From 58a8b282c2f244b2675a6da7aac161a53f58c288 Mon Sep 17 00:00:00 2001
From: Flavio Percoco <flaper87@gmail.com>
Date: Tue, 7 Mar 2017 17:12:36 +0100
Subject: Mount hostpath logs on /var/log

Some containers are using the logs named volume for collecting logs
written to `/var/log`. We should make this consistent for all the
containers.

This patch also cleans up some mounts that weren't needed for some
services. For example, glance-api doesn't need `/run` to be mounted.

Other changes:
* Rework log volumes to hostpath mounts to omit slow COW writes.
* Add kolla_config's permission and host_prep_tasks create and
  manage hostpath mounted log dirs permissions.
* Rework data owning init containers to kolla_config permissions
* When a step wants KOLLA_BOOTSTRAP or DB sync, use logs data owning
  init containers to set permissions for logs. This is required
  because kolla bootsrap and DB sync runs before the kolla config
  stage and there is yet permissions set for logs.
* In order to address hybrid cases for host services vs containerized
  ones to access logs having different UIDs, persist containerized
  services' logs into separate directories (an upgrade impact)
* Ensure host prep tasks to create /var/log/containers/ and /var/lib/
  sub-directories for services
* Fix missing /etc/httpd, /var/www config-data mounts for zaqar/ironic
* Fix YAML indentation and drop strings quotation.

Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Partial blueprint containerized-services-logs

Change-Id: I53e737120bf0121bd28667f355b6f29f1b2a6b82
---
 docker/services/database/mongodb.yaml | 16 +++++++++++-----
 docker/services/database/mysql.yaml   | 24 +++++++++++++++++++-----
 2 files changed, 30 insertions(+), 10 deletions(-)

(limited to 'docker/services/database')

diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
index 7d2d1a15..4a620a4a 100644
--- a/docker/services/database/mongodb.yaml
+++ b/docker/services/database/mongodb.yaml
@@ -66,6 +66,9 @@ outputs:
             - path: /var/lib/mongodb
               owner: mongodb:mongodb
               recurse: true
+            - path: /var/log/mongodb
+              owner: mongodb:mongodb
+              recurse: true
       docker_config:
         step_2:
           mongodb:
@@ -76,7 +79,7 @@ outputs:
               - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
               - /var/lib/config-data/mongodb/etc/:/etc/:ro
               - /etc/localtime:/etc/localtime:ro
-              - logs:/var/log/kolla
+              - /var/log/containers/mongodb:/var/log/mongodb
               - /var/lib/mongodb:/var/lib/mongodb
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -88,13 +91,16 @@ outputs:
           step_config: 'include ::tripleo::profile::base::database::mongodb'
           config_image: *mongodb_image
           volumes:
-          - /var/lib/mongodb:/var/lib/mongodb
-          - logs:/var/log/kolla:ro
+            - /var/lib/mongodb:/var/lib/mongodb
+            - /var/log/containers/mongodb:/var/log/mongodb
       host_prep_tasks:
-        - name: create /var/lib/mongodb
+        - name: create persistent directories
           file:
-            path: /var/lib/mongodb
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/mongodb
+            - /var/lib/mongodb
       upgrade_tasks:
         - name: Stop and disable mongodb service
           tags: step2
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index cba2070d..e065e20e 100644
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -76,9 +76,18 @@ outputs:
               owner: mysql:mysql
               recurse: true
       docker_config:
+        # Kolla_bootstrap runs before permissions set by kolla_config
         step_2:
-          mysql_bootstrap:
+          mysql_init_logs:
             start_order: 0
+            image: *mysql_image
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/mysql:/var/log/mariadb
+            command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb']
+          mysql_bootstrap:
+            start_order: 1
             detach: false
             image: *mysql_image
             net: host
@@ -90,12 +99,13 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /etc/hosts:/etc/hosts:ro
               - /var/lib/mysql:/var/lib/mysql
+              - /var/log/containers/mysql:/var/log/mariadb
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
               - KOLLA_BOOTSTRAP=True
               # NOTE(mandre) skip wsrep cluster status check
               - KOLLA_KUBERNETES=True
-              - 
+              -
                 list_join:
                   - '='
                   - - 'DB_ROOT_PASSWORD'
@@ -107,7 +117,7 @@ outputs:
                             - {get_param: MysqlRootPassword}
                             - {get_param: [DefaultPasswords, mysql_root_password]}
           mysql:
-            start_order: 1
+            start_order: 2
             image: *mysql_image
             restart: always
             net: host
@@ -123,12 +133,16 @@ outputs:
           config_image: *mysql_image
           volumes:
             - /var/lib/mysql:/var/lib/mysql/:ro
+            - /var/log/containers/mysql:/var/log/mariadb
             - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
       host_prep_tasks:
-        - name: create /var/lib/mysql
+        - name: create persistent directories
           file:
-            path: /var/lib/mysql
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/mysql
+            - /var/lib/mysql
       upgrade_tasks:
         - name: Stop and disable mysql service
           tags: step2
-- 
cgit 1.2.3-korg