diff options
Diffstat (limited to 'docker')
| -rwxr-xr-x | docker/docker-puppet.py | 6 | ||||
| -rw-r--r-- | docker/services/README.rst | 2 | ||||
| -rw-r--r-- | docker/services/ironic-api.yaml | 14 | ||||
| -rw-r--r-- | docker/services/iscsid.yaml | 2 | ||||
| -rw-r--r-- | docker/services/nova-api.yaml | 12 | ||||
| -rw-r--r-- | docker/services/pacemaker/haproxy.yaml | 38 | ||||
| -rw-r--r-- | docker/services/swift-storage.yaml | 8 |
7 files changed, 54 insertions, 28 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 65d3bf38..01acde03 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -205,7 +205,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume # Disables archiving if [ -z "$NO_ARCHIVE" ]; then - archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www") + archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron") rsync_srcs="" for d in "${archivedirs[@]}"; do if [ -d "$d" ]; then @@ -308,9 +308,9 @@ for config_volume in configs: volumes = service[4] if len(service) > 4 else [] if puppet_tags: - puppet_tags = "file,file_line,concat,augeas,%s" % puppet_tags + puppet_tags = "file,file_line,concat,augeas,cron,%s" % puppet_tags else: - puppet_tags = "file,file_line,concat,augeas" + puppet_tags = "file,file_line,concat,augeas,cron" process_map.append([config_volume, puppet_tags, manifest, config_image, volumes]) diff --git a/docker/services/README.rst b/docker/services/README.rst index 84ac842e..ce255ba8 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -74,7 +74,7 @@ are re-asserted when applying latter ones. * puppet_tags: Puppet resource tag names that are used to generate config files with puppet. Only the named config resources are used to generate a config file. Any service that specifies tags will have the default - tags of 'file,concat,file_line,augeas' appended to the setting. + tags of 'file,concat,file_line,augeas,cron' appended to the setting. Example: keystone_config * config_volume: The name of the volume (directory) where config files diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 9583cd71..d18221db 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -12,9 +12,9 @@ parameters: description: image default: 'centos-binary-ironic-api:latest' type: string - DockerIronicConfigImage: - description: The container image to use for the ironic config_volume - default: 'centos-binary-ironic-pxe:latest' + DockerIronicApiConfigImage: + description: The container image to use for the ironic_api config_volume + default: 'centos-binary-ironic-api:latest' type: string EndpointMap: default: {} @@ -67,13 +67,13 @@ outputs: service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: ironic + config_volume: ironic_api puppet_tags: ironic_config step_config: *step_config config_image: list_join: - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiConfigImage} ] kolla_config: /var/lib/kolla/config_files/ironic_api.json: command: /usr/sbin/httpd -DFOREGROUND @@ -111,7 +111,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro + - /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro - /var/log/containers/ironic:/var/log/ironic command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'" step_4: @@ -126,7 +126,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index 86f2d3b4..c98a921d 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -100,6 +100,7 @@ outputs: when: stat_iscsid_socket.stat.exists upgrade_tasks: - name: stat /lib/systemd/system/iscsid.service + tags: step2 stat: path=/lib/systemd/system/iscsid.service register: stat_iscsid_service - name: Stop and disable iscsid service @@ -107,6 +108,7 @@ outputs: service: name=iscsid state=stopped enabled=no when: stat_iscsid_service.stat.exists - name: stat /lib/systemd/system/iscsid.socket + tags: step2 stat: path=/lib/systemd/system/iscsid.socket register: stat_iscsid_socket - name: Stop and disable iscsid.socket service diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 93935cad..9282c934 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -158,7 +158,7 @@ outputs: user: nova privileged: true restart: always - volumes: + volumes: &nova_api_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} - @@ -167,6 +167,16 @@ outputs: - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + nova_api_cron: + image: *nova_api_image + net: host + user: root + privileged: true + restart: always + volumes: *nova_api_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + command: "/usr/sbin/crond -n" step_5: nova_api_discover_hosts: start_order: 1 diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index bfc9ca50..1b104a23 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -30,6 +30,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string RoleName: default: '' description: Role name on which the service is applied @@ -81,6 +86,12 @@ outputs: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] + volumes: &deployed_cert_mount + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg @@ -116,17 +127,20 @@ outputs: - 'include ::tripleo::profile::pacemaker::haproxy_bundle' image: *haproxy_image volumes: - # puppet saves iptables rules in /etc/sysconfig - - /etc/sysconfig:/etc/sysconfig:rw - # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount - # the necessary bit and prevent systemd to try to reload the service in the container - - /usr/libexec/iptables:/usr/libexec/iptables:ro - - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /etc/puppet:/tmp/puppet-etc:ro - - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - - /dev/shm:/dev/shm:rw + list_concat: + - *deployed_cert_mount + - + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index d795818f..a07c92ae 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -188,8 +188,8 @@ outputs: - path: /var/log/swift owner: swift:swift recurse: true - /var/lib/kolla/config_files/swift_xinetd_rsync.json: - command: /usr/sbin/xinetd -dontfork + /var/lib/kolla/config_files/swift_rsync.json: + command: /usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -428,7 +428,7 @@ outputs: - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env - swift_xinetd_rsync: + swift_rsync: image: *swift_object_image net: host user: root @@ -438,7 +438,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/swift_xinetd_rsync.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/swift_rsync.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node |