aboutsummaryrefslogtreecommitdiffstats
path: root/docker/services
diff options
context:
space:
mode:
Diffstat (limited to 'docker/services')
-rw-r--r--docker/services/ceilometer-agent-central.yaml2
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml1
-rw-r--r--docker/services/cinder-api.yaml1
-rw-r--r--docker/services/cinder-backup.yaml1
-rw-r--r--docker/services/cinder-volume.yaml1
-rw-r--r--docker/services/containers-common.yaml6
-rw-r--r--docker/services/database/mongodb.yaml2
-rw-r--r--docker/services/gnocchi-api.yaml24
-rw-r--r--docker/services/heat-api.yaml1
-rw-r--r--docker/services/keystone.yaml6
-rw-r--r--docker/services/multipathd.yaml10
-rw-r--r--docker/services/nova-api.yaml26
-rw-r--r--docker/services/nova-libvirt.yaml56
-rw-r--r--docker/services/nova-placement.yaml17
-rw-r--r--docker/services/pacemaker/database/mysql.yaml23
15 files changed, 153 insertions, 24 deletions
diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml
index 6caffd15..424c316f 100644
--- a/docker/services/ceilometer-agent-central.yaml
+++ b/docker/services/ceilometer-agent-central.yaml
@@ -115,7 +115,7 @@ outputs:
command:
- '/usr/bin/bootstrap_host_exec'
- 'ceilometer_agent_central'
- - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'"
+ - "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'"
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 1468415e..85fe0608 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -142,6 +142,7 @@ outputs:
ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]}
containerized_deployment: true
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
+ monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
user_config: true
ceph_stable: true
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
index 48faaf9c..900131c9 100644
--- a/docker/services/cinder-api.yaml
+++ b/docker/services/cinder-api.yaml
@@ -160,6 +160,7 @@ outputs:
cinder_api_cron:
image: *cinder_api_image
net: host
+ user: root
privileged: false
restart: always
volumes:
diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml
index 33147d27..ad3b43c2 100644
--- a/docker/services/cinder-backup.yaml
+++ b/docker/services/cinder-backup.yaml
@@ -120,7 +120,6 @@ outputs:
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
index 2ead0d50..eb904c0b 100644
--- a/docker/services/cinder-volume.yaml
+++ b/docker/services/cinder-volume.yaml
@@ -129,7 +129,6 @@ outputs:
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index 71ea8d1f..2c894da5 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -66,5 +66,9 @@ outputs:
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
- if:
- internal_tls_enabled
- - - {get_param: InternalTLSCAFile}
+ - - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
- null
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
index 5ba79b31..86bb6d54 100644
--- a/docker/services/database/mongodb.yaml
+++ b/docker/services/database/mongodb.yaml
@@ -116,6 +116,8 @@ outputs:
with_items:
- /var/log/containers/mongodb
- /var/lib/mongodb
+ metadata_settings:
+ get_attr: [MongodbPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: Stop and disable mongodb service
tags: step2
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index 5129b89f..7c6b6766 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -39,6 +39,10 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ NumberOfStorageSacks:
+ default: 128
+ description: Number of storage sacks to create.
+ type: number
conditions:
@@ -84,6 +88,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
@@ -97,7 +105,7 @@ outputs:
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
- step_3:
+ step_4:
gnocchi_db_sync:
image: *gnocchi_api_image
net: host
@@ -110,8 +118,13 @@ outputs:
-
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
- step_4:
+ - /etc/ceph:/etc/ceph:ro
+ command:
+ str_replace:
+ template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM'
+ params:
+ SACK_NUM: {get_param: NumberOfStorageSacks}
+ step_5:
gnocchi_api:
image: *gnocchi_api_image
net: host
@@ -124,6 +137,7 @@ outputs:
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
- internal_tls_enabled
@@ -141,6 +155,10 @@ outputs:
file:
path: /var/log/containers/gnocchi
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable httpd service
tags: step2
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index 0bc331ca..9e38b060 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -133,6 +133,7 @@ outputs:
heat_api_cron:
image: {get_param: DockerHeatApiImage}
net: host
+ user: root
privileged: false
restart: always
volumes:
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index c461f976..fcc458a2 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -103,7 +103,9 @@ outputs:
merge: true
preserve_properties: true
/var/lib/kolla/config_files/keystone_cron.json:
- command: /usr/sbin/cron -n
+ # FIXME(dprince): this is unused ATM because Kolla hardcodes the
+ # args for the keystone container to -DFOREGROUND
+ command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
@@ -168,9 +170,11 @@ outputs:
keystone_cron:
start_order: 4
image: *keystone_image
+ user: root
net: host
privileged: false
restart: always
+ command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n']
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml
index fc749f37..5e01558a 100644
--- a/docker/services/multipathd.yaml
+++ b/docker/services/multipathd.yaml
@@ -59,11 +59,11 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/multipathd.json:
command: /usr/sbin/multipathd -d
- config_files:
- - source: "/var/lib/kolla/config_files/src-iscsid/*"
- dest: "/"
- merge: true
- preserve_properties: true
+ config_files:
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
multipathd:
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index da461049..45de265e 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -64,9 +71,6 @@ outputs:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
- nova_wsgi_enabled: false
- nova::api::service_name: '%{::nova::params::api_service_name}'
- nova::wsgi::apache_api::ssl: false
step_config: &step_config
list_join:
- "\n"
@@ -82,7 +86,7 @@ outputs:
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
- command: /usr/bin/nova-api
+ command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
@@ -112,7 +116,7 @@ outputs:
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
- command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+ command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova']
step_3:
nova_api_db_sync:
start_order: 0
@@ -163,7 +167,7 @@ outputs:
start_order: 2
image: *nova_api_image
net: host
- user: nova
+ user: root
privileged: true
restart: always
volumes:
@@ -173,6 +177,16 @@ outputs:
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 2f3851a5..916b057e 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -56,7 +56,21 @@ parameters:
description: Port that dockerized nova migration target sshd service
binds to.
type: number
-
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
conditions:
@@ -69,6 +83,15 @@ conditions:
- {get_param: UseTLSTransportForLiveMigration}
- true
+ need_libvirt_secret:
+ or:
+ - equals:
+ - {get_param: NovaEnableRbdBackend}
+ - true
+ - equals:
+ - {get_param: CinderEnableRbdBackend}
+ - true
+
resources:
ContainersCommon:
@@ -102,7 +125,7 @@ outputs:
- {get_attr: [MySQLClient, role_data, step_config]}
puppet_config:
config_volume: nova_libvirt
- puppet_tags: libvirtd_config,nova_config,file,exec
+ puppet_tags: libvirtd_config,nova_config,file
step_config: *step_config
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
@@ -145,21 +168,46 @@ outputs:
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
- - /etc/libvirt/secrets:/etc/libvirt/secrets
+ - /etc/libvirt:/etc/libvirt
# Needed to use host's virtlogd
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- - /etc/libvirt/qemu:/etc/libvirt/qemu
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ step_4:
+ if:
+ - need_libvirt_secret
+ - nova_libvirt_init_secret:
+ detach: false
+ image: {get_param: DockerNovaLibvirtImage}
+ privileged: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
+ - /etc/libvirt:/etc/libvirt
+ - /var/run/libvirt:/var/run/libvirt
+ - /var/lib/libvirt:/var/lib/libvirt
+ command:
+ - /bin/bash
+ - -c
+ - str_replace:
+ template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY'
+ params:
+ SECRET_UUID: {get_param: CephClusterFSID}
+ SECRET_KEY: {get_param: CephClientKey}
+ - {}
host_prep_tasks:
- name: create libvirt persistent data directories
file:
path: "{{ item }}"
state: directory
with_items:
+ - /etc/libvirt
- /etc/libvirt/secrets
- /etc/libvirt/qemu
- /var/lib/libvirt
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index d784ace3..26d17560 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -104,6 +111,16 @@ outputs:
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index 5042b438..a9e49b28 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -32,6 +32,9 @@ parameters:
type: string
hidden: true
default: ''
+ MysqlClustercheckPassword:
+ type: string
+ hidden: true
RoleName:
default: ''
description: Role name on which the service is applied
@@ -151,7 +154,19 @@ outputs:
image: *mysql_image
net: host
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
- command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
+ command:
+ - 'bash'
+ - '-ec'
+ -
+ list_join:
+ - "\n"
+ - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
+ - 'kolla_start'
+ - 'mysqld_safe --skip-networking --wsrep-on=OFF &'
+ - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
+ - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
+ - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"'
+ - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown'
volumes: &mysql_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
@@ -164,6 +179,12 @@ outputs:
- KOLLA_BOOTSTRAP=True
# NOTE(mandre) skip wsrep cluster status check
- KOLLA_KUBERNETES=True
+ - DB_MAX_TIMEOUT=60
+ -
+ list_join:
+ - '='
+ - - 'DB_CLUSTERCHECK_PASSWORD'
+ - {get_param: MysqlClustercheckPassword}
-
list_join:
- '='