diff options
Diffstat (limited to 'docker')
-rw-r--r-- | docker/services/collectd.yaml | 20 | ||||
-rw-r--r-- | docker/services/database/mysql-client.yaml | 66 | ||||
-rw-r--r-- | docker/services/ironic-api.yaml | 9 | ||||
-rw-r--r-- | docker/services/manila-api.yaml | 39 | ||||
-rw-r--r-- | docker/services/pacemaker/cinder-backup.yaml | 152 |
5 files changed, 268 insertions, 18 deletions
diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index 7354898b..6c58a589 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -55,7 +55,11 @@ outputs: description: Role data for the collectd role. value: service_name: {get_attr: [CollectdBase, role_data, service_name]} - config_settings: {get_attr: [CollectdBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [CollectdBase, role_data, config_settings] + - tripleo::profile::base::metrics::collectd::enable_file_logging: true + collectd::plugin::logfile::log_file: /var/log/collectd/collectd.log step_config: &step_config get_attr: [CollectdBase, role_data, step_config] service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]} @@ -71,6 +75,10 @@ outputs: kolla_config: /var/lib/kolla/config_files/collectd.json: command: /usr/sbin/collectd -f + permissions: + - path: /var/log/collectd + owner: collectd:collectd + recurse: true docker_config: step_3: collectd: @@ -84,11 +92,17 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro + - /var/lib/config-data/collectd/etc/collectd.conf:/etc/collectd.conf:ro + - /var/lib/config-data/collectd/etc/collectd.d:/etc/collectd.d:ro + - /var/log/containers/collectd:/var/log/collectd:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/collectd + state: directory upgrade_tasks: - name: Stop and disable collectd service tags: step2 service: name=collectd.service state=stopped enabled=no - diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml new file mode 100644 index 00000000..b0ad3760 --- /dev/null +++ b/docker/services/database/mysql-client.yaml @@ -0,0 +1,66 @@ +heat_template_version: pike + +description: > + Configuration for containerized MySQL clients + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +outputs: + role_data: + description: Role for setting mysql client parameters + value: + service_name: mysql_client + config_settings: + tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} + tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} + # BEGIN DOCKER SETTINGS # + step_config: "" + puppet_config: + config_volume: mysql_client + puppet_tags: file # set this even though file is the default + step_config: "include ::tripleo::profile::base::database::mysql::client" + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + # no need for a docker config, this service only generates configuration files + docker_config: {} diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index a32176af..1c8aa5bd 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -61,6 +61,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicApiBase, role_data, config_settings] + - apache::default_vhost: false step_config: &step_config get_attr: [IronicApiBase, role_data, step_config] service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} @@ -75,7 +76,7 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] kolla_config: /var/lib/kolla/config_files/ironic_api.json: - command: /usr/bin/ironic-api + command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/ironic owner: ironic:ironic @@ -113,7 +114,7 @@ outputs: start_order: 10 image: *ironic_image net: host - privileged: false + user: root restart: always volumes: list_concat: @@ -121,6 +122,10 @@ outputs: - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro + - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/ironic/var/www/:/var/www/:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index 47d0f579..62fdaaf0 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -14,7 +14,8 @@ parameters: type: string DockerManilaConfigImage: description: image - default: 'centos-binary-manila-base:latest' + default: 'centos-binary-manila-api:latest' + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -40,6 +41,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + ManilaApiPuppetBase: type: ../../puppet/services/manila-api.yaml properties: @@ -73,20 +77,28 @@ outputs: owner: manila:manila recurse: true docker_config: - step_3: - manila_api_db_sync: - user: root + step_2: + manila_init_logs: image: &manila_api_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ] + user: root + volumes: + - /var/log/containers/manila:/var/log/manila + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R manila:manila /var/log/manila'] + step_3: + manila_api_db_sync: + user: root + image: *manila_api_image net: host detach: false volumes: - - /var/lib/config-data/manila/etc/manila/:/etc/manila:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - logs:/var/log + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'" step_4: manila_api: @@ -94,11 +106,12 @@ outputs: net: host restart: always volumes: - - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /var/log/containers/manila:/var/log/manila + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml new file mode 100644 index 00000000..7cac9d48 --- /dev/null +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -0,0 +1,152 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Backup service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderBackupImage: + description: image + default: 'centos-binary-cinder-backup:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + CinderBackupBase: + type: ../../../puppet/services/cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + CinderBackupBackend: {get_param: CinderBackupBackend} + CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName} + CephClientUserName: {get_param: CephClientUserName} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: {get_attr: [CinderBackupBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CinderBackupBase, role_data, config_settings] + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + cinder::backup::manage_service: false + cinder::backup::enabled: false + step_config: "" + service_config_settings: {get_attr: [CinderBackupBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_backup.json: + command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/lib/cinder + owner: cinder:cinder + recurse: true + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_backup_init_logs: + start_order: 0 + image: *cinder_backup_image + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_5: + cinder_backup_init_bundle: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle' + image: *cinder_backup_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/cinder + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup state=stopped enabled=no |