diff options
Diffstat (limited to 'docker')
-rwxr-xr-x | docker/docker-puppet.py | 72 | ||||
-rw-r--r-- | docker/post.j2.yaml | 2 | ||||
-rw-r--r-- | docker/services/database/mysql.yaml | 130 | ||||
-rw-r--r-- | docker/services/keystone.yaml | 2 | ||||
-rw-r--r-- | docker/services/neutron-api.yaml | 3 |
5 files changed, 188 insertions, 21 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index fe87ce7a..86c8ec98 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -23,6 +23,7 @@ import os import subprocess import sys import tempfile +import multiprocessing # this is to match what we do in deployed-server @@ -45,6 +46,15 @@ def pull_image(name): def rm_container(name): + if os.environ.get('SHOW_DIFF', None): + print('Diffing container: %s' % name) + subproc = subprocess.Popen(['/usr/bin/docker', 'diff', name], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + cmd_stdout, cmd_stderr = subproc.communicate() + print(cmd_stdout) + print(cmd_stderr) + print('Removing container: %s' % name) subproc = subprocess.Popen(['/usr/bin/docker', 'rm', name], stdout=subprocess.PIPE, @@ -53,6 +63,8 @@ def rm_container(name): print(cmd_stdout) print(cmd_stderr) +process_count = int(os.environ.get('PROCESS_COUNT', + multiprocessing.cpu_count())) config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json') print('docker-puppet') @@ -106,34 +118,25 @@ for service in (json_data or []): print('Service compilation completed.\n') -for config_volume in configs: - - service = configs[config_volume] - puppet_tags = service[1] or '' - manifest = service[2] or '' - config_image = service[3] or '' - volumes = service[4] if len(service) > 4 else [] - - if puppet_tags: - puppet_tags = "file,file_line,concat,%s" % puppet_tags - else: - puppet_tags = "file,file_line,concat" +def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)): print('---------') print('config_volume %s' % config_volume) print('puppet_tags %s' % puppet_tags) print('manifest %s' % manifest) print('config_image %s' % config_image) + print('volumes %s' % volumes) hostname = short_hostname() + sh_script = '/var/lib/docker-puppet/docker-puppet-%s.sh' % config_volume - with open('/var/lib/docker-puppet/docker-puppet.sh', 'w') as script_file: + with open(sh_script, 'w') as script_file: os.chmod(script_file.name, 0755) script_file.write("""#!/bin/bash set -ex mkdir -p /etc/puppet cp -a /tmp/puppet-etc/* /etc/puppet rm -Rf /etc/puppet/ssl # not in use and causes permission errors - echo '{"step": 6}' > /etc/puppet/hieradata/docker.json + echo '{"step": %(step)s}' > /etc/puppet/hieradata/docker.json TAGS="" if [ -n "%(puppet_tags)s" ]; then TAGS='--tags "%(puppet_tags)s"' @@ -168,7 +171,8 @@ for config_volume in configs: fi """ % {'puppet_tags': puppet_tags, 'name': config_volume, 'hostname': hostname, - 'no_archive': os.environ.get('NO_ARCHIVE', '')}) + 'no_archive': os.environ.get('NO_ARCHIVE', ''), + 'step': os.environ.get('STEP', '6')}) with tempfile.NamedTemporaryFile() as tmp_man: with open(tmp_man.name, 'w') as man_file: @@ -186,12 +190,12 @@ for config_volume in configs: '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', '--volume', 'tripleo_logs:/var/log/tripleo/', - '--volume', '/var/lib/docker-puppet/docker-puppet.sh:/var/lib/docker-puppet/docker-puppet.sh:ro'] + '--volume', '%s:%s:rw' % (sh_script, sh_script) ] for volume in volumes: dcmd.extend(['--volume', volume]) - dcmd.extend(['--entrypoint', '/var/lib/docker-puppet/docker-puppet.sh']) + dcmd.extend(['--entrypoint', sh_script]) env = {} if os.environ.get('NET_HOST', 'false') == 'true': @@ -207,6 +211,34 @@ for config_volume in configs: print(cmd_stderr) if subproc.returncode != 0: print('Failed running docker-puppet.py for %s' % config_volume) - sys.exit(subproc.returncode) - else: - rm_container('docker-puppet-%s' % config_volume) + rm_container('docker-puppet-%s' % config_volume) + return subproc.returncode + +# Holds all the information for each process to consume. +# Instead of starting them all linearly we run them using a process +# pool. This creates a list of arguments for the above function +# to consume. +process_map = [] + +for config_volume in configs: + + service = configs[config_volume] + puppet_tags = service[1] or '' + manifest = service[2] or '' + config_image = service[3] or '' + volumes = service[4] if len(service) > 4 else [] + + if puppet_tags: + puppet_tags = "file,file_line,concat,%s" % puppet_tags + else: + puppet_tags = "file,file_line,concat" + + process_map.append([config_volume, puppet_tags, manifest, config_image, volumes]) + +for p in process_map: + print '--\n%s' % p + +# Fire off processes to perform each configuration. Defaults +# to the number of CPUs on the system. +p = multiprocessing.Pool(process_count) +p.map(mp_puppet_config, process_map) diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml index 3473f4ca..e1154a62 100644 --- a/docker/post.j2.yaml +++ b/docker/post.j2.yaml @@ -68,6 +68,7 @@ resources: - name: CONFIG - name: NET_HOST - name: NO_ARCHIVE + - name: STEP {{primary_role_name}}DockerPuppetTasksDeployment{{step}}: type: OS::Heat::SoftwareDeployment @@ -85,6 +86,7 @@ resources: CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json NET_HOST: 'true' NO_ARCHIVE: 'true' + STEP: {{step}} {% endfor %} # END primary_role_name docker-puppet-tasks diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml new file mode 100644 index 00000000..2ef068d2 --- /dev/null +++ b/docker/services/database/mysql.yaml @@ -0,0 +1,130 @@ +heat_template_version: ocata + +description: > + MySQL service deployment using puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + MysqlRootPassword: + type: string + hidden: true + default: '' + +resources: + + MysqlPuppetBase: + type: ../../../puppet/services/database/mysql.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Containerized service MySQL using composable services. + value: + service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [MysqlPuppetBase, role_data, config_settings]} + # Set PID file to what kolla mariadb bootstrap script expects + - tripleo::profile::base::database::mysql::mysql_server_options: + mysqld: + pid-file: /var/lib/mysql/mariadb.pid + mysqld_safe: + pid-file: /var/lib/mysql/mariadb.pid + step_config: + list_join: + - "\n" + - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" + - {get_attr: [MysqlPuppetBase, role_data, step_config]} + upgrade_tasks: {get_attr: [MysqlPuppetBase, role_data, upgrade_tasks]} + # BEGIN DOCKER SETTINGS # + docker_image: &mysql_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + puppet_tags: file # set this even though file is the default + config_volume: mysql + config_image: *mysql_image + kolla_config: + /var/lib/kolla/config_files/mysql.json: + command: /usr/bin/mysqld_safe + config_files: + - dest: /etc/mysql/my.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf + owner: mysql + perm: '0644' + - dest: /etc/my.cnf.d/galera.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf + owner: mysql + perm: '0644' + docker_config: + step_2: + mysql_bootstrap: + start_order: 0 + detach: false + image: *mysql_image + net: host + volumes: &mysql_volumes + - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /etc/hosts:/etc/hosts:ro + - mariadb:/var/lib/mysql/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + # NOTE(mandre) skip wsrep cluster status check + - KOLLA_KUBERNETES=True + - + list_join: + - '=' + - - 'DB_ROOT_PASSWORD' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql: + start_order: 1 + image: *mysql_image + restart: always + net: host + volumes: *mysql_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # MySQL database initialization occurs only on single node + step_2: + - 'mysql_init_tasks' + - 'mysql_database,mysql_grant,mysql_user' + - 'include ::tripleo::profile::base::database::mysql' + - list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + - - "mariadb:/var/lib/mysql/:ro" + - "/var/lib/config-data/mysql/root:/root:ro" #provides .my.cnf diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 1d25da72..2bf8fa09 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -144,7 +144,7 @@ outputs: [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] docker_puppet_tasks: # Keystone endpoint creation occurs only on single node - step_4: + step_3: - 'keystone_init_tasks' - 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' - 'include ::tripleo::profile::base::keystone' diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index e444f391..dfd1d5c0 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -81,6 +81,9 @@ outputs: net: host privileged: false detach: false + # FIXME: we should make config file permissions right + # and run as neutron user + user: root volumes: - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro |