summaryrefslogtreecommitdiffstats
path: root/environments/docker.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-10-07Support for Ocata-Pike live-migration over sshOliver Walsh1-0/+1
In Ocata all live-migration over ssh is performed on the default ssh port (22). In Pike the containerized live-migration over ssh is on port 2022 as the docker host's sshd is using port 22. To allow live migration during upgrade we need to temporarily pin the Pike computes to port 22 and in the final converge we can switch over to port 2022. This also changes the default port to 2022 for baremetal computes in Pike to enable live-migration between baremetal and containerized computes. Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1 Depends-On: I0b80b81711f683be539939e7d084365ff63546d3 Closes-Bug: 1714171 (cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
2017-09-07Add Neutron SR-IOV agent containerBrent Eagles1-0/+4
This patch adds support for running the neutron SR-IOV agent in a container. Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935 Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec Closes-Bug: #1715388 Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9 (cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
2017-09-06Containerized mongodb, disable by default, fix upgradeSteve Baker1-1/+0
This change removes the entry to containerise docker by default because it should now be disabled since the change Id2e6550fb7c319fc52469644ea022cf35757e0ce. Removing the entry means the default mapping to mongodb-disabled.yaml takes effect. This change also modifies the upgrade_tasks so that the mongod service is only disabled when the service exists. There appears to be upgrade scenarios which fail because mongodb was never installed in the first place. Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324 Closes-Bug: #1715031 (cherry picked from commit cb81cbe3b5f3887f5d690c590e52b728f74d43c3)
2017-08-21Add logrotate with crond serviceBogdan Dobrelya1-0/+1
Add a docker service template to provide containerized services logs rotation with a crond job. Add OS::TripleO::Services::LogrotateCrond to CI multinode-containers and to all environments among with generic services like Ntp or Kernel. Set it to OS::Heat::None for non containerized environments and only enable it to the environments/docker.yaml. Closes-bug: #1700912 Change-Id: Ic94373f0a0758e9959e1f896481780674437147d Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-08-18Merge "Restore and split nova metadata docker service out of nova-api."Jenkins1-0/+1
2017-08-18Restore and split nova metadata docker service out of nova-api.Oliver Walsh1-0/+1
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from eventlet, however we need to continue running the eventlet service as it is required for the nova metadata api. However this should be tied to the OS::TripleO::Services::NovaMetadata service, so duplicate the required config in nova-metadata.yaml. Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727 Closes-bug: #1711425
2017-08-17Refactor setup_docker_host.sh as host_prep_tasksJiri Stransky1-6/+0
Previously what we've been doing with setup_docker_host.sh can now be achieved with host_prep_tasks, and we can free up the NodeUserData interface for other use cases. Closes-Bug: #1711387 Change-Id: Iaac90efd03e37ceb02c312f9c15c1da7d4982510
2017-08-11Consolidate puppet/docker deployments with one deploy steps workflowSteven Hardy1-3/+0
If we consolidate these we can focus on one implementation (the new ansible based one used for docker-steps) Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546 Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
2017-08-01Fix ceilometer agent compute service namePradeep Kilambi1-1/+1
Make sure this matches whats in roles_data.yaml Change-Id: Id41c457914f557af7c9ec195c4c6f98669523ac1
2017-08-01Merge "Generate MySQL client config if service requires database"Jenkins1-1/+0
2017-07-27Generate MySQL client config if service requires databaseDamien Ciabrini1-1/+0
Services that access database have to read an extra MySQL configuration file /etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind address and SSL configuration. The configuration file is thus used by containerized services, but also by non-containerized services that still run on the host. In order to generate that client configuration file appropriately both on the host and for containers, 1) the MySQLClient service must be included by the role; 2) every containerized service which uses the database must include the mysql::client profile in the docker-puppet config generation step. By including the mysql::client profile in each containerized service, we ensure that any change in configuration file will be reflected in the service's /var/lib/config-data/{service}, and that paunch will restart the service's container automatically. We now only rely on MySQLClient from puppet/services, to make it possible to generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that drive the generation of that config file in containers via docker-puppet. We include a new YAML validation step to ensure that any service which depends on MySQL will initialize the mysql::client profile during the docker-puppet step. Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7
2017-07-26Fix creation of iptables rules for non-HA containerized HAproxyDamien Ciabrini1-0/+1
The introduction of I90253412a5e2cd8e56e74cce3548064c06d022b1 broke the HAproxy service due to some HAproxy-specific iptables rules being executed during the puppet config step. Ensure that no iptables call is performed during the generation of configuration files. Move those calls to step 1, as implemented in the pacemaker-based HAproxy service (Ib5a083ba3299a82645f1a0f9da0d482c6b89ee23). Depends-On: I2d6274d061039a9793ad162ed8e750bd87bf71e9 Closes-Bug: #1697921 Change-Id: Ica3a432ff4a9e7a46df22cddba9ad96e1390b665
2017-07-23Add support for nova live/cold-migration with containersOliver Walsh1-0/+1
Updates hieradata for changes in https://review.openstack.org/471950. Creates a new service - NovaMigrationTarget. On baremetal this just configures live/cold-migration. On docker is includes a container running a second sshd services on an alternative port. Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd containers. Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427 Implements: blueprint tripleo-cold-migration Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
2017-07-12Drop ComputeServices from environments/docker.yamlDan Prince1-15/+0
Change-Id: Ibfc568755764203b68aed524d6f334eeb7cd5da7 Closes-bug: #1703001
2017-07-03Adds docker OpenDaylightTim Rozet1-0/+3
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074 Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913 Depends-On: I3d378044b3da5309b60967a12df7800520a254dc Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285 Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-06-25Temporarily disable containerized cinderMartin André1-2/+2
The containerized cinder service was merged a bit too soon and it caused several issues in CI. Disable it temporarily to unblock CI until it matures. Change-Id: I8c6c0ce0011fddfec1e2de798d4fc6f34ae78de2 Related-Bug: #1700333
2017-06-23Merge "Configuration for containerized MySQL clients"Jenkins1-0/+1
2017-06-19Re-enable docker service in docker.yamlMartin André1-0/+2
It was removed by mistake from the docker.yaml environment file in I76f188438bfc6449b152c2861d99738e6eb3c61b. Change-Id: If8df98e1ddd0961ab0c9e5df917fef8200db65e6 Closes-Bug: #1698749
2017-06-17Merge "Remove duplicate docker/puppet services.yaml"Jenkins1-3/+0
2017-06-16Fall back to non-containerized cinder-backup to unblock OVB CIJiri Stransky1-2/+2
The previous fix Ib10e4f18d967d356a15b97f58c488f8402a73356 made multinode CI pass, but there was still an error during volume scheduling on OVB: OSError: [Errno 13] Permission denied: '/var/lib/cinder/conversion' This was most likely due to cinder-volume was running on host and used host's cinder user, while we still deployed containerized cinder-backup and it chowned /var/lib/cinder under kolla's cinder user whose UID doesn't match the baremetal one. We didn't hit this issue in the multinode job because it doesn't presently deploy cinder-backup service at all. Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I9ac74d6717533f59945694b4a43fe56d7ca768c6 Closes-Bug: #1698136
2017-06-16Fall back to non-containerized cinder-volume to unblock CIJiri Stransky1-1/+2
CI was stuck on collecting logs. The collect-logs playbook, which normally takes just a few minutes, took more than an hour and was eventually killed. The playbook was stuck on collecting LVM info on the overcloud node, which runs this command: (vgs; pvs; lvs) &> /var/log/extra/lvm.txt Therefore it's very likely that the problematic part is the LVM setup in the containerized cinder-volume service, and falling back to non-contianerized for the time being should get the CI going again. Change-Id: Ib10e4f18d967d356a15b97f58c488f8402a73356 Closes-Bug: #1698136
2017-06-15Merge "Containerize Ceilometer Agent Ipmi"Jenkins1-0/+1
2017-06-14Merge "Add Nova Consoleauth service to containerized deployment"Jenkins1-0/+1
2017-06-14Merge "Add Nova Vncproxy service to containerized deployment"Jenkins1-0/+1
2017-06-14Merge "Docker service for Cinder Volume"Jenkins1-0/+1
2017-06-14Merge "Docker services for Cinder Backup"Jenkins1-0/+1
2017-06-14Merge "Docker services for Cinder Api and Scheduler"Jenkins1-0/+2
2017-06-14Merge "Containerize multipathd"Jenkins1-0/+1
2017-06-14Merge "Move iscsid to a container"Jenkins1-0/+1
2017-06-13Containerize Ceilometer Agent IpmiPradeep Kilambi1-0/+1
Depends-On: I3e865f2e9b6935eb3dfa4b4579c803f0127848ae Change-Id: I09327a63d238a130b6ac0f2361f80e2b244b4b52
2017-06-13Configuration for containerized MySQL clientsDamien Ciabrini1-0/+1
This service generates the /etc/my.cnf.d/tripleo.cnf file which is being used to configured MySQL clients (e.g. client bind address, client SSL configuration...) We generate the config file in this service and let containerized MySQL clients mount /var/lib/config-data/mysql_client/etc/my.cnf.d/tripleo.cnf it in their own container. This way, when this MySQLClient service is updated, the other containers will automatically pick the updated configuration at next restart. Partial-Bug: #1692317 Change-Id: Idc56d27fb9645ad3b07df8ef08b7e2ce29e6d499
2017-06-13Add Nova Vncproxy service to containerized deploymentSven Anderson1-0/+1
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481 Change-Id: Ifd138ea553a45a637a1a9fe3d0e946f8be51e119
2017-06-13Add Nova Consoleauth service to containerized deploymentSven Anderson1-0/+1
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481 Change-Id: I808a5513decab1bd2cce949d05fd1acb17612a42
2017-06-13Unblock CI by reverting to non-containerized HAProxyJiri Stransky1-1/+0
In change I90253412a5e2cd8e56e74cce3548064c06d022b1 we merged containerized HAProxy setup, but because of a typo in resource registry, CI kept using the non-containerized variant and it went unnoticed that the containerized HAProxy doesn't work yet. We merged a resource registry fix in Ibcbacff16c3561b75e29b48270d60b60c1eb1083 and it brought down the CI, which now used the non-working HAProxy. After putting in the missing haproxy container image to tripleo-common in I41c1064bbf5f26c8819de6d241dd0903add1bbaa we got further, but the CI still fails on HAProxy related problem, so we should revert back to using non-containerized HAProxy for the time being. Change-Id: If73bf28288de10812f430619115814494618860f Closes-Bug: #1697645
2017-06-12Merge "Fix typo in haproxy docker mapping"Jenkins1-1/+1
2017-06-12Docker service for Cinder VolumeDan Prince1-0/+1
Adds docker service for Cinder Volume Co-Authored-By: Jon Bernard <jobernar@redhat.com> Depends-On: Ic1585bae27c318bd6bafc287e905f2ed250cce0f Partial-bug: #1668920 Change-Id: Ifadb007897f3455b90de6800751a0d08991ebca2
2017-06-12Docker services for Cinder BackupDan Prince1-0/+1
Adds docker services for Cinder Backup Co-Authored-By: Gorka Eguileor <geguileo@redhat.com> Co-Authored-By: Jon Bernard <jobernar@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Alan Bishop <abishop@redhat.com> Partial-bug: #1668920 Change-Id: I26fc31e59b28da017f0b028b74bde40aaac53ad5
2017-06-12Docker services for Cinder Api and SchedulerDan Prince1-0/+2
Adds docker services for Cinder API and Scheduler. Co-Authored-By: Gorka Eguileor <geguileo@redhat.com> Co-Authored-By: Jon Bernard <jobernar@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Alan Bishop <abishop@redhat.com> Depends-On: Ic1585bae27c318bd6bafc287e905f2ed250cce0f Change-Id: I5cff9587626a3b2a147e03146d5268242d1c9658 Partial-bug: #1668920
2017-06-12Containerize multipathdDan Prince1-0/+1
Co-Authored-By: Jon Bernard <jobernar@redhat.com> Depends-On: I486de8b6ab2f4235bb4a21c3650f6b9e52a83b80 Change-Id: I6cf70fa05ad1c8aa6d9f837ddcd370eb26e45f97
2017-06-12Move iscsid to a containerDan Prince1-0/+1
This configures iscsid so that it runs as a container on relevant roles (undercloud, controller, compute, and volume). When the iscsid docker service is provision it will also run an ansible snippet that disables the iscsid.socket on the host OS thus disabling the hosts systemd from auto-starting iscsid as it normally does. Co-Authored-By: Jon Bernard <jobernar@redhat.com> Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
2017-06-09Remove duplicate docker/puppet services.yamlSteven Hardy1-3/+0
Move to one common services.yaml not only reduces the duplication, but it should improve performance for the docker/services.yaml case, because we were creating two ResourceChains with $many services which we know can be really slow (especially since we seem to be missing concurrent: true on one) Change-Id: I76f188438bfc6449b152c2861d99738e6eb3c61b
2017-06-08Merge "Containerize Horizon"Jenkins1-0/+1
2017-06-08Fix typo in haproxy docker mappingMichele Baldessari1-1/+1
It is 'HAproxy' and not 'HAProxy'. This needs fixing so that the proper service is instantiated when a role includes the HAproxy service. Change-Id: Ibcbacff16c3561b75e29b48270d60b60c1eb1083
2017-06-06Merge "Containerize HAProxy for the non-ha case"Jenkins1-0/+1
2017-06-06Containerize HAProxy for the non-ha caseDamien Ciabrini1-0/+1
This change implements an initial container for haproxy in the non-HA case (aka when the container is not spawn by pacemaker). We tested this using a stock kolla haproxy container image and we were able to get haproxy running on a container with net=host correctly. Change-Id: I90253412a5e2cd8e56e74cce3548064c06d022b1 Co-Authored-By: Michele Baldessari <michele@acksyn.org> Depends-on: I51c482b70731f15fee4025bbce14e46a49a49938 Closes-Bug: #1668936
2017-05-26Add sshd service to containerized compute roleOliver Walsh1-0/+1
This adds the sshd puppet service to the containerized compute role All other roles already include this service from the defaults roles data, it is only missing from the compute role. As the sshd service runs on the docker host, this must remain as a traditional puppet service. NB the sshd puppet service does not enable sshd, it just enables the management of the sshd config via t-h-t/puppet. Closes-bug: #1693837 Change-Id: I86ff749245ac791e870528ad4b410f3c1fd812e0
2017-05-20Merge "Comment parameters for registry in docker.yaml"Jenkins1-4/+4
2017-05-19Merge "Add containerized neutron-metadata agent"Jenkins1-0/+1
2017-05-18Add containerized neutron-metadata agentBrent Eagles1-0/+1
This patch adds support for running the neutron metadata agent in a container. Change-Id: I53c62516c95d62f5ced70818d4eb4c2c341df0d7 Partial-Bug: #1668922
2017-05-18Comment parameters for registry in docker.yamlSteven Hardy1-4/+4
These duplicate the defaults in puppet/services/docker.yaml and break things if you include an environment file (e.g that generated by quickstart containers-default-parameters.yaml) before the docker.yaml. Instead it's probably more helpful to include the commented lines showing how to enable use of a local docker registry. Change-Id: I3896fa2ea7caa603186f0af04f6d8382d50dd97a Closes-Bug: #1691524