aboutsummaryrefslogtreecommitdiffstats
path: root/docker
AgeCommit message (Collapse)AuthorFilesLines
2017-07-17Merge "Add role_merged_configs into workflow executions environmentxi"Jenkins1-0/+8
2017-07-15Merge "Use a single configuration file for specifying docker containers."Jenkins77-1081/+154
2017-07-14Use a single configuration file for specifying docker containers.Ian Main77-1081/+154
This removes the default container names from all the templates and uses a single environment file to specify the full container name and registry from which to pull. Also does away with most of DockerNamespace. Change-Id: Ieaedac33f0a25a352ab432cdb00b5c888be4ba27 Depends-On: Ibc108871ebc2beb1baae437105b2da1d0123ba60 Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com>
2017-07-14Add role_merged_configs into workflow executions environmentxiGiulio Fidente1-0/+8
Merges per-role config settings into merged_config_settings which is wired into the workflow executions environment. Useful to consume role config settings from within a workflow. Change-Id: Id37de5864138edd5476c097a8a1f0763faeaf768
2017-07-14Add validation task in docker servicesJose Luis Franco Arza4-0/+42
Docker services are missing the pre-upgrade validation task in the upgrade_tasks section which verifies if the service is running before stopping it. Change-Id: Ia8c25827d0d6f34e0345c3946dfd6839a7116e04 Partial-Bug: #1704389
2017-07-14Adds network/cidr mapping into a new service propertyGiulio Fidente81-0/+397
Makes it possible to resolve network subnets within a service template; the data is transported into a new property ServiceData wired into every service which hopefully is generic enough to be extended in the future and transport more data. Data can be consumed in service templates to set config values which need to know what is the subnet where a deamon operates (for example the Ceph Public vs Cluster network). Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-14Improve logs from ansible, puppet, docker-puppet.pyBogdan Dobrelya2-18/+63
* Debug ansible 'puppet apply' stderr joined stdout, split by lines. * Do 'puppet apply' w/o colors, logdest syslog, and given a wanted modulepath instead of the module puppet, that can't support those options. * Bind-mount syslog socket for docker-puppet.py to pass puppet logs to host OS syslog. * Fix logging handlers for multiprocess workers in docker-puppet.py. Related-bug: #1698172 Closes-bug: #1700086 Change-Id: I84112a836e968aa5c3596a6544e0392980529963 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-07-13Merge "Containerize Manila Share service"Jenkins1-0/+118
2017-07-13Merge "Fix ironic-pxe startup issues"Jenkins1-7/+7
2017-07-13Merge "Add support for running crontabs in containers"Jenkins3-5/+15
2017-07-13Merge "Run rsync for Swift without xinetd"Jenkins1-4/+4
2017-07-13Merge "Add missing tags in iscsid upgrade_tasks"Jenkins1-0/+2
2017-07-12Fix ironic-pxe startup issuesDan Prince1-7/+7
This patch updates the ironic-api docker service so that it generates its config files in a unique config root. This ensures that it doesn't have config files in the httpd conf.d directory for both the API and PXE services thus causing the API container to attempt to launch both of them. This functionally fixes the Ironic API and PXE services with docker so they once again can bring up an overcloud. Change-Id: I537cd6a3337bf776ca38a279b7c130b6429eea04 Closes-bug: #1702799
2017-07-12Merge "Bind mount needed cert for haproxy for HA too"Jenkins1-12/+26
2017-07-12Containerize Manila Share serviceVictoria Martinez de la Cruz1-0/+118
Change-Id: I797eea2f7788f65411964ccb852b5707e916416f Partial-Bug: #1668922
2017-07-12Add support for running crontabs in containersOliver Walsh3-5/+15
This change enables the puppet cron resource in docker-puppet.py and adds user crontabs to the paths copied from the config containers. Only the nova crontab is configured for now. Other services will require similar changes to run their crontabs. Partial-Bug: 1701254 Change-Id: I2d1d0f0d77908a132472cf4bc475f8bd526af504 Depends-On: Ie16fb4539481a3c192cff8220a97daa4c70467fc
2017-07-12Run rsync for Swift without xinetdChristian Schwede1-4/+4
The default in non-containerized environments is to run rsync within xinetd for Red Hat-based deployments, however in an containerized environment this is not really needed. Therefore run rsync directly without being started by xinetd. Change-Id: I08abd917eba08d1192437ddf96c71b06d099a3f8
2017-07-11Allow modprobing from cinder-volume containerJiri Stransky1-0/+1
When using LVM/iSCSI backend, cinder-volume tries to modprobe configfs module. We need the modules dir bind mounted for this to succeed. Co-Authored-By: Gorka Eguileor <geguileo@redhat.com> Change-Id: I7bfeaa66915e663726acdf3458db80821fbd3d6b Closes-Bug: #1701321
2017-07-11LVM in cinder-volume container without udevJiri Stransky1-2/+8
Disabling udev usage from LVM seems to be the only observed working way of running containerized cinder-volume with local LVM backend. I didn't come across reports that not using udev would have negative impact on the functionality. Additional info at https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw Change-Id: I491795deab0c37d1bad3b50524481e0b76529667 Depends-On: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49 Closes-Bug: #1700982
2017-07-10Replace outdated instruction with link to upstream docMartin André1-57/+2
Beside it's historical value, the instruction in the README-containers file served no purpose and confused users. Link to upstream documentation instead. Change-Id: I86753a613f3d405fc919bb3cc5bd94f29449184d
2017-07-10Bind mount needed cert for haproxy for HA tooMartin André1-12/+26
haproxy needs the deployed SSL cert file to function when TLS is enabled. It is also required for the docker-puppet haproxy container since the haproxy puppet module uses a validate_cmd to check the generated config file is valid that fails when the required SSL cert is not present. There is no clean way to disable this feature [1] so we need to bind mount the cert into the container. This commit applies the same change that was applied in Id2df144b678769def204961236624091d4e5c457 for the non-ha case. [1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57 Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2017-07-10Copy only generated puppet files into the containerMartin André72-214/+627
This solves a problem with bind-mounts when the containers are holding files descriptors open. At the same time this makes the template more robust to puppet changes since new config files will be available in the containers without needing to update the templates. Partial-Bug: #1698323 Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
2017-07-07Rename CongressApi to Congress (docker)Emilien Macchi1-5/+5
Before it was Congress, let's stay consistent and stop using CongressApi in Docker service, because we release. Change-Id: Id939b3d70e185da4279f3860812fa5dce27d64dd
2017-07-07Wrap ceilometer-upgrade in boostrap_host_execMartin André1-1/+5
This ensures the update only occures on the primary node. Change-Id: Id58eb9dac65dc178fa863c9bc44b1ed440e26a77
2017-07-05Merge "Adds docker OpenDaylight"Jenkins3-3/+119
2017-07-05Merge "Bind mount needed cert for haproxy"Jenkins1-0/+12
2017-07-03Adds docker OpenDaylightTim Rozet3-3/+119
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074 Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913 Depends-On: I3d378044b3da5309b60967a12df7800520a254dc Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285 Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-03Merge "adding --config-dir parameters to neutron containers"Jenkins4-4/+4
2017-07-02adding --config-dir parameters to neutron containersOr Idgar4-4/+4
Change-Id: I521e89994e9be6efd335c5809810d9188dc1742f Closes-Bug: #1684908
2017-06-30Merge "Fix typo in config_volume"Jenkins1-2/+2
2017-06-30Merge "Ensure boostrap_host_exec runs as root"Jenkins2-0/+3
2017-06-30Merge "Force mtime for tar used in container config md5sums"Jenkins1-1/+1
2017-06-30Ensure boostrap_host_exec runs as rootMartin André2-0/+3
This is necessary for accessing the bind mounted hieradata in the container in order to determine if the node is the primary node. With the new validation added to yaml-validate.py, we could spot potential issues in sahara-api and keystone bootstrap tasks. The keystone one is a false positive, as the image defaults to the root user in order to be able to run apache. Still, it is better to be consistent here and specify the root user nonetheless. Change-Id: Ib0ff9748d5406f507261e506c19b96750b10e846 Closes-Bug: #1697917
2017-06-30Fix typo in config_volumeSven Anderson1-2/+2
Change-Id: I6a53a56c534f24cb514d8aeb8cec3d7865b93448
2017-06-30Bind mount needed cert for haproxyMartin André1-0/+12
haproxy needs the deployed SSL cert file to function when TLS is enabled. It is also required for the docker-puppet haproxy container since the haproxy puppet module uses a validate_cmd to check the generated config file is valid that fails when the required SSL cert is not present. There is no clean way to disable this feature [1] so we need to bind mount the cert into the container. [1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57 Change-Id: Id2df144b678769def204961236624091d4e5c457
2017-06-30Merge "Add missing xinetd/rsync container for Swift"Jenkins1-1/+21
2017-06-30Merge "Add detach to docker-toool"Jenkins1-6/+10
2017-06-30Merge "Remove ceilometer upgrade from other ceilometer containers"Jenkins2-28/+0
2017-06-29Merge "Add heat parameter for all of config_volume images"Jenkins78-216/+515
2017-06-29Force mtime for tar used in container config md5sumsSteven Hardy1-1/+1
The checksum is changing each run because the mtime is different, so force a specific date such that we only compare the directory contents. Change-Id: I5ed2b50176f902d7af12b96e650b67b736d59a4a
2017-06-29Merge "Enable nova-api to run over httpd again"Jenkins1-0/+3
2017-06-29Add missing tags in iscsid upgrade_tasksJiri Stransky1-0/+2
The stat resources weren't executed in step2, and Ansible failed on them being undefined. Change-Id: I93621dd80d97be597eff6b8913ae9d7b2810f837 Closes-Bug: #1701221
2017-06-28Remove ceilometer upgrade from other ceilometer containersPradeep Kilambi2-28/+0
Lets just run the ceilometer upgrade once in central agent container Change-Id: If5e5ca6122f8583c6221bc6b343e483e41f04d29 Closes-bug: #1700056
2017-06-28Enable nova-api to run over httpd againJuan Antonio Osorio Robles1-0/+3
This is needed for TLS everywhere. Change-Id: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3 Depends-On: I426bfdb9e6c852eb32d10a12e521bb8b47701c41
2017-06-28Default docker-puppet.py logging to INFODan Prince3-11/+26
If you want debug logging you can set the new DockerPuppetDebug heat parameter to 'True'. Change-Id: Iae7bb67379351ea15d61c331867d7005f07ba98e Closes-bug: 1700570
2017-06-28Add missing xinetd/rsync container for SwiftChristian Schwede1-1/+21
Swift object replication relies on the rsync server, which is run by xinetd. This patch adds the missing container and configuration. Note that xinetd needs bind to a privileged port (873) and has to be started as root therefore. Change-Id: I7655c9dd116c0130035d8a2fae81148171ae6448
2017-06-28Add heat parameter for all of config_volume imagesMartin André78-216/+515
This commit consistently defines a heat template parameter in the form of DockerXXXConfigImage where XXX represents the name of the config_volume that is used by docker-puppet. The goal is to mitigate hard to debug errors where the templates would set different defaults for the image docker-puppet.py uses to run, for the same config_volume name. This fixes a couple of inconsistencies on the way. Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b Closes-Bug: #1699791
2017-06-27Merge "Add docker templates for octavia services"Jenkins4-0/+469
2017-06-26Provides a list of per-service ctlplane IPs to the workflows envGiulio Fidente1-0/+8
Adds in the execution environment of the workflow steps a list of per-service network IPs. This can be used by the workflows to execute actions against the nodes hosting a given service. Change-Id: Id7c735d53f04f6ad848b2f9f1adaa3c84ecd2fcd Implements: blueprint tripleo-ceph-ansible
2017-06-26Allows use of Mistral workflows during deployment stepsGiulio Fidente1-6/+72
Introduces a general mechanism meant to allow for the execution of workflows during the deployment steps. Services can define workflow actions to be triggered during a step in the newly added service_workflow_tasks section. The syntax is: service_workflow_tasks: step2: - name: my_action_name action: std.echo input: output: 'hello world' Implements: blueprint tripleo-ceph-ansible Depends-On: If02799e7457ca017cc119317dfb2db7198a3559f Depends-On: Ibc5707f9f06266fe84ad1dd91dcb984157871d30 Change-Id: I36a642fbc2076ad9e4a10ffc56d6d16f3ed6f27a