aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/scripts/docker-compose
diff options
context:
space:
mode:
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-09-01 18:05:08 +0200
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-09-01 21:31:39 +0200
commitc4d91eca1ba1614648fb2ae96340ed2876f64cd3 (patch)
treef0c013d38288561e0616a65c7e4ba50a7afb3f28 /mcp/scripts/docker-compose
parent57040b97c6317a94020ad27b8001ac0965b208f7 (diff)
[docker] Cleanup, minor fixes, formula bump
* ship prebuilt salt master conf for better readability: - enable x509.sign_remote_certificate (for prx VCP nodes); * refactor Salt master CA handling: - preinstall `salt_minion_dependency_packages` and `salt_minion_reclass_dependencies` inside docker image; - persistent /etc/pki; - run salt.minion on cfg01 to generate master keys; * bump container formulas to 1 Sep 2018 versions or newer: - inject date into Docker makefile, forcing a fresh fetch of all salt formulas from upstream git repos; * workaround broken salt-formula-designate's meta/sphinx.yml: - the DEB package version of salt-formula-designate uses `cmd.shell` to query dpkg on the minion, while the git repo version still uses `cmd.run`, running into parsing issues; - temporarily disable sphinx metadata generation for designate until upstream git repo syncs with the DEB version; * upstream: salt-formula-salt AArch64 salt.control.virt support: - retire salt-formula-salt git submodule and related patches; * skip installing reclass distro package (already installed via pip inside the container); * limit initial pillar_refresh call to nodes on jumphost; * remove unused salt-formula-nova git submodule; JIRA: FUEL-383 Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'mcp/scripts/docker-compose')
-rw-r--r--mcp/scripts/docker-compose/docker-compose.yaml.j21
-rwxr-xr-xmcp/scripts/docker-compose/files/entrypoint.sh10
-rw-r--r--mcp/scripts/docker-compose/files/opnfv_master.conf16
3 files changed, 27 insertions, 0 deletions
diff --git a/mcp/scripts/docker-compose/docker-compose.yaml.j2 b/mcp/scripts/docker-compose/docker-compose.yaml.j2
index 5ee96a1fc..54315978e 100644
--- a/mcp/scripts/docker-compose/docker-compose.yaml.j2
+++ b/mcp/scripts/docker-compose/docker-compose.yaml.j2
@@ -25,6 +25,7 @@ services:
- {{ conf.MCP_STORAGE_DIR }}/pod_config.yml:/root/pod_config.yml
- {{ conf.MCP_STORAGE_DIR }}/base_image_opnfv_fuel_vcp.img:/srv/salt/env/prd/salt/files/control/images/base_image_opnfv_fuel_vcp.img
- {{ conf.MCP_STORAGE_DIR }}/nodes:/srv/salt/reclass/nodes
+ - {{ conf.MCP_STORAGE_DIR }}/pki:/etc/pki
- {{ conf.MCP_STORAGE_DIR }}/salt:/etc/salt
- {{ conf.MCP_STORAGE_DIR }}/hosts:/etc/hosts
hostname: cfg01
diff --git a/mcp/scripts/docker-compose/files/entrypoint.sh b/mcp/scripts/docker-compose/files/entrypoint.sh
index 08c17a2e6..c7f7f9118 100755
--- a/mcp/scripts/docker-compose/files/entrypoint.sh
+++ b/mcp/scripts/docker-compose/files/entrypoint.sh
@@ -18,6 +18,16 @@ if [ ! -f /home/ubuntu/.ssh/authorized_keys ]; then
/home/ubuntu/.ssh/authorized_keys
fi
+if ! grep -q localhost /etc/hosts; then
+ # overwrite hosts only on first container up, to preserve cluster nodes
+ cp -a /root/fuel/mcp/scripts/docker-compose/files/hosts /etc/hosts
+fi
+
+# salt state does not properly configure file_roots in master.conf, hard set it
+cp -a /root/fuel/mcp/scripts/docker-compose/files/opnfv_master.conf \
+ /etc/salt/master.d/opnfv_master.conf
+echo 'master: localhost' > /etc/salt/minion.d/opnfv_slave.conf
+
# NOTE: Most Salt and/or reclass tools have issues traversing Docker mounts
# or detecting them as directories inside the container.
# For now, let's do a lot of copy operations to bypass this.
diff --git a/mcp/scripts/docker-compose/files/opnfv_master.conf b/mcp/scripts/docker-compose/files/opnfv_master.conf
new file mode 100644
index 000000000..7066f04bf
--- /dev/null
+++ b/mcp/scripts/docker-compose/files/opnfv_master.conf
@@ -0,0 +1,16 @@
+file_roots:
+ base:
+ - /srv/salt/env/prd
+ prd:
+ - /srv/salt/env/prd
+ dev:
+ - /srv/salt/env/dev
+ - /srv/salt/env/prd
+
+user: root
+file_recv: True
+
+open_mode: True
+
+peer:
+ .*: ['x509.sign_remote_certificate']