diff options
Diffstat (limited to 'docker')
27 files changed, 999 insertions, 60 deletions
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 4b93ddd7..bda5469a 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -86,16 +86,15 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: aodh_init_log: - start_order: 0 image: *aodh_image user: root volumes: - /var/log/containers/aodh:/var/log/aodh command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh'] + step_3: aodh_db_sync: - start_order: 1 image: *aodh_image net: host privileged: false diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml new file mode 100644 index 00000000..02793e48 --- /dev/null +++ b/docker/services/ceilometer-agent-ipmi.yaml @@ -0,0 +1,113 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ceilometer Agent Ipmi service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCeilometerIpmiImage: + description: image + default: 'centos-binary-ceilometer-ipmi:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CeilometerAgentIpmiBase: + type: ../../puppet/services/ceilometer-agent-ipmi.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceilometer Agent Ipmi role. + value: + service_name: {get_attr: [CeilometerAgentIpmiBase, role_data, service_name]} + config_settings: {get_attr: [CeilometerAgentIpmiBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CeilometerAgentIpmiBase, role_data, step_config] + service_config_settings: {get_attr: [CeilometerAgentIpmiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ceilometer + puppet_tags: ceilometer_config + step_config: *step_config + config_image: &ceilometer_agent_ipmi_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ] + kolla_config: + /var/lib/kolla/config_files/ceilometer-agent-ipmi.json: + command: /usr/bin/ceilometer-polling --polling-namespaces ipmi + docker_config: + step_3: + ceilometer_init_log: + start_order: 0 + image: *ceilometer_agent_ipmi_image + user: root + command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] + volumes: + - /var/log/containers/ceilometer:/var/log/ceilometer + step_4: + ceilometer_agent_ipmi: + image: *ceilometer_agent_ipmi_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_5: + ceilometer_gnocchi_upgrade: + start_order: 1 + image: *ceilometer_agent_ipmi_image + net: host + detach: false + privileged: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/log/containers/ceilometer:/var/log/ceilometer + command: "/usr/bin/bootstrap_host_exec ceilometer su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" + upgrade_tasks: + - name: Stop and disable ceilometer agent ipmi service + tags: step2 + service: name=openstack-ceilometer-agent-ipmi state=stopped enabled=no diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 062f5fc3..94bd66d8 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -87,9 +87,8 @@ outputs: owner: cinder:cinder recurse: true docker_config: - step_3: + step_2: cinder_api_init_logs: - start_order: 0 image: &cinder_api_image list_join: - '/' @@ -99,6 +98,7 @@ outputs: volumes: - /var/log/containers/cinder:/var/log/cinder command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_3: cinder_api_db_sync: image: *cinder_api_image net: host @@ -110,6 +110,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/log/containers/cinder:/var/log/cinder command: - '/usr/bin/bootstrap_host_exec' - 'cinder_api' diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml new file mode 100644 index 00000000..0958a7e8 --- /dev/null +++ b/docker/services/cinder-backup.yaml @@ -0,0 +1,132 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Backup service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderBackupImage: + description: image + default: 'centos-binary-cinder-backup:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_backup.json: + command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/lib/cinder + owner: cinder:cinder + recurse: true + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_backup_init_logs: + start_order: 0 + image: &cinder_backup_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_backup: + image: *cinder_backup_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/cinder + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup state=stopped enabled=no diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 9d94b578..8199c34b 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -81,9 +81,8 @@ outputs: owner: cinder:cinder recurse: true docker_config: - step_3: + step_2: cinder_scheduler_init_logs: - start_order: 0 image: &cinder_scheduler_image list_join: - '/' diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml new file mode 100644 index 00000000..4ee1996c --- /dev/null +++ b/docker/services/cinder-volume.yaml @@ -0,0 +1,163 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Volume service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderVolumeImage: + description: image + default: 'centos-binary-cinder-volume:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + # custom parameters for the Cinder volume role + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-volume.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_volume.json: + command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_volume_init_logs: + start_order: 0 + image: &cinder_volume_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_volume: + image: *cinder_volume_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + - /var/lib/cinder + #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true + - name: cinder create LVM volume group dd + command: + list_join: + - '' + - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek=' + - str_replace: + template: VALUE + params: + VALUE: {get_param: CinderLVMLoopDeviceSize} + - 'M' + args: + creates: /var/lib/cinder/cinder-volumes + - name: cinder create LVM volume group + shell: | + if ! losetup /dev/loop2; then + losetup /dev/loop2 /var/lib/cinder/cinder-volumes + fi + if ! pvdisplay | grep cinder-volumes; then + pvcreate /dev/loop2 + fi + if ! vgdisplay | grep cinder-volumes; then + vgcreate cinder-volumes /dev/loop2 + fi + args: + executable: /bin/bash + creates: /dev/loop2 + upgrade_tasks: + - name: Stop and disable cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped enabled=no diff --git a/docker/services/congress-api.yaml b/docker/services/congress-api.yaml index 3ee1d91d..92b0eeb9 100644 --- a/docker/services/congress-api.yaml +++ b/docker/services/congress-api.yaml @@ -82,9 +82,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: congress_init_logs: - start_order: 0 image: &congress_image list_join: - '/' @@ -94,8 +93,8 @@ outputs: volumes: - /var/log/containers/congress:/var/log/congress command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress'] + step_3: congress_db_sync: - start_order: 1 image: *congress_image net: host privileged: false diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index 973d9994..d104853f 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -3,19 +3,64 @@ heat_template_version: pike description: > Contains a static list of common things necessary for containers +parameters: + + # Required parameters + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + outputs: volumes: description: Common volumes for the containers. value: - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - # required for bootstrap_host_exec - - /etc/puppet:/etc/puppet:ro - # OpenSSL trusted CAs - - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro - - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro - - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro - - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro - # Syslog socket - - /dev/log:/dev/log - - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + list_concat: + - - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + # required for bootstrap_host_exec + - /etc/puppet:/etc/puppet:ro + # OpenSSL trusted CAs + - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro + - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro + - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro + - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro + # Syslog socket + - /dev/log:/dev/log + - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + - if: + - internal_tls_enabled + - - {get_param: InternalTLSCAFile} + - null diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index c73db857..9eabb719 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -87,17 +87,16 @@ outputs: recurse: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config - step_2: + step_1: mysql_init_logs: - start_order: 0 image: *mysql_image privileged: false user: root volumes: - /var/log/containers/mysql:/var/log/mariadb command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb'] + step_2: mysql_bootstrap: - start_order: 1 detach: false image: *mysql_image net: host diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 9e84dd5f..9d0d30c8 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -79,6 +79,7 @@ outputs: step_1: redis_init_logs: start_order: 0 + detach: false image: *redis_image privileged: false user: root @@ -86,6 +87,7 @@ outputs: - /var/log/containers/redis:/var/log/redis command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] redis: + start_order: 1 image: *redis_image net: host privileged: false diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index c3af5231..5c244012 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -85,17 +85,16 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config - step_3: + step_2: glance_init_logs: - start_order: 0 image: *glance_image privileged: false user: root volumes: - /var/log/containers/glance:/var/log/glance command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance'] + step_3: glance_api_db_sync: - start_order: 1 image: *glance_image net: host privileged: false diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index e3b72bc5..bd1c3168 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -86,16 +86,15 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: gnocchi_init_log: - start_order: 0 image: *gnocchi_image user: root volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] + step_3: gnocchi_db_sync: - start_order: 1 image: *gnocchi_image net: host detach: false diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 0adad538..7a3312dd 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -80,16 +80,15 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: heat_init_log: - start_order: 0 image: *heat_engine_image user: root volumes: - /var/log/containers/heat:/var/log/heat command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat'] + step_3: heat_engine_db_sync: - start_order: 1 image: *heat_engine_image net: host privileged: false diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 022eb5dd..13bd091c 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -86,7 +86,7 @@ outputs: owner: apache:apache recurse: false docker_config: - step_3: + step_2: horizon_fix_perms: image: *horizon_image user: root @@ -99,8 +99,8 @@ outputs: volumes: - /var/log/containers/horizon:/var/log/horizon - /var/lib/config-data/horizon/etc/:/etc/ + step_3: horizon: - start_order: 1 image: *horizon_image net: host privileged: false diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 650ce4cf..a32176af 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -82,9 +82,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: ironic_init_logs: - start_order: 0 image: &ironic_image list_join: - '/' @@ -94,6 +93,7 @@ outputs: volumes: - /var/log/containers/ironic:/var/log/ironic command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic'] + step_3: ironic_db_sync: start_order: 1 image: *ironic_image diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 5b253b46..4cd44f21 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -95,16 +95,15 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config - step_3: + step_2: keystone_init_log: - start_order: 0 image: *keystone_image user: root command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone'] volumes: - /var/log/containers/keystone:/var/log/keystone + step_3: keystone_db_sync: - start_order: 1 image: *keystone_image net: host privileged: false diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml new file mode 100644 index 00000000..fbc80fc5 --- /dev/null +++ b/docker/services/manila-scheduler.yaml @@ -0,0 +1,105 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Scheduler service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerManilaSchedulerImage: + description: image + default: 'centos-binary-manila-scheduler:latest' + type: string + DockerManilaConfigImage: + description: image + default: 'centos-binary-manila-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + ManilaSchedulerPuppetBase: + type: ../../puppet/services/manila-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Manila Scheduler role. + value: + service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: manila + puppet_tags: manila_config,manila_scheduler_paste_ini + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/manila_scheduler.json: + command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_4: + manila_scheduler: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaSchedulerImage} ] + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: Create persistent manila logs directory + file: + path: /var/log/containers/manila + state: directory + upgrade_tasks: + - name: Stop and disable manila_scheduler service + tags: step2 + service: name=openstack-manila-scheduler state=stopped enabled=no diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index d85a0878..d4539649 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -72,6 +72,7 @@ outputs: step_1: memcached_init_logs: start_order: 0 + detach: false image: *memcached_image privileged: false user: root diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index cc7e613e..30c3cde1 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -82,9 +82,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: mistral_init_logs: - start_order: 0 image: &mistral_image list_join: - '/' @@ -94,8 +93,9 @@ outputs: volumes: - /var/log/containers/mistral:/var/log/mistral command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral'] + step_3: mistral_db_sync: - start_order: 1 + start_order: 0 image: *mistral_image net: host privileged: false @@ -109,7 +109,7 @@ outputs: - /var/log/containers/mistral:/var/log/mistral command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'" mistral_db_populate: - start_order: 2 + start_order: 1 image: *mistral_image net: host privileged: false diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index fbdf75ab..6c2d4cae 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -92,9 +92,8 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: neutron_init_logs: - start_order: 0 image: &neutron_api_image list_join: - '/' @@ -104,8 +103,8 @@ outputs: volumes: - /var/log/containers/neutron:/var/log/neutron command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron'] + step_3: neutron_db_sync: - start_order: 1 image: *neutron_api_image net: host privileged: false diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 2375dada..c97f45de 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -86,9 +86,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: nova_init_logs: - start_order: 0 image: &nova_api_image list_join: - '/' @@ -98,8 +97,9 @@ outputs: volumes: - /var/log/containers/nova:/var/log/nova command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + step_3: nova_api_db_sync: - start_order: 1 + start_order: 0 image: *nova_api_image net: host detach: false @@ -116,7 +116,7 @@ outputs: # to be capable of upgrading a baremetal setup. This is to ensure the name # of the cell is 'default' nova_api_map_cell0: - start_order: 2 + start_order: 1 image: *nova_api_image net: host detach: false @@ -124,7 +124,7 @@ outputs: volumes: *nova_api_volumes command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'" nova_api_create_default_cell: - start_order: 3 + start_order: 2 image: *nova_api_image net: host detach: false @@ -136,7 +136,7 @@ outputs: user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'" nova_db_sync: - start_order: 4 + start_order: 3 image: *nova_api_image net: host detach: false diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml new file mode 100644 index 00000000..19f25d8e --- /dev/null +++ b/docker/services/nova-consoleauth.yaml @@ -0,0 +1,108 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Consoleauth service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaConsoleauthImage: + description: image + default: 'centos-binary-nova-consoleauth:latest' + type: string + DockerNovaConfigImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + NovaConsoleauthPuppetBase: + type: ../../puppet/services/nova-consoleauth.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Consoleauth service. + value: + service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]} + config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaConsoleauthPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_consoleauth.json: + command: /usr/bin/nova-consoleauth + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_4: + nova_consoleauth: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConsoleauthImage} ] + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_consoleauth service + tags: step2 + service: name=openstack-nova-consoleauth state=stopped enabled=no diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml new file mode 100644 index 00000000..97d2d154 --- /dev/null +++ b/docker/services/nova-vnc-proxy.yaml @@ -0,0 +1,108 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Vncproxy service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaVncProxyImage: + description: image + default: 'centos-binary-nova-novncproxy:latest' + type: string + DockerNovaConfigImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + NovaVncProxyPuppetBase: + type: ../../puppet/services/nova-vnc-proxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Vncproxy service. + value: + service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} + config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_vnc_proxy.json: + command: /usr/bin/nova-novncproxy --web /usr/share/novnc/ + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_4: + nova_vnc_proxy: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ] + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_vnc_proxy service + tags: step2 + service: name=openstack-nova-novncproxy state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml new file mode 100644 index 00000000..987ebaf0 --- /dev/null +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -0,0 +1,170 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Volume service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderVolumeImage: + description: image + default: 'centos-binary-cinder-volume:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + # custom parameters for the Cinder volume role + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + +resources: + + CinderBase: + type: ../../../puppet/services/cinder-volume.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + cinder::volume::manage_service: false + cinder::volume::enabled: false + cinder::host: hostgroup + step_config: "" + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: {get_attr: [CinderBase, role_data, step_config]} + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_volume.json: + command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_volume_init_logs: + start_order: 0 + image: *cinder_volume_image + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_5: + cinder_volume_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle' + image: *cinder_volume_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + - /var/lib/cinder + #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true + - name: cinder create LVM volume group dd + command: + list_join: + - '' + - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek=' + - str_replace: + template: VALUE + params: + VALUE: {get_param: CinderLVMLoopDeviceSize} + - 'M' + args: + creates: /var/lib/cinder/cinder-volumes + - name: cinder create LVM volume group + shell: | + if ! losetup /dev/loop2; then + losetup /dev/loop2 /var/lib/cinder/cinder-volumes + fi + if ! pvdisplay | grep cinder-volumes; then + pvcreate /dev/loop2 + fi + if ! vgdisplay | grep cinder-volumes; then + vgcreate cinder-volumes /dev/loop2 + fi + args: + executable: /bin/bash + creates: /dev/loop2 + upgrade_tasks: + - name: Stop and disable cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped enabled=no diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index c381c0da..585148e5 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -87,16 +87,15 @@ outputs: owner: panko:panko recurse: true docker_config: - step_3: + step_2: panko_init_log: - start_order: 0 image: *panko_image user: root volumes: - /var/log/containers/panko:/var/log/panko command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko'] + step_3: panko_db_sync: - start_order: 1 image: *panko_image net: host detach: false diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 609aec06..06d663c9 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -89,6 +89,7 @@ outputs: step_1: rabbitmq_init_logs: start_order: 0 + detach: false image: *rabbitmq_image privileged: false user: root @@ -97,6 +98,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq'] rabbitmq_bootstrap: start_order: 1 + detach: false image: *rabbitmq_image net: host privileged: false diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index 2fc99d6f..df9750c9 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -82,9 +82,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: tacker_init_logs: - start_order: 0 image: &tacker_image list_join: - '/' @@ -94,8 +93,8 @@ outputs: volumes: - /var/log/containers/tacker:/var/log/tacker command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker'] + step_3: tacker_db_sync: - start_order: 1 image: *tacker_image net: host privileged: false |