + description: image + default: 'centos-binary-opendaylight:latest' + type: string + DockerOpendaylightConfigImage: + description: image + default: 'centos-binary-opendaylight:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OpenDaylightBase: + type: ../../puppet/services/opendaylight-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the OpenDaylight API role. + value: + service_name: {get_attr: [OpenDaylightBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [OpenDaylightBase, role_data, config_settings] + step_config: &step_config + list_join: + - "\n" + - - get_attr: [OpenDaylightBase, role_data, step_config] + - "include tripleo::profile::base::neutron::opendaylight::create_cluster" + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: opendaylight + # 'file,concat,file_line,augeas' are included by default + puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/opendaylight_api.json: + command: /opt/opendaylight/bin/karaf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /opt/opendaylight + owner: odl:odl + recurse: true + docker_config: + step_1: + opendaylight_api: + start_order: 0 + image: &odl_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightApiImage} ] + privileged: false + net: host + detach: true + user: odl + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + upgrade_tasks: + - name: Stop and disable opendaylight_api service + tags: step2 + service: name=opendaylight state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml new file mode 100644 index 00000000..d15c920e --- /dev/null +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -0,0 +1,151 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Backup service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderBackupImage: + description: image + default: 'centos-binary-cinder-backup:latest' + type: string + DockerCinderConfigImage: + description: The container image to use for the cinder config_volume + default: 'centos-binary-cinder-api:latest' + type: string + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + CinderBackupBase: + type: ../../../puppet/services/cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + CinderBackupBackend: {get_param: CinderBackupBackend} + CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName} + CephClientUserName: {get_param: CephClientUserName} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: {get_attr: [CinderBackupBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CinderBackupBase, role_data, config_settings] + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + cinder::backup::manage_service: false + cinder::backup::enabled: false + step_config: "" + service_config_settings: {get_attr: [CinderBackupBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_backup.json: + command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/lib/cinder + owner: cinder:cinder + recurse: true + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_backup_init_logs: + start_order: 0 + image: *cinder_backup_image + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_5: + cinder_backup_init_bundle: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle' + image: *cinder_backup_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/cinder + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 987ebaf0..07e5fc2e 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-cinder-volume:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image + description: The container image to use for the cinder config_volume default: 'centos-binary-cinder-api:latest' type: string EndpointMap: diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index bad2acf6..007aa9c9 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -14,6 +14,10 @@ parameters: description: image default: 'centos-binary-mariadb:latest' type: string + DockerClustercheckConfigImage: + description: The container image to use for the clustercheck config_volume + default: 'centos-binary-mariadb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,31 +67,26 @@ outputs: config_volume: clustercheck puppet_tags: file # set this even though file is the default step_config: "include ::tripleo::profile::pacemaker::clustercheck" - config_image: &clustercheck_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckConfigImage} ] kolla_config: /var/lib/kolla/config_files/clustercheck.json: command: /usr/sbin/xinetd -dontfork config_files: - - dest: /etc/xinetd.conf - source: /var/lib/kolla/config_files/src/etc/xinetd.conf - owner: mysql - perm: '0644' - - dest: /etc/xinetd.d/galera-monitor - source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor - owner: mysql - perm: '0644' - - dest: /etc/sysconfig/clustercheck - source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck - owner: mysql - perm: '0600' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_2: clustercheck: start_order: 1 - image: *clustercheck_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] restart: always net: host volumes: @@ -95,7 +94,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/clustercheck/:/var/lib/kolla/config_files/src:ro - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index d64845f2..3d996f7f 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-mariadb:latest' type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume + default: 'centos-binary-mariadb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -77,27 +81,22 @@ outputs: - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" - "exec {'wait-for-settle': command => '/bin/true' }" - "include ::tripleo::profile::pacemaker::database::mysql_bundle" - config_image: *mysql_image + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlConfigImage} ] kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/sbin/pacemaker_remoted config_files: - - dest: /etc/libqb/force-filesystem-sockets - source: /dev/null - owner: root - perm: '0644' - - dest: /etc/my.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf - owner: mysql - perm: '0644' - - dest: /etc/my.cnf.d/galera.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf - owner: mysql - perm: '0644' - - dest: /etc/sysconfig/clustercheck - source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck - owner: root - perm: '0600' + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: mysql_data_ownership: @@ -122,7 +121,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -166,8 +165,6 @@ outputs: - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - /dev/shm:/dev/shm:rw - - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro - - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro - /var/lib/mysql:/var/lib/mysql:rw host_prep_tasks: - name: create /var/lib/mysql diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index ef27f7e9..ff6de15d 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-redis:latest' type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume + default: 'centos-binary-redis:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -74,7 +78,10 @@ outputs: puppet_tags: 'exec' step_config: get_attr: [RedisBase, role_data, step_config] - config_image: *redis_image + config_image: &redis_config_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/sbin/pacemaker_remoted @@ -83,6 +90,11 @@ outputs: source: /dev/null owner: root perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/run/redis owner: redis:redis @@ -113,7 +125,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle' - image: *redis_image + image: *redis_config_image volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 7557afd6..1b104a23 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-haproxy:latest' type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + default: 'centos-binary-haproxy:latest' + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -26,6 +30,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string RoleName: default: '' description: Role name on which the service is applied @@ -73,10 +82,25 @@ outputs: - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - config_image: *haproxy_image + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] + volumes: &deployed_cert_mount + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true docker_config: step_2: haproxy_init_bundle: @@ -103,17 +127,20 @@ outputs: - 'include ::tripleo::profile::pacemaker::haproxy_bundle' image: *haproxy_image volumes: - # puppet saves iptables rules in /etc/sysconfig - - /etc/sysconfig:/etc/sysconfig:rw - # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount - # the necessary bit and prevent systemd to try to reload the service in the container - - /usr/libexec/iptables:/usr/libexec/iptables:ro - - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /etc/puppet:/tmp/puppet-etc:ro - - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - - /dev/shm:/dev/shm:rw + list_concat: + - *deployed_cert_mount + - + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 7f6ac701..b8ff6bfd 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-rabbitmq:latest' type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + default: 'centos-binary-rabbitmq:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -72,7 +76,10 @@ outputs: config_volume: rabbitmq puppet_tags: file step_config: *step_config - config_image: *rabbitmq_image + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ] kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/sbin/pacemaker_remoted @@ -81,6 +88,10 @@ outputs: source: /dev/null owner: root perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -99,7 +110,7 @@ outputs: privileged: false volumes: - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /var/lib/rabbitmq:/var/lib/rabbitmq diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 585148e5..fa1a7076 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -14,6 +14,10 @@ parameters: description: image default: 'centos-binary-panko-api:latest' type: string + DockerPankoConfigImage: + description: The container image to use for the panko config_volume + default: 'centos-binary-panko-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -75,13 +79,18 @@ outputs: config_volume: panko puppet_tags: panko_api_paste_ini,panko_config step_config: *step_config - config_image: &panko_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerPankoConfigImage} ] kolla_config: /var/lib/kolla/config_files/panko_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/panko owner: panko:panko @@ -89,14 +98,17 @@ outputs: docker_config: step_2: panko_init_log: - image: *panko_image + image: &panko_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] user: root volumes: - /var/log/containers/panko:/var/log/panko command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko'] step_3: panko_db_sync: - image: *panko_image + image: *panko_api_image net: host detach: false privileged: false @@ -111,7 +123,7 @@ outputs: step_4: panko_api: start_order: 2 - image: *panko_image + image: *panko_api_image net: host privileged: false restart: always @@ -120,11 +132,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro - - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/panko/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro - /var/log/containers/panko:/var/log/panko - if: diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 06d663c9..dd7c26a3 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-rabbitmq:latest' type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + default: 'centos-binary-rabbitmq:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,13 +77,18 @@ outputs: puppet_config: config_volume: rabbitmq step_config: *step_config - config_image: &rabbitmq_image + config_image: &rabbitmq_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ] kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/lib/rabbitmq/bin/rabbitmq-server + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -90,7 +99,10 @@ outputs: rabbitmq_init_logs: start_order: 0 detach: false - image: *rabbitmq_image + image: &rabbitmq_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] privileged: false user: root volumes: @@ -107,7 +119,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq environment: @@ -135,7 +147,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq environment: @@ -146,7 +158,7 @@ outputs: config_volume: 'rabbit_init_tasks' puppet_tags: 'rabbitmq_policy,rabbitmq_user' step_config: 'include ::tripleo::profile::base::rabbitmq' - config_image: *rabbitmq_image + config_image: *rabbitmq_config_image volumes: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index 10670796..8d101657 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-sahara-api:latest' type: string + DockerSaharaConfigImage: + description: The container image to use for the sahara config_volume + default: 'centos-binary-sahara-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -64,13 +68,18 @@ outputs: config_volume: sahara puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template step_config: *step_config - config_image: &sahara_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaConfigImage} ] kolla_config: /var/lib/kolla/config_files/sahara-api.json: command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/sahara owner: sahara:sahara @@ -81,15 +90,18 @@ outputs: docker_config: step_3: sahara_db_sync: - image: *sahara_image + image: &sahara_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] net: host privileged: false detach: false - volumes: &sahara_volumes + user: root + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro - /lib/modules:/lib/modules:ro - /var/lib/sahara:/var/lib/sahara @@ -97,11 +109,19 @@ outputs: command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'" step_4: sahara_api: - image: *sahara_image + image: *sahara_api_image net: host privileged: false restart: always - volumes: *sahara_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro + - /lib/modules:/lib/modules:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 41b5790b..1b11ab7d 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-sahara-engine:latest' type: string + DockerSaharaConfigImage: + description: The container image to use for the sahara config_volume + default: 'centos-binary-sahara-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -64,13 +68,18 @@ outputs: config_volume: sahara puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template step_config: *step_config - config_image: &sahara_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaConfigImage} ] kolla_config: /var/lib/kolla/config_files/sahara-engine.json: command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/sahara owner: sahara:sahara @@ -81,16 +90,19 @@ outputs: docker_config: step_4: sahara_engine: - image: *sahara_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] net: host privileged: false restart: always - volumes: &sahara_volumes + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro - /var/lib/sahara:/var/lib/sahara - /var/log/containers/sahara:/var/log/sahara environment: diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml index e6bdf155..1d1eae3d 100644 --- a/docker/services/sensu-client.yaml +++ b/docker/services/sensu-client.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-sensu-client:latest' type: string + DockerSensuConfigImage: + description: The container image to use for the sensu config_volume + default: 'centos-binary-sensu-client:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -98,17 +102,29 @@ outputs: config_volume: sensu puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check step_config: *step_config - config_image: &sensu_client_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSensuConfigImage} ] kolla_config: /var/lib/kolla/config_files/sensu-client.json: - command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ + command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/sensu + owner: sensu:sensu + recurse: true docker_config: step_3: sensu_client: - image: *sensu_client_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] net: host privileged: true # NOTE(mmagr) kolla image changes the user to 'sensu', we need it @@ -122,9 +138,15 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro + - /var/lib/config-data/puppet-generated/sensu/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/sensu:/var/log/sensu:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/sensu + state: directory upgrade_tasks: - name: Stop and disable sensu-client service tags: step2 diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index f1d0da77..77538969 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-swift-proxy-server:latest' type: string + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume + default: 'centos-binary-swift-proxy-server:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -70,24 +74,37 @@ outputs: config_volume: swift puppet_tags: swift_proxy_config step_config: *step_config - config_image: &swift_proxy_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: /var/lib/kolla/config_files/swift_proxy.json: command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/swift owner: swift:swift recurse: true /var/lib/kolla/config_files/swift_proxy_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_4: map_merge: - swift_proxy: - image: *swift_proxy_image + image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] net: host user: swift restart: always @@ -96,9 +113,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro - # FIXME I'm mounting /etc/swift as rw. Are the rings written to - # at all during runtime? - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -117,9 +132,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml index 075d8d7c..00a772d6 100644 --- a/docker/services/swift-ringbuilder.yaml +++ b/docker/services/swift-ringbuilder.yaml @@ -8,8 +8,8 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerSwiftProxyImage: - description: image + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume default: 'centos-binary-swift-proxy-server:latest' type: string ServiceNetMap: @@ -98,6 +98,6 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: {} docker_config: {} diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 55aea208..d795818f 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -24,6 +24,10 @@ parameters: description: image default: 'centos-binary-swift-object:latest' type: string + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume + default: 'centos-binary-swift-proxy-server:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -82,43 +86,115 @@ outputs: # BEGIN DOCKER SETTINGS puppet_config: config_volume: swift - puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config + puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config,rsync::server step_config: *step_config - config_image: &swift_proxy_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: /var/lib/kolla/config_files/swift_account_auditor.json: command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_reaper.json: command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_replicator.json: command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_server.json: command: /usr/bin/swift-account-server /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_auditor.json: command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_replicator.json: command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_updater.json: command: /usr/bin/swift-container-updater /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_server.json: command: /usr/bin/swift-container-server /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_auditor.json: command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_expirer.json: command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_replicator.json: command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_updater.json: command: /usr/bin/swift-object-updater /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_server.json: command: /usr/bin/swift-object-server /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/swift owner: swift:swift recurse: true + /var/lib/kolla/config_files/swift_xinetd_rsync.json: + command: /usr/sbin/xinetd -dontfork + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: # The puppet config sets this up but we don't have a way to mount the named @@ -144,7 +220,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -161,7 +237,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -177,7 +253,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -193,7 +269,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -212,7 +288,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -228,7 +304,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -244,7 +320,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -260,7 +336,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -279,14 +355,17 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_object_expirer: - image: *swift_proxy_image + image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] net: host user: swift restart: always @@ -295,7 +374,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -311,7 +390,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -327,7 +406,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -343,12 +422,30 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro + - /run:/run + - /srv/node:/srv/node + - /dev:/dev + - /var/log/containers/swift:/var/log/swift + environment: *kolla_env + swift_xinetd_rsync: + image: *swift_object_image + net: host + user: root + restart: always + privileged: true + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_xinetd_rsync.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env + host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index df9750c9..793a1743 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-tacker:latest' type: string DockerTackerConfigImage: - description: image + description: The container image to use for the tacker config_volume default: 'centos-binary-tacker:latest' type: string EndpointMap: @@ -76,6 +76,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/tacker_api.json: command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/tacker owner: tacker:tacker @@ -104,7 +109,10 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/tacker/etc/:/etc/:ro + # FIXME(mandre) mounting /etc rw to workaround LP1696283 + # This should go away anyway and mount the exact files it + # needs or use kolla set_configs.py + - /var/lib/config-data/tacker/etc/:/etc/ - /var/log/containers/tacker:/var/log/tacker command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" step_4: @@ -118,7 +126,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro + - /var/lib/config-data/puppet-generated/tacker/:/var/lib/kolla/config_files/src:ro - /var/log/containers/tacker:/var/log/tacker environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 5ce324b9..ea1fd768 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-zaqar:latest' type: string + DockerZaqarConfigImage: + description: The container image to use for the zaqar config_volume + default: 'centos-binary-zaqar:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,15 +67,25 @@ outputs: config_volume: zaqar puppet_tags: zaqar_config step_config: *step_config - config_image: &zaqar_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerZaqarConfigImage} ] kolla_config: /var/lib/kolla/config_files/zaqar.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/zaqar owner: zaqar:zaqar @@ -79,7 +93,10 @@ outputs: docker_config: step_4: zaqar: - image: *zaqar_image + image: &zaqar_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] net: host privileged: false restart: always @@ -91,11 +108,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - - /var/lib/config-data/zaqar/var/www/:/var/www/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -109,9 +122,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - - /var/lib/config-data/zaqar/var/www/:/var/www/:ro - - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS |