aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rwxr-xr-xdocker/docker-puppet.py72
-rw-r--r--docker/post.j2.yaml2
-rw-r--r--docker/services/database/mysql.yaml130
-rw-r--r--docker/services/keystone.yaml2
-rw-r--r--docker/services/neutron-api.yaml3
5 files changed, 188 insertions, 21 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index fe87ce7a..86c8ec98 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -23,6 +23,7 @@ import os
import subprocess
import sys
import tempfile
+import multiprocessing
# this is to match what we do in deployed-server
@@ -45,6 +46,15 @@ def pull_image(name):
def rm_container(name):
+ if os.environ.get('SHOW_DIFF', None):
+ print('Diffing container: %s' % name)
+ subproc = subprocess.Popen(['/usr/bin/docker', 'diff', name],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ cmd_stdout, cmd_stderr = subproc.communicate()
+ print(cmd_stdout)
+ print(cmd_stderr)
+
print('Removing container: %s' % name)
subproc = subprocess.Popen(['/usr/bin/docker', 'rm', name],
stdout=subprocess.PIPE,
@@ -53,6 +63,8 @@ def rm_container(name):
print(cmd_stdout)
print(cmd_stderr)
+process_count = int(os.environ.get('PROCESS_COUNT',
+ multiprocessing.cpu_count()))
config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json')
print('docker-puppet')
@@ -106,34 +118,25 @@ for service in (json_data or []):
print('Service compilation completed.\n')
-for config_volume in configs:
-
- service = configs[config_volume]
- puppet_tags = service[1] or ''
- manifest = service[2] or ''
- config_image = service[3] or ''
- volumes = service[4] if len(service) > 4 else []
-
- if puppet_tags:
- puppet_tags = "file,file_line,concat,%s" % puppet_tags
- else:
- puppet_tags = "file,file_line,concat"
+def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)):
print('---------')
print('config_volume %s' % config_volume)
print('puppet_tags %s' % puppet_tags)
print('manifest %s' % manifest)
print('config_image %s' % config_image)
+ print('volumes %s' % volumes)
hostname = short_hostname()
+ sh_script = '/var/lib/docker-puppet/docker-puppet-%s.sh' % config_volume
- with open('/var/lib/docker-puppet/docker-puppet.sh', 'w') as script_file:
+ with open(sh_script, 'w') as script_file:
os.chmod(script_file.name, 0755)
script_file.write("""#!/bin/bash
set -ex
mkdir -p /etc/puppet
cp -a /tmp/puppet-etc/* /etc/puppet
rm -Rf /etc/puppet/ssl # not in use and causes permission errors
- echo '{"step": 6}' > /etc/puppet/hieradata/docker.json
+ echo '{"step": %(step)s}' > /etc/puppet/hieradata/docker.json
TAGS=""
if [ -n "%(puppet_tags)s" ]; then
TAGS='--tags "%(puppet_tags)s"'
@@ -168,7 +171,8 @@ for config_volume in configs:
fi
""" % {'puppet_tags': puppet_tags, 'name': config_volume,
'hostname': hostname,
- 'no_archive': os.environ.get('NO_ARCHIVE', '')})
+ 'no_archive': os.environ.get('NO_ARCHIVE', ''),
+ 'step': os.environ.get('STEP', '6')})
with tempfile.NamedTemporaryFile() as tmp_man:
with open(tmp_man.name, 'w') as man_file:
@@ -186,12 +190,12 @@ for config_volume in configs:
'--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
'--volume', '/var/lib/config-data/:/var/lib/config-data/:rw',
'--volume', 'tripleo_logs:/var/log/tripleo/',
- '--volume', '/var/lib/docker-puppet/docker-puppet.sh:/var/lib/docker-puppet/docker-puppet.sh:ro']
+ '--volume', '%s:%s:rw' % (sh_script, sh_script) ]
for volume in volumes:
dcmd.extend(['--volume', volume])
- dcmd.extend(['--entrypoint', '/var/lib/docker-puppet/docker-puppet.sh'])
+ dcmd.extend(['--entrypoint', sh_script])
env = {}
if os.environ.get('NET_HOST', 'false') == 'true':
@@ -207,6 +211,34 @@ for config_volume in configs:
print(cmd_stderr)
if subproc.returncode != 0:
print('Failed running docker-puppet.py for %s' % config_volume)
- sys.exit(subproc.returncode)
- else:
- rm_container('docker-puppet-%s' % config_volume)
+ rm_container('docker-puppet-%s' % config_volume)
+ return subproc.returncode
+
+# Holds all the information for each process to consume.
+# Instead of starting them all linearly we run them using a process
+# pool. This creates a list of arguments for the above function
+# to consume.
+process_map = []
+
+for config_volume in configs:
+
+ service = configs[config_volume]
+ puppet_tags = service[1] or ''
+ manifest = service[2] or ''
+ config_image = service[3] or ''
+ volumes = service[4] if len(service) > 4 else []
+
+ if puppet_tags:
+ puppet_tags = "file,file_line,concat,%s" % puppet_tags
+ else:
+ puppet_tags = "file,file_line,concat"
+
+ process_map.append([config_volume, puppet_tags, manifest, config_image, volumes])
+
+for p in process_map:
+ print '--\n%s' % p
+
+# Fire off processes to perform each configuration. Defaults
+# to the number of CPUs on the system.
+p = multiprocessing.Pool(process_count)
+p.map(mp_puppet_config, process_map)
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
index 3473f4ca..e1154a62 100644
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@@ -68,6 +68,7 @@ resources:
- name: CONFIG
- name: NET_HOST
- name: NO_ARCHIVE
+ - name: STEP
{{primary_role_name}}DockerPuppetTasksDeployment{{step}}:
type: OS::Heat::SoftwareDeployment
@@ -85,6 +86,7 @@ resources:
CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
NET_HOST: 'true'
NO_ARCHIVE: 'true'
+ STEP: {{step}}
{% endfor %}
# END primary_role_name docker-puppet-tasks
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
new file mode 100644
index 00000000..2ef068d2
--- /dev/null
+++ b/docker/services/database/mysql.yaml
@@ -0,0 +1,130 @@
+heat_template_version: ocata
+
+description: >
+ MySQL service deployment using puppet
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMysqlImage:
+ description: image
+ default: 'centos-binary-mariadb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ MysqlRootPassword:
+ type: string
+ hidden: true
+ default: ''
+
+resources:
+
+ MysqlPuppetBase:
+ type: ../../../puppet/services/database/mysql.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Containerized service MySQL using composable services.
+ value:
+ service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+ # Set PID file to what kolla mariadb bootstrap script expects
+ - tripleo::profile::base::database::mysql::mysql_server_options:
+ mysqld:
+ pid-file: /var/lib/mysql/mariadb.pid
+ mysqld_safe:
+ pid-file: /var/lib/mysql/mariadb.pid
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
+ - {get_attr: [MysqlPuppetBase, role_data, step_config]}
+ upgrade_tasks: {get_attr: [MysqlPuppetBase, role_data, upgrade_tasks]}
+ # BEGIN DOCKER SETTINGS #
+ docker_image: &mysql_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
+ puppet_tags: file # set this even though file is the default
+ config_volume: mysql
+ config_image: *mysql_image
+ kolla_config:
+ /var/lib/kolla/config_files/mysql.json:
+ command: /usr/bin/mysqld_safe
+ config_files:
+ - dest: /etc/mysql/my.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/my.cnf.d/galera.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
+ owner: mysql
+ perm: '0644'
+ docker_config:
+ step_2:
+ mysql_bootstrap:
+ start_order: 0
+ detach: false
+ image: *mysql_image
+ net: host
+ volumes: &mysql_volumes
+ - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/hosts:/etc/hosts:ro
+ - mariadb:/var/lib/mysql/
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ # NOTE(mandre) skip wsrep cluster status check
+ - KOLLA_KUBERNETES=True
+ -
+ list_join:
+ - '='
+ - - 'DB_ROOT_PASSWORD'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql:
+ start_order: 1
+ image: *mysql_image
+ restart: always
+ net: host
+ volumes: *mysql_volumes
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ docker_puppet_tasks:
+ # MySQL database initialization occurs only on single node
+ step_2:
+ - 'mysql_init_tasks'
+ - 'mysql_database,mysql_grant,mysql_user'
+ - 'include ::tripleo::profile::base::database::mysql'
+ - list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
+ - - "mariadb:/var/lib/mysql/:ro"
+ - "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 1d25da72..2bf8fa09 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -144,7 +144,7 @@ outputs:
[ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
docker_puppet_tasks:
# Keystone endpoint creation occurs only on single node
- step_4:
+ step_3:
- 'keystone_init_tasks'
- 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
- 'include ::tripleo::profile::base::keystone'
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index e444f391..dfd1d5c0 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -81,6 +81,9 @@ outputs:
net: host
privileged: false
detach: false
+ # FIXME: we should make config file permissions right
+ # and run as neutron user
+ user: root
volumes:
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
- /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro