diff options
Diffstat (limited to 'docker')
87 files changed, 2046 insertions, 1524 deletions
diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml index 87587a4b..cd7d5b55 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/docker/deploy-steps-playbook.yaml @@ -7,9 +7,19 @@ - name: Write the config_step hieradata copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true - name: Run puppet host configuration for step {{step}} - # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3 - # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp + command: >- + puppet apply + --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + --logdest syslog --color=false + /var/lib/tripleo-config/puppet_step_config.pp + changed_when: false + check_mode: no + register: outputs + failed_when: false + no_log: true + - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) + when: outputs is defined + failed_when: outputs|failed ###################################### # Generate config via docker-puppet.py ###################################### @@ -21,6 +31,12 @@ when: step == "1" changed_when: false check_mode: no + register: outputs + failed_when: false + no_log: true + - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) + when: outputs is defined + failed_when: outputs|failed ################################################## # Per step starting of the containers using paunch ################################################## @@ -32,13 +48,26 @@ # the *step_n.json with a hash of the generated external config added # This acts as a salt to enable restarting the container if config changes - name: Start containers for step {{step}} - command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} + command: >- + paunch --debug apply + --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json + --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} when: docker_config_json.stat.exists changed_when: false check_mode: no + register: outputs + failed_when: false + no_log: true + - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) + when: outputs is defined + failed_when: outputs|failed ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Check if /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json exists + stat: + path: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + register: docker_puppet_tasks_json - name: Run docker-puppet tasks (bootstrap tasks) shell: python /var/lib/docker-puppet/docker-puppet.py environment: @@ -46,6 +75,12 @@ NET_HOST: "true" NO_ARCHIVE: "true" STEP: "{{step}}" - when: deploy_server_id == bootstrap_server_id + when: deploy_server_id == bootstrap_server_id and docker_puppet_tasks_json.stat.exists changed_when: false check_mode: no + register: outputs + failed_when: false + no_log: true + - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) + when: outputs is defined + failed_when: outputs|failed diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 7ca63337..36c63887 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -28,17 +28,25 @@ import sys import tempfile import multiprocessing -log = logging.getLogger() -ch = logging.StreamHandler(sys.stdout) -if os.environ.get('DEBUG', False): - log.setLevel(logging.DEBUG) - ch.setLevel(logging.DEBUG) -else: - log.setLevel(logging.INFO) - ch.setLevel(logging.INFO) -formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s') -ch.setFormatter(formatter) -log.addHandler(ch) +logger = None + +def get_logger(): + global logger + if logger is None: + logger = logging.getLogger() + ch = logging.StreamHandler(sys.stdout) + if os.environ.get('DEBUG', False): + logger.setLevel(logging.DEBUG) + ch.setLevel(logging.DEBUG) + else: + logger.setLevel(logging.INFO) + ch.setLevel(logging.INFO) + formatter = logging.Formatter('%(asctime)s %(levelname)s: ' + '%(process)s -- %(message)s') + ch.setFormatter(formatter) + logger.addHandler(ch) + return logger + # this is to match what we do in deployed-server def short_hostname(): @@ -109,7 +117,7 @@ def rm_container(name): process_count = int(os.environ.get('PROCESS_COUNT', multiprocessing.cpu_count())) - +log = get_logger() log.info('Running docker-puppet') config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json') log.debug('CONFIG: %s' % config_file) @@ -174,7 +182,8 @@ for service in (json_data or []): log.info('Service compilation completed.') def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)): - + log = get_logger() + log.info('Started processing puppet configs') log.debug('config_volume %s' % config_volume) log.debug('puppet_tags %s' % puppet_tags) log.debug('manifest %s' % manifest) @@ -195,15 +204,18 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume TAGS="--tags \"$PUPPET_TAGS\"" fi - # workaround LP1696283 - mkdir -p /etc/ssh - touch /etc/ssh/ssh_known_hosts + # Create a reference timestamp to easily find all files touched by + # puppet. The sync ensures we get all the files we want due to + # different timestamp. + touch /tmp/the_origin_of_time + sync - FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp + FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \ + --color=false --logdest syslog $TAGS /etc/config.pp # Disables archiving if [ -z "$NO_ARCHIVE" ]; then - archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www") + archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh") rsync_srcs="" for d in "${archivedirs[@]}"; do if [ -d "$d" ]; then @@ -216,7 +228,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume # This is useful for debugging mkdir -p /var/lib/config-data/puppet-generated/${NAME} rsync -a -R -0 --delay-updates --delete-after \ - --files-from=<(find $rsync_srcs -newer /etc/ssh/ssh_known_hosts -print0) \ + --files-from=<(find $rsync_srcs -newer /tmp/the_origin_of_time -not -path '/etc/puppet*' -print0) \ / /var/lib/config-data/puppet-generated/${NAME} # Write a checksum of the config-data dir, this is used as a @@ -246,6 +258,8 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', '--volume', 'tripleo_logs:/var/log/tripleo/', + # Syslog socket for puppet logs + '--volume', '/dev/log:/dev/log', # OpenSSL trusted CA injection '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro', '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', @@ -289,6 +303,8 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume log.debug(cmd_stderr) # only delete successful runs, for debugging rm_container('docker-puppet-%s' % config_volume) + + log.info('Finished processing puppet configs') return subproc.returncode # Holds all the information for each process to consume. @@ -306,9 +322,9 @@ for config_volume in configs: volumes = service[4] if len(service) > 4 else [] if puppet_tags: - puppet_tags = "file,file_line,concat,augeas,%s" % puppet_tags + puppet_tags = "file,file_line,concat,augeas,cron,%s" % puppet_tags else: - puppet_tags = "file,file_line,concat,augeas" + puppet_tags = "file,file_line,concat,augeas,cron" process_map.append([config_volume, puppet_tags, manifest, config_image, volumes]) diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 73a3cb78..05ff7945 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -49,34 +49,17 @@ conditions: {% for step in range(1, deploy_steps_max) %} WorkflowTasks_Step{{step}}_Enabled: or: - {% for role in roles %} + {%- for role in roles %} - not: equals: - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] - '' - False - {% endfor %} + {%- endfor %} {% endfor %} resources: - # These utility tasks use docker-puppet.py to execute tasks via puppet - # We only execute these on the first node in the primary role - {{primary_role_name}}DockerPuppetTasks: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1])) - data: - docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]} - default_tasks: -{%- for step in range(1, deploy_steps_max) %} - step_{{step}}: {} -{%- endfor %} - RoleConfig: type: OS::Heat::SoftwareConfig properties: @@ -97,16 +80,16 @@ resources: type: OS::Mistral::Workflow condition: WorkflowTasks_Step{{step}}_Enabled depends_on: - {% if step == 1 %} - {% for dep in roles %} + {%- if step == 1 %} + {%- for dep in roles %} - {{dep.name}}PreConfig - {{dep.name}}ArtifactsDeploy - {% endfor %} - {% else %} - {% for dep in roles %} + {%- endfor %} + {%- else %} + {%- for dep in roles %} - {{dep.name}}Deployment_Step{{step -1}} - {% endfor %} - {% endif %} + {%- endfor %} + {%- endif %} properties: name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} type: direct @@ -114,9 +97,9 @@ resources: yaql: expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() data: - {% for role in roles %} + {%- for role in roles %} - get_param: [role_data, {{role.name}}, service_workflow_tasks] - {% endfor %} + {%- endfor %} WorkflowTasks_Step{{step}}_Execution: type: OS::Mistral::ExternalResource @@ -129,11 +112,21 @@ resources: params: env: service_ips: { get_param: ctlplane_service_ips } + role_merged_configs: + {%- for r in roles %} + {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} + {%- endfor %} + evaluate_env: false UPDATE: workflow: { get_resource: WorkflowTasks_Step{{step}} } params: env: service_ips: { get_param: ctlplane_service_ips } + role_merged_configs: + {%- for r in roles %} + {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} + {%- endfor %} + evaluate_env: false always_update: true # END service_workflow_tasks handling {% endfor %} @@ -167,11 +160,11 @@ resources: vars: puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]} docker_puppet_script: {get_file: docker-puppet.py} - docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]} - docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]} + docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]} + docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} - puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]} + puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]} tasks: # Join host_prep_tasks with the other per-host configuration yaql: @@ -185,10 +178,9 @@ resources: file: path=/var/lib/tripleo-config state=directory - name: Write the puppet step_config manifest copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes - # This is the docker-puppet configs end in + # this creates a JSON config file for our docker-puppet.py script - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory - # this creates a JSON config file for our docker-puppet.py script - name: Write docker-puppet-tasks json files copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes # FIXME: can we move docker-puppet somewhere so it's installed via a package? @@ -212,6 +204,13 @@ resources: ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files + file: + path: "{{item}}" + state: absent + with_fileglob: + - /var/lib/docker-puppet/docker-puppet-tasks*.json + when: deploy_server_id == bootstrap_server_id - name: Write docker-puppet-tasks json files copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes with_dict: "{{docker_puppet_tasks}}" @@ -224,33 +223,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} - {{role.name}}PuppetStepConfig: - type: OS::Heat::Value - properties: - type: string - value: - yaql: - expression: - # select 'step_config' only from services that do not have a docker_config - $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n") - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - step_config: {get_param: [role_data, {{role.name}}, step_config]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - - {{role.name}}DockerConfig: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - # select 'docker_config' only from services that have it - $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {}) - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - # BEGIN CONFIG STEPS {{role.name}}PreConfig: @@ -262,7 +234,6 @@ resources: update_identifier: {get_param: DeployIdentifier} {% for step in range(1, deploy_steps_max) %} - {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup depends_on: @@ -272,16 +243,16 @@ resources: # WorkflowTasks_StepX resource and can be remove # if https://bugs.launchpad.net/heat/+bug/1700569 # is fixed. - {% if step == 1 %} - {% for dep in roles %} + {%- if step == 1 %} + {%- for dep in roles %} - {{dep.name}}PreConfig - {{dep.name}}ArtifactsDeploy - {% endfor %} - {% else %} - {% for dep in roles %} + {%- endfor %} + {%- else %} + {%- for dep in roles %} - {{dep.name}}Deployment_Step{{step -1}} - {% endfor %} - {% endif %} + {%- endfor %} + {%- endif %} properties: name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} @@ -292,7 +263,6 @@ resources: update_identifier: {get_param: DeployIdentifier} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} docker_puppet_debug: {get_param: DockerPuppetDebug} - {% endfor %} # END CONFIG STEPS @@ -301,9 +271,9 @@ resources: # after all the previous deployment steps. {{role.name}}ExtraConfigPost: depends_on: - {% for dep in roles %} + {%- for dep in roles %} - {{dep.name}}Deployment_Step5 - {% endfor %} + {%- endfor %} type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: [servers, {{role.name}}]} @@ -314,9 +284,9 @@ resources: {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: - {% for dep in roles %} + {%- for dep in roles %} - {{dep.name}}ExtraConfigPost - {% endfor %} + {%- endfor %} properties: servers: {get_param: servers} input_values: diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml index 41b036da..ddfa8802 100644 --- a/docker/firstboot/setup_docker_host.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -1,14 +1,5 @@ heat_template_version: pike -parameters: - DockerNamespace: - type: string - default: tripleoupstream - description: namespace - DockerNamespaceIsRegistry: - type: boolean - default: false - resources: userdata: @@ -21,12 +12,7 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: - str_replace: - params: - $docker_registry: {get_param: DockerNamespace} - $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} - template: {get_file: ./setup_docker_host.sh} + config: {get_file: ./setup_docker_host.sh} outputs: OS::stack_id: diff --git a/docker/services/README.rst b/docker/services/README.rst index 84ac842e..ce255ba8 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -74,7 +74,7 @@ are re-asserted when applying latter ones. * puppet_tags: Puppet resource tag names that are used to generate config files with puppet. Only the named config resources are used to generate a config file. Any service that specifies tags will have the default - tags of 'file,concat,file_line,augeas' appended to the setting. + tags of 'file,concat,file_line,augeas,cron' appended to the setting. Example: keystone_config * config_volume: The name of the volume (directory) where config files diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 3be0f182..70b43eb1 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized aodh service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerAodhApiImage: description: image - default: 'centos-binary-aodh-api:latest' type: string DockerAodhConfigImage: description: The container image to use for the aodh config_volume - default: 'centos-binary-aodh-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -77,13 +75,15 @@ outputs: config_volume: aodh puppet_tags: aodh_api_paste_ini,aodh_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] + config_image: {get_param: DockerAodhConfigImage} kolla_config: /var/lib/kolla/config_files/aodh_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -92,10 +92,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: aodh_init_log: - image: &aodh_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] + image: &aodh_api_image {get_param: DockerAodhApiImage} user: root volumes: - /var/log/containers/aodh:/var/log/aodh @@ -125,11 +122,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/aodh/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh - if: diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 108a5527..f75c57b3 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Aodh Evaluator service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerAodhEvaluatorImage: description: image - default: 'centos-binary-aodh-evaluator:latest' type: string DockerAodhConfigImage: description: The container image to use for the aodh config_volume - default: 'centos-binary-aodh-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/aodh-evaluator.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] + config_image: {get_param: DockerAodhConfigImage} kolla_config: /var/lib/kolla/config_files/aodh_evaluator.json: command: /usr/bin/aodh-evaluator + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -83,10 +84,7 @@ outputs: docker_config: step_4: aodh_evaluator: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] + image: {get_param: DockerAodhEvaluatorImage} net: host privileged: false restart: always @@ -95,7 +93,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index d78af5b2..9db2ffbe 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Aodh Listener service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerAodhListenerImage: description: image - default: 'centos-binary-aodh-listener:latest' type: string DockerAodhConfigImage: description: The container image to use for the aodh config_volume - default: 'centos-binary-aodh-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/aodh-listener.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] + config_image: {get_param: DockerAodhConfigImage} kolla_config: /var/lib/kolla/config_files/aodh_listener.json: command: /usr/bin/aodh-listener + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -83,10 +84,7 @@ outputs: docker_config: step_4: aodh_listener: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] + image: {get_param: DockerAodhListenerImage} net: host privileged: false restart: always @@ -95,7 +93,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index abfb3745..c16c0161 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Aodh Notifier service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerAodhNotifierImage: description: image - default: 'centos-binary-aodh-notifier:latest' type: string DockerAodhConfigImage: description: The container image to use for the aodh config_volume - default: 'centos-binary-aodh-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/aodh-notifier.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhConfigImage} ] + config_image: {get_param: DockerAodhConfigImage} kolla_config: /var/lib/kolla/config_files/aodh_notifier.json: command: /usr/bin/aodh-notifier + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -83,10 +84,7 @@ outputs: docker_config: step_4: aodh_notifier: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] + image: {get_param: DockerAodhNotifierImage} net: host privileged: false restart: always @@ -95,7 +93,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index af1f47ad..6caffd15 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ceilometer Agent Central service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCeilometerCentralImage: description: image - default: 'centos-binary-ceilometer-central:latest' type: string DockerCeilometerConfigImage: description: The container image to use for the ceilometer config_volume - default: 'centos-binary-ceilometer-central:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/ceilometer-agent-central.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,21 +66,20 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] + config_image: {get_param: DockerCeilometerConfigImage} kolla_config: /var/lib/kolla/config_files/ceilometer_agent_central.json: command: /usr/bin/ceilometer-polling --polling-namespaces central + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: &ceilometer_agent_central_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] + image: &ceilometer_agent_central_image {get_param: DockerCeilometerCentralImage} user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -97,7 +95,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_5: @@ -107,13 +105,17 @@ outputs: net: host detach: false privileged: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - /var/log/containers/ceilometer:/var/log/ceilometer - command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] + command: + - '/usr/bin/bootstrap_host_exec' + - 'ceilometer_agent_central' + - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index 3cc440be..09677c64 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ceilometer Agent Compute service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCeilometerComputeImage: description: image - default: 'centos-binary-ceilometer-compute:latest' type: string DockerCeilometerConfigImage: description: The container image to use for the ceilometer config_volume - default: 'centos-binary-ceilometer-central:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/ceilometer-agent-compute.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,20 +66,19 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] + config_image: {get_param: DockerCeilometerConfigImage} kolla_config: /var/lib/kolla/config_files/ceilometer_agent_compute.json: command: /usr/bin/ceilometer-polling --polling-namespaces compute + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_4: ceilometer_agent_compute: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] + image: {get_param: DockerCeilometerComputeImage} net: host privileged: false restart: always @@ -89,7 +87,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro - /var/run/libvirt:/var/run/libvirt:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml index 7d02939d..82d55be2 100644 --- a/docker/services/ceilometer-agent-ipmi.yaml +++ b/docker/services/ceilometer-agent-ipmi.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ceilometer Agent Ipmi service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCeilometerIpmiImage: description: image - default: 'centos-binary-ceilometer-ipmi:latest' type: string DockerCeilometerConfigImage: description: The container image to use for the ceilometer config_volume - default: 'centos-binary-ceilometer-central:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/ceilometer-agent-ipmi.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,21 +66,20 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] + config_image: {get_param: DockerCeilometerConfigImage} kolla_config: /var/lib/kolla/config_files/ceilometer-agent-ipmi.json: command: /usr/bin/ceilometer-polling --polling-namespaces ipmi + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: &ceilometer_agent_ipmi_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ] + image: &ceilometer_agent_ipmi_image {get_param: DockerCeilometerIpmiImage} user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -97,7 +95,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index b2e85bb6..7f1d442a 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ceilometer Agent Notification service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCeilometerNotificationImage: description: image - default: 'centos-binary-ceilometer-notification:latest' type: string DockerCeilometerConfigImage: description: The container image to use for the ceilometer config_volume - default: 'centos-binary-ceilometer-central:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/ceilometer-agent-notification.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,21 +66,20 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerConfigImage} ] + config_image: {get_param: DockerCeilometerConfigImage} kolla_config: /var/lib/kolla/config_files/ceilometer_agent_notification.json: command: /usr/bin/ceilometer-agent-notification + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: &ceilometer_agent_notification_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] + image: &ceilometer_agent_notification_image {get_param: DockerCeilometerNotificationImage} user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -97,7 +95,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 6a5d74bd..7804fdb2 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Cinder API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderApiImage: description: image - default: 'centos-binary-cinder-api:latest' type: string DockerCinderConfigImage: description: The container image to use for the cinder config_volume - default: 'centos-binary-cinder-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -55,6 +53,7 @@ resources: type: ../../puppet/services/cinder-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -74,13 +73,26 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + /var/lib/kolla/config_files/cinder_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -88,10 +100,7 @@ outputs: docker_config: step_2: cinder_api_init_logs: - image: &cinder_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderApiImage} ] + image: &cinder_api_image {get_param: DockerCinderApiImage} privileged: false user: root volumes: @@ -128,9 +137,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro - - /var/lib/config-data/cinder/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder - if: @@ -144,6 +151,21 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + cinder_api_cron: + image: *cinder_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 2cde6f1d..dc7580a3 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Cinder Backup service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderBackupImage: description: image - default: 'centos-binary-cinder-backup:latest' type: string DockerCinderConfigImage: description: The container image to use for the cinder config_volume - default: 'centos-binary-cinder-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/cinder-backup.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,13 +67,27 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + # NOTE(mandre): the copy of ceph conf will need to go once we + # generate a ceph.conf for cinder in puppet + # Copy ceph config files before cinder ones as a precaution, for + # the later one to take precendence in case of duplicate files. + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/cinder owner: cinder:cinder @@ -86,10 +99,7 @@ outputs: step_3: cinder_backup_init_logs: start_order: 0 - image: &cinder_backup_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + image: &cinder_backup_image {get_param: DockerCinderBackupImage} privileged: false user: root volumes: @@ -106,13 +116,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + # FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index bcf32b2a..1bae005c 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Cinder Scheduler service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderSchedulerImage: description: image - default: 'centos-binary-cinder-scheduler:latest' type: string DockerCinderConfigImage: description: The container image to use for the cinder config_volume - default: 'centos-binary-cinder-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/cinder-scheduler.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,13 +67,15 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_scheduler.json: command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -82,10 +83,7 @@ outputs: docker_config: step_2: cinder_scheduler_init_logs: - image: &cinder_scheduler_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderSchedulerImage} ] + image: &cinder_scheduler_image {get_param: DockerCinderSchedulerImage} privileged: false user: root volumes: @@ -102,7 +100,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 55173847..3030019c 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Cinder Volume service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderVolumeImage: description: image - default: 'centos-binary-cinder-volume:latest' type: string DockerCinderConfigImage: description: The container image to use for the cinder config_volume - default: 'centos-binary-cinder-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,6 +55,7 @@ resources: type: ../../puppet/services/cinder-volume.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,22 +66,42 @@ outputs: description: Role data for the Cinder Volume role. value: service_name: {get_attr: [CinderBase, role_data, service_name]} - config_settings: {get_attr: [CinderBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - tripleo::profile::base::lvm::enable_udev: false step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - "include ::tripleo::profile::base::lvm" + - get_attr: [CinderBase, role_data, step_config] service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + # NOTE(mandre): the copy of ceph conf will need to go once we + # generate a ceph.conf for cinder in puppet + # Copy ceph config files before cinder ones as a precaution, for + # the later one to take precendence in case of duplicate files. + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -91,10 +110,7 @@ outputs: step_3: cinder_volume_init_logs: start_order: 0 - image: &cinder_volume_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + image: &cinder_volume_image {get_param: DockerCinderVolumeImage} privileged: false user: root volumes: @@ -111,12 +127,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + # FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /lib/modules:/lib/modules:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index e6741156..2989729c 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -4,23 +4,21 @@ description: > Containerized collectd service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCollectdImage: description: image - default: 'centos-binary-collectd:latest' type: string DockerCollectdConfigImage: description: The container image to use for the collectd config_volume - default: 'centos-binary-collectd:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/metrics/collectd.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -72,13 +71,15 @@ outputs: config_volume: collectd puppet_tags: collectd_client_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCollectdConfigImage} ] + config_image: {get_param: DockerCollectdConfigImage} kolla_config: /var/lib/kolla/config_files/collectd.json: command: /usr/sbin/collectd -f + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/collectd owner: collectd:collectd @@ -86,10 +87,7 @@ outputs: docker_config: step_3: collectd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ] + image: {get_param: DockerCollectdImage} net: host privileged: true restart: always @@ -99,9 +97,7 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/collectd/etc/collectd.conf:/etc/collectd.conf:ro - - /var/lib/config-data/collectd/etc/collectd.d:/etc/collectd.d:ro - - /var/log/containers/collectd:/var/log/collectd:rw + - /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/congress.yaml b/docker/services/congress.yaml index 5b5a2190..e49682f9 100644 --- a/docker/services/congress.yaml +++ b/docker/services/congress.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Congress API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCongressApiImage: description: image - default: 'centos-binary-congress-api:latest' type: string DockerCongressConfigImage: description: The container image to use for the congress config_volume - default: 'centos-binary-congress-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/congress.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: congress puppet_tags: congress_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ] + config_image: {get_param: DockerCongressConfigImage} kolla_config: /var/lib/kolla/config_files/congress_api.json: command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/congress owner: congress:congress @@ -84,10 +85,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: congress_init_logs: - image: &congress_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ] + image: &congress_api_image {get_param: DockerCongressApiImage} privileged: false user: root volumes: @@ -104,7 +102,10 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/congress/etc/:/etc/:ro + # FIXME(mandre) mounting /etc rw to workaround LP1696283 + # This should go away anyway and mount the exact files it + # needs or use kolla set_configs.py + - /var/lib/config-data/congress/etc/:/etc/ - /var/log/containers/congress:/var/log/congress command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'" step_4: @@ -119,7 +120,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro + - /var/lib/config-data/puppet-generated/congress/:/var/lib/kolla/config_files/src:ro - /var/log/containers/congress:/var/log/congress environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index d104853f..71ea8d1f 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -11,6 +11,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 7b620c56..5ba79b31 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -4,23 +4,21 @@ description: > MongoDB service deployment using puppet and docker parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMongodbImage: description: image - default: 'centos-binary-mongodb:latest' type: string DockerMongodbConfigImage: description: The container image to use for the mongodb config_volume - default: 'centos-binary-mongodb:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +43,7 @@ resources: type: ../../../puppet/services/database/mongodb.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: mongodb puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mongodb_config_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMongodbConfigImage} ] + config_image: &mongodb_config_image {get_param: DockerMongodbConfigImage} kolla_config: /var/lib/kolla/config_files/mongodb.json: command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mongodb owner: mongodb:mongodb @@ -86,16 +87,12 @@ outputs: docker_config: step_2: mongodb: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + image: {get_param: DockerMongodbImage} net: host privileged: false volumes: &mongodb_volumes - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro - - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro + - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/mongodb:/var/log/mongodb - /var/lib/mongodb:/var/lib/mongodb diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml index 38a31e24..d45d58e1 100644 --- a/docker/services/database/mysql-client.yaml +++ b/docker/services/database/mysql-client.yaml @@ -4,14 +4,13 @@ description: > Configuration for containerized MySQL clients parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMysqlClientConfigImage: description: The container image to use for the mysql_client config_volume - default: 'centos-binary-mariadb:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -58,9 +57,6 @@ outputs: config_volume: mysql_client puppet_tags: file # set this even though file is the default step_config: "include ::tripleo::profile::base::database::mysql::client" - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlClientConfigImage} ] + config_image: {get_param: DockerMysqlClientConfigImage} # no need for a docker config, this service only generates configuration files docker_config: {} diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 725b2b4b..54331415 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -4,23 +4,21 @@ description: > MySQL service deployment using puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMysqlImage: description: image - default: 'centos-binary-mariadb:latest' type: string DockerMysqlConfigImage: description: The container image to use for the mysql config_volume - default: 'centos-binary-mariadb:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../../puppet/services/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -78,13 +77,15 @@ outputs: config_volume: mysql puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mysql_config_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlConfigImage} ] + config_image: &mysql_config_image {get_param: DockerMysqlConfigImage} kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/bin/mysqld_safe + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mysql owner: mysql:mysql @@ -93,10 +94,7 @@ outputs: # Kolla_bootstrap runs before permissions set by kolla_config step_1: mysql_init_logs: - image: &mysql_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + image: &mysql_image {get_param: DockerMysqlImage} privileged: false user: root volumes: @@ -111,7 +109,7 @@ outputs: command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - /var/lib/mysql:/var/lib/mysql diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 0a490cd3..980a8c6d 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Redis services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRedisImage: description: image - default: 'centos-binary-redis:latest' type: string DockerRedisConfigImage: description: The container image to use for the redis config_volume - default: 'centos-binary-redis:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +43,7 @@ resources: type: ../../../puppet/services/database/redis.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -68,13 +67,15 @@ outputs: # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 puppet_tags: 'exec' step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] + config_image: {get_param: DockerRedisConfigImage} kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/bin/redis-server /etc/redis.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/run/redis owner: redis:redis @@ -84,10 +85,7 @@ outputs: redis_init_logs: start_order: 0 detach: false - image: &redis_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] + image: &redis_image {get_param: DockerRedisImage} privileged: false user: root volumes: @@ -102,7 +100,7 @@ outputs: volumes: - /run:/run - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro + - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/redis:/var/log/redis environment: diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index d4cfe49a..9f1ecbc1 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized EC2 API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerEc2ApiImage: description: image - default: 'centos-binary-ec2-api:latest' type: string DockerEc2ApiConfigImage: description: The container image to use for the ec2_api config_volume - default: 'centos-binary-ec2-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -67,19 +65,26 @@ outputs: config_volume: ec2_api puppet_tags: ec2api_api_paste_ini,ec2api_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiConfigImage} ] + config_image: {get_param: DockerEc2ApiConfigImage} kolla_config: /var/lib/kolla/config_files/ec2_api.json: command: /usr/bin/ec2-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ec2api owner: ec2api:ec2api recurse: true /var/lib/kolla/config_files/ec2_api_metadata.json: command: /usr/bin/ec2-api-metadata + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ec2api # default log dir for metadata service as well owner: ec2api:ec2api @@ -88,10 +93,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: ec2_api_init_logs: - image: &ec2_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ] + image: &ec2_api_image {get_param: DockerEc2ApiImage} privileged: false user: root volumes: @@ -125,7 +127,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ec2_api:/var/log/ec2api environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -139,7 +141,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ec2_api_metadata:/var/log/ec2api environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml index 3c7c81b0..42c9f2d3 100644 --- a/docker/services/etcd.yaml +++ b/docker/services/etcd.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized etcd services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerEtcdImage: description: image - default: 'centos-binary-etcd:latest' type: string DockerEtcdConfigImage: description: The container image to use for the etcd config_volume - default: 'centos-binary-etcd:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/etcd.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EtcdInitialClusterToken: {get_param: EtcdInitialClusterToken} @@ -71,13 +70,15 @@ outputs: puppet_config: config_volume: etcd step_config: *step_config - config_image: &etcd_config_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEtcdConfigImage} ] + config_image: &etcd_config_image {get_param: DockerEtcdConfigImage} kolla_config: /var/lib/kolla/config_files/etcd.json: command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/etcd owner: etcd:etcd @@ -85,10 +86,7 @@ outputs: docker_config: step_2: etcd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] + image: {get_param: DockerEtcdImage} net: host privileged: false restart: always @@ -96,7 +94,7 @@ outputs: - /var/lib/etcd:/var/lib/etcd - /etc/localtime:/etc/localtime:ro - /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/etcd/etc/etcd/etcd.yml:/etc/etcd/etcd.yml:ro + - /var/lib/config-data/puppet-generated/etcd/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 4fadef95..d88c64b5 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack Glance service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerGlanceApiImage: description: image - default: 'centos-binary-glance-api:latest' type: string DockerGlanceApiConfigImage: description: The container image to use for the glance_api config_volume - default: 'centos-binary-glance-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +54,7 @@ resources: type: ../../puppet/services/glance-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -78,23 +77,27 @@ outputs: config_volume: glance_api puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiConfigImage} ] + config_image: {get_param: DockerGlanceApiConfigImage} kolla_config: /var/lib/kolla/config_files/glance_api.json: command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config step_2: glance_init_logs: - image: &glance_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] + image: &glance_api_image {get_param: DockerGlanceApiImage} privileged: false user: root volumes: @@ -112,7 +115,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro + - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance environment: - KOLLA_BOOTSTRAP=True @@ -142,9 +145,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index cf31d256..5129b89f 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized gnocchi service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerGnocchiApiImage: description: image - default: 'centos-binary-gnocchi-api:latest' type: string DockerGnocchiConfigImage: description: The container image to use for the gnocchi config_volume - default: 'centos-binary-gnocchi-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -77,13 +75,15 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_api_paste_ini,gnocchi_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] + config_image: {get_param: DockerGnocchiConfigImage} kolla_config: /var/lib/kolla/config_files/gnocchi_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -92,10 +92,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: gnocchi_init_log: - image: &gnocchi_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] + image: &gnocchi_api_image {get_param: DockerGnocchiApiImage} user: root volumes: - /var/log/containers/gnocchi:/var/log/gnocchi @@ -125,11 +122,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi - if: diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 3a05d577..1a0a1ddb 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Gnocchi Metricd service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerGnocchiMetricdImage: description: image - default: 'centos-binary-gnocchi-metricd:latest' type: string DockerGnocchiConfigImage: description: The container image to use for the gnocchi config_volume - default: 'centos-binary-gnocchi-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/gnocchi-metricd.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +66,15 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] + config_image: {get_param: DockerGnocchiConfigImage} kolla_config: /var/lib/kolla/config_files/gnocchi_metricd.json: command: /usr/bin/gnocchi-metricd + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -81,10 +82,7 @@ outputs: docker_config: step_4: gnocchi_metricd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] + image: {get_param: DockerGnocchiMetricdImage} net: host privileged: false restart: always @@ -93,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index c3523b57..00d218d2 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Gnocchi Statsd service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerGnocchiStatsdImage: description: image - default: 'centos-binary-gnocchi-statsd:latest' type: string DockerGnocchiConfigImage: description: The container image to use for the gnocchi config_volume - default: 'centos-binary-gnocchi-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/gnocchi-statsd.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +66,15 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiConfigImage} ] + config_image: {get_param: DockerGnocchiConfigImage} kolla_config: /var/lib/kolla/config_files/gnocchi_statsd.json: command: /usr/bin/gnocchi-statsd + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -81,10 +82,7 @@ outputs: docker_config: step_4: gnocchi_statsd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] + image: {get_param: DockerGnocchiStatsdImage} net: host privileged: false restart: always @@ -93,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 5831fe89..f080dcb2 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -4,18 +4,16 @@ description: > OpenStack containerized HAproxy service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHAProxyImage: description: image - default: 'centos-binary-haproxy:latest' type: string DockerHAProxyConfigImage: description: The container image to use for the haproxy config_volume - default: 'centos-binary-haproxy:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,7 +46,7 @@ parameters: The filepath of the certificate as it will be stored in the controller. type: string RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: @@ -72,6 +70,7 @@ resources: type: ../../puppet/services/haproxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -94,10 +93,7 @@ outputs: config_volume: haproxy puppet_tags: haproxy_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] + config_image: {get_param: DockerHAProxyConfigImage} volumes: &deployed_cert_mount - list_join: - ':' @@ -107,13 +103,15 @@ outputs: kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: haproxy: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + image: {get_param: DockerHAProxyImage} net: host privileged: false restart: always @@ -123,7 +121,7 @@ outputs: - *deployed_cert_mount - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/haproxy/etc/:/etc/:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 1905281d..aff0f1a1 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -4,24 +4,22 @@ description: > OpenStack containerized Heat API CFN service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHeatApiCfnImage: description: image - default: 'centos-binary-heat-api-cfn:latest' type: string # puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn DockerHeatApiCfnConfigImage: description: The container image to use for the heat_api_cfn config_volume - default: 'centos-binary-heat-api-cfn:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +54,7 @@ resources: type: ../../puppet/services/heat-api-cfn.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -78,13 +77,15 @@ outputs: config_volume: heat_api_cfn puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnConfigImage} ] + config_image: {get_param: DockerHeatApiCfnConfigImage} kolla_config: /var/lib/kolla/config_files/heat_api_cfn.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -92,10 +93,7 @@ outputs: docker_config: step_4: heat_api_cfn: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ] + image: {get_param: DockerHeatApiCfnImage} net: host privileged: false restart: always @@ -107,11 +105,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat - if: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index c0cec937..ba8fc75f 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -4,24 +4,22 @@ description: > OpenStack containerized Heat API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHeatApiImage: description: image - default: 'centos-binary-heat-api:latest' type: string # puppet needs the heat-wsgi-api binary from centos-binary-heat-api DockerHeatApiConfigImage: description: The container image to use for the heat_api config_volume - default: 'centos-binary-heat-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +54,7 @@ resources: type: ../../puppet/services/heat-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -78,13 +77,26 @@ outputs: config_volume: heat_api puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiConfigImage} ] + config_image: {get_param: DockerHeatApiConfigImage} kolla_config: /var/lib/kolla/config_files/heat_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/heat + owner: heat:heat + recurse: true + /var/lib/kolla/config_files/heat_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -92,10 +104,7 @@ outputs: docker_config: step_4: heat_api: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ] + image: {get_param: DockerHeatApiImage} net: host privileged: false restart: always @@ -107,11 +116,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/heat_api/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat - if: @@ -125,6 +130,20 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + heat_api_cron: + image: {get_param: DockerHeatApiImage} + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/heat:/var/log/heat + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 676dbb1f..789f3f9d 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Heat Engine service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHeatEngineImage: description: image - default: 'centos-binary-heat-engine:latest' type: string DockerHeatConfigImage: description: The container image to use for the heat config_volume - default: 'centos-binary-heat-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/heat-engine.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -71,13 +70,15 @@ outputs: config_volume: heat puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + config_image: {get_param: DockerHeatConfigImage} kolla_config: /var/lib/kolla/config_files/heat_engine.json: command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -86,10 +87,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: heat_init_log: - image: &heat_engine_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + image: &heat_engine_image {get_param: DockerHeatEngineImage} user: root volumes: - /var/log/containers/heat:/var/log/heat @@ -119,7 +117,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro + - /var/lib/config-data/puppet-generated/heat/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 5797b207..3d3bc7c3 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Horizon service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHorizonImage: description: image - default: 'centos-binary-horizon:latest' type: string DockerHorizonConfigImage: description: The container image to use for the horizon config_volume - default: 'centos-binary-horizon:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/horizon.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -74,13 +73,15 @@ outputs: config_volume: horizon puppet_tags: horizon_config step_config: {get_attr: [HorizonBase, role_data, step_config]} - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHorizonConfigImage} ] + config_image: {get_param: DockerHorizonConfigImage} kolla_config: /var/lib/kolla/config_files/horizon.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/horizon/ owner: apache:apache @@ -92,10 +93,7 @@ outputs: docker_config: step_2: horizon_fix_perms: - image: &horizon_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] + image: &horizon_image {get_param: DockerHorizonImage} user: root # NOTE Set ownership for /var/log/horizon/horizon.log file here, # otherwise it's created by root when generating django cache. @@ -117,8 +115,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro - - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro + - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 183ed5ce..90978f3e 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ironic API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerIronicApiImage: description: image - default: 'centos-binary-ironic-api:latest' type: string - DockerIronicConfigImage: - description: The container image to use for the ironic config_volume - default: 'centos-binary-ironic-pxe:latest' + DockerIronicApiConfigImage: + description: The container image to use for the ironic_api config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/ironic-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,16 +66,18 @@ outputs: service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: ironic + config_volume: ironic_api puppet_tags: ironic_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + config_image: {get_param: DockerIronicApiConfigImage} kolla_config: /var/lib/kolla/config_files/ironic_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ironic owner: ironic:ironic @@ -85,10 +86,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: ironic_init_logs: - image: &ironic_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ] + image: &ironic_api_image {get_param: DockerIronicApiImage} privileged: false user: root volumes: @@ -106,7 +104,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro + - /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro - /var/log/containers/ironic:/var/log/ironic command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'" step_4: @@ -121,11 +119,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro - - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/ironic/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index f47a3e4c..6368bd23 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ironic Conductor service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerIronicConductorImage: description: image - default: 'centos-binary-ironic-conductor:latest' type: string DockerIronicConfigImage: description: The container image to use for the ironic config_volume - default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/ironic-conductor.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -77,13 +76,15 @@ outputs: config_volume: ironic puppet_tags: ironic_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + config_image: {get_param: DockerIronicConfigImage} kolla_config: /var/lib/kolla/config_files/ironic_conductor.json: command: /usr/bin/ironic-conductor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/ironic owner: ironic:ironic @@ -95,10 +96,7 @@ outputs: step_4: ironic_conductor: start_order: 80 - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ] + image: {get_param: DockerIronicConductorImage} net: host privileged: true restart: always @@ -107,7 +105,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /sys:/sys - /dev:/dev diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index f518b9d5..48d2e1ee 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ironic PXE service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerIronicPxeImage: description: image - default: 'centos-binary-ironic-pxe:latest' type: string DockerIronicConfigImage: description: The container image to use for the ironic config_volume - default: 'centos-binary-ironic-pxe:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,15 +55,22 @@ outputs: config_volume: ironic puppet_tags: ironic_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + config_image: {get_param: DockerIronicConfigImage} kolla_config: /var/lib/kolla/config_files/ironic_pxe_http.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/ironic_pxe_tftp.json: command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ironic owner: ironic:ironic @@ -74,10 +79,7 @@ outputs: step_4: ironic_pxe_tftp: start_order: 90 - image: &ironic_pxe_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ] + image: &ironic_pxe_image {get_param: DockerIronicPxeImage} net: host privileged: false restart: always @@ -86,17 +88,8 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - # TODO(mandre) check how docker like mounting in a bind-mounted tree - # This directory may contain migrated data from BM + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/lib/ironic:/var/lib/ironic/ - # These files were generated by puppet inside the config container - # TODO(mandre) check the mount permission (ro/rw) - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32 - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0 - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file - /dev/log:/dev/log - /var/log/containers/ironic:/var/log/ironic environment: @@ -112,11 +105,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/ironic/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/lib/ironic:/var/lib/ironic/ - /var/log/containers/ironic:/var/log/ironic environment: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index 86f2d3b4..f6b348c7 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Iscsid service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerIscsidImage: description: image - default: 'centos-binary-iscsid:latest' type: string DockerIscsidConfigImage: description: The container image to use for the iscsid config_volume - default: 'centos-binary-iscsid:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,34 +42,43 @@ resources: ContainersCommon: type: ./containers-common.yaml + IscsidBase: + type: ../../puppet/services/iscsid.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + outputs: role_data: - description: Role data for the Iscsid API role. + description: Role data for the Iscsid role. value: - service_name: iscsid - config_settings: {} - step_config: '' - service_config_settings: {} + service_name: {get_attr: [IscsidBase, role_data, service_name]} + config_settings: {get_attr: [IscsidBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [IscsidBase, role_data, step_config]} + service_config_settings: {get_attr: [IscsidBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: iscsid - #puppet_tags: file - step_config: '' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIscsidConfigImage} ] + puppet_tags: iscsid_config + step_config: *step_config + config_image: {get_param: DockerIscsidConfigImage} kolla_config: /var/lib/kolla/config_files/iscsid.json: command: /usr/sbin/iscsid -f + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: iscsid: start_order: 2 - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] + image: {get_param: DockerIscsidImage} net: host privileged: true restart: always @@ -84,14 +91,10 @@ outputs: - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /etc/iscsi - file: - path: /etc/iscsi - state: directory - name: stat /lib/systemd/system/iscsid.socket stat: path=/lib/systemd/system/iscsid.socket register: stat_iscsid_socket @@ -100,6 +103,7 @@ outputs: when: stat_iscsid_socket.stat.exists upgrade_tasks: - name: stat /lib/systemd/system/iscsid.service + tags: step2 stat: path=/lib/systemd/system/iscsid.service register: stat_iscsid_service - name: Stop and disable iscsid service @@ -107,6 +111,7 @@ outputs: service: name=iscsid state=stopped enabled=no when: stat_iscsid_service.stat.exists - name: stat /lib/systemd/system/iscsid.socket + tags: step2 stat: path=/lib/systemd/system/iscsid.socket register: stat_iscsid_socket - name: Stop and disable iscsid.socket service diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index b6cfa21e..7ecfc329 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Keystone service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerKeystoneImage: description: image - default: 'centos-binary-keystone:latest' type: string DockerKeystoneConfigImage: description: The container image to use for the keystone config_volume - default: 'centos-binary-keystone:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -61,6 +59,7 @@ resources: type: ../../puppet/services/keystone.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -90,21 +89,31 @@ outputs: config_volume: keystone puppet_tags: keystone_config step_config: *step_config - config_image: &keystone_config_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneConfigImage} ] + config_image: &keystone_config_image {get_param: DockerKeystoneConfigImage} kolla_config: /var/lib/kolla/config_files/keystone.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + /var/lib/kolla/config_files/keystone_cron.json: + command: /usr/sbin/cron -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/keystone + owner: keystone:keystone + recurse: true docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config step_2: keystone_init_log: - image: &keystone_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + image: &keystone_image {get_param: DockerKeystoneImage} user: root command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone'] volumes: @@ -121,11 +130,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/keystone/var/www/:/var/www/:ro - - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro - - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro - /var/log/containers/keystone:/var/log/keystone - if: @@ -156,6 +161,21 @@ outputs: user: root command: [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + keystone_cron: + start_order: 4 + image: *keystone_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/keystone:/var/log/keystone + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: # Keystone endpoint creation occurs only on single node step_3: diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index 66dc6c3c..c33f4094 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Manila API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerManilaApiImage: description: image - default: 'centos-binary-manila-api:latest' type: string DockerManilaConfigImage: description: The container image to use for the manila config_volume - default: 'centos-binary-manila-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/manila-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -65,13 +64,15 @@ outputs: config_volume: manila puppet_tags: manila_config,manila_api_paste_ini step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + config_image: {get_param: DockerManilaConfigImage} kolla_config: /var/lib/kolla/config_files/manila_api.json: command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/manila owner: manila:manila @@ -79,10 +80,7 @@ outputs: docker_config: step_2: manila_init_logs: - image: &manila_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ] + image: &manila_api_image {get_param: DockerManilaApiImage} user: root volumes: - /var/log/containers/manila:/var/log/manila @@ -110,7 +108,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index d4170e42..730d33f6 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Manila Scheduler service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerManilaSchedulerImage: description: image - default: 'centos-binary-manila-scheduler:latest' type: string DockerManilaConfigImage: description: The container image to use for the manila config_volume - default: 'centos-binary-manila-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/manila-scheduler.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -65,13 +64,15 @@ outputs: config_volume: manila puppet_tags: manila_config,manila_scheduler_paste_ini step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + config_image: {get_param: DockerManilaConfigImage} kolla_config: /var/lib/kolla/config_files/manila_scheduler.json: command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/manila owner: manila:manila @@ -79,10 +80,7 @@ outputs: docker_config: step_4: manila_scheduler: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaSchedulerImage} ] + image: {get_param: DockerManilaSchedulerImage} net: host restart: always volumes: @@ -90,7 +88,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml new file mode 100644 index 00000000..09d1a574 --- /dev/null +++ b/docker/services/manila-share.yaml @@ -0,0 +1,111 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Share service + +parameters: + DockerManilaShareImage: + description: image + type: string + DockerManilaConfigImage: + description: image + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + ManilaBase: + type: ../../puppet/services/manila-share.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Manila Share role. + value: + service_name: {get_attr: [ManilaBase, role_data, service_name]} + config_settings: {get_attr: [ManilaBase, role_data, config_settings]} + step_config: &step_config + get_attr: [ManilaBase, role_data, step_config] + service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: manila + puppet_tags: manila_config + step_config: *step_config + config_image: {get_param: DockerManilaConfigImage} + kolla_config: + /var/lib/kolla/config_files/manila_share.json: + command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + # NOTE(gfidente): ceph-ansible generated + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/etc/ceph" + merge: true + preserve_properties: true + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_4: + manila_share: + image: &manila_share_image {get_param: DockerManilaShareImage} + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/manila:/var/log/manila + - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: /var/log/containers/manila + state: directory + upgrade_tasks: + - name: Stop and disable manila_share service + tags: step2 + service: name=openstack-manila-share state=stopped enabled=no diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index 3d41c176..7e28bdc1 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Memcached services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMemcachedImage: description: image - default: 'centos-binary-memcached:latest' type: string DockerMemcachedConfigImage: description: The container image to use for the memcached config_volume - default: 'centos-binary-memcached:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/memcached.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,20 +66,14 @@ outputs: config_volume: 'memcached' puppet_tags: 'file' step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedConfigImage} ] + config_image: {get_param: DockerMemcachedConfigImage} kolla_config: {} docker_config: step_1: memcached_init_logs: start_order: 0 detach: false - image: &memcached_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] + image: &memcached_image {get_param: DockerMemcachedImage} privileged: false user: root volumes: @@ -100,8 +93,6 @@ outputs: - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro # TODO(bogdando) capture memcached syslog logs from a container command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable memcached service tags: step2 diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index f1284280..73db3742 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Mistral API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMistralApiImage: description: image - default: 'centos-binary-mistral-api:latest' type: string DockerMistralConfigImage: description: The container image to use for the mistral config_volume - default: 'centos-binary-mistral-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/mistral-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: mistral puppet_tags: mistral_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + config_image: {get_param: DockerMistralConfigImage} kolla_config: /var/lib/kolla/config_files/mistral_api.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -84,10 +85,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: mistral_init_logs: - image: &mistral_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ] + image: &mistral_api_image {get_param: DockerMistralApiImage} privileged: false user: root volumes: @@ -136,7 +134,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/log/containers/mistral:/var/log/mistral environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index 712f4ba6..4c6b300d 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Mistral Engine service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMistralEngineImage: description: image - default: 'centos-binary-mistral-engine:latest' type: string DockerMistralConfigImage: description: The container image to use for the mistral config_volume - default: 'centos-binary-mistral-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/mistral-engine.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -70,13 +69,15 @@ outputs: config_volume: mistral puppet_tags: mistral_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + config_image: {get_param: DockerMistralConfigImage} kolla_config: /var/lib/kolla/config_files/mistral_engine.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -84,10 +85,7 @@ outputs: docker_config: step_4: mistral_engine: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ] + image: {get_param: DockerMistralEngineImage} net: host privileged: false restart: always @@ -97,7 +95,7 @@ outputs: - - /run:/run - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/log/containers/mistral:/var/log/mistral environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 5a35ba98..ea54c574 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Mistral Executor service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMistralExecutorImage: description: image - default: 'centos-binary-mistral-executor:latest' type: string DockerMistralConfigImage: description: The container image to use for the mistral config_volume - default: 'centos-binary-mistral-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/mistral-executor.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -70,13 +69,15 @@ outputs: config_volume: mistral puppet_tags: mistral_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + config_image: {get_param: DockerMistralConfigImage} kolla_config: /var/lib/kolla/config_files/mistral_executor.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -84,10 +85,7 @@ outputs: docker_config: step_4: mistral_executor: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ] + image: {get_param: DockerMistralExecutorImage} net: host privileged: false restart: always @@ -96,7 +94,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /run:/run # FIXME: this is required in order for Nova cells # initialization workflows on the Undercloud. Need to @@ -111,6 +109,18 @@ outputs: path: /var/log/containers/mistral state: directory upgrade_tasks: + - name: Check if mistral executor is deployed + command: systemctl is-enabled openstack-mistral-executor + tags: common + ignore_errors: True + register: mistral_executor_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState | + grep '\bactive\b' + when: mistral_executor_enabled.rc == 0 + tags: step0,validation - name: Stop and disable mistral_executor service tags: step2 + when: mistral_executor_enabled.rc == 0 service: name=openstack-mistral-executor state=stopped enabled=no diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index 61b05571..a0c02f30 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Multipathd service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMultipathdImage: description: image - default: 'centos-binary-multipathd:latest' type: string DockerMultipathdConfigImage: description: The container image to use for the multipathd config_volume - default: 'centos-binary-multipathd:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,21 +55,20 @@ outputs: config_volume: multipathd #puppet_tags: file step_config: '' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdConfigImage} ] + config_image: {get_param: DockerMultipathdConfigImage} kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: start_order: 1 - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] + image: {get_param: DockerMultipathdImage} net: host privileged: true restart: always @@ -80,11 +77,11 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 2890dec9..a9125c8c 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Neutron API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronApiImage: description: image - default: 'centos-binary-neutron-server:latest' type: string DockerNeutronConfigImage: description: The container image to use for the neutron config_volume - default: 'centos-binary-neutron-server:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -55,6 +53,7 @@ resources: type: ../../puppet/services/neutron-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -76,27 +75,31 @@ outputs: config_volume: neutron puppet_tags: neutron_config,neutron_api_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_api.json: command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true /var/lib/kolla/config_files/neutron_server_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: # db sync runs before permissions set by kolla_config step_2: neutron_init_logs: - image: &neutron_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ] + image: &neutron_api_image {get_param: DockerNeutronApiImage} privileged: false user: root volumes: @@ -132,7 +135,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -148,9 +151,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: @@ -162,8 +163,18 @@ outputs: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_server is deployed + command: systemctl is-enabled neutron-server + tags: common + ignore_errors: True + register: neutron_server_enabled + - name: "PreUpgrade step0,validation: Check service neutron-server is running" + shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + when: neutron_server_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_api service tags: step2 + when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped enabled=no metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index 460b2ee1..4b75d542 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Neutron DHCP service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronDHCPImage: description: image - default: 'centos-binary-neutron-dhcp-agent:latest' type: string DockerNeutronConfigImage: description: The container image to use for the neutron config_volume - default: 'centos-binary-neutron-server:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/neutron-dhcp.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,24 +68,26 @@ outputs: config_volume: neutron puppet_tags: neutron_config,neutron_dhcp_agent_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_dhcp.json: command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-dhcp-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_dhcp: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronDHCPImage} ] + image: {get_param: DockerNeutronDHCPImage} net: host pid: host privileged: true @@ -96,18 +97,33 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_dhcp_agent is deployed + command: systemctl is-enabled neutron-dhcp-agent + tags: common + ignore_errors: True + register: neutron_dhcp_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running" + shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b' + when: neutron_dhcp_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_dhcp service tags: step2 + when: neutron_dhcp_agent_enabled.rc == 0 service: name=neutron-dhcp-agent state=stopped enabled=no diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index b692f736..06470c05 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -4,18 +4,16 @@ description: > OpenStack containerized Neutron L3 agent parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronL3AgentImage: description: image - default: 'centos-binary-neutron-l3-agent:latest' type: string DockerNeutronConfigImage: description: The container image to use for the neutron config_volume - default: 'centos-binary-neutron-server:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/neutron-l3.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,24 +64,26 @@ outputs: puppet_tags: neutron_config,neutron_l3_agent_config config_volume: neutron step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_l3_agent.json: command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_l3_agent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ] + image: {get_param: DockerNeutronL3AgentImage} net: host pid: host privileged: true @@ -92,13 +93,18 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index 493b97b2..a5a7c34b 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -4,18 +4,16 @@ description: > OpenStack containerized Neutron Metadata agent parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronMetadataImage: description: image - default: 'centos-binary-neutron-metadata-agent:latest' type: string DockerNeutronConfigImage: description: The container image to use for the neutron config_volume - default: 'centos-binary-neutron-server:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/neutron-metadata.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,24 +64,26 @@ outputs: puppet_tags: neutron_config,neutron_metadata_agent_config config_volume: neutron step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_metadata_agent.json: command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_metadata_agent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronMetadataImage} ] + image: {get_param: DockerNeutronMetadataImage} net: host pid: host privileged: true @@ -92,18 +93,33 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_metadata_agent is deployed + command: systemctl is-enabled neutron-metadata-agent + tags: common + ignore_errors: True + register: neutron_metadata_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running" + shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b' + when: neutron_metadata_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_metadata service tags: step2 + when: neutron_metadata_agent_enabled.rc == 0 service: name=neutron-metadata-agent state=stopped enabled=no diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 27919a35..4cce23d9 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -4,18 +4,16 @@ description: > OpenStack Neutron openvswitch service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOpenvswitchImage: description: image - default: 'centos-binary-neutron-openvswitch-agent:latest' type: string DockerNeutronConfigImage: description: The container image to use for the neutron config_volume - default: 'centos-binary-neutron-server:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/neutron-ovs-agent.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,13 +64,15 @@ outputs: config_volume: neutron puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_ovs_agent.json: command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/common + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron @@ -79,10 +80,7 @@ outputs: docker_config: step_4: neutron_ovs_agent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] + image: {get_param: DockerOpenvswitchImage} net: host pid: host privileged: true @@ -92,7 +90,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run - /var/log/containers/neutron:/var/log/neutron diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml index aa62bded..8d12e0de 100644 --- a/docker/services/neutron-plugin-ml2.yaml +++ b/docker/services/neutron-plugin-ml2.yaml @@ -9,22 +9,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronConfigImage: description: The container image to use for the neutron config_volume - default: 'centos-binary-neutron-server:latest' type: string DefaultPasswords: - default: {} type: json RoleName: default: '' @@ -41,6 +39,7 @@ resources: type: OS::TripleO::Docker::NeutronMl2PluginBase properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -62,9 +61,6 @@ outputs: config_volume: 'neutron' puppet_tags: neutron_plugin_ml2 step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: {} docker_config: {} diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 5d410fb6..4bec8035 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaApiImage: description: image - default: 'centos-binary-nova-api:latest' type: string DockerNovaConfigImage: description: The container image to use for the nova config_volume - default: 'centos-binary-nova-base:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -76,13 +75,26 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_api.json: command: /usr/bin/nova-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + /var/lib/kolla/config_files/nova_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -91,10 +103,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: nova_init_logs: - image: &nova_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ] + image: &nova_api_image {get_param: DockerNovaApiImage} privileged: false user: root volumes: @@ -107,11 +116,10 @@ outputs: net: host detach: false user: root - volumes: &nova_api_volumes + volumes: &nova_api_bootstrap_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/log/containers/nova:/var/log/nova command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'" @@ -124,14 +132,14 @@ outputs: net: host detach: false user: root - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'" nova_api_create_default_cell: start_order: 2 image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes # NOTE: allowing the exit code 2 is a dirty way of making # this idempotent (if the resource already exists a conflict # is raised) @@ -143,7 +151,7 @@ outputs: image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'" step_4: @@ -154,7 +162,28 @@ outputs: user: nova privileged: true restart: always - volumes: *nova_api_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + nova_api_cron: + image: *nova_api_image + net: host + user: root + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_5: @@ -163,7 +192,7 @@ outputs: image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" host_prep_tasks: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 1277a8fb..0426eaec 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -4,18 +4,16 @@ description: > OpenStack containerized Nova Compute service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaComputeImage: description: image - default: 'centos-binary-nova-compute:latest' type: string DockerNovaLibvirtConfigImage: description: The container image to use for the nova_libvirt config_volume - default: 'centos-binary-nova-compute:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,6 +36,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number resources: @@ -48,10 +51,12 @@ resources: type: ../../puppet/services/nova-compute.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -59,27 +64,26 @@ outputs: value: service_name: {get_attr: [NovaComputeBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaComputeBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config get_attr: [NovaComputeBase, role_data, step_config] puppet_config: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ] + config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: /var/lib/kolla/config_files/nova_compute.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -91,10 +95,7 @@ outputs: # FIXME: run discover hosts here step_4: nova_compute: - image: &nova_compute_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + image: &nova_compute_image {get_param: DockerNovaComputeImage} net: host privileged: true user: nova @@ -104,9 +105,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /dev:/dev - - /etc/iscsi:/etc/iscsi - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 266180c5..9f666577 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Conductor service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaConductorImage: description: image - default: 'centos-binary-nova-conductor:latest' type: string DockerNovaConfigImage: description: The container image to use for the nova config_volume - default: 'centos-binary-nova-base:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/nova-conductor.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,13 +67,15 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_conductor.json: command: /usr/bin/nova-conductor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -82,10 +83,7 @@ outputs: docker_config: step_4: nova_conductor: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ] + image: {get_param: DockerNovaConductorImage} net: host privileged: false restart: always @@ -94,7 +92,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index d836797f..0d3d1ec9 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Consoleauth service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaConsoleauthImage: description: image - default: 'centos-binary-nova-consoleauth:latest' type: string DockerNovaConfigImage: description: The container image to use for the nova config_volume - default: 'centos-binary-nova-base:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-consoleauth.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +66,15 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_consoleauth.json: command: /usr/bin/nova-consoleauth + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -81,10 +82,7 @@ outputs: docker_config: step_4: nova_consoleauth: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConsoleauthImage} ] + image: {get_param: DockerNovaConsoleauthImage} net: host privileged: false restart: always @@ -93,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 8f988399..17068b41 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -4,18 +4,16 @@ description: > OpenStack containerized Nova Ironic Compute service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaComputeIronicImage: description: image - default: 'centos-binary-nova-compute-ironic:latest' type: string DockerNovaConfigImage: description: The container image to use for the nova config_volume - default: 'centos-binary-nova-base:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -47,6 +45,7 @@ resources: NovaIronicBase: type: ../../puppet/services/nova-ironic.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -65,13 +64,19 @@ outputs: config_volume: nova puppet_tags: nova_config,nova_paste_api_ini step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_ironic.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -82,10 +87,7 @@ outputs: docker_config: step_5: nova_compute: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeIronicImage} ] + image: {get_param: DockerNovaComputeIronicImage} net: host privileged: true user: root @@ -95,10 +97,10 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /run:/run - /dev:/dev - - /etc/iscsi:/etc/iscsi - /var/lib/nova/:/var/lib/nova - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index f1a48cf1..5fc7939a 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -4,24 +4,22 @@ description: > OpenStack Libvirt Service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaLibvirtImage: description: image - default: 'centos-binary-nova-libvirt:latest' type: string # we configure libvirt via the nova-compute container due to coupling # in the puppet modules DockerNovaLibvirtConfigImage: description: The container image to use for the nova_libvirt config_volume - default: 'centos-binary-nova-compute:latest' type: string EnablePackageInstall: default: 'false' - description: Set to true to enable package installation + description: Set to true to enable package installation at deploy time type: boolean + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -53,6 +51,12 @@ parameters: description: If set to true and if EnableInternalTLS is enabled, it will set the libvirt URI's transport to tls and configure the relevant keys for libvirt. + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + conditions: @@ -74,10 +78,12 @@ resources: type: ../../puppet/services/nova-libvirt.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -85,24 +91,14 @@ outputs: value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaLibvirtBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config get_attr: [NovaLibvirtBase, role_data, step_config] puppet_config: config_volume: nova_libvirt - puppet_tags: nova_config + puppet_tags: nova_config,file,exec step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtConfigImage} ] + config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: /var/lib/kolla/config_files/nova_libvirt.json: command: @@ -110,6 +106,11 @@ outputs: - use_tls_for_live_migration - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -117,10 +118,7 @@ outputs: docker_config: step_3: nova_libvirt: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaLibvirtImage} ] + image: {get_param: DockerNovaLibvirtImage} net: host pid: host privileged: true @@ -130,12 +128,13 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /dev:/dev - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova + - /etc/libvirt/secrets:/etc/libvirt/secrets # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt @@ -150,6 +149,7 @@ outputs: path: "{{ item }}" state: directory with_items: + - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt - /var/log/containers/nova diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml index e158d3bc..0a8a74cd 100644 --- a/docker/services/nova-metadata.yaml +++ b/docker/services/nova-metadata.yaml @@ -9,6 +9,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -33,6 +37,7 @@ resources: type: ../../puppet/services/nova-metadata.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml new file mode 100644 index 00000000..385343a0 --- /dev/null +++ b/docker/services/nova-migration-target.yaml @@ -0,0 +1,124 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Migration Target service + +parameters: + DockerNovaComputeImage: + description: image + type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SshdBase: + type: ../../puppet/services/sshd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + NovaMigrationTargetBase: + type: ../../puppet/services/nova-migration-target.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Migration Target service. + value: + service_name: nova_migration_target + config_settings: + map_merge: + - get_attr: [SshdBase, role_data, config_settings] + - get_attr: [NovaMigrationTargetBase, role_data, config_settings] + - tripleo.nova_migration_target.firewall_rules: + '113 nova_migration_target': + dport: + - {get_param: DockerNovaMigrationSshdPort} + step_config: &step_config + list_join: + - "\n" + - - get_attr: [SshdBase, role_data, step_config] + - get_attr: [NovaMigrationTargetBase, role_data, step_config] + puppet_config: + config_volume: nova_libvirt + step_config: *step_config + config_image: {get_param: DockerNovaLibvirtConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova-migration-target.json: + command: + str_replace: + template: "/usr/sbin/sshd -D -p SSHDPORT" + params: + SSHDPORT: {get_param: DockerNovaMigrationSshdPort} + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: /host-ssh/ssh_host_*_key + dest: /etc/ssh/ + owner: "root" + perm: "0600" + docker_config: + step_4: + nova_migration_target: + image: {get_param: DockerNovaComputeImage} + net: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/ssh/:/host-ssh/:ro + - /run:/run + - /var/lib/nova:/var/lib/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 251bbaad..7350db20 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Placement API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaPlacementImage: description: image - default: 'centos-binary-nova-placement-api:latest' type: string DockerNovaPlacementConfigImage: description: The container image to use for the nova_placement config_volume - default: 'centos-binary-nova-placement-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-placement.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -70,13 +69,15 @@ outputs: config_volume: nova_placement puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementConfigImage} ] + config_image: {get_param: DockerNovaPlacementConfigImage} kolla_config: /var/lib/kolla/config_files/nova_placement.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -86,10 +87,7 @@ outputs: step_3: nova_placement: start_order: 1 - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + image: {get_param: DockerNovaPlacementImage} net: host user: root restart: always @@ -98,11 +96,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index fbb3abc7..5c1aa308 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Scheduler service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaSchedulerImage: description: image - default: 'centos-binary-nova-scheduler:latest' type: string DockerNovaConfigImage: description: The container image to use for the nova config_volume - default: 'centos-binary-nova-base:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-scheduler.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +66,15 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_scheduler.json: command: /usr/bin/nova-scheduler + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -81,10 +82,7 @@ outputs: docker_config: step_4: nova_scheduler: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ] + image: {get_param: DockerNovaSchedulerImage} net: host privileged: false restart: always @@ -93,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /run:/run - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index c2b9c3b1..37831ff7 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Vncproxy service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaVncProxyImage: description: image - default: 'centos-binary-nova-novncproxy:latest' type: string DockerNovaConfigImage: description: The container image to use for the nova config_volume - default: 'centos-binary-nova-base:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-vnc-proxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +66,15 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_vnc_proxy.json: command: /usr/bin/nova-novncproxy --web /usr/share/novnc/ + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -81,10 +82,7 @@ outputs: docker_config: step_4: nova_vnc_proxy: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ] + image: {get_param: DockerNovaVncProxyImage} net: host privileged: false restart: always @@ -93,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml index 728162fe..f5b4baec 100644 --- a/docker/services/octavia-api.yaml +++ b/docker/services/octavia-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack Octavia service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOctaviaApiImage: description: image - default: 'centos-binary-octavia-api:latest' type: string DockerOctaviaConfigImage: description: The container image to use for the octavia config_volume - default: 'centos-binary-octavia-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +54,7 @@ resources: type: ../../puppet/services/octavia-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -75,27 +74,36 @@ outputs: config_volume: octavia puppet_tags: octavia_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + config_image: {get_param: DockerOctaviaConfigImage} kolla_config: /var/lib/kolla/config_files/octavia_api.json: command: /usr/bin/octavia-api --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/api.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/octavia_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config step_2: octavia_api_init_dirs: start_order: 0 - image: &octavia_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaApiImage} ] + image: &octavia_api_image {get_param: DockerOctaviaApiImage} user: root volumes: - - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ - /var/log/containers/octavia:/var/log/octavia command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia'] step_3: @@ -106,11 +114,10 @@ outputs: privileged: false detach: false user: root - volumes: &octavia_volumes + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro - /var/log/containers/octavia:/var/log/octavia command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'" @@ -122,7 +129,13 @@ outputs: net: host privileged: false restart: always - volumes: *octavia_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - if: @@ -138,7 +151,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/octavia_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/octavia/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/octavia-health-manager.yaml b/docker/services/octavia-health-manager.yaml index 2228e369..f5e1eda5 100644 --- a/docker/services/octavia-health-manager.yaml +++ b/docker/services/octavia-health-manager.yaml @@ -4,23 +4,21 @@ description: > OpenStack Octavia health-manager service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOctaviaHealthManagerImage: description: image - default: 'centos-binary-octavia-health-manager:latest' type: string DockerOctaviaConfigImage: description: The container image to use for the octavia config_volume - default: 'centos-binary-octavia-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/octavia-health-manager.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,24 +67,28 @@ outputs: config_volume: octavia puppet_tags: octavia_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + config_image: {get_param: DockerOctaviaConfigImage} kolla_config: /var/lib/kolla/config_files/octavia_health_manager.json: command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-health-manager + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_2: octavia_health_manager_init_dirs: start_order: 0 - image: &octavia_health_manager_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaHealthManagerImage} ] + image: &octavia_health_manager_image {get_param: DockerOctaviaHealthManagerImage} user: root volumes: - - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager'] step_4: octavia_health_manager: @@ -99,7 +102,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro - /var/log/containers/octavia:/var/log/octavia environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/octavia-housekeeping.yaml b/docker/services/octavia-housekeeping.yaml index c2986c63..1dc0db37 100644 --- a/docker/services/octavia-housekeeping.yaml +++ b/docker/services/octavia-housekeeping.yaml @@ -4,23 +4,21 @@ description: > OpenStack Octavia service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOctaviaHousekeepingImage: description: image - default: 'centos-binary-octavia-housekeeping:latest' type: string DockerOctaviaConfigImage: description: The container image to use for the octavia config_volume - default: 'centos-binary-octavia-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/octavia-housekeeping.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,24 +67,28 @@ outputs: config_volume: octavia puppet_tags: octavia_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + config_image: {get_param: DockerOctaviaConfigImage} kolla_config: /var/lib/kolla/config_files/octavia_housekeeping.json: command: /usr/bin/octavia-housekeeping --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/housekeeping.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-housekeeping + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_2: octavia_housekeeping_init_dirs: start_order: 0 - image: &octavia_housekeeping_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaHousekeepingImage} ] + image: &octavia_housekeeping_image {get_param: DockerOctaviaHousekeepingImage} user: root volumes: - - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-housekeeping; chown -R octavia:octavia /etc/octavia/conf.d/octavia-housekeeping'] step_4: octavia_housekeeping: @@ -99,7 +102,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro - /var/log/containers/octavia:/var/log/octavia environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/octavia-worker.yaml b/docker/services/octavia-worker.yaml index 41295125..d29e1a3a 100644 --- a/docker/services/octavia-worker.yaml +++ b/docker/services/octavia-worker.yaml @@ -4,23 +4,21 @@ description: > OpenStack Octavia worker service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOctaviaWorkerImage: description: image - default: 'centos-binary-octavia-worker:latest' type: string DockerOctaviaConfigImage: description: The container image to use for the octavia config_volume - default: 'centos-binary-octavia-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/octavia-worker.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,24 +67,28 @@ outputs: config_volume: octavia puppet_tags: octavia_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaConfigImage} ] + config_image: {get_param: DockerOctaviaConfigImage} kolla_config: /var/lib/kolla/config_files/octavia_worker.json: command: /usr/bin/octavia-worker --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/worker.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-worker + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_2: octavia_worker_init_dirs: start_order: 0 - image: &octavia_worker_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOctaviaWorkerImage} ] + image: &octavia_worker_image {get_param: DockerOctaviaWorkerImage} user: root volumes: - - /var/lib/config-data/octavia/etc/octavia:/etc/octavia/ + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker'] step_4: octavia_worker: @@ -99,7 +102,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro - /var/log/containers/octavia:/var/log/octavia environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml index cb476685..6a62f65e 100644 --- a/docker/services/opendaylight-api.yaml +++ b/docker/services/opendaylight-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized OpenDaylight API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOpendaylightApiImage: description: image - default: 'centos-binary-opendaylight:latest' type: string DockerOpendaylightConfigImage: description: image - default: 'centos-binary-opendaylight:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/opendaylight-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -62,23 +61,22 @@ outputs: map_merge: - get_attr: [OpenDaylightBase, role_data, config_settings] step_config: &step_config - list_join: - - "\n" - - - get_attr: [OpenDaylightBase, role_data, step_config] - - "include tripleo::profile::base::neutron::opendaylight::create_cluster" + get_attr: [OpenDaylightBase, role_data, step_config] # BEGIN DOCKER SETTINGS puppet_config: config_volume: opendaylight # 'file,concat,file_line,augeas' are included by default - puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster + puppet_tags: odl_user step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightConfigImage} ] + config_image: {get_param: DockerOpendaylightConfigImage} kolla_config: /var/lib/kolla/config_files/opendaylight_api.json: command: /opt/opendaylight/bin/karaf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /opt/opendaylight owner: odl:odl @@ -87,10 +85,7 @@ outputs: step_1: opendaylight_api: start_order: 0 - image: &odl_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightApiImage} ] + image: &odl_api_image {get_param: DockerOpendaylightApiImage} privileged: false net: host detach: true @@ -101,12 +96,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/opendaylight/opt/opendaylight/data/idmlight.db.mv.db:/opt/opendaylight/data/idmlight.db.mv.db - - /var/lib/config-data/opendaylight/opt/opendaylight/configuration/initial/:/opt/opendaylight/configuration/initial/ - - /var/lib/config-data/opendaylight/opt/opendaylight/etc/jetty.xml:/opt/opendaylight/etc/jetty.xml:ro - - /var/lib/config-data/opendaylight/opt/opendaylight/etc/org.apache.karaf.features.cfg:/opt/opendaylight/etc/org.apache.karaf.features.cfg:ro - - /var/lib/config-data/opendaylight/opt/opendaylight/etc/org.ops4j.pax.logging.cfg:/opt/opendaylight/etc/org.ops4j.pax.logging.cfg:ro - - /var/lib/config-data/opendaylight/opt/opendaylight/etc/org.opendaylight.groupbasedpolicy.neutron.vpp.mapper.startup.cfg:/opt/opendaylight/etc/org.opendaylight.groupbasedpolicy.neutron.vpp.mapper.startup.cfg:ro + - /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index d15c920e..26ae9bca 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -4,17 +4,11 @@ description: > OpenStack containerized Cinder Backup service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderBackupImage: description: image - default: 'centos-binary-cinder-backup:latest' type: string DockerCinderConfigImage: description: The container image to use for the cinder config_volume - default: 'centos-binary-cinder-api:latest' type: string CinderBackupBackend: default: swift @@ -33,6 +27,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -58,6 +56,7 @@ resources: type: ../../../puppet/services/cinder-backup.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -74,10 +73,7 @@ outputs: config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage} cinder::backup::manage_service: false cinder::backup::enabled: false step_config: "" @@ -87,10 +83,7 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: {get_attr: [CinderBackupBase, role_data, step_config]} - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf @@ -146,6 +139,27 @@ outputs: - /var/lib/cinder - /var/log/containers/cinder upgrade_tasks: - - name: Stop and disable cinder_backup service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-backup cluster resource + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-backup cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_backup service tags: step2 - service: name=openstack-cinder-backup state=stopped enabled=no + service: name=openstack-cinder-backup enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 07e5fc2e..262e999d 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Cinder Volume service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderVolumeImage: description: image - default: 'centos-binary-cinder-volume:latest' type: string DockerCinderConfigImage: description: The container image to use for the cinder config_volume - default: 'centos-binary-cinder-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -54,6 +52,7 @@ resources: type: ../../../puppet/services/cinder-volume.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,10 +66,7 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage} cinder::volume::manage_service: false cinder::volume::enabled: false cinder::host: hostgroup @@ -81,10 +77,7 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: {get_attr: [CinderBase, role_data, step_config]} - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf @@ -164,6 +157,30 @@ outputs: executable: /bin/bash creates: /dev/loop2 upgrade_tasks: - - name: Stop and disable cinder_volume service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-volume cluster resource + tags: step2 + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-volume cluster resource. tags: step2 - service: name=openstack-cinder-volume state=stopped enabled=no + pacemaker_resource: + resource: openstack-cinder-volume + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_volume service from boot + tags: step2 + service: name=openstack-cinder-volume enabled=no + + + diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index 9fd9402f..c7c316a4 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -6,23 +6,21 @@ description: > the local galera node is synced parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerClustercheckImage: description: image - default: 'centos-binary-mariadb:latest' type: string DockerClustercheckConfigImage: description: The container image to use for the clustercheck config_volume - default: 'centos-binary-mariadb:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -50,6 +48,7 @@ resources: type: ../../../puppet/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,34 +66,20 @@ outputs: config_volume: clustercheck puppet_tags: file # set this even though file is the default step_config: "include ::tripleo::profile::pacemaker::clustercheck" - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckConfigImage} ] + config_image: {get_param: DockerClustercheckConfigImage} kolla_config: /var/lib/kolla/config_files/clustercheck.json: command: /usr/sbin/xinetd -dontfork config_files: - - dest: /etc/xinetd.conf - source: /var/lib/kolla/config_files/src/etc/xinetd.conf - owner: mysql - perm: '0644' - - dest: /etc/xinetd.d/galera-monitor - source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor - owner: mysql - perm: '0644' - - dest: /etc/sysconfig/clustercheck - source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck - owner: mysql - perm: '0600' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_2: clustercheck: start_order: 1 - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] + image: {get_param: DockerClustercheckImage} restart: always net: host volumes: @@ -102,7 +87,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/clustercheck/:/var/lib/kolla/config_files/src:ro - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index fb1400f6..f12852f8 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -4,23 +4,21 @@ description: > MySQL service deployment with pacemaker bundle parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMysqlImage: description: image - default: 'centos-binary-mariadb:latest' type: string DockerMysqlConfigImage: description: The container image to use for the mysql config_volume - default: 'centos-binary-mariadb:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -52,6 +50,7 @@ resources: type: ../../../../puppet/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,11 +64,18 @@ outputs: config_settings: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerMysqlImage} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 + tripleo.mysql.firewall_rules: + '104 mysql galera-bundle': + dport: + - 873 + - 3123 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -81,30 +87,19 @@ outputs: - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" - "exec {'wait-for-settle': command => '/bin/true' }" - "include ::tripleo::profile::pacemaker::database::mysql_bundle" - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlConfigImage} ] + config_image: {get_param: DockerMysqlConfigImage} kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/sbin/pacemaker_remoted config_files: - - dest: /etc/libqb/force-filesystem-sockets - source: /dev/null - owner: root - perm: '0644' - - dest: /etc/my.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf - owner: mysql - perm: '0644' - - dest: /etc/my.cnf.d/galera.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf - owner: mysql - perm: '0644' - - dest: /etc/sysconfig/clustercheck - source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck - owner: root - perm: '0600' + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: mysql_data_ownership: @@ -129,7 +124,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -173,8 +168,6 @@ outputs: - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - /dev/shm:/dev/shm:rw - - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro - - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro - /var/lib/mysql:/var/lib/mysql:rw host_prep_tasks: - name: create /var/lib/mysql @@ -182,6 +175,27 @@ outputs: path: /var/lib/mysql state: directory upgrade_tasks: - - name: Stop and disable mysql service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the galera cluster resource + tags: step2 + pacemaker_resource: + resource: galera + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped galera cluster resource. + tags: step2 + pacemaker_resource: + resource: galera + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable mysql service tags: step2 - service: name=mariadb state=stopped enabled=no + service: name=mariadb enabled=no diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index 2ff15fe9..75b6d650 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Redis services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRedisImage: description: image - default: 'centos-binary-redis:latest' type: string DockerRedisConfigImage: description: The container image to use for the redis config_volume - default: 'centos-binary-redis:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +43,7 @@ resources: type: ../../../../puppet/services/database/redis.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -61,12 +60,14 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true - tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerRedisImage} - + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} + tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 + tripleo.redis.firewall_rules: + '108 redis-bundle': + dport: + - 3124 + - 6379 + - 26379 step_config: "" service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -78,10 +79,7 @@ outputs: puppet_tags: 'exec' step_config: get_attr: [RedisBase, role_data, step_config] - config_image: &redis_config_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisConfigImage} ] + config_image: &redis_config_image {get_param: DockerRedisConfigImage} kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/sbin/pacemaker_remoted @@ -90,6 +88,11 @@ outputs: source: /dev/null owner: root perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/run/redis owner: redis:redis @@ -142,6 +145,27 @@ outputs: path: /var/lib/redis state: directory upgrade_tasks: - - name: Stop and disable redis service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the redis cluster resource + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped redis cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable redis service tags: step2 - service: name=redis state=stopped enabled=no + service: name=redis enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 704ffab5..24155912 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -4,18 +4,16 @@ description: > OpenStack containerized HAproxy service for pacemaker parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHAProxyImage: description: image - default: 'centos-binary-haproxy:latest' type: string DockerHAProxyConfigImage: description: The container image to use for the haproxy config_volume - default: 'centos-binary-haproxy:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -30,6 +28,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string RoleName: default: '' description: Role name on which the service is applied @@ -45,6 +48,7 @@ resources: type: ../../../puppet/services/pacemaker/haproxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -60,10 +64,7 @@ outputs: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false haproxy_docker: true - tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage} step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -77,13 +78,22 @@ outputs: - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] + config_image: {get_param: DockerHAProxyConfigImage} + volumes: &deployed_cert_mount + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true docker_config: step_2: haproxy_init_bundle: @@ -110,17 +120,42 @@ outputs: - 'include ::tripleo::profile::pacemaker::haproxy_bundle' image: *haproxy_image volumes: - # puppet saves iptables rules in /etc/sysconfig - - /etc/sysconfig:/etc/sysconfig:rw - # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount - # the necessary bit and prevent systemd to try to reload the service in the container - - /usr/libexec/iptables:/usr/libexec/iptables:ro - - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /etc/puppet:/tmp/puppet-etc:ro - - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - - /dev/shm:/dev/shm:rw + list_concat: + - *deployed_cert_mount + - + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index ab1a612f..de53ceee 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Rabbitmq service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRabbitmqImage: description: image - default: 'centos-binary-rabbitmq:latest' type: string DockerRabbitmqConfigImage: description: The container image to use for the rabbitmq config_volume - default: 'centos-binary-rabbitmq:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../../puppet/services/rabbitmq.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,11 +62,15 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false - tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 + tripleo.rabbitmq.firewall_rules: + '109 rabbitmq-bundle': + dport: + - 3122 + - 4369 + - 5672 + - 25672 step_config: &step_config get_attr: [RabbitmqBase, role_data, step_config] service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} @@ -76,10 +79,7 @@ outputs: config_volume: rabbitmq puppet_tags: file step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ] + config_image: {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/sbin/pacemaker_remoted @@ -88,6 +88,10 @@ outputs: source: /dev/null owner: root perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -106,7 +110,7 @@ outputs: privileged: false volumes: - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /var/lib/rabbitmq:/var/lib/rabbitmq @@ -161,6 +165,27 @@ outputs: echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done upgrade_tasks: - - name: Stop and disable rabbitmq service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable rabbitmq service tags: step2 - service: name=rabbitmq-server state=stopped enabled=no + service: name=rabbitmq-server enabled=no diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 0f556063..ad2fa0f6 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -6,23 +6,21 @@ description: > will be disabled in future releases. parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerPankoApiImage: description: image - default: 'centos-binary-panko-api:latest' type: string DockerPankoConfigImage: description: The container image to use for the panko config_volume - default: 'centos-binary-panko-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,6 +55,7 @@ resources: type: ../../puppet/services/panko-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -79,13 +78,15 @@ outputs: config_volume: panko puppet_tags: panko_api_paste_ini,panko_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerPankoConfigImage} ] + config_image: {get_param: DockerPankoConfigImage} kolla_config: /var/lib/kolla/config_files/panko_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/panko owner: panko:panko @@ -93,10 +94,7 @@ outputs: docker_config: step_2: panko_init_log: - image: &panko_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] + image: &panko_api_image {get_param: DockerPankoApiImage} user: root volumes: - /var/log/containers/panko:/var/log/panko @@ -127,11 +125,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro - - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/panko/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro - /var/log/containers/panko:/var/log/panko - if: diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index f42f2ed2..418c60d2 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Rabbitmq service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRabbitmqImage: description: image - default: 'centos-binary-rabbitmq:latest' type: string DockerRabbitmqConfigImage: description: The container image to use for the rabbitmq config_volume - default: 'centos-binary-rabbitmq:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -52,6 +50,7 @@ resources: type: ../../puppet/services/rabbitmq.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -77,13 +76,15 @@ outputs: puppet_config: config_volume: rabbitmq step_config: *step_config - config_image: &rabbitmq_config_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ] + config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/lib/rabbitmq/bin/rabbitmq-server + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -94,10 +95,7 @@ outputs: rabbitmq_init_logs: start_order: 0 detach: false - image: &rabbitmq_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] + image: &rabbitmq_image {get_param: DockerRabbitmqImage} privileged: false user: root volumes: @@ -114,7 +112,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq environment: @@ -142,7 +140,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq environment: diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index 32d64583..bff2fdac 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack Sahara service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSaharaApiImage: description: image - default: 'centos-binary-sahara-api:latest' type: string DockerSaharaConfigImage: description: The container image to use for the sahara config_volume - default: 'centos-binary-sahara-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/sahara-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -68,13 +67,15 @@ outputs: config_volume: sahara puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaConfigImage} ] + config_image: {get_param: DockerSaharaConfigImage} kolla_config: /var/lib/kolla/config_files/sahara-api.json: command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/sahara owner: sahara:sahara @@ -85,19 +86,15 @@ outputs: docker_config: step_3: sahara_db_sync: - image: &sahara_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] + image: &sahara_api_image {get_param: DockerSaharaApiImage} net: host privileged: false detach: false user: root - volumes: &sahara_volumes + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro - /lib/modules:/lib/modules:ro - /var/lib/sahara:/var/lib/sahara @@ -109,7 +106,15 @@ outputs: net: host privileged: false restart: always - volumes: *sahara_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro + - /lib/modules:/lib/modules:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 99a51c9a..01d4bb9c 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -4,23 +4,21 @@ description: > OpenStack Sahara service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSaharaEngineImage: description: image - default: 'centos-binary-sahara-engine:latest' type: string DockerSaharaConfigImage: description: The container image to use for the sahara config_volume - default: 'centos-binary-sahara-api:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/sahara-engine.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -68,13 +67,15 @@ outputs: config_volume: sahara puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaConfigImage} ] + config_image: {get_param: DockerSaharaConfigImage} kolla_config: /var/lib/kolla/config_files/sahara-engine.json: command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/sahara owner: sahara:sahara @@ -85,19 +86,16 @@ outputs: docker_config: step_4: sahara_engine: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] + image: {get_param: DockerSaharaEngineImage} net: host privileged: false restart: always - volumes: &sahara_volumes + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro - /var/lib/sahara:/var/lib/sahara - /var/log/containers/sahara:/var/log/sahara environment: diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml index 42b0c57a..b64231cd 100644 --- a/docker/services/sensu-client.yaml +++ b/docker/services/sensu-client.yaml @@ -4,23 +4,21 @@ description: > Containerized Sensu client service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSensuClientImage: description: image - default: 'centos-binary-sensu-client:latest' type: string DockerSensuConfigImage: description: The container image to use for the sensu config_volume - default: 'centos-binary-sensu-client:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -75,6 +73,7 @@ resources: type: ../../puppet/services/monitoring/sensu-client.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -102,13 +101,15 @@ outputs: config_volume: sensu puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSensuConfigImage} ] + config_image: {get_param: DockerSensuConfigImage} kolla_config: /var/lib/kolla/config_files/sensu-client.json: command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/sensu owner: sensu:sensu @@ -116,10 +117,7 @@ outputs: docker_config: step_3: sensu_client: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] + image: {get_param: DockerSensuClientImage} net: host privileged: true # NOTE(mmagr) kolla image changes the user to 'sensu', we need it @@ -133,7 +131,7 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro + - /var/lib/config-data/puppet-generated/sensu/:/var/lib/kolla/config_files/src:ro - /var/log/containers/sensu:/var/log/sensu:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index d7a7fe41..374db250 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized swift proxy service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSwiftProxyImage: description: image - default: 'centos-binary-swift-proxy-server:latest' type: string DockerSwiftConfigImage: description: The container image to use for the swift config_volume - default: 'centos-binary-swift-proxy-server:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -55,6 +53,7 @@ resources: type: ../../puppet/services/swift-proxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -74,27 +73,31 @@ outputs: config_volume: swift puppet_tags: swift_proxy_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] + config_image: {get_param: DockerSwiftConfigImage} kolla_config: /var/lib/kolla/config_files/swift_proxy.json: command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/swift owner: swift:swift recurse: true /var/lib/kolla/config_files/swift_proxy_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_4: map_merge: - swift_proxy: - image: &swift_proxy_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + image: &swift_proxy_image {get_param: DockerSwiftProxyImage} net: host user: swift restart: always @@ -103,9 +106,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro - # FIXME I'm mounting /etc/swift as rw. Are the rings written to - # at all during runtime? - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -124,9 +125,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml index 00a772d6..e4e2c7d2 100644 --- a/docker/services/swift-ringbuilder.yaml +++ b/docker/services/swift-ringbuilder.yaml @@ -4,14 +4,13 @@ description: > OpenStack Swift Ringbuilder parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSwiftConfigImage: description: The container image to use for the swift config_volume - default: 'centos-binary-swift-proxy-server:latest' type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -73,6 +72,7 @@ resources: type: ../../puppet/services/swift-ringbuilder.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -95,9 +95,6 @@ outputs: config_volume: 'swift' puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] + config_image: {get_param: DockerSwiftConfigImage} kolla_config: {} docker_config: {} diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index f2b8c474..e879b25d 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -4,25 +4,17 @@ description: > OpenStack containerized Swift Storage services. parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSwiftProxyImage: description: image - default: 'centos-binary-swift-proxy-server:latest' type: string DockerSwiftAccountImage: description: image - default: 'centos-binary-swift-account:latest' type: string DockerSwiftContainerImage: description: image - default: 'centos-binary-swift-container:latest' type: string DockerSwiftObjectImage: description: image - default: 'centos-binary-swift-object:latest' type: string DockerSwiftConfigImage: description: The container image to use for the swift config_volume @@ -44,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -65,6 +61,7 @@ resources: type: ../../puppet/services/swift-storage.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -88,53 +85,117 @@ outputs: config_volume: swift puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config,rsync::server step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftConfigImage} ] + config_image: {get_param: DockerSwiftConfigImage} kolla_config: /var/lib/kolla/config_files/swift_account_auditor.json: command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_reaper.json: command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_replicator.json: command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_server.json: command: /usr/bin/swift-account-server /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_auditor.json: command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_replicator.json: command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_updater.json: command: /usr/bin/swift-container-updater /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_server.json: command: /usr/bin/swift-container-server /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_auditor.json: command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_expirer.json: command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_replicator.json: command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_updater.json: command: /usr/bin/swift-object-updater /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_server.json: command: /usr/bin/swift-object-server /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/swift owner: swift:swift recurse: true - /var/lib/kolla/config_files/swift_xinetd_rsync.json: - command: /usr/sbin/xinetd -dontfork + /var/lib/kolla/config_files/swift_rsync.json: + command: /usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: # The puppet config sets this up but we don't have a way to mount the named # volume during the configuration stage. We just need to create this # directory and make sure it's owned by swift. swift_setup_srv: - image: &swift_account_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: &swift_account_image {get_param: DockerSwiftAccountImage} user: root command: ['chown', '-R', 'swift:', '/srv/node'] volumes: @@ -150,7 +211,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -167,7 +228,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -183,7 +244,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -199,17 +260,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_container_auditor: - image: &swift_container_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + image: &swift_container_image {get_param: DockerSwiftContainerImage} net: host user: swift restart: always @@ -218,7 +276,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -234,7 +292,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -250,7 +308,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -266,17 +324,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_object_auditor: - image: &swift_object_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + image: &swift_object_image {get_param: DockerSwiftObjectImage} net: host user: swift restart: always @@ -285,17 +340,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_object_expirer: - image: &swift_proxy_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + image: &swift_proxy_image {get_param: DockerSwiftProxyImage} net: host user: swift restart: always @@ -304,7 +356,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -320,7 +372,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -336,7 +388,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -352,13 +404,13 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env - swift_xinetd_rsync: + swift_rsync: image: *swift_object_image net: host user: root @@ -368,8 +420,8 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/swift_xinetd_rsync.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc:/etc + - /var/lib/kolla/config_files/swift_rsync.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -410,6 +462,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index 84175c57..cdcb4d2a 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Tacker service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerTackerImage: description: image - default: 'centos-binary-tacker:latest' type: string DockerTackerConfigImage: description: The container image to use for the tacker config_volume - default: 'centos-binary-tacker:latest' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/tacker.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: tacker puppet_tags: tacker_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ] + config_image: {get_param: DockerTackerConfigImage} kolla_config: /var/lib/kolla/config_files/tacker_api.json: command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/tacker owner: tacker:tacker @@ -84,10 +85,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: tacker_init_logs: - image: &tacker_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ] + image: &tacker_image {get_param: DockerTackerImage} privileged: false user: root volumes: @@ -104,7 +102,10 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/tacker/etc/:/etc/:ro + # FIXME(mandre) mounting /etc rw to workaround LP1696283 + # This should go away anyway and mount the exact files it + # needs or use kolla set_configs.py + - /var/lib/config-data/tacker/etc/:/etc/ - /var/log/containers/tacker:/var/log/tacker command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" step_4: @@ -118,7 +119,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro + - /var/lib/config-data/puppet-generated/tacker/:/var/lib/kolla/config_files/src:ro - /var/log/containers/tacker:/var/log/tacker environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 17524e5e..061a4a70 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -4,23 +4,25 @@ description: > OpenStack containerized Zaqar services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerZaqarImage: description: image - default: 'centos-binary-zaqar:latest' type: string DockerZaqarConfigImage: description: The container image to use for the zaqar config_volume - default: 'centos-binary-zaqar:latest' type: string + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -39,6 +41,9 @@ parameters: description: Parameters specific to the role type: json +conditions: + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} + resources: ContainersCommon: @@ -48,6 +53,7 @@ resources: type: ../../puppet/services/zaqar.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,61 +73,86 @@ outputs: config_volume: zaqar puppet_tags: zaqar_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerZaqarConfigImage} ] + config_image: {get_param: DockerZaqarConfigImage} kolla_config: /var/lib/kolla/config_files/zaqar.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/zaqar owner: zaqar:zaqar recurse: true docker_config: - step_4: - zaqar: - image: &zaqar_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] - net: host - privileged: false - restart: always - # NOTE(mandre) kolla image changes the user to 'zaqar', we need it - # to be root to run httpd - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - - /var/lib/config-data/zaqar/var/www/:/var/www/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - zaqar_websocket: - image: *zaqar_image - net: host - privileged: false - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - - /var/lib/config-data/zaqar/var/www/:/var/www/:ro - - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - + if: + - zaqar_management_store_sqlalchemy + - + step_2: + zaqar_init_log: + image: &zaqar_image {get_param: DockerZaqarImage} + user: root + volumes: + - /var/log/containers/zaqar:/var/log/zaqar + command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar'] + step_3: + zaqar_db_sync: + image: *zaqar_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro + - /var/log/containers/zaqar:/var/log/zaqar + command: "/usr/bin/bootstrap_host_exec zaqar su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'" + - {} + - step_4: + zaqar: + image: *zaqar_image + net: host + privileged: false + restart: always + # NOTE(mandre) kolla image changes the user to 'zaqar', we need it + # to be root to run httpd + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + zaqar_websocket: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: |