diff options
Diffstat (limited to 'docker/services')
-rw-r--r-- | docker/services/cinder-api.yaml | 155 | ||||
-rw-r--r-- | docker/services/cinder-backup.yaml | 132 | ||||
-rw-r--r-- | docker/services/cinder-scheduler.yaml | 121 | ||||
-rw-r--r-- | docker/services/cinder-volume.yaml | 163 | ||||
-rw-r--r-- | docker/services/iscsid.yaml | 109 | ||||
-rw-r--r-- | docker/services/multipathd.yaml | 89 | ||||
-rw-r--r-- | docker/services/nova-vnc-proxy.yaml | 108 | ||||
-rw-r--r-- | docker/services/pacemaker/haproxy.yaml | 23 | ||||
-rw-r--r-- | docker/services/sahara-api.yaml | 119 | ||||
-rw-r--r-- | docker/services/sahara-engine.yaml | 110 | ||||
-rw-r--r-- | docker/services/sensu-client.yaml | 131 | ||||
-rw-r--r-- | docker/services/swift-ringbuilder.yaml | 15 |
12 files changed, 1263 insertions, 12 deletions
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml new file mode 100644 index 00000000..062f5fc3 --- /dev/null +++ b/docker/services/cinder-api.yaml @@ -0,0 +1,155 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderApiImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_api.json: + command: /usr/sbin/httpd -DFOREGROUND + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_api_init_logs: + start_order: 0 + image: &cinder_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderApiImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + cinder_api_db_sync: + image: *cinder_api_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + command: + - '/usr/bin/bootstrap_host_exec' + - 'cinder_api' + - "su cinder -s /bin/bash -c 'cinder-manage db sync'" + step_4: + cinder_api: + image: *cinder_api_image + net: host + privileged: false + restart: always + # NOTE(mandre) kolla image changes the user to 'cinder', we need it + # to be root to run httpd + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/cinder/var/www/:/var/www/:ro + - /var/log/containers/cinder:/var/log/cinder + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/cinder + state: directory + upgrade_tasks: + - name: Stop and disable cinder_api service + tags: step2 + service: name=httpd state=stopped enabled=no diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml new file mode 100644 index 00000000..0958a7e8 --- /dev/null +++ b/docker/services/cinder-backup.yaml @@ -0,0 +1,132 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Backup service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderBackupImage: + description: image + default: 'centos-binary-cinder-backup:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_backup.json: + command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/lib/cinder + owner: cinder:cinder + recurse: true + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_backup_init_logs: + start_order: 0 + image: &cinder_backup_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_backup: + image: *cinder_backup_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/cinder + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup state=stopped enabled=no diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml new file mode 100644 index 00000000..9d94b578 --- /dev/null +++ b/docker/services/cinder-scheduler.yaml @@ -0,0 +1,121 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Scheduler service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderSchedulerImage: + description: image + default: 'centos-binary-cinder-scheduler:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_scheduler.json: + command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_scheduler_init_logs: + start_order: 0 + image: &cinder_scheduler_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderSchedulerImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_scheduler: + image: *cinder_scheduler_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_scheduler service + tags: step2 + service: name=openstack-cinder-scheduler state=stopped enabled=no diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml new file mode 100644 index 00000000..4ee1996c --- /dev/null +++ b/docker/services/cinder-volume.yaml @@ -0,0 +1,163 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Volume service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderVolumeImage: + description: image + default: 'centos-binary-cinder-volume:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + # custom parameters for the Cinder volume role + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-volume.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_volume.json: + command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_volume_init_logs: + start_order: 0 + image: &cinder_volume_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_volume: + image: *cinder_volume_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + - /var/lib/cinder + #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true + - name: cinder create LVM volume group dd + command: + list_join: + - '' + - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek=' + - str_replace: + template: VALUE + params: + VALUE: {get_param: CinderLVMLoopDeviceSize} + - 'M' + args: + creates: /var/lib/cinder/cinder-volumes + - name: cinder create LVM volume group + shell: | + if ! losetup /dev/loop2; then + losetup /dev/loop2 /var/lib/cinder/cinder-volumes + fi + if ! pvdisplay | grep cinder-volumes; then + pvcreate /dev/loop2 + fi + if ! vgdisplay | grep cinder-volumes; then + vgcreate cinder-volumes /dev/loop2 + fi + args: + executable: /bin/bash + creates: /dev/loop2 + upgrade_tasks: + - name: Stop and disable cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped enabled=no diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml new file mode 100644 index 00000000..53f5aff2 --- /dev/null +++ b/docker/services/iscsid.yaml @@ -0,0 +1,109 @@ +heat_template_version: pike + +description: > + OpenStack containerized Iscsid service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIscsidImage: + description: image + default: 'centos-binary-iscsid:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the Iscsid API role. + value: + service_name: iscsid + config_settings: {} + step_config: '' + service_config_settings: {} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: iscsid + #puppet_tags: file + step_config: '' + config_image: &iscsid_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] + kolla_config: + /var/lib/kolla/config_files/iscsid.json: + command: /usr/sbin/iscsid -f + docker_config: + step_3: + iscsid: + start_order: 2 + image: *iscsid_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /etc/iscsi + file: + path: /etc/iscsi + state: directory + - name: stat /lib/systemd/system/iscsid.socket + stat: path=/lib/systemd/system/iscsid.socket + register: stat_iscsid_socket + - name: Stop and disable iscsid.socket service + service: name=iscsid.socket state=stopped enabled=no + when: stat_iscsid_socket.stat.exists + upgrade_tasks: + - name: stat /lib/systemd/system/iscsid.service + stat: path=/lib/systemd/system/iscsid.service + register: stat_iscsid_service + - name: Stop and disable iscsid service + tags: step2 + service: name=iscsid state=stopped enabled=no + when: stat_iscsid_service.stat.exists + - name: stat /lib/systemd/system/iscsid.socket + stat: path=/lib/systemd/system/iscsid.socket + register: stat_iscsid_socket + - name: Stop and disable iscsid.socket service + tags: step2 + service: name=iscsid.socket state=stopped enabled=no + when: stat_iscsid_socket.stat.exists + metadata_settings: {} diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml new file mode 100644 index 00000000..d8927d4b --- /dev/null +++ b/docker/services/multipathd.yaml @@ -0,0 +1,89 @@ +heat_template_version: pike + +description: > + OpenStack containerized Multipathd service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMultipathdImage: + description: image + default: 'centos-binary-multipathd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the Multipathd API role. + value: + service_name: multipathd + config_settings: {} + step_config: '' + service_config_settings: {} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: multipathd + #puppet_tags: file + step_config: '' + config_image: &multipathd_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] + kolla_config: + /var/lib/kolla/config_files/multipathd.json: + command: /usr/sbin/multipathd -d + docker_config: + step_3: + multipathd: + start_order: 1 + image: *multipathd_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + upgrade_tasks: + - name: Stop and disable multipathd service + tags: step2 + service: name=multipathd state=stopped enabled=no + metadata_settings: {} diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml new file mode 100644 index 00000000..97d2d154 --- /dev/null +++ b/docker/services/nova-vnc-proxy.yaml @@ -0,0 +1,108 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Vncproxy service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaVncProxyImage: + description: image + default: 'centos-binary-nova-novncproxy:latest' + type: string + DockerNovaConfigImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + NovaVncProxyPuppetBase: + type: ../../puppet/services/nova-vnc-proxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Vncproxy service. + value: + service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} + config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_vnc_proxy.json: + command: /usr/bin/nova-novncproxy --web /usr/share/novnc/ + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_4: + nova_vnc_proxy: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ] + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_vnc_proxy service + tags: step2 + service: name=openstack-nova-novncproxy state=stopped enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index ae19652e..7557afd6 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -60,11 +60,7 @@ outputs: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] - step_config: - list_join: - - "\n" - - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - - 'include ::tripleo::profile::pacemaker::haproxy_bundle' + step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -74,8 +70,8 @@ outputs: list_join: - "\n" - - "exec {'wait-for-settle': command => '/bin/true' }" - - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" - - *noop_pcmk + - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" + - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - 'include ::tripleo::profile::pacemaker::haproxy_bundle' config_image: *haproxy_image kolla_config: @@ -88,6 +84,7 @@ outputs: detach: false net: host user: root + privileged: true command: - '/bin/bash' - '-c' @@ -98,14 +95,20 @@ outputs: - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" params: - TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + TAGS: 'tripleo::firewall::rule,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: list_join: - ';' - - - *noop_firewall - - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle' + - - 'include ::tripleo::profile::base::pacemaker' + - 'include ::tripleo::profile::pacemaker::haproxy_bundle' image: *haproxy_image volumes: + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /etc/puppet:/tmp/puppet-etc:ro diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml new file mode 100644 index 00000000..10670796 --- /dev/null +++ b/docker/services/sahara-api.yaml @@ -0,0 +1,119 @@ +heat_template_version: pike + +description: > + OpenStack Sahara service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSaharaApiImage: + description: image + default: 'centos-binary-sahara-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SaharaApiPuppetBase: + type: ../../puppet/services/sahara-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + service_name: {get_attr: [SaharaApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SaharaApiPuppetBase, role_data, config_settings] + - sahara::sync_db: false + step_config: &step_config + get_attr: [SaharaApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: sahara + puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template + step_config: *step_config + config_image: &sahara_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] + kolla_config: + /var/lib/kolla/config_files/sahara-api.json: + command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf + permissions: + - path: /var/lib/sahara + owner: sahara:sahara + recurse: true + - path: /var/log/sahara + owner: sahara:sahara + recurse: true + docker_config: + step_3: + sahara_db_sync: + image: *sahara_image + net: host + privileged: false + detach: false + volumes: &sahara_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /lib/modules:/lib/modules:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara + command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'" + step_4: + sahara_api: + image: *sahara_image + net: host + privileged: false + restart: always + volumes: *sahara_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/sahara + file: + path: /var/lib/sahara + state: directory + - name: create persistent sahara logs directory + file: + path: /var/log/containers/sahara + state: directory + upgrade_tasks: + - name: Stop and disable sahara_api service + tags: step2 + service: name=openstack-sahara-api state=stopped enabled=no diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml new file mode 100644 index 00000000..41b5790b --- /dev/null +++ b/docker/services/sahara-engine.yaml @@ -0,0 +1,110 @@ +heat_template_version: pike + +description: > + OpenStack Sahara service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSaharaEngineImage: + description: image + default: 'centos-binary-sahara-engine:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SaharaEnginePuppetBase: + type: ../../puppet/services/sahara-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + service_name: {get_attr: [SaharaEnginePuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SaharaEnginePuppetBase, role_data, config_settings] + - sahara::sync_db: false + step_config: &step_config + get_attr: [SaharaEnginePuppetBase, role_data, step_config] + service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: sahara + puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template + step_config: *step_config + config_image: &sahara_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] + kolla_config: + /var/lib/kolla/config_files/sahara-engine.json: + command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf + permissions: + - path: /var/lib/sahara + owner: sahara:sahara + recurse: true + - path: /var/log/sahara + owner: sahara:sahara + recurse: true + docker_config: + step_4: + sahara_engine: + image: *sahara_image + net: host + privileged: false + restart: always + volumes: &sahara_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/sahara + file: + path: /var/lib/sahara + state: directory + - name: create persistent sahara logs directory + file: + path: /var/log/containers/sahara + state: directory + upgrade_tasks: + - name: Stop and disable sahara_engine service + tags: step2 + service: name=openstack-sahara-engine state=stopped enabled=no diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml new file mode 100644 index 00000000..e6bdf155 --- /dev/null +++ b/docker/services/sensu-client.yaml @@ -0,0 +1,131 @@ +heat_template_version: pike + +description: > + Containerized Sensu client service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSensuClientImage: + description: image + default: 'centos-binary-sensu-client:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + SensuDockerCheckCommand: + type: string + default: | + for i in $(docker ps --format '{{.ID}}'); do + if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then + if [ "$result" != 'healthy' ]; then + echo "$(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{json .State}}' $i)" && exit 2; + fi + fi + done + SensuDockerCheckInterval: + type: number + description: The frequency in seconds the docker health check is executed. + default: 10 + SensuDockerCheckHandlers: + default: [] + description: The Sensu event handler to use for events + created by the docker health check. + type: comma_delimited_list + SensuDockerCheckOccurrences: + type: number + description: The number of event occurrences before sensu-plugin-aware handler should take action. + default: 3 + SensuDockerCheckRefresh: + type: number + description: The number of seconds sensu-plugin-aware handlers should wait before taking second action. + default: 90 + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SensuClientBase: + type: ../../puppet/services/monitoring/sensu-client.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sensu client role. + value: + service_name: {get_attr: [SensuClientBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SensuClientBase, role_data, config_settings] + - sensu::checks: + check-docker-health: + standalone: true + command: {get_param: SensuDockerCheckCommand} + interval: {get_param: SensuDockerCheckInterval} + handlers: {get_param: SensuDockerCheckHandlers} + occurrences: {get_param: SensuDockerCheckOccurrences} + refresh: {get_param: SensuDockerCheckRefresh} + step_config: &step_config + get_attr: [SensuClientBase, role_data, step_config] + service_config_settings: {get_attr: [SensuClientBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: sensu + puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check + step_config: *step_config + config_image: &sensu_client_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] + kolla_config: + /var/lib/kolla/config_files/sensu-client.json: + command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ + docker_config: + step_3: + sensu_client: + image: *sensu_client_image + net: host + privileged: true + # NOTE(mmagr) kolla image changes the user to 'sensu', we need it + # to be root have rw permission to docker.sock to run successfully + # "docker inspect" command + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/run/docker.sock:/var/run/docker.sock:rw + - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable sensu-client service + tags: step2 + service: name=sensu-client.service state=stopped enabled=no diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml index bfd445d0..075d8d7c 100644 --- a/docker/services/swift-ringbuilder.yaml +++ b/docker/services/swift-ringbuilder.yaml @@ -58,6 +58,14 @@ parameters: default: true description: 'Use a local directory for Swift storage services when building rings' type: boolean + SwiftRingGetTempurl: + default: '' + description: A temporary Swift URL to download rings from. + type: string + SwiftRingPutTempurl: + default: '' + description: A temporary Swift URL to upload rings to. + type: string resources: @@ -75,14 +83,17 @@ outputs: description: Role data for Swift Ringbuilder configuration in containers. value: service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]} - config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]} + config_settings: + map_merge: + - {get_attr: [SwiftRingbuilderBase, role_data, config_settings]} + - tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true step_config: &step_config get_attr: [SwiftRingbuilderBase, role_data, step_config] service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: 'swift' - puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance + puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball step_config: *step_config config_image: list_join: |