summaryrefslogtreecommitdiffstats
path: root/docker/services/nova-libvirt.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-07-27Generate MySQL client config if service requires databaseDamien Ciabrini1-1/+7
Services that access database have to read an extra MySQL configuration file /etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind address and SSL configuration. The configuration file is thus used by containerized services, but also by non-containerized services that still run on the host. In order to generate that client configuration file appropriately both on the host and for containers, 1) the MySQLClient service must be included by the role; 2) every containerized service which uses the database must include the mysql::client profile in the docker-puppet config generation step. By including the mysql::client profile in each containerized service, we ensure that any change in configuration file will be reflected in the service's /var/lib/config-data/{service}, and that paunch will restart the service's container automatically. We now only rely on MySQLClient from puppet/services, to make it possible to generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that drive the generation of that config file in containers via docker-puppet. We include a new YAML validation step to ensure that any service which depends on MySQL will initialize the mysql::client profile during the docker-puppet step. Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7
2017-07-27Merge "Enable libvirtd_config puppet tag in nova-libvirtd docker service"Jenkins1-1/+1
2017-07-25Provides Ceph config into OpenStack clientsGiulio Fidente1-0/+9
Given ceph-ansible or puppet-ceph will have created the Ceph config files and keyrings in /etc/ceph on baremetal, this change copies into the OpenStack containers the necessary files for the services to be able to connect to the Ceph cluster. Change-Id: Ibc9964902637429209d4e1c1563b462c60090365
2017-07-25Enable libvirtd_config puppet tag in nova-libvirtd docker serviceOliver Walsh1-1/+1
Required now that https://review.openstack.org/480289 has merged Change-Id: I17f6c9b5a6e2120a53bae296042ece492210597a Related-Bug: #1696504
2017-07-24Merge "Add support for nova live/cold-migration with containers"Jenkins1-8/+8
2017-07-23Add support for nova live/cold-migration with containersOliver Walsh1-8/+8
Updates hieradata for changes in https://review.openstack.org/471950. Creates a new service - NovaMigrationTarget. On baremetal this just configures live/cold-migration. On docker is includes a container running a second sshd services on an alternative port. Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd containers. Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427 Implements: blueprint tripleo-cold-migration Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
2017-07-21Make EnablePackageInstall and Debug descriptions consistentBen Nemec1-1/+1
Change-Id: I3ea7c0c7ea049043668e68c6e637fd2aaf992622 Partial-Bug: 1700664
2017-07-19Add nova::compute::rbd setting into nova-libvirt profileGiulio Fidente1-1/+3
Some of the tasks carried by nova::compute::rbd class apply to the compute service, others to the libvirt service so it needs to be included in both. Change-Id: I28557deb13b75922932cd3e86c3467a541c988d0
2017-07-15Merge "Use a single configuration file for specifying docker containers."Jenkins1-14/+2
2017-07-14Use a single configuration file for specifying docker containers.Ian Main1-14/+2
This removes the default container names from all the templates and uses a single environment file to specify the full container name and registry from which to pull. Also does away with most of DockerNamespace. Change-Id: Ieaedac33f0a25a352ab432cdb00b5c888be4ba27 Depends-On: Ibc108871ebc2beb1baae437105b2da1d0123ba60 Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com>
2017-07-14Adds network/cidr mapping into a new service propertyGiulio Fidente1-0/+5
Makes it possible to resolve network subnets within a service template; the data is transported into a new property ServiceData wired into every service which hopefully is generic enough to be extended in the future and transport more data. Data can be consumed in service templates to set config values which need to know what is the subnet where a deamon operates (for example the Ceph Public vs Cluster network). Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-10Copy only generated puppet files into the containerMartin André1-1/+6
This solves a problem with bind-mounts when the containers are holding files descriptors open. At the same time this makes the template more robust to puppet changes since new config files will be available in the containers without needing to update the templates. Partial-Bug: #1698323 Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
2017-06-28Add heat parameter for all of config_volume imagesMartin André1-6/+6
This commit consistently defines a heat template parameter in the form of DockerXXXConfigImage where XXX represents the name of the config_volume that is used by docker-puppet. The goal is to mitigate hard to debug errors where the templates would set different defaults for the image docker-puppet.py uses to run, for the same config_volume name. This fixes a couple of inconsistencies on the way. Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b Closes-Bug: #1699791
2017-06-09Make container names consistentMartin André1-2/+2
This commit change the container names to consistently use the `_` char as a word separator and make the kolla external config file match the container name to make operators' life easier. Change-Id: Ibac9d76dde474b94c3cb86031ead0fd0327e126f
2017-06-08Modify libvirtd container command line when TLS is enabledOliver Walsh1-1/+25
Libvirtd needs the --listen arg to enable the TLS socket. Change-Id: I535165f0a2634728045491b2a37a56b1891b13fe Resolves-Bug: #1694958
2017-05-29Containerized nova-compute working with Deployed ServerJiri Stransky1-0/+21
When using the Deployed Server feature, we rely on Puppet to install packages. But nova-compute/libvirt puppet is running in a container, so it cannot install anything on the host. We rely on virtlogd on the host, so we need to install it there some way. This patch uses host_prep_tasks for that, conditionally based on the EnablePackageInstall stack parameter value. Also multinode-container-upgrade.yaml env is copied as multinode-containers.yaml, to remove the naming confusion, as the environment file can be used for more than just upgrades. The old env file will be removed once we make the upgrade job use the new one (catch 22 type of issue). Change-Id: Ia9b3071daa15bc30792110e5f34cd859cc205fb8
2017-05-15Add missing type for RoleParameters parameterMartin André1-0/+1
This was forgotten in I72376a803ec6b2ed93903cc0c95a6ffce718b6dc and broke containerized deployment. Change-Id: I599a87bf06efbfefd3067c77ed6ca866505900f9 Closes-Bug: #1690870
2017-05-15Add role specific information to the service templateSaravanan KR1-0/+9
When a service is enabled on multiple roles, the parameters for the service will be global. This change enables an option to provide role specific parameter to services and other templates. Two new parameters - RoleName and RoleParameters, are added to the service template. RoleName provides the role name of on which the current instance of the service is being applied on. RoleParameters provides the list of parameters which are configured specific to the role in the environment file, like below: parameters_default: # Default value for applied to all roles NovaReservedHostMemory: 2048 ComputeDpdkParameters: # Applied only to ComputeDpdk role NovaReservedHostMemory: 4096 In above sample, the cluster contains 2 roles - Compute, ComputeDpdk. The values of ComputeDpdkParameters will be passed on to the templates as RoleParameters while creating the stack for ComputeDpdk role. The parameter which supports role specific configuration, should find the parameter first in in the RoleParameters list, if not found, then the default (for all roles) should be used. Implements: blueprint tripleo-derive-parameters Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
2017-05-05Mount hostpath logs on /var/logFlavio Percoco1-0/+6
Some containers are using the logs named volume for collecting logs written to `/var/log`. We should make this consistent for all the containers. This patch also cleans up some mounts that weren't needed for some services. For example, glance-api doesn't need `/run` to be mounted. Other changes: * Rework log volumes to hostpath mounts to omit slow COW writes. * Add kolla_config's permission and host_prep_tasks create and manage hostpath mounted log dirs permissions. * Rework data owning init containers to kolla_config permissions * When a step wants KOLLA_BOOTSTRAP or DB sync, use logs data owning init containers to set permissions for logs. This is required because kolla bootsrap and DB sync runs before the kolla config stage and there is yet permissions set for logs. * In order to address hybrid cases for host services vs containerized ones to access logs having different UIDs, persist containerized services' logs into separate directories (an upgrade impact) * Ensure host prep tasks to create /var/log/containers/ and /var/lib/ sub-directories for services * Fix missing /etc/httpd, /var/www config-data mounts for zaqar/ironic * Fix YAML indentation and drop strings quotation. Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com> Partial blueprint containerized-services-logs Change-Id: I53e737120bf0121bd28667f355b6f29f1b2a6b82
2017-05-02Move containers common volumes from yaql to list_concatJuan Antonio Osorio Robles1-17/+15
list_concat was introduced recently and is able to replace the yaql calls for concatenating lists. Change-Id: Id3a80a0e1e4c25b6d838898757c69ec99d0cd826
2017-04-21Don't attempt to configure live migrationJiri Stransky1-1/+9
When configuring nova containers via puppet, the puppet class chain includes a class for live migration, which configures live migration aspects in nova and libvirt. Some of the libvirt config parts try to notify Service[libvirt], but that service definition is only included in nova-libvirt service, it's not included in the control plan nova services. However, our hieradata is currently global on the node, it's not per-service, which means even though only nova-compute and nova-libvirt service set tripleo::profile::base::nova::manage_migration: true this hiera setting is applied to all containers running puppet, most notably the ones which configure nova control plane services. As a result, configuration of nova control plane services failed, and in turn the whole deployment failed. This commit disables the libvirt part of live migration config until we implement some better solution (e.g. hieradata separation between different puppet containers, or move the libvirt config parts only to nova-compute manifests in puppet-tripleo). Change-Id: I0328406607d451e6bdce4d92c441c03648925fa7 Closes-Bug: #1684107
2017-04-18Introduce common resources for docker templatesJuan Antonio Osorio Robles1-12/+19
This enables common resources that the docker templates might need. The initial resource only is common volumes, and two volumes are introduced (localtime and hosts). Change-Id: Ic55af32803f9493a61f9b57aff849bfc6187d992
2017-04-03Remove kolla_config copy from servicesMartin André1-8/+3
Simplify the config of the containerized services by bind mounting in the configurations instead of specifying them all in kolla config. This is change is useful to limit the side effects of generating the config files and running the container is two separate steps as config directories are now bind-mounted inside the container instead of having files being copied to the container. We've seen examples of Apache's mod_ssl configuration file present on the container preventing it to start when puppet configured apache not to load the ssl module (in case TLS is disabled). Co-Authored-By: Ian Main <imain@redhat.com> Change-Id: I4ec5dd8b360faea71a044894a61790997f54d48a
2017-03-24Rework container volumes as hostpath mountsBogdan Dobrelya1-0/+4
Also add upgrade_tasks to disable corresponding host services in order to not data race with containers Change-Id: I19c16aaa3e5a73436ca7aa7d06facf64feee2327 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-03-23Merge "Keep existing data for containerized Libvirt"Jenkins1-2/+10
2017-03-16Keep existing data for containerized LibvirtJiri Stransky1-2/+10
Use mounts instead of docker volumes to preserve existing data when moving from baremetal to containerized Libvirt. Change-Id: I2215d451a4ef4023741f0750ac1b45a94652026a
2017-03-10Cleanup docker services templatesMartin André1-2/+2
Use yaml anchors wherever possible for image definition and drop unused anchors. Renamed parameters to Docker*ConfigImage to clarify that an image is specifically used to generate configuration files. Change-Id: I388bd59de7f1d36a3a881fbb723ba5bcba09e637
2017-03-10Remove docker_image sections (unused)Dan Prince1-5/+4
We don't use docker_image for anything. It is a remant of the pre-composable docker templates and we can now remove it. This patch removes references to the 'docker_image' section from docker/post.yaml and all of the docker/services* templates. Change-Id: I208c1ef1550ab39ab0ee47ab282f9b1937379810
2017-03-01Put docker puppet config in puppet_config dictSteve Baker1-7/+10
This approach removes the need for the yaql zip to build the docker-puppet data by building the data in a puppet_config dict. This allows a future change to make docker-puppet.py only accept dict data. Currently the step_config is left where it is and referenced inside puppet_config, but feedback is welcome whether this is necessary or desirable. Change-Id: I4a4d7a6fd2735cb841174af305dbb62e0b3d3e8c
2017-02-15docker: new hybrid deployment architecture and configurationDan Prince1-19/+29
This patch implements a new docker deployment architecture that should us to install docker services in a stepwise manner alongside of baremetal puppet services. This works by using Yaql to select docker specific services (docker/services/*.yaml) vs the puppet specific ones and then applying the selected Json to relevant Heat software deployments for docker and baremetal puppet in a stepwise fashion. Additionally the new architecture leverages new composable services interfaces from Newton to allow configuration of per-service container configuration sets (directories that are bind mounted into kolla containers) by using the Kolla containers themselves. It does this by spinning up a throw away "configuration only" version of the container being configured itself, then running the puppet apply in that container and copying the generated config files into /var/lib/config-data. This avoids having to install all of the OpenStack dependency packages in the heat-agent-container itself (our previous approach) and should allow us to configure a much wider variety of container config files that would otherwise be impossible with the previous shared approach. The new approach (combined) should allow us to configure containers in both the undercloud and overcloud and incrementally add CI coverage to services as we containerize them. Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Change-Id: Ibcff99f03e6751fbf3197adefd5d344178b71fc2
2017-01-29docker: eliminate copy-json.py in favor of json-fileDan Prince1-0/+8
This patch rewires how we configure the Kolla external config files via Heat templates and uses a more simple json-file heat hook to directly write out Kolla config files to disk. By using a heat hook instead of a shell script we can avoid Json conversion issues. Additionally, This generic json file hook will be useful for other ad-hoc Json file configuration within the TripleO docker architecture. Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I8c72a4a9a7022f722bfe1cef3e18517605720cce Depends-On: I2b372ac2e291339e436202c9fe58a681ed6a743f Depends-On: Id3f779b11e23fd3122ef29b7ccbae116667d4520
2017-01-13Merge "Use provided qemu.conf in libvirt container"Jenkins1-0/+5
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-22Use provided qemu.conf in libvirt containerMartin André1-0/+5
This allows us to workaround an issue where the default setting for qemu changed to logging to virtlogd which is not yet containerized. Change-Id: I9d25b1299c4f02068d1073c5b78d4c7a2099721e Depends-On: I9a9705e5c79eec3bbaf02b491498886b858b7a95 Closes-Bug: #1652119
2016-11-22Containerized Services for Composable RolesIan Main1-0/+69
This change modifies the template interface to support containers and converts the compute services to composable roles. Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com> Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b