summaryrefslogtreecommitdiffstats
path: root/docker/services
AgeCommit message (Collapse)AuthorFilesLines
2017-07-13Merge "Add missing tags in iscsid upgrade_tasks"Jenkins1-0/+2
2017-07-12Merge "Bind mount needed cert for haproxy for HA too"Jenkins1-12/+26
2017-07-10Bind mount needed cert for haproxy for HA tooMartin André1-12/+26
haproxy needs the deployed SSL cert file to function when TLS is enabled. It is also required for the docker-puppet haproxy container since the haproxy puppet module uses a validate_cmd to check the generated config file is valid that fails when the required SSL cert is not present. There is no clean way to disable this feature [1] so we need to bind mount the cert into the container. This commit applies the same change that was applied in Id2df144b678769def204961236624091d4e5c457 for the non-ha case. [1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57 Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2017-07-10Copy only generated puppet files into the containerMartin André71-210/+621
This solves a problem with bind-mounts when the containers are holding files descriptors open. At the same time this makes the template more robust to puppet changes since new config files will be available in the containers without needing to update the templates. Partial-Bug: #1698323 Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
2017-07-07Rename CongressApi to Congress (docker)Emilien Macchi1-5/+5
Before it was Congress, let's stay consistent and stop using CongressApi in Docker service, because we release. Change-Id: Id939b3d70e185da4279f3860812fa5dce27d64dd
2017-07-05Merge "Adds docker OpenDaylight"Jenkins2-2/+118
2017-07-05Merge "Bind mount needed cert for haproxy"Jenkins1-0/+12
2017-07-03Adds docker OpenDaylightTim Rozet2-2/+118
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074 Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913 Depends-On: I3d378044b3da5309b60967a12df7800520a254dc Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285 Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-03Merge "adding --config-dir parameters to neutron containers"Jenkins4-4/+4
2017-07-02adding --config-dir parameters to neutron containersOr Idgar4-4/+4
Change-Id: I521e89994e9be6efd335c5809810d9188dc1742f Closes-Bug: #1684908
2017-06-30Merge "Fix typo in config_volume"Jenkins1-2/+2
2017-06-30Ensure boostrap_host_exec runs as rootMartin André2-0/+3
This is necessary for accessing the bind mounted hieradata in the container in order to determine if the node is the primary node. With the new validation added to yaml-validate.py, we could spot potential issues in sahara-api and keystone bootstrap tasks. The keystone one is a false positive, as the image defaults to the root user in order to be able to run apache. Still, it is better to be consistent here and specify the root user nonetheless. Change-Id: Ib0ff9748d5406f507261e506c19b96750b10e846 Closes-Bug: #1697917
2017-06-30Fix typo in config_volumeSven Anderson1-2/+2
Change-Id: I6a53a56c534f24cb514d8aeb8cec3d7865b93448
2017-06-30Bind mount needed cert for haproxyMartin André1-0/+12
haproxy needs the deployed SSL cert file to function when TLS is enabled. It is also required for the docker-puppet haproxy container since the haproxy puppet module uses a validate_cmd to check the generated config file is valid that fails when the required SSL cert is not present. There is no clean way to disable this feature [1] so we need to bind mount the cert into the container. [1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57 Change-Id: Id2df144b678769def204961236624091d4e5c457
2017-06-30Merge "Add missing xinetd/rsync container for Swift"Jenkins1-1/+21
2017-06-30Merge "Remove ceilometer upgrade from other ceilometer containers"Jenkins2-28/+0
2017-06-29Merge "Add heat parameter for all of config_volume images"Jenkins77-216/+514
2017-06-29Add missing tags in iscsid upgrade_tasksJiri Stransky1-0/+2
The stat resources weren't executed in step2, and Ansible failed on them being undefined. Change-Id: I93621dd80d97be597eff6b8913ae9d7b2810f837 Closes-Bug: #1701221
2017-06-28Remove ceilometer upgrade from other ceilometer containersPradeep Kilambi2-28/+0
Lets just run the ceilometer upgrade once in central agent container Change-Id: If5e5ca6122f8583c6221bc6b343e483e41f04d29 Closes-bug: #1700056
2017-06-28Enable nova-api to run over httpd againJuan Antonio Osorio Robles1-0/+3
This is needed for TLS everywhere. Change-Id: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3 Depends-On: I426bfdb9e6c852eb32d10a12e521bb8b47701c41
2017-06-28Add missing xinetd/rsync container for SwiftChristian Schwede1-1/+21
Swift object replication relies on the rsync server, which is run by xinetd. This patch adds the missing container and configuration. Note that xinetd needs bind to a privileged port (873) and has to be started as root therefore. Change-Id: I7655c9dd116c0130035d8a2fae81148171ae6448
2017-06-28Add heat parameter for all of config_volume imagesMartin André77-216/+514
This commit consistently defines a heat template parameter in the form of DockerXXXConfigImage where XXX represents the name of the config_volume that is used by docker-puppet. The goal is to mitigate hard to debug errors where the templates would set different defaults for the image docker-puppet.py uses to run, for the same config_volume name. This fixes a couple of inconsistencies on the way. Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b Closes-Bug: #1699791
2017-06-27Merge "Add docker templates for octavia services"Jenkins4-0/+469
2017-06-26Merge "Make sensu-client log to file"Jenkins1-1/+11
2017-06-26Add docker templates for octavia servicesSteven Hardy4-0/+469
Depends-On: I270f3f6879737fc29370165e4a8fa8c9c19fffb3 Depends-On: I3a169e3321a26ee373ab873426a2d58acbcfe1bd Closes-Bug: #1668932 Co-Authored-By: Or Idgar <oidgar@redhat.com> Co-Authored-By: Brent Eagles <beagles@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I211707072bb0e4ac4aa48e9bbaccb7530f3de0ca
2017-06-26Merge "Containerize Cinder-backup for HA"Jenkins1-0/+152
2017-06-23Fix manila-api volumes listJiri Stransky1-0/+1
Change-Id: Idbbff1047fbc3f664e44131770ba2849ea9d51bc Closes-Bug: #1700082
2017-06-23Merge "Configuration for containerized MySQL clients"Jenkins1-0/+66
2017-06-23Merge "Make collectd log to file"Jenkins1-3/+17
2017-06-22Make collectd log to fileMartin Mágr1-3/+17
- sets collectd service in container to log to file consistently with other docker services. - corrects configuration mounts Depends-On: I50289ad6657852d37abbf12938128ff9ab9e3bac Change-Id: Ibf9efbe249d67d0fa1e50fbd7dd9902a64d5a273
2017-06-21Deploy ironic-api with WSGIDmitry Tantsur1-2/+7
Change-Id: Ifa985f29fbd589f58cb2fc75b5f442f7651fb2bf Depends-On: I952c86db88dcd611722a3feaea88f618eee17620
2017-06-21Make sensu-client log to fileMartin Mágr1-1/+11
This patch sets sensu-client service in container to log to file consistently with other docker services. Change-Id: Ic8929326cd73c4bc4515b592fed4826b9c1d516a
2017-06-20Merge "Fixup for manila-api containerized service"Jenkins1-13/+25
2017-06-17Merge "Remove duplicate docker/puppet services.yaml"Jenkins1-105/+0
2017-06-16Merge "Add Ec2Api to container based deployment"Jenkins1-0/+153
2017-06-16Merge "Conditional LVM storage setup for cinder-volume"Jenkins1-2/+6
2017-06-15Merge "Bind mount internal CA file to all containers"Jenkins1-12/+57
2017-06-15Merge "Containerize Cinder-volume for HA"Jenkins1-0/+170
2017-06-15Add Ec2Api to container based deploymentSven Anderson1-0/+153
Depends-On: I5dc10ef5cccf6d378c20c68fc4a32d2d3c38233f Change-Id: Ib96040c2e27ad76b1fa6ecb9468bb9d97b3c4518
2017-06-15Merge "Containerize Ceilometer Agent Ipmi"Jenkins1-0/+113
2017-06-15Fixup for manila-api containerized serviceMartin André1-13/+25
Use common volumes, and use the host log dir in DB sync container. Co-Authored-By: Jiri Stransky <jistr@jistr.com> Change-Id: I52602eb4ffd8834c36eec66ef845e5563f72f786
2017-06-15Merge "Fix race conditions between containers"Jenkins19-48/+43
2017-06-15Merge "Containerize Manila Scheduler service"Jenkins1-0/+105
2017-06-14Merge "Add Nova Consoleauth service to containerized deployment"Jenkins1-0/+108
2017-06-14Merge "Add Nova Vncproxy service to containerized deployment"Jenkins1-0/+108
2017-06-14Merge "Docker service for Cinder Volume"Jenkins1-0/+163
2017-06-14Fix race conditions between containersJiri Stransky19-48/+43
In many occasions we had log directory initialization containers without `detach: false`, which didn't guarantee that they'll finish before the container depending on them will start using the log directory. This is now fixed by moving the initialization container one global step earlier, so that we can keep the concurrency when creating the log dirs. (Using `detach: false` makes paunch handle just one container at a time, and as such it can have negative performance impact.) For services which have their container(s) starting in step_1, initialization cannot be moved to an earlier step, so the solution here was to just add `detach: false`. As a minor related change, cinder DB sync container now mounts the log directory from host to put cinder-manage.log into the expected location. Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
2017-06-14Merge "Docker services for Cinder Backup"Jenkins1-0/+132
2017-06-14Merge "Generate HAproxy iptables rules for containerized HA deployments"Jenkins1-10/+13
2017-06-14Merge "Docker services for Cinder Api and Scheduler"Jenkins2-0/+276