From c4d91eca1ba1614648fb2ae96340ed2876f64cd3 Mon Sep 17 00:00:00 2001
From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Date: Sat, 1 Sep 2018 18:05:08 +0200
Subject: [docker] Cleanup, minor fixes, formula bump

* ship prebuilt salt master conf for better readability:
  - enable x509.sign_remote_certificate (for prx VCP nodes);
* refactor Salt master CA handling:
  - preinstall `salt_minion_dependency_packages` and
   `salt_minion_reclass_dependencies` inside docker image;
  - persistent /etc/pki;
  - run salt.minion on cfg01 to generate master keys;
* bump container formulas to 1 Sep 2018 versions or newer:
  - inject date into Docker makefile, forcing a fresh fetch of all
    salt formulas from upstream git repos;
* workaround broken salt-formula-designate's meta/sphinx.yml:
  - the DEB package version of salt-formula-designate uses `cmd.shell`
    to query dpkg on the minion, while the git repo version still
    uses `cmd.run`, running into parsing issues;
  - temporarily disable sphinx metadata generation for designate until
    upstream git repo syncs with the DEB version;
* upstream: salt-formula-salt AArch64 salt.control.virt support:
  - retire salt-formula-salt git submodule and related patches;
* skip installing reclass distro package (already installed via pip
  inside the container);
* limit initial pillar_refresh call to nodes on jumphost;
* remove unused salt-formula-nova git submodule;

JIRA: FUEL-383

Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
---
 mcp/scripts/docker-compose/docker-compose.yaml.j2  |  1 +
 mcp/scripts/docker-compose/files/entrypoint.sh     | 10 ++++++++++
 mcp/scripts/docker-compose/files/opnfv_master.conf | 16 ++++++++++++++++
 mcp/scripts/lib.sh                                 | 10 ++--------
 4 files changed, 29 insertions(+), 8 deletions(-)
 create mode 100644 mcp/scripts/docker-compose/files/opnfv_master.conf

(limited to 'mcp/scripts')

diff --git a/mcp/scripts/docker-compose/docker-compose.yaml.j2 b/mcp/scripts/docker-compose/docker-compose.yaml.j2
index 5ee96a1fc..54315978e 100644
--- a/mcp/scripts/docker-compose/docker-compose.yaml.j2
+++ b/mcp/scripts/docker-compose/docker-compose.yaml.j2
@@ -25,6 +25,7 @@ services:
        - {{ conf.MCP_STORAGE_DIR }}/pod_config.yml:/root/pod_config.yml
        - {{ conf.MCP_STORAGE_DIR }}/base_image_opnfv_fuel_vcp.img:/srv/salt/env/prd/salt/files/control/images/base_image_opnfv_fuel_vcp.img
        - {{ conf.MCP_STORAGE_DIR }}/nodes:/srv/salt/reclass/nodes
+       - {{ conf.MCP_STORAGE_DIR }}/pki:/etc/pki
        - {{ conf.MCP_STORAGE_DIR }}/salt:/etc/salt
        - {{ conf.MCP_STORAGE_DIR }}/hosts:/etc/hosts
     hostname: cfg01
diff --git a/mcp/scripts/docker-compose/files/entrypoint.sh b/mcp/scripts/docker-compose/files/entrypoint.sh
index 08c17a2e6..c7f7f9118 100755
--- a/mcp/scripts/docker-compose/files/entrypoint.sh
+++ b/mcp/scripts/docker-compose/files/entrypoint.sh
@@ -18,6 +18,16 @@ if [ ! -f /home/ubuntu/.ssh/authorized_keys ]; then
                          /home/ubuntu/.ssh/authorized_keys
 fi
 
+if ! grep -q localhost /etc/hosts; then
+    # overwrite hosts only on first container up, to preserve cluster nodes
+    cp -a /root/fuel/mcp/scripts/docker-compose/files/hosts /etc/hosts
+fi
+
+# salt state does not properly configure file_roots in master.conf, hard set it
+cp -a /root/fuel/mcp/scripts/docker-compose/files/opnfv_master.conf \
+      /etc/salt/master.d/opnfv_master.conf
+echo 'master: localhost' > /etc/salt/minion.d/opnfv_slave.conf
+
 # NOTE: Most Salt and/or reclass tools have issues traversing Docker mounts
 # or detecting them as directories inside the container.
 # For now, let's do a lot of copy operations to bypass this.
diff --git a/mcp/scripts/docker-compose/files/opnfv_master.conf b/mcp/scripts/docker-compose/files/opnfv_master.conf
new file mode 100644
index 000000000..7066f04bf
--- /dev/null
+++ b/mcp/scripts/docker-compose/files/opnfv_master.conf
@@ -0,0 +1,16 @@
+file_roots:
+  base:
+    - /srv/salt/env/prd
+  prd:
+    - /srv/salt/env/prd
+  dev:
+    - /srv/salt/env/dev
+    - /srv/salt/env/prd
+
+user: root
+file_recv: True
+
+open_mode: True
+
+peer:
+  .*: ['x509.sign_remote_certificate']
diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh
index b43686b7d..cc88f9b54 100644
--- a/mcp/scripts/lib.sh
+++ b/mcp/scripts/lib.sh
@@ -493,15 +493,9 @@ function prepare_containers {
   docker-compose --version > /dev/null 2>&1 || COMPOSE_PREFIX="${image_dir}/"
 
   "${COMPOSE_PREFIX}docker-compose" -f docker-compose/docker-compose.yaml down
-  sudo rm -rf "${image_dir}/"{salt,hosts} "${image_dir}/nodes/"*
+  sudo rm -rf "${image_dir}/"{salt,hosts,pki} "${image_dir}/nodes/"*
   mkdir -p "${image_dir}/salt/"{master.d,minion.d}
-  # salt state does not properly configure file_roots in master.conf, hard set it
-  sed -e 's/user: salt/user: root\nfile_recv: True/' -e 's/auto_accept:/open_mode:/' \
-      "${MCP_REPO_ROOT_PATH}/docker/files/salt/master.conf" > \
-      "${image_dir}/salt/master.d/opnfv.conf"
-  echo 'master: localhost' > "${image_dir}/salt/minion.d/opnfv.conf"
-  cp "${MCP_REPO_ROOT_PATH}/mcp/scripts/docker-compose/files/hosts" \
-      "${image_dir}/hosts"
+  touch "${image_dir}/hosts"
 }
 
 function start_containers {
-- 
cgit 1.2.3-korg