6 files changed, 256 insertions, 30 deletions

diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh
deleted file mode 100755
index af213bbd..00000000
--- a/docker/firstboot/setup_docker_host.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-set -eux
-# This file contains setup steps that can't be or have not yet been moved to
-# puppet
-
-# Disable libvirtd since it conflicts with nova_libvirt container
-/usr/bin/systemctl disable libvirtd.service
-/usr/bin/systemctl stop libvirtd.service
-# Disable virtlogd since it conflicts with nova_virtlogd container
-/usr/bin/systemctl disable virtlogd.service
-/usr/bin/systemctl stop virtlogd.service
diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml
deleted file mode 100644
index ddfa8802..00000000
--- a/docker/firstboot/setup_docker_host.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-heat_template_version: pike
-
-resources:
-
-  userdata:
-    type: OS::Heat::MultipartMime
-    properties:
-      parts:
-      - config: {get_resource: setup_docker_host}
-
-  setup_docker_host:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: script
-      config: {get_file: ./setup_docker_host.sh}
-
-outputs:
-  OS::stack_id:
-    value: {get_resource: userdata}
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 52c4a65c..e65c503b 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -88,6 +88,14 @@ parameters:
     description: default minimum replication for RBD copies
     type: number
     default: 3
+  ManilaCephFSNativeCephFSAuthId:
+    default: manila
+    type: string
+  CephManilaClientKey:
+    default: ''
+    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+    type: string
+    hidden: true
   CephIPv6:
     default: False
     type: boolean
@@ -202,6 +210,16 @@ outputs:
                  GLANCE_POOL: {get_param: GlanceRbdPoolName}
                  GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
             mode: "0644"
+          - name:
+              list_join:
+              - '.'
+              - - client
+                - {get_param: ManilaCephFSNativeCephFSAuthId}
+            key: {get_param: CephManilaClientKey}
+            mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create"
+            mds_cap: "allow *"
+            osd_cap: "allow rw"
+            mode: "0644"
           keys: *openstack_keys
           pools: []
           ceph_conf_overrides:
diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml
new file mode 100644
index 00000000..4ef3a669
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-mds.yaml
@@ -0,0 +1,83 @@
+heat_template_version: pike
+
+description: >
+  Ceph Metadata service.
+
+parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  CephMdsKey:
+    description: The cephx key for the MDS service. Can be created
+                 with ceph-authtool --gen-print-key.
+    type: string
+    hidden: true
+  ManilaCephFSDataPoolName:
+    default: manila_data
+    type: string
+  ManilaCephFSMetadataPoolName:
+    default: manila_metadata
+    type: string
+  ManilaCephFSNativeShareBackendName:
+    default: cephfs
+    type: string
+
+resources:
+  CephBase:
+    type: ./ceph-base.yaml
+    properties:
+      ServiceData: {get_param: ServiceData}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Ceph Metadata service.
+    value:
+      service_name: ceph_mds
+      upgrade_tasks: []
+      step_config: ''
+      puppet_config:
+        config_image: ''
+        config_volume: ''
+        step_config: ''
+      docker_config: {}
+      service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+      config_settings:
+        map_merge:
+        - tripleo.ceph_mds.firewall_rules:
+            '112 ceph_mds':
+              dport:
+              - '6800-7300'
+        - ceph_mds_ansible_vars:
+            map_merge:
+            - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+            - cephfs_data: {get_param: ManilaCephFSDataPoolName}
+              cephfs_metadata: {get_param: ManilaCephFSMetadataPoolName}
+              cephfs: {get_param: ManilaCephFSNativeShareBackendName}
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 7637e6e9..62c25bb2 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -243,6 +243,19 @@ outputs:
           file:
             path: /etc/ceph
             state: directory
+        - name: check if libvirt is installed
+          command: /usr/bin/rpm -q libvirt-daemon
+          failed_when: false
+          register: libvirt_installed
+        - name: make sure libvirt services are disabled
+          service:
+            name: "{{ item }}"
+            state: stopped
+            enabled: no
+          with_items:
+            - libvirtd.service
+            - virtlogd.socket
+          when: libvirt_installed.rc == 0
       upgrade_tasks:
         - name: Stop and disable libvirtd service
           tags: step2
diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml
new file mode 100644
index 00000000..7103ba8b
--- /dev/null
+++ b/docker/services/pacemaker/manila-share.yaml
@@ -0,0 +1,142 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Manila Share service
+
+parameters:
+  DockerManilaShareImage:
+    description: image
+    type: string
+  DockerManilaConfigImage:
+    description: image
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  MySQLClient:
+    type: ../../../puppet/services/database/mysql-client.yaml
+
+  ManilaBase:
+    type: ../../../puppet/services/pacemaker/manila-share.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Manila Share role.
+    value:
+      service_name: {get_attr: [ManilaBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [ManilaBase, role_data, config_settings]
+          - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image {get_param: DockerManilaShareImage}
+            manila::share::manage_service: false
+            manila::share::enabled: false
+            manila::host: hostgroup
+      step_config: ""
+      service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: manila
+        puppet_tags: manila_config,file,concat,file_line
+        step_config:
+          list_join:
+            - "\n"
+            - - {get_attr: [ManilaBase, role_data, step_config]}
+            - - {get_attr: [MySQLClient, role_data, step_config]}
+        config_image: {get_param: DockerManilaConfigImage}
+      kolla_config:
+        /var/lib/kolla/config_files/manila_share.json:
+          command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+            # NOTE(gfidente): ceph ansible generated
+            - source: "/var/lib/kolla/config_files/src-ceph/"
+              dest: "/etc/ceph"
+              merge: true
+              preserve_properties: true
+          permissions:
+            - path: /var/log/manila
+              owner: manila:manila
+              recurse: true
+      docker_config:
+        step_3:
+          manila_share_init_logs:
+            start_order: 0
+            image: *manila_share_image
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/manila:/var/log/manila
+            command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
+        step_5:
+          manila_share_init_bundle:
+            start_order: 0
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
+                    CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
+            image: *manila_share_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+      host_prep_tasks:
+        - name: create persistent directories
+          file:
+            path: "{{ item }}"
+            state: directory
+          with_items:
+            - /var/log/containers/manila
+            - /var/lib/manila
+      upgrade_tasks:
+        - name: Stop and disable manila_share service
+          tags: step2
+          service: name=openstack-manila-share state=stopped enabled=no