8 files changed, 526 insertions, 18 deletions

diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2
index a56ca02b..3dd963b9 100644
--- a/docker/docker-steps.j2
+++ b/docker/docker-steps.j2
@@ -139,10 +139,6 @@ resources:
                         - name: Write kolla config json files
                           copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
                           with_dict: "{{kolla_config}}"
-                        - name: Install paunch FIXME remove when packaged
-                          shell: |
-                            yum -y install python-pip
-                            pip install paunch
                         ########################################################
                         # Bootstrap tasks, only performed on bootstrap_server_id
                         ########################################################
@@ -220,26 +216,31 @@ resources:
   {% endfor %}
   # END CONFIG STEPS
 
-  {{role.name}}PostConfig:
-    type: OS::TripleO::Tasks::{{role.name}}PostConfig
+  # Note, this should be the last step to execute configuration changes.
+  # Ensure that all {{role.name}}ExtraConfigPost steps are executed
+  # after all the previous deployment steps.
+  {{role.name}}ExtraConfigPost:
     depends_on:
   {% for dep in roles %}
       - {{dep.name}}Deployment_Step5
   {% endfor %}
+    type: OS::TripleO::NodeExtraConfigPost
     properties:
-      servers:  {get_param: servers}
-      input_values:
-        update_identifier: {get_param: DeployIdentifier}
+        servers: {get_param: [servers, {{role.name}}]}
 
-  # Note, this should come last, so use depends_on to ensure
-  # this is created after any other resources.
-  {{role.name}}ExtraConfigPost:
+  # The {{role.name}}PostConfig steps are in charge of
+  # quiescing all services, i.e. in the Controller case,
+  # we should run a full service reload.
+  {{role.name}}PostConfig:
+    type: OS::TripleO::Tasks::{{role.name}}PostConfig
     depends_on:
   {% for dep in roles %}
-      - {{dep.name}}PostConfig
+      - {{dep.name}}ExtraConfigPost
   {% endfor %}
-    type: OS::TripleO::NodeExtraConfigPost
     properties:
-        servers: {get_param: [servers, {{role.name}}]}
+      servers:  {get_param: servers}
+      input_values:
+        update_identifier: {get_param: DeployIdentifier}
+
 
 {% endfor %}
diff --git a/docker/docker-toool b/docker/docker-toool
index 36aba4a7..0b87ea92 100755
--- a/docker/docker-toool
+++ b/docker/docker-toool
@@ -75,6 +75,9 @@ def parse_opts(argv):
 
 def docker_arg_map(key, value):
     value = str(value).encode('ascii', 'ignore')
+    if len(value) == 0:
+        return ''
+
     return {
         'environment': "--env=%s" % value,
         # 'image': value,
diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml
new file mode 100644
index 00000000..47d0f579
--- /dev/null
+++ b/docker/services/manila-api.yaml
@@ -0,0 +1,112 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Manila API service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerManilaApiImage:
+    description: image
+    default: 'centos-binary-manila-api:latest'
+    type: string
+  DockerManilaConfigImage:
+    description: image
+    default: 'centos-binary-manila-base:latest'
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ManilaApiPuppetBase:
+    type: ../../puppet/services/manila-api.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+  role_data:
+    description: Role data for the Manila API role.
+    value:
+      service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]}
+      config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]}
+      step_config: &step_config
+        {get_attr: [ManilaApiPuppetBase, role_data, step_config]}
+      service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS #
+      puppet_config:
+        config_volume: manila
+        puppet_tags: manila_config,manila_api_paste_ini
+        step_config: *step_config
+        config_image:
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/manila_api.json:
+          command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+          permissions:
+            - path: /var/log/manila
+              owner: manila:manila
+              recurse: true
+      docker_config:
+        step_3:
+          manila_api_db_sync:
+            user: root
+            image: &manila_api_image
+              list_join:
+                - '/'
+                - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ]
+            net: host
+            detach: false
+            volumes:
+              - /var/lib/config-data/manila/etc/manila/:/etc/manila:ro
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - logs:/var/log
+            command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
+        step_4:
+          manila_api:
+            image: *manila_api_image
+            net: host
+            restart: always
+            volumes:
+              - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
+              - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /var/log/containers/manila:/var/log/manila
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: Create persistent manila logs directory
+          file:
+            path: /var/log/containers/manila
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable manila_api service
+          tags: step2
+          service: name=openstack-manila-api state=stopped enabled=no
diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml
new file mode 100644
index 00000000..10670796
--- /dev/null
+++ b/docker/services/sahara-api.yaml
@@ -0,0 +1,119 @@
+heat_template_version: pike
+
+description: >
+  OpenStack Sahara service configured with Puppet
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerSaharaApiImage:
+    description: image
+    default: 'centos-binary-sahara-api:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  SaharaApiPuppetBase:
+    type: ../../puppet/services/sahara-api.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+  role_data:
+    description: Role data for the Sahara API role.
+    value:
+      service_name: {get_attr: [SaharaApiPuppetBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [SaharaApiPuppetBase, role_data, config_settings]
+          - sahara::sync_db: false
+      step_config: &step_config
+        get_attr: [SaharaApiPuppetBase, role_data, step_config]
+      service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS #
+      puppet_config:
+        config_volume: sahara
+        puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
+        step_config: *step_config
+        config_image: &sahara_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/sahara-api.json:
+          command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf
+          permissions:
+            - path: /var/lib/sahara
+              owner: sahara:sahara
+              recurse: true
+            - path: /var/log/sahara
+              owner: sahara:sahara
+              recurse: true
+      docker_config:
+        step_3:
+          sahara_db_sync:
+            image: *sahara_image
+            net: host
+            privileged: false
+            detach: false
+            volumes: &sahara_volumes
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json
+                  - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /var/lib/sahara:/var/lib/sahara
+                  - /var/log/containers/sahara:/var/log/sahara
+            command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'"
+        step_4:
+          sahara_api:
+            image: *sahara_image
+            net: host
+            privileged: false
+            restart: always
+            volumes: *sahara_volumes
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create /var/lib/sahara
+          file:
+            path: /var/lib/sahara
+            state: directory
+        - name: create persistent sahara logs directory
+          file:
+            path: /var/log/containers/sahara
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable sahara_api service
+          tags: step2
+          service: name=openstack-sahara-api state=stopped enabled=no
diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml
new file mode 100644
index 00000000..41b5790b
--- /dev/null
+++ b/docker/services/sahara-engine.yaml
@@ -0,0 +1,110 @@
+heat_template_version: pike
+
+description: >
+  OpenStack Sahara service configured with Puppet
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerSaharaEngineImage:
+    description: image
+    default: 'centos-binary-sahara-engine:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  SaharaEnginePuppetBase:
+    type: ../../puppet/services/sahara-engine.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+  role_data:
+    description: Role data for the Sahara Engine role.
+    value:
+      service_name: {get_attr: [SaharaEnginePuppetBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [SaharaEnginePuppetBase, role_data, config_settings]
+          - sahara::sync_db: false
+      step_config: &step_config
+        get_attr: [SaharaEnginePuppetBase, role_data, step_config]
+      service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS #
+      puppet_config:
+        config_volume: sahara
+        puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
+        step_config: *step_config
+        config_image: &sahara_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/sahara-engine.json:
+          command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf
+          permissions:
+            - path: /var/lib/sahara
+              owner: sahara:sahara
+              recurse: true
+            - path: /var/log/sahara
+              owner: sahara:sahara
+              recurse: true
+      docker_config:
+        step_4:
+          sahara_engine:
+            image: *sahara_image
+            net: host
+            privileged: false
+            restart: always
+            volumes: &sahara_volumes
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json
+                  - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
+                  - /var/lib/sahara:/var/lib/sahara
+                  - /var/log/containers/sahara:/var/log/sahara
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create /var/lib/sahara
+          file:
+            path: /var/lib/sahara
+            state: directory
+        - name: create persistent sahara logs directory
+          file:
+            path: /var/log/containers/sahara
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable sahara_engine service
+          tags: step2
+          service: name=openstack-sahara-engine state=stopped enabled=no
diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml
new file mode 100644
index 00000000..e6bdf155
--- /dev/null
+++ b/docker/services/sensu-client.yaml
@@ -0,0 +1,131 @@
+heat_template_version: pike
+
+description: >
+  Containerized Sensu client service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerSensuClientImage:
+    description: image
+    default: 'centos-binary-sensu-client:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  SensuDockerCheckCommand:
+    type: string
+    default: |
+      for i in $(docker ps --format '{{.ID}}'); do
+        if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then
+          if [ "$result" != 'healthy' ]; then
+            echo "$(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{json .State}}' $i)" && exit 2;
+          fi
+        fi
+      done
+  SensuDockerCheckInterval:
+    type: number
+    description: The frequency in seconds the docker health check is executed.
+    default: 10
+  SensuDockerCheckHandlers:
+    default: []
+    description: The Sensu event handler to use for events
+                 created by the docker health check.
+    type: comma_delimited_list
+  SensuDockerCheckOccurrences:
+    type: number
+    description: The number of event occurrences before sensu-plugin-aware handler should take action.
+    default: 3
+  SensuDockerCheckRefresh:
+    type: number
+    description: The number of seconds sensu-plugin-aware handlers should wait before taking second action.
+    default: 90
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  SensuClientBase:
+    type: ../../puppet/services/monitoring/sensu-client.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+  role_data:
+    description: Role data for the Sensu client role.
+    value:
+      service_name: {get_attr: [SensuClientBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [SensuClientBase, role_data, config_settings]
+          - sensu::checks:
+              check-docker-health:
+                standalone: true
+                command: {get_param: SensuDockerCheckCommand}
+                interval: {get_param: SensuDockerCheckInterval}
+                handlers: {get_param: SensuDockerCheckHandlers}
+                occurrences: {get_param: SensuDockerCheckOccurrences}
+                refresh: {get_param: SensuDockerCheckRefresh}
+      step_config: &step_config
+        get_attr: [SensuClientBase, role_data, step_config]
+      service_config_settings: {get_attr: [SensuClientBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: sensu
+        puppet_tags:  sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check
+        step_config: *step_config
+        config_image: &sensu_client_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/sensu-client.json:
+          command: /usr/bin/sensu-client -d /etc/sensu/conf.d/
+      docker_config:
+        step_3:
+          sensu_client:
+            image: *sensu_client_image
+            net: host
+            privileged: true
+            # NOTE(mmagr) kolla image changes the user to 'sensu', we need it
+            # to be root have rw permission to docker.sock to run successfully
+            # "docker inspect" command
+            user: root
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/run/docker.sock:/var/run/docker.sock:rw
+                  - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      upgrade_tasks:
+        - name: Stop and disable sensu-client service
+          tags: step2
+          service: name=sensu-client.service state=stopped enabled=no
diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml
index bfd445d0..075d8d7c 100644
--- a/docker/services/swift-ringbuilder.yaml
+++ b/docker/services/swift-ringbuilder.yaml
@@ -58,6 +58,14 @@ parameters:
     default: true
     description: 'Use a local directory for Swift storage services when building rings'
     type: boolean
+  SwiftRingGetTempurl:
+    default: ''
+    description: A temporary Swift URL to download rings from.
+    type: string
+  SwiftRingPutTempurl:
+    default: ''
+    description: A temporary Swift URL to upload rings to.
+    type: string
 
 resources:
 
@@ -75,14 +83,17 @@ outputs:
     description: Role data for Swift Ringbuilder configuration in containers.
     value:
       service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]}
-      config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
+      config_settings:
+        map_merge:
+          - {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
+          - tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true
       step_config: &step_config
         get_attr: [SwiftRingbuilderBase, role_data, step_config]
       service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config:
         config_volume: 'swift'
-        puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance
+        puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball
         step_config: *step_config
         config_image:
           list_join:
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index 017fb123..55aea208 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -46,6 +46,11 @@ parameters:
                  via parameter_defaults in the resource registry.  This
                  mapping overrides those in ServiceNetMapDefaults.
     type: json
+  SwiftRawDisks:
+    default: {}
+    description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+    type: json
+
 
 resources:
 
@@ -66,7 +71,11 @@ outputs:
     description: Role data for the swift storage services.
     value:
       service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
-      config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]}
+      config_settings:
+        map_merge:
+          - {get_attr: [SwiftStorageBase, role_data, config_settings]}
+          # FIXME (cschwede): re-enable this once checks works inside containers
+          - swift::storage::all::mount_check: false
       step_config: &step_config
         get_attr: [SwiftStorageBase, role_data, step_config]
       service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
@@ -348,6 +357,18 @@ outputs:
           with_items:
             - /var/log/containers/swift
             - /srv/node
+        - name: Format and mount devices defined in SwiftRawDisks
+          mount:
+            name: /srv/node/{{ item }}
+            src: /dev/{{ item }}
+            fstype: xfs
+            opts: noatime
+            state: mounted
+          with_items:
+            - repeat:
+                template: 'DEVICE'
+                for_each:
+                  DEVICE: {get_param: SwiftRawDisks}
       upgrade_tasks:
         - name: Stop and disable swift storage services
           tags: step2