diff options
Diffstat (limited to 'docker')
40 files changed, 953 insertions, 463 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 909a2c8a..111005ac 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -19,12 +19,20 @@ # inside of a container. import json +import logging import os import subprocess import sys import tempfile import multiprocessing +log = logging.getLogger() +log.setLevel(logging.DEBUG) +ch = logging.StreamHandler(sys.stdout) +ch.setLevel(logging.DEBUG) +formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s') +ch.setFormatter(formatter) +log.addHandler(ch) # this is to match what we do in deployed-server def short_hostname(): @@ -36,42 +44,47 @@ def short_hostname(): def pull_image(name): - print('Pulling image: %s' % name) + log.info('Pulling image: %s' % name) subproc = subprocess.Popen(['/usr/bin/docker', 'pull', name], stdout=subprocess.PIPE, stderr=subprocess.PIPE) cmd_stdout, cmd_stderr = subproc.communicate() - print(cmd_stdout) - print(cmd_stderr) + if cmd_stdout: + log.debug(cmd_stdout) + if cmd_stderr: + log.debug(cmd_stderr) def rm_container(name): if os.environ.get('SHOW_DIFF', None): - print('Diffing container: %s' % name) + log.info('Diffing container: %s' % name) subproc = subprocess.Popen(['/usr/bin/docker', 'diff', name], stdout=subprocess.PIPE, stderr=subprocess.PIPE) cmd_stdout, cmd_stderr = subproc.communicate() - print(cmd_stdout) - print(cmd_stderr) + if cmd_stdout: + log.debug(cmd_stdout) + if cmd_stderr: + log.debug(cmd_stderr) - print('Removing container: %s' % name) + log.info('Removing container: %s' % name) subproc = subprocess.Popen(['/usr/bin/docker', 'rm', name], stdout=subprocess.PIPE, stderr=subprocess.PIPE) cmd_stdout, cmd_stderr = subproc.communicate() - print(cmd_stdout) + if cmd_stdout: + log.debug(cmd_stdout) if cmd_stderr and \ - cmd_stderr != 'Error response from daemon: ' \ - 'No such container: {}\n'.format(name): - print(cmd_stderr) + cmd_stderr != 'Error response from daemon: ' \ + 'No such container: {}\n'.format(name): + log.debug(cmd_stderr) process_count = int(os.environ.get('PROCESS_COUNT', multiprocessing.cpu_count())) +log.info('Running docker-puppet') config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json') -print('docker-puppet') -print('CONFIG: %s' % config_file) +log.debug('CONFIG: %s' % config_file) with open(config_file) as f: json_data = json.load(f) @@ -108,16 +121,15 @@ for service in (json_data or []): if not manifest or not config_image: continue - print('---------') - print('config_volume %s' % config_volume) - print('puppet_tags %s' % puppet_tags) - print('manifest %s' % manifest) - print('config_image %s' % config_image) - print('volumes %s' % volumes) + log.debug('config_volume %s' % config_volume) + log.debug('puppet_tags %s' % puppet_tags) + log.debug('manifest %s' % manifest) + log.debug('config_image %s' % config_image) + log.debug('volumes %s' % volumes) # We key off of config volume for all configs. if config_volume in configs: # Append puppet tags and manifest. - print("Existing service, appending puppet tags and manifest\n") + log.info("Existing service, appending puppet tags and manifest") if puppet_tags: configs[config_volume][1] = '%s,%s' % (configs[config_volume][1], puppet_tags) @@ -125,22 +137,21 @@ for service in (json_data or []): configs[config_volume][2] = '%s\n%s' % (configs[config_volume][2], manifest) if configs[config_volume][3] != config_image: - print("WARNING: Config containers do not match even though" - " shared volumes are the same!\n") + log.warn("Config containers do not match even though" + " shared volumes are the same!") else: - print("Adding new service\n") + log.info("Adding new service") configs[config_volume] = service -print('Service compilation completed.\n') +log.info('Service compilation completed.') def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)): - print('---------') - print('config_volume %s' % config_volume) - print('puppet_tags %s' % puppet_tags) - print('manifest %s' % manifest) - print('config_image %s' % config_image) - print('volumes %s' % volumes) + log.debug('config_volume %s' % config_volume) + log.debug('puppet_tags %s' % puppet_tags) + log.debug('manifest %s' % manifest) + log.debug('config_image %s' % config_image) + log.debug('volumes %s' % volumes) hostname = short_hostname() sh_script = '/var/lib/docker-puppet/docker-puppet-%s.sh' % config_volume @@ -226,18 +237,21 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume env[k] = os.environ.get(k) if os.environ.get('NET_HOST', 'false') == 'true': - print('NET_HOST enabled') + log.debug('NET_HOST enabled') dcmd.extend(['--net', 'host', '--volume', '/etc/hosts:/etc/hosts:ro']) dcmd.append(config_image) + log.debug('Running docker command: %s' % ' '.join(dcmd)) subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env) cmd_stdout, cmd_stderr = subproc.communicate() - print(cmd_stdout) - print(cmd_stderr) + if cmd_stdout: + log.debug(cmd_stdout) + if cmd_stderr: + log.debug(cmd_stderr) if subproc.returncode != 0: - print('Failed running docker-puppet.py for %s' % config_volume) + log.error('Failed running docker-puppet.py for %s' % config_volume) rm_container('docker-puppet-%s' % config_volume) return subproc.returncode @@ -263,7 +277,7 @@ for config_volume in configs: process_map.append([config_volume, puppet_tags, manifest, config_image, volumes]) for p in process_map: - print '--\n%s' % p + log.debug('- %s' % p) # Fire off processes to perform each configuration. Defaults # to the number of CPUs on the system. @@ -273,7 +287,7 @@ config_volumes = [pm[0] for pm in process_map] success = True for returncode, config_volume in zip(returncodes, config_volumes): if returncode != 0: - print('ERROR configuring %s' % config_volume) + log.error('ERROR configuring %s' % config_volume) success = False if not success: diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 301d838f..1d5605b2 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -1,6 +1,15 @@ # certain initialization steps (run in a container) will occur -# on the first role listed in the roles file -{% set primary_role_name = roles[0].name -%} +# on the role marked as primary controller or the first role listed +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# primary role is: {{primary_role_name}} +{% set deploy_steps_max = 6 -%} heat_template_version: ocata @@ -38,12 +47,16 @@ resources: value: yaql: expression: - dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1])) + $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1])) data: docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]} + default_tasks: +{%- for step in range(1, deploy_steps_max) %} + step_{{step}}: {} +{%- endfor %} # BEGIN primary_role_name docker-puppet-tasks (run only on a single node) -{% for step in range(1, 6) %} +{% for step in range(1, deploy_steps_max) %} {{primary_role_name}}DockerPuppetJsonConfig{{step}}: type: OS::Heat::StructuredConfig @@ -169,6 +182,8 @@ resources: properties: group: script config: {get_file: docker-puppet.py} + inputs: + - name: NET_HOST {{role.name}}GenerateConfigDeployment: type: OS::Heat::SoftwareDeploymentGroup @@ -177,6 +192,8 @@ resources: name: {{role.name}}GenerateConfigDeployment servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}GenerateConfig} + input_values: + NET_HOST: 'true' {{role.name}}PuppetStepConfig: type: OS::Heat::Value @@ -239,21 +256,19 @@ resources: # BEGIN BAREMETAL CONFIG STEPS - {% if role.name == 'Controller' %} - ControllerPrePuppet: - type: OS::TripleO::Tasks::ControllerPrePuppet + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig properties: - servers: {get_param: [servers, Controller]} + servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} - {% endif %} {{role.name}}Config: type: OS::TripleO::{{role.name}}Config properties: StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]} - {% for step in range(1, 6) %} + {% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup @@ -279,7 +294,7 @@ resources: # END BAREMETAL CONFIG STEPS # BEGIN CONTAINER CONFIG STEPS - {% for step in range(1, 6) %} + {% for step in range(1, deploy_steps_max) %} {{role.name}}ContainersConfig_Step{{step}}: type: OS::Heat::StructuredConfig @@ -292,10 +307,12 @@ resources: type: OS::Heat::StructuredDeploymentGroup {% if step == 1 %} depends_on: - - {{role.name}}PreConfig - {{role.name}}KollaJsonDeployment - {{role.name}}GenPuppetDeployment - {{role.name}}GenerateConfigDeployment + {%- for dep in roles %} + - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first + {%- endfor %} {% else %} depends_on: {% for dep in roles %} @@ -336,15 +353,4 @@ resources: properties: servers: {get_param: [servers, {{role.name}}]} - {% if role.name == 'Controller' %} - ControllerPostPuppet: - depends_on: - - ControllerExtraConfigPost - type: OS::TripleO::Tasks::ControllerPostPuppet - properties: - servers: {get_param: [servers, Controller]} - input_values: - update_identifier: {get_param: DeployIdentifier} - {% endif %} - {% endfor %} diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 32294958..b93a92e1 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized aodh service @@ -26,9 +26,19 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: + ContainersCommon: + type: ./containers-common.yaml + AodhApiPuppetBase: type: ../../puppet/services/aodh-api.yaml properties: @@ -62,7 +72,7 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: step_3: - aodh-init-log: + aodh_init_log: start_order: 0 image: *aodh_image user: root @@ -76,28 +86,42 @@ outputs: privileged: false detach: false volumes: - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - logs:/var/log + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - logs:/var/log command: /usr/bin/aodh-dbsync step_4: - aodh-api: + aodh_api: image: *aodh_image net: host privileged: false restart: always volumes: - - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro - - /var/lib/config-data/aodh/var/www/:/var/www/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - logs:/var/log + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/aodh/var/www/:/var/www/:ro + - logs:/var/log + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable aodh service (running under httpd) tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [AodhApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 1553df3c..c8e7d691 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Aodh Evaluator service @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + AodhEvaluatorBase: type: ../../puppet/services/aodh-evaluator.yaml properties: @@ -67,10 +70,11 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 300dfde3..9e65c1c4 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Aodh Listener service @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + AodhListenerBase: type: ../../puppet/services/aodh-listener.yaml properties: @@ -67,10 +70,11 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index b4056603..402b8abf 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Aodh Notifier service @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + AodhNotifierBase: type: ../../puppet/services/aodh-notifier.yaml properties: @@ -67,10 +70,11 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml new file mode 100644 index 00000000..d3561f6b --- /dev/null +++ b/docker/services/containers-common.yaml @@ -0,0 +1,16 @@ +heat_template_version: ocata + +description: > + Contains a static list of common things necessary for containers + +outputs: + volumes: + description: Common volumes for the containers. + value: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + # OpenSSL trusted CAs + - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro + - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro + - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro + - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml new file mode 100644 index 00000000..aa615919 --- /dev/null +++ b/docker/services/database/redis.yaml @@ -0,0 +1,93 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Redis services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerRedisImage: + description: image + default: 'centos-binary-redis:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + RedisBase: + type: ../../../puppet/services/database/redis.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Redis API role. + value: + service_name: {get_attr: [RedisBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [RedisBase, role_data, config_settings]} + - redis::daemonize: false + step_config: &step_config + get_attr: [RedisBase, role_data, step_config] + service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: 'redis' + # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to + # /etc/redis.conf + # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 + puppet_tags: 'exec' + step_config: *step_config + config_image: &redis_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] + kolla_config: + /var/lib/kolla/config_files/redis.json: + command: /usr/bin/redis-server /etc/redis.conf + permissions: + - path: /var/run/redis + owner: redis:redis + recurse: true + docker_config: + step_1: + redis: + image: *redis_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/redis/etc/:/etc/:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log/kolla + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/run/redis + file: + path: /var/run/redis + state: directory + upgrade_tasks: + - name: Stop and disable redis service + tags: step2 + service: name=redis state=stopped enabled=no diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml new file mode 100644 index 00000000..0a7daef8 --- /dev/null +++ b/docker/services/etcd.yaml @@ -0,0 +1,105 @@ +heat_template_version: ocata + +description: > + OpenStack containerized etcd services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerEtcdImage: + description: image + default: 'centos-binary-etcd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EtcdInitialClusterToken: + description: Initial cluster token for the etcd cluster during bootstrap. + type: string + hidden: true + +resources: + + EtcdPuppetBase: + type: ../../puppet/services/etcd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EtcdInitialClusterToken: {get_param: EtcdInitialClusterToken} + +outputs: + role_data: + description: Role data for the etcd role. + value: + service_name: {get_attr: [EtcdPuppetBase, role_data, service_name]} + step_config: &step_config + list_join: + - "\n" + - - "['Etcd_key'].each |String $val| { noop_resource($val) }" + - get_attr: [EtcdPuppetBase, role_data, step_config] + config_settings: + map_merge: + - {get_attr: [EtcdPuppetBase, role_data, config_settings]} + - etcd::manage_service: false + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: etcd + step_config: *step_config + config_image: &etcd_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] + kolla_config: + /var/lib/kolla/config_files/etcd.json: + command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml + permissions: + - path: /var/lib/etcd + owner: etcd:etcd + recurse: true + docker_config: + step_2: + etcd: + image: *etcd_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/etcd:/var/lib/etcd + - /etc/localtime:/etc/localtime:ro + - /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/etcd/etc/etcd/etcd.yml:/etc/etcd/etcd.yml:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # Etcd keys initialization occurs only on single node + step_2: + config_volume: 'etcd_init_tasks' + puppet_tags: 'etcd_key' + step_config: 'include ::tripleo::profile::base::etcd' + config_image: *etcd_image + volumes: + - /var/lib/config-data/etcd/etc/:/etc + - /var/lib/etcd:/var/lib/etcd:ro + host_prep_tasks: + - name: create /var/lib/etcd + file: + path: /var/lib/etcd + state: directory + upgrade_tasks: + - name: Stop and disable etcd service + tags: step2 + service: name=etcd state=stopped enabled=no diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index fdfdbc68..7f4ee434 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Glance service configured with Puppet @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + GlanceApiPuppetBase: type: ../../puppet/services/glance-api.yaml properties: @@ -68,13 +71,14 @@ outputs: privileged: false detach: false volumes: &glance_volumes - - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /run:/run - - /dev:/dev - - /etc/hosts:/etc/hosts:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - /dev:/dev environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 659785aa..3fbdac4e 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized gnocchi service @@ -26,9 +26,19 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: + ContainersCommon: + type: ./containers-common.yaml + GnocchiApiPuppetBase: type: ../../puppet/services/gnocchi-api.yaml properties: @@ -62,7 +72,7 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: step_3: - gnocchi-init-log: + gnocchi_init_log: start_order: 0 image: *gnocchi_image user: root @@ -76,27 +86,41 @@ outputs: detach: false privileged: false volumes: - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - logs:/var/log + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - logs:/var/log command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"] step_4: - gnocchi-api: + gnocchi_api: image: *gnocchi_image net: host privileged: false restart: always volumes: - - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro - - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable httpd service tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [GnocchiApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 78494d66..9739735b 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Gnocchi Metricd service @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + GnocchiMetricdBase: type: ../../puppet/services/gnocchi-metricd.yaml properties: @@ -65,10 +68,11 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 7f439846..8b3071a3 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Gnocchi Statsd service @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + GnocchiStatsdBase: type: ../../puppet/services/gnocchi-statsd.yaml properties: @@ -65,10 +68,11 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index e1226471..ae46e92b 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Heat API CFN service @@ -35,6 +35,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + HeatBase: type: ../../puppet/services/heat-api-cfn.yaml properties: @@ -77,12 +80,13 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /dev:/dev - - /run:/run + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro + - /dev:/dev + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 3212d909..e75ba0ae 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Heat API service @@ -35,6 +35,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + HeatBase: type: ../../puppet/services/heat-api.yaml properties: @@ -77,12 +80,13 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /dev:/dev - - /run:/run + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro + - /dev:/dev + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 83c63095..ced81561 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Heat Engine service @@ -30,6 +30,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + HeatBase: type: ../../puppet/services/heat-engine.yaml properties: @@ -69,9 +72,10 @@ outputs: privileged: false detach: false volumes: - - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro command: ['heat-manage', 'db_sync'] step_4: heat_engine: @@ -80,11 +84,12 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index bef84e2e..a15e74d0 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Ironic API service @@ -33,6 +33,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + IronicApiBase: type: ../../puppet/services/ironic-api.yaml properties: @@ -74,9 +77,10 @@ outputs: privileged: false detach: false volumes: - - /var/lib/config-data/ironic/etc/:/etc/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/ironic/etc/:/etc/:ro command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf'] step_4: ironic_api: @@ -86,10 +90,11 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/:/etc/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/etc/:/etc/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 3047f30b..99d67e04 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Ironic Conductor service @@ -33,6 +33,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + IronicConductorBase: type: ../../puppet/services/ironic-conductor.yaml properties: @@ -87,15 +90,16 @@ outputs: privileged: true restart: always volumes: - - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /sys:/sys - - /dev:/dev - - /run:/run #shared? - - /var/lib/ironic:/var/lib/ironic + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro + - /lib/modules:/lib/modules:ro + - /sys:/sys + - /dev:/dev + - /run:/run #shared? + - /var/lib/ironic:/var/lib/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index 51538e73..7b72db20 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Ironic PXE service @@ -31,6 +31,11 @@ parameters: default: {} type: json +resources: + + ContainersCommon: + type: ./containers-common.yaml + outputs: role_data: description: Role data for the Ironic PXE role. @@ -65,21 +70,22 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - # TODO(mandre) check how docker like mounting in a bind-mounted tree - # This directory may contain migrated data from BM - - /var/lib/ironic:/var/lib/ironic/ - # These files were generated by puppet inside the config container - # TODO(mandre) check the mount permission (ro/rw) - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32 - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0 - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /dev/log:/dev/log + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro + # TODO(mandre) check how docker like mounting in a bind-mounted tree + # This directory may contain migrated data from BM + - /var/lib/ironic:/var/lib/ironic/ + # These files were generated by puppet inside the config container + # TODO(mandre) check the mount permission (ro/rw) + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32 + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0 + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe + - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file + - /dev/log:/dev/log environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS ironic_pxe_http: @@ -89,12 +95,13 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /var/lib/ironic:/var/lib/ironic/ + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro + - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro + - /var/lib/ironic:/var/lib/ironic/ environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 526a357b..a751c054 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Keystone service @@ -42,6 +42,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + KeystoneBase: type: ../../puppet/services/keystone.yaml properties: @@ -96,23 +99,24 @@ outputs: privileged: false detach: false volumes: &keystone_volumes - - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/keystone/var/www/:/var/www/:ro - - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro - - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - logs:/var/log - - - if: - - internal_tls_enabled - - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - - '' - - - if: - - internal_tls_enabled - - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro - - '' + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/keystone/var/www/:/var/www/:ro + - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro + - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro + - logs:/var/log + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index a78be3c8..f9d73f4d 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Memcached services @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + MemcachedBase: type: ../../puppet/services/memcached.yaml properties: @@ -63,9 +66,10 @@ outputs: privileged: false restart: always volumes: - - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 5b5e1f50..652656ef 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Mistral API service @@ -33,6 +33,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + MistralApiBase: type: ../../puppet/services/mistral-api.yaml properties: @@ -75,9 +78,10 @@ outputs: privileged: false detach: false volumes: - - /var/lib/config-data/mistral/etc/:/etc/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/mistral/etc/:/etc/:ro command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head'] mistral_db_populate: start_order: 2 @@ -86,9 +90,10 @@ outputs: privileged: false detach: false volumes: - - /var/lib/config-data/mistral/etc/:/etc/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/mistral/etc/:/etc/:ro # NOTE: dprince this requires that we install openstack-tripleo-common into # the Mistral API image so that we get tripleo* actions command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate'] @@ -100,10 +105,11 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index feecd5d7..9d543da9 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Mistral Engine service @@ -34,6 +34,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + MistralBase: type: ../../puppet/services/mistral-engine.yaml properties: @@ -75,11 +78,12 @@ outputs: privileged: false restart: always volumes: - - /run:/run - - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /run:/run + - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 45fed7b2..9c3bfb33 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Mistral Executor service @@ -34,6 +34,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + MistralBase: type: ../../puppet/services/mistral-executor.yaml properties: @@ -75,15 +78,16 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - # FIXME: this is required in order for Nova cells - # initialization workflows on the Undercloud. Need to - # exclude this on the overcloud for security reasons. - - /var/lib/config-data/nova/etc/nova:/etc/nova:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /run:/run + # FIXME: this is required in order for Nova cells + # initialization workflows on the Undercloud. Need to + # exclude this on the overcloud for security reasons. + - /var/lib/config-data/nova/etc/nova:/etc/nova:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index c5001a30..06675089 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Neutron API service @@ -34,6 +34,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NeutronBase: type: ../../puppet/services/neutron-api.yaml properties: @@ -78,10 +81,11 @@ outputs: # and run as neutron user user: root volumes: - - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro - - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro + - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro command: ['neutron-db-manage', 'upgrade', 'heads'] step_4: neutron_api: @@ -90,10 +94,11 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index 03fbf766..b17e97b1 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Neutron DHCP service @@ -34,6 +34,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NeutronBase: type: ../../puppet/services/neutron-dhcp.yaml properties: @@ -76,12 +79,13 @@ outputs: privileged: true restart: always volumes: - - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - - /etc/localtime:/etc/localtime:ro - - /etc/hosts:/etc/hosts:ro - - /lib/modules:/lib/modules:ro - - /run/:/run + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /lib/modules:/lib/modules:ro + - /run/:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index 0b04b56d..c9441b11 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Neutron L3 agent @@ -34,6 +34,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NeutronL3Base: type: ../../puppet/services/neutron-l3.yaml properties: @@ -72,10 +75,12 @@ outputs: privileged: true restart: always volumes: - - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /run:/run + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /lib/modules:/lib/modules:ro + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index bea08e91..70851f7d 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Neutron openvswitch service @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NeutronOvsAgentBase: type: ../../puppet/services/neutron-ovs-agent.yaml properties: @@ -64,11 +67,13 @@ outputs: privileged: true restart: always volumes: - - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /run:/run + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /lib/modules:/lib/modules:ro + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 97fafb09..6817fc7f 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Nova API service @@ -33,6 +33,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NovaApiBase: type: ../../puppet/services/nova-api.yaml properties: @@ -126,10 +129,11 @@ outputs: privileged: true restart: always volumes: - - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_5: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index eefcb367..624596ec 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Nova Compute service @@ -29,6 +29,8 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml NovaComputeBase: type: ../../puppet/services/nova-compute.yaml @@ -42,7 +44,15 @@ outputs: description: Role data for the Nova Compute service. value: service_name: {get_attr: [NovaComputeBase, role_data, service_name]} - config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [NovaComputeBase, role_data, config_settings] + # FIXME: we need to disable migration for now as the + # hieradata is common for all services, and this means nova + # and nova_placement puppet runs also try to configure + # libvirt, and they fail. We can remove this override when + # we have hieradata separation between containers. + - tripleo::profile::base::nova::manage_migration: false step_config: &step_config get_attr: [NovaComputeBase, role_data, step_config] puppet_config: @@ -66,15 +76,17 @@ outputs: user: root restart: always volumes: - - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro - - /dev:/dev - - /etc/iscsi:/etc/iscsi - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /run:/run - - /var/lib/nova:/var/lib/nova - - /var/lib/libvirt:/var/lib/libvirt + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro + - /dev:/dev + - /etc/iscsi:/etc/iscsi + - /lib/modules:/lib/modules:ro + - /run:/run + - /var/lib/nova:/var/lib/nova + - /var/lib/libvirt:/var/lib/libvirt environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -85,4 +97,4 @@ outputs: upgrade_tasks: - name: Stop and disable nova-compute service tags: step2 - service: name=nova-compute state=stopped enabled=no + service: name=openstack-nova-compute state=stopped enabled=no diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index b7a1d742..fc20422d 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Nova Conductor service @@ -34,6 +34,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NovaConductorBase: type: ../../puppet/services/nova-conductor.yaml properties: @@ -73,11 +76,12 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 9941abda..3fd71d88 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Nova Ironic Compute service @@ -33,6 +33,8 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml NovaIronicBase: type: ../../puppet/services/nova-ironic.yaml @@ -70,16 +72,18 @@ outputs: user: root restart: always volumes: - - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /dev:/dev - - /etc/iscsi:/etc/iscsi - - /var/lib/nova/:/var/lib/nova + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /run:/run + - /dev:/dev + - /etc/iscsi:/etc/iscsi + - /var/lib/nova/:/var/lib/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable nova-compute service tags: step2 - service: name=nova-compute state=stopped enabled=no + service: name=openstack-nova-compute state=stopped enabled=no diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 15cee597..1b103df4 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack Libvirt Service @@ -35,6 +35,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NovaLibvirtBase: type: ../../puppet/services/nova-libvirt.yaml properties: @@ -47,7 +50,15 @@ outputs: description: Role data for the Libvirt service. value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} - config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [NovaLibvirtBase, role_data, config_settings] + # FIXME: we need to disable migration for now as the + # hieradata is common for all services, and this means nova + # and nova_placement puppet runs also try to configure + # libvirt, and they fail. We can remove this override when + # we have hieradata separation between containers. + - tripleo::profile::base::nova::manage_migration: false step_config: &step_config get_attr: [NovaLibvirtBase, role_data, step_config] puppet_config: @@ -73,18 +84,20 @@ outputs: privileged: true restart: always volumes: - - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /run:/run - - /sys/fs/cgroup:/sys/fs/cgroup - - /var/lib/nova:/var/lib/nova - # Needed to use host's virtlogd - - /var/run/libvirt:/var/run/libvirt - - /var/lib/libvirt:/var/lib/libvirt - - /etc/libvirt/qemu:/etc/libvirt/qemu + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro + - /lib/modules:/lib/modules:ro + - /dev:/dev + - /run:/run + - /sys/fs/cgroup:/sys/fs/cgroup + - /var/lib/nova:/var/lib/nova + # Needed to use host's virtlogd + - /var/run/libvirt:/var/run/libvirt + - /var/lib/libvirt:/var/lib/libvirt + - /etc/libvirt/qemu:/etc/libvirt/qemu environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 0c595dc2..7202ca42 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Nova Placement API service @@ -10,7 +10,7 @@ parameters: type: string DockerNovaPlacementImage: description: image - default: 'centos-binary-nova-placement-api' + default: 'centos-binary-nova-placement-api:latest' type: string EndpointMap: default: {} @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NovaPlacementBase: type: ../../puppet/services/nova-placement.yaml properties: @@ -70,12 +73,13 @@ outputs: user: root restart: always volumes: - - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro - - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro - - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index e6f4896b..9be24137 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Nova Scheduler service @@ -33,6 +33,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NovaSchedulerBase: type: ../../puppet/services/nova-scheduler.yaml properties: @@ -72,11 +75,12 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /run:/run environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index f4f1f7b0..cf0e1718 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -1,7 +1,9 @@ -heat_template_version: ocata +heat_template_version: pike description: > - OpenStack Panko service configured with docker + OpenStack Panko service configured with docker. + Note, this service is deprecated in Pike release and + will be disabled in future releases. parameters: DockerNamespace: @@ -26,9 +28,19 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: + ContainersCommon: + type: ./containers-common.yaml + PankoApiPuppetBase: type: ../../puppet/services/panko-api.yaml properties: @@ -76,10 +88,11 @@ outputs: detach: false privileged: false volumes: - - /var/lib/config-data/panko/etc/panko:/etc/panko:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - logs:/var/log + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/panko/etc/panko:/etc/panko:ro + - logs:/var/log command: /usr/bin/panko-dbsync step_4: panko_api: @@ -89,11 +102,24 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro - - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro - - /var/lib/config-data/panko/var/www/:/var/www/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro + - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/panko/var/www/:/var/www/:ro + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [PankoApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 9d5a52a6..3d647d5e 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Rabbitmq service @@ -33,6 +33,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + RabbitmqBase: type: ../../puppet/services/rabbitmq.yaml properties: @@ -45,14 +48,20 @@ outputs: description: Role data for the Rabbitmq API role. value: service_name: {get_attr: [RabbitmqBase, role_data, service_name]} - config_settings: {get_attr: [RabbitmqBase, role_data, config_settings]} + # RabbitMQ plugins initialization occurs on every node + config_settings: + map_merge: + - {get_attr: [RabbitmqBase, role_data, config_settings]} + - rabbitmq::admin_enable: false step_config: &step_config - get_attr: [RabbitmqBase, role_data, step_config] + list_join: + - "\n" + - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" + - get_attr: [RabbitmqBase, role_data, step_config] service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: rabbitmq - puppet_tags: file step_config: *step_config config_image: &rabbitmq_image list_join: @@ -69,15 +78,16 @@ outputs: net: host privileged: false volumes: - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /var/lib/rabbitmq:/var/lib/rabbitmq + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True - - + - list_join: - '=' - - 'RABBITMQ_CLUSTER_COOKIE' @@ -95,13 +105,24 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /var/lib/rabbitmq:/var/lib/rabbitmq + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # RabbitMQ users and policies initialization occurs only on single node + step_1: + config_volume: 'rabbit_init_tasks' + puppet_tags: 'rabbitmq_policy,rabbitmq_user' + step_config: 'include ::tripleo::profile::base::rabbitmq' + config_image: *rabbitmq_image + volumes: + - /var/lib/config-data/rabbitmq/etc/:/etc/ + - /var/lib/rabbitmq:/var/lib/rabbitmq:ro host_prep_tasks: - name: create /var/lib/rabbitmq file: diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index e60aca12..8ea42222 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized swift proxy service @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + SwiftProxyBase: type: ../../puppet/services/swift-proxy.yaml properties: @@ -65,15 +68,16 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro - # FIXME I'm mounting /etc/swift as rw. Are the rings written to - # at all during runtime? - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro + # FIXME I'm mounting /etc/swift as rw. Are the rings written to + # at all during runtime? + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index cccddb46..b4a6a940 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Swift Storage services. @@ -41,6 +41,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + SwiftStorageBase: type: ../../puppet/services/swift-storage.yaml properties: @@ -114,13 +117,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: &kolla_env - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS swift_account_reaper: @@ -129,13 +133,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_account_replicator: image: *swift_account_image @@ -143,13 +148,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_account_server: image: *swift_account_image @@ -157,13 +163,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_container_auditor: image: &swift_container_image @@ -174,13 +181,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_container_replicator: image: *swift_container_image @@ -188,13 +196,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_container_updater: image: *swift_container_image @@ -202,13 +211,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_container_server: image: *swift_container_image @@ -216,13 +226,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_object_auditor: image: &swift_object_image @@ -233,13 +244,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_object_expirer: image: *swift_proxy_image @@ -247,13 +259,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_object_replicator: image: *swift_object_image @@ -261,13 +274,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_object_updater: image: *swift_object_image @@ -275,13 +289,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env swift_object_server: image: *swift_object_image @@ -289,13 +304,14 @@ outputs: user: swift restart: always volumes: - - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /run:/run - - /srv/node:/srv/node - - /dev:/dev + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /run:/run + - /srv/node:/srv/node + - /dev:/dev environment: *kolla_env host_prep_tasks: - name: create /srv/node diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 1160031f..c450fe2f 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > OpenStack containerized Zaqar services @@ -29,6 +29,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + ZaqarBase: type: ../../puppet/services/zaqar.yaml properties: @@ -56,7 +59,7 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] kolla_config: /var/lib/kolla/config_files/zaqar.json: - command: /usr/sbin/httpd -DFOREGROUND + command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf docker_config: @@ -66,15 +69,12 @@ outputs: net: host privileged: false restart: always - # NOTE(mandre) kolla image changes the user to 'zaqar', we need it - # to be root to run httpd - user: root volumes: - - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - - /var/lib/config-data/zaqar/etc/httpd:/etc/httpd/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS zaqar_websocket: @@ -83,13 +83,15 @@ outputs: privileged: false restart: always volumes: - - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable zaqar service tags: step2 - service: name=httpd state=stopped enabled=no + service: name=openstack-zaqar.service state=stopped enabled=no + |