From 5c272e9de39ca3d06158d23b30f12107c8251d1d Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Tue, 8 Nov 2016 20:50:17 +0000
Subject: Use overcloud-full instead of atomic-image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This switches to using overcloud-full as the OS image for
containerized compute. It includes the following changes:
- install docker, until this change lands
  I1eab2a6de721c8f3c21c7df0019f2d4d1cc3775f
- agent image pull has been removed. This avoids a race between docker
  starting and the current call to pull. This relies on "docker run"
  to do the initial pull and leaves open the option of some other
  prefetch mechanism to do the initial pull
- rely on unit Conflicts= to ensure heat-docker-agents and
  os-collect-config do not run at the same time
- tweaks to host bind mounts
- removal of commands which only apply to atomic

Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I2e82634785834a877a4dbdbdcd788a9ac1c14a9d
---
 docker/firstboot/start_docker_agents.sh | 101 +++++++++-----------------------
 docker/post.j2.yaml                     |  56 ------------------
 2 files changed, 29 insertions(+), 128 deletions(-)

(limited to 'docker')

diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index 40e5248a..1c5cc18d 100755
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -1,76 +1,56 @@
 #!/bin/bash
 set -eux
 
-/sbin/setenforce 0
-/sbin/modprobe ebtables
-
-# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
-chmod 666 /dev/pts/ptmx
-
-# We need hostname -f to return in a centos container for the puppet hook
-HOSTNAME=$(hostname)
-echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
-
-# update docker for local insecure registry(optional)
-# Note: This is different for different docker versions
-# For older docker versions < 1.4.x use commented line
-#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
-#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
+# TODO remove this when built image includes docker
+if [ ! -f "/usr/bin/docker" ]; then
+    yum -y install docker
+fi
 
 # Local docker registry 1.8
 # NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is
 # a place holder for text replacement done via heat
-if [ "$docker_namespace_is_registry" = True ]; then
+if [ "$docker_namespace_is_registry" = "True" ]; then
     /usr/bin/systemctl stop docker.service
     # if namespace is used with local registry, trim all namespacing
     trim_var=$docker_registry
     registry_host="${trim_var%%/*}"
     /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker
-    /usr/bin/systemctl start --no-block docker.service
 fi
 
-/usr/bin/docker pull $agent_image &
-DOCKER_PULL_PID=$!
-
 mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
 
 # NOTE(flaper87): Heat Agent required mounts
-AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \
-                      -v /run:/run \
-                      -v /etc:/host/etc \
-                      -v /usr/bin/atomic:/usr/bin/atomic \
-                      -v /var/lib/dhclient:/var/lib/dhclient \
-                      -v /var/lib/cloud:/var/lib/cloud \
-                      -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
-                      -v /etc/sysconfig/docker:/etc/sysconfig/docker \
-                      -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
-                      -v /var/lib/os-collect-config:/var/lib/os-collect-config \
-                      -v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \
-                      -v /var/lib/heat-config:/var/lib/heat-config \
-                      -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2"
-
-
-# NOTE(flaper87): Some of these commands may not be present depending on the
-# atomic version.
-for docker_cmd in docker docker-current docker-latest; do
-    if [ -f "/usr/bin/$docker_cmd" ]; then
-        AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd"
-    fi
-done
+AGENT_COMMAND_MOUNTS="\
+-v /var/lib/etc-data:/var/lib/etc-data \
+-v /run:/run \
+-v /etc/hosts:/etc/hosts \
+-v /etc:/host/etc \
+-v /var/lib/dhclient:/var/lib/dhclient \
+-v /var/lib/cloud:/var/lib/cloud \
+-v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
+-v /var/lib/os-collect-config:/var/lib/os-collect-config \
+-v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \
+-v /var/lib/heat-config:/var/lib/heat-config \
+-v /etc/sysconfig/docker:/etc/sysconfig/docker \
+-v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
+-v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2 \
+-v /usr/bin/docker:/usr/bin/docker \
+-v /usr/bin/docker-current:/usr/bin/docker-current \
+-v /var/lib/os-collect-config:/var/lib/os-collect-config"
 
 # heat-docker-agents service
 cat <<EOF > /etc/systemd/system/heat-docker-agents.service
-
 [Unit]
 Description=Heat Docker Agent Container
 After=docker.service
 Requires=docker.service
+Before=os-collect-config.service
+Conflicts=os-collect-config.service
 
 [Service]
 User=root
-Restart=on-failure
-ExecStartPre=-/usr/bin/docker kill heat-agents
-ExecStartPre=-/usr/bin/docker rm heat-agents
+Restart=always
+ExecStartPre=-/usr/bin/docker rm -f heat-agents
 ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \
     $AGENT_COMMAND_MOUNTS \
     --entrypoint=/usr/bin/os-collect-config $agent_image
@@ -78,35 +58,12 @@ ExecStop=/usr/bin/docker stop heat-agents
 
 [Install]
 WantedBy=multi-user.target
-
 EOF
 
 # enable and start heat-docker-agents
-chmod 0640 /etc/systemd/system/heat-docker-agents.service
 /usr/bin/systemctl enable heat-docker-agents.service
 /usr/bin/systemctl start --no-block heat-docker-agents.service
 
-# Disable NetworkManager and let the ifup/down scripts work properly.
-/usr/bin/systemctl disable NetworkManager
-/usr/bin/systemctl stop NetworkManager
-
-# Atomic's root partition & logical volume defaults to 3G.  In order to launch
-# larger VMs, we need to enlarge the root logical volume and scale down the
-# docker_pool logical volume. We are allocating 80% of the disk space for
-# vm data and the remaining 20% for docker images.
-ATOMIC_ROOT='/dev/mapper/atomicos-root'
-ROOT_DEVICE=`pvs -o vg_name,pv_name --no-headings | grep atomicos | awk '{ print $2}'`
-
-growpart $( echo "${ROOT_DEVICE}" | sed -r 's/([^0-9]*)([0-9]+)/\1 \2/' )
-pvresize "${ROOT_DEVICE}"
-lvresize -l +80%FREE "${ATOMIC_ROOT}"
-xfs_growfs "${ATOMIC_ROOT}"
-
-cat <<EOF > /etc/sysconfig/docker-storage-setup
-GROWPART=true
-AUTO_EXTEND_POOL=yes
-POOL_AUTOEXTEND_PERCENT=30
-POOL_AUTOEXTEND_THRESHOLD=70
-EOF
-
-wait $DOCKER_PULL_PID
+# Disable libvirtd
+/usr/bin/systemctl disable libvirtd.service
+/usr/bin/systemctl stop libvirtd.service
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
index 6cb92c83..f4d47aa6 100644
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@@ -25,16 +25,6 @@ parameters:
     default: 'tripleoupstream'
     type: string
 
-  DockerOpenvswitchDBImage:
-    description: image
-    default: 'centos-binary-openvswitch-db-server'
-    type: string
-
-  DockerOvsVswitchdImage:
-    description: image
-    default: 'centos-binary-openvswitch-vswitchd'
-    type: string
-
   LibvirtConfig:
     type: string
     default: "/etc/libvirt/libvirtd.conf"
@@ -206,52 +196,6 @@ resources:
         nova_config: {get_param: NovaConfig}
         neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig}
 
-  NovaComputeContainersDeploymentOVS:
-    type: OS::Heat::StructuredDeploymentGroup
-    depends_on: CopyJsonDeployment
-    properties:
-      name: NovaComputeContainersDeploymentOVS
-      config: {get_resource: NovaComputeContainersConfigOVS}
-      servers: {get_param: [servers, {{role.name}}]}
-
-  NovaComputeContainersConfigOVS:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: docker-cmd
-      config:
-        openvswitchdb:
-          image:
-            list_join:
-              - '/'
-              - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ]
-          net: host
-          restart: always
-          volumes:
-            - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json
-            - /etc/localtime:/etc/localtime:ro
-            - /run:/run
-            - logs:/var/log/kolla/
-            - openvswitch_db:/var/lib/openvswitch/
-          environment:
-            - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
-        ovsvswitchd:
-          image:
-            list_join:
-              - '/'
-              - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ]
-          net: host
-          privileged: true
-          restart: always
-          volumes:
-            - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json
-            - /etc/localtime:/etc/localtime:ro
-            - /lib/modules:/lib/modules:ro
-            - /run:/run
-            - logs:/var/log/kolla/
-          environment:
-            - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
   {{role.name}}ContainersConfig_Step1:
     type: OS::Heat::StructuredConfig
     depends_on: CopyJsonDeployment
-- 
cgit 1.2.3-korg