diff options
Diffstat (limited to 'docker')
37 files changed, 717 insertions, 262 deletions
diff --git a/docker/README-containers.md b/docker/README-containers.md index 5a9f6f3c..376af3ec 100644 --- a/docker/README-containers.md +++ b/docker/README-containers.md @@ -1,58 +1,3 @@ -# Using Docker Containers With TripleO +# Containers based OpenStack deployment -## Configuring TripleO with to use a container based compute node. - -Steps include: -- Adding a base OS image to glance -- Deploy an overcloud configured to use the docker compute heat templates - -## Getting base OS image working. - -Download the fedora atomic image into glance: - -``` -wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 -glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare -``` - -## Configuring TripleO - -You can use the tripleo.sh script up until the point of running the Overcloud. -https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh - -You will want to set up the runtime puppet script delivery system described here: -http://hardysteven.blogspot.ca/2016/08/tripleo-deploy-artifacts-and-puppet.html - -Create the Overcloud: -``` -$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network.yaml --libvirt-type=qemu -``` - -Using Network Isolation in the Overcloud: -``` -$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network-isolation.yaml --libvirt-type=qemu -``` - -Source the overcloudrc and then you can use the overcloud. - -## Debugging - -You can ssh into the controller/compute nodes by using the heat key, eg: -``` -nova list -ssh heat-admin@<compute_node_ip> -``` - -You can check to see what docker containers are running: -``` -sudo docker ps -a -``` - -To enter a container that doesn't seem to be working right: -``` -sudo docker exec -ti <container name> /bin/bash -``` - -Then you can check logs etc. - -You can also just do a 'docker logs' on a given container. +https://docs.openstack.org/tripleo-docs/latest/install/containers_deployment/ diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml index 446c73a6..cd7d5b55 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/docker/deploy-steps-playbook.yaml @@ -64,6 +64,10 @@ ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Check if /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json exists + stat: + path: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + register: docker_puppet_tasks_json - name: Run docker-puppet tasks (bootstrap tasks) shell: python /var/lib/docker-puppet/docker-puppet.py environment: @@ -71,7 +75,7 @@ NET_HOST: "true" NO_ARCHIVE: "true" STEP: "{{step}}" - when: deploy_server_id == bootstrap_server_id + when: deploy_server_id == bootstrap_server_id and docker_puppet_tasks_json.stat.exists changed_when: false check_mode: no register: outputs diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 9780054b..36c63887 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -215,7 +215,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume # Disables archiving if [ -z "$NO_ARCHIVE" ]; then - archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron") + archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh") rsync_srcs="" for d in "${archivedirs[@]}"; do if [ -d "$d" ]; then diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 4b0c8789..05ff7945 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -60,23 +60,6 @@ conditions: resources: - # These utility tasks use docker-puppet.py to execute tasks via puppet - # We only execute these on the first node in the primary role - {{primary_role_name}}DockerPuppetTasks: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1])) - data: - docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]} - default_tasks: -{%- for step in range(1, deploy_steps_max) %} - step_{{step}}: {} -{%- endfor %} - RoleConfig: type: OS::Heat::SoftwareConfig properties: @@ -133,6 +116,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false UPDATE: workflow: { get_resource: WorkflowTasks_Step{{step}} } params: @@ -142,6 +126,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false always_update: true # END service_workflow_tasks handling {% endfor %} @@ -175,11 +160,11 @@ resources: vars: puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]} docker_puppet_script: {get_file: docker-puppet.py} - docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]} - docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]} + docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]} + docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} - puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]} + puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]} tasks: # Join host_prep_tasks with the other per-host configuration yaql: @@ -193,10 +178,9 @@ resources: file: path=/var/lib/tripleo-config state=directory - name: Write the puppet step_config manifest copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes - # This is the docker-puppet configs end in + # this creates a JSON config file for our docker-puppet.py script - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory - # this creates a JSON config file for our docker-puppet.py script - name: Write docker-puppet-tasks json files copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes # FIXME: can we move docker-puppet somewhere so it's installed via a package? @@ -220,6 +204,13 @@ resources: ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files + file: + path: "{{item}}" + state: absent + with_fileglob: + - /var/lib/docker-puppet/docker-puppet-tasks*.json + when: deploy_server_id == bootstrap_server_id - name: Write docker-puppet-tasks json files copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes with_dict: "{{docker_puppet_tasks}}" @@ -232,33 +223,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} - {{role.name}}PuppetStepConfig: - type: OS::Heat::Value - properties: - type: string - value: - yaql: - expression: - # select 'step_config' only from services that do not have a docker_config - $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n") - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - step_config: {get_param: [role_data, {{role.name}}, step_config]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - - {{role.name}}DockerConfig: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - # select 'docker_config' only from services that have it - $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {}) - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - # BEGIN CONFIG STEPS {{role.name}}PreConfig: diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml index 41b036da..ddfa8802 100644 --- a/docker/firstboot/setup_docker_host.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -1,14 +1,5 @@ heat_template_version: pike -parameters: - DockerNamespace: - type: string - default: tripleoupstream - description: namespace - DockerNamespaceIsRegistry: - type: boolean - default: false - resources: userdata: @@ -21,12 +12,7 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: - str_replace: - params: - $docker_registry: {get_param: DockerNamespace} - $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} - template: {get_file: ./setup_docker_host.sh} + config: {get_file: ./setup_docker_host.sh} outputs: OS::stack_id: diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index f8ba4eea..6caffd15 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -105,13 +105,17 @@ outputs: net: host detach: false privileged: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - /var/log/containers/ceilometer:/var/log/ceilometer - command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] + command: + - '/usr/bin/bootstrap_host_exec' + - 'ceilometer_agent_central' + - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 0cd1dd7b..7804fdb2 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -86,6 +86,17 @@ outputs: - path: /var/log/cinder owner: cinder:cinder recurse: true + /var/lib/kolla/config_files/cinder_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true docker_config: step_2: cinder_api_init_logs: @@ -140,6 +151,21 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + cinder_api_cron: + image: *cinder_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 46dbea1d..de637f3b 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -72,15 +72,15 @@ outputs: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf config_files: - # NOTE(mandre): the copy of ceph conf will need to go once we - # generate a ceph.conf for cinder in puppet - # Copy ceph config files before cinder ones as a precaution, for - # the later one to take precendence in case of duplicate files. - - source: "/var/lib/kolla/config_files/src-ceph/*" + - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true - - source: "/var/lib/kolla/config_files/src/*" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" dest: "/" merge: true preserve_properties: true @@ -113,13 +113,13 @@ outputs: - - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - # FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: @@ -132,6 +132,10 @@ outputs: with_items: - /var/lib/cinder - /var/log/containers/cinder + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable cinder_backup service tags: step2 diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 2ecc7adc..ce81fbf8 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -86,15 +86,15 @@ outputs: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf config_files: - # NOTE(mandre): the copy of ceph conf will need to go once we - # generate a ceph.conf for cinder in puppet - # Copy ceph config files before cinder ones as a precaution, for - # the later one to take precendence in case of duplicate files. - - source: "/var/lib/kolla/config_files/src-ceph/*" + - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true - - source: "/var/lib/kolla/config_files/src/*" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" dest: "/" merge: true preserve_properties: true @@ -124,13 +124,13 @@ outputs: - - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - # FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: @@ -143,6 +143,10 @@ outputs: with_items: - /var/log/containers/cinder - /var/lib/cinder + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory - name: cinder_enable_iscsi_backend fact set_fact: cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index d88c64b5..f4c724b0 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -86,6 +86,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND config_files: @@ -117,6 +121,7 @@ outputs: - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -156,6 +161,10 @@ outputs: file: path: /var/log/containers/glance state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable glance_api service tags: step2 diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 1a0a1ddb..6778543b 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -75,6 +75,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -93,6 +97,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -100,6 +105,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable openstack-gnocchi-metricd service tags: step2 diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 21baf5c6..f080dcb2 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -46,7 +46,7 @@ parameters: The filepath of the certificate as it will be stored in the controller. type: string RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index aff0f1a1..70612899 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -125,8 +125,25 @@ outputs: path: /var/log/containers/heat state: directory upgrade_tasks: - - name: Stop and disable heat_api_cfn service + - name: Check if heat_api_cfn is deployed + command: systemctl is-enabled openstack-heat-api-cfn + tags: common + ignore_errors: True + register: heat_api_cfn_enabled + - name: check for heat_api_cfn running under apache (post upgrade) tags: step2 - service: name=httpd state=stopped enabled=no + shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi" + register: heat_api_cfn_apache + ignore_errors: true + changed_when: false + check_mode: no + - name: Stop heat_api_cfn service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: heat_api_cfn_apache.rc == 0 + - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-heat-api-cfn state=stopped enabled=no + when: heat_api_cfn_enabled.rc == 0 metadata_settings: get_attr: [HeatBase, role_data, metadata_settings] diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index d09230fe..0bc331ca 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -90,6 +90,17 @@ outputs: - path: /var/log/heat owner: heat:heat recurse: true + /var/lib/kolla/config_files/heat_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/heat + owner: heat:heat + recurse: true docker_config: step_4: heat_api: @@ -119,14 +130,45 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + heat_api_cron: + image: {get_param: DockerHeatApiImage} + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/heat:/var/log/heat + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: path: /var/log/containers/heat state: directory upgrade_tasks: - - name: Stop and disable heat_api service + - name: Check is heat_api is deployed + command: systemctl is-enabled openstack-heat-api + tags: common + ignore_errors: True + register: heat_api_enabled + - name: check for heat_api running under apache (post upgrade) + tags: step2 + shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi" + register: heat_api_apache + ignore_errors: true + changed_when: false + check_mode: no + - name: Stop heat_api service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: heat_api_apache.rc == 0 + - name: Stop and disable heat_api service (pre-upgrade not under httpd) tags: step2 - service: name=httpd state=stopped enabled=no + service: name=openstack-heat-api state=stopped enabled=no + when: heat_api_enabled.rc == 0 metadata_settings: get_attr: [HeatBase, role_data, metadata_settings] diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index b39b72e2..f6b348c7 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -42,23 +42,38 @@ resources: ContainersCommon: type: ./containers-common.yaml + IscsidBase: + type: ../../puppet/services/iscsid.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + outputs: role_data: - description: Role data for the Iscsid API role. + description: Role data for the Iscsid role. value: - service_name: iscsid - config_settings: {} - step_config: '' - service_config_settings: {} + service_name: {get_attr: [IscsidBase, role_data, service_name]} + config_settings: {get_attr: [IscsidBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [IscsidBase, role_data, step_config]} + service_config_settings: {get_attr: [IscsidBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: iscsid - #puppet_tags: file - step_config: '' + puppet_tags: iscsid_config + step_config: *step_config config_image: {get_param: DockerIscsidConfigImage} kolla_config: /var/lib/kolla/config_files/iscsid.json: command: /usr/sbin/iscsid -f + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: iscsid: @@ -76,14 +91,10 @@ outputs: - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /etc/iscsi - file: - path: /etc/iscsi - state: directory - name: stat /lib/systemd/system/iscsid.socket stat: path=/lib/systemd/system/iscsid.socket register: stat_iscsid_socket diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index da04682e..7ecfc329 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -98,6 +98,17 @@ outputs: dest: "/" merge: true preserve_properties: true + /var/lib/kolla/config_files/keystone_cron.json: + command: /usr/sbin/cron -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/keystone + owner: keystone:keystone + recurse: true docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config step_2: @@ -150,6 +161,21 @@ outputs: user: root command: [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + keystone_cron: + start_order: 4 + image: *keystone_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/keystone:/var/log/keystone + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: # Keystone endpoint creation occurs only on single node step_3: diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml index 9733b6f9..b4278155 100644 --- a/docker/services/manila-share.yaml +++ b/docker/services/manila-share.yaml @@ -4,17 +4,11 @@ description: > OpenStack containerized Manila Share service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerManilaShareImage: description: image - default: 'centos-binary-manila-share:latest' type: string DockerManilaConfigImage: description: image - default: 'centos-binary-manila-base:latest' type: string EndpointMap: default: {} @@ -72,10 +66,7 @@ outputs: config_volume: manila puppet_tags: manila_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + config_image: {get_param: DockerManilaConfigImage} kolla_config: /var/lib/kolla/config_files/manila_share.json: command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf @@ -84,9 +75,8 @@ outputs: dest: "/" merge: true preserve_properties: true - # NOTE(gfidente): ceph-ansible generated - - source: "/var/lib/kolla/config_files/src-ceph/*" - dest: "/etc/ceph" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" merge: true preserve_properties: true permissions: @@ -96,10 +86,7 @@ outputs: docker_config: step_4: manila_share: - image: &manila_share_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaShareImage} ] + image: &manila_share_image {get_param: DockerManilaShareImage} net: host restart: always volumes: @@ -109,7 +96,7 @@ outputs: - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila - - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -117,6 +104,10 @@ outputs: file: path: /var/log/containers/manila state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable manila_share service tags: step2 diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 3346a049..ea54c574 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -109,6 +109,18 @@ outputs: path: /var/log/containers/mistral state: directory upgrade_tasks: + - name: Check if mistral executor is deployed + command: systemctl is-enabled openstack-mistral-executor + tags: common + ignore_errors: True + register: mistral_executor_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState | + grep '\bactive\b' + when: mistral_executor_enabled.rc == 0 + tags: step0,validation - name: Stop and disable mistral_executor service tags: step2 + when: mistral_executor_enabled.rc == 0 service: name=openstack-mistral-executor state=stopped enabled=no diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index 51b93029..a0c02f30 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -59,6 +59,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: @@ -72,11 +77,11 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 547deaf0..a9125c8c 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -163,8 +163,18 @@ outputs: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_server is deployed + command: systemctl is-enabled neutron-server + tags: common + ignore_errors: True + register: neutron_server_enabled + - name: "PreUpgrade step0,validation: Check service neutron-server is running" + shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + when: neutron_server_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_api service tags: step2 + when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped enabled=no metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index c7444070..4b75d542 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -81,6 +81,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_dhcp: @@ -97,15 +100,30 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_dhcp_agent is deployed + command: systemctl is-enabled neutron-dhcp-agent + tags: common + ignore_errors: True + register: neutron_dhcp_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running" + shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b' + when: neutron_dhcp_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_dhcp service tags: step2 + when: neutron_dhcp_agent_enabled.rc == 0 service: name=neutron-dhcp-agent state=stopped enabled=no diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index c3a4d27f..06470c05 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -77,6 +77,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_l3_agent: @@ -93,10 +96,15 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index f030faef..a5a7c34b 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -77,6 +77,9 @@ outputs: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_metadata_agent: @@ -93,15 +96,30 @@ outputs: - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_metadata_agent is deployed + command: systemctl is-enabled neutron-metadata-agent + tags: common + ignore_errors: True + register: neutron_metadata_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running" + shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b' + when: neutron_metadata_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_metadata service tags: step2 + when: neutron_metadata_agent_enabled.rc == 0 service: name=neutron-metadata-agent state=stopped enabled=no diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 1d73a538..4bec8035 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -88,6 +88,17 @@ outputs: - path: /var/log/nova owner: nova:nova recurse: true + /var/lib/kolla/config_files/nova_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true docker_config: # db sync runs before permissions set by kolla_config step_2: @@ -151,7 +162,7 @@ outputs: user: nova privileged: true restart: always - volumes: &nova_api_volumes + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - @@ -164,12 +175,17 @@ outputs: image: *nova_api_image net: host user: root - privileged: true + privileged: false restart: always - volumes: *nova_api_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - command: "/usr/sbin/crond -n" step_5: nova_api_discover_hosts: start_order: 1 diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index d8e76925..6b8ebace 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -36,6 +36,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number resources: @@ -51,6 +56,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -58,14 +64,7 @@ outputs: value: service_name: {get_attr: [NovaComputeBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaComputeBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config get_attr: [NovaComputeBase, role_data, step_config] puppet_config: @@ -81,6 +80,14 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -103,8 +110,9 @@ outputs: - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev:/dev - - /etc/iscsi:/etc/iscsi - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova @@ -121,6 +129,10 @@ outputs: - /var/log/containers/nova - /var/lib/nova - /var/lib/libvirt + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable nova-compute service tags: step2 diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 89ef95ea..17068b41 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -73,6 +73,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -94,9 +98,9 @@ outputs: - - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /run:/run - /dev:/dev - - /etc/iscsi:/etc/iscsi - /var/lib/nova/:/var/lib/nova - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index a5527747..7344508e 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -14,7 +14,7 @@ parameters: type: string EnablePackageInstall: default: 'false' - description: Set to true to enable package installation + description: Set to true to enable package installation at deploy time type: boolean ServiceData: default: {} @@ -51,6 +51,12 @@ parameters: description: If set to true and if EnableInternalTLS is enabled, it will set the libvirt URI's transport to tls and configure the relevant keys for libvirt. + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + conditions: @@ -77,6 +83,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -84,19 +91,12 @@ outputs: value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaLibvirtBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config get_attr: [NovaLibvirtBase, role_data, step_config] puppet_config: config_volume: nova_libvirt - puppet_tags: nova_config + puppet_tags: nova_config,file,exec step_config: *step_config config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -111,6 +111,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -129,11 +133,13 @@ outputs: - - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev:/dev - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova + - /etc/libvirt/secrets:/etc/libvirt/secrets # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt @@ -148,9 +154,14 @@ outputs: path: "{{ item }}" state: directory with_items: + - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt - /var/log/containers/nova + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory - name: set enable_package_install fact set_fact: enable_package_install: {get_param: EnablePackageInstall} diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml new file mode 100644 index 00000000..385343a0 --- /dev/null +++ b/docker/services/nova-migration-target.yaml @@ -0,0 +1,124 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Migration Target service + +parameters: + DockerNovaComputeImage: + description: image + type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SshdBase: + type: ../../puppet/services/sshd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + NovaMigrationTargetBase: + type: ../../puppet/services/nova-migration-target.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Migration Target service. + value: + service_name: nova_migration_target + config_settings: + map_merge: + - get_attr: [SshdBase, role_data, config_settings] + - get_attr: [NovaMigrationTargetBase, role_data, config_settings] + - tripleo.nova_migration_target.firewall_rules: + '113 nova_migration_target': + dport: + - {get_param: DockerNovaMigrationSshdPort} + step_config: &step_config + list_join: + - "\n" + - - get_attr: [SshdBase, role_data, step_config] + - get_attr: [NovaMigrationTargetBase, role_data, step_config] + puppet_config: + config_volume: nova_libvirt + step_config: *step_config + config_image: {get_param: DockerNovaLibvirtConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova-migration-target.json: + command: + str_replace: + template: "/usr/sbin/sshd -D -p SSHDPORT" + params: + SSHDPORT: {get_param: DockerNovaMigrationSshdPort} + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: /host-ssh/ssh_host_*_key + dest: /etc/ssh/ + owner: "root" + perm: "0600" + docker_config: + step_4: + nova_migration_target: + image: {get_param: DockerNovaComputeImage} + net: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/ssh/:/host-ssh/:ro + - /run:/run + - /var/lib/nova:/var/lib/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml index 7d7892dd..6a62f65e 100644 --- a/docker/services/opendaylight-api.yaml +++ b/docker/services/opendaylight-api.yaml @@ -4,17 +4,11 @@ description: > OpenStack containerized OpenDaylight API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOpendaylightApiImage: description: image - default: 'centos-binary-opendaylight:latest' type: string DockerOpendaylightConfigImage: description: image - default: 'centos-binary-opendaylight:latest' type: string EndpointMap: default: {} @@ -67,20 +61,14 @@ outputs: map_merge: - get_attr: [OpenDaylightBase, role_data, config_settings] step_config: &step_config - list_join: - - "\n" - - - get_attr: [OpenDaylightBase, role_data, step_config] - - "include tripleo::profile::base::neutron::opendaylight::create_cluster" + get_attr: [OpenDaylightBase, role_data, step_config] # BEGIN DOCKER SETTINGS puppet_config: config_volume: opendaylight # 'file,concat,file_line,augeas' are included by default - puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster + puppet_tags: odl_user step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightConfigImage} ] + config_image: {get_param: DockerOpendaylightConfigImage} kolla_config: /var/lib/kolla/config_files/opendaylight_api.json: command: /opt/opendaylight/bin/karaf @@ -97,10 +85,7 @@ outputs: step_1: opendaylight_api: start_order: 0 - image: &odl_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightApiImage} ] + image: &odl_api_image {get_param: DockerOpendaylightApiImage} privileged: false net: host detach: true diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index ee8ee124..26ae9bca 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -139,6 +139,27 @@ outputs: - /var/lib/cinder - /var/log/containers/cinder upgrade_tasks: - - name: Stop and disable cinder_backup service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-backup cluster resource tags: step2 - service: name=openstack-cinder-backup state=stopped enabled=no + pacemaker_resource: + resource: openstack-cinder-backup + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-backup cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index d016cf83..262e999d 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -157,6 +157,30 @@ outputs: executable: /bin/bash creates: /dev/loop2 upgrade_tasks: - - name: Stop and disable cinder_volume service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-volume cluster resource tags: step2 - service: name=openstack-cinder-volume state=stopped enabled=no + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-volume cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-volume + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_volume service from boot + tags: step2 + service: name=openstack-cinder-volume enabled=no + + + diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index f38cccfc..f12852f8 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -65,6 +65,17 @@ outputs: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 + tripleo.mysql.firewall_rules: + '104 mysql galera-bundle': + dport: + - 873 + - 3123 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -164,6 +175,27 @@ outputs: path: /var/lib/mysql state: directory upgrade_tasks: - - name: Stop and disable mysql service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the galera cluster resource tags: step2 - service: name=mariadb state=stopped enabled=no + pacemaker_resource: + resource: galera + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped galera cluster resource. + tags: step2 + pacemaker_resource: + resource: galera + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable mysql service + tags: step2 + service: name=mariadb enabled=no diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index e124b045..75b6d650 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -61,7 +61,13 @@ outputs: redis::notify_service: false redis::managed_by_cluster_manager: true tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} - + tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 + tripleo.redis.firewall_rules: + '108 redis-bundle': + dport: + - 3124 + - 6379 + - 26379 step_config: "" service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -139,6 +145,27 @@ outputs: path: /var/lib/redis state: directory upgrade_tasks: - - name: Stop and disable redis service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the redis cluster resource + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped redis cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable redis service tags: step2 - service: name=redis state=stopped enabled=no + service: name=redis enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 86c460fa..24155912 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -137,3 +137,25 @@ outputs: - /dev/shm:/dev/shm:rw metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 19af94b2..de53ceee 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -63,6 +63,14 @@ outputs: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 + tripleo.rabbitmq.firewall_rules: + '109 rabbitmq-bundle': + dport: + - 3122 + - 4369 + - 5672 + - 25672 step_config: &step_config get_attr: [RabbitmqBase, role_data, step_config] service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} @@ -157,6 +165,27 @@ outputs: echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done upgrade_tasks: - - name: Stop and disable rabbitmq service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the rabbitmq cluster resource. tags: step2 - service: name=rabbitmq-server state=stopped enabled=no + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable rabbitmq service + tags: step2 + service: name=rabbitmq-server enabled=no diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 04e58b4a..e879b25d 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -462,6 +462,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 85a84550..061a4a70 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -10,6 +10,10 @@ parameters: DockerZaqarConfigImage: description: The container image to use for the zaqar config_volume type: string + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -37,6 +41,9 @@ parameters: description: Parameters specific to the role type: json +conditions: + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} + resources: ContainersCommon: @@ -87,38 +94,65 @@ outputs: owner: zaqar:zaqar recurse: true docker_config: - step_4: - zaqar: - image: &zaqar_image {get_param: DockerZaqarImage} - net: host - privileged: false - restart: always - # NOTE(mandre) kolla image changes the user to 'zaqar', we need it - # to be root to run httpd - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - zaqar_websocket: - image: *zaqar_image - net: host - privileged: false - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - + if: + - zaqar_management_store_sqlalchemy + - + step_2: + zaqar_init_log: + image: &zaqar_image {get_param: DockerZaqarImage} + user: root + volumes: + - /var/log/containers/zaqar:/var/log/zaqar + command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar'] + step_3: + zaqar_db_sync: + image: *zaqar_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro + - /var/log/containers/zaqar:/var/log/zaqar + command: "/usr/bin/bootstrap_host_exec zaqar su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'" + - {} + - step_4: + zaqar: + image: *zaqar_image + net: host + privileged: false + restart: always + # NOTE(mandre) kolla image changes the user to 'zaqar', we need it + # to be root to run httpd + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + zaqar_websocket: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: |