diff options
Diffstat (limited to 'docker')
40 files changed, 463 insertions, 652 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 0f079436..909a2c8a 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -61,7 +61,10 @@ def rm_container(name): stderr=subprocess.PIPE) cmd_stdout, cmd_stderr = subproc.communicate() print(cmd_stdout) - print(cmd_stderr) + if cmd_stderr and \ + cmd_stderr != 'Error response from daemon: ' \ + 'No such container: {}\n'.format(name): + print(cmd_stderr) process_count = int(os.environ.get('PROCESS_COUNT', multiprocessing.cpu_count())) @@ -202,10 +205,17 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', '--volume', 'tripleo_logs:/var/log/tripleo/', + # OpenSSL trusted CA injection + '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro', + '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', + '--volume', '/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', + '--volume', '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', + # script injection '--volume', '%s:%s:rw' % (sh_script, sh_script) ] for volume in volumes: - dcmd.extend(['--volume', volume]) + if volume: + dcmd.extend(['--volume', volume]) dcmd.extend(['--entrypoint', sh_script]) @@ -246,9 +256,9 @@ for config_volume in configs: volumes = service[4] if len(service) > 4 else [] if puppet_tags: - puppet_tags = "file,file_line,concat,%s" % puppet_tags + puppet_tags = "file,file_line,concat,augeas,%s" % puppet_tags else: - puppet_tags = "file,file_line,concat" + puppet_tags = "file,file_line,concat,augeas" process_map.append([config_volume, puppet_tags, manifest, config_image, volumes]) @@ -258,4 +268,13 @@ for p in process_map: # Fire off processes to perform each configuration. Defaults # to the number of CPUs on the system. p = multiprocessing.Pool(process_count) -p.map(mp_puppet_config, process_map) +returncodes = list(p.map(mp_puppet_config, process_map)) +config_volumes = [pm[0] for pm in process_map] +success = True +for returncode, config_volume in zip(returncodes, config_volumes): + if returncode != 0: + print('ERROR configuring %s' % config_volume) + success = False + +if not success: + sys.exit(1) diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 301d838f..f0af8e25 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -1,7 +1,14 @@ # certain initialization steps (run in a container) will occur -# on the first role listed in the roles file -{% set primary_role_name = roles[0].name -%} - +# on the role marked as primary controller or the first role listed +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# primary role is: {{primary_role_name}} heat_template_version: ocata description: > diff --git a/docker/services/README.rst b/docker/services/README.rst index 219f35eb..84ac842e 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -23,7 +23,7 @@ puppet (our configuration tool of choice) into the Kolla base images. The undercloud nova-scheduler also requires openstack-tripleo-common to provide custom filters. -To build Kolla images for TripleO adjust your kolla config to build your +To build Kolla images for TripleO adjust your kolla config [*]_ to build your centos base image with puppet using the example below: .. code-block:: @@ -37,6 +37,10 @@ kolla-build --base centos --template-override template-overrides.j2 .. +.. [*] See the + `override file <https://github.com/openstack/tripleo-common/blob/master/contrib/tripleo_kolla_template_overrides.j2>`_ + which can be used to build Kolla packages that work with TripleO, and an + `example build script <https://github.com/dprince/undercloud_containers/blob/master/build_kolla.sh>_. Docker settings --------------- @@ -70,7 +74,7 @@ are re-asserted when applying latter ones. * puppet_tags: Puppet resource tag names that are used to generate config files with puppet. Only the named config resources are used to generate a config file. Any service that specifies tags will have the default - tags of 'file,concat,file_line' appended to the setting. + tags of 'file,concat,file_line,augeas' appended to the setting. Example: keystone_config * config_volume: The name of the volume (directory) where config files diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index ca410d6d..32294958 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -58,29 +58,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-api.json: - command: /usr/sbin/httpd -DFOREGROUND - config_files: - - dest: /etc/aodh/aodh.conf - owner: aodh - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf - - dest: /etc/httpd/conf.d/10-aodh_wsgi.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-aodh_wsgi.conf - - dest: /etc/httpd/conf/httpd.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf - - dest: /etc/httpd/conf/ports.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf - - dest: /var/www/cgi-bin/aodh/app - owner: aodh - perm: '0644' - source: /var/lib/kolla/config_files/src/var/www/cgi-bin/aodh/app + /var/lib/kolla/config_files/aodh-api.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: step_3: aodh-init-log: @@ -97,7 +76,7 @@ outputs: privileged: false detach: false volumes: - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - logs:/var/log @@ -110,8 +89,9 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro - - /var/lib/config-data/aodh/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/aodh/var/www/:/var/www/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - logs:/var/log diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index d3c8c595..1553df3c 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -57,13 +57,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-evaluator.json: - command: /usr/bin/aodh-evaluator - config_files: - - dest: /etc/aodh/aodh.conf - owner: aodh - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf + /var/lib/kolla/config_files/aodh-evaluator.json: + command: /usr/bin/aodh-evaluator docker_config: step_4: aodh_evaluator: @@ -73,7 +68,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 7aa9618d..300dfde3 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -57,13 +57,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-listener.json: - command: /usr/bin/aodh-listener - config_files: - - dest: /etc/aodh/aodh.conf - owner: aodh - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf + /var/lib/kolla/config_files/aodh-listener.json: + command: /usr/bin/aodh-listener docker_config: step_4: aodh_listener: @@ -73,7 +68,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index f525d6bd..b4056603 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -57,13 +57,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-notifier.json: - command: /usr/bin/aodh-notifier - config_files: - - dest: /etc/aodh/aodh.conf - owner: aodh - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/aodh/aodh.conf + /var/lib/kolla/config_files/aodh-notifier.json: + command: /usr/bin/aodh-notifier docker_config: step_4: aodh_notifier: @@ -73,7 +68,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 36f33403..7d2d1a15 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -62,33 +62,19 @@ outputs: kolla_config: /var/lib/kolla/config_files/mongodb.json: command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run - config_files: - - dest: /etc/mongod.conf - source: /var/lib/kolla/config_files/src/etc/mongod.conf - owner: mongodb - perm: '0600' - - dest: /etc/mongos.conf - source: /var/lib/kolla/config_files/src/etc/mongos.conf - owner: mongodb - perm: '0600' + permissions: + - path: /var/lib/mongodb + owner: mongodb:mongodb + recurse: true docker_config: step_2: - mongodb_data_ownership: - start_order: 0 - image: *mongodb_image - net: host - user: root - command: ['chown', '-R', 'mongodb:', '/var/lib/mongodb'] - volumes: - - /var/lib/mongodb:/var/lib/mongodb mongodb: - start_order: 1 image: *mongodb_image net: host privileged: false volumes: &mongodb_volumes - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mongodb/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/mongodb/etc/:/etc/:ro - /etc/localtime:/etc/localtime:ro - logs:/var/log/kolla - /var/lib/mongodb:/var/lib/mongodb @@ -100,13 +86,10 @@ outputs: config_volume: 'mongodb_init_tasks' puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset' step_config: 'include ::tripleo::profile::base::database::mongodb' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + config_image: *mongodb_image volumes: - - "mongodb:/var/lib/mongodb/" - - "logs:/var/log/kolla:ro" + - /var/lib/mongodb:/var/lib/mongodb + - logs:/var/log/kolla:ro host_prep_tasks: - name: create /var/lib/mongodb file: diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 531c1ebd..cba2070d 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -71,29 +71,14 @@ outputs: kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/bin/mysqld_safe - config_files: - - dest: /etc/mysql/my.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf - owner: mysql - perm: '0644' - - dest: /etc/my.cnf.d/galera.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf - owner: mysql - perm: '0644' + permissions: + - path: /var/lib/mysql + owner: mysql:mysql + recurse: true docker_config: step_2: - mysql_data_ownership: - start_order: 0 - detach: false - image: *mysql_image - net: host - user: root - # Kolla does only non-recursive chown - command: ['chown', '-R', 'mysql:', '/var/lib/mysql'] - volumes: - - /var/lib/mysql:/var/lib/mysql mysql_bootstrap: - start_order: 1 + start_order: 0 detach: false image: *mysql_image net: host @@ -101,7 +86,7 @@ outputs: command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/mysql/etc/:/etc/:ro - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - /var/lib/mysql:/var/lib/mysql @@ -122,7 +107,7 @@ outputs: - {get_param: MysqlRootPassword} - {get_param: [DefaultPasswords, mysql_root_password]} mysql: - start_order: 2 + start_order: 1 image: *mysql_image restart: always net: host @@ -135,13 +120,10 @@ outputs: config_volume: 'mysql_init_tasks' puppet_tags: 'mysql_database,mysql_grant,mysql_user' step_config: 'include ::tripleo::profile::base::database::mysql' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + config_image: *mysql_image volumes: - - "/var/lib/mysql:/var/lib/mysql/:ro" - - "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf + - /var/lib/mysql:/var/lib/mysql/:ro + - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf host_prep_tasks: - name: create /var/lib/mysql file: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 77e4aa01..fdfdbc68 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -58,17 +58,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] kolla_config: - /var/lib/kolla/config_files/glance-api.json: - command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf - config_files: - - dest: /etc/glance/glance-api.conf - owner: glance - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/glance/glance-api.conf - - dest: /etc/glance/glance-swift.conf - owner: glance - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/glance/glance-swift.conf + /var/lib/kolla/config_files/glance-api.json: + command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf docker_config: step_3: glance_api_db_sync: @@ -78,9 +69,9 @@ outputs: detach: false volumes: &glance_volumes - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - - /var/lib/config-data/glance_api/:/var/lib/kolla/config_files/src:ro - /run:/run - /dev:/dev - /etc/hosts:/etc/hosts:ro diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index a64d1507..659785aa 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -58,29 +58,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-api.json: - command: /usr/sbin/httpd -DFOREGROUND - config_files: - - dest: /etc/gnocchi/gnocchi.conf - owner: gnocchi - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf - - dest: /etc/httpd/conf.d/10-gnocchi_wsgi.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-gnocchi_wsgi.conf - - dest: /etc/httpd/conf/httpd.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf - - dest: /etc/httpd/conf/ports.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf - - dest: /var/www/cgi-bin/gnocchi/app - owner: gnocchi - perm: '0644' - source: /var/lib/kolla/config_files/src/var/www/cgi-bin/gnocchi/app + /var/lib/kolla/config_files/gnocchi-api.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: step_3: gnocchi-init-log: @@ -97,7 +76,7 @@ outputs: detach: false privileged: false volumes: - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi:ro + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - logs:/var/log @@ -110,9 +89,14 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable httpd service + tags: step2 + service: name=httpd state=stopped enabled=no diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 6437e942..78494d66 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -55,13 +55,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-metricd.json: - command: /usr/bin/gnocchi-metricd - config_files: - - dest: /etc/gnocchi/gnocchi.conf - owner: gnocchi - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf + /var/lib/kolla/config_files/gnocchi-metricd.json: + command: /usr/bin/gnocchi-metricd docker_config: step_4: gnocchi_metricd: @@ -71,8 +66,12 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-gnocchi-metricd service + tags: step2 + service: name=openstack-gnocchi-metricd.service state=stopped enabled=no diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 32c16521..7f439846 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -55,13 +55,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-statsd.json: - command: /usr/bin/gnocchi-statsd - config_files: - - dest: /etc/gnocchi/gnocchi.conf - owner: gnocchi - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/gnocchi/gnocchi.conf + /var/lib/kolla/config_files/gnocchi-statsd.json: + command: /usr/bin/gnocchi-statsd docker_config: step_4: gnocchi_statsd: @@ -71,8 +66,12 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-gnocchi-statsd service + tags: step2 + service: name=openstack-gnocchi-statsd.service state=stopped enabled=no diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 2a27efb4..e1226471 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-heat-api-cfn:latest' type: string # we configure all heat services in the same heat engine container - DockerHeatEngineImage: + DockerHeatConfigImage: description: image default: 'centos-binary-heat-engine:latest' type: string @@ -62,15 +62,10 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] kolla_config: - /var/lib/kolla/config_files/heat_api_cfn.json: - command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf - config_files: - - dest: /etc/heat/heat.conf - owner: heat - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + /var/lib/kolla/config_files/heat_api_cfn.json: + command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf docker_config: step_4: heat_api_cfn: @@ -82,12 +77,12 @@ outputs: privileged: false restart: always volumes: - - /run:/run - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /dev:/dev + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index c429870b..3212d909 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -13,7 +13,7 @@ parameters: default: 'centos-binary-heat-api:latest' type: string # we configure all heat services in the same heat engine container - DockerHeatEngineImage: + DockerHeatConfigImage: description: image default: 'centos-binary-heat-engine:latest' type: string @@ -62,15 +62,10 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] kolla_config: - /var/lib/kolla/config_files/heat_api.json: - command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf - config_files: - - dest: /etc/heat/heat.conf - owner: heat - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + /var/lib/kolla/config_files/heat_api.json: + command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf docker_config: step_4: heat_api: @@ -82,12 +77,12 @@ outputs: privileged: false restart: always volumes: - - /run:/run - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /dev:/dev + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 85a00b1d..83c63095 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -59,13 +59,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] kolla_config: - /var/lib/kolla/config_files/heat_engine.json: - command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf - config_files: - - dest: /etc/heat/heat.conf - owner: heat - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + /var/lib/kolla/config_files/heat_engine.json: + command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf docker_config: step_3: heat_engine_db_sync: @@ -74,7 +69,7 @@ outputs: privileged: false detach: false volumes: - - /var/lib/config-data/heat/etc/heat:/etc/heat:ro + - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro command: ['heat-manage', 'db_sync'] @@ -85,11 +80,11 @@ outputs: privileged: false restart: always volumes: - - /run:/run - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 5ae82d46..bef84e2e 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -61,13 +61,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] kolla_config: - /var/lib/kolla/config_files/ironic_api.json: - command: /usr/bin/ironic-api - config_files: - - dest: /etc/ironic/ironic.conf - owner: ironic - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + /var/lib/kolla/config_files/ironic_api.json: + command: /usr/bin/ironic-api docker_config: step_3: ironic_db_sync: @@ -82,8 +77,6 @@ outputs: - /var/lib/config-data/ironic/etc/:/etc/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf'] step_4: ironic_api: @@ -94,7 +87,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/ironic/etc/:/etc/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 8c18a160..3047f30b 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -50,6 +50,7 @@ outputs: - get_attr: [IronicConductorBase, role_data, config_settings] # to avoid hard linking errors we store these on the same # volume/device as the ironic master_path + # https://github.com/docker/docker/issues/7457 - ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot - ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images - ironic::pxe::tftp_root: /var/lib/ironic/tftpboot @@ -68,49 +69,68 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] kolla_config: - /var/lib/kolla/config_files/ironic_conductor.json: - command: /usr/bin/ironic-conductor - config_files: - - dest: /etc/ironic/ironic.conf - owner: ironic - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf - permissions: - - path: /var/lib/ironic/httpboot - owner: ironic:ironic - recurse: true - - path: /var/lib/ironic/tftpboot - owner: ironic:ironic - recurse: true + /var/lib/kolla/config_files/ironic_conductor.json: + command: /usr/bin/ironic-conductor + permissions: + - path: /var/lib/ironic + owner: ironic:ironic + recurse: true docker_config: step_4: - ironic-init-dirs: - image: &ironic_image + ironic_conductor: + start_order: 80 + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ] - user: root - command: ['/bin/bash', '-c', 'mkdir /var/lib/ironic/httpboot && mkdir /var/lib/ironic/tftpboot'] - volumes: - - ironic:/var/lib/ironic - ironic_conductor: - start_order: 80 - image: *ironic_image net: host privileged: true restart: always volumes: - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /sys:/sys - /dev:/dev - /run:/run #shared? - - ironic:/var/lib/ironic + - /var/lib/ironic:/var/lib/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create ironic persistent data directory + file: + path: /var/lib/ironic + state: directory + - name: stat /httpboot + stat: path=/httpboot + register: stat_httpboot + - name: stat /tftpboot + stat: path=/tftpboot + register: stat_tftpboot + - name: stat /var/lib/ironic/httpboot + stat: path=/var/lib/ironic/httpboot + register: stat_ironic_httpboot + - name: stat /var/lib/ironic/tftpboot + stat: path=/var/lib/ironic/tftpboot + register: stat_ironic_tftpboot + # cannot use 'copy' module as with 'remote_src' it doesn't support recursion + - name: migrate /httpboot to containerized (if applicable) + command: /bin/cp -R /httpboot /var/lib/ironic/httpboot + when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists + - name: migrate /tftpboot to containerized (if applicable) + command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot + when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists + # Even if there was nothing to copy from original locations, + # we need to create the dirs before starting the containers + - name: ensure ironic pxe directories exist + file: + path: /var/lib/ironic/{{ item }} + state: directory + with_items: + - httpboot + - tftpboot upgrade_tasks: - name: Stop and disable ironic_conductor service tags: step2 diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index 370b665e..51538e73 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -49,52 +49,10 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] kolla_config: - /var/lib/kolla/config_files/ironic_pxe_http.json: - command: /usr/sbin/httpd -DFOREGROUND - config_files: - - dest: /etc/ironic/ironic.conf - owner: ironic - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf - - dest: /etc/httpd/conf.d/10-ipxe_vhost.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-ipxe_vhost.conf - - dest: /etc/httpd/conf/httpd.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf - - dest: /etc/httpd/conf/ports.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf - /var/lib/kolla/config_files/ironic_pxe_tftp.json: - command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot - config_files: - - dest: /etc/ironic/ironic.conf - owner: ironic - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf - - dest: /var/lib/ironic/tftpboot/chain.c32 - owner: ironic - perm: '0744' - source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/chain.c32 - - dest: /var/lib/ironic/tftpboot/pxelinux.0 - owner: ironic - perm: '0744' - source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/pxelinux.0 - - dest: /var/lib/ironic/tftpboot/ipxe.efi - owner: ironic - perm: '0744' - source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/ipxe.efi - - dest: /var/lib/ironic/tftpboot/undionly.kpxe - owner: ironic - perm: '0744' - source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/undionly.kpxe - - dest: /var/lib/ironic/tftpboot/map-file - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/map-file + /var/lib/kolla/config_files/ironic_pxe_http.json: + command: /usr/sbin/httpd -DFOREGROUND + /var/lib/kolla/config_files/ironic_pxe_tftp.json: + command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot docker_config: step_4: ironic_pxe_tftp: @@ -108,11 +66,20 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro + # TODO(mandre) check how docker like mounting in a bind-mounted tree + # This directory may contain migrated data from BM + - /var/lib/ironic:/var/lib/ironic/ + # These files were generated by puppet inside the config container + # TODO(mandre) check the mount permission (ro/rw) + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32 + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0 + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /dev/log:/dev/log - - ironic:/var/lib/ironic/ environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS ironic_pxe_http: @@ -123,10 +90,15 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro - - /var/lib/config-data/ironic/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro + - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - - ironic:/var/lib/ironic/ + - /var/lib/ironic:/var/lib/ironic/ environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create ironic persistent data directory + file: + path: /var/lib/ironic + state: directory diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 3f8baef7..526a357b 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -33,9 +33,12 @@ parameters: KeystoneTokenProvider: description: The keystone token format type: string - default: 'uuid' + default: 'fernet' constraints: - allowed_values: ['uuid', 'fernet'] + EnableInternalTLS: + type: boolean + default: false resources: @@ -47,7 +50,8 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} conditions: - keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: @@ -74,55 +78,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] kolla_config: - /var/lib/kolla/config_files/keystone.json: - command: /usr/sbin/httpd -DFOREGROUND - config_files: - - dest: /etc/keystone/keystone.conf - owner: keystone - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/keystone/keystone.conf - - dest: /etc/keystone/credential-keys/0 - owner: keystone - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/0 - - dest: /etc/keystone/credential-keys/1 - owner: keystone - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1 - - dest: /etc/keystone/fernet-keys/0 - owner: keystone - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/0 - optional: {if: [keystone_fernet_tokens, false, true]} - - dest: /etc/keystone/fernet-keys/1 - owner: keystone - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/1 - optional: {if: [keystone_fernet_tokens, false, true]} - - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_admin.conf - - dest: /etc/httpd/conf.d/10-keystone_wsgi_main.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_main.conf - - dest: /etc/httpd/conf/httpd.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf - - dest: /etc/httpd/conf/ports.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf - - dest: /var/www/cgi-bin/keystone/keystone-admin - owner: keystone - perm: '0644' - source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-admin - - dest: /var/www/cgi-bin/keystone/keystone-public - owner: keystone - perm: '0644' - source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-public + /var/lib/kolla/config_files/keystone.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: step_3: keystone-init-log: @@ -140,11 +97,22 @@ outputs: detach: false volumes: &keystone_volumes - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/keystone/:/var/lib/kolla/config_files/src:ro - - /var/lib/config-data/keystone/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /var/lib/config-data/keystone/var/www/:/var/www/:ro + - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro + - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - logs:/var/log + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -168,11 +136,10 @@ outputs: config_volume: 'keystone_init_tasks' puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' step_config: 'include ::tripleo::profile::base::keystone' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + config_image: *keystone_image upgrade_tasks: - name: Stop and disable keystone service (running under httpd) tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [KeystoneBase, role_data, metadata_settings] diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 4dd3b74c..5b5e1f50 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -61,13 +61,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] kolla_config: - /var/lib/kolla/config_files/mistral_api.json: - command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api - config_files: - - dest: /etc/mistral/mistral.conf - owner: mistral - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + /var/lib/kolla/config_files/mistral_api.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api docker_config: step_3: mistral_db_sync: @@ -83,8 +78,6 @@ outputs: - /var/lib/config-data/mistral/etc/:/etc/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head'] mistral_db_populate: start_order: 2 @@ -96,8 +89,6 @@ outputs: - /var/lib/config-data/mistral/etc/:/etc/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS # NOTE: dprince this requires that we install openstack-tripleo-common into # the Mistral API image so that we get tripleo* actions command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate'] @@ -110,7 +101,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index fd72e344..feecd5d7 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -62,17 +62,12 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] kolla_config: - /var/lib/kolla/config_files/mistral_engine.json: - command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine - config_files: - - dest: /etc/mistral/mistral.conf - owner: mistral - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + /var/lib/kolla/config_files/mistral_engine.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine docker_config: step_4: mistral_engine: - image: &mistral_engine_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ] @@ -82,7 +77,7 @@ outputs: volumes: - /run:/run - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: @@ -91,4 +86,3 @@ outputs: - name: Stop and disable mistral_engine service tags: step2 service: name=openstack-mistral-engine state=stopped enabled=no - diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 0274ff48..45fed7b2 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -62,17 +62,12 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] kolla_config: - /var/lib/kolla/config_files/mistral_executor.json: - command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor - config_files: - - dest: /etc/mistral/mistral.conf - owner: mistral - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + /var/lib/kolla/config_files/mistral_executor.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor docker_config: step_4: mistral_executor: - image: &mistral_executor_image + image: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ] @@ -80,11 +75,11 @@ outputs: privileged: false restart: always volumes: - - /run:/run - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro + - /run:/run # FIXME: this is required in order for Nova cells # initialization workflows on the Undercloud. Need to # exclude this on the overcloud for security reasons. diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index ed03de6c..c5001a30 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -62,17 +62,8 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron_api.json: - command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini - config_files: - - dest: /etc/neutron/neutron.conf - owner: neutron - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf - - dest: /etc/neutron/plugin.ini - owner: neutron - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini + /var/lib/kolla/config_files/neutron_api.json: + command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini docker_config: step_3: neutron_db_sync: @@ -100,7 +91,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index a4854d90..03fbf766 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -8,7 +8,7 @@ parameters: description: namespace default: 'tripleoupstream' type: string - DockerNeutronApiImage: + DockerNeutronDHCPImage: description: image default: 'centos-binary-neutron-dhcp-agent:latest' type: string @@ -62,31 +62,22 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron_dhcp.json: - command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log - config_files: - - dest: /etc/neutron/neutron.conf - owner: neutron - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf - - dest: /etc/neutron/dhcp_agent.ini - owner: neutron - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/neutron/dhcp_agent.ini + /var/lib/kolla/config_files/neutron_dhcp.json: + command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log docker_config: step_4: neutron_dhcp: - image: &neutron_dhcp_image + image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronDHCPImage} ] net: host pid: host privileged: true restart: always volumes: - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - /lib/modules:/lib/modules:ro diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index 61ad8f4a..0b04b56d 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -59,30 +59,21 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: /var/lib/kolla/config_files/neutron-l3-agent.json: - command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini - config_files: - - dest: /etc/neutron/neutron.conf - owner: neutron - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf - - dest: /etc/neutron/l3_agent.ini - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/neutron/l3_agent.ini + command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini docker_config: step_4: neutronl3agent: - image: &neutron_l3_agent_image + image: list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ] + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ] net: host pid: host privileged: true restart: always volumes: - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 4102693b..bea08e91 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -55,19 +55,6 @@ outputs: kolla_config: /var/lib/kolla/config_files/neutron-openvswitch-agent.json: command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini - config_files: - - dest: /etc/neutron/neutron.conf - owner: neutron - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf - - dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini - owner: neutron - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/openvswitch_agent.ini - - dest: /etc/neutron/plugins/ml2/ml2_conf.ini - owner: neutron - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini docker_config: step_4: neutronovsagent: @@ -78,7 +65,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 1c57bbf5..97fafb09 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -12,7 +12,7 @@ parameters: description: image default: 'centos-binary-nova-api:latest' type: string - DockerNovaBaseImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-base:latest' type: string @@ -50,7 +50,10 @@ outputs: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [NovaApiBase, role_data, step_config] + list_join: + - "\n" + - - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }" + - {get_attr: [NovaApiBase, role_data, step_config]} service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -60,15 +63,10 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: - /var/lib/kolla/config_files/nova_api.json: - command: /usr/bin/nova-api - config_files: - - dest: /etc/nova/nova.conf - owner: nova - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + /var/lib/kolla/config_files/nova_api.json: + command: /usr/bin/nova-api docker_config: step_3: nova_api_db_sync: @@ -129,13 +127,14 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_5: nova_api_discover_hosts: - start_order: 3 + start_order: 1 image: *nova_api_image net: host detach: false diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 7fc00b47..fb286ca5 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -55,16 +55,7 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] kolla_config: /var/lib/kolla/config_files/nova-compute.json: - command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf - config_files: - - dest: /etc/nova/nova.conf - owner: nova - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/nova/nova.conf - - dest: /etc/nova/rootwrap.conf - owner: nova - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf + command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf docker_config: # FIXME: run discover hosts here step_4: @@ -76,13 +67,22 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro - /dev:/dev - /etc/iscsi:/etc/iscsi - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova - - libvirtd:/var/lib/libvirt + - /var/lib/libvirt:/var/lib/libvirt environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/libvirt + file: + path: /var/lib/libvirt + state: directory + upgrade_tasks: + - name: Stop and disable nova-compute service + tags: step2 + service: name=openstack-nova-compute state=stopped enabled=no diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 09a6d0f6..b7a1d742 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -12,7 +12,7 @@ parameters: description: image default: 'centos-binary-nova-conductor:latest' type: string - DockerNovaBaseImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-base:latest' type: string @@ -58,15 +58,10 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: - /var/lib/kolla/config_files/nova_conductor.json: - command: /usr/bin/nova-conductor - config_files: - - dest: /etc/nova/nova.conf - owner: nova - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + /var/lib/kolla/config_files/nova_conductor.json: + command: /usr/bin/nova-conductor docker_config: step_4: nova_conductor: @@ -78,11 +73,11 @@ outputs: privileged: false restart: always volumes: - - /run:/run - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index d3c0af44..d6270424 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -12,7 +12,7 @@ parameters: description: image default: 'centos-binary-nova-compute-ironic:latest' type: string - DockerNovaBaseImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-base:latest' type: string @@ -54,19 +54,10 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova_ironic.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf - config_files: - - dest: /etc/nova/nova.conf - owner: nova - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/nova/nova.conf - - dest: /etc/nova/rootwrap.conf - owner: nova - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf docker_config: step_5: novacompute: @@ -80,11 +71,15 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /etc/localtime:/etc/localtime:ro - /run:/run - /dev:/dev - /etc/iscsi:/etc/iscsi - - nova_compute:/var/lib/nova/ + - /var/lib/nova/:/var/lib/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable nova-compute service + tags: step2 + service: name=openstack-nova-compute state=stopped enabled=no diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index e25b2014..15cee597 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -14,7 +14,7 @@ parameters: type: string # we configure libvirt via the nova-compute container due to coupling # in the puppet modules - DockerNovaComputeImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-compute:latest' type: string @@ -57,15 +57,10 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: /var/lib/kolla/config_files/nova-libvirt.json: - command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf - config_files: - - dest: /etc/libvirt/libvirtd.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/libvirt/libvirtd.conf + command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf docker_config: step_3: nova_libvirt: @@ -79,16 +74,28 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt:/var/lib/kolla/config_files/src:ro - - /dev:/dev + - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro + - /dev:/dev - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - - libvirtd:/var/lib/libvirt - - nova_libvirt_qemu:/etc/libvirt/qemu + - /var/lib/libvirt:/var/lib/libvirt + - /etc/libvirt/qemu:/etc/libvirt/qemu environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create libvirt persistent data directories + file: + path: "{{ item }}" + state: directory + with_items: + - /etc/libvirt/qemu + - /var/lib/libvirt + upgrade_tasks: + - name: Stop and disable libvirtd service + tags: step2 + service: name=libvirtd state=stopped enabled=no diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 0f32e33f..0c595dc2 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -53,56 +53,27 @@ outputs: config_volume: nova_placement puppet_tags: nova_config step_config: *step_config - config_image: + config_image: &nova_placement_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] kolla_config: - /var/lib/kolla/config_files/nova_placement.json: - command: /usr/sbin/httpd -DFOREGROUND - config_files: - - dest: /etc/nova/nova.conf - owner: nova - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/nova/nova.conf - - dest: /etc/httpd/conf.d/10-placement_wsgi.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-placement_wsgi.conf - # puppet generates a stubbed out version of the stock one so we - # copy it in to overwrite the existing one - - dest: /etc/httpd/conf.d/00-nova-placement-api.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/00-nova-placement-api.conf - - dest: /etc/httpd/conf/httpd.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf - - dest: /etc/httpd/conf/ports.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf - - dest: /var/www/cgi-bin/nova/nova-placement-api - owner: nova - perm: '0644' - source: /var/lib/kolla/config_files/src/var/www/cgi-bin/nova/nova-placement-api + /var/lib/kolla/config_files/nova_placement.json: + command: /usr/sbin/httpd -DFOREGROUND docker_config: # start this early so it is up before computes start reporting step_3: nova_placement: start_order: 1 - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + image: *nova_placement_image net: host user: root restart: always volumes: - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_placement/:/var/lib/kolla/config_files/src:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 0b64ca37..e6f4896b 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -12,7 +12,7 @@ parameters: description: image default: 'centos-binary-nova-scheduler:latest' type: string - DockerNovaBaseImage: + DockerNovaConfigImage: description: image default: 'centos-binary-nova-base:latest' type: string @@ -57,15 +57,10 @@ outputs: config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: - /var/lib/kolla/config_files/nova_scheduler.json: - command: /usr/bin/nova-scheduler - config_files: - - dest: /etc/nova/nova.conf - owner: nova - perm: '0600' - source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + /var/lib/kolla/config_files/nova_scheduler.json: + command: /usr/bin/nova-scheduler docker_config: step_4: nova_scheduler: @@ -77,11 +72,11 @@ outputs: privileged: false restart: always volumes: - - /run:/run - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml new file mode 100644 index 00000000..f4f1f7b0 --- /dev/null +++ b/docker/services/panko-api.yaml @@ -0,0 +1,99 @@ +heat_template_version: ocata + +description: > + OpenStack Panko service configured with docker + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerPankoApiImage: + description: image + default: 'centos-binary-panko-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + PankoApiPuppetBase: + type: ../../puppet/services/panko-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Panko API role. + value: + service_name: {get_attr: [PankoApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [PankoApiPuppetBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [PankoApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: panko + puppet_tags: panko_api_paste_ini,panko_config + step_config: *step_config + config_image: &panko_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] + kolla_config: + /var/lib/kolla/config_files/panko-api.json: + command: /usr/sbin/httpd -DFOREGROUND + docker_config: + step_3: + panko-init-log: + start_order: 0 + image: *panko_image + user: root + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/panko && chown panko:panko /var/log/panko'] + volumes: + - logs:/var/log + panko_db_sync: + start_order: 1 + image: *panko_image + net: host + detach: false + privileged: false + volumes: + - /var/lib/config-data/panko/etc/panko:/etc/panko:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log + command: /usr/bin/panko-dbsync + step_4: + panko_api: + start_order: 2 + image: *panko_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro + - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/panko/var/www/:/var/www/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 573ec178..9d5a52a6 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -61,23 +61,6 @@ outputs: kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/lib/rabbitmq/bin/rabbitmq-server - config_files: - - dest: /etc/rabbitmq/rabbitmq.config - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq.config - - dest: /etc/rabbitmq/enabled_plugins - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/rabbitmq/enabled_plugins - - dest: /etc/rabbitmq/rabbitmq-env.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq-env.conf - - dest: /etc/rabbitmq/rabbitmqadmin.conf - owner: root - perm: '0644' - source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmqadmin.conf docker_config: step_1: rabbitmq_bootstrap: @@ -87,10 +70,10 @@ outputs: privileged: false volumes: - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - - rabbitmq:/var/lib/rabbitmq/ + - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -113,12 +96,17 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - - rabbitmq:/var/lib/rabbitmq/ + - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/rabbitmq + file: + path: /var/lib/rabbitmq + state: directory upgrade_tasks: - name: Stop and disable rabbitmq service tags: step2 diff --git a/docker/services/services.yaml b/docker/services/services.yaml index 84c56b5b..21387c9b 100644 --- a/docker/services/services.yaml +++ b/docker/services/services.yaml @@ -89,3 +89,5 @@ outputs: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + service_metadata_settings: + get_attr: [PuppetServices, role_data, service_metadata_settings] diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 93e21c81..e60aca12 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -64,18 +64,23 @@ outputs: net: host user: swift restart: always - # I'm mounting /etc/swift as rw. Are the rings written to at all during runtime? volumes: - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift:/var/lib/kolla/config_files/src:ro + # FIXME I'm mounting /etc/swift as rw. Are the rings written to + # at all during runtime? - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /srv/node + file: + path: /srv/node + state: directory upgrade_tasks: - name: Stop and disable swift_proxy service tags: step2 diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 8e76504c..cccddb46 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -62,7 +62,7 @@ outputs: config_volume: swift puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config step_config: *step_config - config_image: + config_image: &swift_proxy_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] @@ -99,90 +99,74 @@ outputs: # volume during the configuration stage. We just need to create this # directory and make sure it's owned by swift. swift_setup_srv: - image: + image: &swift_account_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] user: root - command: ['/bin/bash', '-c', 'mkdir /srv/node && chown swift:swift /srv/node'] + command: ['chown', '-R', 'swift:', '/srv/node'] volumes: - - swift-srv:/srv + - /srv/node:/srv/node step_4: swift_account_auditor: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: *swift_account_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: &kolla_env - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS swift_account_reaper: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: *swift_account_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_account_replicator: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: *swift_account_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_account_server: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: *swift_account_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_auditor: - image: + image: &swift_container_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] @@ -191,70 +175,57 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_replicator: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + image: *swift_container_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_updater: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + image: *swift_container_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_server: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + image: *swift_container_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_auditor: - image: + image: &swift_object_image list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] @@ -263,86 +234,74 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_expirer: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + image: *swift_proxy_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_replicator: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + image: *swift_object_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_updater: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + image: *swift_object_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_server: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + image: *swift_object_image net: host user: swift restart: always volumes: - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env + host_prep_tasks: + - name: create /srv/node + file: + path: /srv/node + state: directory upgrade_tasks: - name: Stop and disable swift storage services tags: step2 diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 3ec819e0..21aff31a 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -57,22 +57,8 @@ outputs: kolla_config: /var/lib/kolla/config_files/zaqar.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf - config_files: - - dest: /etc/zaqar/zaqar.conf - owner: zaqar - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf - config_files: - - dest: /etc/zaqar/zaqar.conf - owner: zaqar - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf - - dest: /etc/zaqar/1.conf - owner: zaqar - perm: '0640' - source: /var/lib/kolla/config_files/src/etc/zaqar/1.conf docker_config: step_4: zaqar: @@ -82,7 +68,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: @@ -94,7 +80,7 @@ outputs: restart: always volumes: - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro environment: |