diff options
Diffstat (limited to 'docker')
43 files changed, 4080 insertions, 511 deletions
diff --git a/docker/copy-etc.sh b/docker/copy-etc.sh deleted file mode 100644 index 1a6cd520..00000000 --- a/docker/copy-etc.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -echo "Copying agent container /etc to /var/lib/etc-data" -cp -a /etc/* /var/lib/etc-data/ diff --git a/docker/copy-json.py b/docker/copy-json.py deleted file mode 100644 index e85ff11e..00000000 --- a/docker/copy-json.py +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/python -import json -import os - -data = {} -file_perms = '0600' -libvirt_perms = '0644' - -libvirt_config = os.getenv('libvirt_config').split(',') -nova_config = os.getenv('nova_config').split(',') -neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',') - -# Command, Config_files, Owner, Perms -services = { - 'nova-libvirt': [ - '/usr/sbin/libvirtd', - libvirt_config, - 'root', - libvirt_perms], - 'nova-compute': [ - '/usr/bin/nova-compute', - nova_config, - 'nova', - file_perms], - 'neutron-openvswitch-agent': [ - '/usr/bin/neutron-openvswitch-agent', - neutron_openvswitch_agent_config, - 'neutron', - file_perms], - 'ovs-vswitchd': [ - '/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/kolla/openvswitch/ovs-vswitchd.log'], - 'ovsdb-server': [ - '/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --remote=ptcp:6640:127.0.0.1 --log-file=/var/log/kolla/openvswitch/ovsdb-server.log'] -} - - -def build_config_files(config, owner, perms): - config_source = '/var/lib/kolla/config_files/' - config_files_dict = {} - source = os.path.basename(config) - dest = config - config_files_dict.update({'source': config_source + source, - 'dest': dest, - 'owner': owner, - 'perm': perms}) - return config_files_dict - - -for service in services: - if service != 'ovs-vswitchd' and service != 'ovsdb-server': - command = services.get(service)[0] - config_files = services.get(service)[1] - owner = services.get(service)[2] - perms = services.get(service)[3] - config_files_list = [] - for config_file in config_files: - if service == 'nova-libvirt': - command = command + ' --config ' + config_file - else: - command = command + ' --config-file ' + config_file - data['command'] = command - config_files_dict = build_config_files(config_file, owner, perms) - config_files_list.append(config_files_dict) - data['config_files'] = config_files_list - else: - data['command'] = services.get(service)[0] - data['config_files'] = [] - - json_config_dir = '/var/lib/etc-data/json-config/' - with open(json_config_dir + service + '.json', 'w') as json_file: - json.dump(data, json_file, sort_keys=True, indent=4, - separators=(',', ': ')) diff --git a/docker/create-config-dir.sh b/docker/create-config-dir.sh new file mode 100644 index 00000000..1be1a56f --- /dev/null +++ b/docker/create-config-dir.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# This is where we stack puppet configuration (for now)... +mkdir -p /var/lib/config-data + +# This is the docker-puppet configs end in +mkdir -p /var/lib/docker-puppet diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py new file mode 100755 index 00000000..157bf63f --- /dev/null +++ b/docker/docker-puppet.py @@ -0,0 +1,256 @@ +#!/usr/bin/env python +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# Shell script tool to run puppet inside of the given docker container image. +# Uses the config file at /var/lib/docker-puppet/docker-puppet.json as a source for a JSON +# array of [config_volume, puppet_tags, manifest, config_image, [volumes]] settings +# that can be used to generate config files or run ad-hoc puppet modules +# inside of a container. + +import json +import os +import subprocess +import sys +import tempfile +import multiprocessing + + +# this is to match what we do in deployed-server +def short_hostname(): + subproc = subprocess.Popen(['hostname', '-s'], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + cmd_stdout, cmd_stderr = subproc.communicate() + return cmd_stdout.rstrip() + + +def pull_image(name): + print('Pulling image: %s' % name) + subproc = subprocess.Popen(['/usr/bin/docker', 'pull', name], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + cmd_stdout, cmd_stderr = subproc.communicate() + print(cmd_stdout) + print(cmd_stderr) + + +def rm_container(name): + if os.environ.get('SHOW_DIFF', None): + print('Diffing container: %s' % name) + subproc = subprocess.Popen(['/usr/bin/docker', 'diff', name], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + cmd_stdout, cmd_stderr = subproc.communicate() + print(cmd_stdout) + print(cmd_stderr) + + print('Removing container: %s' % name) + subproc = subprocess.Popen(['/usr/bin/docker', 'rm', name], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + cmd_stdout, cmd_stderr = subproc.communicate() + print(cmd_stdout) + print(cmd_stderr) + +process_count = int(os.environ.get('PROCESS_COUNT', + multiprocessing.cpu_count())) + +config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json') +print('docker-puppet') +print('CONFIG: %s' % config_file) +with open(config_file) as f: + json_data = json.load(f) + +# To save time we support configuring 'shared' services at the same +# time. For example configuring all of the heat services +# in a single container pass makes sense and will save some time. +# To support this we merge shared settings together here. +# +# We key off of config_volume as this should be the same for a +# given group of services. We are also now specifying the container +# in which the services should be configured. This should match +# in all instances where the volume name is also the same. + +configs = {} + +for service in (json_data or []): + if service is None: + continue + if isinstance(service, dict): + service = [ + service.get('config_volume'), + service.get('puppet_tags'), + service.get('step_config'), + service.get('config_image'), + service.get('volumes', []), + ] + + config_volume = service[0] or '' + puppet_tags = service[1] or '' + manifest = service[2] or '' + config_image = service[3] or '' + volumes = service[4] if len(service) > 4 else [] + + if not manifest or not config_image: + continue + + print('---------') + print('config_volume %s' % config_volume) + print('puppet_tags %s' % puppet_tags) + print('manifest %s' % manifest) + print('config_image %s' % config_image) + print('volumes %s' % volumes) + # We key off of config volume for all configs. + if config_volume in configs: + # Append puppet tags and manifest. + print("Existing service, appending puppet tags and manifest\n") + if puppet_tags: + configs[config_volume][1] = '%s,%s' % (configs[config_volume][1], + puppet_tags) + if manifest: + configs[config_volume][2] = '%s\n%s' % (configs[config_volume][2], + manifest) + if configs[config_volume][3] != config_image: + print("WARNING: Config containers do not match even though" + " shared volumes are the same!\n") + else: + print("Adding new service\n") + configs[config_volume] = service + +print('Service compilation completed.\n') + +def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)): + + print('---------') + print('config_volume %s' % config_volume) + print('puppet_tags %s' % puppet_tags) + print('manifest %s' % manifest) + print('config_image %s' % config_image) + print('volumes %s' % volumes) + hostname = short_hostname() + sh_script = '/var/lib/docker-puppet/docker-puppet-%s.sh' % config_volume + + with open(sh_script, 'w') as script_file: + os.chmod(script_file.name, 0755) + script_file.write("""#!/bin/bash + set -ex + mkdir -p /etc/puppet + cp -a /tmp/puppet-etc/* /etc/puppet + rm -Rf /etc/puppet/ssl # not in use and causes permission errors + echo '{"step": %(step)s}' > /etc/puppet/hieradata/docker.json + TAGS="" + if [ -n "%(puppet_tags)s" ]; then + TAGS='--tags "%(puppet_tags)s"' + fi + FACTER_hostname=%(hostname)s FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp + + # Disables archiving + if [ -z "%(no_archive)s" ]; then + rm -Rf /var/lib/config-data/%(name)s + + # copying etc should be enough for most services + mkdir -p /var/lib/config-data/%(name)s/etc + cp -a /etc/* /var/lib/config-data/%(name)s/etc/ + + if [ -d /root/ ]; then + cp -a /root/ /var/lib/config-data/%(name)s/root/ + fi + if [ -d /var/lib/ironic/tftpboot/ ]; then + mkdir -p /var/lib/config-data/%(name)s/var/lib/ironic/ + cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/%(name)s/var/lib/ironic/tftpboot/ + fi + if [ -d /var/lib/ironic/httpboot/ ]; then + mkdir -p /var/lib/config-data/%(name)s/var/lib/ironic/ + cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/%(name)s/var/lib/ironic/httpboot/ + fi + + # apache services may files placed in /var/www/ + if [ -d /var/www/ ]; then + mkdir -p /var/lib/config-data/%(name)s/var/www + cp -a /var/www/* /var/lib/config-data/%(name)s/var/www/ + fi + fi + """ % {'puppet_tags': puppet_tags, 'name': config_volume, + 'hostname': hostname, + 'no_archive': os.environ.get('NO_ARCHIVE', ''), + 'step': os.environ.get('STEP', '6')}) + + with tempfile.NamedTemporaryFile() as tmp_man: + with open(tmp_man.name, 'w') as man_file: + man_file.write('include ::tripleo::packages\n') + man_file.write(manifest) + + rm_container('docker-puppet-%s' % config_volume) + pull_image(config_image) + + dcmd = ['/usr/bin/docker', 'run', + '--user', 'root', + '--name', 'docker-puppet-%s' % config_volume, + '--volume', '%s:/etc/config.pp:ro' % tmp_man.name, + '--volume', '/etc/puppet/:/tmp/puppet-etc/:ro', + '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', + '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', + '--volume', 'tripleo_logs:/var/log/tripleo/', + '--volume', '%s:%s:rw' % (sh_script, sh_script) ] + + for volume in volumes: + dcmd.extend(['--volume', volume]) + + dcmd.extend(['--entrypoint', sh_script]) + + env = {} + if os.environ.get('NET_HOST', 'false') == 'true': + print('NET_HOST enabled') + dcmd.extend(['--net', 'host', '--volume', + '/etc/hosts:/etc/hosts:ro']) + dcmd.append(config_image) + + subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE, + stderr=subprocess.PIPE, env=env) + cmd_stdout, cmd_stderr = subproc.communicate() + print(cmd_stdout) + print(cmd_stderr) + if subproc.returncode != 0: + print('Failed running docker-puppet.py for %s' % config_volume) + rm_container('docker-puppet-%s' % config_volume) + return subproc.returncode + +# Holds all the information for each process to consume. +# Instead of starting them all linearly we run them using a process +# pool. This creates a list of arguments for the above function +# to consume. +process_map = [] + +for config_volume in configs: + + service = configs[config_volume] + puppet_tags = service[1] or '' + manifest = service[2] or '' + config_image = service[3] or '' + volumes = service[4] if len(service) > 4 else [] + + if puppet_tags: + puppet_tags = "file,file_line,concat,%s" % puppet_tags + else: + puppet_tags = "file,file_line,concat" + + process_map.append([config_volume, puppet_tags, manifest, config_image, volumes]) + +for p in process_map: + print '--\n%s' % p + +# Fire off processes to perform each configuration. Defaults +# to the number of CPUs on the system. +p = multiprocessing.Pool(process_count) +p.map(mp_puppet_config, process_map) diff --git a/docker/docker-toool b/docker/docker-toool new file mode 100755 index 00000000..36aba4a7 --- /dev/null +++ b/docker/docker-toool @@ -0,0 +1,189 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import argparse +import os +import shutil +import sys +import json + +docker_cmd = '/bin/docker' + +# Tool to start docker containers as configured via +# tripleo-heat-templates. +# +# This tool reads data from a json file generated from heat when the +# TripleO stack is run. All the configuration data used to start the +# containerized services is in this file. +# +# By default this tool lists all the containers that are started and +# their start order. +# +# If you wish to see the command line used to start a given container, +# specify it by name using the --container argument. --run can then be +# used with this to actually execute docker to run the container.\n +# +# Other options listed allow you to modify this command line for +# debugging purposes. For example: +# +# docker-toool -c swift-proxy -r -e /bin/bash -u root -i -n test +# +# will run the swift proxy container as user root, executing /bin/bash, +# +# named 'test', and will run interactively (eg -ti). + + +def parse_opts(argv): + parser = argparse.ArgumentParser("Tool to start docker containers via " + "TripleO configurations") + parser.add_argument('-f', '--config', + help="""File to use as docker startup configuration data.""", + default='/var/lib/docker-container-startup-configs.json') + parser.add_argument('-r', '--run', + action='store_true', + help="""Run the container as specified with --container.""", + default=False) + parser.add_argument('-e', '--command', + help="""Override the command used to run the container.""", + default='') + parser.add_argument('-c', '--container', + help="""Specify a container to run or show the command for.""", + default='') + parser.add_argument('-u', '--user', + help="""User to run container as.""", + default='') + parser.add_argument('-n', '--name', + help="""Name of container.""", + default='') + parser.add_argument('-i', '--interactive', + action='store_true', + help="""Start docker container interactively (-ti).""", + default=False) + opts = parser.parse_args(argv[1:]) + + return opts + +def docker_arg_map(key, value): + value = str(value).encode('ascii', 'ignore') + return { + 'environment': "--env=%s" % value, + # 'image': value, + 'net': "--net=%s" % value, + 'pid': "--pid=%s" % value, + 'privileged': "--privileged=%s" % value.lower(), + #'restart': "--restart=%s" % "false", + 'user': "--user=%s" % value, + 'volumes': "--volume=%s" % value, + 'volumes_from': "--volumes-from=%s" % value, + }.get(key, None) + +def run_docker_container(opts, container_name): + container_found = False + + with open(opts.config) as f: + json_data = json.load(f) + + for step in (json_data or []): + if step is None: + continue + for container in (json_data[step] or []): + if container == container_name: + print('container found: %s' % container) + container_found = True + # A few positional arguments: + command = '' + image = '' + + cmd = [ + docker_cmd, + 'run', + '--name', + opts.name or container + ] + for container_data in (json_data[step][container] or []): + if container_data == "environment": + for env in (json_data[step][container][container_data] or []): + arg = docker_arg_map("environment", env) + if arg: + cmd.append(arg) + elif container_data == "volumes": + for volume in (json_data[step][container][container_data] or []): + arg = docker_arg_map("volumes", volume) + if arg: + cmd.append(arg) + elif container_data == "volumes_from": + for volume in (json_data[step][container][container_data] or []): + arg = docker_arg_map("volumes_from", volume) + if arg: + cmd.append(arg) + elif container_data == 'command': + command = json_data[step][container][container_data] + elif container_data == 'image': + image = json_data[step][container][container_data] + else: + # Only add a restart if we're not interactive + if container_data == 'restart': + if opts.interactive: + continue + if container_data == 'user': + if opts.user: + continue + arg = docker_arg_map(container_data, + json_data[step][container][container_data]) + if arg: + cmd.append(arg) + + if opts.user: + cmd.append('--user') + cmd.append(opts.user) + if opts.interactive: + cmd.append('-ti') + # May as well remove it when we're done too + cmd.append('--rm') + cmd.append(image) + if opts.command: + cmd.append(opts.command) + elif command: + cmd.extend(command) + + print ' '.join(cmd) + + if opts.run: + os.execl(docker_cmd, *cmd) + + if not container_found: + print("Container '%s' not found!" % container_name) + +def list_docker_containers(opts): + print opts + with open(opts.config) as f: + json_data = json.load(f) + + for step in (json_data or []): + if step is None: + continue + print step + for container in (json_data[step] or []): + print('\tcontainer: %s' % container) + for container_data in (json_data[step][container] or []): + #print('\t\tcontainer_data: %s' % container_data) + if container_data == "start_order": + print('\t\tstart_order: %s' % json_data[step][container][container_data]) + +opts = parse_opts(sys.argv) + +if opts.container: + run_docker_container(opts, opts.container) +else: + list_docker_containers(opts) + diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh new file mode 100755 index 00000000..b2287e91 --- /dev/null +++ b/docker/firstboot/setup_docker_host.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -eux +# TODO This would be better in puppet + +# TODO remove this when built image includes docker +if [ ! -f "/usr/bin/docker" ]; then + yum -y install docker +fi + +# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is +# a place holder for text replacement done via heat +if [ "$docker_namespace_is_registry" = "True" ]; then + /usr/bin/systemctl stop docker.service + # if namespace is used with local registry, trim all namespacing + trim_var=$docker_registry + registry_host="${trim_var%%/*}" + /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker +fi + +# enable and start docker +/usr/bin/systemctl enable docker.service +/usr/bin/systemctl start docker.service + +# Disable libvirtd +/usr/bin/systemctl disable libvirtd.service +/usr/bin/systemctl stop libvirtd.service diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/setup_docker_host.yaml index f6d61e2d..2f258987 100644 --- a/docker/firstboot/install_docker_agents.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata parameters: - DockerAgentImage: - type: string - default: heat-docker-agents DockerNamespace: type: string default: tripleoupstream @@ -17,22 +14,18 @@ resources: type: OS::Heat::MultipartMime properties: parts: - - config: {get_resource: install_docker_agents} + - config: {get_resource: setup_docker_host} - install_docker_agents: + setup_docker_host: type: OS::Heat::SoftwareConfig properties: group: script config: str_replace: params: - $agent_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAgentImage} ] $docker_registry: {get_param: DockerNamespace} $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} - template: {get_file: ./start_docker_agents.sh} + template: {get_file: ./setup_docker_host.sh} outputs: OS::stack_id: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh deleted file mode 100644 index acb44ce5..00000000 --- a/docker/firstboot/start_docker_agents.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/bash -set -eux - -/sbin/setenforce 0 -/sbin/modprobe ebtables - -# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes -chmod 666 /dev/pts/ptmx - -# We need hostname -f to return in a centos container for the puppet hook -HOSTNAME=$(hostname) -echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts - -# update docker for local insecure registry(optional) -# Note: This is different for different docker versions -# For older docker versions < 1.4.x use commented line -#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker -#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker - -# Local docker registry 1.8 -# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is -# a place holder for text replacement done via heat -if [ "$docker_namespace_is_registry" = True ]; then - /usr/bin/systemctl stop docker.service - # if namespace is used with local registry, trim all namespacing - trim_var=$docker_registry - registry_host="${trim_var%%/*}" - /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker - /usr/bin/systemctl start --no-block docker.service -fi - -/usr/bin/docker pull $agent_image & -DOCKER_PULL_PID=$! - -mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container - -# NOTE(flaper87): Heat Agent required mounts -AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \ - -v /run:/run \ - -v /etc:/host/etc \ - -v /usr/bin/atomic:/usr/bin/atomic \ - -v /var/lib/dhclient:/var/lib/dhclient \ - -v /var/lib/cloud:/var/lib/cloud \ - -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ - -v /etc/sysconfig/docker:/etc/sysconfig/docker \ - -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2" - - -# NOTE(flaper87): Some of these commands may not be present depending on the -# atomic version. -for docker_cmd in docker docker-current docker-latest; do - if [ -f "/usr/bin/$docker_cmd" ]; then - AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd" - fi -done - -# heat-docker-agents service -cat <<EOF > /etc/systemd/system/heat-docker-agents.service - -[Unit] -Description=Heat Docker Agent Container -After=docker.service -Requires=docker.service - -[Service] -User=root -Restart=on-failure -ExecStartPre=-/usr/bin/docker kill heat-agents -ExecStartPre=-/usr/bin/docker rm heat-agents -ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \ - $AGENT_COMMAND_MOUNTS \ - --entrypoint=/usr/bin/os-collect-config $agent_image -ExecStop=/usr/bin/docker stop heat-agents - -[Install] -WantedBy=multi-user.target - -EOF - -# enable and start heat-docker-agents -chmod 0640 /etc/systemd/system/heat-docker-agents.service -/usr/bin/systemctl enable heat-docker-agents.service -/usr/bin/systemctl start --no-block heat-docker-agents.service - -# Disable NetworkManager and let the ifup/down scripts work properly. -/usr/bin/systemctl disable NetworkManager -/usr/bin/systemctl stop NetworkManager - -# Atomic's root partition & logical volume defaults to 3G. In order to launch -# larger VMs, we need to enlarge the root logical volume and scale down the -# docker_pool logical volume. We are allocating 80% of the disk space for -# vm data and the remaining 20% for docker images. -ATOMIC_ROOT='/dev/mapper/atomicos-root' -ROOT_DEVICE=`pvs -o vg_name,pv_name --no-headings | grep atomicos | awk '{ print $2}'` - -growpart $( echo "${ROOT_DEVICE}" | sed -r 's/([^0-9]*)([0-9]+)/\1 \2/' ) -pvresize "${ROOT_DEVICE}" -lvresize -l +80%FREE "${ATOMIC_ROOT}" -xfs_growfs "${ATOMIC_ROOT}" - -cat <<EOF > /etc/sysconfig/docker-storage-setup -GROWPART=true -AUTO_EXTEND_POOL=yes -POOL_AUTOEXTEND_PERCENT=30 -POOL_AUTOEXTEND_THRESHOLD=70 -EOF - -wait $DOCKER_PULL_PID diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml index de17cffe..76232d14 100644 --- a/docker/post.j2.yaml +++ b/docker/post.j2.yaml @@ -1,4 +1,8 @@ -heat_template_version: 2016-10-14 +# certain initialization steps (run in a container) will occur +# on the first role listed in the roles file +{% set primary_role_name = roles[0].name -%} + +heat_template_version: ocata description: > Post-deploy configuration steps via puppet for all roles, @@ -8,46 +12,84 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers - role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - DeployIdentifier: default: '' type: string description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string - - DockerOpenvswitchDBImage: - description: image - default: 'centos-binary-openvswitch-db-server' - type: string - - DockerOvsVswitchdImage: - description: image - default: 'centos-binary-openvswitch-vswitchd' - type: string +resources: - LibvirtConfig: - type: string - default: "/etc/libvirt/libvirtd.conf" + # These utility tasks use docker-puppet.py to execute tasks via puppet + # We only execute these on the first node in the primary role + {{primary_role_name}}DockerPuppetTasks: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1])) + data: + docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]} + +# BEGIN primary_role_name docker-puppet-tasks (run only on a single node) +{% for step in range(1, 6) %} + + {{primary_role_name}}DockerPuppetJsonConfig{{step}}: + type: OS::Heat::StructuredConfig + properties: + group: json-file + config: + /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json: + {get_attr: [{{primary_role_name}}DockerPuppetTasks, value, 'step_{{step}}']} + + {{primary_role_name}}DockerPuppetJsonDeployment{{step}}: + type: OS::Heat::SoftwareDeployment + properties: + server: {get_param: [servers, {{primary_role_name}}, '0']} + config: {get_resource: {{primary_role_name}}DockerPuppetJsonConfig{{step}}} - NovaConfig: - type: string - default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf" + {{primary_role_name}}DockerPuppetTasksConfig{{step}}: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: docker-puppet.py} + inputs: + - name: CONFIG + - name: NET_HOST + - name: NO_ARCHIVE + - name: STEP - NeutronOpenvswitchAgentConfig: - type: string - default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" + {{primary_role_name}}DockerPuppetTasksDeployment{{step}}: + type: OS::Heat::SoftwareDeployment + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step{{step}} + - {{dep.name}}ContainersDeployment_Step{{step}} + {% endfor %} + - {{primary_role_name}}DockerPuppetJsonDeployment{{step}} + properties: + name: {{primary_role_name}}DockerPuppetJsonDeployment{{step}} + server: {get_param: [servers, {{primary_role_name}}, '0']} + config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}} + input_values: + CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + NET_HOST: 'true' + NO_ARCHIVE: 'true' + STEP: {{step}} -resources: +{% endfor %} +# END primary_role_name docker-puppet-tasks {% for role in roles %} # Post deployment steps for all roles @@ -69,87 +111,189 @@ resources: input_values: update_identifier: {get_param: DeployIdentifier} - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config + {{role.name}}CreateConfigDir: + type: OS::Heat::SoftwareConfig properties: - StepConfig: {get_param: [role_data, {{role.name}}, step_config]} - {% if role.name.lower() == 'compute' %} - PuppetTags: {get_param: [role_data, {{role.name}}, puppet_tags]} - {% endif %} + group: script + config: {get_file: create-config-dir.sh} - # Step through a series of configuration steps - {{role.name}}Deployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + {{role.name}}CreateConfigDirDeployment: + type: OS::Heat::SoftwareDeploymentGroup properties: - name: {{role.name}}Deployment_Step1 servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} + config: {get_resource: {{role.name}}CreateConfigDir} - {{role.name}}Deployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step1 - {% endfor %} + # this creates a JSON config file for our docker-puppet.py script + {{role.name}}GenPuppetConfig: + type: OS::Heat::StructuredConfig + properties: + group: json-file + config: + /var/lib/docker-puppet/docker-puppet.json: + {get_param: [role_data, {{role.name}}, puppet_config]} + + {{role.name}}GenPuppetDeployment: + type: OS::Heat::SoftwareDeploymentGroup properties: - name: {{role.name}}Deployment_Step2 servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 2 - update_identifier: {get_param: DeployIdentifier} + config: {get_resource: {{role.name}}GenPuppetConfig} - {{role.name}}Deployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step2 - {% endfor %} + {{role.name}}GenerateConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: docker-puppet.py} + + {{role.name}}GenerateConfigDeployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: [{{role.name}}GenPuppetDeployment, {{role.name}}ArtifactsDeploy, {{role.name}}CreateConfigDirDeployment] properties: - name: {{role.name}}Deployment_Step3 + name: {{role.name}}GenerateConfigDeployment servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} + config: {get_resource: {{role.name}}GenerateConfig} + + {{role.name}}PuppetStepConfig: + type: OS::Heat::Value + properties: + type: string + value: + yaql: + expression: + # select 'step_config' only from services that do not have a docker_image + $.data.service_names.zip($.data.step_config, $.data.docker_image).where($[2] = null).where($[1] != null).select($[1]).join("\n") + data: + service_names: {get_param: [role_data, {{role.name}}, service_names]} + step_config: {get_param: [role_data, {{role.name}}, step_config]} + docker_image: {get_param: [role_data, {{role.name}}, docker_image]} + + {{role.name}}DockerConfig: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: + # select 'docker_config' only from services that have a docker_image + $.data.service_names.zip($.data.docker_config, $.data.docker_image).where($[2] != null).select($[1]).reduce($1.mergeWith($2), {}) + data: + service_names: {get_param: [role_data, {{role.name}}, service_names]} + docker_config: {get_param: [role_data, {{role.name}}, docker_config]} + docker_image: {get_param: [role_data, {{role.name}}, docker_image]} + + # Here we are dumping all the docker container startup configuration data + # so that we can have access to how they are started outside of heat + # and docker-cmd. This lets us create command line tools to start and + # test these containers. + {{role.name}}DockerConfigJsonStartupData: + type: OS::Heat::StructuredConfig + properties: + group: json-file + config: + /var/lib/docker-container-startup-configs.json: + {get_attr: [{{role.name}}DockerConfig, value]} + + {{role.name}}DockerConfigJsonStartupDataDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + config: {get_resource: {{role.name}}DockerConfigJsonStartupData} + servers: {get_param: [servers, {{role.name}}]} + + {{role.name}}KollaJsonConfig: + type: OS::Heat::StructuredConfig + properties: + group: json-file + config: + {get_param: [role_data, {{role.name}}, kolla_config]} + + {{role.name}}KollaJsonDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + name: {{role.name}}KollaJsonDeployment + config: {get_resource: {{role.name}}KollaJsonConfig} + servers: {get_param: [servers, {{role.name}}]} + + # BEGIN BAREMETAL CONFIG STEPS + + {% if role.name == 'Controller' %} + ControllerPrePuppet: + type: OS::TripleO::Tasks::ControllerPrePuppet + properties: + servers: {get_param: [servers, Controller]} input_values: - step: 3 update_identifier: {get_param: DeployIdentifier} + {% endif %} - {{role.name}}Deployment_Step4: + {{role.name}}Config: + type: OS::TripleO::{{role.name}}Config + properties: + StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]} + + {% for step in range(1, 6) %} + + {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup + {% if step == 1 %} + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + {% else %} depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step3 - {% endfor %} + {% for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + - {{dep.name}}ContainersDeployment_Step{{step -1}} + {% endfor %} + - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}} + {% endif %} properties: - name: {{role.name}}Deployment_Step4 + name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}Config} input_values: - step: 4 + step: {{step}} update_identifier: {get_param: DeployIdentifier} - {{role.name}}Deployment_Step5: + {% endfor %} + # END BAREMETAL CONFIG STEPS + + # BEGIN CONTAINER CONFIG STEPS + {% for step in range(1, 6) %} + + {{role.name}}ContainersConfig_Step{{step}}: + type: OS::Heat::StructuredConfig + properties: + group: docker-cmd + config: + {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]} + + {{role.name}}ContainersDeployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup + {% if step == 1 %} depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step4 - {% endfor %} + - {{role.name}}PreConfig + - {{role.name}}KollaJsonDeployment + - {{role.name}}GenPuppetDeployment + - {{role.name}}GenerateConfigDeployment + {% else %} + depends_on: + {% for dep in roles %} + - {{dep.name}}ContainersDeployment_Step{{step -1}} + - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first + - {{dep.name}}Deployment_Step{{step -1}} + {% endfor %} + - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}} + {% endif %} properties: - name: {{role.name}}Deployment_Step5 + name: {{role.name}}ContainersDeployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} + config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}} + + {% endfor %} + # END CONTAINER CONFIG STEPS {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: {% for dep in roles %} - {{dep.name}}Deployment_Step5 + - {{primary_role_name}}DockerPuppetTasksDeployment5 {% endfor %} properties: servers: {get_param: servers} @@ -167,142 +311,15 @@ resources: properties: servers: {get_param: [servers, {{role.name}}]} - {% if role.name.lower() == 'compute' %} - CopyEtcConfig: - type: OS::Heat::SoftwareConfig - depends_on: {{role.name}}PostConfig - properties: - group: script - outputs: - - name: result - config: {get_file: ../docker/copy-etc.sh} - - CopyEtcDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - name: CopyEtcDeployment - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: CopyEtcConfig} - - CopyJsonConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - inputs: - - name: libvirt_config - - name: nova_config - - name: neutron_openvswitch_agent_config - config: {get_file: ../docker/copy-json.py} - - CopyJsonDeployment: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: CopyEtcDeployment + {% if role.name == 'Controller' %} + ControllerPostPuppet: + depends_on: + - ControllerExtraConfigPost + type: OS::TripleO::Tasks::ControllerPostPuppet properties: - name: CopyJsonDeployment - config: {get_resource: CopyJsonConfig} - servers: {get_param: [servers, {{role.name}}]} + servers: {get_param: [servers, Controller]} input_values: - libvirt_config: {get_param: LibvirtConfig} - nova_config: {get_param: NovaConfig} - neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} - - NovaComputeContainersDeploymentOVS: - type: OS::Heat::StructuredDeploymentGroup - depends_on: CopyJsonDeployment - properties: - name: NovaComputeContainersDeploymentOVS - config: {get_resource: NovaComputeContainersConfigOVS} - servers: {get_param: [servers, {{role.name}}]} - - NovaComputeContainersConfigOVS: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - openvswitchdb: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] - net: host - restart: always - volumes: - - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json - - /etc/localtime:/etc/localtime:ro - - /run:/run - - logs:/var/log/kolla/ - - openvswitch_db:/var/lib/openvswitch/ - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - ovsvswitchd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] - net: host - privileged: true - restart: always - volumes: - - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /run:/run - - logs:/var/log/kolla/ - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - NovaComputeContainersDeploymentNetconfig: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: NovaComputeContainersDeploymentOVS - properties: - name: NovaComputeContainersDeploymentNetconfig - config: {get_resource: NovaComputeContainersConfigNetconfig} - servers: {get_param: [servers, {{role.name}}]} - - # We run os-net-config here because we depend on the ovs containers to be up - # and running before we configure the network. This allows explicit timing - # of the network configuration. - NovaComputeContainersConfigNetconfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: | - #!/bin/bash - /usr/local/bin/run-os-net-config - - {{role.name}}ContainersConfig_Step1: - type: OS::Heat::StructuredConfig - depends_on: CopyJsonDeployment - properties: - group: docker-cmd - config: - {get_param: [role_data, {{role.name}}, docker_config, step_1]} - - {{role.name}}ContainersConfig_Step2: - type: OS::Heat::StructuredConfig - depends_on: CopyJsonDeployment - properties: - group: docker-cmd - config: - {get_param: [role_data, {{role.name}}, docker_config, step_2]} - - {{role.name}}ContainersDeployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy, NovaComputeContainersDeploymentNetconfig] - properties: - name: {{role.name}}ContainersDeployment_Step1 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ContainersConfig_Step1} - - {{role.name}}ContainersDeployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: {{role.name}}ContainersDeployment_Step1 - properties: - name: {{role.name}}ContainersDeployment_Step2 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ContainersConfig_Step2} + update_identifier: {get_param: DeployIdentifier} {% endif %} + {% endfor %} diff --git a/docker/services/README.rst b/docker/services/README.rst index 8d1f9e86..881a2a37 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -1,60 +1,115 @@ -======== -services -======== +=============== +Docker Services +=============== -A TripleO nested stack Heat template that encapsulates generic configuration -data to configure a specific service. This generally includes everything -needed to configure the service excluding the local bind ports which -are still managed in the per-node role templates directly (controller.yaml, -compute.yaml, etc.). All other (global) service settings go into -the puppet/service templates. +TripleO docker services are currently built on top of the puppet services. +To do this each of the docker services includes the output of the +t-h-t puppet/service templates where appropriate. -Input Parameters ----------------- +In general global docker specific service settings should reside in these +templates (templates in the docker/services directory.) The required and +optional items are specified in the docker settings section below. -Each service may define its own input parameters and defaults. -Operators will use the parameter_defaults section of any Heat -environment to set per service parameters. +If you are adding a config setting that applies to both docker and +baremetal that setting should (so long as we use puppet) go into the +puppet/services templates themselves. -Config Settings ---------------- - -Each service may define a config_settings output variable which returns -Hiera settings to be configured. - -Steps ------ - -Each service may define an output variable which returns a puppet manifest -snippet that will run at each of the following steps. Earlier manifests -are re-asserted when applying latter ones. - - * config_settings: Custom hiera settings for this service. These are - used to generate configs. +Building Kolla Images +--------------------- - * step_config: A puppet manifest that is used to step through the deployment - sequence. Each sequence is given a "step" (via hiera('step') that provides - information for when puppet classes should activate themselves. +TripleO currently relies on Kolla docker containers. Kolla supports container +customization and we are making use of this feature within TripleO to inject +puppet (our configuration tool of choice) into the Kolla base images. The +undercloud nova-scheduler also requires openstack-tripleo-common to +provide custom filters. - * docker_compose: +To build Kolla images for TripleO adjust your kolla config to build your +centos base image with puppet using the example below: - * container_name: +.. code-block:: - * volumes: +$ cat template-overrides.j2 +{% extends parent_template %} +{% set base_centos_binary_packages_append = ['puppet'] %} +{% set nova_scheduler_packages_append = ['openstack-tripleo-common'] %} -Steps correlate to the following: - - 1) Service configuration generation with puppet. +kolla-build --base centos --template-override template-overrides.j2 - 2) Early Openstack Service setup (database init?) +.. - 3) Early containerized networking services startup (OVS) - 4) Network configuration - - 5) General OpenStack Services +Docker settings +--------------- +Each service may define an output variable which returns a puppet manifest +snippet that will run at each of the following steps. Earlier manifests +are re-asserted when applying latter ones. - 6) Service activation (Pacemaker) + * config_settings: This setting is generally inherited from the + puppet/services templates and only need to be appended + to on accasion if docker specific config settings are required. + + * step_config: This setting controls the manifest that is used to + create docker config files via puppet. The puppet tags below are + used along with this manifest to generate a config directory for + this container. + + * kolla_config: Contains YAML that represents how to map config files + into the kolla container. This config file is typically mapped into + the container itself at the /var/lib/kolla/config_files/config.json + location and drives how kolla's external config mechanisms work. + + * docker_image: The full name of the docker image that will be used. + + * docker_config: Data that is passed to the docker-cmd hook to configure + a container, or step of containers at each step. See the available steps + below and the related docker-cmd hook documentation in the heat-agents + project. + + * puppet_tags: Puppet resource tag names that are used to generate config + files with puppet. Only the named config resources are used to generate + a config file. Any service that specifies tags will have the default + tags of 'file,concat,file_line' appended to the setting. + Example: keystone_config + + * config_volume: The name of the volume (directory) where config files + will be generated for this service. Use this as the location to + bind mount into the running Kolla container for configuration. + + * config_image: The name of the docker image that will be used for + generating configuration files. This is often the same value as + 'docker_image' above but some containers share a common set of + config files which are generated in a common base container. + + * docker_puppet_tasks: This section provides data to drive the + docker-puppet.py tool directly. The task is executed only once + within the cluster (not on each node) and is useful for several + puppet snippets we require for initialization of things like + keystone endpoints, database users, etc. See docker-puppet.py + for formatting. + +Docker steps +------------ +Similar to baremetal docker containers are brought up in a stepwise manner. +The current architecture supports bringing up baremetal services alongside +of containers. For each step the baremetal puppet manifests are executed +first and then any docker containers are brought up afterwards. - 7) Fencing (Pacemaker) +Steps correlate to the following: + Pre) Containers config files generated per hiera settings. + 1) Load Balancer configuration baremetal + a) step 1 baremetal + b) step 1 containers + 2) Core Services (Database/Rabbit/NTP/etc.) + a) step 2 baremetal + b) step 2 containers + 3) Early Openstack Service setup (Ringbuilder, etc.) + a) step 3 baremetal + b) step 3 containers + 4) General OpenStack Services + a) step 4 baremetal + b) step 4 containers + c) Keystone containers post initialization (tenant,service,endpoint creation) + 5) Service activation (Pacemaker) + a) step 5 baremetal + b) step 5 containers diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml new file mode 100644 index 00000000..3c4146fd --- /dev/null +++ b/docker/services/database/mongodb.yaml @@ -0,0 +1,102 @@ +heat_template_version: ocata + +description: > + MongoDB service deployment using puppet and docker + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMongodbImage: + description: image + default: 'centos-binary-mongodb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + MongodbPuppetBase: + type: ../../../puppet/services/database/mongodb.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Containerized service Mongodb using composable services. + value: + service_name: {get_attr: [MongodbPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [MongodbPuppetBase, role_data, config_settings] + - mongodb::server::fork: false + step_config: &step_config + list_join: + - "\n" + - - "['Mongodb_database', 'Mongodb_user', 'Mongodb_replset'].each |String $val| { noop_resource($val) }" + - {get_attr: [MongodbPuppetBase, role_data, step_config]} + upgrade_tasks: {get_attr: [MongodbPuppetBase, role_data, upgrade_tasks]} + # BEGIN DOCKER SETTINGS # + docker_image: &mongodb_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + puppet_config: + config_volume: mongodb + puppet_tags: file # set this even though file is the default + step_config: *step_config + config_image: *mongodb_image + kolla_config: + /var/lib/kolla/config_files/mongodb.json: + command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run + config_files: + - dest: /etc/mongod.conf + source: /var/lib/kolla/config_files/src/etc/mongod.conf + owner: mongodb + perm: '0600' + - dest: /etc/mongos.conf + source: /var/lib/kolla/config_files/src/etc/mongos.conf + owner: mongodb + perm: '0600' + docker_config: + step_2: + mongodb: + image: *mongodb_image + net: host + privileged: false + volumes: &mongodb_volumes + - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/mongodb/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log/kolla + - mongodb:/var/lib/mongodb/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # MySQL database initialization occurs only on single node + step_2: + config_volume: 'mongodb_init_tasks' + puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset' + step_config: 'include ::tripleo::profile::base::database::mongodb' + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + volumes: + - "mongodb:/var/lib/mongodb/" + - "logs:/var/log/kolla:ro" diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml new file mode 100644 index 00000000..fd92e99c --- /dev/null +++ b/docker/services/database/mysql.yaml @@ -0,0 +1,134 @@ +heat_template_version: ocata + +description: > + MySQL service deployment using puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + MysqlRootPassword: + type: string + hidden: true + default: '' + +resources: + + MysqlPuppetBase: + type: ../../../puppet/services/database/mysql.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Containerized service MySQL using composable services. + value: + service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [MysqlPuppetBase, role_data, config_settings]} + # Set PID file to what kolla mariadb bootstrap script expects + - tripleo::profile::base::database::mysql::mysql_server_options: + mysqld: + pid-file: /var/lib/mysql/mariadb.pid + mysqld_safe: + pid-file: /var/lib/mysql/mariadb.pid + step_config: &step_config + list_join: + - "\n" + - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" + - {get_attr: [MysqlPuppetBase, role_data, step_config]} + upgrade_tasks: {get_attr: [MysqlPuppetBase, role_data, upgrade_tasks]} + # BEGIN DOCKER SETTINGS # + docker_image: &mysql_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + puppet_config: + config_volume: mysql + puppet_tags: file # set this even though file is the default + step_config: *step_config + config_image: *mysql_image + kolla_config: + /var/lib/kolla/config_files/mysql.json: + command: /usr/bin/mysqld_safe + config_files: + - dest: /etc/mysql/my.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf + owner: mysql + perm: '0644' + - dest: /etc/my.cnf.d/galera.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf + owner: mysql + perm: '0644' + docker_config: + step_2: + mysql_bootstrap: + start_order: 0 + detach: false + image: *mysql_image + net: host + volumes: &mysql_volumes + - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /etc/hosts:/etc/hosts:ro + - mariadb:/var/lib/mysql/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + # NOTE(mandre) skip wsrep cluster status check + - KOLLA_KUBERNETES=True + - + list_join: + - '=' + - - 'DB_ROOT_PASSWORD' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql: + start_order: 1 + image: *mysql_image + restart: always + net: host + volumes: *mysql_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # MySQL database initialization occurs only on single node + step_2: + config_volume: 'mysql_init_tasks' + puppet_tags: 'mysql_database,mysql_grant,mysql_user' + step_config: 'include ::tripleo::profile::base::database::mysql' + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + volumes: + - "mariadb:/var/lib/mysql/:ro" + - "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml new file mode 100644 index 00000000..ab62f7e3 --- /dev/null +++ b/docker/services/glance-api.yaml @@ -0,0 +1,99 @@ +heat_template_version: ocata + +description: > + OpenStack Glance service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerGlanceApiImage: + description: image + default: 'centos-binary-glance-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + GlanceApiPuppetBase: + type: ../../puppet/services/glance-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Glance API role. + value: + service_name: {get_attr: [GlanceApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [GlanceApiPuppetBase, role_data, config_settings] + - glance::api::sync_db: false + step_config: &step_config + get_attr: [GlanceApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + docker_image: &glance_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] + puppet_config: + config_volume: glance_api + puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config + step_config: *step_config + config_image: *glance_image + kolla_config: + /var/lib/kolla/config_files/glance-api.json: + command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf + config_files: + - dest: /etc/glance/glance-api.conf + owner: glance + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/glance/glance-api.conf + - dest: /etc/glance/glance-swift.conf + owner: glance + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/glance/glance-swift.conf + docker_config: + step_3: + glance_api_db_sync: + image: *glance_image + net: host + privileged: false + detach: false + volumes: &glance_volumes + - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /var/lib/config-data/glance_api/:/var/lib/kolla/config_files/src:ro + - /run:/run + - /dev:/dev + - /etc/hosts:/etc/hosts:ro + environment: + - KOLLA_BOOTSTRAP=True + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_4: + glance_api: + image: *glance_image + net: host + privileged: false + restart: always + volumes: *glance_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml new file mode 100644 index 00000000..fbaacbe6 --- /dev/null +++ b/docker/services/heat-api-cfn.yaml @@ -0,0 +1,93 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Heat API CFN service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHeatApiCfnImage: + description: image + default: 'centos-binary-heat-api-cfn:latest' + type: string + # we configure all heat services in the same heat engine container + DockerHeatEngineImage: + description: image + default: 'centos-binary-heat-engine:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + HeatBase: + type: ../../puppet/services/heat-api-cfn.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Heat API CFN role. + value: + service_name: {get_attr: [HeatBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [HeatBase, role_data, step_config] + service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &heat_api_cfn_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ] + puppet_config: + config_volume: heat + puppet_tags: heat_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + kolla_config: + /var/lib/kolla/config_files/heat_api_cfn.json: + command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - dest: /etc/heat/heat.conf + owner: heat + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + docker_config: + step_4: + heat_api_cfn: + image: *heat_api_cfn_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev:/dev + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml new file mode 100644 index 00000000..df9160f4 --- /dev/null +++ b/docker/services/heat-api.yaml @@ -0,0 +1,93 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Heat API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHeatApiImage: + description: image + default: 'centos-binary-heat-api:latest' + type: string + # we configure all heat services in the same heat engine container + DockerHeatEngineImage: + description: image + default: 'centos-binary-heat-engine:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + HeatBase: + type: ../../puppet/services/heat-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Heat API role. + value: + service_name: {get_attr: [HeatBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [HeatBase, role_data, step_config] + service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &heat_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ] + puppet_config: + config_volume: heat + puppet_tags: heat_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + kolla_config: + /var/lib/kolla/config_files/heat_api.json: + command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - dest: /etc/heat/heat.conf + owner: heat + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + docker_config: + step_4: + heat_api: + image: *heat_api_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev:/dev + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml new file mode 100644 index 00000000..c8259f93 --- /dev/null +++ b/docker/services/heat-engine.yaml @@ -0,0 +1,95 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Heat Engine service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHeatEngineImage: + description: image + default: 'centos-binary-heat-engine:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + HeatBase: + type: ../../puppet/services/heat-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Heat Engine role. + value: + service_name: {get_attr: [HeatBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HeatBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [HeatBase, role_data, step_config] + service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &heat_engine_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + puppet_config: + config_volume: heat + puppet_tags: heat_config,file,concat,file_line + step_config: *step_config + config_image: *heat_engine_image + kolla_config: + /var/lib/kolla/config_files/heat_engine.json: + command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - dest: /etc/heat/heat.conf + owner: heat + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/heat/heat.conf + docker_config: + step_3: + heat_engine_db_sync: + image: *heat_engine_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/heat/etc/heat:/etc/heat:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + command: ['heat-manage', 'db_sync'] + step_4: + heat_engine: + image: *heat_engine_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml new file mode 100644 index 00000000..97ba9706 --- /dev/null +++ b/docker/services/ironic-api.yaml @@ -0,0 +1,102 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Ironic API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIronicApiImage: + description: image + default: 'centos-binary-ironic-api:latest' + type: string + DockerIronicConfigImage: + description: image + default: 'centos-binary-ironic-pxe:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + IronicApiBase: + type: ../../puppet/services/ironic-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Ironic API role. + value: + service_name: {get_attr: [IronicApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [IronicApiBase, role_data, config_settings] + step_config: &step_config + get_attr: [IronicApiBase, role_data, step_config] + service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &ironic_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ] + puppet_config: + config_volume: ironic + puppet_tags: ironic_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/ironic_api.json: + command: /usr/bin/ironic-api + config_files: + - dest: /etc/ironic/ironic.conf + owner: ironic + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + docker_config: + step_3: + ironic_db_sync: + image: *ironic_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/ironic/etc/:/etc/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf'] + step_4: + ironic_api: + start_order: 10 + image: *ironic_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml new file mode 100644 index 00000000..2cc29054 --- /dev/null +++ b/docker/services/ironic-conductor.yaml @@ -0,0 +1,114 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Ironic Conductor service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIronicConductorImage: + description: image + default: 'centos-binary-ironic-conductor:latest' + type: string + DockerIronicConfigImage: + description: image + default: 'centos-binary-ironic-pxe:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + IronicConductorBase: + type: ../../puppet/services/ironic-conductor.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Ironic Conductor role. + value: + service_name: {get_attr: [IronicConductorBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [IronicConductorBase, role_data, config_settings] + # to avoid hard linking errors we store these on the same + # volume/device as the ironic master_path + - ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot + - ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images + - ironic::pxe::tftp_root: /var/lib/ironic/tftpboot + - ironic::pxe::http_root: /var/lib/ironic/httpboot + - ironic::conductor::http_root: /var/lib/ironic/httpboot + step_config: &step_config + get_attr: [IronicConductorBase, role_data, step_config] + service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &ironic_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ] + puppet_config: + config_volume: ironic + puppet_tags: ironic_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/ironic_conductor.json: + command: /usr/bin/ironic-conductor + config_files: + - dest: /etc/ironic/ironic.conf + owner: ironic + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + permissions: + - path: /var/lib/ironic/httpboot + owner: ironic:ironic + recurse: true + - path: /var/lib/ironic/tftpboot + owner: ironic:ironic + recurse: true + docker_config: + step_4: + ironic-init-dirs: + image: *ironic_image + user: root + command: ['/bin/bash', '-c', 'mkdir /var/lib/ironic/httpboot && mkdir /var/lib/ironic/tftpboot'] + volumes: + - ironic:/var/lib/ironic + ironic_conductor: + start_order: 80 + image: *ironic_image + net: host + privileged: true + restart: always + volumes: + - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /sys:/sys + - /dev:/dev + - /run:/run #shared? + - ironic:/var/lib/ironic + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml new file mode 100644 index 00000000..25505192 --- /dev/null +++ b/docker/services/ironic-pxe.yaml @@ -0,0 +1,133 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Ironic PXE service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIronicPxeImage: + description: image + default: 'centos-binary-ironic-pxe:latest' + type: string + DockerIronicConfigImage: + description: image + default: 'centos-binary-ironic-pxe:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +outputs: + role_data: + description: Role data for the Ironic PXE role. + value: + service_name: ironic_pxe + config_settings: {} + step_config: &step_config '' + service_config_settings: {} + # BEGIN DOCKER SETTINGS + docker_image: &ironic_pxe_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ] + puppet_config: + config_volume: ironic + puppet_tags: ironic_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/ironic_pxe_http.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/ironic/ironic.conf + owner: ironic + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + - dest: /etc/httpd/conf.d/10-ipxe_vhost.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-ipxe_vhost.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + /var/lib/kolla/config_files/ironic_pxe_tftp.json: + command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot + config_files: + - dest: /etc/ironic/ironic.conf + owner: ironic + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/ironic/ironic.conf + - dest: /var/lib/ironic/tftpboot/chain.c32 + owner: ironic + perm: '0744' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/chain.c32 + - dest: /var/lib/ironic/tftpboot/pxelinux.0 + owner: ironic + perm: '0744' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/pxelinux.0 + - dest: /var/lib/ironic/tftpboot/ipxe.efi + owner: ironic + perm: '0744' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/ipxe.efi + - dest: /var/lib/ironic/tftpboot/undionly.kpxe + owner: ironic + perm: '0744' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/undionly.kpxe + - dest: /var/lib/ironic/tftpboot/map-file + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/var/lib/ironic/tftpboot/map-file + docker_config: + step_4: + ironic_pxe_tftp: + start_order: 90 + image: *ironic_pxe_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/log:/dev/log + - ironic:/var/lib/ironic/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + ironic_pxe_http: + start_order: 91 + image: *ironic_pxe_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/ironic/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - ironic:/var/lib/ironic/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml new file mode 100644 index 00000000..f9b94a74 --- /dev/null +++ b/docker/services/keystone.yaml @@ -0,0 +1,156 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Keystone service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerKeystoneImage: + description: image + default: 'centos-binary-keystone:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + +resources: + + KeystoneBase: + type: ../../puppet/services/keystone.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Keystone API role. + value: + service_name: {get_attr: [KeystoneBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [KeystoneBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + list_join: + - "\n" + - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }" + - {get_attr: [KeystoneBase, role_data, step_config]} + service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &keystone_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + puppet_config: + config_volume: keystone + puppet_tags: keystone_config + step_config: *step_config + config_image: *keystone_image + kolla_config: + /var/lib/kolla/config_files/keystone.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/keystone/keystone.conf + owner: keystone + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/keystone/keystone.conf + - dest: /etc/keystone/credential-keys/0 + owner: keystone + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/0 + - dest: /etc/keystone/credential-keys/1 + owner: keystone + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1 + - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_admin.conf + - dest: /etc/httpd/conf.d/10-keystone_wsgi_main.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-keystone_wsgi_main.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + - dest: /var/www/cgi-bin/keystone/keystone-admin + owner: keystone + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-admin + - dest: /var/www/cgi-bin/keystone/keystone-public + owner: keystone + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/keystone/keystone-public + docker_config: + step_3: + keystone-init-log: + start_order: 0 + image: *keystone_image + user: root + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/keystone && chown keystone:keystone /var/log/keystone'] + volumes: + - logs:/var/log + keystone_db_sync: + start_order: 1 + image: *keystone_image + net: host + privileged: false + detach: false + volumes: &keystone_volumes + - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/keystone/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/keystone/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log + environment: + - KOLLA_BOOTSTRAP=True + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + keystone: + start_order: 1 + image: *keystone_image + net: host + privileged: false + restart: always + volumes: *keystone_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + keystone_bootstrap: + start_order: 2 + action: exec + command: + [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + docker_puppet_tasks: + # Keystone endpoint creation occurs only on single node + step_3: + config_volume: 'keystone_init_tasks' + puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' + step_config: 'include ::tripleo::profile::base::keystone' + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml new file mode 100644 index 00000000..3e51f5b4 --- /dev/null +++ b/docker/services/memcached.yaml @@ -0,0 +1,72 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Memcached services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMemcachedImage: + description: image + default: 'centos-binary-memcached:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + MemcachedBase: + type: ../../puppet/services/memcached.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Memcached API role. + value: + service_name: {get_attr: [MemcachedBase, role_data, service_name]} + config_settings: {get_attr: [MemcachedBase, role_data, config_settings]} + step_config: &step_config + get_attr: [MemcachedBase, role_data, step_config] + service_config_settings: {get_attr: [MemcachedBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &memcached_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] + puppet_config: + config_volume: 'memcached' + puppet_tags: 'file' + step_config: *step_config + config_image: *memcached_image + kolla_config: {} + docker_config: + step_1: + memcached: + image: *memcached_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml new file mode 100644 index 00000000..843d5b23 --- /dev/null +++ b/docker/services/mistral-api.yaml @@ -0,0 +1,118 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Mistral API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMistralApiImage: + description: image + default: 'centos-binary-mistral-api:latest' + type: string + DockerMistralConfigImage: + description: image + default: 'centos-binary-mistral-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + MistralApiBase: + type: ../../puppet/services/mistral-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Mistral API role. + value: + service_name: {get_attr: [MistralApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [MistralApiBase, role_data, config_settings] + step_config: &step_config + get_attr: [MistralApiBase, role_data, step_config] + service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &mistral_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ] + puppet_config: + config_volume: mistral + puppet_tags: mistral_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/mistral_api.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api + config_files: + - dest: /etc/mistral/mistral.conf + owner: mistral + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + docker_config: + step_3: + mistral_db_sync: + start_order: 1 + image: *mistral_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/mistral/etc/:/etc/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head'] + mistral_db_populate: + start_order: 2 + image: *mistral_image + net: host + privileged: false + detach: false + volumes: + - /var/lib/config-data/mistral/etc/:/etc/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + # NOTE: dprince this requires that we install openstack-tripleo-common into + # the Mistral API image so that we get tripleo* actions + command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate'] + step_4: + mistral_api: + start_order: 15 + image: *mistral_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml new file mode 100644 index 00000000..e50fc0a6 --- /dev/null +++ b/docker/services/mistral-engine.yaml @@ -0,0 +1,90 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Mistral Engine service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMistralEngineImage: + description: image + default: 'centos-binary-mistral-engine:latest' + type: string + DockerMistralConfigImage: + description: image + default: 'centos-binary-mistral-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + MistralBase: + type: ../../puppet/services/mistral-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Mistral Engine role. + value: + service_name: {get_attr: [MistralBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [MistralBase, role_data, config_settings] + step_config: &step_config + get_attr: [MistralBase, role_data, step_config] + service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &mistral_engine_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ] + puppet_config: + config_volume: mistral + puppet_tags: mistral_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/mistral_engine.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine + config_files: + - dest: /etc/mistral/mistral.conf + owner: mistral + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + docker_config: + step_4: + mistral_engine: + image: *mistral_engine_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml new file mode 100644 index 00000000..8833154e --- /dev/null +++ b/docker/services/mistral-executor.yaml @@ -0,0 +1,94 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Mistral Executor service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMistralExecutorImage: + description: image + default: 'centos-binary-mistral-executor:latest' + type: string + DockerMistralConfigImage: + description: image + default: 'centos-binary-mistral-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + MistralBase: + type: ../../puppet/services/mistral-executor.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Mistral Executor role. + value: + service_name: {get_attr: [MistralBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [MistralBase, role_data, config_settings] + step_config: &step_config + get_attr: [MistralBase, role_data, step_config] + service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &mistral_executor_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ] + puppet_config: + config_volume: mistral + puppet_tags: mistral_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/mistral_executor.json: + command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor + config_files: + - dest: /etc/mistral/mistral.conf + owner: mistral + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/mistral/mistral.conf + docker_config: + step_4: + mistral_executor: + image: *mistral_executor_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + # FIXME: this is required in order for Nova cells + # initialization workflows on the Undercloud. Need to + # exclude this on the overcloud for security reasons. + - /var/lib/config-data/nova/etc/nova:/etc/nova:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml new file mode 100644 index 00000000..bf19586c --- /dev/null +++ b/docker/services/neutron-api.yaml @@ -0,0 +1,108 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Neutron API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNeutronApiImage: + description: image + default: 'centos-binary-neutron-server:latest' + type: string + # we configure all neutron services in the same neutron + DockerNeutronConfigImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NeutronBase: + type: ../../puppet/services/neutron-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Neutron API role. + value: + service_name: {get_attr: [NeutronBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + step_config: &step_config + get_attr: [NeutronBase, role_data, step_config] + service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &neutron_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ] + puppet_config: + config_volume: neutron + puppet_tags: neutron_config,neutron_api_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/neutron_api.json: + command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini + config_files: + - dest: /etc/neutron/neutron.conf + owner: neutron + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf + - dest: /etc/neutron/plugin.ini + owner: neutron + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini + docker_config: + step_3: + neutron_db_sync: + image: *neutron_api_image + net: host + privileged: false + detach: false + # FIXME: we should make config file permissions right + # and run as neutron user + user: root + volumes: + - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro + - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + command: ['neutron-db-manage', 'upgrade', 'heads'] + step_4: + neutron_api: + image: *neutron_api_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml new file mode 100644 index 00000000..15f3055e --- /dev/null +++ b/docker/services/neutron-dhcp.yaml @@ -0,0 +1,96 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Neutron DHCP service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNeutronApiImage: + description: image + default: 'centos-binary-neutron-dhcp-agent:latest' + type: string + # we configure all neutron services in the same neutron + DockerNeutronConfigImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NeutronBase: + type: ../../puppet/services/neutron-dhcp.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Neutron DHCP role. + value: + service_name: {get_attr: [NeutronBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + step_config: &step_config + get_attr: [NeutronBase, role_data, step_config] + service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &neutron_dhcp_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ] + puppet_config: + config_volume: neutron + puppet_tags: neutron_config,neutron_dhcp_agent_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/neutron_dhcp.json: + command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log + config_files: + - dest: /etc/neutron/neutron.conf + owner: neutron + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf + - dest: /etc/neutron/dhcp_agent.ini + owner: neutron + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/neutron/dhcp_agent.ini + docker_config: + step_4: + neutron_dhcp: + image: *neutron_dhcp_image + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /etc/hosts:/etc/hosts:ro + - /lib/modules:/lib/modules:ro + - /run/:/run + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml new file mode 100644 index 00000000..c74ab4fe --- /dev/null +++ b/docker/services/neutron-l3.yaml @@ -0,0 +1,88 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Neutron L3 agent + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNeutronL3AgentImage: + description: image + default: 'centos-binary-neutron-l3-agent:latest' + type: string + # we configure all neutron services in the same neutron + DockerNeutronConfigImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronL3Base: + type: ../../puppet/services/neutron-l3.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for Neutron L3 agent + value: + service_name: {get_attr: [NeutronL3Base, role_data, service_name]} + config_settings: {get_attr: [NeutronL3Base, role_data, config_settings]} + step_config: {get_attr: [NeutronL3Base, role_data, step_config]} + docker_image: &neutron_l3_agent_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ] + puppet_tags: neutron_config,neutron_l3_agent_config + config_volume: neutron + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/neutron-l3-agent.json: + command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini + config_files: + - dest: /etc/neutron/neutron.conf + owner: neutron + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf + - dest: /etc/neutron/l3_agent.ini + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/neutron/l3_agent.ini + docker_config: + step_4: + neutronl3agent: + image: *neutron_l3_agent_image + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 8d092a34..f6b29292 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > OpenStack Neutron openvswitch service @@ -10,14 +10,8 @@ parameters: type: string DockerOpenvswitchImage: description: image - default: 'centos-binary-neutron-openvswitch-agent' + default: 'centos-binary-neutron-openvswitch-agent:latest' type: string - NeutronOpenvswitchAgentPluginVolume: - type: string - default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" - NeutronOpenvswitchAgentOvsVolume: - type: string - default: " " ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,38 +32,56 @@ resources: NeutronOvsAgentBase: type: ../../puppet/services/neutron-ovs-agent.yaml properties: + EndpointMap: {get_param: EndpointMap} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for Neutron openvswitch service value: + service_name: {get_attr: [NeutronOvsAgentBase, role_data, service_name]} config_settings: {get_attr: [NeutronOvsAgentBase, role_data, config_settings]} - step_config: {get_attr: [NeutronOvsAgentBase, role_data, step_config]} - puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 + step_config: &step_config + get_attr: [NeutronOvsAgentBase, role_data, step_config] + docker_image: &neutron_ovs_agent_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] + puppet_config: + config_volume: neutron + puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 + step_config: *step_config + config_image: *neutron_ovs_agent_image + kolla_config: + /var/lib/kolla/config_files/neutron-openvswitch-agent.json: + command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + config_files: + - dest: /etc/neutron/neutron.conf + owner: neutron + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/neutron/neutron.conf + - dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini + owner: neutron + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/openvswitch_agent.ini + - dest: /etc/neutron/plugins/ml2/ml2_conf.ini + owner: neutron + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/neutron/plugins/ml2/ml2_conf.ini docker_config: - step_1: + step_4: neutronovsagent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] + image: *neutron_ovs_agent_image net: host pid: host privileged: true restart: always volumes: - - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro - - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro - - {get_param: NeutronOpenvswitchAgentPluginVolume} - - {get_param: NeutronOpenvswitchAgentOvsVolume} + - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run - - logs:/var/log/kolla/ environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_2: {} diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml new file mode 100644 index 00000000..5d1a348a --- /dev/null +++ b/docker/services/neutron-plugin-ml2.yaml @@ -0,0 +1,61 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Neutron ML2 Plugin configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNeutronConfigImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent:latest' + type: string + DefaultPasswords: + default: {} + type: json + +resources: + + NeutronBase: + type: ../../puppet/services/neutron-plugin-ml2.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Neutron ML2 Plugin role. + value: + service_name: {get_attr: [NeutronBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + step_config: &step_config + get_attr: [NeutronBase, role_data, step_config] + service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &docker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + puppet_config: + config_volume: 'neutron' + puppet_tags: '' + step_config: *step_config + config_image: *docker_image + kolla_config: {} + docker_config: {} diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml new file mode 100644 index 00000000..28b3a9d0 --- /dev/null +++ b/docker/services/nova-api.yaml @@ -0,0 +1,147 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaApiImage: + description: image + default: 'centos-binary-nova-api:latest' + type: string + DockerNovaBaseImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NovaApiBase: + type: ../../puppet/services/nova-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova API role. + value: + service_name: {get_attr: [NovaApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NovaApiBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [NovaApiBase, role_data, step_config] + service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &nova_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ] + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_api.json: + command: /usr/bin/nova-api + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + docker_config: + step_3: + nova_api_db_sync: + start_order: 1 + image: *nova_api_image + net: host + detach: false + volumes: &nova_api_volumes + - /var/lib/config-data/nova/etc/:/etc/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + command: ['/usr/bin/nova-manage', 'api_db', 'sync'] + # FIXME: we probably want to wait on the 'cell_v2 update' in order for this + # to be capable of upgrading a baremetal setup. This is to ensure the name + # of the cell is 'default' + nova_api_map_cell0: + start_order: 2 + image: *nova_api_image + net: host + detach: false + volumes: *nova_api_volumes + command: + - '/usr/bin/nova-manage' + - 'cell_v2' + - 'map_cell0' + nova_api_create_default_cell: + start_order: 3 + image: *nova_api_image + net: host + detach: false + volumes: *nova_api_volumes + # NOTE: allowing the exit code 2 is a dirty way of making + # this idempotent (if the resource already exists a conflict + # is raised) + exit_codes: [0,2] + command: + - '/usr/bin/nova-manage' + - 'cell_v2' + - 'create_cell' + - '--name="default"' + nova_db_sync: + start_order: 4 + image: *nova_api_image + net: host + detach: false + volumes: *nova_api_volumes + command: ['/usr/bin/nova-manage', 'db', 'sync'] + step_4: + nova_api: + start_order: 2 + image: *nova_api_image + net: host + user: nova + privileged: true + restart: always + volumes: + - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + nova_api_discover_hosts: + start_order: 3 + image: *nova_api_image + net: host + detach: false + volumes: *nova_api_volumes + command: + - '/usr/bin/nova-manage' + - 'cell_v2' + - 'discover_hosts' diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 5c56aeee..9f4e353a 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > OpenStack containerized Nova Compute service @@ -10,7 +10,7 @@ parameters: type: string DockerNovaComputeImage: description: image - default: 'centos-binary-nova-compute' + default: 'centos-binary-nova-compute:latest' type: string ServiceNetMap: default: {} @@ -29,41 +29,61 @@ parameters: resources: + NovaComputeBase: type: ../../puppet/services/nova-compute.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} outputs: role_data: description: Role data for the Nova Compute service. value: + service_name: {get_attr: [NovaComputeBase, role_data, service_name]} config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]} - step_config: {get_attr: [NovaComputeBase, role_data, step_config]} - puppet_tags: nova_config,nova_paste_api_ini + step_config: &step_config + get_attr: [NovaComputeBase, role_data, step_config] + docker_image: &nova_compute_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + puppet_config: + config_volume: nova_libvirt + puppet_tags: nova_config,nova_paste_api_ini + step_config: *step_config + config_image: *nova_compute_image + kolla_config: + /var/lib/kolla/config_files/nova-compute.json: + command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + - dest: /etc/nova/rootwrap.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf docker_config: - step_1: + # FIXME: run discover hosts here + step_4: novacompute: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + image: *nova_compute_image net: host privileged: true user: root restart: always volumes: - - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro - - /var/lib/etc-data/nova/rootwrap.conf:/var/lib/kolla/config_files/rootwrap.conf:ro + - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova_libvirt:/var/lib/kolla/config_files/src:ro + - /dev:/dev + - /etc/iscsi:/etc/iscsi - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run - - /dev:/dev - - logs:/var/log/kolla/ - - /etc/iscsi:/etc/iscsi + - /var/lib/nova:/var/lib/nova - libvirtd:/var/lib/libvirt - - nova_compute:/var/lib/nova/ environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_2: {} diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml new file mode 100644 index 00000000..73acd0ac --- /dev/null +++ b/docker/services/nova-conductor.yaml @@ -0,0 +1,88 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Conductor service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaConductorImage: + description: image + default: 'centos-binary-nova-conductor:latest' + type: string + DockerNovaBaseImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + NovaConductorBase: + type: ../../puppet/services/nova-conductor.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova Conductor service. + value: + service_name: {get_attr: [NovaConductorBase, role_data, service_name]} + config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaConductorBase, role_data, step_config] + service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &nova_conductor_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ] + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_conductor.json: + command: /usr/bin/nova-conductor + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + docker_config: + step_4: + nova_conductor: + image: *nova_conductor_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml new file mode 100644 index 00000000..5b46010f --- /dev/null +++ b/docker/services/nova-ironic.yaml @@ -0,0 +1,91 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Ironic Compute service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaComputeImage: + description: image + default: 'centos-binary-nova-compute-ironic:latest' + type: string + DockerNovaBaseImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + + NovaIronicBase: + type: ../../puppet/services/nova-ironic.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Compute service. + value: + service_name: {get_attr: [NovaIronicBase, role_data, service_name]} + config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaIronicBase, role_data, step_config] + docker_image: &nova_ironic_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + puppet_config: + config_volume: nova + puppet_tags: nova_config,nova_paste_api_ini + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_ironic.json: + command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + - dest: /etc/nova/rootwrap.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/rootwrap.conf + docker_config: + step_5: + novacompute: + image: *nova_ironic_image + net: host + privileged: true + user: root + restart: always + volumes: + - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - /dev:/dev + - /etc/iscsi:/etc/iscsi + - nova_compute:/var/lib/nova/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 36511557..ed54f3d9 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > OpenStack Libvirt Service @@ -10,7 +10,13 @@ parameters: type: string DockerLibvirtImage: description: image - default: 'centos-binary-libvirt' + default: 'centos-binary-nova-libvirt:latest' + type: string + # we configure libvirt via the nova-compute container due to coupling + # in the puppet modules + DockerNovaComputeImage: + description: image + default: 'centos-binary-nova-compute:latest' type: string ServiceNetMap: default: {} @@ -33,37 +39,57 @@ resources: type: ../../puppet/services/nova-libvirt.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} outputs: role_data: description: Role data for the Libvirt service. value: + service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]} - step_config: {get_attr: [NovaLibvirtBase, role_data, step_config]} - puppet_tags: nova_config + step_config: &step_config + get_attr: [NovaLibvirtBase, role_data, step_config] + docker_image: &libvirt_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + puppet_config: + config_volume: nova_libvirt + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + kolla_config: + /var/lib/kolla/config_files/nova-libvirt.json: + command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf + config_files: + - dest: /etc/libvirt/libvirtd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/libvirt/libvirtd.conf docker_config: - step_1: + step_3: nova_libvirt: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + image: *libvirt_image net: host pid: host privileged: true restart: always volumes: - - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf + - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova_libvirt:/var/lib/kolla/config_files/src:ro + - /dev:/dev - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run - - /dev:/dev - /sys/fs/cgroup:/sys/fs/cgroup - - logs:/var/log/kolla/ + - /var/lib/nova:/var/lib/nova + # Needed to use host's virtlogd + - /var/run/libvirt:/var/run/libvirt - libvirtd:/var/lib/libvirt - - nova_compute:/var/lib/nova/ - nova_libvirt_qemu:/etc/libvirt/qemu environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_2: {} diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml new file mode 100644 index 00000000..90c4c1c9 --- /dev/null +++ b/docker/services/nova-metadata.yaml @@ -0,0 +1,51 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Metadata service + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + + +resources: + + NovaMetadataBase: + type: ../../puppet/services/nova-metadata.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova Metadata service. + value: + service_name: {get_attr: [NovaMetadataBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NovaMetadataBase, role_data, config_settings] + step_config: &step_config + get_attr: [NovaMetadataBase, role_data, step_config] + service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: '' + puppet_config: + config_volume: '' + puppet_tags: '' + step_config: *step_config + config_image: '' + kolla_config: {} + docker_config: {} diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml new file mode 100644 index 00000000..54469795 --- /dev/null +++ b/docker/services/nova-placement.yaml @@ -0,0 +1,104 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Placement API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaPlacementImage: + description: image + default: 'centos-binary-nova-placement-api' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NovaPlacementBase: + type: ../../puppet/services/nova-placement.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova Placement API role. + value: + service_name: {get_attr: [NovaPlacementBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [NovaPlacementBase, role_data, config_settings] + - apache::default_vhost: false + step_config: &step_config + get_attr: [NovaPlacementBase, role_data, step_config] + service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &nova_placement_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + puppet_config: + config_volume: nova_placement + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_placement.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + - dest: /etc/httpd/conf.d/10-placement_wsgi.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf.d/10-placement_wsgi.conf + - dest: /etc/httpd/conf/httpd.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/httpd.conf + - dest: /etc/httpd/conf/ports.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/httpd/conf/ports.conf + - dest: /var/www/cgi-bin/nova/nova-placement-api + owner: nova + perm: '0644' + source: /var/lib/kolla/config_files/src/var/www/cgi-bin/nova/nova-placement-api + docker_config: + # start this early so it is up before computes start reporting + step_3: + nova_placement: + start_order: 1 + image: *nova_placement_image + net: host + user: root + restart: always + volumes: + - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova_placement/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml new file mode 100644 index 00000000..e3955a2b --- /dev/null +++ b/docker/services/nova-scheduler.yaml @@ -0,0 +1,87 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Nova Scheduler service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaSchedulerImage: + description: image + default: 'centos-binary-nova-scheduler:latest' + type: string + DockerNovaBaseImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + NovaSchedulerBase: + type: ../../puppet/services/nova-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Nova Scheduler service. + value: + service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]} + config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaSchedulerBase, role_data, step_config] + service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &nova_scheduler_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ] + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaBaseImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_scheduler.json: + command: /usr/bin/nova-scheduler + config_files: + - dest: /etc/nova/nova.conf + owner: nova + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/nova/nova.conf + docker_config: + step_4: + nova_scheduler: + image: *nova_scheduler_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml new file mode 100644 index 00000000..aa604439 --- /dev/null +++ b/docker/services/rabbitmq.yaml @@ -0,0 +1,122 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Rabbitmq service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerRabbitmqImage: + description: image + default: 'centos-binary-rabbitmq:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RabbitCookie: + type: string + default: '' + hidden: true + +resources: + + RabbitmqBase: + type: ../../puppet/services/rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Rabbitmq API role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + config_settings: {get_attr: [RabbitmqBase, role_data, config_settings]} + step_config: &step_config + get_attr: [RabbitmqBase, role_data, step_config] + service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &rabbitmq_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] + puppet_config: + config_volume: rabbitmq + puppet_tags: file + step_config: *step_config + config_image: *rabbitmq_image + kolla_config: + /var/lib/kolla/config_files/rabbitmq.json: + command: /usr/lib/rabbitmq/bin/rabbitmq-server + config_files: + - dest: /etc/rabbitmq/rabbitmq.config + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq.config + - dest: /etc/rabbitmq/enabled_plugins + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/rabbitmq/enabled_plugins + - dest: /etc/rabbitmq/rabbitmq-env.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmq-env.conf + - dest: /etc/rabbitmq/rabbitmqadmin.conf + owner: root + perm: '0644' + source: /var/lib/kolla/config_files/src/etc/rabbitmq/rabbitmqadmin.conf + docker_config: + step_1: + rabbitmq_bootstrap: + start_order: 0 + image: *rabbitmq_image + net: host + privileged: false + volumes: + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - rabbitmq:/var/lib/rabbitmq/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + - + list_join: + - '=' + - - 'RABBITMQ_CLUSTER_COOKIE' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq: + start_order: 1 + image: *rabbitmq_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - rabbitmq:/var/lib/rabbitmq/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/services.yaml b/docker/services/services.yaml index 37e7b655..125c4468 100644 --- a/docker/services/services.yaml +++ b/docker/services/services.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Utility stack to convert an array of services into a set of combined @@ -66,8 +66,12 @@ outputs: global_config_settings: {get_attr: [PuppetServices, role_data, global_config_settings]} step_config: - {get_attr: [PuppetServices, role_data, step_config]} - puppet_tags: {list_join: [",", {get_attr: [ServiceChain, role_data, puppet_tags]}]} + {get_attr: [ServiceChain, role_data, step_config]} + docker_image: {get_attr: [ServiceChain, role_data, docker_image]} + puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]} + kolla_config: + map_merge: {get_attr: [ServiceChain, role_data, kolla_config]} docker_config: - step_1: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_1]}} - step_2: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_2]}} + {get_attr: [ServiceChain, role_data, docker_config]} + docker_puppet_tasks: + {get_attr: [ServiceChain, role_data, docker_puppet_tasks]} diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml new file mode 100644 index 00000000..cdfefe2f --- /dev/null +++ b/docker/services/swift-proxy.yaml @@ -0,0 +1,79 @@ +heat_template_version: ocata + +description: > + OpenStack containerized swift proxy service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSwiftProxyImage: + description: image + default: 'centos-binary-swift-proxy-server:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + SwiftProxyBase: + type: ../../puppet/services/swift-proxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the swift proxy. + value: + service_name: {get_attr: [SwiftProxyBase, role_data, service_name]} + config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]} + step_config: &step_config + get_attr: [SwiftProxyBase, role_data, step_config] + service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + puppet_config: + config_volume: swift + puppet_tags: swift_proxy_config + step_config: *step_config + config_image: *swift_proxy_image + kolla_config: + /var/lib/kolla/config_files/swift_proxy.json: + command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf + docker_config: + step_4: + swift_proxy: + image: *swift_proxy_image + net: host + user: swift + restart: always + # I'm mounting /etc/swift as rw. Are the rings written to at all during runtime? + volumes: + - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml new file mode 100644 index 00000000..027a6956 --- /dev/null +++ b/docker/services/swift-ringbuilder.yaml @@ -0,0 +1,83 @@ +heat_template_version: ocata + +description: > + OpenStack Swift Ringbuilder + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSwiftProxyImage: + description: image + default: 'centos-binary-swift-proxy-server:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftRingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean + SwiftReplicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json + SwiftUseLocalDir: + default: true + description: 'Use a local directory for Swift storage services when building rings' + type: boolean + +resources: + + SwiftRingbuilderBase: + type: ../../puppet/services/swift-ringbuilder.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for Swift Ringbuilder configuration in containers. + value: + service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]} + config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [SwiftRingbuilderBase, role_data, step_config] + service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &docker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + puppet_config: + config_volume: 'swift' + puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance + step_config: *step_config + config_image: *docker_image + kolla_config: {} + docker_config: {} diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml new file mode 100644 index 00000000..ab9946f3 --- /dev/null +++ b/docker/services/swift-storage.yaml @@ -0,0 +1,346 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Swift Storage services. + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSwiftProxyImage: + description: image + default: 'centos-binary-swift-proxy-server:latest' + type: string + DockerSwiftAccountImage: + description: image + default: 'centos-binary-swift-account:latest' + type: string + DockerSwiftContainerImage: + description: image + default: 'centos-binary-swift-container:latest' + type: string + DockerSwiftObjectImage: + description: image + default: 'centos-binary-swift-object:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + +resources: + + SwiftStorageBase: + type: ../../puppet/services/swift-storage.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the swift storage services. + value: + service_name: {get_attr: [SwiftStorageBase, role_data, service_name]} + config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]} + step_config: &step_config + get_attr: [SwiftStorageBase, role_data, step_config] + service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &swift_proxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + puppet_config: + config_volume: swift + puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config + step_config: *step_config + config_image: *swift_proxy_image + kolla_config: + /var/lib/kolla/config_files/swift_account_auditor.json: + command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf + /var/lib/kolla/config_files/swift_account_reaper.json: + command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf + /var/lib/kolla/config_files/swift_account_replicator.json: + command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf + /var/lib/kolla/config_files/swift_account_server.json: + command: /usr/bin/swift-account-server /etc/swift/account-server.conf + /var/lib/kolla/config_files/swift_container_auditor.json: + command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf + /var/lib/kolla/config_files/swift_container_replicator.json: + command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf + /var/lib/kolla/config_files/swift_container_updater.json: + command: /usr/bin/swift-container-updater /etc/swift/container-server.conf + /var/lib/kolla/config_files/swift_container_server.json: + command: /usr/bin/swift-container-server /etc/swift/container-server.conf + /var/lib/kolla/config_files/swift_object_auditor.json: + command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf + /var/lib/kolla/config_files/swift_object_expirer.json: + command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf + /var/lib/kolla/config_files/swift_object_replicator.json: + command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf + /var/lib/kolla/config_files/swift_object_updater.json: + command: /usr/bin/swift-object-updater /etc/swift/object-server.conf + /var/lib/kolla/config_files/swift_object_server.json: + command: /usr/bin/swift-object-server /etc/swift/object-server.conf + docker_config: + step_3: + # The puppet config sets this up but we don't have a way to mount the named + # volume during the configuration stage. We just need to create this + # directory and make sure it's owned by swift. + swift_setup_srv: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + user: root + command: ['/bin/bash', '-c', 'mkdir /srv/node && chown swift:swift /srv/node'] + volumes: + - swift-srv:/srv + step_4: + swift_account_auditor: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: &kolla_env + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + swift_account_reaper: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_account_replicator: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_account_server: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_container_auditor: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_container_replicator: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_container_updater: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_container_server: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_auditor: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_expirer: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_replicator: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_updater: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env + swift_object_server: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + net: host + user: swift + restart: always + volumes: + - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /run:/run + - swift-srv:/srv + - /dev:/dev + environment: *kolla_env diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml new file mode 100644 index 00000000..1704278e --- /dev/null +++ b/docker/services/zaqar.yaml @@ -0,0 +1,102 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Zaqar services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerZaqarImage: + description: image + default: 'centos-binary-zaqar:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + ZaqarBase: + type: ../../puppet/services/zaqar.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Zaqar API role. + value: + service_name: {get_attr: [ZaqarBase, role_data, service_name]} + config_settings: {get_attr: [ZaqarBase, role_data, config_settings]} + step_config: &step_config + get_attr: [ZaqarBase, role_data, step_config] + service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + docker_image: &zaqar_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] + puppet_config: + config_volume: zaqar + puppet_tags: zaqar_config + step_config: *step_config + config_image: *zaqar_image + kolla_config: + /var/lib/kolla/config_files/zaqar.json: + command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf + config_files: + - dest: /etc/zaqar/zaqar.conf + owner: zaqar + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf + /var/lib/kolla/config_files/zaqar_websocket.json: + command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf + config_files: + - dest: /etc/zaqar/zaqar.conf + owner: zaqar + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf + - dest: /etc/zaqar/1.conf + owner: zaqar + perm: '0640' + source: /var/lib/kolla/config_files/src/etc/zaqar/1.conf + docker_config: + step_4: + zaqar: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + zaqar_websocket: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS |