aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rwxr-xr-xdocker/docker-puppet.py14
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml20
-rw-r--r--docker/services/cinder-api.yaml1
-rw-r--r--docker/services/cinder-volume.yaml1
-rw-r--r--docker/services/database/mysql.yaml2
-rw-r--r--docker/services/glance-api.yaml39
-rw-r--r--docker/services/heat-api.yaml1
-rw-r--r--docker/services/horizon.yaml6
-rw-r--r--docker/services/keystone.yaml1
-rw-r--r--docker/services/memcached.yaml10
-rw-r--r--docker/services/mistral-api.yaml36
-rw-r--r--docker/services/nova-api.yaml1
-rw-r--r--docker/services/nova-compute.yaml3
-rw-r--r--docker/services/nova-ironic.yaml2
-rw-r--r--docker/services/nova-libvirt.yaml4
-rw-r--r--docker/services/nova-migration-target.yaml2
-rw-r--r--docker/services/pacemaker/clustercheck.yaml5
17 files changed, 119 insertions, 29 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index 533ed07d..d12e0551 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -225,8 +225,14 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
touch /tmp/the_origin_of_time
sync
+ set +e
FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \
- --color=false --logdest syslog --logdest console $TAGS /etc/config.pp
+ --detailed-exitcodes --color=false --logdest syslog --logdest console $TAGS /etc/config.pp
+ rc=$?
+ set -e
+ if [ $rc -ne 2 -a $rc -ne 0 ]; then
+ exit $rc
+ fi
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
@@ -307,7 +313,9 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, env=env)
cmd_stdout, cmd_stderr = subproc.communicate()
- if subproc.returncode != 0:
+ # puppet with --detailed-exitcodes will return 0 for success and no changes
+ # and 2 for success and resource changes. Other numbers are failures
+ if subproc.returncode not in [0, 2]:
log.error('Failed running docker-puppet.py for %s' % config_volume)
if cmd_stdout:
log.error(cmd_stdout)
@@ -355,7 +363,7 @@ returncodes = list(p.map(mp_puppet_config, process_map))
config_volumes = [pm[0] for pm in process_map]
success = True
for returncode, config_volume in zip(returncodes, config_volumes):
- if returncode != 0:
+ if returncode not in [0, 2]:
log.error('ERROR configuring %s' % config_volume)
success = False
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 8cc81fb0..4674ec14 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -73,15 +73,9 @@ parameters:
description: >
It can be used to override settings for one of the predefined pools, or to create
additional ones. Example:
- {
- "volumes": {
- "size": 5,
- "pg_num": 128,
- "pgp_num": 128
- }
- }
- default: {}
- type: json
+ [{"name": "volumes", "pg_num": 64, "rule_name": ""}]
+ default: []
+ type: comma_delimited_list
CinderRbdPoolName:
default: volumes
type: string
@@ -225,13 +219,7 @@ outputs:
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
- - repeat:
- template:
- name: <%pool%>
- pg_num: {get_param: CephPoolDefaultPgNum}
- rule_name: ""
- for_each:
- <%pool%>: {get_param: CephPools}
+ - {get_param: CephPools}
openstack_keys: &openstack_keys
- name:
list_join:
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
index 25390c63..336b4540 100644
--- a/docker/services/cinder-api.yaml
+++ b/docker/services/cinder-api.yaml
@@ -200,6 +200,7 @@ outputs:
tags: step2
service: name=httpd state=stopped enabled=no
- name: remove old cinder cron jobs
+ tags: step2
file:
path: /var/spool/cron/cinder
state: absent
diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
index d8a93b13..46873ea8 100644
--- a/docker/services/cinder-volume.yaml
+++ b/docker/services/cinder-volume.yaml
@@ -125,6 +125,7 @@ outputs:
step_4:
cinder_volume:
image: *cinder_volume_image
+ ipc: host
net: host
privileged: true
restart: always
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index 174acd44..aeba7d7a 100644
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -202,7 +202,7 @@ outputs:
volumes:
list_concat:
-
- - /var/lib/mysql:/var/lib/mysql/:ro
+ - /var/lib/mysql:/var/lib/mysql/:rw
- /var/log/containers/mysql:/var/log/mariadb
- /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
- if:
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index e1a3827a..b4336bea 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -39,6 +39,13 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, cinder, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd', 'cinder']
GlanceNfsEnabled:
default: false
description: >
@@ -48,11 +55,22 @@ parameters:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
+ GlanceNfsShare:
+ default: ''
+ description: >
+ NFS share to mount for image storage (when GlanceNfsEnabled is true)
+ type: string
+ GlanceNfsOptions:
+ default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
+ description: >
+ NFS mount options for image storage (when GlanceNfsEnabled is true)
+ type: string
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]}
+ cinder_backend_enabled: {equals: [{get_param: GlanceBackend}, cinder]}
resources:
@@ -108,6 +126,10 @@ outputs:
dest: "/etc/ceph/"
merge: true
preserve_properties: true
+ permissions:
+ - path: /var/lib/glance
+ owner: glance:glance
+ recurse: true
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
@@ -147,6 +169,12 @@ outputs:
- nfs_backend_enabled
- /var/lib/glance:/var/lib/glance
- ''
+ -
+ if:
+ - cinder_backend_enabled
+ - - /dev:/dev
+ - /etc/iscsi:/etc/iscsi
+ - []
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -157,7 +185,7 @@ outputs:
start_order: 2
image: *glance_api_image
net: host
- privileged: false
+ privileged: {if: [cinder_backend_enabled, true, false]}
restart: always
volumes: *glance_volumes
environment:
@@ -182,6 +210,15 @@ outputs:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks:
+ - name: Mount NFS on host
+ vars:
+ nfs_backend_enable: {get_param: GlanceNfsEnabled}
+ mount: name=/var/lib/glance src="{{item.NFS_SHARE}}" fstype=nfs4 opts="{{item.NFS_OPTIONS}}" state=mounted
+ with_items:
+ - NFS_SHARE: {get_param: GlanceNfsShare}
+ NFS_OPTIONS: {get_param: GlanceNfsOptions}
+ when:
+ - nfs_backend_enable
- name: create persistent logs directory
file:
path: "{{ item }}"
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index 75d0b8c1..dcba519f 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -166,6 +166,7 @@ outputs:
ignore_errors: True
register: heat_api_enabled
- name: remove old heat cron jobs
+ tags: step2
file:
path: /var/spool/cron/heat
state: absent
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index 2c7d7a74..94fd9eef 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -95,6 +95,12 @@ outputs:
- path: /var/log/horizon/
owner: apache:apache
recurse: true
+ # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to
+ # horizon:horizon - the policy.json files need read permissions for the apache user
+ # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead
+ - path: /etc/openstack-dashboard/
+ owner: apache:apache
+ recurse: true
# FIXME Apache tries to write a .lock file there
- path: /usr/share/openstack-dashboard/openstack_dashboard/local/
owner: apache:apache
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 26cef614..a8ba5bf1 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -211,6 +211,7 @@ outputs:
tags: step2
service: name=httpd state=stopped enabled=no
- name: remove old keystone cron jobs
+ tags: step2
file:
path: /var/spool/cron/keystone
state: absent
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
index 817f9ec7..67b84249 100644
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@@ -94,7 +94,15 @@ outputs:
-
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- /var/log/containers/memcached:/var/log/
- command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
+ # NOTE: We're adding the log redirection here, even though should
+ # already be part of the options. This is because the redirection
+ # via the options is not working and ends up being passed as a
+ # parameter to the memcached command (which it silently ignores).
+ # Thus the need for the explicit redirection here. The redirection
+ # will be removed from the $OPTIONS, which is done via the puppet
+ # module, but we'll only be able to do this once the following pull
+ # request merges: https://github.com/saz/puppet-memcached/pull/88
+ command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS >> /var/log/memcached.log 2>&1']
upgrade_tasks:
- name: Stop and disable memcached service
tags: step2
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
index 50c80216..1b4b44f2 100644
--- a/docker/services/mistral-api.yaml
+++ b/docker/services/mistral-api.yaml
@@ -36,6 +36,16 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ MistralWorkers:
+ default: 1
+ description: The number of workers for the mistral-api.
+ type: number
+ MistralApiPolicies:
+ description: |
+ A hash of policies to configure for Mistral API.
+ e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+ default: {}
+ type: json
resources:
@@ -45,6 +55,16 @@ resources:
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
+ MistralBase:
+ type: ../../puppet/services/mistral-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
MistralApiBase:
type: ../../puppet/services/mistral-api.yaml
properties:
@@ -60,9 +80,23 @@ outputs:
description: Role data for the Mistral API role.
value:
service_name: {get_attr: [MistralApiBase, role_data, service_name]}
+ # FIXME(mandre) restore once mistral-api image has the necessary packages
+ # to run on top of apache
+ # config_settings:
+ # map_merge:
+ # - get_attr: [MistralApiBase, role_data, config_settings]
config_settings:
map_merge:
- - get_attr: [MistralApiBase, role_data, config_settings]
+ - get_attr: [MistralBase, role_data, config_settings]
+ - mistral::api::api_workers: {get_param: MistralWorkers}
+ mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ mistral::policy::policies: {get_param: MistralApiPolicies}
+ tripleo.mistral_api.firewall_rules:
+ '133 mistral':
+ dport:
+ - 8989
+ - 13989
+ mistral_wsgi_enabled: false
logging_source: {get_attr: [MistralApiBase, role_data, logging_source]}
logging_groups: {get_attr: [MistralApiBase, role_data, logging_groups]}
step_config: &step_config
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index f262bcb1..7f1b7a54 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -246,6 +246,7 @@ outputs:
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
- name: remove old nova cron jobs
+ tags: step2
file:
path: /var/spool/cron/nova
state: absent
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 883f438b..b43193ec 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -115,6 +115,7 @@ outputs:
step_4:
nova_compute:
image: &nova_compute_image {get_param: DockerNovaComputeImage}
+ ipc: host
net: host
privileged: true
user: nova
@@ -130,7 +131,7 @@ outputs:
- /dev:/dev
- /lib/modules:/lib/modules:ro
- /run:/run
- - /var/lib/nova:/var/lib/nova
+ - /var/lib/nova:/var/lib/nova:shared
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/containers/nova:/var/log/nova
- /sys/class/net:/sys/class/net
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
index 1bed40ec..f41d1979 100644
--- a/docker/services/nova-ironic.yaml
+++ b/docker/services/nova-ironic.yaml
@@ -109,7 +109,7 @@ outputs:
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /run:/run
- /dev:/dev
- - /var/lib/nova/:/var/lib/nova
+ - /var/lib/nova/:/var/lib/nova:shared
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index e585cb6c..13dbec95 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -174,7 +174,7 @@ outputs:
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- - /var/lib/nova:/var/lib/nova
+ - /var/lib/nova:/var/lib/nova:shared
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /etc/libvirt/qemu:/etc/libvirt/qemu:ro
@@ -199,7 +199,7 @@ outputs:
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- - /var/lib/nova:/var/lib/nova
+ - /var/lib/nova:/var/lib/nova:shared
- /etc/libvirt:/etc/libvirt
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml
index cb3b950e..7909e416 100644
--- a/docker/services/nova-migration-target.yaml
+++ b/docker/services/nova-migration-target.yaml
@@ -149,6 +149,6 @@ outputs:
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/ssh/:/host-ssh/:ro
- /run:/run
- - /var/lib/nova:/var/lib/nova
+ - /var/lib/nova:/var/lib/nova:shared
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml
index b5d128d4..6db8a212 100644
--- a/docker/services/pacemaker/clustercheck.yaml
+++ b/docker/services/pacemaker/clustercheck.yaml
@@ -44,8 +44,11 @@ resources:
ContainersCommon:
type: ../containers-common.yaml
+# We import from the corresponding docker service because otherwise we risk
+# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall
+# rules (see LP#1728918)
MysqlPuppetBase:
- type: ../../../puppet/services/pacemaker/database/mysql.yaml
+ type: ../../../docker/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}