aboutsummaryrefslogtreecommitdiffstats
path: root/docker/services/neutron-api.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-05-30Merge "docker bootstrap service commands"Jenkins1-3/+4
2017-05-22docker bootstrap service commandsDan Prince1-3/+4
This patch guards db syncs and initialization code from executing on multiple nodes at the same time by using the new bootstrap_host_exec script. This helper script checks to make sure the container is executing on the "bootstrap host" for the specified service (arg 0) and then if it matches runs the specified command. Depends-On: If25f217bbb592edab4e1dde53ca99ed93c0e146c Depends-On: Ic1585bae27c318bd6bafc287e905f2ed250cce0f Change-Id: I0c864ca093ea476248b619d8c88477ef0b64e2eb Closes-Bug: 1688380
2017-05-22docker/TLS-everywhere: Add metadata_settings output to templatesJuan Antonio Osorio Robles1-0/+2
This is needed since it's what writes the service metadata to the nova server in order to create the kerberos principals. It worked in a base controller since the keystone template does have this. But if we would deploy these services on a separate role, it would break. So this output is needed. bp tls-via-certmonger-containers Change-Id: I3ee8c65d356dcd092a3fbf79041e5c69ef23b721
2017-05-16docker/internal TLS: spawn extra container for neutron server's TLS proxyJuan Antonio Osorio Robles1-14/+42
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of neutron server. bp tls-via-certmonger-containers Change-Id: I2529d78e889835f48c51e12d28ecd7c48739b02b
2017-05-16Use neutron-server image for neutron servicesJuan Antonio Osorio Robles1-1/+1
For TLS everywhere, neutron-server needs httpd in the image, since it'll use a separate container that runs a TLS proxy to terminate the connection. This requires the image where the configuration is ran to have httpd installed, since there are several directories and the user/group that's needed. So, we then switch the image to be used to be neutron-server instead of the openvswitch-agent image. Change-Id: Ie16de3004925b7624f106d6c015ec04ef6031a06 Depends-On: I82f10ac0e7e692e6ba4a06dc10da9eaf79c60e7e
2017-05-15Add missing type for RoleParameters parameterMartin André1-0/+1
This was forgotten in I72376a803ec6b2ed93903cc0c95a6ffce718b6dc and broke containerized deployment. Change-Id: I599a87bf06efbfefd3067c77ed6ca866505900f9 Closes-Bug: #1690870
2017-05-15Add role specific information to the service templateSaravanan KR1-0/+9
When a service is enabled on multiple roles, the parameters for the service will be global. This change enables an option to provide role specific parameter to services and other templates. Two new parameters - RoleName and RoleParameters, are added to the service template. RoleName provides the role name of on which the current instance of the service is being applied on. RoleParameters provides the list of parameters which are configured specific to the role in the environment file, like below: parameters_default: # Default value for applied to all roles NovaReservedHostMemory: 2048 ComputeDpdkParameters: # Applied only to ComputeDpdk role NovaReservedHostMemory: 4096 In above sample, the cluster contains 2 roles - Compute, ComputeDpdk. The values of ComputeDpdkParameters will be passed on to the templates as RoleParameters while creating the stack for ComputeDpdk role. The parameter which supports role specific configuration, should find the parameter first in in the RoleParameters list, if not found, then the default (for all roles) should be used. Implements: blueprint tripleo-derive-parameters Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
2017-05-05Mount hostpath logs on /var/logFlavio Percoco1-1/+22
Some containers are using the logs named volume for collecting logs written to `/var/log`. We should make this consistent for all the containers. This patch also cleans up some mounts that weren't needed for some services. For example, glance-api doesn't need `/run` to be mounted. Other changes: * Rework log volumes to hostpath mounts to omit slow COW writes. * Add kolla_config's permission and host_prep_tasks create and manage hostpath mounted log dirs permissions. * Rework data owning init containers to kolla_config permissions * When a step wants KOLLA_BOOTSTRAP or DB sync, use logs data owning init containers to set permissions for logs. This is required because kolla bootsrap and DB sync runs before the kolla config stage and there is yet permissions set for logs. * In order to address hybrid cases for host services vs containerized ones to access logs having different UIDs, persist containerized services' logs into separate directories (an upgrade impact) * Ensure host prep tasks to create /var/log/containers/ and /var/lib/ sub-directories for services * Fix missing /etc/httpd, /var/www config-data mounts for zaqar/ironic * Fix YAML indentation and drop strings quotation. Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com> Partial blueprint containerized-services-logs Change-Id: I53e737120bf0121bd28667f355b6f29f1b2a6b82
2017-05-02Move containers common volumes from yaql to list_concatJuan Antonio Osorio Robles1-15/+11
list_concat was introduced recently and is able to replace the yaql calls for concatenating lists. Change-Id: Id3a80a0e1e4c25b6d838898757c69ec99d0cd826
2017-04-18Introduce common resources for docker templatesJuan Antonio Osorio Robles1-8/+17
This enables common resources that the docker templates might need. The initial resource only is common volumes, and two volumes are introduced (localtime and hosts). Change-Id: Ic55af32803f9493a61f9b57aff849bfc6187d992
2017-04-03Remove kolla_config copy from servicesMartin André1-12/+3
Simplify the config of the containerized services by bind mounting in the configurations instead of specifying them all in kolla config. This is change is useful to limit the side effects of generating the config files and running the container is two separate steps as config directories are now bind-mounted inside the container instead of having files being copied to the container. We've seen examples of Apache's mod_ssl configuration file present on the container preventing it to start when puppet configured apache not to load the ssl module (in case TLS is disabled). Co-Authored-By: Ian Main <imain@redhat.com> Change-Id: I4ec5dd8b360faea71a044894a61790997f54d48a
2017-03-10Remove docker_image sections (unused)Dan Prince1-5/+4
We don't use docker_image for anything. It is a remant of the pre-composable docker templates and we can now remove it. This patch removes references to the 'docker_image' section from docker/post.yaml and all of the docker/services* templates. Change-Id: I208c1ef1550ab39ab0ee47ab282f9b1937379810
2017-03-06Enable composable upgrades for docker service templatesSteven Hardy1-0/+4
This aligns the docker based services with the new composable upgrades architecture we landed for ocata, and does a first-pass adding upgrade_tasks for the services (these may change, atm we only disable the service on the host). To run the upgrade workflow you basically do two steps: openstack overcloud deploy --templates \ -e environments/major-upgrade-composable-steps-docker.yaml This will run the ansible upgrade steps we define via upgrade_tasks then run the normal docker PostDeploySteps to bring up the containers. For the puppet workflow there's then an operator driven step where compute nodes (and potentially storage nodes) are upgrades in batches and finally you do: openstack overcloud deploy --templates \ -e environments/major-upgrade-converge-docker.yaml In the puppet case this re-applies puppet to unpin the nova RPC API so I guess it'll restart the nova containers this affects but otherwise will be a no-op (we also disable the ansible steps at this point. Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1 Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
2017-03-01Put docker puppet config in puppet_config dictSteve Baker1-7/+10
This approach removes the need for the yaql zip to build the docker-puppet data by building the data in a puppet_config dict. This allows a future change to make docker-puppet.py only accept dict data. Currently the step_config is left where it is and referenced inside puppet_config, but feedback is welcome whether this is necessary or desirable. Change-Id: I4a4d7a6fd2735cb841174af305dbb62e0b3d3e8c
2017-02-24Containers: workaround for neutron DB syncJiri Stransky1-0/+3
Neutron DB sync didn't have permission to read the config files, we now run neutron-db-manage as root until we can find a more permanent solution. Change-Id: I502a8514adc523c7cac1da059be10480eef71cb9 Closes-Bug: #1667300
2017-02-20Add docker neutron servicesDan Prince1-0/+102
This patch adds docker services for Neutron API(server), the Neutron DHCP agent, and Neutron ML2 plugin configuration. Co-Authored-By: Ian Main <imain@redhat.com> Change-Id: If31e095cae533597cf0d73b4277425dfc3459564