aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rw-r--r--docker/docker-steps.j28
-rw-r--r--docker/services/aodh-api.yaml3
-rw-r--r--docker/services/containers-common.yaml2
-rw-r--r--docker/services/glance-api.yaml4
-rw-r--r--docker/services/gnocchi-api.yaml3
-rw-r--r--docker/services/heat-api-cfn.yaml2
-rw-r--r--docker/services/heat-api.yaml2
-rw-r--r--docker/services/heat-engine.yaml3
-rw-r--r--docker/services/ironic-api.yaml3
-rw-r--r--docker/services/keystone.yaml7
-rw-r--r--docker/services/mistral-api.yaml6
-rw-r--r--docker/services/neutron-api.yaml9
-rw-r--r--docker/services/nova-api.yaml25
-rw-r--r--docker/services/nova-libvirt.yaml21
-rw-r--r--docker/services/pacemaker/clustercheck.yaml103
-rw-r--r--docker/services/pacemaker/database/mysql.yaml180
-rw-r--r--docker/services/pacemaker/database/redis.yaml140
-rw-r--r--docker/services/pacemaker/haproxy.yaml116
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml159
-rw-r--r--docker/services/panko-api.yaml3
-rw-r--r--docker/services/swift-proxy.yaml2
21 files changed, 766 insertions, 35 deletions
diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2
index e24afcf9..86811b86 100644
--- a/docker/docker-steps.j2
+++ b/docker/docker-steps.j2
@@ -102,13 +102,6 @@ resources:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}ArtifactsConfig}
- {{role.name}}PreConfig:
- type: OS::TripleO::Tasks::{{role.name}}PreConfig
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
{{role.name}}HostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -277,6 +270,7 @@ resources:
{%- endfor %}
- {{role.name}}PreConfig
- {{role.name}}HostPrepDeployment
+ - {{role.name}}GenerateConfigDeployment
{% else %}
depends_on:
{% for dep in roles %}
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml
index 8a02d8fd..f802e4e6 100644
--- a/docker/services/aodh-api.yaml
+++ b/docker/services/aodh-api.yaml
@@ -100,13 +100,14 @@ outputs:
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
- command: /usr/bin/aodh-dbsync
+ command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
step_4:
aodh_api:
image: *aodh_image
diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index a4ebe549..a9912a1f 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -9,6 +9,8 @@ outputs:
value:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
+ # required for bootstrap_host_exec
+ - /etc/puppet:/etc/puppet:ro
# OpenSSL trusted CAs
- /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
- /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index ef1e00ed..df8186da 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -100,6 +100,7 @@ outputs:
net: host
privileged: false
detach: false
+ user: root
volumes: &glance_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
@@ -110,6 +111,7 @@ outputs:
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
step_4:
map_merge:
- glance_api:
@@ -149,3 +151,5 @@ outputs:
- name: Stop and disable glance_api service
tags: step2
service: name=openstack-glance-api state=stopped enabled=no
+ metadata_settings:
+ get_attr: [GlanceApiPuppetBase, role_data, metadata_settings]
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index 9b474731..e59d6095 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -100,13 +100,14 @@ outputs:
net: host
detach: false
privileged: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"]
+ command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
step_4:
gnocchi_api:
image: *gnocchi_image
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index 2631928f..37fa4c81 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -132,3 +132,5 @@ outputs:
- name: Stop and disable heat_api_cfn service
tags: step2
service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [HeatBase, role_data, metadata_settings]
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index b2f4eb64..5043aed8 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -132,3 +132,5 @@ outputs:
- name: Stop and disable heat_api service
tags: step2
service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [HeatBase, role_data, metadata_settings]
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
index 8c554a50..0adad538 100644
--- a/docker/services/heat-engine.yaml
+++ b/docker/services/heat-engine.yaml
@@ -94,13 +94,14 @@ outputs:
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /var/log/containers/heat:/var/log/heat
- command: ['heat-manage', 'db_sync']
+ command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
step_4:
heat_engine:
image: *heat_engine_image
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
index 300aa0bd..c8978aa2 100644
--- a/docker/services/ironic-api.yaml
+++ b/docker/services/ironic-api.yaml
@@ -100,13 +100,14 @@ outputs:
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ironic/etc/:/etc/:ro
- /var/log/containers/ironic:/var/log/ironic
- command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
+ command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
ironic_api:
start_order: 10
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index ca643749..772859ee 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -131,8 +131,9 @@ outputs:
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
keystone:
- start_order: 1
+ start_order: 2
image: *keystone_image
net: host
privileged: false
@@ -141,10 +142,10 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
keystone_bootstrap:
- start_order: 2
+ start_order: 3
action: exec
command:
- [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+ [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
docker_puppet_tasks:
# Keystone endpoint creation occurs only on single node
step_3:
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
index 3b256fdd..5586d41b 100644
--- a/docker/services/mistral-api.yaml
+++ b/docker/services/mistral-api.yaml
@@ -100,19 +100,21 @@ outputs:
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/:/etc/:ro
- /var/log/containers/mistral:/var/log/mistral
- command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
+ command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
mistral_db_populate:
start_order: 2
image: *mistral_image
net: host
privileged: false
detach: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
@@ -121,7 +123,7 @@ outputs:
- /var/log/containers/mistral:/var/log/mistral
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
- command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
+ command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'"
step_4:
mistral_api:
start_order: 15
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index 748371d5..7ce47a14 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -110,8 +110,6 @@ outputs:
net: host
privileged: false
detach: false
- # FIXME: we should make config file permissions right
- # and run as neutron user
user: root
volumes:
list_concat:
@@ -120,7 +118,10 @@ outputs:
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
- /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
- /var/log/containers/neutron:/var/log/neutron
- command: ['neutron-db-manage', 'upgrade', 'heads']
+ command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
+ # FIXME: we should make config file permissions right
+ # and run as neutron user
+ #command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
step_4:
map_merge:
- neutron_api:
@@ -164,3 +165,5 @@ outputs:
- name: Stop and disable neutron_api service
tags: step2
service: name=neutron-server state=stopped enabled=no
+ metadata_settings:
+ get_attr: [NeutronBase, role_data, metadata_settings]
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index d571b21b..2375dada 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -103,6 +103,7 @@ outputs:
image: *nova_api_image
net: host
detach: false
+ user: root
volumes: &nova_api_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
@@ -110,7 +111,7 @@ outputs:
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- command: ['/usr/bin/nova-manage', 'api_db', 'sync']
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
# FIXME: we probably want to wait on the 'cell_v2 update' in order for this
# to be capable of upgrading a baremetal setup. This is to ensure the name
# of the cell is 'default'
@@ -119,11 +120,9 @@ outputs:
image: *nova_api_image
net: host
detach: false
+ user: root
volumes: *nova_api_volumes
- command:
- - '/usr/bin/nova-manage'
- - 'cell_v2'
- - 'map_cell0'
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_create_default_cell:
start_order: 3
image: *nova_api_image
@@ -134,18 +133,16 @@ outputs:
# this idempotent (if the resource already exists a conflict
# is raised)
exit_codes: [0,2]
- command:
- - '/usr/bin/nova-manage'
- - 'cell_v2'
- - 'create_cell'
- - '--name="default"'
+ user: root
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
nova_db_sync:
start_order: 4
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_volumes
- command: ['/usr/bin/nova-manage', 'db', 'sync']
+ user: root
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
nova_api:
start_order: 2
@@ -164,10 +161,8 @@ outputs:
net: host
detach: false
volumes: *nova_api_volumes
- command:
- - '/usr/bin/nova-manage'
- - 'cell_v2'
- - 'discover_hosts'
+ user: root
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
host_prep_tasks:
- name: create persistent logs directory
file:
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index ebf0da7d..9779d676 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -18,6 +18,10 @@ parameters:
description: image
default: 'centos-binary-nova-compute:latest'
type: string
+ EnablePackageInstall:
+ default: 'false'
+ description: Set to true to enable package installation
+ type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -112,6 +116,7 @@ outputs:
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /etc/libvirt/qemu:/etc/libvirt/qemu
+ - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -124,6 +129,22 @@ outputs:
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
+ - name: set enable_package_install fact
+ set_fact:
+ enable_package_install: {get_param: EnablePackageInstall}
+ # We use virtlogd on host, so when using Deployed Server
+ # feature, we need to ensure libvirt is installed.
+ - name: install libvirt-daemon
+ package:
+ name: libvirt-daemon
+ state: present
+ when: enable_package_install
+ - name: start virtlogd socket
+ service:
+ name: virtlogd.socket
+ state: started
+ enabled: yes
+ when: enable_package_install
upgrade_tasks:
- name: Stop and disable libvirtd service
tags: step2
diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml
new file mode 100644
index 00000000..bad2acf6
--- /dev/null
+++ b/docker/services/pacemaker/clustercheck.yaml
@@ -0,0 +1,103 @@
+heat_template_version: pike
+
+description: >
+ MySQL HA clustercheck service deployment using puppet
+ This service is used by HAProxy in a HA scenario to report whether
+ the local galera node is synced
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerClustercheckImage:
+ description: image
+ default: 'centos-binary-mariadb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ../containers-common.yaml
+
+ MysqlPuppetBase:
+ type: ../../../puppet/services/pacemaker/database/mysql.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Containerized service clustercheck using composable services.
+ value:
+ service_name: clustercheck
+ config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+ step_config: "include ::tripleo::profile::pacemaker::clustercheck"
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: clustercheck
+ puppet_tags: file # set this even though file is the default
+ step_config: "include ::tripleo::profile::pacemaker::clustercheck"
+ config_image: &clustercheck_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/clustercheck.json:
+ command: /usr/sbin/xinetd -dontfork
+ config_files:
+ - dest: /etc/xinetd.conf
+ source: /var/lib/kolla/config_files/src/etc/xinetd.conf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/xinetd.d/galera-monitor
+ source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/sysconfig/clustercheck
+ source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+ owner: mysql
+ perm: '0600'
+ docker_config:
+ step_2:
+ clustercheck:
+ start_order: 1
+ image: *clustercheck_image
+ restart: always
+ net: host
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/mysql:/var/lib/mysql
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ upgrade_tasks:
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
new file mode 100644
index 00000000..d64845f2
--- /dev/null
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -0,0 +1,180 @@
+heat_template_version: pike
+
+description: >
+ MySQL service deployment with pacemaker bundle
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMysqlImage:
+ description: image
+ default: 'centos-binary-mariadb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ MysqlRootPassword:
+ type: string
+ hidden: true
+ default: ''
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ../../containers-common.yaml
+
+ MysqlPuppetBase:
+ type: ../../../../puppet/services/pacemaker/database/mysql.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Containerized service MySQL using composable services.
+ value:
+ service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+ - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image
+ list_join:
+ - '/'
+ - - {get_param: DockerNamespace}
+ - {get_param: DockerMysqlImage}
+ step_config: ""
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: mysql
+ puppet_tags: file # set this even though file is the default
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
+ - "exec {'wait-for-settle': command => '/bin/true' }"
+ - "include ::tripleo::profile::pacemaker::database::mysql_bundle"
+ config_image: *mysql_image
+ kolla_config:
+ /var/lib/kolla/config_files/mysql.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ - dest: /etc/my.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/my.cnf.d/galera.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/sysconfig/clustercheck
+ source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+ owner: root
+ perm: '0600'
+ docker_config:
+ step_1:
+ mysql_data_ownership:
+ start_order: 0
+ detach: false
+ image: *mysql_image
+ net: host
+ user: root
+ # Kolla does only non-recursive chown
+ command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
+ volumes:
+ - /var/lib/mysql:/var/lib/mysql
+ mysql_bootstrap:
+ start_order: 1
+ detach: false
+ image: *mysql_image
+ net: host
+ # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
+ command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
+ volumes: &mysql_volumes
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/mysql:/var/lib/mysql
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ # NOTE(mandre) skip wsrep cluster status check
+ - KOLLA_KUBERNETES=True
+ -
+ list_join:
+ - '='
+ - - 'DB_ROOT_PASSWORD'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ step_2:
+ mysql_init_bundle:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
+ image: *mysql_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro
+ - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
+ - /var/lib/mysql:/var/lib/mysql:rw
+ host_prep_tasks:
+ - name: create /var/lib/mysql
+ file:
+ path: /var/lib/mysql
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable mysql service
+ tags: step2
+ service: name=mariadb state=stopped enabled=no
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
new file mode 100644
index 00000000..ef27f7e9
--- /dev/null
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -0,0 +1,140 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Redis services
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerRedisImage:
+ description: image
+ default: 'centos-binary-redis:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ RedisBase:
+ type: ../../../../puppet/services/database/redis.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Redis API role.
+ value:
+ service_name: {get_attr: [RedisBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [RedisBase, role_data, config_settings]}
+ - redis::service_manage: false
+ redis::notify_service: false
+ redis::managed_by_cluster_manager: true
+ tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image
+ list_join:
+ - '/'
+ - - {get_param: DockerNamespace}
+ - {get_param: DockerRedisImage}
+
+ step_config: ""
+ service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: 'redis'
+ # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
+ # /etc/redis.conf
+ # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
+ puppet_tags: 'exec'
+ step_config:
+ get_attr: [RedisBase, role_data, step_config]
+ config_image: *redis_image
+ kolla_config:
+ /var/lib/kolla/config_files/redis.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ permissions:
+ - path: /var/run/redis
+ owner: redis:redis
+ recurse: true
+ - path: /var/lib/redis
+ owner: redis:redis
+ recurse: true
+ - path: /var/log/redis
+ owner: redis:redis
+ recurse: true
+ docker_config:
+ step_2:
+ redis_init_bundle:
+ start_order: 2
+ detach: false
+ net: host
+ user: root
+ config_volume: 'redis_init_bundle'
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
+ image: *redis_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create /var/run/redis
+ file:
+ path: /var/run/redis
+ state: directory
+ - name: create /var/log/redis
+ file:
+ path: /var/log/redis
+ state: directory
+ - name: create /var/lib/redis
+ file:
+ path: /var/lib/redis
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable redis service
+ tags: step2
+ service: name=redis state=stopped enabled=no
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
new file mode 100644
index 00000000..ae19652e
--- /dev/null
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -0,0 +1,116 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized HAproxy service for pacemaker
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHAProxyImage:
+ description: image
+ default: 'centos-binary-haproxy:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ HAProxyBase:
+ type: ../../../puppet/services/pacemaker/haproxy.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the HAproxy role.
+ value:
+ service_name: {get_attr: [HAProxyBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HAProxyBase, role_data, config_settings]
+ - tripleo::haproxy::haproxy_daemon: false
+ haproxy_docker: true
+ tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+ step_config:
+ list_join:
+ - "\n"
+ - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
+ - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+ service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: haproxy
+ puppet_tags: haproxy_config
+ step_config:
+ list_join:
+ - "\n"
+ - - "exec {'wait-for-settle': command => '/bin/true' }"
+ - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
+ - *noop_pcmk
+ - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+ config_image: *haproxy_image
+ kolla_config:
+ /var/lib/kolla/config_files/haproxy.json:
+ command: haproxy -f /etc/haproxy/haproxy.cfg
+ docker_config:
+ step_2:
+ haproxy_init_bundle:
+ start_order: 3
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG:
+ list_join:
+ - ';'
+ - - *noop_firewall
+ - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle'
+ image: *haproxy_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ metadata_settings:
+ get_attr: [HAProxyBase, role_data, metadata_settings]
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
new file mode 100644
index 00000000..7f6ac701
--- /dev/null
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -0,0 +1,159 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Rabbitmq service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerRabbitmqImage:
+ description: image
+ default: 'centos-binary-rabbitmq:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RabbitCookie:
+ type: string
+ default: ''
+ hidden: true
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ RabbitmqBase:
+ type: ../../../puppet/services/rabbitmq.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Rabbitmq API role.
+ value:
+ service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [RabbitmqBase, role_data, config_settings]}
+ - rabbitmq::service_manage: false
+ tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image
+ list_join:
+ - '/'
+ - - {get_param: DockerNamespace}
+ - {get_param: DockerRabbitmqImage}
+ step_config: &step_config
+ get_attr: [RabbitmqBase, role_data, step_config]
+ service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: rabbitmq
+ puppet_tags: file
+ step_config: *step_config
+ config_image: *rabbitmq_image
+ kolla_config:
+ /var/lib/kolla/config_files/rabbitmq.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ permissions:
+ - path: /var/lib/rabbitmq
+ owner: rabbitmq:rabbitmq
+ recurse: true
+ - path: /var/log/rabbitmq
+ owner: rabbitmq:rabbitmq
+ recurse: true
+ # When using pacemaker we don't launch the container, instead that is done by pacemaker
+ # itself.
+ docker_config:
+ step_1:
+ rabbitmq_bootstrap:
+ start_order: 0
+ image: *rabbitmq_image
+ net: host
+ privileged: false
+ volumes:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /var/lib/rabbitmq:/var/lib/rabbitmq
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ -
+ list_join:
+ - '='
+ - - 'RABBITMQ_CLUSTER_COOKIE'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ step_2:
+ rabbitmq_init_bundle:
+ start_order: 0
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
+ image: *rabbitmq_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create /var/lib/rabbitmq
+ file:
+ path: /var/lib/rabbitmq
+ state: directory
+ - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
+ shell: |
+ echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
+ echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
+ for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+ upgrade_tasks:
+ - name: Stop and disable rabbitmq service
+ tags: step2
+ service: name=rabbitmq-server state=stopped enabled=no
diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml
index 46cfa5ab..b9e6e93a 100644
--- a/docker/services/panko-api.yaml
+++ b/docker/services/panko-api.yaml
@@ -101,13 +101,14 @@ outputs:
net: host
detach: false
privileged: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
- /var/log/containers/panko:/var/log/panko
- command: /usr/bin/panko-dbsync
+ command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
step_4:
panko_api:
start_order: 2
diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml
index 60972f91..04c4ba1e 100644
--- a/docker/services/swift-proxy.yaml
+++ b/docker/services/swift-proxy.yaml
@@ -135,3 +135,5 @@ outputs:
- name: Stop and disable swift_proxy service
tags: step2
service: name=openstack-swift-proxy state=stopped enabled=no
+ metadata_settings:
+ get_attr: [SwiftProxyBase, role_data, metadata_settings]