Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch removes more of the DockerNamespace references as part
of the cleanup/reorg of the container configuration patches.
This also adds a centos-rdo environment file for use with
the new interface. This file was generated with the command
"openstack overcloud container image prepare"
Depends-On: I729fa00175cb36b02b882d729aae5ff06d0e3fbc
Depends-On: I292162d66880278de09f7acbdbf02e2312c5bb2b
Co-Authored-By: Dan Prince <dprince@redhat.com>
Change-Id: Ice7b57c25248634240a6dd6e14e6d411e7806326
|
|
|
|
Adds upgrade_tasks to remove the pacemaker resources using the
ansible-pacemaker module.
Resources are disabled and removed in step2 (called only on
bootstrap node) and then the cluster stop is moved to step3
The existing systemd/service call is kept but only to disable
services after they are disabled/deleted from the cluster.
Related-Bug: 1701485
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ia597d240ea5834c50a8f6c4fac0b6ed417b8535c
|
|
|
|
As we made the migration to HTTPd during the same cycle, we didn't
include stopping the WSGI services before the upgrades. This handles the
case, and fixes an issue with the puppet upgrade as well.
Change-Id: I54ba6214d4bf052c0d840d5bbce2b524d82b7017
Closes-Bug: #1699443
|
|
Some of the tasks carried by nova::compute::rbd class apply to the
compute service, others to the libvirt service so it needs to be
included in both.
Change-Id: I28557deb13b75922932cd3e86c3467a541c988d0
|
|
that is the RPM package default anyways.
Also add /var/log/collectd for logging to the container.
Change-Id: I3e71c63c55f0fd71ad8e61547402d0eb94b455f6
|
|
|
|
|
|
openstack-swift-object-expirer is not stopped when
running the upgrade tasks so forth when changing to
containers the service is still running after upgrading
to docker.
This service is added by default here: https://review.openstack.org/#/c/404149
But it wasnt stopped when running the upgrade tasks.
Related also to this RHBZ#1470005
Change-Id: I8d5f195095d702057c3b2741127e7338d7451aad
Closes-Bug: 1699444
|
|
This currently assumes nova-compute and iscsid run in the same context which
isn't true for a containerized deployment
Change-Id: I11232fc412adcc18087928c281ba82546388376e
Depends-On: I91f1ce7625c351745dbadd84b565d55598ea5b59
Depends-On: I0cbb1081ad00b2202c9d913e0e1759c2b95612a5
|
|
|
|
This removes the default container names from all the templates
and uses a single environment file to specify the full container
name and registry from which to pull. Also does away with most
of DockerNamespace.
Change-Id: Ieaedac33f0a25a352ab432cdb00b5c888be4ba27
Depends-On: Ibc108871ebc2beb1baae437105b2da1d0123ba60
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
|
|
Docker services are missing the pre-upgrade validation task
in the upgrade_tasks section which verifies if the service
is running before stopping it.
Change-Id: Ia8c25827d0d6f34e0345c3946dfd6839a7116e04
Partial-Bug: #1704389
|
|
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.
Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).
Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
|
|
|
|
|
|
|
|
|
|
|
|
This patch updates the ironic-api docker service so that it
generates its config files in a unique config root. This
ensures that it doesn't have config files in the httpd
conf.d directory for both the API and PXE services thus
causing the API container to attempt to launch both of them.
This functionally fixes the Ironic API and PXE services with
docker so they once again can bring up an overcloud.
Change-Id: I537cd6a3337bf776ca38a279b7c130b6429eea04
Closes-bug: #1702799
|
|
|
|
Change-Id: I797eea2f7788f65411964ccb852b5707e916416f
Partial-Bug: #1668922
|
|
This change enables the puppet cron resource in docker-puppet.py and adds user
crontabs to the paths copied from the config containers.
Only the nova crontab is configured for now. Other services will require
similar changes to run their crontabs.
Partial-Bug: 1701254
Change-Id: I2d1d0f0d77908a132472cf4bc475f8bd526af504
Depends-On: Ie16fb4539481a3c192cff8220a97daa4c70467fc
|
|
The default in non-containerized environments is to run rsync within
xinetd for Red Hat-based deployments, however in an containerized
environment this is not really needed. Therefore run rsync directly
without being started by xinetd.
Change-Id: I08abd917eba08d1192437ddf96c71b06d099a3f8
|
|
Nova's whitelist mechanism requires access to the PCI related
directories in the filesystem to service PCI passthrough requests.
Change-Id: Icfad1d116662798701228b142e224513f7dd22e2
|
|
When using LVM/iSCSI backend, cinder-volume tries to modprobe configfs
module. We need the modules dir bind mounted for this to succeed.
Co-Authored-By: Gorka Eguileor <geguileo@redhat.com>
Change-Id: I7bfeaa66915e663726acdf3458db80821fbd3d6b
Closes-Bug: #1701321
|
|
Disabling udev usage from LVM seems to be the only observed working
way of running containerized cinder-volume with local LVM backend.
I didn't come across reports that not using udev would have negative
impact on the functionality.
Additional info at
https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw
Change-Id: I491795deab0c37d1bad3b50524481e0b76529667
Depends-On: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49
Closes-Bug: #1700982
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
This commit applies the same change that was applied in
Id2df144b678769def204961236624091d4e5c457 for the non-ha case.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
|
|
This solves a problem with bind-mounts when the containers are holding
files descriptors open.
At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.
Partial-Bug: #1698323
Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
|
|
Before it was Congress, let's stay consistent and stop using CongressApi
in Docker service, because we release.
Change-Id: Id939b3d70e185da4279f3860812fa5dce27d64dd
|
|
This ensures the update only occures on the primary node.
Change-Id: Id58eb9dac65dc178fa863c9bc44b1ed440e26a77
|
|
|
|
|
|
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074
Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913
Depends-On: I3d378044b3da5309b60967a12df7800520a254dc
Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285
Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f
Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
Change-Id: I521e89994e9be6efd335c5809810d9188dc1742f
Closes-Bug: #1684908
|
|
|
|
This is necessary for accessing the bind mounted hieradata in the
container in order to determine if the node is the primary node.
With the new validation added to yaml-validate.py, we could spot
potential issues in sahara-api and keystone bootstrap tasks.
The keystone one is a false positive, as the image defaults to the root
user in order to be able to run apache. Still, it is better to be
consistent here and specify the root user nonetheless.
Change-Id: Ib0ff9748d5406f507261e506c19b96750b10e846
Closes-Bug: #1697917
|
|
Change-Id: I6a53a56c534f24cb514d8aeb8cec3d7865b93448
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: Id2df144b678769def204961236624091d4e5c457
|
|
|
|
|
|
|
|
The stat resources weren't executed in step2, and Ansible failed on
them being undefined.
Change-Id: I93621dd80d97be597eff6b8913ae9d7b2810f837
Closes-Bug: #1701221
|
|
Lets just run the ceilometer upgrade once in central agent container
Change-Id: If5e5ca6122f8583c6221bc6b343e483e41f04d29
Closes-bug: #1700056
|
|
This is needed for TLS everywhere.
Change-Id: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
Depends-On: I426bfdb9e6c852eb32d10a12e521bb8b47701c41
|
|
Swift object replication relies on the rsync server, which is run by
xinetd. This patch adds the missing container and configuration. Note
that xinetd needs bind to a privileged port (873) and has to be started
as root therefore.
Change-Id: I7655c9dd116c0130035d8a2fae81148171ae6448
|
|
This commit consistently defines a heat template parameter in the form
of DockerXXXConfigImage where XXX represents the name of the
config_volume that is used by docker-puppet.
The goal is to mitigate hard to debug errors where the templates would
set different defaults for the image docker-puppet.py uses to run, for
the same config_volume name.
This fixes a couple of inconsistencies on the way.
Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b
Closes-Bug: #1699791
|
|
|