aboutsummaryrefslogtreecommitdiffstats
path: root/docker
AgeCommit message (Collapse)AuthorFilesLines
2017-06-12Move iscsid to a containerDan Prince1-0/+109
This configures iscsid so that it runs as a container on relevant roles (undercloud, controller, compute, and volume). When the iscsid docker service is provision it will also run an ansible snippet that disables the iscsid.socket on the host OS thus disabling the hosts systemd from auto-starting iscsid as it normally does. Co-Authored-By: Jon Bernard <jobernar@redhat.com> Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
2017-06-12Generate HAproxy iptables rules for containerized HA deploymentsDamien Ciabrini1-10/+13
The containerized HAproxy service can only specify steps to be run in containers, i.e. it cannot runs the regular puppet steps on bare metal at the same time. A side effect is that the dedicated HAproxy iptables rules are no longer generated. Update the docker_config step to fix the creation of iptables rules for HAproxy and persist them on-disk as before. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Closes-Bug: 1697387 Change-Id: Ib5a083ba3299a82645f1a0f9da0d482c6b89ee23
2017-06-12Merge "Don't mount all of config-data /etc, /etc/httpd"Jenkins19-21/+46
2017-06-12Execute Swift ring up-/download in containerized environmentsChristian Schwede1-2/+13
This patch ensures that Swift rings are downloaded from the undercloud before a rebalance and uploaded afterwards. Depends-On: I51c5795b9893d797bd73e059910f17a98f04cdbe Change-Id: Ief012fed628957e4da63ff3314c4cf01d58b6b16
2017-06-11Merge "Containerized collectd"Jenkins1-0/+94
2017-06-12Don't mount all of config-data /etc, /etc/httpdSteve Baker19-21/+46
This change modifies these mounts to be more specific mounts based on the files which puppet actually modifies. The result is something a bit more self-documenting, and allows for trying other techniques for populating /etc other than directly mounting config-data directories. Change-Id: Ied1eab99d43afcd34c00af25b7e36e7e55ff88e6
2017-06-11Remove pip install paunchMichele Baldessari1-4/+0
We now have python-paunch-1.1.1 [1] in the overcloud images so we do not need to pip install it any longer. [1] https://trunk.rdoproject.org/centos7-master-head/current/python-paunch-1.1.1-0.20170602043913.c8e22e5.el7.centos.noarch.rpm Change-Id: I1ede514a8aee7ac217fa75843e67fb6542e06f99
2017-06-09Remove duplicate docker/puppet services.yamlSteven Hardy1-105/+0
Move to one common services.yaml not only reduces the duplication, but it should improve performance for the docker/services.yaml case, because we were creating two ResourceChains with $many services which we know can be really slow (especially since we seem to be missing concurrent: true on one) Change-Id: I76f188438bfc6449b152c2861d99738e6eb3c61b
2017-06-09Merge "Write md5sum for service config directories"Jenkins2-3/+59
2017-06-09Merge "Make container names consistent"Jenkins18-41/+41
2017-06-09Merge "Containerize Tacker Services"Jenkins1-0/+134
2017-06-09Merge "Containerize Congress API service"Jenkins1-0/+135
2017-06-09Make container names consistentMartin André18-41/+41
This commit change the container names to consistently use the `_` char as a word separator and make the kolla external config file match the container name to make operators' life easier. Change-Id: Ibac9d76dde474b94c3cb86031ead0fd0327e126f
2017-06-09Merge "Modify libvirtd container command line when TLS is enabled"Jenkins1-1/+25
2017-06-09Merge "Run the nova-compute container as the nova user"Jenkins1-1/+1
2017-06-08Fix bug in docker-toool where values are sometimes empty.Ian Main1-0/+3
I was getting empty volumes from the json and it was creating bad docker command lines. Change-Id: Ie90fc1afa5711d6b029e98d621507b9cb70c1dbe
2017-06-08Merge "Containerize Horizon"Jenkins1-0/+128
2017-06-08Run the nova-compute container as the nova userOliver Walsh1-1/+1
Change-Id: Ie6469d2fd2119952669f5c9fdaa41fb273185973 Depends-On: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6 Closes-bug: #1693844
2017-06-08Containerized collectdMatthias Runge1-0/+94
Change-Id: I05126a108f5ab790e729d1f98399dca5801ebd69
2017-06-08Write md5sum for service config directoriesSteven Hardy2-3/+59
The configuration generated by docker-puppet may change on update, so checksum the combined files from the config-data directories, to enable detecting those that have changed and restarting the appropriate containers - we need to merge this checksum into the environment passed to the containters, as this will cause paunch to correctly restart containers when the configuration generated changes, even if the rest of the json definition provided by heat does not. Change-Id: I40d9080cf3ad708ef4ed91e46d2b2ae1138bb9c3
2017-06-08Containerize Cinder-volume for HADamien Ciabrini1-0/+170
This service allows configuring and deploying cinder-volume containers in a HA overcloud managed by pacemaker. The containers are managed and run by pacemaker. Pacemaker runs the standard Kolla image but overrides the initial command so that it explicitely calls cinder-volume. This way, we shield ourselves from any unexpected future change in Kolla. This container needs to use the 'docker_config' section to invoke puppet (as opposed to 'docker_puppet_tasks'), because due to the HA composability each resource creation needs to happen on the bootstrap node of that service and 'docker_puppet_tasks' will only run on the controller/primary role. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Partial-Bug: #1668920 Depends-On: I95ad4dd89b47396bea672813d87de35e64c04b2d Change-Id: Ib6396219c3d9484c533f6f9995d565091a197bbb
2017-06-08Containerized Sensu clientMartin Mágr1-0/+131
Implements: blueprint container-healthchecks Depends-On: I9ccf1c4c948e6e347eb8e4d947edf77822a601cb Change-Id: Iff7758623974a69e2c043cf611f46ce11c36cc59
2017-06-08Containerize Tacker ServicesPradeep Kilambi1-0/+134
Closes-bug: #1668935 Change-Id: I83a02735eb445e831bc74ec786f2bb42cd2f87d6
2017-06-08Containerize Congress API servicePradeep Kilambi1-0/+135
Closes-bug: #1668929 Change-Id: I051edcf2980bb9c2521e21c410055690c012a0d1
2017-06-08Fix containerized SwiftRawDisks usageChristian Schwede1-1/+22
This patch partitions the defined devices and mounts them on the hostnode. It also disables the mount_check inside Swift because it is currently not possible to detect wether a given directory is a mounted device or not. This is just a workaround until a better solution has been implemented in Swift itself. Change-Id: I6e8e1328d7ffb18bb96ed1a940013dbb8b6b433e
2017-06-08Merge "Mount /var/run/libvirt on ceilo agent compute"Jenkins1-0/+1
2017-06-08Modify libvirtd container command line when TLS is enabledOliver Walsh1-1/+25
Libvirtd needs the --listen arg to enable the TLS socket. Change-Id: I535165f0a2634728045491b2a37a56b1891b13fe Resolves-Bug: #1694958
2017-06-07Mount /var/run/libvirt on ceilo agent computePradeep Kilambi1-0/+1
Without this evidently agent logs IO errors. Change-Id: I3031212c582381ae6b6147a48101bf83a05caa8a
2017-06-07Add host logging for redis service templateSteven Hardy1-3/+14
This got missed in the patch which added host logging for most other services. Change-Id: I0be8a5bce6558ebaf5b4830138d1f6c31aec6394
2017-06-07Containerize Manila API serviceVictoria Martinez de la Cruz1-0/+112
Co-Authored-By: Martin André <m.andre@redhat.com> Partial-Bug: #1668922 Change-Id: I0c98f26b19caf755bbc80bd6a75fc17b5d191ae4
2017-06-07Merge "Map /etc/ssh/ssh_known_hosts to all containers"Jenkins1-0/+1
2017-06-07Merge "Ensure /etc/ssh/ssh_known_hosts exist in docker config-data."Jenkins1-0/+4
2017-06-07Merge "Convert puppet and docker steps to ansible"Jenkins2-99/+77
2017-06-07Merge "Stop/disable l3 agent in docker service upgrade_tasks"Jenkins1-0/+5
2017-06-07Map /etc/ssh/ssh_known_hosts to all containersOliver Walsh1-0/+1
This allows any ssh client spawned from a container to validate ssh host key. Change-Id: I86d95848e5f049e8af98107cd7027098d6cdee7c Closes-bug: #1693841
2017-06-07Ensure /etc/ssh/ssh_known_hosts exist in docker config-data.Oliver Walsh1-0/+4
Works around the issue encountered in 1696283. Change-Id: I1947d9d1e3cabc5dfe25ee1af994d684425bdbf7 Resolves-Bug: #1696283
2017-06-07Stop/disable l3 agent in docker service upgrade_tasksSteven Hardy1-0/+5
This service is missing the task to stop/disable the service on the host prior to it being started in a container. Change-Id: I33d70d32c3b55e1f2738441f57c74b007e7bd766 Closes-Bug: #1695017
2017-06-07Merge "Fix upgrade tasks to use correct service name"Jenkins2-2/+2
2017-06-06Merge "Containerize HAProxy for the non-ha case"Jenkins1-0/+111
2017-06-06Fix upgrade tasks to use correct service namePradeep Kilambi2-2/+2
Change-Id: I149ca7cdd939ed7c1767a416bb9569ada163e820 Closes-bug: #1696089
2017-06-06Convert puppet and docker steps to ansibleSteven Hardy2-99/+77
Replace the multiple SoftwareDeployment resources with a common playbook that runs on all roles, consuming the configuration data written via the HostPrepAnsible tasks. This hopefully simplifies things, and will enable re-running the deploy steps for minor updates (we'll need some way to detect a container should be replaced, but that will be done via a follow-up patch). Change-Id: I674a4d9d2c77d1f6fbdb0996f6c9321848e32662
2017-06-06Containerize HAProxy for the non-ha caseDamien Ciabrini1-0/+111
This change implements an initial container for haproxy in the non-HA case (aka when the container is not spawn by pacemaker). We tested this using a stock kolla haproxy container image and we were able to get haproxy running on a container with net=host correctly. Change-Id: I90253412a5e2cd8e56e74cce3548064c06d022b1 Co-Authored-By: Michele Baldessari <michele@acksyn.org> Depends-on: I51c482b70731f15fee4025bbce14e46a49a49938 Closes-Bug: #1668936
2017-06-04Merge "Containerize Redis for HA"Jenkins1-0/+140
2017-06-04Containerize Redis for HADamien1-0/+140
This service allows configuring and deploying Redis containers in a HA overcloud managed by pacemaker. The containers are managed and run by pacemaker. Inside there is pacemaker_remote which will invoke the resource agent managing galera. The resources themselves are created via puppet-pacemaker inside a short-lived container used for this purpose (mysql_init_bundle). This container needs to use the 'docker_config' section to invoke puppet (as opposed to 'docker_puppet_tasks'), because due to the HA composability each resource creation needs to happen on the bootstrap node of that service and 'docker_puppet_tasks' will only run on the controller/primary role. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Closes-Bug: #1692924 Depends-On: Ia1131611d15670190b7b6654f72e6290bf7f8b9e Change-Id: Ie045954fcc86ef2b3e4562b6f012853177f03948
2017-06-03Merge "Containerize clustercheck galera monitor for HA deployments"Jenkins1-0/+103
2017-06-03Merge "Containerize HAProxy for HA"Jenkins1-0/+116
2017-06-03Merge "Containerize RabbitMQ for HA"Jenkins1-0/+159
2017-06-03Merge "Containerize MySQL for HA"Jenkins1-0/+180
2017-05-31Merge "Containerized nova-compute working with Deployed Server"Jenkins1-0/+21
2017-05-30Merge "docker bootstrap service commands"Jenkins11-28/+36