aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rw-r--r--docker/copy-json.py72
-rw-r--r--docker/firstboot/install_docker_agents.yaml2
-rwxr-xr-xdocker/firstboot/start_docker_agents.sh98
-rw-r--r--docker/post.j2.yaml104
-rw-r--r--docker/services/README.rst5
-rw-r--r--docker/services/neutron-ovs-agent.yaml27
-rw-r--r--docker/services/nova-compute.yaml14
-rw-r--r--docker/services/nova-libvirt.yaml15
-rw-r--r--docker/services/services.yaml4
9 files changed, 95 insertions, 246 deletions
diff --git a/docker/copy-json.py b/docker/copy-json.py
deleted file mode 100644
index e85ff11e..00000000
--- a/docker/copy-json.py
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/python
-import json
-import os
-
-data = {}
-file_perms = '0600'
-libvirt_perms = '0644'
-
-libvirt_config = os.getenv('libvirt_config').split(',')
-nova_config = os.getenv('nova_config').split(',')
-neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',')
-
-# Command, Config_files, Owner, Perms
-services = {
- 'nova-libvirt': [
- '/usr/sbin/libvirtd',
- libvirt_config,
- 'root',
- libvirt_perms],
- 'nova-compute': [
- '/usr/bin/nova-compute',
- nova_config,
- 'nova',
- file_perms],
- 'neutron-openvswitch-agent': [
- '/usr/bin/neutron-openvswitch-agent',
- neutron_openvswitch_agent_config,
- 'neutron',
- file_perms],
- 'ovs-vswitchd': [
- '/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/kolla/openvswitch/ovs-vswitchd.log'],
- 'ovsdb-server': [
- '/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --remote=ptcp:6640:127.0.0.1 --log-file=/var/log/kolla/openvswitch/ovsdb-server.log']
-}
-
-
-def build_config_files(config, owner, perms):
- config_source = '/var/lib/kolla/config_files/'
- config_files_dict = {}
- source = os.path.basename(config)
- dest = config
- config_files_dict.update({'source': config_source + source,
- 'dest': dest,
- 'owner': owner,
- 'perm': perms})
- return config_files_dict
-
-
-for service in services:
- if service != 'ovs-vswitchd' and service != 'ovsdb-server':
- command = services.get(service)[0]
- config_files = services.get(service)[1]
- owner = services.get(service)[2]
- perms = services.get(service)[3]
- config_files_list = []
- for config_file in config_files:
- if service == 'nova-libvirt':
- command = command + ' --config ' + config_file
- else:
- command = command + ' --config-file ' + config_file
- data['command'] = command
- config_files_dict = build_config_files(config_file, owner, perms)
- config_files_list.append(config_files_dict)
- data['config_files'] = config_files_list
- else:
- data['command'] = services.get(service)[0]
- data['config_files'] = []
-
- json_config_dir = '/var/lib/etc-data/json-config/'
- with open(json_config_dir + service + '.json', 'w') as json_file:
- json.dump(data, json_file, sort_keys=True, indent=4,
- separators=(',', ': '))
diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml
index f6d61e2d..41a87406 100644
--- a/docker/firstboot/install_docker_agents.yaml
+++ b/docker/firstboot/install_docker_agents.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2014-10-16
+heat_template_version: ocata
parameters:
DockerAgentImage:
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index e7e276b2..1c5cc18d 100755
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -1,73 +1,56 @@
#!/bin/bash
set -eux
-/sbin/setenforce 0
-/sbin/modprobe ebtables
-
-# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
-chmod 666 /dev/pts/ptmx
-
-# We need hostname -f to return in a centos container for the puppet hook
-HOSTNAME=$(hostname)
-echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-
-# update docker for local insecure registry(optional)
-# Note: This is different for different docker versions
-# For older docker versions < 1.4.x use commented line
-#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
-#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
+# TODO remove this when built image includes docker
+if [ ! -f "/usr/bin/docker" ]; then
+ yum -y install docker
+fi
# Local docker registry 1.8
# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is
# a place holder for text replacement done via heat
-if [ "$docker_namespace_is_registry" = True ]; then
+if [ "$docker_namespace_is_registry" = "True" ]; then
/usr/bin/systemctl stop docker.service
# if namespace is used with local registry, trim all namespacing
trim_var=$docker_registry
registry_host="${trim_var%%/*}"
/bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker
- /usr/bin/systemctl start --no-block docker.service
fi
-/usr/bin/docker pull $agent_image &
-DOCKER_PULL_PID=$!
-
mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
# NOTE(flaper87): Heat Agent required mounts
-AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \
- -v /run:/run \
- -v /etc:/host/etc \
- -v /usr/bin/atomic:/usr/bin/atomic \
- -v /var/lib/dhclient:/var/lib/dhclient \
- -v /var/lib/cloud:/var/lib/cloud \
- -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
- -v /etc/sysconfig/docker:/etc/sysconfig/docker \
- -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
- -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2"
-
-
-# NOTE(flaper87): Some of these commands may not be present depending on the
-# atomic version.
-for docker_cmd in docker docker-current docker-latest; do
- if [ -f "/usr/bin/$docker_cmd" ]; then
- AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd"
- fi
-done
+AGENT_COMMAND_MOUNTS="\
+-v /var/lib/etc-data:/var/lib/etc-data \
+-v /run:/run \
+-v /etc/hosts:/etc/hosts \
+-v /etc:/host/etc \
+-v /var/lib/dhclient:/var/lib/dhclient \
+-v /var/lib/cloud:/var/lib/cloud \
+-v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
+-v /var/lib/os-collect-config:/var/lib/os-collect-config \
+-v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \
+-v /var/lib/heat-config:/var/lib/heat-config \
+-v /etc/sysconfig/docker:/etc/sysconfig/docker \
+-v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
+-v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2 \
+-v /usr/bin/docker:/usr/bin/docker \
+-v /usr/bin/docker-current:/usr/bin/docker-current \
+-v /var/lib/os-collect-config:/var/lib/os-collect-config"
# heat-docker-agents service
cat <<EOF > /etc/systemd/system/heat-docker-agents.service
-
[Unit]
Description=Heat Docker Agent Container
After=docker.service
Requires=docker.service
+Before=os-collect-config.service
+Conflicts=os-collect-config.service
[Service]
User=root
-Restart=on-failure
-ExecStartPre=-/usr/bin/docker kill heat-agents
-ExecStartPre=-/usr/bin/docker rm heat-agents
+Restart=always
+ExecStartPre=-/usr/bin/docker rm -f heat-agents
ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \
$AGENT_COMMAND_MOUNTS \
--entrypoint=/usr/bin/os-collect-config $agent_image
@@ -75,35 +58,12 @@ ExecStop=/usr/bin/docker stop heat-agents
[Install]
WantedBy=multi-user.target
-
EOF
# enable and start heat-docker-agents
-chmod 0640 /etc/systemd/system/heat-docker-agents.service
/usr/bin/systemctl enable heat-docker-agents.service
/usr/bin/systemctl start --no-block heat-docker-agents.service
-# Disable NetworkManager and let the ifup/down scripts work properly.
-/usr/bin/systemctl disable NetworkManager
-/usr/bin/systemctl stop NetworkManager
-
-# Atomic's root partition & logical volume defaults to 3G. In order to launch
-# larger VMs, we need to enlarge the root logical volume and scale down the
-# docker_pool logical volume. We are allocating 80% of the disk space for
-# vm data and the remaining 20% for docker images.
-ATOMIC_ROOT='/dev/mapper/atomicos-root'
-ROOT_DEVICE=`pvs -o vg_name,pv_name --no-headings | grep atomicos | awk '{ print $2}'`
-
-growpart $( echo "${ROOT_DEVICE}" | sed -r 's/([^0-9]*)([0-9]+)/\1 \2/' )
-pvresize "${ROOT_DEVICE}"
-lvresize -l +80%FREE "${ATOMIC_ROOT}"
-xfs_growfs "${ATOMIC_ROOT}"
-
-cat <<EOF > /etc/sysconfig/docker-storage-setup
-GROWPART=true
-AUTO_EXTEND_POOL=yes
-POOL_AUTOEXTEND_PERCENT=30
-POOL_AUTOEXTEND_THRESHOLD=70
-EOF
-
-wait $DOCKER_PULL_PID
+# Disable libvirtd
+/usr/bin/systemctl disable libvirtd.service
+/usr/bin/systemctl stop libvirtd.service
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
index 6cb92c83..865c74e5 100644
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-10-14
+heat_template_version: ocata
description: >
Post-deploy configuration steps via puppet for all roles,
@@ -20,33 +20,6 @@ parameters:
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
-
- DockerOpenvswitchDBImage:
- description: image
- default: 'centos-binary-openvswitch-db-server'
- type: string
-
- DockerOvsVswitchdImage:
- description: image
- default: 'centos-binary-openvswitch-vswitchd'
- type: string
-
- LibvirtConfig:
- type: string
- default: "/etc/libvirt/libvirtd.conf"
-
- NovaConfig:
- type: string
- default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf"
-
- NeutronOpenvswitchAgentConfig:
- type: string
- default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
-
resources:
{% for role in roles %}
@@ -184,77 +157,24 @@ resources:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: CopyEtcConfig}
- CopyJsonConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- inputs:
- - name: libvirt_config
- - name: nova_config
- - name: neutron_openvswitch_agent_config
- config: {get_file: ../docker/copy-json.py}
-
- CopyJsonDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
+ {{role.name}}KollaJsonConfig:
+ type: OS::Heat::StructuredConfig
depends_on: CopyEtcDeployment
properties:
- name: CopyJsonDeployment
- config: {get_resource: CopyJsonConfig}
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- libvirt_config: {get_param: LibvirtConfig}
- nova_config: {get_param: NovaConfig}
- neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig}
+ group: json-file
+ config:
+ {get_param: [role_data, {{role.name}}, kolla_config]}
- NovaComputeContainersDeploymentOVS:
- type: OS::Heat::StructuredDeploymentGroup
- depends_on: CopyJsonDeployment
+ {{role.name}}KollaJsonDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
properties:
- name: NovaComputeContainersDeploymentOVS
- config: {get_resource: NovaComputeContainersConfigOVS}
+ name: {{role.name}}KollaJsonDeployment
+ config: {get_resource: {{role.name}}KollaJsonConfig}
servers: {get_param: [servers, {{role.name}}]}
- NovaComputeContainersConfigOVS:
- type: OS::Heat::StructuredConfig
- properties:
- group: docker-cmd
- config:
- openvswitchdb:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ]
- net: host
- restart: always
- volumes:
- - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json
- - /etc/localtime:/etc/localtime:ro
- - /run:/run
- - logs:/var/log/kolla/
- - openvswitch_db:/var/lib/openvswitch/
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
- ovsvswitchd:
- image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ]
- net: host
- privileged: true
- restart: always
- volumes:
- - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json
- - /etc/localtime:/etc/localtime:ro
- - /lib/modules:/lib/modules:ro
- - /run:/run
- - logs:/var/log/kolla/
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
{{role.name}}ContainersConfig_Step1:
type: OS::Heat::StructuredConfig
- depends_on: CopyJsonDeployment
+ depends_on: {{role.name}}KollaJsonDeployment
properties:
group: docker-cmd
config:
@@ -262,7 +182,7 @@ resources:
{{role.name}}ContainersConfig_Step2:
type: OS::Heat::StructuredConfig
- depends_on: CopyJsonDeployment
+ depends_on: {{role.name}}KollaJsonDeployment
properties:
group: docker-cmd
config:
diff --git a/docker/services/README.rst b/docker/services/README.rst
index 8d1f9e86..60719bfc 100644
--- a/docker/services/README.rst
+++ b/docker/services/README.rst
@@ -32,6 +32,11 @@ are re-asserted when applying latter ones.
* config_settings: Custom hiera settings for this service. These are
used to generate configs.
+ * kolla_config: Contains YAML that represents how to map config files
+ into the kolla container. This config file is typically mapped into
+ the container itself at the /var/lib/kolla/config_files/config.json
+ location and drives how kolla's external config mechanisms work.
+
* step_config: A puppet manifest that is used to step through the deployment
sequence. Each sequence is given a "step" (via hiera('step') that provides
information for when puppet classes should activate themselves.
diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index 8d092a34..0a061f6c 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: >
OpenStack Neutron openvswitch service
@@ -12,12 +12,6 @@ parameters:
description: image
default: 'centos-binary-neutron-openvswitch-agent'
type: string
- NeutronOpenvswitchAgentPluginVolume:
- type: string
- default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro"
- NeutronOpenvswitchAgentOvsVolume:
- type: string
- default: " "
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -49,6 +43,22 @@ outputs:
config_settings: {get_attr: [NeutronOvsAgentBase, role_data, config_settings]}
step_config: {get_attr: [NeutronOvsAgentBase, role_data, step_config]}
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
+ kolla_config:
+ /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:
+ command: /usr/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+ config_files:
+ - dest: /etc/neutron/neutron.conf
+ owner: neutron
+ perm: '0600'
+ source: /var/lib/kolla/config_files/neutron.conf
+ - dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+ owner: neutron
+ perm: '0600'
+ source: /var/lib/kolla/config_files/openvswitch_agent.ini
+ - dest: /etc/neutron/plugins/ml2/ml2_conf.ini
+ owner: neutron
+ perm: '0600'
+ source: /var/lib/kolla/config_files/ml2_conf.ini
docker_config:
step_1:
neutronovsagent:
@@ -64,8 +74,7 @@ outputs:
- /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json
- /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro
- /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro
- - {get_param: NeutronOpenvswitchAgentPluginVolume}
- - {get_param: NeutronOpenvswitchAgentOvsVolume}
+ - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro
- /etc/localtime:/etc/localtime:ro
- /lib/modules:/lib/modules:ro
- /run:/run
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 5c56aeee..e765609e 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: >
OpenStack containerized Nova Compute service
@@ -41,6 +41,18 @@ outputs:
config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]}
step_config: {get_attr: [NovaComputeBase, role_data, step_config]}
puppet_tags: nova_config,nova_paste_api_ini
+ kolla_config:
+ /var/lib/etc-data/json-config/nova-compute.json:
+ command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+ config_files:
+ - dest: /etc/nova/nova.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/nova.conf
+ - dest: /etc/nova/rootwrap.conf
+ owner: nova
+ perm: '0600'
+ source: /var/lib/kolla/config_files/rootwrap.conf
docker_config:
step_1:
novacompute:
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 36511557..004d624a 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
description: >
OpenStack Libvirt Service
@@ -41,6 +41,14 @@ outputs:
config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]}
step_config: {get_attr: [NovaLibvirtBase, role_data, step_config]}
puppet_tags: nova_config
+ kolla_config:
+ /var/lib/etc-data/json-config/nova-libvirt.json:
+ command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+ config_files:
+ - dest: /etc/libvirt/libvirtd.conf
+ owner: root
+ perm: '0644'
+ source: /var/lib/kolla/config_files/libvirtd.conf
docker_config:
step_1:
nova_libvirt:
@@ -55,6 +63,11 @@ outputs:
volumes:
- /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json
- /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf
+ # NOTE(mandre) Ideally the qemu.conf file is mounted in
+ # /var/lib/kolla/config_files and copied to the right place but
+ # copy-json.py doesn't allow us to do that without appending the
+ # file as an additional config on the CLI
+ - /var/lib/etc-data/libvirt/qemu.conf:/etc/libvirt/qemu.conf:ro
- /etc/localtime:/etc/localtime:ro
- /lib/modules:/lib/modules:ro
- /run:/run
diff --git a/docker/services/services.yaml b/docker/services/services.yaml
index 37e7b655..8c31107f 100644
--- a/docker/services/services.yaml
+++ b/docker/services/services.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-10-14
+heat_template_version: ocata
description: >
Utility stack to convert an array of services into a set of combined
@@ -68,6 +68,8 @@ outputs:
step_config:
{get_attr: [PuppetServices, role_data, step_config]}
puppet_tags: {list_join: [",", {get_attr: [ServiceChain, role_data, puppet_tags]}]}
+ kolla_config:
+ map_merge: {get_attr: [ServiceChain, role_data, kolla_config]}
docker_config:
step_1: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_1]}}
step_2: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_2]}}