diff options
Diffstat (limited to 'docker')
33 files changed, 1016 insertions, 128 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 157bf63f..0f079436 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -210,6 +210,11 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume dcmd.extend(['--entrypoint', sh_script]) env = {} + # NOTE(flaper87): Always copy the DOCKER_* environment variables as + # they contain the access data for the docker daemon. + for k in filter(lambda k: k.startswith('DOCKER'), os.environ.keys()): + env[k] = os.environ.get(k) + if os.environ.get('NET_HOST', 'false') == 'true': print('NET_HOST enabled') dcmd.extend(['--net', 'host', '--volume', diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 2f5953d3..301d838f 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -123,6 +123,32 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}CreateConfigDir} + {{role.name}}HostPrepAnsible: + type: OS::Heat::Value + properties: + value: + str_replace: + template: CONFIG + params: + CONFIG: + - hosts: localhost + connection: local + tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]} + + {{role.name}}HostPrepConfig: + type: OS::Heat::SoftwareConfig + properties: + group: ansible + options: + modulepath: /usr/share/ansible-modules + config: {get_attr: [{{role.name}}HostPrepAnsible, value]} + + {{role.name}}HostPrepDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}HostPrepConfig} + # this creates a JSON config file for our docker-puppet.py script {{role.name}}GenPuppetConfig: type: OS::Heat::StructuredConfig @@ -146,7 +172,7 @@ resources: {{role.name}}GenerateConfigDeployment: type: OS::Heat::SoftwareDeploymentGroup - depends_on: [{{role.name}}GenPuppetDeployment, {{role.name}}ArtifactsDeploy, {{role.name}}CreateConfigDirDeployment] + depends_on: [{{role.name}}GenPuppetDeployment, {{role.name}}ArtifactsDeploy, {{role.name}}CreateConfigDirDeployment, {{role.name}}HostPrepDeployment] properties: name: {{role.name}}GenerateConfigDeployment servers: {get_param: [servers, {{role.name}}]} diff --git a/docker/services/README.rst b/docker/services/README.rst index 219f35eb..465e4abe 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -23,7 +23,7 @@ puppet (our configuration tool of choice) into the Kolla base images. The undercloud nova-scheduler also requires openstack-tripleo-common to provide custom filters. -To build Kolla images for TripleO adjust your kolla config to build your +To build Kolla images for TripleO adjust your kolla config [*]_ to build your centos base image with puppet using the example below: .. code-block:: @@ -37,6 +37,10 @@ kolla-build --base centos --template-override template-overrides.j2 .. +.. [*] See the + `override file <https://github.com/openstack/tripleo-common/blob/master/contrib/tripleo_kolla_template_overrides.j2>`_ + which can be used to build Kolla packages that work with TripleO, and an + `example build script <https://github.com/dprince/undercloud_containers/blob/master/build_kolla.sh>_. Docker settings --------------- diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml new file mode 100644 index 00000000..ca410d6d --- /dev/null +++ b/docker/services/aodh-api.yaml @@ -0,0 +1,123 @@ +heat_template_version: ocata + +description: > + OpenStack containerized aodh service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerAodhApiImage: + description: image + default: 'centos-binary-aodh-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + AodhApiPuppetBase: + type: ../../puppet/services/aodh-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the aodh API role. + value: + service_name: {get_attr: [AodhApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [AodhApiPuppetBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [AodhApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: aodh + puppet_tags: aodh_api_paste_ini,aodh_config + step_config: *step_config + config_image: &aodh_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] + kolla_config: + /var/lib/kolla/config_files/aodh-api.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/aodh/aodh.conf + owner: aodh + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf + - dest: /etc/httpd/conf.d/10-aodh_wsgi.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-aodh_wsgi.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + - dest: /var/www/cgi-bin/aodh/app + owner: aodh + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/aodh/app + docker_config: + step_3: + aodh-init-log: + start_order: 0 + image: *aodh_image + user: root + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/aodh && chown aodh:aodh /var/log/aodh'] + volumes: + - logs:/var/log + aodh_db_sync: + start_order: 1 + image: *aodh_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log + command: /usr/bin/aodh-dbsync + step_4: + aodh-api: + image: *aodh_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/aodh/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable aodh service (running under httpd) + tags: step2 + service: name=httpd state=stopped enabled=no diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml new file mode 100644 index 00000000..d3c8c595 --- /dev/null +++ b/docker/services/aodh-evaluator.yaml @@ -0,0 +1,84 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Aodh Evaluator service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerAodhEvaluatorImage: + description: image + default: 'centos-binary-aodh-evaluator:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + AodhEvaluatorBase: + type: ../../puppet/services/aodh-evaluator.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Aodh API role. + value: + service_name: {get_attr: [AodhEvaluatorBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [AodhEvaluatorBase, role_data, config_settings] + step_config: &step_config + get_attr: [AodhEvaluatorBase, role_data, step_config] + service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: aodh + puppet_tags: aodh_config + step_config: *step_config + config_image: &aodh_evaluator_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] + kolla_config: + /var/lib/kolla/config_files/aodh-evaluator.json: + command: /usr/bin/aodh-evaluator + config_files: + - dest: /etc/aodh/aodh.conf + owner: aodh + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf + docker_config: + step_4: + aodh_evaluator: + image: *aodh_evaluator_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-aodh-evaluator service + tags: step2 + service: name=openstack-aodh-evaluator.service state=stopped enabled=no diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml new file mode 100644 index 00000000..7aa9618d --- /dev/null +++ b/docker/services/aodh-listener.yaml @@ -0,0 +1,84 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Aodh Listener service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerAodhListenerImage: + description: image + default: 'centos-binary-aodh-listener:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + AodhListenerBase: + type: ../../puppet/services/aodh-listener.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Aodh API role. + value: + service_name: {get_attr: [AodhListenerBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [AodhListenerBase, role_data, config_settings] + step_config: &step_config + get_attr: [AodhListenerBase, role_data, step_config] + service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: aodh + puppet_tags: aodh_config + step_config: *step_config + config_image: &aodh_listener_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] + kolla_config: + /var/lib/kolla/config_files/aodh-listener.json: + command: /usr/bin/aodh-listener + config_files: + - dest: /etc/aodh/aodh.conf + owner: aodh + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf + docker_config: + step_4: + aodh_listener: + image: *aodh_listener_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-aodh-listener service + tags: step2 + service: name=openstack-aodh-listener.service state=stopped enabled=no diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml new file mode 100644 index 00000000..f525d6bd --- /dev/null +++ b/docker/services/aodh-notifier.yaml @@ -0,0 +1,84 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Aodh Notifier service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerAodhNotifierImage: + description: image + default: 'centos-binary-aodh-notifier:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + AodhNotifierBase: + type: ../../puppet/services/aodh-notifier.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Aodh API role. + value: + service_name: {get_attr: [AodhNotifierBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [AodhNotifierBase, role_data, config_settings] + step_config: &step_config + get_attr: [AodhNotifierBase, role_data, step_config] + service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: aodh + puppet_tags: aodh_config + step_config: *step_config + config_image: &aodh_notifier_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] + kolla_config: + /var/lib/kolla/config_files/aodh-notifier.json: + command: /usr/bin/aodh-notifier + config_files: + - dest: /etc/aodh/aodh.conf + owner: aodh + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf + docker_config: + step_4: + aodh_notifier: + image: *aodh_notifier_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-aodh-notifier service + tags: step2 + service: name=openstack-aodh-notifier.service state=stopped enabled=no diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 68a64a7d..15795828 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -73,7 +73,16 @@ outputs: perm: '0600' docker_config: step_2: + mongodb_data_ownership: + start_order: 0 + image: *mongodb_image + net: host + user: root + command: ['chown', '-R', 'mongodb:', '/var/lib/mongodb'] + volumes: + - /var/lib/mongodb:/var/lib/mongodb mongodb: + start_order: 1 image: *mongodb_image net: host privileged: false @@ -82,7 +91,7 @@ outputs: - /var/lib/config-data/mongodb/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - logs:/var/log/kolla - - mongodb:/var/lib/mongodb/ + - /var/lib/mongodb:/var/lib/mongodb environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -91,13 +100,15 @@ outputs: config_volume: 'mongodb_init_tasks' puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset' step_config: 'include ::tripleo::profile::base::database::mongodb' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + config_image: *mongodb_image volumes: - - "mongodb:/var/lib/mongodb/" - - "logs:/var/log/kolla:ro" + - /var/lib/mongodb:/var/lib/mongodb + - logs:/var/log/kolla:ro + host_prep_tasks: + - name: create /var/lib/mongodb + file: + path: /var/lib/mongodb + state: directory upgrade_tasks: - name: Stop and disable mongodb service tags: step2 diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 46b856e3..0ffd0336 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -82,17 +82,29 @@ outputs: perm: '0644' docker_config: step_2: - mysql_bootstrap: + mysql_data_ownership: start_order: 0 detach: false image: *mysql_image net: host + user: root + # Kolla does only non-recursive chown + command: ['chown', '-R', 'mysql:', '/var/lib/mysql'] + volumes: + - /var/lib/mysql:/var/lib/mysql + mysql_bootstrap: + start_order: 1 + detach: false + image: *mysql_image + net: host + # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done + command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - - mariadb:/var/lib/mysql/ + - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -110,7 +122,7 @@ outputs: - {get_param: MysqlRootPassword} - {get_param: [DefaultPasswords, mysql_root_password]} mysql: - start_order: 1 + start_order: 2 image: *mysql_image restart: always net: host @@ -123,13 +135,15 @@ outputs: config_volume: 'mysql_init_tasks' puppet_tags: 'mysql_database,mysql_grant,mysql_user' step_config: 'include ::tripleo::profile::base::database::mysql' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + config_image: *mysql_image volumes: - - "mariadb:/var/lib/mysql/:ro" + - "/var/lib/mysql:/var/lib/mysql/:ro" - "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf + host_prep_tasks: + - name: create /var/lib/mysql + file: + path: /var/lib/mysql + state: directory upgrade_tasks: - name: Stop and disable mysql service tags: step2 diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml new file mode 100644 index 00000000..a64d1507 --- /dev/null +++ b/docker/services/gnocchi-api.yaml @@ -0,0 +1,118 @@ +heat_template_version: ocata + +description: > + OpenStack containerized gnocchi service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerGnocchiApiImage: + description: image + default: 'centos-binary-gnocchi-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + GnocchiApiPuppetBase: + type: ../../puppet/services/gnocchi-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the gnocchi API role. + value: + service_name: {get_attr: [GnocchiApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [GnocchiApiPuppetBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [GnocchiApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [GnocchiApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: gnocchi + puppet_tags: gnocchi_api_paste_ini,gnocchi_config + step_config: *step_config + config_image: &gnocchi_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] + kolla_config: + /var/lib/kolla/config_files/gnocchi-api.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/gnocchi/gnocchi.conf + owner: gnocchi + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf + - dest: /etc/httpd/conf.d/10-gnocchi_wsgi.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-gnocchi_wsgi.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + - dest: /var/www/cgi-bin/gnocchi/app + owner: gnocchi + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/gnocchi/app + docker_config: + step_3: + gnocchi-init-log: + start_order: 0 + image: *gnocchi_image + user: root + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/gnocchi && chown gnocchi:gnocchi /var/log/gnocchi'] + volumes: + - logs:/var/log + gnocchi_db_sync: + start_order: 1 + image: *gnocchi_image + net: host + detach: false + privileged: false + volumes: + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log + command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"] + step_4: + gnocchi-api: + image: *gnocchi_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml new file mode 100644 index 00000000..6437e942 --- /dev/null +++ b/docker/services/gnocchi-metricd.yaml @@ -0,0 +1,78 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Gnocchi Metricd service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerGnocchiMetricdImage: + description: image + default: 'centos-binary-gnocchi-metricd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + GnocchiMetricdBase: + type: ../../puppet/services/gnocchi-metricd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Gnocchi API role. + value: + service_name: {get_attr: [GnocchiMetricdBase, role_data, service_name]} + config_settings: {get_attr: [GnocchiMetricdBase, role_data, config_settings]} + step_config: &step_config + get_attr: [GnocchiMetricdBase, role_data, step_config] + service_config_settings: {get_attr: [GnocchiMetricdBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: gnocchi + puppet_tags: gnocchi_config + step_config: *step_config + config_image: &gnocchi_metricd_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] + kolla_config: + /var/lib/kolla/config_files/gnocchi-metricd.json: + command: /usr/bin/gnocchi-metricd + config_files: + - dest: /etc/gnocchi/gnocchi.conf + owner: gnocchi + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf + docker_config: + step_4: + gnocchi_metricd: + image: *gnocchi_metricd_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml new file mode 100644 index 00000000..32c16521 --- /dev/null +++ b/docker/services/gnocchi-statsd.yaml @@ -0,0 +1,78 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Gnocchi Statsd service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerGnocchiStatsdImage: + description: image + default: 'centos-binary-gnocchi-statsd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + GnocchiStatsdBase: + type: ../../puppet/services/gnocchi-statsd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Gnocchi API role. + value: + service_name: {get_attr: [GnocchiStatsdBase, role_data, service_name]} + config_settings: {get_attr: [GnocchiStatsdBase, role_data, config_settings]} + step_config: &step_config + get_attr: [GnocchiStatsdBase, role_data, step_config] + service_config_settings: {get_attr: [GnocchiStatsdBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: gnocchi + puppet_tags: gnocchi_config + step_config: *step_config + config_image: &gnocchi_statsd_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] + kolla_config: + /var/lib/kolla/config_files/gnocchi-statsd.json: + command: /usr/bin/gnocchi-statsd + config_files: + - dest: /etc/gnocchi/gnocchi.conf + owner: gnocchi + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf + docker_config: + step_4: + gnocchi_statsd: + image: *gnocchi_statsd_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 2a27efb4..85ad9212 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-heat-api-cfn:latest' type: string # we configure all heat services in the same heat engine container - DockerHeatEngineImage: + DockerHeatConfigImage: description: image default: 'centos-binary-heat-engine:latest' type: string @@ -62,7 +62,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_api_cfn.json: command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index c429870b..12884f56 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-heat-api:latest' type: string # we configure all heat services in the same heat engine container - DockerHeatEngineImage: + DockerHeatConfigImage: description: image default: 'centos-binary-heat-engine:latest' type: string @@ -62,7 +62,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_api.json: command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 8c18a160..678b8c27 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -50,6 +50,7 @@ outputs: - get_attr: [IronicConductorBase, role_data, config_settings] # to avoid hard linking errors we store these on the same # volume/device as the ironic master_path + # https://github.com/docker/docker/issues/7457 - ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot - ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images - ironic::pxe::tftp_root: /var/lib/ironic/tftpboot @@ -84,18 +85,12 @@ outputs: recurse: true docker_config: step_4: - ironic-init-dirs: - image: &ironic_image + ironic_conductor: + start_order: 80 + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ] - user: root - command: ['/bin/bash', '-c', 'mkdir /var/lib/ironic/httpboot && mkdir /var/lib/ironic/tftpboot'] - volumes: - - ironic:/var/lib/ironic - ironic_conductor: - start_order: 80 - image: *ironic_image net: host privileged: true restart: always @@ -108,9 +103,42 @@ outputs: - /sys:/sys - /dev:/dev - /run:/run #shared? - - ironic:/var/lib/ironic + - /var/lib/ironic:/var/lib/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create ironic persistent data directory + file: + path: /var/lib/ironic + state: directory + - name: stat /httpboot + stat: path=/httpboot + register: stat_httpboot + - name: stat /tftpboot + stat: path=/tftpboot + register: stat_tftpboot + - name: stat /var/lib/ironic/httpboot + stat: path=/var/lib/ironic/httpboot + register: stat_ironic_httpboot + - name: stat /var/lib/ironic/tftpboot + stat: path=/var/lib/ironic/tftpboot + register: stat_ironic_tftpboot + # cannot use 'copy' module as with 'remote_src' it doesn't support recursion + - name: migrate /httpboot to containerized (if applicable) + command: /bin/cp -R /httpboot /var/lib/ironic/httpboot + when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists + - name: migrate /tftpboot to containerized (if applicable) + command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot + when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists + # Even if there was nothing to copy from original locations, + # we need to create the dirs before starting the containers + - name: ensure ironic pxe directories exist + file: + path: /var/lib/ironic/{{ item }} + state: directory + with_items: + - httpboot + - tftpboot upgrade_tasks: - name: Stop and disable ironic_conductor service tags: step2 diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index 370b665e..c6607094 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -112,7 +112,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /dev/log:/dev/log - - ironic:/var/lib/ironic/ + - /var/lib/ironic:/var/lib/ironic/ environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS ironic_pxe_http: @@ -127,6 +127,11 @@ outputs: - /var/lib/config-data/ironic/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - - ironic:/var/lib/ironic/ + - /var/lib/ironic:/var/lib/ironic/ environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create ironic persistent data directory + file: + path: /var/lib/ironic + state: directory diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index bd3a010e..63713677 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -30,6 +30,12 @@ parameters: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true + KeystoneTokenProvider: + description: The keystone token format + type: string + default: 'uuid' + constraints: + - allowed_values: ['uuid', 'fernet'] resources: @@ -40,6 +46,9 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} +conditions: + keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} + outputs: role_data: description: Role data for the Keystone API role. @@ -80,6 +89,16 @@ outputs: owner: keystone perm: '0600' source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1 + - dest: /etc/keystone/fernet-keys/0 + owner: keystone + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/0 + optional: {if: [keystone_fernet_tokens, false, true]} + - dest: /etc/keystone/fernet-keys/1 + owner: keystone + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/1 + optional: {if: [keystone_fernet_tokens, false, true]} - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf owner: root perm: '0644' @@ -149,11 +168,10 @@ outputs: config_volume: 'keystone_init_tasks' puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' step_config: 'include ::tripleo::profile::base::keystone' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + config_image: *keystone_image upgrade_tasks: - name: Stop and disable keystone service (running under httpd) tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [KeystoneBase, role_data, metadata_settings] diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index fd72e344..db2721bd 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -72,7 +72,7 @@ outputs: docker_config: step_4: mistral_engine: - image: &mistral_engine_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ] diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 0274ff48..d68830ed 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -72,7 +72,7 @@ outputs: docker_config: step_4: mistral_executor: - image: &mistral_executor_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ] diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index a4854d90..9be13ad3 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -8,7 +8,7 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerNeutronApiImage: + DockerNeutronDHCPImage: description: image default: 'centos-binary-neutron-dhcp-agent:latest' type: string @@ -76,10 +76,10 @@ outputs: docker_config: step_4: neutron_dhcp: - image: &neutron_dhcp_image + image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronDHCPImage} ] net: host pid: host privileged: true diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index 61ad8f4a..db4fa863 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -72,7 +72,7 @@ outputs: docker_config: step_4: neutronl3agent: - image: &neutron_l3_agent_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ] diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 1c57bbf5..9e203b7a 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -12,7 +12,7 @@ parameters: description: image default: 'centos-binary-nova-api:latest' type: string - DockerNovaBaseImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-base:latest' type: string @@ -60,7 +60,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_api.json: command: /usr/bin/nova-api diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 7fc00b47..957eed7f 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -83,6 +83,15 @@ outputs: - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova - - libvirtd:/var/lib/libvirt + - /var/lib/libvirt:/var/lib/libvirt environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/libvirt + file: + path: /var/lib/libvirt + state: directory + upgrade_tasks: + - name: Stop and disable nova-compute service + tags: step2 + service: name=nova-compute state=stopped enabled=no diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 09a6d0f6..f85cf546 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -12,7 +12,7 @@ parameters: description: image default: 'centos-binary-nova-conductor:latest' type: string - DockerNovaBaseImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-base:latest' type: string @@ -58,7 +58,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_conductor.json: command: /usr/bin/nova-conductor diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index d3c0af44..3d849f59 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -12,7 +12,7 @@ parameters: description: image default: 'centos-binary-nova-compute-ironic:latest' type: string - DockerNovaBaseImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-base:latest' type: string @@ -54,7 +54,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_ironic.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf @@ -85,6 +85,10 @@ outputs: - /run:/run - /dev:/dev - /etc/iscsi:/etc/iscsi - - nova_compute:/var/lib/nova/ + - /var/lib/nova/:/var/lib/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable nova-compute service + tags: step2 + service: name=nova-compute state=stopped enabled=no diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index e25b2014..480bb80e 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -14,7 +14,7 @@ parameters: type: string # we configure libvirt via the nova-compute container due to coupling # in the puppet modules - DockerNovaComputeImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-compute:latest' type: string @@ -57,7 +57,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova-libvirt.json: command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf @@ -88,7 +88,19 @@ outputs: - /var/lib/nova:/var/lib/nova # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - - libvirtd:/var/lib/libvirt - - nova_libvirt_qemu:/etc/libvirt/qemu + - /var/lib/libvirt:/var/lib/libvirt + - /etc/libvirt/qemu:/etc/libvirt/qemu environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create libvirt persistent data directories + file: + path: "{{ item }}" + state: directory + with_items: + - /etc/libvirt/qemu + - /var/lib/libvirt + upgrade_tasks: + - name: Stop and disable libvirtd service + tags: step2 + service: name=libvirtd state=stopped enabled=no diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 0f32e33f..e49839b5 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -53,7 +53,7 @@ outputs: config_volume: nova_placement puppet_tags: nova_config step_config: *step_config - config_image: + config_image: &nova_placement_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] @@ -92,10 +92,7 @@ outputs: step_3: nova_placement: start_order: 1 - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + image: *nova_placement_image net: host user: root restart: always diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 0b64ca37..de1199e1 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -12,7 +12,7 @@ parameters: description: image default: 'centos-binary-nova-scheduler:latest' type: string - DockerNovaBaseImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-base:latest' type: string @@ -57,7 +57,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_scheduler.json: command: /usr/bin/nova-scheduler diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml new file mode 100644 index 00000000..32efc5d7 --- /dev/null +++ b/docker/services/panko-api.yaml @@ -0,0 +1,119 @@ +heat_template_version: ocata + +description: > + OpenStack Panko service configured with docker + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerPankoApiImage: + description: image + default: 'centos-binary-panko-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + PankoApiPuppetBase: + type: ../../puppet/services/panko-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Panko API role. + value: + service_name: {get_attr: [PankoApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [PankoApiPuppetBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [PankoApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: panko + puppet_tags: panko_api_paste_ini,panko_config + step_config: *step_config + config_image: &panko_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] + kolla_config: + /var/lib/kolla/config_files/panko-api.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/httpd/conf.d/10-panko_wsgi.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-panko_wsgi.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + - dest: /etc/panko/panko.conf + owner: panko + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/panko/panko.conf + - dest: /var/www/cgi-bin/panko/app + owner: panko + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/panko/app + docker_config: + step_3: + panko-init-log: + start_order: 0 + image: *panko_image + user: root + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/panko && chown panko:panko /var/log/panko'] + volumes: + - logs:/var/log + panko_db_sync: + start_order: 1 + image: *panko_image + net: host + detach: false + privileged: false + volumes: + - /var/lib/config-data/panko/etc/panko:/etc/panko:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log + command: /usr/bin/panko-dbsync + step_4: + panko_api: + start_order: 2 + image: *panko_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/panko/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/panko/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 573ec178..341ec3de 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -90,7 +90,7 @@ outputs: - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - - rabbitmq:/var/lib/rabbitmq/ + - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -116,9 +116,14 @@ outputs: - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - - rabbitmq:/var/lib/rabbitmq/ + - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/rabbitmq + file: + path: /var/lib/rabbitmq + state: directory upgrade_tasks: - name: Stop and disable rabbitmq service tags: step2 diff --git a/docker/services/services.yaml b/docker/services/services.yaml index 892da77c..84c56b5b 100644 --- a/docker/services/services.yaml +++ b/docker/services/services.yaml @@ -74,6 +74,11 @@ outputs: {get_attr: [ServiceChain, role_data, docker_config]} docker_puppet_tasks: {get_attr: [ServiceChain, role_data, docker_puppet_tasks]} + host_prep_tasks: + yaql: + # Note we use distinct() here to filter any identical tasks + expression: $.data.where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} upgrade_tasks: yaql: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 93e21c81..0d7cd7b9 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -72,10 +72,15 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /srv/node + file: + path: /srv/node + state: directory upgrade_tasks: - name: Stop and disable swift_proxy service tags: step2 diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 8e76504c..301ef69b 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -62,7 +62,7 @@ outputs: config_volume: swift puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config step_config: *step_config - config_image: + config_image: &swift_proxy_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] @@ -99,20 +99,17 @@ outputs: # volume during the configuration stage. We just need to create this # directory and make sure it's owned by swift. swift_setup_srv: - image: + image: &swift_account_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] user: root - command: ['/bin/bash', '-c', 'mkdir /srv/node && chown swift:swift /srv/node'] + command: ['chown', '-R', 'swift:', '/srv/node'] volumes: - - swift-srv:/srv + - /srv/node:/srv/node step_4: swift_account_auditor: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: *swift_account_image net: host user: swift restart: always @@ -123,15 +120,12 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: &kolla_env - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS swift_account_reaper: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: *swift_account_image net: host user: swift restart: always @@ -142,14 +136,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_account_replicator: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: *swift_account_image net: host user: swift restart: always @@ -160,14 +151,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_account_server: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: *swift_account_image net: host user: swift restart: always @@ -178,11 +166,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_auditor: - image: + image: &swift_container_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] @@ -196,14 +184,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_replicator: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + image: *swift_container_image net: host user: swift restart: always @@ -214,14 +199,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_updater: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + image: *swift_container_image net: host user: swift restart: always @@ -232,14 +214,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_server: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + image: *swift_container_image net: host user: swift restart: always @@ -250,11 +229,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_auditor: - image: + image: &swift_object_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] @@ -268,14 +247,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_expirer: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + image: *swift_proxy_image net: host user: swift restart: always @@ -286,14 +262,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_replicator: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + image: *swift_object_image net: host user: swift restart: always @@ -304,14 +277,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_updater: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + image: *swift_object_image net: host user: swift restart: always @@ -322,14 +292,11 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_server: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + image: *swift_object_image net: host user: swift restart: always @@ -340,9 +307,14 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env + host_prep_tasks: + - name: create /srv/node + file: + path: /srv/node + state: directory upgrade_tasks: - name: Stop and disable swift storage services tags: step2 |