summaryrefslogtreecommitdiffstats
path: root/docker/services
AgeCommit message (Collapse)AuthorFilesLines
2017-08-21Merge "Let mds create manila key and fs"Jenkins2-2/+2
2017-08-21TLS for containerized horizonJuan Antonio Osorio Robles1-0/+17
bind mount the certificates needed for TLS. bp tls-via-certmonger-containers Change-Id: Ib9b533249be37665b77396a76133cc42fd15ee2b
2017-08-21Merge "Enable TLS for containerized RabbitMQ"Jenkins1-0/+51
2017-08-19Merge "Mount ceph config on gnocchi statsd"Jenkins1-0/+9
2017-08-19Merge "Swith to the appropriate ceph-ansible playbook on upgrade"Jenkins1-1/+19
2017-08-19Merge "Convert scenario001-multinode-containers job to ceph-ansible"Jenkins1-0/+5
2017-08-19Merge "Add params needed for the ceph-ansible switch to containers playbook"Jenkins1-0/+1
2017-08-19Merge "Tag the ha containers with 'pcmklatest' at deploy time"Jenkins7-18/+221
2017-08-18Mount ceph config on gnocchi statsdPradeep Kilambi1-0/+9
gnocchi-statsd needs access to ceph config. lets mount the ceph config files so it doesnt throw conf_read_file errors. Change-Id: I1426d580c8d8d60e986ca859f89eeb8799ab6bd2
2017-08-18Merge "Restore and split nova metadata docker service out of nova-api."Jenkins1-5/+61
2017-08-18Let mds create manila key and fsJan Provaznik2-2/+2
ceph-ansible will take care of setting up client keys both in ceph and on client side. It will also create filesystem for manila. To assure that manila manifest can work in future both with puppet and with ceph-ansible, creation of filesystem is moved to ceph-mds manifest and creation of manila key on ceph side is moved to ceph-base (so manila key is always created), manila key is added to ceph-external for external ceph deployments. Key creation is removed from manila.pp in patch I2b5567a39ac8737e80758b705818cc1807dc8bf1 Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68 Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27 Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
2017-08-18Tag the ha containers with 'pcmklatest' at deploy timeMichele Baldessari7-18/+221
We need to tag the HA containers with a special tag so that the RA definition never changes. We do this step in THT as opposed to puppet because we need to guarantee that all images are tagged on all nodes *before* step 2 where the bundle gets created. NB: Getting the image name without the tag will require some more yaql work to get all the cases right. Right now this works only if we enforce that the image has a ':tag' at the end of the name. So far this is always the case. If things change we will need to amend this code. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> Change-Id: I362e6cf26fba77d3f949b7d2fc4b35a3eab9087e
2017-08-18Enable TLS for containerized RabbitMQJuan Antonio Osorio Robles1-0/+51
Bind mounts and adds the appropriate permissions for the cert and key that's used for TLS. bp tls-via-certmonger-containers Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813 Change-Id: I48325893a00690e2f5d6f1d685f903234545d5b8
2017-08-18Convert scenario001-multinode-containers job to ceph-ansibleGiulio Fidente1-0/+5
Updates ci/environments/scenario001-multinode-containers.yaml to use ceph-ansible instead of puppet-ceph. Change-Id: Idbd02a3c7404daecdc6e2c45ea6d3478bf70552c Depends-On: Ifa4937624ed14a3ece48dd92ba4f69b5e4928e77
2017-08-18Merge "Refactor setup_docker_host.sh as host_prep_tasks"Jenkins1-0/+13
2017-08-18Merge "Containerize Manila Share for HA"Jenkins1-0/+142
2017-08-18Merge "Add support for installing Ceph MDS via ceph-ansible"Jenkins2-0/+101
2017-08-18Restore and split nova metadata docker service out of nova-api.Oliver Walsh1-5/+61
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from eventlet, however we need to continue running the eventlet service as it is required for the nova metadata api. However this should be tied to the OS::TripleO::Services::NovaMetadata service, so duplicate the required config in nova-metadata.yaml. Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727 Closes-bug: #1711425
2017-08-17Merge "Mount NFS volume to docker container."Jenkins1-0/+11
2017-08-17Merge "Enable TLS configuration for containerized RabbitMQ"Jenkins1-0/+15
2017-08-17Merge "Enable TLS for containerized MySQL"Jenkins1-9/+60
2017-08-17Merge "Enable TLS for containerized haproxy"Jenkins1-8/+57
2017-08-17Merge "Enable TLS configuration for containerized HAProxy"Jenkins1-5/+52
2017-08-17Refactor setup_docker_host.sh as host_prep_tasksJiri Stransky1-0/+13
Previously what we've been doing with setup_docker_host.sh can now be achieved with host_prep_tasks, and we can free up the NodeUserData interface for other use cases. Closes-Bug: #1711387 Change-Id: Iaac90efd03e37ceb02c312f9c15c1da7d4982510
2017-08-17Swith to the appropriate ceph-ansible playbook on upgradeGiulio Fidente1-1/+19
When performing an overcloud upgrade, we need to run a different ceph-ansible playbook from what we run for fresh deployments. This change adds the logic to parse StackUpdateType and set the playbook path accordingly. Change-Id: I2882f62a80954e6e7324bb86e5ac91c059698a60
2017-08-17Merge "Containerize virtlogd"Jenkins1-21/+32
2017-08-16Containerize Manila Share for HAVictoria Martinez de la Cruz1-0/+142
This service allows configuring and deploying manila-share containers in a HA overcloud managed by pacemaker. The containers are managed and run by pacemaker. Pacemaker runs the standard Kolla image but overrides the initial command so that it explicitely calls manila-share. This way, we shield ourselves from any unexpected future change in Kolla. This container needs to use the 'docker_config' section to invoke puppet (as opposed to 'docker_puppet_tasks'), because due to the HA composability each resource creation needs to happen on the bootstrap node of that service and 'docker_puppet_tasks' will only run on the controller/primary role. Based on work done in fdb233e64e3d78014dd7e351abfed5aec5035866 Partial-Bug: #1668922 Change-Id: Ifa94c506db5eb667690a19d594115a93d2a790b2 Depends-On: I797eea2f7788f65411964ccb852b5707e916416f
2017-08-16Add params needed for the ceph-ansible switch to containers playbookGiulio Fidente1-0/+1
Pre existing Ceph clusters are migrated to containers using a playbook in ceph-ansible which requires setting some 'ireallymeanit' variable. 1. https://github.com/ceph/ceph-ansible/issues/1758 Change-Id: I5c2f46b91cf032913931275ce62315f293f21c8b Closes-Bug: #1711159
2017-08-16Add support for installing Ceph MDS via ceph-ansibleJohn Fulton2-0/+101
Based on puppet/services/ceph-mds.yaml. Nodes in the CephMds role will already be in the Ansible inventory but this change provides a way pass their parameters to ceph-ansible. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
2017-08-16Merge "Bind mount tripleo.cnf in transient bootstrap containers"Jenkins6-0/+6
2017-08-15Merge "Do not run clustercheck on the host after O->P upgrade"Jenkins1-0/+6
2017-08-15Merge "Internal TLS support for mongodb container"Jenkins1-7/+45
2017-08-15Merge "Set file mode permission of Ceph keyrings"Jenkins1-5/+1
2017-08-15Merge "Fix parsing of DockerCephDaemonImage parameter"Jenkins1-15/+30
2017-08-14Merge "Enable TLS configuration for containerized Galera"Jenkins1-0/+35
2017-08-14Merge "Fix metadata_settings in containerized mongodb"Jenkins1-0/+2
2017-08-14Merge "Enable TLS for nova api and placement containers"Jenkins2-0/+34
2017-08-14Merge "Make containerized nova-api run with httpd"Jenkins1-6/+3
2017-08-14Set file mode permission of Ceph keyringsJohn Fulton1-5/+1
Pass mode parameter to ceph-ansible in place of ACLs parameter because ACLs are not for same UID in container as container host and because ACLs are not passed by kolla_config. Change-Id: I7e3433eab8e2a62963b623531f223d5abd301d16 Closes-Bug: #1709683
2017-08-14Enable TLS for containerized MySQLJuan Antonio Osorio Robles1-9/+60
Bind mounts and adds the appropriate permissions for the cert and key that's used for TLS. bp tls-via-certmonger-containers Change-Id: I7fae4083604c7dc89ca04141080a228ebfc44ac9
2017-08-14Enable TLS for containerized haproxyJuan Antonio Osorio Robles1-8/+57
This bind mounts the certificates if TLS is enabled in the internal network. It also disables the CRL usage since we can't restart haproxy at the rate that the CRL is updated. This will be addressed later and is a known limitation of using containerized haproxy (there's the same issue in the HA scenario). To address the different UID that the certs and keys will have, I added an extra step that changes the ownership of these files; though this only gets included if TLS in the internal network is enabled. bp tls-via-certmonger-containers Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a
2017-08-14Fix metadata_settings in containerized mongodbDamien Ciabrini1-0/+2
The containerized version of the mongodb service omits the metadata_settings definition [1], which confuses certmonger when internal TLS is enabled and make the generation of certificates fail. Use the right setting from the non-containerized profile. [1] https://review.openstack.org/#/c/461780/ Change-Id: I50a9a3a822ba5ef5d2657a12c359b51b7a3a42f2 Closes-Bug: #1709553
2017-08-14Bind mount tripleo.cnf in transient bootstrap containersDamien Ciabrini6-0/+6
Various containerized services (e.g. nova, neutron, heat) run initial set up steps with some ephemeral containers that don't use kolla_start. The tripleo.cnf file is not copied in /etc/my.cnf.d and this can break some deployments (e.g. when using internal TLS, service lack SSL settings). Fix the configuration of transient containers by bind mounting of the tripleo.cnf file when kolla_start is not used. Change-Id: I5246f9d52fcf8c8af81de7a0dd8281169c971577 Closes-Bug: #1710127 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2017-08-14Containerize virtlogdJiri Stransky1-21/+32
So far we've been using virtlogd running on the host, we should now be using virtlogd from a container. Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Jiri Stransky <jistr@redhat.com> Change-Id: I998c69ea1f7480ebb90afb44d6006953a84a1c04
2017-08-12Fix parsing of DockerCephDaemonImage parameterGiulio Fidente1-15/+30
Splitting by colon using native str_split function did not work well because we needed a right split. This change replaces the str_split calls with yaql rightSplit(). Change-Id: Iab2f69a5fadc6b02e2eacf3c9d1a9024b0212ac6
2017-08-12Pass monitor_address_block to ceph-ansible for mon_hostGiulio Fidente1-0/+1
The ip address which clients and other nodes use to connect to the monitors is derived from the monitor_interface parameter unless a monitor_address or monitor_address_block is given (to set mon_host into ceph.conf); this change adds setting for monitor_address_block to match the public_network so that clients attempt to connect to the mons on the appropriate network. Change-Id: I7187e739e9f777eab724fbc09e8b2c8ddedc552d Closes-Bug: #1709485
2017-08-12Merge "Correct gnocchi-upgrade command quotes"Jenkins2-4/+14
2017-08-11Correct gnocchi-upgrade command quotesJose Luis Franco Arza2-4/+14
After merging commit 488796, single quotation marks were missed. This causes the upgrade to fail as the flag --sacks-number is considered a su command flag. Also mounts Ceph config data into the container which seems needed for the gnocchi-upgrade command when configured to use Ceph. Also move the gnocchi db sync to step 4, so ceph is ready. Add a retry loop to ceilometer-upgrade cmd so it doesnt fail while apache is restarted. Closes-Bug: #1709322 Change-Id: I62f3a5fa2d43a2cd579f72286661d503e9f08b90
2017-08-11Internal TLS support for mongodb containerJuan Antonio Osorio Robles1-7/+45
This bind mounts the necessary files for the mongodb container to serve TLS in the internal network. bp tls-via-certmonger-containers Change-Id: Ieef2a456a397f7d5df368ddd5003273cb0bb7259 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2017-08-11Enable TLS for nova api and placement containersJuan Antonio Osorio Robles2-0/+34
With these two services running over httpd in the containers, we can now enable TLS for them. bp tls-via-certmonger-containers Change-Id: Ib8fc37a391e3b32feef0ac6492492c0088866d21