Age | Commit message (Collapse) | Author | Files | Lines |
|
Also attempts to move the workaround for bug #1696283 to before the
puppet apply call.
Closes-Bug: #1696622
Change-Id: I3a195466a5039e7641e843c11e5436440bfc5a01
|
|
The configuration generated by docker-puppet may change on update,
so checksum the combined files from the config-data directories,
to enable detecting those that have changed and restarting the
appropriate containers - we need to merge this checksum into
the environment passed to the containters, as this will cause
paunch to correctly restart containers when the configuration
generated changes, even if the rest of the json definition
provided by heat does not.
Change-Id: I40d9080cf3ad708ef4ed91e46d2b2ae1138bb9c3
|
|
Works around the issue encountered in 1696283.
Change-Id: I1947d9d1e3cabc5dfe25ee1af994d684425bdbf7
Resolves-Bug: #1696283
|
|
This helps a bit with debugging issues, and the container will be
deleted on the next run when the same volume is configured.
Change-Id: I4f2f219bd7e40abafd0eb31c1275fdd8ed4db4da
|
|
Variables are now passed in with --env in the docker run call.
This will allow docker-puppet.sh to be baked into the image instead of
having it as a custom entrypoint.
Change-Id: Icbaefe033becc6b2226535f28ee202917bdc1074
|
|
Log prepared docker command
Use logger stdout instead of print command
Log stderr as debug as well
Change-Id: I3d48fbf4fa3381d325e3be3788b041e06d4bb294
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
The containers also need to trust the CA's that the overcloud node
trusts, else we'll get SSL verification failures.
bp tls-via-certmonger-containers
Change-Id: I7d3412a6273777712db2c90522e365c413567c49
|
|
This is cluttering up the logs with useless error messages, making it
more difficult than necessary to debug the CI job.
Change-Id: Icbdc4c74d99fea39b8722955dab56e5f538849aa
|
|
|
|
For both containers and classic deployments, allow to configure
policy.json for all OpenStack APIs with new parameters (hash,
empty by default).
Example of new parameter: NovaApiPolicies.
See environments/nova-api-policy.yaml for how the feature can be used.
Note: use it with extreme caution.
Partial-implement: blueprint modify-policy-json
Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
|
|
This allows to optionally add volumes, where we could use a heat
conditional to either put the volume path we want or put an empty string
which should be safely skipped.
Change-Id: I68f91ffdd8ceb14735adad1322fcf124c47b160c
|
|
|
|
Currently returncodes are ignored from docker puppet workers, so a
failed puppet apply may not manifest until later in the stack
deployment due to some other failure.
This change logs any failures at the end of the run and returns a
failure code if any worker returns a failure code.
Change-Id: I6a504dbeb4c0ac465ce10e7647830524fe0a1160
|
|
This approach removes the need for the yaql zip to build the
docker-puppet data by building the data in a puppet_config dict.
This allows a future change to make docker-puppet.py only accept dict
data.
Currently the step_config is left where it is and referenced inside
puppet_config, but feedback is welcome whether this is necessary or
desirable.
Change-Id: I4a4d7a6fd2735cb841174af305dbb62e0b3d3e8c
|
|
We should always pass the `DOCKER_*` env vars to all the `docker`
commands that are executed in the various scripts as those variables may
contain the access data for the docker daemon.
Change-Id: Ie719f451350e6ea35cb22d97a8f090ad81fa8141
|
|
This change gives the option of docker-puppet.py data to be in a dict
as well as a list. This allows docker_puppet_tasks data to use the
same keys as the top level puppet config data.
If the yaql fu can be worked out to build the top level data,
docker-puppet.py can later drop the list format entirely.
Change-Id: I7e2294c6c898d2340421c93516296ccf120aa6d2
|
|
This allows you to show the changes made to a container during
configuration stage for fast development.
Change-Id: Id9c72cf2b07486f0a80bf3572a7ba349888d877f
|
|
This patch sets the step correctly for docker_puppet_tasks.
This is now required in order to match the 'step' in some
puppet manifests explicitly so that things like keystone
initialization run correctly.
Closes-bug: #1667454
Change-Id: If2bdd0b1051125674f116f895832b48723d82b3a
|
|
Use a pool of worker processes to run the puppet modules so they
can all be done in parallel. Defaults to cpu count processes.
Change-Id: I083d302b8cf6538569e4d165221c21df152266bc
|
|
This patch adds a new (optional) section to the docker post.j2.yaml
that collects any 'docker_puppet_tasks' data from enabled
services and applies it on the primary role node (the
first node in the primary (first) role).
The use case for this is although we are generally only using
puppet for configuration there are several exceptions that we
desire to make use of today for parity with baremetal. This
includes things like database creation and keystone endpoint
initialization which we rely on configuration via hiera variables
controlled by the puppet services.
Change-Id: Ic14ef48f26de761b0d0eabd0e1c0eae52d90e68a
|
|
This patch implements a new docker deployment architecture that
should us to install docker services in a stepwise manner alongside
of baremetal puppet services. This works by using Yaql to select
docker specific services (docker/services/*.yaml) vs the puppet
specific ones and then applying the selected Json to relevant Heat
software deployments for docker and baremetal puppet in a stepwise
fashion.
Additionally the new architecture
leverages new composable services interfaces from Newton to
allow configuration of per-service container configuration
sets (directories that are bind mounted into kolla containers) by
using the Kolla containers themselves. It does this by spinning up
a throw away "configuration only" version of the container being
configured itself, then running the puppet apply in that container and
copying the generated config files into /var/lib/config-data. This
avoids having to install all of the OpenStack dependency packages
in the heat-agent-container itself (our previous approach) and should
allow us to configure a much wider variety of container config files
that would otherwise be impossible with the previous shared approach.
The new approach (combined) should allow us to configure containers in
both the undercloud and overcloud and incrementally add CI coverage to
services as we containerize them.
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Change-Id: Ibcff99f03e6751fbf3197adefd5d344178b71fc2
|