aboutsummaryrefslogtreecommitdiffstats
path: root/docker/services
AgeCommit message (Collapse)AuthorFilesLines
2017-08-30Merge "Support deploying OVN as container services" into stable/pikeJenkins2-0/+307
2017-08-28Support deploying OVN as container servicesNuman Siddique2-0/+307
This patch adds the support to containerize OVN services for the base profile. OVN db servers do not support active-active mode yet. It does support master-slave mode supported through pacemaker, which will be supported in a later patch. Presently the tripleo container framework doesn't allow to start a container in only controller 0 (or bootstrap node). OVN db servers and ovn-northd are started on all the controllers, but only the OVN db servers running in the boot strap controller are configured to listen on the tcp ports 6641 and 6642. OVN neutron mechanism driver and ovn-controller's use the ovn_dbs_vip to connect to the OVN db servers. Haproxy configures all the controllers as back ends, but only OVN db servers running on controller 0 respond since only they are configured properly. The OVN containers running on other controller nodes do not interact any way, but are wasteful resources. This patch also adds the scenario007-multinode-containers CI template. Partial-bug: #1699085 Change-Id: I98b85191cc1fd8c2b166924044d704e79a4c4c8a (cherry picked from commit e7cd03d2f0fcd8e3069246ced94f1a83869b8bea)
2017-08-25Containarise Barbican APIJanki Chhatbar1-0/+154
This containerises Barbican API in TripleO Change-Id: Icc5e9841ea48c806af4db61cd6de5e9a7a40a988 Partial-Bug: 1668924 Depends-On: I6b5ec18ccdd51b90ff27ff7d4341260dfba71e4e (cherry picked from commit 6d338b809accea4d3ba09ca8363b1a97ed79b658)
2017-08-24Merge "Remove baremetal cron jobs on docker upgrade"Jenkins4-0/+16
2017-08-24Merge "Docker: Enable TLS in the internal network for libvirt"Jenkins1-1/+16
2017-08-23Merge "More fixes for the Ceph docker images url parsing"Jenkins1-2/+2
2017-08-23Merge "docker: Stop all active ceilometer services during compute upgrade"Jenkins1-1/+16
2017-08-23Docker: Enable TLS in the internal network for libvirtJuan Antonio Osorio Robles1-1/+16
Bind mounts the necessary certs and keys to enable live migrations using TLS. bp tls-via-certmonger-containers Depends-On: I26a7748b37059ea37f460d8c70ef684cc41b16d3 Change-Id: I81efa85d916823f740bf320c88a248403743a45b
2017-08-22Merge "Zaqar: Match service name with service-net-map"Jenkins1-1/+1
2017-08-22Zaqar: Match service name with service-net-mapJuan Antonio Osorio Robles1-1/+1
This is required for t-h-t to generate the appropriate hieradata. Change-Id: I9b451eac4427a52ad8eec62ff89acc6c6d3ab799 Closes-Bug: #1712328
2017-08-22Fix configuration files path for logrotate containerMartin André1-1/+1
The config_volume is named 'crond', and so must me the path to puppet-generated directory. Change-Id: I13b4ad7642ddf3bc5d1f4aa979b4a91a89605fb1 Closes-Bug: #1712300
2017-08-21Merge "Add logrotate with crond service"Jenkins1-0/+84
2017-08-21Merge "Let mds create manila key and fs"Jenkins2-2/+2
2017-08-21TLS for containerized horizonJuan Antonio Osorio Robles1-0/+17
bind mount the certificates needed for TLS. bp tls-via-certmonger-containers Change-Id: Ib9b533249be37665b77396a76133cc42fd15ee2b
2017-08-21Merge "Enable TLS for containerized RabbitMQ"Jenkins1-0/+51
2017-08-21Add logrotate with crond serviceBogdan Dobrelya1-0/+84
Add a docker service template to provide containerized services logs rotation with a crond job. Add OS::TripleO::Services::LogrotateCrond to CI multinode-containers and to all environments among with generic services like Ntp or Kernel. Set it to OS::Heat::None for non containerized environments and only enable it to the environments/docker.yaml. Closes-bug: #1700912 Change-Id: Ic94373f0a0758e9959e1f896481780674437147d Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-08-19Merge "Mount ceph config on gnocchi statsd"Jenkins1-0/+9
2017-08-19Merge "Swith to the appropriate ceph-ansible playbook on upgrade"Jenkins1-1/+19
2017-08-19Merge "Convert scenario001-multinode-containers job to ceph-ansible"Jenkins1-0/+5
2017-08-19Merge "Add params needed for the ceph-ansible switch to containers playbook"Jenkins1-0/+1
2017-08-19Merge "Tag the ha containers with 'pcmklatest' at deploy time"Jenkins7-18/+221
2017-08-18Mount ceph config on gnocchi statsdPradeep Kilambi1-0/+9
gnocchi-statsd needs access to ceph config. lets mount the ceph config files so it doesnt throw conf_read_file errors. Change-Id: I1426d580c8d8d60e986ca859f89eeb8799ab6bd2
2017-08-18More fixes for the Ceph docker images url parsingGiulio Fidente1-2/+2
Existing code was still failing the following scenario: http://192.168.24.1:8787/ceph/rhceph-2-rhel7:latest Now this has been tested with the following variations: http://192.168.24.1:8787/ceph/rhceph-2-rhel7:latest http://192.168.24.1:8787/rhceph-2-rhel7:latest 192.168.24.1:8787/ceph/rhceph-2-rhel7:latest 192.168.24.1:8787/rhceph-2-rhel7:latest 192.168.24.1/ceph/daemon:latest And then the same list without the custom registry host. Change-Id: Ifc871de8c2678f6a6fc5d234bfb62e8273c1b0b7
2017-08-18Merge "Restore and split nova metadata docker service out of nova-api."Jenkins1-5/+61
2017-08-18Let mds create manila key and fsJan Provaznik2-2/+2
ceph-ansible will take care of setting up client keys both in ceph and on client side. It will also create filesystem for manila. To assure that manila manifest can work in future both with puppet and with ceph-ansible, creation of filesystem is moved to ceph-mds manifest and creation of manila key on ceph side is moved to ceph-base (so manila key is always created), manila key is added to ceph-external for external ceph deployments. Key creation is removed from manila.pp in patch I2b5567a39ac8737e80758b705818cc1807dc8bf1 Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68 Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27 Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
2017-08-18Tag the ha containers with 'pcmklatest' at deploy timeMichele Baldessari7-18/+221
We need to tag the HA containers with a special tag so that the RA definition never changes. We do this step in THT as opposed to puppet because we need to guarantee that all images are tagged on all nodes *before* step 2 where the bundle gets created. NB: Getting the image name without the tag will require some more yaql work to get all the cases right. Right now this works only if we enforce that the image has a ':tag' at the end of the name. So far this is always the case. If things change we will need to amend this code. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> Change-Id: I362e6cf26fba77d3f949b7d2fc4b35a3eab9087e
2017-08-18Enable TLS for containerized RabbitMQJuan Antonio Osorio Robles1-0/+51
Bind mounts and adds the appropriate permissions for the cert and key that's used for TLS. bp tls-via-certmonger-containers Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813 Change-Id: I48325893a00690e2f5d6f1d685f903234545d5b8
2017-08-18Convert scenario001-multinode-containers job to ceph-ansibleGiulio Fidente1-0/+5
Updates ci/environments/scenario001-multinode-containers.yaml to use ceph-ansible instead of puppet-ceph. Change-Id: Idbd02a3c7404daecdc6e2c45ea6d3478bf70552c Depends-On: Ifa4937624ed14a3ece48dd92ba4f69b5e4928e77
2017-08-18Merge "Refactor setup_docker_host.sh as host_prep_tasks"Jenkins1-0/+13
2017-08-18Merge "Containerize Manila Share for HA"Jenkins1-0/+142
2017-08-18Merge "Add support for installing Ceph MDS via ceph-ansible"Jenkins2-0/+101
2017-08-18Restore and split nova metadata docker service out of nova-api.Oliver Walsh1-5/+61
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from eventlet, however we need to continue running the eventlet service as it is required for the nova metadata api. However this should be tied to the OS::TripleO::Services::NovaMetadata service, so duplicate the required config in nova-metadata.yaml. Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727 Closes-bug: #1711425
2017-08-17Merge "Mount NFS volume to docker container."Jenkins1-0/+11
2017-08-17Merge "Enable TLS configuration for containerized RabbitMQ"Jenkins1-0/+15
2017-08-17Merge "Enable TLS for containerized MySQL"Jenkins1-9/+60
2017-08-17Merge "Enable TLS for containerized haproxy"Jenkins1-8/+57
2017-08-17Merge "Enable TLS configuration for containerized HAProxy"Jenkins1-5/+52
2017-08-17Refactor setup_docker_host.sh as host_prep_tasksJiri Stransky1-0/+13
Previously what we've been doing with setup_docker_host.sh can now be achieved with host_prep_tasks, and we can free up the NodeUserData interface for other use cases. Closes-Bug: #1711387 Change-Id: Iaac90efd03e37ceb02c312f9c15c1da7d4982510
2017-08-17Swith to the appropriate ceph-ansible playbook on upgradeGiulio Fidente1-1/+19
When performing an overcloud upgrade, we need to run a different ceph-ansible playbook from what we run for fresh deployments. This change adds the logic to parse StackUpdateType and set the playbook path accordingly. Change-Id: I2882f62a80954e6e7324bb86e5ac91c059698a60
2017-08-17Merge "Containerize virtlogd"Jenkins1-21/+32
2017-08-16Containerize Manila Share for HAVictoria Martinez de la Cruz1-0/+142
This service allows configuring and deploying manila-share containers in a HA overcloud managed by pacemaker. The containers are managed and run by pacemaker. Pacemaker runs the standard Kolla image but overrides the initial command so that it explicitely calls manila-share. This way, we shield ourselves from any unexpected future change in Kolla. This container needs to use the 'docker_config' section to invoke puppet (as opposed to 'docker_puppet_tasks'), because due to the HA composability each resource creation needs to happen on the bootstrap node of that service and 'docker_puppet_tasks' will only run on the controller/primary role. Based on work done in fdb233e64e3d78014dd7e351abfed5aec5035866 Partial-Bug: #1668922 Change-Id: Ifa94c506db5eb667690a19d594115a93d2a790b2 Depends-On: I797eea2f7788f65411964ccb852b5707e916416f
2017-08-16Add params needed for the ceph-ansible switch to containers playbookGiulio Fidente1-0/+1
Pre existing Ceph clusters are migrated to containers using a playbook in ceph-ansible which requires setting some 'ireallymeanit' variable. 1. https://github.com/ceph/ceph-ansible/issues/1758 Change-Id: I5c2f46b91cf032913931275ce62315f293f21c8b Closes-Bug: #1711159
2017-08-16Add support for installing Ceph MDS via ceph-ansibleJohn Fulton2-0/+101
Based on puppet/services/ceph-mds.yaml. Nodes in the CephMds role will already be in the Ansible inventory but this change provides a way pass their parameters to ceph-ansible. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
2017-08-16docker: Stop all active ceilometer services during compute upgradeLee Yarwood1-1/+16
Ensure both the older compute and newer generic polling host services are stopped during a compute upgrade. Closes-Bug: #1710866 Change-Id: I2c63d6d50977eed112707c3c8aa6d46d8b796679
2017-08-16Merge "Bind mount tripleo.cnf in transient bootstrap containers"Jenkins6-0/+6
2017-08-15Merge "Do not run clustercheck on the host after O->P upgrade"Jenkins1-0/+6
2017-08-15Merge "Internal TLS support for mongodb container"Jenkins1-7/+45
2017-08-15Merge "Set file mode permission of Ceph keyrings"Jenkins1-5/+1
2017-08-15Merge "Fix parsing of DockerCephDaemonImage parameter"Jenkins1-15/+30
2017-08-14Merge "Enable TLS configuration for containerized Galera"Jenkins1-0/+35