Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch updates the ironic-api docker service so that it
generates its config files in a unique config root. This
ensures that it doesn't have config files in the httpd
conf.d directory for both the API and PXE services thus
causing the API container to attempt to launch both of them.
This functionally fixes the Ironic API and PXE services with
docker so they once again can bring up an overcloud.
Change-Id: I537cd6a3337bf776ca38a279b7c130b6429eea04
Closes-bug: #1702799
|
|
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
This commit applies the same change that was applied in
Id2df144b678769def204961236624091d4e5c457 for the non-ha case.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
|
|
This solves a problem with bind-mounts when the containers are holding
files descriptors open.
At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.
Partial-Bug: #1698323
Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
|
|
Before it was Congress, let's stay consistent and stop using CongressApi
in Docker service, because we release.
Change-Id: Id939b3d70e185da4279f3860812fa5dce27d64dd
|
|
|
|
|
|
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074
Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913
Depends-On: I3d378044b3da5309b60967a12df7800520a254dc
Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285
Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f
Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
Change-Id: I521e89994e9be6efd335c5809810d9188dc1742f
Closes-Bug: #1684908
|
|
|
|
This is necessary for accessing the bind mounted hieradata in the
container in order to determine if the node is the primary node.
With the new validation added to yaml-validate.py, we could spot
potential issues in sahara-api and keystone bootstrap tasks.
The keystone one is a false positive, as the image defaults to the root
user in order to be able to run apache. Still, it is better to be
consistent here and specify the root user nonetheless.
Change-Id: Ib0ff9748d5406f507261e506c19b96750b10e846
Closes-Bug: #1697917
|
|
Change-Id: I6a53a56c534f24cb514d8aeb8cec3d7865b93448
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: Id2df144b678769def204961236624091d4e5c457
|
|
|
|
|
|
|
|
Lets just run the ceilometer upgrade once in central agent container
Change-Id: If5e5ca6122f8583c6221bc6b343e483e41f04d29
Closes-bug: #1700056
|
|
This is needed for TLS everywhere.
Change-Id: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
Depends-On: I426bfdb9e6c852eb32d10a12e521bb8b47701c41
|
|
Swift object replication relies on the rsync server, which is run by
xinetd. This patch adds the missing container and configuration. Note
that xinetd needs bind to a privileged port (873) and has to be started
as root therefore.
Change-Id: I7655c9dd116c0130035d8a2fae81148171ae6448
|
|
This commit consistently defines a heat template parameter in the form
of DockerXXXConfigImage where XXX represents the name of the
config_volume that is used by docker-puppet.
The goal is to mitigate hard to debug errors where the templates would
set different defaults for the image docker-puppet.py uses to run, for
the same config_volume name.
This fixes a couple of inconsistencies on the way.
Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b
Closes-Bug: #1699791
|
|
|
|
|
|
Depends-On: I270f3f6879737fc29370165e4a8fa8c9c19fffb3
Depends-On: I3a169e3321a26ee373ab873426a2d58acbcfe1bd
Closes-Bug: #1668932
Co-Authored-By: Or Idgar <oidgar@redhat.com>
Co-Authored-By: Brent Eagles <beagles@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I211707072bb0e4ac4aa48e9bbaccb7530f3de0ca
|
|
|
|
Change-Id: Idbbff1047fbc3f664e44131770ba2849ea9d51bc
Closes-Bug: #1700082
|
|
|
|
|
|
- sets collectd service in container to log to file
consistently with other docker services.
- corrects configuration mounts
Depends-On: I50289ad6657852d37abbf12938128ff9ab9e3bac
Change-Id: Ibf9efbe249d67d0fa1e50fbd7dd9902a64d5a273
|
|
Change-Id: Ifa985f29fbd589f58cb2fc75b5f442f7651fb2bf
Depends-On: I952c86db88dcd611722a3feaea88f618eee17620
|
|
This patch sets sensu-client service in container to log to file
consistently with other docker services.
Change-Id: Ic8929326cd73c4bc4515b592fed4826b9c1d516a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Depends-On: I5dc10ef5cccf6d378c20c68fc4a32d2d3c38233f
Change-Id: Ib96040c2e27ad76b1fa6ecb9468bb9d97b3c4518
|
|
|
|
Use common volumes, and use the host log dir in DB sync container.
Co-Authored-By: Jiri Stransky <jistr@jistr.com>
Change-Id: I52602eb4ffd8834c36eec66ef845e5563f72f786
|
|
|
|
|
|
|
|
|
|
|
|
In many occasions we had log directory initialization containers
without `detach: false`, which didn't guarantee that they'll finish
before the container depending on them will start using the log
directory.
This is now fixed by moving the initialization container one global
step earlier, so that we can keep the concurrency when creating the
log dirs. (Using `detach: false` makes paunch handle just one
container at a time, and as such it can have negative performance
impact.)
For services which have their container(s) starting in step_1,
initialization cannot be moved to an earlier step, so the solution
here was to just add `detach: false`.
As a minor related change, cinder DB sync container now mounts the log
directory from host to put cinder-manage.log into the expected
location.
Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
|
|
|
|
|
|
|
|
|