diff options
Diffstat (limited to 'docker')
84 files changed, 4982 insertions, 516 deletions
diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml new file mode 100644 index 00000000..87587a4b --- /dev/null +++ b/docker/deploy-steps-playbook.yaml @@ -0,0 +1,51 @@ +- hosts: localhost + connection: local + tasks: + ##################################################### + # Per step puppet configuration of the baremetal host + ##################################################### + - name: Write the config_step hieradata + copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true + - name: Run puppet host configuration for step {{step}} + # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3 + # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp + ###################################### + # Generate config via docker-puppet.py + ###################################### + - name: Run docker-puppet tasks (generate config) + shell: python /var/lib/docker-puppet/docker-puppet.py + environment: + NET_HOST: 'true' + DEBUG: '{{docker_puppet_debug}}' + when: step == "1" + changed_when: false + check_mode: no + ################################################## + # Per step starting of the containers using paunch + ################################################## + - name: Check if /var/lib/hashed-tripleo-config/docker-container-startup-config-step_{{step}}.json exists + stat: + path: /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json + register: docker_config_json + # Note docker-puppet.py generates the hashed-*.json file, which is a copy of + # the *step_n.json with a hash of the generated external config added + # This acts as a salt to enable restarting the container if config changes + - name: Start containers for step {{step}} + command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} + when: docker_config_json.stat.exists + changed_when: false + check_mode: no + ######################################################## + # Bootstrap tasks, only performed on bootstrap_server_id + ######################################################## + - name: Run docker-puppet tasks (bootstrap tasks) + shell: python /var/lib/docker-puppet/docker-puppet.py + environment: + CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + NET_HOST: "true" + NO_ARCHIVE: "true" + STEP: "{{step}}" + when: deploy_server_id == bootstrap_server_id + changed_when: false + check_mode: no diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 49dd00cd..430aa88b 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -18,18 +18,24 @@ # that can be used to generate config files or run ad-hoc puppet modules # inside of a container. +import glob import json import logging import os +import sys import subprocess import sys import tempfile import multiprocessing log = logging.getLogger() -log.setLevel(logging.DEBUG) ch = logging.StreamHandler(sys.stdout) -ch.setLevel(logging.DEBUG) +if os.environ.get('DEBUG', False): + log.setLevel(logging.DEBUG) + ch.setLevel(logging.DEBUG) +else: + log.setLevel(logging.INFO) + ch.setLevel(logging.INFO) formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s') ch.setFormatter(formatter) log.addHandler(ch) @@ -55,6 +61,28 @@ def pull_image(name): log.debug(cmd_stderr) +def match_config_volume(prefix, config): + # Match the mounted config volume - we can't just use the + # key as e.g "novacomute" consumes config-data/nova + volumes = config.get('volumes', []) + config_volume=None + for v in volumes: + if v.startswith(prefix): + config_volume = os.path.relpath( + v.split(":")[0], prefix).split("/")[0] + break + return config_volume + + +def get_config_hash(prefix, config_volume): + hashfile = os.path.join(prefix, "%s.md5sum" % config_volume) + hash_data = None + if os.path.isfile(hashfile): + with open(hashfile) as f: + hash_data = f.read().rstrip() + return hash_data + + def rm_container(name): if os.environ.get('SHOW_DIFF', None): log.info('Diffing container: %s' % name) @@ -121,11 +149,11 @@ for service in (json_data or []): if not manifest or not config_image: continue - log.debug('config_volume %s' % config_volume) - log.debug('puppet_tags %s' % puppet_tags) - log.debug('manifest %s' % manifest) - log.debug('config_image %s' % config_image) - log.debug('volumes %s' % volumes) + log.info('config_volume %s' % config_volume) + log.info('puppet_tags %s' % puppet_tags) + log.info('manifest %s' % manifest) + log.info('config_image %s' % config_image) + log.info('volumes %s' % volumes) # We key off of config volume for all configs. if config_volume in configs: # Append puppet tags and manifest. @@ -166,33 +194,34 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume if [ -n "$PUPPET_TAGS" ]; then TAGS="--tags \"$PUPPET_TAGS\"" fi + + # workaround LP1696283 + mkdir -p /etc/ssh + touch /etc/ssh/ssh_known_hosts + FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp # Disables archiving if [ -z "$NO_ARCHIVE" ]; then - rm -Rf /var/lib/config-data/${NAME} - - # copying etc should be enough for most services - mkdir -p /var/lib/config-data/${NAME}/etc - cp -a /etc/* /var/lib/config-data/${NAME}/etc/ - - if [ -d /root/ ]; then - cp -a /root/ /var/lib/config-data/${NAME}/root/ - fi - if [ -d /var/lib/ironic/tftpboot/ ]; then - mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/ - cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/tftpboot/ - fi - if [ -d /var/lib/ironic/httpboot/ ]; then - mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/ - cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/httpboot/ - fi - - # apache services may files placed in /var/www/ - if [ -d /var/www/ ]; then - mkdir -p /var/lib/config-data/${NAME}/var/www - cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/ - fi + archivedirs=("/etc" "/root" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www") + rsync_srcs="" + for d in "${archivedirs[@]}"; do + if [ -d "$d" ]; then + rsync_srcs+=" $d" + fi + done + rsync -a -R --delay-updates --delete-after $rsync_srcs /var/lib/config-data/${NAME} + + # Also make a copy of files modified during puppet run + # This is useful for debugging + mkdir -p /var/lib/config-data/puppet-generated/${NAME} + rsync -a -R -0 --delay-updates --delete-after \ + --files-from=<(find $rsync_srcs -newer /etc/ssh/ssh_known_hosts -print0) \ + / /var/lib/config-data/puppet-generated/${NAME} + + # Write a checksum of the config-data dir, this is used as a + # salt to trigger container restart when the config changes + tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum fi """) @@ -247,13 +276,17 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env) cmd_stdout, cmd_stderr = subproc.communicate() - if cmd_stdout: - log.debug(cmd_stdout) - if cmd_stderr: - log.debug(cmd_stderr) if subproc.returncode != 0: log.error('Failed running docker-puppet.py for %s' % config_volume) + if cmd_stdout: + log.error(cmd_stdout) + if cmd_stderr: + log.error(cmd_stderr) else: + if cmd_stdout: + log.debug(cmd_stdout) + if cmd_stderr: + log.debug(cmd_stderr) # only delete successful runs, for debugging rm_container('docker-puppet-%s' % config_volume) return subproc.returncode @@ -293,5 +326,30 @@ for returncode, config_volume in zip(returncodes, config_volumes): log.error('ERROR configuring %s' % config_volume) success = False + +# Update the startup configs with the config hash we generated above +config_volume_prefix = os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data') +log.debug('CONFIG_VOLUME_PREFIX: %s' % config_volume_prefix) +startup_configs = os.environ.get('STARTUP_CONFIG_PATTERN', '/var/lib/tripleo-config/docker-container-startup-config-step_*.json') +log.debug('STARTUP_CONFIG_PATTERN: %s' % startup_configs) +infiles = glob.glob('/var/lib/tripleo-config/docker-container-startup-config-step_*.json') +for infile in infiles: + with open(infile) as f: + infile_data = json.load(f) + + for k, v in infile_data.iteritems(): + config_volume = match_config_volume(config_volume_prefix, v) + if config_volume: + config_hash = get_config_hash(config_volume_prefix, config_volume) + if config_hash: + env = v.get('environment', []) + env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash) + log.debug("Updating config hash for %s, config_volume=%s hash=%s" % (k, config_volume, config_hash)) + infile_data[k]['environment'] = env + + outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile)) + with open(outfile, 'w') as out_f: + json.dump(infile_data, out_f) + if not success: sys.exit(1) diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 86811b86..73a3cb78 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -21,6 +21,9 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data @@ -35,6 +38,25 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DockerPuppetDebug: + type: string + default: '' + description: Set to True to enable debug logging with docker-puppet.py + ctlplane_service_ips: + type: json + +conditions: +{% for step in range(1, deploy_steps_max) %} + WorkflowTasks_Step{{step}}_Enabled: + or: + {% for role in roles %} + - not: + equals: + - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] + - '' + - False + {% endfor %} +{% endfor %} resources: @@ -55,39 +77,66 @@ resources: step_{{step}}: {} {%- endfor %} -# BEGIN primary_role_name docker-puppet-tasks (run only on a single node) -{% for step in range(1, deploy_steps_max) %} - - {{primary_role_name}}DockerPuppetTasksConfig{{step}}: + RoleConfig: type: OS::Heat::SoftwareConfig properties: - group: script - config: {get_file: docker-puppet.py} + group: ansible + options: + modulepath: /usr/share/ansible-modules inputs: - - name: CONFIG - - name: NET_HOST - - name: NO_ARCHIVE - - name: STEP + - name: step + - name: role_name + - name: update_identifier + - name: bootstrap_server_id + - name: docker_puppet_debug + config: {get_file: deploy-steps-playbook.yaml} - {{primary_role_name}}DockerPuppetTasksDeployment{{step}}: - type: OS::Heat::SoftwareDeployment +{%- for step in range(1, deploy_steps_max) %} +# BEGIN service_workflow_tasks handling + WorkflowTasks_Step{{step}}: + type: OS::Mistral::Workflow + condition: WorkflowTasks_Step{{step}}_Enabled depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step{{step}} - - {{dep.name}}ContainersDeployment_Step{{step}} - {% endfor %} + {% if step == 1 %} + {% for dep in roles %} + - {{dep.name}}PreConfig + - {{dep.name}}ArtifactsDeploy + {% endfor %} + {% else %} + {% for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + {% endfor %} + {% endif %} properties: - name: {{primary_role_name}}DockerPuppetTasksDeployment{{step}} - server: {get_param: [servers, {{primary_role_name}}, '0']} - config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}} - input_values: - CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json - NET_HOST: 'true' - NO_ARCHIVE: 'true' - STEP: {{step}} + name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} + type: direct + tasks: + yaql: + expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() + data: + {% for role in roles %} + - get_param: [role_data, {{role.name}}, service_workflow_tasks] + {% endfor %} + WorkflowTasks_Step{{step}}_Execution: + type: OS::Mistral::ExternalResource + condition: WorkflowTasks_Step{{step}}_Enabled + depends_on: WorkflowTasks_Step{{step}} + properties: + actions: + CREATE: + workflow: { get_resource: WorkflowTasks_Step{{step}} } + params: + env: + service_ips: { get_param: ctlplane_service_ips } + UPDATE: + workflow: { get_resource: WorkflowTasks_Step{{step}} } + params: + env: + service_ips: { get_param: ctlplane_service_ips } + always_update: true +# END service_workflow_tasks handling {% endfor %} -# END primary_role_name docker-puppet-tasks {% for role in roles %} # Post deployment steps for all roles @@ -122,6 +171,7 @@ resources: docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} + puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]} tasks: # Join host_prep_tasks with the other per-host configuration yaql: @@ -130,9 +180,11 @@ resources: host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]} template_tasks: {%- raw %} - # This is where we stack puppet configuration (for now)... - - name: Create /var/lib/config-data - file: path=/var/lib/config-data state=directory + # Write the manifest for baremetal puppet configuration + - name: Create /var/lib/tripleo-config directory + file: path=/var/lib/tripleo-config state=directory + - name: Write the puppet step_config manifest + copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes # This is the docker-puppet configs end in - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory @@ -145,8 +197,13 @@ resources: # Here we are dumping all the docker container startup configuration data # so that we can have access to how they are started outside of heat # and docker-cmd. This lets us create command line tools to test containers. + # FIXME do we need the docker-container-startup-configs.json or is the new per-step + # data consumed by paunch enough? - name: Write docker-container-startup-configs copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes + - name: Write per-step docker-container-startup-configs + copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes + with_dict: "{{docker_startup_configs}}" - name: Create /var/lib/kolla/config_files directory file: path=/var/lib/kolla/config_files state=directory - name: Write kolla config json files @@ -167,24 +224,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} - {{role.name}}GenerateConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: {get_file: docker-puppet.py} - inputs: - - name: NET_HOST - - {{role.name}}GenerateConfigDeployment: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: [{{role.name}}ArtifactsDeploy, {{role.name}}HostPrepDeployment] - properties: - name: {{role.name}}GenerateConfigDeployment - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}GenerateConfig} - input_values: - NET_HOST: 'true' - {{role.name}}PuppetStepConfig: type: OS::Heat::Value properties: @@ -212,103 +251,76 @@ resources: service_names: {get_param: [role_data, {{role.name}}, service_names]} docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - # BEGIN BAREMETAL CONFIG STEPS + # BEGIN CONFIG STEPS {{role.name}}PreConfig: type: OS::TripleO::Tasks::{{role.name}}PreConfig + depends_on: {{role.name}}HostPrepDeployment properties: servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config - properties: - StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]} - {% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] - {% else %} depends_on: - {% for dep in roles %} + - WorkflowTasks_Step{{step}}_Execution + # TODO(gfidente): the following if/else condition + # replicates what is already defined for the + # WorkflowTasks_StepX resource and can be remove + # if https://bugs.launchpad.net/heat/+bug/1700569 + # is fixed. + {% if step == 1 %} + {% for dep in roles %} + - {{dep.name}}PreConfig + - {{dep.name}}ArtifactsDeploy + {% endfor %} + {% else %} + {% for dep in roles %} - {{dep.name}}Deployment_Step{{step -1}} - - {{dep.name}}ContainersDeployment_Step{{step -1}} - {% endfor %} - - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}} - {% endif %} + {% endfor %} + {% endif %} properties: name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} + config: {get_resource: RoleConfig} input_values: step: {{step}} + role_name: {{role.name}} update_identifier: {get_param: DeployIdentifier} + bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} + docker_puppet_debug: {get_param: DockerPuppetDebug} {% endfor %} - # END BAREMETAL CONFIG STEPS - - # BEGIN CONTAINER CONFIG STEPS - {% for step in range(1, deploy_steps_max) %} - - {{role.name}}ContainersConfig_Step{{step}}: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]} + # END CONFIG STEPS - {{role.name}}ContainersDeployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} - depends_on: - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first - {%- endfor %} - - {{role.name}}PreConfig - - {{role.name}}HostPrepDeployment - - {{role.name}}GenerateConfigDeployment - {% else %} + # Note, this should be the last step to execute configuration changes. + # Ensure that all {{role.name}}ExtraConfigPost steps are executed + # after all the previous deployment steps. + {{role.name}}ExtraConfigPost: depends_on: - {% for dep in roles %} - - {{dep.name}}ContainersDeployment_Step{{step -1}} - - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first - - {{dep.name}}Deployment_Step{{step -1}} - {% endfor %} - - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}} - {% endif %} - properties: - name: {{role.name}}ContainersDeployment_Step{{step}} - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}} - + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 {% endfor %} - # END CONTAINER CONFIG STEPS + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: [servers, {{role.name}}]} + # The {{role.name}}PostConfig steps are in charge of + # quiescing all services, i.e. in the Controller case, + # we should run a full service reload. {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: {% for dep in roles %} - - {{dep.name}}Deployment_Step5 - - {{primary_role_name}}DockerPuppetTasksDeployment5 + - {{dep.name}}ExtraConfigPost {% endfor %} properties: servers: {get_param: servers} input_values: update_identifier: {get_param: DeployIdentifier} - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - {{role.name}}ExtraConfigPost: - depends_on: - {% for dep in roles %} - - {{dep.name}}PostConfig - {% endfor %} - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, {{role.name}}]} {% endfor %} diff --git a/docker/docker-toool b/docker/docker-toool index 3132f8e7..a1ffe34c 100755 --- a/docker/docker-toool +++ b/docker/docker-toool @@ -80,6 +80,9 @@ def parse_opts(argv): def docker_arg_map(key, value): value = str(value).encode('ascii', 'ignore') + if len(value) == 0: + return '' + return { 'environment': "--env=%s" % value, # 'image': value, diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml index 4b061e1c..41b036da 100644 --- a/docker/firstboot/setup_docker_host.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -4,6 +4,7 @@ parameters: DockerNamespace: type: string default: tripleoupstream + description: namespace DockerNamespaceIsRegistry: type: boolean default: false diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index f802e4e6..3be0f182 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-api:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,12 +77,12 @@ outputs: config_volume: aodh puppet_tags: aodh_api_paste_ini,aodh_config step_config: *step_config - config_image: &aodh_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-api.json: + /var/lib/kolla/config_files/aodh_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/aodh @@ -86,17 +90,19 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: aodh_init_log: - start_order: 0 - image: *aodh_image + image: &aodh_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] user: root volumes: - /var/log/containers/aodh:/var/log/aodh command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh'] + step_3: aodh_db_sync: - start_order: 1 - image: *aodh_image + image: *aodh_api_image net: host privileged: false detach: false @@ -110,7 +116,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync" step_4: aodh_api: - image: *aodh_image + image: *aodh_api_image net: host privileged: false restart: always @@ -118,9 +124,11 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/aodh/var/www/:/var/www/:ro - /var/log/containers/aodh:/var/log/aodh - diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 9d514d0c..108a5527 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-evaluator:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,12 +69,12 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_evaluator_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-evaluator.json: + /var/lib/kolla/config_files/aodh_evaluator.json: command: /usr/bin/aodh-evaluator permissions: - path: /var/log/aodh @@ -79,7 +83,10 @@ outputs: docker_config: step_4: aodh_evaluator: - image: *aodh_evaluator_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] net: host privileged: false restart: always @@ -87,7 +94,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index dac61087..d78af5b2 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-listener:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,12 +69,12 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_listener_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-listener.json: + /var/lib/kolla/config_files/aodh_listener.json: command: /usr/bin/aodh-listener permissions: - path: /var/log/aodh @@ -79,7 +83,10 @@ outputs: docker_config: step_4: aodh_listener: - image: *aodh_listener_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] net: host privileged: false restart: always @@ -87,7 +94,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index a22ae85e..abfb3745 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-aodh-notifier:latest' type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume + default: 'centos-binary-aodh-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,12 +69,12 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_notifier_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-notifier.json: + /var/lib/kolla/config_files/aodh_notifier.json: command: /usr/bin/aodh-notifier permissions: - path: /var/log/aodh @@ -79,7 +83,10 @@ outputs: docker_config: step_4: aodh_notifier: - image: *aodh_notifier_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] net: host privileged: false restart: always @@ -87,7 +94,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 94caded8..af1f47ad 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-central:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,18 +67,21 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_central_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-central.json: + /var/lib/kolla/config_files/ceilometer_agent_central.json: command: /usr/bin/ceilometer-polling --polling-namespaces central docker_config: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_central_image + image: &ceilometer_agent_central_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -89,7 +96,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -110,4 +117,4 @@ outputs: upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 - service: name=openstack-ceilometer-agent-central state=stopped enabled=no + service: name=openstack-ceilometer-central state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index 9033cf4a..3cc440be 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-compute:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,17 +67,20 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_compute_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-compute.json: + /var/lib/kolla/config_files/ceilometer_agent_compute.json: command: /usr/bin/ceilometer-polling --polling-namespaces compute docker_config: step_4: - ceilometer_agent-compute: - image: *ceilometer_agent_compute_image + ceilometer_agent_compute: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] net: host privileged: false restart: always @@ -81,11 +88,12 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/run/libvirt:/var/run/libvirt:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable ceilometer-agent-compute service tags: step2 - service: name=openstack-ceilometer-agent-compute state=stopped enabled=no + service: name=openstack-ceilometer-compute state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml new file mode 100644 index 00000000..7d02939d --- /dev/null +++ b/docker/services/ceilometer-agent-ipmi.yaml @@ -0,0 +1,106 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ceilometer Agent Ipmi service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCeilometerIpmiImage: + description: image + default: 'centos-binary-ceilometer-ipmi:latest' + type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CeilometerAgentIpmiBase: + type: ../../puppet/services/ceilometer-agent-ipmi.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceilometer Agent Ipmi role. + value: + service_name: {get_attr: [CeilometerAgentIpmiBase, role_data, service_name]} + config_settings: {get_attr: [CeilometerAgentIpmiBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CeilometerAgentIpmiBase, role_data, step_config] + service_config_settings: {get_attr: [CeilometerAgentIpmiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ceilometer + puppet_tags: ceilometer_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/ceilometer-agent-ipmi.json: + command: /usr/bin/ceilometer-polling --polling-namespaces ipmi + docker_config: + step_3: + ceilometer_init_log: + start_order: 0 + image: &ceilometer_agent_ipmi_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ] + user: root + command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] + volumes: + - /var/log/containers/ceilometer:/var/log/ceilometer + step_4: + ceilometer_agent_ipmi: + image: *ceilometer_agent_ipmi_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable ceilometer agent ipmi service + tags: step2 + service: name=openstack-ceilometer-agent-ipmi state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index 79df3306..b2e85bb6 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-ceilometer-notification:latest' type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume + default: 'centos-binary-ceilometer-central:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,24 +67,27 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_notification_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-notification.json: + /var/lib/kolla/config_files/ceilometer_agent_notification.json: command: /usr/bin/ceilometer-agent-notification docker_config: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_notification_image + image: &ceilometer_agent_notification_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: - /var/log/containers/ceilometer:/var/log/ceilometer step_4: - ceilometer_agent-notification: + ceilometer_agent_notification: image: *ceilometer_agent_notification_image net: host privileged: false @@ -89,24 +96,10 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_5: - ceilometer_gnocchi_upgrade: - start_order: 1 - image: *ceilometer_agent_notification_image - net: host - detach: false - privileged: false - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - - /var/log/containers/ceilometer:/var/log/ceilometer - command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] upgrade_tasks: - name: Stop and disable ceilometer agent notification service tags: step2 diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml new file mode 100644 index 00000000..6a5d74bd --- /dev/null +++ b/docker/services/cinder-api.yaml @@ -0,0 +1,155 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderApiImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + DockerCinderConfigImage: + description: The container image to use for the cinder config_volume + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_api.json: + command: /usr/sbin/httpd -DFOREGROUND + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_2: + cinder_api_init_logs: + image: &cinder_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderApiImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_3: + cinder_api_db_sync: + image: *cinder_api_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/log/containers/cinder:/var/log/cinder + command: + - '/usr/bin/bootstrap_host_exec' + - 'cinder_api' + - "su cinder -s /bin/bash -c 'cinder-manage db sync'" + step_4: + cinder_api: + image: *cinder_api_image + net: host + privileged: false + restart: always + # NOTE(mandre) kolla image changes the user to 'cinder', we need it + # to be root to run httpd + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/cinder/var/www/:/var/www/:ro + - /var/log/containers/cinder:/var/log/cinder + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/cinder + state: directory + upgrade_tasks: + - name: Stop and disable cinder_api service + tags: step2 + service: name=httpd state=stopped enabled=no diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml new file mode 100644 index 00000000..2cde6f1d --- /dev/null +++ b/docker/services/cinder-backup.yaml @@ -0,0 +1,131 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Backup service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderBackupImage: + description: image + default: 'centos-binary-cinder-backup:latest' + type: string + DockerCinderConfigImage: + description: The container image to use for the cinder config_volume + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_backup.json: + command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/lib/cinder + owner: cinder:cinder + recurse: true + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_backup_init_logs: + start_order: 0 + image: &cinder_backup_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_backup: + image: *cinder_backup_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/cinder + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup state=stopped enabled=no diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml new file mode 100644 index 00000000..bcf32b2a --- /dev/null +++ b/docker/services/cinder-scheduler.yaml @@ -0,0 +1,119 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Scheduler service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderSchedulerImage: + description: image + default: 'centos-binary-cinder-scheduler:latest' + type: string + DockerCinderConfigImage: + description: The container image to use for the cinder config_volume + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_scheduler.json: + command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_2: + cinder_scheduler_init_logs: + image: &cinder_scheduler_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderSchedulerImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_scheduler: + image: *cinder_scheduler_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_scheduler service + tags: step2 + service: name=openstack-cinder-scheduler state=stopped enabled=no diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml new file mode 100644 index 00000000..55173847 --- /dev/null +++ b/docker/services/cinder-volume.yaml @@ -0,0 +1,166 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Volume service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderVolumeImage: + description: image + default: 'centos-binary-cinder-volume:latest' + type: string + DockerCinderConfigImage: + description: The container image to use for the cinder config_volume + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + # custom parameters for the Cinder volume role + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-volume.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_volume.json: + command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_volume_init_logs: + start_order: 0 + image: &cinder_volume_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_volume: + image: *cinder_volume_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + - /var/lib/cinder + - name: cinder_enable_iscsi_backend fact + set_fact: + cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} + - name: cinder create LVM volume group dd + command: + list_join: + - '' + - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek=' + - str_replace: + template: VALUE + params: + VALUE: {get_param: CinderLVMLoopDeviceSize} + - 'M' + args: + creates: /var/lib/cinder/cinder-volumes + when: cinder_enable_iscsi_backend + - name: cinder create LVM volume group + shell: | + if ! losetup /dev/loop2; then + losetup /dev/loop2 /var/lib/cinder/cinder-volumes + fi + if ! pvdisplay | grep cinder-volumes; then + pvcreate /dev/loop2 + fi + if ! vgdisplay | grep cinder-volumes; then + vgcreate cinder-volumes /dev/loop2 + fi + args: + executable: /bin/bash + creates: /dev/loop2 + when: cinder_enable_iscsi_backend + upgrade_tasks: + - name: Stop and disable cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped enabled=no diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml new file mode 100644 index 00000000..e6741156 --- /dev/null +++ b/docker/services/collectd.yaml @@ -0,0 +1,115 @@ +heat_template_version: pike + +description: > + Containerized collectd service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCollectdImage: + description: image + default: 'centos-binary-collectd:latest' + type: string + DockerCollectdConfigImage: + description: The container image to use for the collectd config_volume + default: 'centos-binary-collectd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CollectdBase: + type: ../../puppet/services/metrics/collectd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the collectd role. + value: + service_name: {get_attr: [CollectdBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CollectdBase, role_data, config_settings] + - tripleo::profile::base::metrics::collectd::enable_file_logging: true + collectd::plugin::logfile::log_file: /var/log/collectd/collectd.log + step_config: &step_config + get_attr: [CollectdBase, role_data, step_config] + service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: collectd + puppet_tags: collectd_client_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCollectdConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/collectd.json: + command: /usr/sbin/collectd -f + permissions: + - path: /var/log/collectd + owner: collectd:collectd + recurse: true + docker_config: + step_3: + collectd: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ] + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/run/docker.sock:/var/run/docker.sock:rw + - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/collectd/etc/collectd.conf:/etc/collectd.conf:ro + - /var/lib/config-data/collectd/etc/collectd.d:/etc/collectd.d:ro + - /var/log/containers/collectd:/var/log/collectd:rw + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/collectd + state: directory + upgrade_tasks: + - name: Stop and disable collectd service + tags: step2 + service: name=collectd.service state=stopped enabled=no diff --git a/docker/services/congress-api.yaml b/docker/services/congress-api.yaml new file mode 100644 index 00000000..52395d5e --- /dev/null +++ b/docker/services/congress-api.yaml @@ -0,0 +1,134 @@ +heat_template_version: pike + +description: > + OpenStack containerized Congress API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCongressApiImage: + description: image + default: 'centos-binary-congress-api:latest' + type: string + DockerCongressConfigImage: + description: The container image to use for the congress config_volume + default: 'centos-binary-congress-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CongressApiBase: + type: ../../puppet/services/congress.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Congress API role. + value: + service_name: {get_attr: [CongressApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CongressApiBase, role_data, config_settings] + step_config: &step_config + get_attr: [CongressApiBase, role_data, step_config] + service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: congress + puppet_tags: congress_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/congress_api.json: + command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log + permissions: + - path: /var/log/congress + owner: congress:congress + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_2: + congress_init_logs: + image: &congress_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/congress:/var/log/congress + command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress'] + step_3: + congress_db_sync: + image: *congress_api_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/congress/etc/:/etc/:ro + - /var/log/containers/congress:/var/log/congress + command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'" + step_4: + congress_api: + start_order: 15 + image: *congress_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro + - /var/log/containers/congress:/var/log/congress + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/congress + state: directory + upgrade_tasks: + - name: Stop and disable congress_api service + tags: step2 + service: name=openstack-congress-server state=stopped enabled=no diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index a9912a1f..d104853f 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -3,18 +3,64 @@ heat_template_version: pike description: > Contains a static list of common things necessary for containers +parameters: + + # Required parameters + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + outputs: volumes: description: Common volumes for the containers. value: - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - # required for bootstrap_host_exec - - /etc/puppet:/etc/puppet:ro - # OpenSSL trusted CAs - - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro - - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro - - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro - - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro - # Syslog socket - - /dev/log:/dev/log + list_concat: + - - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + # required for bootstrap_host_exec + - /etc/puppet:/etc/puppet:ro + # OpenSSL trusted CAs + - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro + - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro + - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro + - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro + # Syslog socket + - /dev/log:/dev/log + - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + - if: + - internal_tls_enabled + - - {get_param: InternalTLSCAFile} + - null diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 96a02f9f..7b620c56 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-mongodb:latest' type: string + DockerMongodbConfigImage: + description: The container image to use for the mongodb config_volume + default: 'centos-binary-mongodb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -65,10 +69,10 @@ outputs: config_volume: mongodb puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mongodb_image + config_image: &mongodb_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbConfigImage} ] kolla_config: /var/lib/kolla/config_files/mongodb.json: command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run @@ -82,12 +86,16 @@ outputs: docker_config: step_2: mongodb: - image: *mongodb_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] net: host privileged: false volumes: &mongodb_volumes - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mongodb/etc/:/etc/:ro + - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro + - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/mongodb:/var/log/mongodb - /var/lib/mongodb:/var/lib/mongodb @@ -99,7 +107,7 @@ outputs: config_volume: 'mongodb_init_tasks' puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset' step_config: 'include ::tripleo::profile::base::database::mongodb' - config_image: *mongodb_image + config_image: *mongodb_config_image volumes: - /var/lib/mongodb:/var/lib/mongodb - /var/log/containers/mongodb:/var/log/mongodb diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml new file mode 100644 index 00000000..38a31e24 --- /dev/null +++ b/docker/services/database/mysql-client.yaml @@ -0,0 +1,66 @@ +heat_template_version: pike + +description: > + Configuration for containerized MySQL clients + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlClientConfigImage: + description: The container image to use for the mysql_client config_volume + default: 'centos-binary-mariadb:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} + tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} + # BEGIN DOCKER SETTINGS # + step_config: "" + puppet_config: + config_volume: mysql_client + puppet_tags: file # set this even though file is the default + step_config: "include ::tripleo::profile::base::database::mysql::client" + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlClientConfigImage} ] + # no need for a docker config, this service only generates configuration files + docker_config: {} diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 73578e13..725b2b4b 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-mariadb:latest' type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume + default: 'centos-binary-mariadb:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -74,10 +78,10 @@ outputs: config_volume: mysql puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mysql_image + config_image: &mysql_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlConfigImage} ] kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/bin/mysqld_safe @@ -87,17 +91,19 @@ outputs: recurse: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config - step_2: + step_1: mysql_init_logs: - start_order: 0 - image: *mysql_image + image: &mysql_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] privileged: false user: root volumes: - /var/log/containers/mysql:/var/log/mariadb command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb'] + step_2: mysql_bootstrap: - start_order: 1 detach: false image: *mysql_image net: host @@ -105,7 +111,7 @@ outputs: command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/etc/:/etc/:ro + - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - /var/lib/mysql:/var/lib/mysql @@ -140,7 +146,7 @@ outputs: config_volume: 'mysql_init_tasks' puppet_tags: 'mysql_database,mysql_grant,mysql_user' step_config: 'include ::tripleo::profile::base::database::mysql' - config_image: *mysql_image + config_image: *mysql_config_image volumes: - /var/lib/mysql:/var/lib/mysql/:ro - /var/log/containers/mysql:/var/log/mariadb diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 73df96c5..0a490cd3 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-redis:latest' type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume + default: 'centos-binary-redis:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -64,10 +68,10 @@ outputs: # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 puppet_tags: 'exec' step_config: *step_config - config_image: &redis_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/bin/redis-server /etc/redis.conf @@ -77,7 +81,20 @@ outputs: recurse: true docker_config: step_1: + redis_init_logs: + start_order: 0 + detach: false + image: &redis_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/redis:/var/log/redis + command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] redis: + start_order: 1 image: *redis_image net: host privileged: false @@ -85,16 +102,19 @@ outputs: volumes: - /run:/run - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/redis/etc/:/etc/:ro + - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro - /etc/localtime:/etc/localtime:ro - - logs:/var/log/kolla + - /var/log/containers/redis:/var/log/redis environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /var/run/redis + - name: create persistent directories file: - path: /var/run/redis + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/redis + - /var/run/redis upgrade_tasks: - name: Stop and disable redis service tags: step2 diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml new file mode 100644 index 00000000..0c65a903 --- /dev/null +++ b/docker/services/ec2-api.yaml @@ -0,0 +1,160 @@ +heat_template_version: pike + +description: > + OpenStack containerized EC2 API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerEc2ApiImage: + description: image + default: 'centos-binary-ec2-api:latest' + type: string + DockerEc2ApiConfigImage: + description: The container image to use for the ec2api config_volume + default: 'centos-binary-ec2-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + Ec2ApiPuppetBase: + type: ../../puppet/services/ec2-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the EC2 API role. + value: + service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]} + config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [Ec2ApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ec2api + puppet_tags: ec2api_api_paste_ini,ec2api_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/ec2_api.json: + command: /usr/bin/ec2-api + permissions: + - path: /var/log/ec2api + owner: ec2api:ec2api + recurse: true + /var/lib/kolla/config_files/ec2_api_metadata.json: + command: /usr/bin/ec2-api-metadata + permissions: + - path: /var/log/ec2api # default log dir for metadata service as well + owner: ec2api:ec2api + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_2: + ec2_api_init_logs: + image: &ec2_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/ec2_api:/var/log/ec2api + # mount ec2_api_metadata to "ec2api-metadata" only here to fix + # permissions of both directories in one go + - /var/log/containers/ec2_api_metadata:/var/log/ec2api-metadata + command: ['/bin/bash', '-c', 'chown -R ec2api:ec2api /var/log/ec2api /var/log/ec2api-metadata'] + step_3: + ec2_api_db_sync: + image: *ec2_api_image + net: host + detach: false + privileged: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/log/containers/ec2_api:/var/log/ec2api + command: "/usr/bin/bootstrap_host_exec ec2_api su ec2api -s /bin/bash -c '/usr/bin/ec2-api-manage db_sync'" + step_4: + ec2_api: + image: *ec2_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/log/containers/ec2_api:/var/log/ec2api + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + ec2_api_metadata: + image: *ec2_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/log/containers/ec2_api_metadata:/var/log/ec2api + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent log directories + file: + path: /var/log/containers/{{ item }} + state: directory + with_items: + - ec2_api + - ec2_api_metadata + upgrade_tasks: + - name: Stop and disable EC2-API services + tags: step2 + service: name={{ item }} state=stopped enabled=no + with_items: + - openstack-ec2-api + - openstack-ec2-api-metadata diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml index e5a7096b..3c7c81b0 100644 --- a/docker/services/etcd.yaml +++ b/docker/services/etcd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-etcd:latest' type: string + DockerEtcdConfigImage: + description: The container image to use for the etcd config_volume + default: 'centos-binary-etcd:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -67,10 +71,10 @@ outputs: puppet_config: config_volume: etcd step_config: *step_config - config_image: &etcd_image + config_image: &etcd_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdConfigImage} ] kolla_config: /var/lib/kolla/config_files/etcd.json: command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml @@ -81,7 +85,10 @@ outputs: docker_config: step_2: etcd: - image: *etcd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] net: host privileged: false restart: always @@ -98,9 +105,9 @@ outputs: config_volume: 'etcd_init_tasks' puppet_tags: 'etcd_key' step_config: 'include ::tripleo::profile::base::etcd' - config_image: *etcd_image + config_image: *etcd_config_image volumes: - - /var/lib/config-data/etcd/etc/:/etc + - /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro - /var/lib/etcd:/var/lib/etcd:ro host_prep_tasks: - name: create /var/lib/etcd diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index df8186da..4fadef95 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-glance-api:latest' type: string + DockerGlanceApiConfigImage: + description: The container image to use for the glance_api config_volume + default: 'centos-binary-glance-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -74,29 +78,31 @@ outputs: config_volume: glance_api puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config step_config: *step_config - config_image: &glance_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiConfigImage} ] kolla_config: - /var/lib/kolla/config_files/glance-api.json: + /var/lib/kolla/config_files/glance_api.json: command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND docker_config: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config - step_3: + step_2: glance_init_logs: - start_order: 0 - image: *glance_image + image: &glance_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] privileged: false user: root volumes: - /var/log/containers/glance:/var/log/glance command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance'] + step_3: glance_api_db_sync: - start_order: 1 - image: *glance_image + image: *glance_api_image net: host privileged: false detach: false @@ -105,7 +111,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro - /var/log/containers/glance:/var/log/glance environment: @@ -116,7 +122,7 @@ outputs: map_merge: - glance_api: start_order: 2 - image: *glance_image + image: *glance_api_image net: host privileged: false restart: always @@ -127,7 +133,7 @@ outputs: - internal_tls_enabled - glance_api_tls_proxy: start_order: 2 - image: *glance_image + image: *glance_api_image net: host user: root restart: always @@ -136,7 +142,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/glance_api/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index e59d6095..cf31d256 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-api:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,12 +77,12 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_api_paste_ini,gnocchi_config step_config: *step_config - config_image: &gnocchi_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-api.json: + /var/lib/kolla/config_files/gnocchi_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/gnocchi @@ -86,17 +90,19 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: gnocchi_init_log: - start_order: 0 - image: *gnocchi_image + image: &gnocchi_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] user: root volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] + step_3: gnocchi_db_sync: - start_order: 1 - image: *gnocchi_image + image: *gnocchi_api_image net: host detach: false privileged: false @@ -110,7 +116,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" step_4: gnocchi_api: - image: *gnocchi_image + image: *gnocchi_api_image net: host privileged: false restart: always @@ -118,9 +124,11 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 2724805b..3a05d577 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-metricd:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,12 +67,12 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: &gnocchi_metricd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-metricd.json: + /var/lib/kolla/config_files/gnocchi_metricd.json: command: /usr/bin/gnocchi-metricd permissions: - path: /var/log/gnocchi @@ -77,7 +81,10 @@ outputs: docker_config: step_4: gnocchi_metricd: - image: *gnocchi_metricd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] net: host privileged: false restart: always @@ -85,7 +92,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 305971f1..c3523b57 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-gnocchi-statsd:latest' type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume + default: 'centos-binary-gnocchi-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,12 +67,12 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: &gnocchi_statsd_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-statsd.json: + /var/lib/kolla/config_files/gnocchi_statsd.json: command: /usr/bin/gnocchi-statsd permissions: - path: /var/log/gnocchi @@ -77,7 +81,10 @@ outputs: docker_config: step_4: gnocchi_statsd: - image: *gnocchi_statsd_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] net: host privileged: false restart: always @@ -85,7 +92,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml new file mode 100644 index 00000000..242f0751 --- /dev/null +++ b/docker/services/haproxy.yaml @@ -0,0 +1,118 @@ +heat_template_version: pike + +description: > + OpenStack containerized HAproxy service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHAProxyImage: + description: image + default: 'centos-binary-haproxy:latest' + type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + default: 'centos-binary-haproxy:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HAProxyStatsPassword: + description: Password for HAProxy stats endpoint + hidden: true + type: string + HAProxyStatsUser: + description: User for HAProxy stats endpoint + default: admin + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + RedisPassword: + description: The password for Redis + type: string + hidden: true + MonitoringSubscriptionHaproxy: + default: 'overcloud-haproxy' + type: string + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + HAProxyBase: + type: ../../puppet/services/haproxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the HAproxy role. + value: + service_name: {get_attr: [HAProxyBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HAProxyBase, role_data, config_settings] + - tripleo::haproxy::haproxy_daemon: false + step_config: &step_config + get_attr: [HAProxyBase, role_data, step_config] + service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: haproxy + puppet_tags: haproxy_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/haproxy.json: + command: haproxy -f /etc/haproxy/haproxy.cfg + docker_config: + step_1: + haproxy: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/haproxy/etc/:/etc/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [HAProxyBase, role_data, metadata_settings] diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 37fa4c81..1905281d 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -13,8 +13,8 @@ parameters: default: 'centos-binary-heat-api-cfn:latest' type: string # puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn - DockerHeatConfigImage: - description: image + DockerHeatApiCfnConfigImage: + description: The container image to use for the heat_api_cfn config_volume default: 'centos-binary-heat-api-cfn:latest' type: string EndpointMap: @@ -81,7 +81,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_api_cfn.json: command: /usr/sbin/httpd -DFOREGROUND @@ -108,7 +108,9 @@ outputs: - - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat - diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 5043aed8..c0cec937 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -13,8 +13,8 @@ parameters: default: 'centos-binary-heat-api:latest' type: string # puppet needs the heat-wsgi-api binary from centos-binary-heat-api - DockerHeatConfigImage: - description: image + DockerHeatApiConfigImage: + description: The container image to use for the heat_api config_volume default: 'centos-binary-heat-api:latest' type: string EndpointMap: @@ -81,7 +81,7 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_api.json: command: /usr/sbin/httpd -DFOREGROUND @@ -108,7 +108,9 @@ outputs: - - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/heat_api/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat - diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 0adad538..676dbb1f 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-heat-engine:latest' type: string + DockerHeatConfigImage: + description: The container image to use for the heat config_volume + default: 'centos-binary-heat-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -67,10 +71,10 @@ outputs: config_volume: heat puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: &heat_engine_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] kolla_config: /var/lib/kolla/config_files/heat_engine.json: command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf @@ -80,16 +84,18 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: heat_init_log: - start_order: 0 - image: *heat_engine_image + image: &heat_engine_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] user: root volumes: - /var/log/containers/heat:/var/log/heat command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat'] + step_3: heat_engine_db_sync: - start_order: 1 image: *heat_engine_image net: host privileged: false diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml new file mode 100644 index 00000000..5797b207 --- /dev/null +++ b/docker/services/horizon.yaml @@ -0,0 +1,135 @@ +heat_template_version: pike + +description: > + OpenStack containerized Horizon service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHorizonImage: + description: image + default: 'centos-binary-horizon:latest' + type: string + DockerHorizonConfigImage: + description: The container image to use for the horizon config_volume + default: 'centos-binary-horizon:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + HorizonBase: + type: ../../puppet/services/horizon.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Horizon API role. + value: + service_name: {get_attr: [HorizonBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HorizonBase, role_data, config_settings] + - horizon::vhost_extra_params: + add_listen: true + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + options: ['FollowSymLinks','MultiViews'] + - horizon::secure_cookies: false + step_config: {get_attr: [HorizonBase, role_data, step_config]} + service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: horizon + puppet_tags: horizon_config + step_config: {get_attr: [HorizonBase, role_data, step_config]} + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/horizon.json: + command: /usr/sbin/httpd -DFOREGROUND + permissions: + - path: /var/log/horizon/ + owner: apache:apache + recurse: true + # FIXME Apache tries to write a .lock file there + - path: /usr/share/openstack-dashboard/openstack_dashboard/local/ + owner: apache:apache + recurse: false + docker_config: + step_2: + horizon_fix_perms: + image: &horizon_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] + user: root + # NOTE Set ownership for /var/log/horizon/horizon.log file here, + # otherwise it's created by root when generating django cache. + # FIXME Apache needs to read files in /etc/openstack-dashboard + # Need to set permissions to match the BM case, + # http://paste.openstack.org/show/609819/ + command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard'] + volumes: + - /var/log/containers/horizon:/var/log/horizon + - /var/lib/config-data/horizon/etc/:/etc/ + step_3: + horizon: + image: *horizon_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro + - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro + - /var/log/containers/horizon:/var/log/horizon + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/horizon + state: directory + upgrade_tasks: + - name: Stop and disable horizon service (running under httpd) + tags: step2 + service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [HorizonBase, role_data, metadata_settings] diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index c8978aa2..183ed5ce 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-api:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: @@ -61,6 +61,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicApiBase, role_data, config_settings] + - apache::default_vhost: false step_config: &step_config get_attr: [IronicApiBase, role_data, step_config] service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} @@ -75,17 +76,16 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] kolla_config: /var/lib/kolla/config_files/ironic_api.json: - command: /usr/bin/ironic-api + command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/ironic owner: ironic:ironic recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: ironic_init_logs: - start_order: 0 - image: &ironic_image + image: &ironic_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ] @@ -94,9 +94,10 @@ outputs: volumes: - /var/log/containers/ironic:/var/log/ironic command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic'] + step_3: ironic_db_sync: start_order: 1 - image: *ironic_image + image: *ironic_api_image net: host privileged: false detach: false @@ -105,22 +106,26 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/ironic/etc/:/etc/:ro + - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro - /var/log/containers/ironic:/var/log/ironic command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'" step_4: ironic_api: start_order: 10 - image: *ironic_image + image: *ironic_api_image net: host - privileged: false + user: root restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/:/etc/:ro + - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro + - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/ironic/var/www/:/var/www/:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 360eb669..f47a3e4c 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-conductor:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index bc828e65..f518b9d5 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-ironic-pxe:latest' type: string DockerIronicConfigImage: - description: image + description: The container image to use for the ironic config_volume default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: @@ -113,7 +113,9 @@ outputs: - - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/ironic/var/www/:/var/www/:ro - /var/lib/ironic:/var/lib/ironic/ - /var/log/containers/ironic:/var/log/ironic diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml new file mode 100644 index 00000000..86f2d3b4 --- /dev/null +++ b/docker/services/iscsid.yaml @@ -0,0 +1,116 @@ +heat_template_version: pike + +description: > + OpenStack containerized Iscsid service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIscsidImage: + description: image + default: 'centos-binary-iscsid:latest' + type: string + DockerIscsidConfigImage: + description: The container image to use for the iscsid config_volume + default: 'centos-binary-iscsid:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the Iscsid API role. + value: + service_name: iscsid + config_settings: {} + step_config: '' + service_config_settings: {} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: iscsid + #puppet_tags: file + step_config: '' + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIscsidConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/iscsid.json: + command: /usr/sbin/iscsid -f + docker_config: + step_3: + iscsid: + start_order: 2 + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /etc/iscsi + file: + path: /etc/iscsi + state: directory + - name: stat /lib/systemd/system/iscsid.socket + stat: path=/lib/systemd/system/iscsid.socket + register: stat_iscsid_socket + - name: Stop and disable iscsid.socket service + service: name=iscsid.socket state=stopped enabled=no + when: stat_iscsid_socket.stat.exists + upgrade_tasks: + - name: stat /lib/systemd/system/iscsid.service + stat: path=/lib/systemd/system/iscsid.service + register: stat_iscsid_service + - name: Stop and disable iscsid service + tags: step2 + service: name=iscsid state=stopped enabled=no + when: stat_iscsid_service.stat.exists + - name: stat /lib/systemd/system/iscsid.socket + stat: path=/lib/systemd/system/iscsid.socket + register: stat_iscsid_socket + - name: Stop and disable iscsid.socket service + tags: step2 + service: name=iscsid.socket state=stopped enabled=no + when: stat_iscsid_socket.stat.exists + metadata_settings: {} diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 772859ee..011ffaaa 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-keystone:latest' type: string + DockerKeystoneConfigImage: + description: The container image to use for the keystone config_volume + default: 'centos-binary-keystone:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -86,25 +90,27 @@ outputs: config_volume: keystone puppet_tags: keystone_config step_config: *step_config - config_image: &keystone_image + config_image: &keystone_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneConfigImage} ] kolla_config: /var/lib/kolla/config_files/keystone.json: command: /usr/sbin/httpd -DFOREGROUND docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config - step_3: + step_2: keystone_init_log: - start_order: 0 - image: *keystone_image + image: &keystone_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] user: root command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone'] volumes: - /var/log/containers/keystone:/var/log/keystone + step_3: keystone_db_sync: - start_order: 1 image: *keystone_image net: host privileged: false @@ -116,7 +122,9 @@ outputs: - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/keystone/var/www/:/var/www/:ro - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro - - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/log/containers/keystone:/var/log/keystone - if: @@ -152,7 +160,7 @@ outputs: config_volume: 'keystone_init_tasks' puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' step_config: 'include ::tripleo::profile::base::keystone' - config_image: *keystone_image + config_image: *keystone_config_image host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml new file mode 100644 index 00000000..66dc6c3c --- /dev/null +++ b/docker/services/manila-api.yaml @@ -0,0 +1,125 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerManilaApiImage: + description: image + default: 'centos-binary-manila-api:latest' + type: string + DockerManilaConfigImage: + description: The container image to use for the manila config_volume + default: 'centos-binary-manila-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + ManilaApiPuppetBase: + type: ../../puppet/services/manila-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Manila API role. + value: + service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]} + config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: manila + puppet_tags: manila_config,manila_api_paste_ini + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/manila_api.json: + command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_2: + manila_init_logs: + image: &manila_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ] + user: root + volumes: + - /var/log/containers/manila:/var/log/manila + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R manila:manila /var/log/manila'] + step_3: + manila_api_db_sync: + user: root + image: *manila_api_image + net: host + detach: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila + command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'" + step_4: + manila_api: + image: *manila_api_image + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: Create persistent manila logs directory + file: + path: /var/log/containers/manila + state: directory + upgrade_tasks: + - name: Stop and disable manila_api service + tags: step2 + service: name=openstack-manila-api state=stopped enabled=no diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml new file mode 100644 index 00000000..d4170e42 --- /dev/null +++ b/docker/services/manila-scheduler.yaml @@ -0,0 +1,105 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Scheduler service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerManilaSchedulerImage: + description: image + default: 'centos-binary-manila-scheduler:latest' + type: string + DockerManilaConfigImage: + description: The container image to use for the manila config_volume + default: 'centos-binary-manila-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + ManilaSchedulerPuppetBase: + type: ../../puppet/services/manila-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Manila Scheduler role. + value: + service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: manila + puppet_tags: manila_config,manila_scheduler_paste_ini + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/manila_scheduler.json: + command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_4: + manila_scheduler: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaSchedulerImage} ] + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: Create persistent manila logs directory + file: + path: /var/log/containers/manila + state: directory + upgrade_tasks: + - name: Stop and disable manila_scheduler service + tags: step2 + service: name=openstack-manila-scheduler state=stopped enabled=no diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index d85a0878..3d41c176 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-memcached:latest' type: string + DockerMemcachedConfigImage: + description: The container image to use for the memcached config_volume + default: 'centos-binary-memcached:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,16 +67,20 @@ outputs: config_volume: 'memcached' puppet_tags: 'file' step_config: *step_config - config_image: &memcached_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedConfigImage} ] kolla_config: {} docker_config: step_1: memcached_init_logs: start_order: 0 - image: *memcached_image + detach: false + image: &memcached_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] privileged: false user: root volumes: diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 5586d41b..f1284280 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-api:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: @@ -82,10 +82,9 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: mistral_init_logs: - start_order: 0 - image: &mistral_image + image: &mistral_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ] @@ -94,9 +93,10 @@ outputs: volumes: - /var/log/containers/mistral:/var/log/mistral command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral'] + step_3: mistral_db_sync: - start_order: 1 - image: *mistral_image + start_order: 0 + image: *mistral_api_image net: host privileged: false detach: false @@ -105,12 +105,12 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/mistral/etc/:/etc/:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - /var/log/containers/mistral:/var/log/mistral command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'" mistral_db_populate: - start_order: 2 - image: *mistral_image + start_order: 1 + image: *mistral_api_image net: host privileged: false detach: false @@ -119,7 +119,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/mistral/etc/:/etc/:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - /var/log/containers/mistral:/var/log/mistral # NOTE: dprince this requires that we install openstack-tripleo-common into # the Mistral API image so that we get tripleo* actions @@ -127,7 +127,7 @@ outputs: step_4: mistral_api: start_order: 15 - image: *mistral_image + image: *mistral_api_image net: host privileged: false restart: always diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index d60d847b..712f4ba6 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-engine:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 76ae052b..5a35ba98 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-mistral-executor:latest' type: string DockerMistralConfigImage: - description: image + description: The container image to use for the mistral config_volume default: 'centos-binary-mistral-api:latest' type: string EndpointMap: diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml new file mode 100644 index 00000000..61b05571 --- /dev/null +++ b/docker/services/multipathd.yaml @@ -0,0 +1,96 @@ +heat_template_version: pike + +description: > + OpenStack containerized Multipathd service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMultipathdImage: + description: image + default: 'centos-binary-multipathd:latest' + type: string + DockerMultipathdConfigImage: + description: The container image to use for the multipathd config_volume + default: 'centos-binary-multipathd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the Multipathd API role. + value: + service_name: multipathd + config_settings: {} + step_config: '' + service_config_settings: {} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: multipathd + #puppet_tags: file + step_config: '' + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/multipathd.json: + command: /usr/sbin/multipathd -d + docker_config: + step_3: + multipathd: + start_order: 1 + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + upgrade_tasks: + - name: Stop and disable multipathd service + tags: step2 + service: name=multipathd state=stopped enabled=no + metadata_settings: {} diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 7ce47a14..ad8e87f7 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-server:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string EndpointMap: @@ -92,9 +91,8 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: neutron_init_logs: - start_order: 0 image: &neutron_api_image list_join: - '/' @@ -104,8 +102,8 @@ outputs: volumes: - /var/log/containers/neutron:/var/log/neutron command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron'] + step_3: neutron_db_sync: - start_order: 1 image: *neutron_api_image net: host privileged: false @@ -150,7 +148,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index d14f5251..a2bd07ff 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-dhcp-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string EndpointMap: diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index 97901bc8..f7d0d034 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-l3-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: @@ -71,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-l3-agent.json: + /var/lib/kolla/config_files/neutron_l3_agent.json: command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini permissions: - path: /var/log/neutron @@ -79,7 +78,7 @@ outputs: recurse: true docker_config: step_4: - neutronl3agent: + neutron_l3_agent: image: list_join: - '/' @@ -92,7 +91,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run @@ -104,3 +103,8 @@ outputs: file: path: /var/log/containers/neutron state: directory + upgrade_tasks: + - name: Stop and disable neutron_l3 service + tags: step2 + service: name=neutron-l3-agent state=stopped enabled=no + diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index 88b2ca5c..493b97b2 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -12,9 +12,8 @@ parameters: description: image default: 'centos-binary-neutron-metadata-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: @@ -71,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-metadata-agent.json: + /var/lib/kolla/config_files/neutron_metadata_agent.json: command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent permissions: - path: /var/log/neutron @@ -92,7 +91,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 89bf8663..80de2cc6 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-neutron-openvswitch-agent:latest' type: string DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string ServiceNetMap: @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-openvswitch-agent.json: + /var/lib/kolla/config_files/neutron_ovs_agent.json: command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini permissions: - path: /var/log/neutron @@ -78,8 +78,8 @@ outputs: recurse: true docker_config: step_4: - neutronovsagent: - image: &neutron_ovs_agent_image + neutron_ovs_agent: + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] @@ -91,7 +91,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml index 1739a5b9..7211014e 100644 --- a/docker/services/neutron-plugin-ml2.yaml +++ b/docker/services/neutron-plugin-ml2.yaml @@ -20,7 +20,7 @@ parameters: default: 'tripleoupstream' type: string DockerNeutronConfigImage: - description: image + description: The container image to use for the neutron config_volume default: 'centos-binary-neutron-server:latest' type: string DefaultPasswords: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 2375dada..5d410fb6 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-api:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -62,6 +62,9 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false + nova_wsgi_enabled: false + nova::api::service_name: '%{::nova::params::api_service_name}' + nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" @@ -86,9 +89,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: nova_init_logs: - start_order: 0 image: &nova_api_image list_join: - '/' @@ -98,8 +100,9 @@ outputs: volumes: - /var/log/containers/nova:/var/log/nova command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + step_3: nova_api_db_sync: - start_order: 1 + start_order: 0 image: *nova_api_image net: host detach: false @@ -116,7 +119,7 @@ outputs: # to be capable of upgrading a baremetal setup. This is to ensure the name # of the cell is 'default' nova_api_map_cell0: - start_order: 2 + start_order: 1 image: *nova_api_image net: host detach: false @@ -124,7 +127,7 @@ outputs: volumes: *nova_api_volumes command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'" nova_api_create_default_cell: - start_order: 3 + start_order: 2 image: *nova_api_image net: host detach: false @@ -136,7 +139,7 @@ outputs: user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'" nova_db_sync: - start_order: 4 + start_order: 3 image: *nova_api_image net: host detach: false diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 4f10a1a3..1277a8fb 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-nova-compute:latest' type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + default: 'centos-binary-nova-compute:latest' + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -69,12 +73,12 @@ outputs: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini step_config: *step_config - config_image: &nova_compute_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ] kolla_config: - /var/lib/kolla/config_files/nova-compute.json: + /var/lib/kolla/config_files/nova_compute.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf permissions: - path: /var/log/nova @@ -86,17 +90,20 @@ outputs: docker_config: # FIXME: run discover hosts here step_4: - novacompute: - image: *nova_compute_image + nova_compute: + image: &nova_compute_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] net: host privileged: true - user: root + user: nova restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro - /dev:/dev - /etc/iscsi:/etc/iscsi diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 131355d7..266180c5 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-conductor:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: @@ -82,7 +82,7 @@ outputs: docker_config: step_4: nova_conductor: - image: &nova_conductor_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ] diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml new file mode 100644 index 00000000..d836797f --- /dev/null +++ b/docker/services/nova-consoleauth.yaml @@ -0,0 +1,108 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Consoleauth service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaConsoleauthImage: + description: image + default: 'centos-binary-nova-consoleauth:latest' + type: string + DockerNovaConfigImage: + description: The container image to use for the nova config_volume + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + NovaConsoleauthPuppetBase: + type: ../../puppet/services/nova-consoleauth.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Consoleauth service. + value: + service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]} + config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaConsoleauthPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_consoleauth.json: + command: /usr/bin/nova-consoleauth + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_4: + nova_consoleauth: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConsoleauthImage} ] + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_consoleauth service + tags: step2 + service: name=openstack-nova-consoleauth state=stopped enabled=no diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index be0dd111..8f988399 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -8,12 +8,12 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerNovaComputeImage: + DockerNovaComputeIronicImage: description: image default: 'centos-binary-nova-compute-ironic:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string ServiceNetMap: @@ -81,11 +81,11 @@ outputs: recurse: true docker_config: step_5: - novacompute: + nova_compute: image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeIronicImage} ] net: host privileged: true user: root diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 9779d676..f1a48cf1 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -8,14 +8,14 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerLibvirtImage: + DockerNovaLibvirtImage: description: image default: 'centos-binary-nova-libvirt:latest' type: string # we configure libvirt via the nova-compute container due to coupling # in the puppet modules - DockerNovaConfigImage: - description: image + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume default: 'centos-binary-nova-compute:latest' type: string EnablePackageInstall: @@ -44,6 +44,26 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + UseTLSTransportForLiveMigration: + type: boolean + default: true + description: If set to true and if EnableInternalTLS is enabled, it will + set the libvirt URI's transport to tls and configure the + relevant keys for libvirt. + +conditions: + + use_tls_for_live_migration: + and: + - equals: + - {get_param: EnableInternalTLS} + - true + - equals: + - {get_param: UseTLSTransportForLiveMigration} + - true resources: @@ -81,11 +101,15 @@ outputs: step_config: *step_config config_image: list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ] kolla_config: - /var/lib/kolla/config_files/nova-libvirt.json: - command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf + /var/lib/kolla/config_files/nova_libvirt.json: + command: + if: + - use_tls_for_live_migration + - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf + - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf permissions: - path: /var/log/nova owner: nova:nova @@ -96,7 +120,7 @@ outputs: image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtImage} ] net: host pid: host privileged: true @@ -105,7 +129,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro - /lib/modules:/lib/modules:ro - /dev:/dev diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index ae4ccf68..251bbaad 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-nova-placement-api:latest' type: string + DockerNovaPlacementConfigImage: + description: The container image to use for the nova_placement config_volume + default: 'centos-binary-nova-placement-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -66,10 +70,10 @@ outputs: config_volume: nova_placement puppet_tags: nova_config step_config: *step_config - config_image: &nova_placement_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_placement.json: command: /usr/sbin/httpd -DFOREGROUND @@ -82,7 +86,10 @@ outputs: step_3: nova_placement: start_order: 1 - image: *nova_placement_image + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] net: host user: root restart: always @@ -92,7 +99,9 @@ outputs: - - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro - - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 6285e98e..fbb3abc7 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-nova-scheduler:latest' type: string DockerNovaConfigImage: - description: image + description: The container image to use for the nova config_volume default: 'centos-binary-nova-base:latest' type: string EndpointMap: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml new file mode 100644 index 00000000..c2b9c3b1 --- /dev/null +++ b/docker/services/nova-vnc-proxy.yaml @@ -0,0 +1,108 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Vncproxy service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaVncProxyImage: + description: image + default: 'centos-binary-nova-novncproxy:latest' + type: string + DockerNovaConfigImage: + description: The container image to use for the nova config_volume + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + NovaVncProxyPuppetBase: + type: ../../puppet/services/nova-vnc-proxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Vncproxy service. + value: + service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} + config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_vnc_proxy.json: + command: /usr/bin/nova-novncproxy --web /usr/share/novnc/ + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_4: + nova_vnc_proxy: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ] + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_vnc_proxy service + tags: step2 + service: name=openstack-nova-novncproxy state=stopped enabled=no diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml new file mode 100644 index 00000000..728162fe --- /dev/null +++ b/docker/services/octavia-api.yaml @@ -0,0 +1,155 @@ +heat_template_version: pike + +description: > + OpenStack Octavia service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaApiImage: + description: image + default: 'centos-binary-octavia-api:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaApiPuppetBase: + type: ../../puppet/services/octavia-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia API role. + value: + service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_api.json: + command: /usr/bin/octavia-api --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/api.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-api + /var/lib/kolla/config_files/octavia_api_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND + docker_config: + # Kolla_bootstrap/db_sync runs before permissions set by kolla_config + step_2: + octavia_api_init_dirs: + start_order: 0 + image: &octavia_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaApiImage} ] + user: root + volumes: + - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + - /var/log/containers/octavia:/var/log/octavia + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia'] + step_3: + octavia_db_sync: + start_order: 0 + image: *octavia_api_image + net: host + privileged: false + detach: false + user: root + volumes: &octavia_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'" + step_4: + map_merge: + - octavia_api: + start_order: 2 + image: *octavia_api_image + net: host + privileged: false + restart: always + volumes: *octavia_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - octavia_api_tls_proxy: + start_order: 2 + image: *octavia_api_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/httpd/:/etc/httpd/:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_api service + tags: step2 + service: name=openstack-octavia-api state=stopped enabled=no diff --git a/docker/services/octavia-health-manager.yaml b/docker/services/octavia-health-manager.yaml new file mode 100644 index 00000000..2228e369 --- /dev/null +++ b/docker/services/octavia-health-manager.yaml @@ -0,0 +1,114 @@ +heat_template_version: pike + +description: > + OpenStack Octavia health-manager service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaHealthManagerImage: + description: image + default: 'centos-binary-octavia-health-manager:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaHealthManagerPuppetBase: + type: ../../puppet/services/octavia-health-manager.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia health-manager role. + value: + service_name: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaHealthManagerPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_health_manager.json: + command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-health-manager + docker_config: + step_2: + octavia_health_manager_init_dirs: + start_order: 0 + image: &octavia_health_manager_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaHealthManagerImage} ] + user: root + volumes: + - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager'] + step_4: + octavia_health_manager: + start_order: 2 + image: *octavia_health_manager_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_health_manager service + tags: step2 + service: name=openstack-octavia-health-manager state=stopped enabled=no diff --git a/docker/services/octavia-housekeeping.yaml b/docker/services/octavia-housekeeping.yaml new file mode 100644 index 00000000..c2986c63 --- /dev/null +++ b/docker/services/octavia-housekeeping.yaml @@ -0,0 +1,114 @@ +heat_template_version: pike + +description: > + OpenStack Octavia service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaHousekeepingImage: + description: image + default: 'centos-binary-octavia-housekeeping:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaHousekeepingPuppetBase: + type: ../../puppet/services/octavia-housekeeping.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia housekeeping role. + value: + service_name: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaHousekeepingPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_housekeeping.json: + command: /usr/bin/octavia-housekeeping --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/housekeeping.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-housekeeping + docker_config: + step_2: + octavia_housekeeping_init_dirs: + start_order: 0 + image: &octavia_housekeeping_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaHousekeepingImage} ] + user: root + volumes: + - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-housekeeping; chown -R octavia:octavia /etc/octavia/conf.d/octavia-housekeeping'] + step_4: + octavia_housekeeping: + start_order: 2 + image: *octavia_housekeeping_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_housekeeping service + tags: step2 + service: name=openstack-octavia-housekeeping state=stopped enabled=no diff --git a/docker/services/octavia-worker.yaml b/docker/services/octavia-worker.yaml new file mode 100644 index 00000000..41295125 --- /dev/null +++ b/docker/services/octavia-worker.yaml @@ -0,0 +1,114 @@ +heat_template_version: pike + +description: > + OpenStack Octavia worker service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOctaviaWorkerImage: + description: image + default: 'centos-binary-octavia-worker:latest' + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + default: 'centos-binary-octavia-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaWorkerPuppetBase: + type: ../../puppet/services/octavia-worker.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia worker role. + value: + service_name: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaWorkerPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/octavia_worker.json: + command: /usr/bin/octavia-worker --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/worker.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-worker + docker_config: + step_2: + octavia_worker_init_dirs: + start_order: 0 + image: &octavia_worker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaWorkerImage} ] + user: root + volumes: + - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker'] + step_4: + octavia_worker: + start_order: 2 + image: *octavia_worker_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_worker service + tags: step2 + service: name=openstack-octavia-worker state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml new file mode 100644 index 00000000..d15c920e --- /dev/null +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -0,0 +1,151 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Backup service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderBackupImage: + description: image + default: 'centos-binary-cinder-backup:latest' + type: string + DockerCinderConfigImage: + description: The container image to use for the cinder config_volume + default: 'centos-binary-cinder-api:latest' + type: string + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + CinderBackupBase: + type: ../../../puppet/services/cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + CinderBackupBackend: {get_param: CinderBackupBackend} + CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName} + CephClientUserName: {get_param: CephClientUserName} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: {get_attr: [CinderBackupBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CinderBackupBase, role_data, config_settings] + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + cinder::backup::manage_service: false + cinder::backup::enabled: false + step_config: "" + service_config_settings: {get_attr: [CinderBackupBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_backup.json: + command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/lib/cinder + owner: cinder:cinder + recurse: true + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_backup_init_logs: + start_order: 0 + image: *cinder_backup_image + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_5: + cinder_backup_init_bundle: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle' + image: *cinder_backup_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/cinder + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml new file mode 100644 index 00000000..07e5fc2e --- /dev/null +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -0,0 +1,169 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Volume service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderVolumeImage: + description: image + default: 'centos-binary-cinder-volume:latest' + type: string + DockerCinderConfigImage: + description: The container image to use for the cinder config_volume + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + # custom parameters for the Cinder volume role + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + +resources: + + CinderBase: + type: ../../../puppet/services/cinder-volume.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + cinder::volume::manage_service: false + cinder::volume::enabled: false + cinder::host: hostgroup + step_config: "" + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: {get_attr: [CinderBase, role_data, step_config]} + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_volume.json: + command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_volume_init_logs: + start_order: 0 + image: *cinder_volume_image + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_5: + cinder_volume_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle' + image: *cinder_volume_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + - /var/lib/cinder + #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true + - name: cinder create LVM volume group dd + command: + list_join: + - '' + - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek=' + - str_replace: + template: VALUE + params: + VALUE: {get_param: CinderLVMLoopDeviceSize} + - 'M' + args: + creates: /var/lib/cinder/cinder-volumes + - name: cinder create LVM volume group + shell: | + if ! losetup /dev/loop2; then + losetup /dev/loop2 /var/lib/cinder/cinder-volumes + fi + if ! pvdisplay | grep cinder-volumes; then + pvcreate /dev/loop2 + fi + if ! vgdisplay | grep cinder-volumes; then + vgcreate cinder-volumes /dev/loop2 + fi + args: + executable: /bin/bash + creates: /dev/loop2 + upgrade_tasks: + - name: Stop and disable cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped enabled=no diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml new file mode 100644 index 00000000..9fd9402f --- /dev/null +++ b/docker/services/pacemaker/clustercheck.yaml @@ -0,0 +1,110 @@ +heat_template_version: pike + +description: > + MySQL HA clustercheck service deployment using puppet + This service is used by HAProxy in a HA scenario to report whether + the local galera node is synced + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerClustercheckImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + DockerClustercheckConfigImage: + description: The container image to use for the clustercheck config_volume + default: 'centos-binary-mariadb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ../containers-common.yaml + + MysqlPuppetBase: + type: ../../../puppet/services/pacemaker/database/mysql.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Containerized service clustercheck using composable services. + value: + service_name: clustercheck + config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]} + step_config: "include ::tripleo::profile::pacemaker::clustercheck" + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: clustercheck + puppet_tags: file # set this even though file is the default + step_config: "include ::tripleo::profile::pacemaker::clustercheck" + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/clustercheck.json: + command: /usr/sbin/xinetd -dontfork + config_files: + - dest: /etc/xinetd.conf + source: /var/lib/kolla/config_files/src/etc/xinetd.conf + owner: mysql + perm: '0644' + - dest: /etc/xinetd.d/galera-monitor + source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor + owner: mysql + perm: '0644' + - dest: /etc/sysconfig/clustercheck + source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck + owner: mysql + perm: '0600' + docker_config: + step_2: + clustercheck: + start_order: 1 + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] + restart: always + net: host + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro + - /var/lib/mysql:/var/lib/mysql + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + upgrade_tasks: diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml new file mode 100644 index 00000000..fb1400f6 --- /dev/null +++ b/docker/services/pacemaker/database/mysql.yaml @@ -0,0 +1,187 @@ +heat_template_version: pike + +description: > + MySQL service deployment with pacemaker bundle + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume + default: 'centos-binary-mariadb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + MysqlRootPassword: + type: string + hidden: true + default: '' + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ../../containers-common.yaml + + MysqlPuppetBase: + type: ../../../../puppet/services/pacemaker/database/mysql.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Containerized service MySQL using composable services. + value: + service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [MysqlPuppetBase, role_data, config_settings]} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image + list_join: + - '/' + - - {get_param: DockerNamespace} + - {get_param: DockerMysqlImage} + step_config: "" + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: mysql + puppet_tags: file # set this even though file is the default + step_config: + list_join: + - "\n" + - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" + - "exec {'wait-for-settle': command => '/bin/true' }" + - "include ::tripleo::profile::pacemaker::database::mysql_bundle" + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/mysql.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - dest: /etc/my.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf + owner: mysql + perm: '0644' + - dest: /etc/my.cnf.d/galera.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf + owner: mysql + perm: '0644' + - dest: /etc/sysconfig/clustercheck + source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck + owner: root + perm: '0600' + docker_config: + step_1: + mysql_data_ownership: + start_order: 0 + detach: false + image: *mysql_image + net: host + user: root + # Kolla does only non-recursive chown + command: ['chown', '-R', 'mysql:', '/var/lib/mysql'] + volumes: + - /var/lib/mysql:/var/lib/mysql + mysql_bootstrap: + start_order: 1 + detach: false + image: *mysql_image + net: host + # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done + command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] + volumes: &mysql_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /var/lib/mysql:/var/lib/mysql + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + # NOTE(mandre) skip wsrep cluster status check + - KOLLA_KUBERNETES=True + - + list_join: + - '=' + - - 'DB_ROOT_PASSWORD' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + step_2: + mysql_init_bundle: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle' + image: *mysql_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro + - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro + - /var/lib/mysql:/var/lib/mysql:rw + host_prep_tasks: + - name: create /var/lib/mysql + file: + path: /var/lib/mysql + state: directory + upgrade_tasks: + - name: Stop and disable mysql service + tags: step2 + service: name=mariadb state=stopped enabled=no diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml new file mode 100644 index 00000000..2ff15fe9 --- /dev/null +++ b/docker/services/pacemaker/database/redis.yaml @@ -0,0 +1,147 @@ +heat_template_version: pike + +description: > + OpenStack containerized Redis services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerRedisImage: + description: image + default: 'centos-binary-redis:latest' + type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume + default: 'centos-binary-redis:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + RedisBase: + type: ../../../../puppet/services/database/redis.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Redis API role. + value: + service_name: {get_attr: [RedisBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [RedisBase, role_data, config_settings]} + - redis::service_manage: false + redis::notify_service: false + redis::managed_by_cluster_manager: true + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image + list_join: + - '/' + - - {get_param: DockerNamespace} + - {get_param: DockerRedisImage} + + step_config: "" + service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: 'redis' + # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to + # /etc/redis.conf + # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 + puppet_tags: 'exec' + step_config: + get_attr: [RedisBase, role_data, step_config] + config_image: &redis_config_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/redis.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + permissions: + - path: /var/run/redis + owner: redis:redis + recurse: true + - path: /var/lib/redis + owner: redis:redis + recurse: true + - path: /var/log/redis + owner: redis:redis + recurse: true + docker_config: + step_2: + redis_init_bundle: + start_order: 2 + detach: false + net: host + user: root + config_volume: 'redis_init_bundle' + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle' + image: *redis_config_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create /var/run/redis + file: + path: /var/run/redis + state: directory + - name: create /var/log/redis + file: + path: /var/log/redis + state: directory + - name: create /var/lib/redis + file: + path: /var/lib/redis + state: directory + upgrade_tasks: + - name: Stop and disable redis service + tags: step2 + service: name=redis state=stopped enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml new file mode 100644 index 00000000..704ffab5 --- /dev/null +++ b/docker/services/pacemaker/haproxy.yaml @@ -0,0 +1,126 @@ +heat_template_version: pike + +description: > + OpenStack containerized HAproxy service for pacemaker + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHAProxyImage: + description: image + default: 'centos-binary-haproxy:latest' + type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + default: 'centos-binary-haproxy:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + HAProxyBase: + type: ../../../puppet/services/pacemaker/haproxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the HAproxy role. + value: + service_name: {get_attr: [HAProxyBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HAProxyBase, role_data, config_settings] + - tripleo::haproxy::haproxy_daemon: false + haproxy_docker: true + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + step_config: "" + service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: haproxy + puppet_tags: haproxy_config + step_config: + list_join: + - "\n" + - - "exec {'wait-for-settle': command => '/bin/true' }" + - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" + - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" + - 'include ::tripleo::profile::pacemaker::haproxy_bundle' + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/haproxy.json: + command: haproxy -f /etc/haproxy/haproxy.cfg + docker_config: + step_2: + haproxy_init_bundle: + start_order: 3 + detach: false + net: host + user: root + privileged: true + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'tripleo::firewall::rule,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + CONFIG: + list_join: + - ';' + - - 'include ::tripleo::profile::base::pacemaker' + - 'include ::tripleo::profile::pacemaker::haproxy_bundle' + image: *haproxy_image + volumes: + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + metadata_settings: + get_attr: [HAProxyBase, role_data, metadata_settings] diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml new file mode 100644 index 00000000..ab1a612f --- /dev/null +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -0,0 +1,166 @@ +heat_template_version: pike + +description: > + OpenStack containerized Rabbitmq service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerRabbitmqImage: + description: image + default: 'centos-binary-rabbitmq:latest' + type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + default: 'centos-binary-rabbitmq:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RabbitCookie: + type: string + default: '' + hidden: true + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + RabbitmqBase: + type: ../../../puppet/services/rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Rabbitmq API role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [RabbitmqBase, role_data, config_settings]} + - rabbitmq::service_manage: false + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image + list_join: + - '/' + - - {get_param: DockerNamespace} + - {get_param: DockerRabbitmqImage} + step_config: &step_config + get_attr: [RabbitmqBase, role_data, step_config] + service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: rabbitmq + puppet_tags: file + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/rabbitmq.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + permissions: + - path: /var/lib/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + - path: /var/log/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + # When using pacemaker we don't launch the container, instead that is done by pacemaker + # itself. + docker_config: + step_1: + rabbitmq_bootstrap: + start_order: 0 + image: *rabbitmq_image + net: host + privileged: false + volumes: + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + - + list_join: + - '=' + - - 'RABBITMQ_CLUSTER_COOKIE' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + step_2: + rabbitmq_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle' + image: *rabbitmq_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create /var/lib/rabbitmq + file: + path: /var/lib/rabbitmq + state: directory + - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container + shell: | + echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf + echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf + for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done + upgrade_tasks: + - name: Stop and disable rabbitmq service + tags: step2 + service: name=rabbitmq-server state=stopped enabled=no diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index b9e6e93a..0f556063 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -14,6 +14,10 @@ parameters: description: image default: 'centos-binary-panko-api:latest' type: string + DockerPankoConfigImage: + description: The container image to use for the panko config_volume + default: 'centos-binary-panko-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -75,29 +79,31 @@ outputs: config_volume: panko puppet_tags: panko_api_paste_ini,panko_config step_config: *step_config - config_image: &panko_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerPankoConfigImage} ] kolla_config: - /var/lib/kolla/config_files/panko-api.json: + /var/lib/kolla/config_files/panko_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/panko owner: panko:panko recurse: true docker_config: - step_3: - panko-init-log: - start_order: 0 - image: *panko_image + step_2: + panko_init_log: + image: &panko_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] user: root volumes: - /var/log/containers/panko:/var/log/panko command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko'] + step_3: panko_db_sync: - start_order: 1 - image: *panko_image + image: *panko_api_image net: host detach: false privileged: false @@ -112,7 +118,7 @@ outputs: step_4: panko_api: start_order: 2 - image: *panko_image + image: *panko_api_image net: host privileged: false restart: always @@ -120,9 +126,11 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro - - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/panko/var/www/:/var/www/:ro - /var/log/containers/panko:/var/log/panko - diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index e2f8228e..f42f2ed2 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-rabbitmq:latest' type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + default: 'centos-binary-rabbitmq:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -73,10 +77,10 @@ outputs: puppet_config: config_volume: rabbitmq step_config: *step_config - config_image: &rabbitmq_image + config_image: &rabbitmq_config_image list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ] kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/lib/rabbitmq/bin/rabbitmq-server @@ -89,7 +93,11 @@ outputs: step_1: rabbitmq_init_logs: start_order: 0 - image: *rabbitmq_image + detach: false + image: &rabbitmq_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] privileged: false user: root volumes: @@ -97,6 +105,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq'] rabbitmq_bootstrap: start_order: 1 + detach: false image: *rabbitmq_image net: host privileged: false @@ -144,9 +153,9 @@ outputs: config_volume: 'rabbit_init_tasks' puppet_tags: 'rabbitmq_policy,rabbitmq_user' step_config: 'include ::tripleo::profile::base::rabbitmq' - config_image: *rabbitmq_image + config_image: *rabbitmq_config_image volumes: - - /var/lib/config-data/rabbitmq/etc/:/etc/ + - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro host_prep_tasks: - name: create persistent directories diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml new file mode 100644 index 00000000..55c42abd --- /dev/null +++ b/docker/services/sahara-api.yaml @@ -0,0 +1,126 @@ +heat_template_version: pike + +description: > + OpenStack Sahara service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSaharaApiImage: + description: image + default: 'centos-binary-sahara-api:latest' + type: string + DockerSaharaConfigImage: + description: The container image to use for the sahara config_volume + default: 'centos-binary-sahara-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SaharaApiPuppetBase: + type: ../../puppet/services/sahara-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + service_name: {get_attr: [SaharaApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SaharaApiPuppetBase, role_data, config_settings] + - sahara::sync_db: false + step_config: &step_config + get_attr: [SaharaApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: sahara + puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/sahara-api.json: + command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf + permissions: + - path: /var/lib/sahara + owner: sahara:sahara + recurse: true + - path: /var/log/sahara + owner: sahara:sahara + recurse: true + docker_config: + step_3: + sahara_db_sync: + image: &sahara_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] + net: host + privileged: false + detach: false + volumes: &sahara_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /lib/modules:/lib/modules:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara + command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'" + step_4: + sahara_api: + image: *sahara_api_image + net: host + privileged: false + restart: always + volumes: *sahara_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/sahara + file: + path: /var/lib/sahara + state: directory + - name: create persistent sahara logs directory + file: + path: /var/log/containers/sahara + state: directory + upgrade_tasks: + - name: Stop and disable sahara_api service + tags: step2 + service: name=openstack-sahara-api state=stopped enabled=no diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml new file mode 100644 index 00000000..99a51c9a --- /dev/null +++ b/docker/services/sahara-engine.yaml @@ -0,0 +1,117 @@ +heat_template_version: pike + +description: > + OpenStack Sahara service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSaharaEngineImage: + description: image + default: 'centos-binary-sahara-engine:latest' + type: string + DockerSaharaConfigImage: + description: The container image to use for the sahara config_volume + default: 'centos-binary-sahara-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SaharaEnginePuppetBase: + type: ../../puppet/services/sahara-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + service_name: {get_attr: [SaharaEnginePuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SaharaEnginePuppetBase, role_data, config_settings] + - sahara::sync_db: false + step_config: &step_config + get_attr: [SaharaEnginePuppetBase, role_data, step_config] + service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: sahara + puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/sahara-engine.json: + command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf + permissions: + - path: /var/lib/sahara + owner: sahara:sahara + recurse: true + - path: /var/log/sahara + owner: sahara:sahara + recurse: true + docker_config: + step_4: + sahara_engine: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] + net: host + privileged: false + restart: always + volumes: &sahara_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/sahara + file: + path: /var/lib/sahara + state: directory + - name: create persistent sahara logs directory + file: + path: /var/log/containers/sahara + state: directory + upgrade_tasks: + - name: Stop and disable sahara_engine service + tags: step2 + service: name=openstack-sahara-engine state=stopped enabled=no diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml new file mode 100644 index 00000000..42b0c57a --- /dev/null +++ b/docker/services/sensu-client.yaml @@ -0,0 +1,148 @@ +heat_template_version: pike + +description: > + Containerized Sensu client service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSensuClientImage: + description: image + default: 'centos-binary-sensu-client:latest' + type: string + DockerSensuConfigImage: + description: The container image to use for the sensu config_volume + default: 'centos-binary-sensu-client:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + SensuDockerCheckCommand: + type: string + default: | + for i in $(docker ps --format '{{.ID}}'); do + if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then + if [ "$result" != 'healthy' ]; then + echo "$(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{json .State}}' $i)" && exit 2; + fi + fi + done + SensuDockerCheckInterval: + type: number + description: The frequency in seconds the docker health check is executed. + default: 10 + SensuDockerCheckHandlers: + default: [] + description: The Sensu event handler to use for events + created by the docker health check. + type: comma_delimited_list + SensuDockerCheckOccurrences: + type: number + description: The number of event occurrences before sensu-plugin-aware handler should take action. + default: 3 + SensuDockerCheckRefresh: + type: number + description: The number of seconds sensu-plugin-aware handlers should wait before taking second action. + default: 90 + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SensuClientBase: + type: ../../puppet/services/monitoring/sensu-client.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sensu client role. + value: + service_name: {get_attr: [SensuClientBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SensuClientBase, role_data, config_settings] + - sensu::checks: + check-docker-health: + standalone: true + command: {get_param: SensuDockerCheckCommand} + interval: {get_param: SensuDockerCheckInterval} + handlers: {get_param: SensuDockerCheckHandlers} + occurrences: {get_param: SensuDockerCheckOccurrences} + refresh: {get_param: SensuDockerCheckRefresh} + step_config: &step_config + get_attr: [SensuClientBase, role_data, step_config] + service_config_settings: {get_attr: [SensuClientBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: sensu + puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSensuConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/sensu-client.json: + command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log + permissions: + - path: /var/log/sensu + owner: sensu:sensu + recurse: true + docker_config: + step_3: + sensu_client: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] + net: host + privileged: true + # NOTE(mmagr) kolla image changes the user to 'sensu', we need it + # to be root have rw permission to docker.sock to run successfully + # "docker inspect" command + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/run/docker.sock:/var/run/docker.sock:rw + - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro + - /var/log/containers/sensu:/var/log/sensu:rw + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/sensu + state: directory + upgrade_tasks: + - name: Stop and disable sensu-client service + tags: step2 + service: name=sensu-client.service state=stopped enabled=no diff --git a/docker/services/services.yaml b/docker/services/services.yaml deleted file mode 100644 index 2ad3b63d..00000000 --- a/docker/services/services.yaml +++ /dev/null @@ -1,105 +0,0 @@ -heat_template_version: pike - -description: > - Utility stack to convert an array of services into a set of combined - role configs. - -parameters: - Services: - default: [] - description: | - List nested stack service templates. - type: comma_delimited_list - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - DefaultPasswords: - default: {} - description: Mapping of service -> default password. Used to help - pass top level passwords managed by Heat into services. - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - -resources: - - PuppetServices: - type: ../../puppet/services/services.yaml - properties: - Services: {get_param: Services} - ServiceNetMap: {get_param: ServiceNetMap} - EndpointMap: {get_param: EndpointMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - ServiceChain: - type: OS::Heat::ResourceChain - properties: - resources: {get_param: Services} - concurrent: true - resource_properties: - ServiceNetMap: {get_param: ServiceNetMap} - EndpointMap: {get_param: EndpointMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Combined Role data for this set of services. - value: - service_names: - {get_attr: [PuppetServices, role_data, service_names]} - monitoring_subscriptions: - {get_attr: [PuppetServices, role_data, monitoring_subscriptions]} - logging_sources: - {get_attr: [PuppetServices, role_data, logging_sources]} - logging_groups: - {get_attr: [PuppetServices, role_data, logging_groups]} - service_config_settings: - {get_attr: [PuppetServices, role_data, service_config_settings]} - config_settings: - {get_attr: [PuppetServices, role_data, config_settings]} - global_config_settings: - {get_attr: [PuppetServices, role_data, global_config_settings]} - step_config: - {get_attr: [ServiceChain, role_data, step_config]} - puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]} - kolla_config: - map_merge: {get_attr: [ServiceChain, role_data, kolla_config]} - docker_config: - {get_attr: [ServiceChain, role_data, docker_config]} - docker_puppet_tasks: - {get_attr: [ServiceChain, role_data, docker_puppet_tasks]} - host_prep_tasks: - yaql: - # Note we use distinct() here to filter any identical tasks - expression: $.data.where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct() - data: {get_attr: [ServiceChain, role_data]} - upgrade_tasks: - yaql: - # Note we use distinct() here to filter any identical tasks, e.g yum update for all services - expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() - data: {get_attr: [ServiceChain, role_data]} - upgrade_batch_tasks: - yaql: - # Note we use distinct() here to filter any identical tasks, e.g yum update for all services - expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct() - data: {get_attr: [ServiceChain, role_data]} - service_metadata_settings: - get_attr: [PuppetServices, role_data, service_metadata_settings] diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 04c4ba1e..d7a7fe41 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-swift-proxy-server:latest' type: string + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume + default: 'centos-binary-swift-proxy-server:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -70,10 +74,10 @@ outputs: config_volume: swift puppet_tags: swift_proxy_config step_config: *step_config - config_image: &swift_proxy_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: /var/lib/kolla/config_files/swift_proxy.json: command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf @@ -87,7 +91,10 @@ outputs: step_4: map_merge: - swift_proxy: - image: *swift_proxy_image + image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] net: host user: swift restart: always @@ -117,7 +124,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml index bfd445d0..00a772d6 100644 --- a/docker/services/swift-ringbuilder.yaml +++ b/docker/services/swift-ringbuilder.yaml @@ -8,8 +8,8 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerSwiftProxyImage: - description: image + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume default: 'centos-binary-swift-proxy-server:latest' type: string ServiceNetMap: @@ -58,6 +58,14 @@ parameters: default: true description: 'Use a local directory for Swift storage services when building rings' type: boolean + SwiftRingGetTempurl: + default: '' + description: A temporary Swift URL to download rings from. + type: string + SwiftRingPutTempurl: + default: '' + description: A temporary Swift URL to upload rings to. + type: string resources: @@ -75,18 +83,21 @@ outputs: description: Role data for Swift Ringbuilder configuration in containers. value: service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]} - config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]} + config_settings: + map_merge: + - {get_attr: [SwiftRingbuilderBase, role_data, config_settings]} + - tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true step_config: &step_config get_attr: [SwiftRingbuilderBase, role_data, step_config] service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: 'swift' - puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance + puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball step_config: *step_config config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: {} docker_config: {} diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 017fb123..011e6d42 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -24,6 +24,10 @@ parameters: description: image default: 'centos-binary-swift-object:latest' type: string + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume + default: 'centos-binary-swift-proxy-server:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -46,6 +50,11 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json + resources: @@ -66,7 +75,11 @@ outputs: description: Role data for the swift storage services. value: service_name: {get_attr: [SwiftStorageBase, role_data, service_name]} - config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]} + config_settings: + map_merge: + - {get_attr: [SwiftStorageBase, role_data, config_settings]} + # FIXME (cschwede): re-enable this once checks works inside containers + - swift::storage::all::mount_check: false step_config: &step_config get_attr: [SwiftStorageBase, role_data, step_config] service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]} @@ -75,10 +88,10 @@ outputs: config_volume: swift puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config step_config: *step_config - config_image: &swift_proxy_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] kolla_config: /var/lib/kolla/config_files/swift_account_auditor.json: command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf @@ -277,7 +290,10 @@ outputs: - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_object_expirer: - image: *swift_proxy_image + image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] net: host user: swift restart: always @@ -348,6 +364,18 @@ outputs: with_items: - /var/log/containers/swift - /srv/node + - name: Format and mount devices defined in SwiftRawDisks + mount: + name: /srv/node/{{ item }} + src: /dev/{{ item }} + fstype: xfs + opts: noatime + state: mounted + with_items: + - repeat: + template: 'DEVICE' + for_each: + DEVICE: {get_param: SwiftRawDisks} upgrade_tasks: - name: Stop and disable swift storage services tags: step2 diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml new file mode 100644 index 00000000..84175c57 --- /dev/null +++ b/docker/services/tacker.yaml @@ -0,0 +1,133 @@ +heat_template_version: pike + +description: > + OpenStack containerized Tacker service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerTackerImage: + description: image + default: 'centos-binary-tacker:latest' + type: string + DockerTackerConfigImage: + description: The container image to use for the tacker config_volume + default: 'centos-binary-tacker:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + TackerBase: + type: ../../puppet/services/tacker.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Tacker role. + value: + service_name: {get_attr: [TackerBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [TackerBase, role_data, config_settings] + step_config: &step_config + get_attr: [TackerBase, role_data, step_config] + service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: tacker + puppet_tags: tacker_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/tacker_api.json: + command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log + permissions: + - path: /var/log/tacker + owner: tacker:tacker + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_2: + tacker_init_logs: + image: &tacker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/tacker:/var/log/tacker + command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker'] + step_3: + tacker_db_sync: + image: *tacker_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/tacker/etc/:/etc/:ro + - /var/log/containers/tacker:/var/log/tacker + command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" + step_4: + tacker_api: + image: *tacker_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro + - /var/log/containers/tacker:/var/log/tacker + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/tacker + state: directory + upgrade_tasks: + - name: Stop and disable tacker-server service + tags: step2 + service: name=openstack-tacker-server state=stopped enabled=no diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 594df693..17524e5e 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -12,6 +12,10 @@ parameters: description: image default: 'centos-binary-zaqar:latest' type: string + DockerZaqarConfigImage: + description: The container image to use for the zaqar config_volume + default: 'centos-binary-zaqar:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -63,10 +67,10 @@ outputs: config_volume: zaqar puppet_tags: zaqar_config step_config: *step_config - config_image: &zaqar_image + config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerZaqarConfigImage} ] kolla_config: /var/lib/kolla/config_files/zaqar.json: command: /usr/sbin/httpd -DFOREGROUND @@ -79,7 +83,10 @@ outputs: docker_config: step_4: zaqar: - image: *zaqar_image + image: &zaqar_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] net: host privileged: false restart: always @@ -93,7 +100,9 @@ outputs: - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - /var/lib/config-data/zaqar/var/www/:/var/www/:ro - - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/log/containers/zaqar:/var/log/zaqar environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS |