summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rw-r--r--docker/README-containers.md9
-rw-r--r--docker/compute-post.yaml201
-rw-r--r--docker/firstboot/install_docker_agents.yaml8
-rw-r--r--docker/firstboot/start_docker_agents.sh14
4 files changed, 188 insertions, 44 deletions
diff --git a/docker/README-containers.md b/docker/README-containers.md
index 0e67c183..ff062a93 100644
--- a/docker/README-containers.md
+++ b/docker/README-containers.md
@@ -12,7 +12,7 @@ Download the fedora atomic image into glance:
```
wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2
-glance image-create --name fedora-atomic --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare
+glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare
```
## Configuring TripleO
@@ -22,7 +22,12 @@ https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh
Create the Overcloud:
```
-$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker-rdo.yaml --libvirt-type=qemu
+$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network.yaml --libvirt-type=qemu
+```
+
+Using Network Isolation in the Overcloud:
+```
+$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network-isolation.yaml --libvirt-type=qemu
```
Source the overcloudrc and then you can use the overcloud.
diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml
index 0d049ebc..8f786f72 100644
--- a/docker/compute-post.yaml
+++ b/docker/compute-post.yaml
@@ -1,5 +1,4 @@
-heat_template_version: 2015-04-30
-
+heat_template_version: 2015-10-15
description: >
OpenStack compute node post deployment for Docker.
@@ -9,6 +8,9 @@ parameters:
NodeConfigIdentifiers:
type: json
description: Value which changes if the node configuration may need to be re-applied
+ DockerNamespace:
+ type: string
+ default: tripleoupstream
DockerComputeImage:
type: string
DockerComputeDataImage:
@@ -23,6 +25,26 @@ parameters:
type: string
DockerOpenvswitchDBImage:
type: string
+ LibvirtConfig:
+ type: string
+ default: "/etc/libvirt/libvirtd.conf"
+ NovaConfig:
+ type: string
+ default: "/etc/nova/nova.conf"
+ NeutronOpenvswitchAgentConfig:
+ type: string
+ default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/ml2/ml2_conf.ini"
+ NeutronAgentConfig:
+ type: string
+ default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
+ NeutronAgentPluginVolume:
+ type: string
+ description: The neutron agent plugin to mount into the neutron-agents container
+ default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro"
+ NeutronAgentOvsVolume:
+ type: string
+ description: The neutron agent ovs agents to mount into the neutron-agents container
+ default: " "
resources:
@@ -67,8 +89,90 @@ resources:
config: {get_resource: CopyEtcConfig}
servers: {get_param: servers}
+ CopyJsonConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ inputs:
+ - name: libvirt_config
+ - name: nova_config
+ - name: neutron_openvswitch_agent_config
+ - name: neutron_agent_config
+ config: |
+ #!/bin/python
+ import json
+ import os
+
+ data = {}
+ file_perms = '600'
+ libvirt_perms = '644'
+
+ libvirt_config = os.getenv('libvirt_config').split(',')
+ nova_config = os.getenv('nova_config').split(',')
+ neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',')
+ neutron_agent_config = os.getenv('neutron_agent_config').split(',')
+
+ # Command, Config_files, Owner, Perms
+ services = {'nova-libvirt': ['/usr/sbin/libvirtd', libvirt_config, 'root', libvirt_perms],
+ 'nova-compute': ['/usr/bin/nova-compute', nova_config, 'nova', file_perms],
+ 'neutron-openvswitch-agent': ['/usr/bin/neutron-openvswitch-agent', neutron_openvswitch_agent_config, 'neutron', file_perms],
+ 'neutron-agent': ['/usr/bin/neutron-openvswitch-agent', neutron_agent_config, 'neutron', file_perms],
+ 'ovs-vswitchd': ['/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/openvswitch/ovs-vswitchd.log'],
+ 'ovsdb-server': ['/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --log-file=/var/log/openvswitch/ovsdb-server.log']
+ }
+
+
+ def build_config_files(config, owner, perms):
+ config_source = '/var/lib/kolla/config_files/'
+ config_files_dict = {}
+ source = os.path.basename(config)
+ dest = config
+ config_files_dict.update({'source': config_source + source,
+ 'dest': dest,
+ 'owner': owner,
+ 'perm': perms})
+ return config_files_dict
+
+
+ for service in services:
+ if service != 'ovs-vswitchd' and service != 'ovsdb-server':
+ command = services.get(service)[0]
+ config_files = services.get(service)[1]
+ owner = services.get(service)[2]
+ perms = services.get(service)[3]
+ config_files_list = []
+ for config_file in config_files:
+ if service == 'nova-libvirt':
+ command = command + ' --config ' + config_file
+ else:
+ command = command + ' --config-file ' + config_file
+ data['command'] = command
+ config_files_dict = build_config_files(config_file, owner, perms)
+ config_files_list.append(config_files_dict)
+ data['config_files'] = config_files_list
+ else:
+ data['command'] = services.get(service)[0]
+ data['config_files'] = []
+
+ json_config_dir = '/var/lib/etc-data/json-config/'
+ with open(json_config_dir + service + '.json', 'w') as json_file:
+ json.dump(data, json_file, sort_keys=True, indent=4, separators=(',', ': '))
+
+ CopyJsonDeployment:
+ type: OS::Heat::SoftwareDeployments
+ depends_on: CopyEtcDeployment
+ properties:
+ config: {get_resource: CopyJsonConfig}
+ servers: {get_param: servers}
+ input_values:
+ libvirt_config: {get_param: LibvirtConfig}
+ nova_config: {get_param: NovaConfig}
+ neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig}
+ neutron_agent_config: {get_param: NeutronAgentConfig}
+
NovaComputeContainersDeploymentOVS:
type: OS::Heat::StructuredDeployments
+ depends_on: CopyJsonDeployment
properties:
config: {get_resource: NovaComputeContainersConfigOVS}
servers: {get_param: servers}
@@ -79,7 +183,10 @@ resources:
group: docker-compose
config:
ovsvswitchd:
- image: {get_param: DockerOvsVswitchdImage}
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ]
container_name: ovs-vswitchd
net: host
privileged: true
@@ -87,18 +194,23 @@ resources:
volumes:
- /run:/run
- /lib/modules:/lib/modules:ro
+ - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json
environment:
- - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
openvswitchdb:
- image: {get_param: DockerOpenvswitchDBImage}
- container_name: ovs-db-server
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ]
+ container_name: ovsdb-server
net: host
restart: always
volumes:
- /run:/run
+ - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json
environment:
- - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
NovaComputeContainersDeploymentNetconfig:
type: OS::Heat::SoftwareDeployments
@@ -122,7 +234,7 @@ resources:
LibvirtContainersDeployment:
type: OS::Heat::StructuredDeployments
- depends_on: [CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig]
+ depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig]
properties:
config: {get_resource: LibvirtContainersConfig}
servers: {get_param: servers}
@@ -133,11 +245,20 @@ resources:
group: docker-compose
config:
computedata:
- image: {get_param: DockerComputeDataImage}
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerComputeDataImage} ]
container_name: computedata
+ volumes:
+ - /var/lib/nova/instances
+ - /var/lib/libvirt
libvirt:
- image: {get_param: DockerLibvirtImage}
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ]
container_name: libvirt
net: host
pid: host
@@ -146,16 +267,17 @@ resources:
volumes:
- /run:/run
- /lib/modules:/lib/modules:ro
- - /var/lib/etc-data/libvirt/libvirtd.conf:/opt/kolla/libvirtd/libvirtd.conf
- - /var/lib/nova/instances:/var/lib/nova/instances
+ - /sys/fs/cgroup:/sys/fs/cgroup
+ - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf
environment:
- - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
volumes_from:
- computedata
NovaComputeContainersDeployment:
type: OS::Heat::StructuredDeployments
- depends_on: [CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment]
+ depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment]
properties:
config: {get_resource: NovaComputeContainersConfig}
servers: {get_param: servers}
@@ -166,7 +288,10 @@ resources:
group: docker-compose
config:
openvswitch:
- image: {get_param: DockerOpenvswitchImage}
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
container_name: openvswitch
net: host
privileged: true
@@ -174,52 +299,58 @@ resources:
volumes:
- /run:/run
- /lib/modules:/lib/modules:ro
+ - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json
- /var/lib/etc-data/neutron/neutron.conf:/etc/kolla/neutron-openvswitch-agent/:ro
- - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/etc/kolla/neutron-openvswitch-agent/:ro
+ - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro
+ - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro
environment:
- - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
volumes_from:
- computedata
- # FIXME: Kolla now uses a JSON model to run custom commands. We rebuilt a custom container to read in KOLLA_COMMAND_ARGS
- # FIXME: Here we're subjugating kolla's start scripts because we want our custom run command
neutronagent:
- image: {get_param: DockerOpenvswitchImage}
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
container_name: neutronagent
net: host
pid: host
privileged: true
restart: always
volumes:
- - /run:/run
- - /lib/modules:/lib/modules:ro
- - /var/lib/etc-data/neutron/neutron.conf:/etc/neutron/neutron.conf:ro
- - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:ro
+ str_split:
+ - ","
+ - list_join:
+ - ","
+ - [ "/run:/run", "/lib/modules:/lib/modules:ro",
+ "/var/lib/etc-data/json-config/neutron-agent.json:/var/lib/kolla/config_files/config.json",
+ "/var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro",
+ {get_param: NeutronAgentPluginVolume},
+ {get_param: NeutronAgentOvsVolume} ]
environment:
- - KOLLA_CONFIG_STRATEGY=CONFIG_EXTERNAL_COPY_ALWAYS
- # FIXME: Kolla now uses a JSON model to run custom commands. We rebuilt a custom container to read in KOLLA_COMMAND_ARGS
- - KOLLA_COMMAND_ARGS=--config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
volumes_from:
- computedata
novacompute:
- image: {get_param: DockerComputeImage}
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerComputeImage} ]
container_name: novacompute
net: host
privileged: true
restart: always
volumes:
- /run:/run
- - /sys/fs/cgroup:/sys/fs/cgroup
- /lib/modules:/lib/modules:ro
- - /var/lib/etc-data/:/etc/:ro
- - /var/lib/nova/instances:/var/lib/nova/instances
+ - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
volumes_from:
- computedata
- # FIXME: this skips the kolla start.sh script and just starts Nova
- # Ideally we'd have an environment that switched the kolla container
- # to be externally configured.
- command: /usr/bin/nova-compute
ExtraConfig:
depends_on: NovaComputeContainersDeployment
diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml
index 8adc8939..22a8ff92 100644
--- a/docker/firstboot/install_docker_agents.yaml
+++ b/docker/firstboot/install_docker_agents.yaml
@@ -4,6 +4,12 @@ parameters:
DockerAgentImage:
type: string
default: dprince/heat-docker-agents-centos
+ DockerNamespace:
+ type: string
+ default: kollaglue
+ DockerNamespaceIsRegistry:
+ type: boolean
+ default: false
resources:
@@ -21,6 +27,8 @@ resources:
str_replace:
params:
$agent_image: {get_param: DockerAgentImage}
+ $docker_registry: {get_param: DockerNamespace}
+ $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry}
template: {get_file: ./start_docker_agents.sh}
outputs:
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index caf511bd..a0e95d11 100644
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -7,7 +7,7 @@ if ! hostname | grep compute &>/dev/null; then
exit 0
fi
-mkdir -p /var/lib/etc-data/ #FIXME: this should be a docker data container
+mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
# heat-docker-agents service
cat <<EOF > /etc/systemd/system/heat-docker-agents.service
@@ -38,23 +38,23 @@ EOF
#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
# Local docker registry 1.8
-#/bin/sed -i s/ADD_REGISTRY/#ADD_REGISTRY/ /etc/sysconfig/docker
+if [ $docker_namespace_is_registry ]; then
+ /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry '/INSECURE_REGISTRY='--insecure-registry $docker_registry'/g" /etc/sysconfig/docker
+fi
/sbin/setenforce 0
/sbin/modprobe ebtables
-# Create /var/lib/etc-data for now. FIXME: This should go into a data container.
-#mkdir -p /var/lib/etc-data
-
echo nameserver 8.8.8.8 > /etc/resolv.conf
# We need hostname -f to return in a centos container for the puppet hook
HOSTNAME=$(hostname)
echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-# Another hack.. we need latest docker..
+# Another hack.. we need a different docker version
+# (should obviously be dropped once the atomic image contains docker 1.8.2)
/usr/bin/systemctl stop docker.service
-/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-latest
+/bin/curl -o /tmp/docker https://get.docker.com/builds/Linux/x86_64/docker-1.8.2
/bin/mount -o remount,rw /usr
/bin/rm /bin/docker
/bin/cp /tmp/docker /bin/docker