summaryrefslogtreecommitdiffstats
path: root/docker/docker-puppet.py
AgeCommit message (Collapse)AuthorFilesLines
2017-06-16Make a copy of files touched by puppet in containerMartin André1-0/+7
This should help determine what exactly needs to be bind mounted in the container and should also help limit the size of collected logs in CI, as collecting the entire /etc directory from each container can grow pretty quickly in size and is not that useful. Related-Bug: #1698172 Change-Id: Ie2bded39cdb82a72f0c28f1c552403cd11b5af45
2017-06-14Replace NO_ARCHIVE block with single call to rsyncSteve Baker1-27/+13
Also attempts to move the workaround for bug #1696283 to before the puppet apply call. Closes-Bug: #1696622 Change-Id: I3a195466a5039e7641e843c11e5436440bfc5a01
2017-06-08Write md5sum for service config directoriesSteven Hardy1-0/+53
The configuration generated by docker-puppet may change on update, so checksum the combined files from the config-data directories, to enable detecting those that have changed and restarting the appropriate containers - we need to merge this checksum into the environment passed to the containters, as this will cause paunch to correctly restart containers when the configuration generated changes, even if the rest of the json definition provided by heat does not. Change-Id: I40d9080cf3ad708ef4ed91e46d2b2ae1138bb9c3
2017-06-07Ensure /etc/ssh/ssh_known_hosts exist in docker config-data.Oliver Walsh1-0/+4
Works around the issue encountered in 1696283. Change-Id: I1947d9d1e3cabc5dfe25ee1af994d684425bdbf7 Resolves-Bug: #1696283
2017-05-17Don't delete failed docker-puppet containersSteve Baker1-1/+3
This helps a bit with debugging issues, and the container will be deleted on the next run when the same volume is configured. Change-Id: I4f2f219bd7e40abafd0eb31c1275fdd8ed4db4da
2017-05-10Make docker-puppet.sh a static file.Steve Baker1-21/+22
Variables are now passed in with --env in the docker run call. This will allow docker-puppet.sh to be baked into the image instead of having it as a custom entrypoint. Change-Id: Icbaefe033becc6b2226535f28ee202917bdc1074
2017-05-02Improve logging for docker-puppet.pyBogdan Dobrelya1-36/+50
Log prepared docker command Use logger stdout instead of print command Log stderr as debug as well Change-Id: I3d48fbf4fa3381d325e3be3788b041e06d4bb294 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-04-13Merge "Do not log errors on non-existing container"Jenkins1-1/+4
2017-04-12docker/all: Bind-mount OpenSSL CA bundleJuan Antonio Osorio Robles1-0/+6
The containers also need to trust the CA's that the overcloud node trusts, else we'll get SSL verification failures. bp tls-via-certmonger-containers Change-Id: I7d3412a6273777712db2c90522e365c413567c49
2017-04-11Do not log errors on non-existing containerMartin André1-1/+4
This is cluttering up the logs with useless error messages, making it more difficult than necessary to debug the CI job. Change-Id: Icbdc4c74d99fea39b8722955dab56e5f538849aa
2017-04-06Merge "docker-puppet.py fail if any worker fails"Jenkins1-1/+10
2017-03-28Allow to configure policy.json for OpenStack projectsEmilien Macchi1-2/+2
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
2017-03-22docker-puppet: skip empty volume entriesJuan Antonio Osorio Robles1-1/+2
This allows to optionally add volumes, where we could use a heat conditional to either put the volume path we want or put an empty string which should be safely skipped. Change-Id: I68f91ffdd8ceb14735adad1322fcf124c47b160c
2017-03-13Merge "Pass the DOCKER_* env vars when running docker"Jenkins1-0/+5
2017-03-09docker-puppet.py fail if any worker failsSteve Baker1-1/+10
Currently returncodes are ignored from docker puppet workers, so a failed puppet apply may not manifest until later in the stack deployment due to some other failure. This change logs any failures at the end of the run and returns a failure code if any worker returns a failure code. Change-Id: I6a504dbeb4c0ac465ce10e7647830524fe0a1160
2017-03-01Put docker puppet config in puppet_config dictSteve Baker1-0/+3
This approach removes the need for the yaql zip to build the docker-puppet data by building the data in a puppet_config dict. This allows a future change to make docker-puppet.py only accept dict data. Currently the step_config is left where it is and referenced inside puppet_config, but feedback is welcome whether this is necessary or desirable. Change-Id: I4a4d7a6fd2735cb841174af305dbb62e0b3d3e8c
2017-03-01Pass the DOCKER_* env vars when running dockerFlavio Percoco1-0/+5
We should always pass the `DOCKER_*` env vars to all the `docker` commands that are executed in the various scripts as those variables may contain the access data for the docker daemon. Change-Id: Ie719f451350e6ea35cb22d97a8f090ad81fa8141
2017-03-01Switch to dict format for docker_puppet_tasksSteve Baker1-0/+9
This change gives the option of docker-puppet.py data to be in a dict as well as a list. This allows docker_puppet_tasks data to use the same keys as the top level puppet config data. If the yaql fu can be worked out to build the top level data, docker-puppet.py can later drop the list format entirely. Change-Id: I7e2294c6c898d2340421c93516296ccf120aa6d2
2017-02-24Add option to diff containers after config stage.Ian Main1-0/+9
This allows you to show the changes made to a container during configuration stage for fast development. Change-Id: Id9c72cf2b07486f0a80bf3572a7ba349888d877f
2017-02-23Add step to docker_puppet_tasksDan Prince1-2/+3
This patch sets the step correctly for docker_puppet_tasks. This is now required in order to match the 'step' in some puppet manifests explicitly so that things like keystone initialization run correctly. Closes-bug: #1667454 Change-Id: If2bdd0b1051125674f116f895832b48723d82b3a
2017-02-22Parallelize docker-puppet.pyIan Main1-18/+40
Use a pool of worker processes to run the puppet modules so they can all be done in parallel. Defaults to cpu count processes. Change-Id: I083d302b8cf6538569e4d165221c21df152266bc
2017-02-15Add docker_puppet_tasks initialization on primary nodeDan Prince1-1/+3
This patch adds a new (optional) section to the docker post.j2.yaml that collects any 'docker_puppet_tasks' data from enabled services and applies it on the primary role node (the first node in the primary (first) role). The use case for this is although we are generally only using puppet for configuration there are several exceptions that we desire to make use of today for parity with baremetal. This includes things like database creation and keystone endpoint initialization which we rely on configuration via hiera variables controlled by the puppet services. Change-Id: Ic14ef48f26de761b0d0eabd0e1c0eae52d90e68a
2017-02-15docker: new hybrid deployment architecture and configurationDan Prince1-0/+210
This patch implements a new docker deployment architecture that should us to install docker services in a stepwise manner alongside of baremetal puppet services. This works by using Yaql to select docker specific services (docker/services/*.yaml) vs the puppet specific ones and then applying the selected Json to relevant Heat software deployments for docker and baremetal puppet in a stepwise fashion. Additionally the new architecture leverages new composable services interfaces from Newton to allow configuration of per-service container configuration sets (directories that are bind mounted into kolla containers) by using the Kolla containers themselves. It does this by spinning up a throw away "configuration only" version of the container being configured itself, then running the puppet apply in that container and copying the generated config files into /var/lib/config-data. This avoids having to install all of the OpenStack dependency packages in the heat-agent-container itself (our previous approach) and should allow us to configure a much wider variety of container config files that would otherwise be impossible with the previous shared approach. The new approach (combined) should allow us to configure containers in both the undercloud and overcloud and incrementally add CI coverage to services as we containerize them. Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Change-Id: Ibcff99f03e6751fbf3197adefd5d344178b71fc2