aboutsummaryrefslogtreecommitdiffstats
path: root/docker/services
AgeCommit message (Collapse)AuthorFilesLines
2017-07-21Mount /var/lib/neutron in neutron agents for metadata proxyBrent Eagles3-0/+24
The metadata agent creates domain socket /var/lib/neutron/metadata_proxy that is used for communication with haproxy in the L3 and DHCP agents. This patch adds creation of /var/lib/neutron if it doesn't exist and mounts it into the L3, DHCP and metadata agent containers. Change-Id: Id8b8487b5a6a288e5ef1ca1c7d5b47a59cc8dea2 Closes-Bug: #1705289
2017-07-21Make various password descriptions consistentBen Nemec1-1/+1
Since these are obviously global parameters they shouldn't specify what will be using them because they are used in multiple places. Change-Id: I5054c2d67dffe802e37f8391dd7bad4721e29831 Partial-Bug: 1700664
2017-07-21Make EnablePackageInstall and Debug descriptions consistentBen Nemec1-1/+1
Change-Id: I3ea7c0c7ea049043668e68c6e637fd2aaf992622 Partial-Bug: 1700664
2017-07-21Cleans up exec workaround for ODL container clusteringTim Rozet1-5/+2
Now that ODL clustering is fixed to not use an exec by: https://git.opendaylight.org/gerrit/#/c/60491 We no longer need to use the workaround puppet-tripleo tag to configure clustering. Change-Id: I21c1eb2eff6d4cb855eff4a1122f55ad625d84cc Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-21Merge "Remove DockerNamespace references"Jenkins2-28/+4
2017-07-21Open up firewall for the control-ports in the bundlesMichele Baldessari3-1/+26
This is required when the bundles run on pacemaker remote nodes otherwise the cluster won't be able to connect to the control-ports of each bundle. The only services that need this are rabbit, redis and galera because those run pacemaker_remote inside the container (A/P resources and haproxy do not) Change-Id: I6a56d79319ef3d14973a0586dcda4d523adda7aa Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2017-07-21Merge "Add nova::compute::rbd setting into nova-libvirt profile"Jenkins1-1/+3
2017-07-20Add keystone cron container to run token_flushDan Prince1-0/+26
The token-flush cron job is created in /var/spool/cron/keystone by puppet. This patch creates a cron container to run that in an environment where it has access to keystone.conf and the keystone-manage binaries. Change-Id: Ie305ee9990657c66938250d1d6e19fef94675997 Partial-bug: 1701254
2017-07-20Add heat api container to run cron purge_deletedDan Prince1-0/+25
The purge-deleted cron job is created by puppet in /var/spool/cron/heat. This creates a cron container to run that in an environment where it has access to the heat.conf and heat-manage binaries. Change-Id: Ib9fe8e4f6dbd41021df7cf152fd18569c189d2e2 Partial-bug: #1701254
2017-07-20Add cinder cron container to run db purgeDan Prince1-0/+26
The cinder db purge cron job is created by puppet in /var/spool/cron/cinder. This creates a cron container to run that in an environment where it has access to cinder.conf and the cinder-manage binaries. Change-Id: I02ae32a6dcd8569e2e2390063d4d935d05545a78 Partial-bug: #1701254
2017-07-20nova_api_cron docker fix: add /var/spool/cron/novaDan Prince1-4/+20
This patch reworks the nova_api_cron container so that it contains the /var/spool/cron cron for the nova user and also so that it contains the correct nova.conf file. This should allow kolla-start to copy the correct config files into place and then start the cron service to run the nova tasks periodically. Change-Id: Ib6b2ca5af5419130fb9c83f83d6f4bf97410e870 Related-bug: #1701254
2017-07-20Remove DockerNamespace referencesIan Main2-28/+4
This patch removes more of the DockerNamespace references as part of the cleanup/reorg of the container configuration patches. This also adds a centos-rdo environment file for use with the new interface. This file was generated with the command "openstack overcloud container image prepare" Depends-On: I729fa00175cb36b02b882d729aae5ff06d0e3fbc Depends-On: I292162d66880278de09f7acbdbf02e2312c5bb2b Co-Authored-By: Dan Prince <dprince@redhat.com> Change-Id: Ice7b57c25248634240a6dd6e14e6d411e7806326
2017-07-20Merge "Add validation task in docker services"Jenkins4-0/+42
2017-07-20Remove non-containerized pacemaker resources on upgrademarios6-10/+140
Adds upgrade_tasks to remove the pacemaker resources using the ansible-pacemaker module. Resources are disabled and removed in step2 (called only on bootstrap node) and then the cluster stop is moved to step3 The existing systemd/service call is kept but only to disable services after they are disabled/deleted from the cluster. Related-Bug: 1701485 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ia597d240ea5834c50a8f6c4fac0b6ed417b8535c
2017-07-19Merge "Wrap ceilometer-upgrade in boostrap_host_exec"Jenkins1-1/+5
2017-07-19Stop Heat WSGI services on docker upgradeThomas Herve2-4/+38
As we made the migration to HTTPd during the same cycle, we didn't include stopping the WSGI services before the upgrades. This handles the case, and fixes an issue with the puppet upgrade as well. Change-Id: I54ba6214d4bf052c0d840d5bbce2b524d82b7017 Closes-Bug: #1699443
2017-07-19Add nova::compute::rbd setting into nova-libvirt profileGiulio Fidente1-1/+3
Some of the tasks carried by nova::compute::rbd class apply to the compute service, others to the libvirt service so it needs to be included in both. Change-Id: I28557deb13b75922932cd3e86c3467a541c988d0
2017-07-19Make collectd run as root inside the containerMatthias Runge1-1/+3
that is the RPM package default anyways. Also add /var/log/collectd for logging to the container. Change-Id: I3e71c63c55f0fd71ad8e61547402d0eb94b455f6
2017-07-18Merge "Allow modprobing from cinder-volume container"Jenkins1-0/+1
2017-07-18Merge "LVM in cinder-volume container without udev"Jenkins1-2/+8
2017-07-18Stop also openstack-swift-object-expirer when upgrading swift servicesCarlos Camacho1-0/+1
openstack-swift-object-expirer is not stopped when running the upgrade tasks so forth when changing to containers the service is still running after upgrading to docker. This service is added by default here: https://review.openstack.org/#/c/404149 But it wasnt stopped when running the upgrade tasks. Related also to this RHBZ#1470005 Change-Id: I8d5f195095d702057c3b2741127e7338d7451aad Closes-Bug: 1699444
2017-07-17Refactor iscsi initiator-name reset into separate serviceOliver Walsh6-17/+49
This currently assumes nova-compute and iscsid run in the same context which isn't true for a containerized deployment Change-Id: I11232fc412adcc18087928c281ba82546388376e Depends-On: I91f1ce7625c351745dbadd84b565d55598ea5b59 Depends-On: I0cbb1081ad00b2202c9d913e0e1759c2b95612a5
2017-07-15Merge "Use a single configuration file for specifying docker containers."Jenkins77-1081/+154
2017-07-14Use a single configuration file for specifying docker containers.Ian Main77-1081/+154
This removes the default container names from all the templates and uses a single environment file to specify the full container name and registry from which to pull. Also does away with most of DockerNamespace. Change-Id: Ieaedac33f0a25a352ab432cdb00b5c888be4ba27 Depends-On: Ibc108871ebc2beb1baae437105b2da1d0123ba60 Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com>
2017-07-14Add validation task in docker servicesJose Luis Franco Arza4-0/+42
Docker services are missing the pre-upgrade validation task in the upgrade_tasks section which verifies if the service is running before stopping it. Change-Id: Ia8c25827d0d6f34e0345c3946dfd6839a7116e04 Partial-Bug: #1704389
2017-07-14Adds network/cidr mapping into a new service propertyGiulio Fidente81-0/+397
Makes it possible to resolve network subnets within a service template; the data is transported into a new property ServiceData wired into every service which hopefully is generic enough to be extended in the future and transport more data. Data can be consumed in service templates to set config values which need to know what is the subnet where a deamon operates (for example the Ceph Public vs Cluster network). Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-13Merge "Containerize Manila Share service"Jenkins1-0/+118
2017-07-13Merge "Fix ironic-pxe startup issues"Jenkins1-7/+7
2017-07-13Merge "Add support for running crontabs in containers"Jenkins2-2/+12
2017-07-13Merge "Run rsync for Swift without xinetd"Jenkins1-4/+4
2017-07-13Merge "Add missing tags in iscsid upgrade_tasks"Jenkins1-0/+2
2017-07-12Fix ironic-pxe startup issuesDan Prince1-7/+7
This patch updates the ironic-api docker service so that it generates its config files in a unique config root. This ensures that it doesn't have config files in the httpd conf.d directory for both the API and PXE services thus causing the API container to attempt to launch both of them. This functionally fixes the Ironic API and PXE services with docker so they once again can bring up an overcloud. Change-Id: I537cd6a3337bf776ca38a279b7c130b6429eea04 Closes-bug: #1702799
2017-07-12Merge "Bind mount needed cert for haproxy for HA too"Jenkins1-12/+26
2017-07-12Containerize Manila Share serviceVictoria Martinez de la Cruz1-0/+118
Change-Id: I797eea2f7788f65411964ccb852b5707e916416f Partial-Bug: #1668922
2017-07-12Add support for running crontabs in containersOliver Walsh2-2/+12
This change enables the puppet cron resource in docker-puppet.py and adds user crontabs to the paths copied from the config containers. Only the nova crontab is configured for now. Other services will require similar changes to run their crontabs. Partial-Bug: 1701254 Change-Id: I2d1d0f0d77908a132472cf4bc475f8bd526af504 Depends-On: Ie16fb4539481a3c192cff8220a97daa4c70467fc
2017-07-12Run rsync for Swift without xinetdChristian Schwede1-4/+4
The default in non-containerized environments is to run rsync within xinetd for Red Hat-based deployments, however in an containerized environment this is not really needed. Therefore run rsync directly without being started by xinetd. Change-Id: I08abd917eba08d1192437ddf96c71b06d099a3f8
2017-07-11Add PCI to nova compute container for passthrough supportBrent Eagles1-0/+2
Nova's whitelist mechanism requires access to the PCI related directories in the filesystem to service PCI passthrough requests. Change-Id: Icfad1d116662798701228b142e224513f7dd22e2
2017-07-11Allow modprobing from cinder-volume containerJiri Stransky1-0/+1
When using LVM/iSCSI backend, cinder-volume tries to modprobe configfs module. We need the modules dir bind mounted for this to succeed. Co-Authored-By: Gorka Eguileor <geguileo@redhat.com> Change-Id: I7bfeaa66915e663726acdf3458db80821fbd3d6b Closes-Bug: #1701321
2017-07-11LVM in cinder-volume container without udevJiri Stransky1-2/+8
Disabling udev usage from LVM seems to be the only observed working way of running containerized cinder-volume with local LVM backend. I didn't come across reports that not using udev would have negative impact on the functionality. Additional info at https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw Change-Id: I491795deab0c37d1bad3b50524481e0b76529667 Depends-On: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49 Closes-Bug: #1700982
2017-07-10Bind mount needed cert for haproxy for HA tooMartin André1-12/+26
haproxy needs the deployed SSL cert file to function when TLS is enabled. It is also required for the docker-puppet haproxy container since the haproxy puppet module uses a validate_cmd to check the generated config file is valid that fails when the required SSL cert is not present. There is no clean way to disable this feature [1] so we need to bind mount the cert into the container. This commit applies the same change that was applied in Id2df144b678769def204961236624091d4e5c457 for the non-ha case. [1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57 Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2017-07-10Copy only generated puppet files into the containerMartin André71-210/+621
This solves a problem with bind-mounts when the containers are holding files descriptors open. At the same time this makes the template more robust to puppet changes since new config files will be available in the containers without needing to update the templates. Partial-Bug: #1698323 Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
2017-07-07Rename CongressApi to Congress (docker)Emilien Macchi1-5/+5
Before it was Congress, let's stay consistent and stop using CongressApi in Docker service, because we release. Change-Id: Id939b3d70e185da4279f3860812fa5dce27d64dd
2017-07-07Wrap ceilometer-upgrade in boostrap_host_execMartin André1-1/+5
This ensures the update only occures on the primary node. Change-Id: Id58eb9dac65dc178fa863c9bc44b1ed440e26a77
2017-07-05Merge "Adds docker OpenDaylight"Jenkins2-2/+118
2017-07-05Merge "Bind mount needed cert for haproxy"Jenkins1-0/+12
2017-07-03Adds docker OpenDaylightTim Rozet2-2/+118
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074 Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913 Depends-On: I3d378044b3da5309b60967a12df7800520a254dc Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285 Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-03Merge "adding --config-dir parameters to neutron containers"Jenkins4-4/+4
2017-07-02adding --config-dir parameters to neutron containersOr Idgar4-4/+4
Change-Id: I521e89994e9be6efd335c5809810d9188dc1742f Closes-Bug: #1684908
2017-06-30Merge "Fix typo in config_volume"Jenkins1-2/+2
2017-06-30Ensure boostrap_host_exec runs as rootMartin André2-0/+3
This is necessary for accessing the bind mounted hieradata in the container in order to determine if the node is the primary node. With the new validation added to yaml-validate.py, we could spot potential issues in sahara-api and keystone bootstrap tasks. The keystone one is a false positive, as the image defaults to the root user in order to be able to run apache. Still, it is better to be consistent here and specify the root user nonetheless. Change-Id: Ib0ff9748d5406f507261e506c19b96750b10e846 Closes-Bug: #1697917