From 903b0ff2112e59aa8a60e567b6c7f073b9a7a973 Mon Sep 17 00:00:00 2001
From: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Date: Thu, 29 Sep 2016 11:38:10 +0800
Subject: [PATCH] Fix ironic failed

* Mount system folder in ironic-conductor
* Add package need in ironic-conductor
* Fix the log path issue
* Add ironic sudoer in ironic-base
* Fix credential issue
* Do not start nova-compute when enable ironic

Closes-Bug: #1629334
Change-Id: If9d478c6513de37465403d458a88cf0da7ebd8a6
---
 ansible/roles/ironic/tasks/start.yml          | 10 ++++++++-
 ansible/roles/ironic/templates/ironic.conf.j2 | 10 +++++----
 ansible/roles/nova/tasks/start_compute.yml    |  1 +
 ansible/roles/nova/templates/nova.conf.j2     |  1 +
 docker/ironic/ironic-api/Dockerfile.j2        |  4 ++--
 docker/ironic/ironic-base/Dockerfile.j2       | 16 ++++++++++----
 docker/ironic/ironic-base/extend_start.sh     | 12 ++++++++++
 docker/ironic/ironic-base/ironic_sudoers      |  1 +
 docker/ironic/ironic-conductor/Dockerfile.j2  | 22 +++++++++++++++----
 docker/ironic/ironic-pxe/Dockerfile.j2        |  4 ++--
 10 files changed, 64 insertions(+), 17 deletions(-)
 create mode 100644 docker/ironic/ironic-base/extend_start.sh
 create mode 100644 docker/ironic/ironic-base/ironic_sudoers

diff --git a/ansible/roles/ironic/tasks/start.yml b/ansible/roles/ironic/tasks/start.yml
index 142faec669..7c1fbe8994 100644
--- a/ansible/roles/ironic/tasks/start.yml
+++ b/ansible/roles/ironic/tasks/start.yml
@@ -17,8 +17,10 @@
     common_options: "{{ docker_common_options }}"
     image: "{{ ironic_api_image_full }}"
     name: "ironic_api"
-    volumes: 
+    volumes:
       - "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla"
   when: inventory_hostname in groups['ironic-api']
 
 - name: Starting ironic-conductor container
@@ -27,9 +29,15 @@
     common_options: "{{ docker_common_options }}"
     image: "{{ ironic_conductor_image_full }}"
     name: "ironic_conductor"
+    privileged: True
     volumes:
       - "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro"
       - "/etc/localtime:/etc/localtime:ro"
+      - "/sys:/sys"
+      - "/dev:/dev"
+      - "/run:/run"
+      - "kolla_logs:/var/log/kolla"
+      - "ironic:/var/lib/ironic"
       - "ironic_pxe:/tftpboot/"
   when: inventory_hostname in groups['ironic-conductor']
 
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 076a73f004..c1f84ae554 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -1,6 +1,8 @@
 [DEFAULT]
 debug = {{ ironic_logging_debug }}
 
+log_dir = /var/log/kolla/ironic
+
 admin_user = {{ openstack_auth.username }}
 admin_password = {{ keystone_admin_password }}
 
@@ -16,7 +18,7 @@ host_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['a
 {% if service_name == 'ironic-conductor' %}
 [conductor]
 api_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}
-clean_nodes = false
+automated_clean=false
 {% endif %}
 
 {% if service_name == 'ironic-inspector' %}
@@ -41,9 +43,9 @@ auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_po
 auth_type = password
 project_domain_id = default
 user_domain_id = default
-admin_tenant_name = service
-admin_user = {{ ironic_keystone_user }}
-admin_password = {{ ironic_keystone_password }}
+project_name = service
+username = {{ ironic_keystone_user }}
+password = {{ ironic_keystone_password }}
 
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/nova/tasks/start_compute.yml b/ansible/roles/nova/tasks/start_compute.yml
index ac8bf97df7..df76747939 100644
--- a/ansible/roles/nova/tasks/start_compute.yml
+++ b/ansible/roles/nova/tasks/start_compute.yml
@@ -49,6 +49,7 @@
   when:
     - inventory_hostname in groups['compute']
     - not enable_nova_fake | bool
+    - not enable_ironic | bool
 
 - name: Starting nova-compute-ironic container
   kolla_docker:
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 7a635c66f3..82c991e94f 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -96,6 +96,7 @@ html5proxy_port = {{ nova_spicehtml5proxy_port }}
 username = {{ ironic_keystone_user }}
 password = {{ ironic_keystone_password }}
 auth_url = {{ openstack_auth.auth_url }}/v3
+auth_type = password
 project_name = service
 user_domain_name = default
 project_domain_name = default
diff --git a/docker/ironic/ironic-api/Dockerfile.j2 b/docker/ironic/ironic-api/Dockerfile.j2
index eada8e359e..32f2d36e08 100644
--- a/docker/ironic/ironic-api/Dockerfile.j2
+++ b/docker/ironic/ironic-api/Dockerfile.j2
@@ -16,8 +16,8 @@ MAINTAINER {{ maintainer }}
 
 {% endif %}
 
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
+RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start
 
 {% block ironic_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}
diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2
index 027c49f7d7..2b24ed3b73 100644
--- a/docker/ironic/ironic-base/Dockerfile.j2
+++ b/docker/ironic/ironic-base/Dockerfile.j2
@@ -18,16 +18,24 @@ MAINTAINER {{ maintainer }}
 
 ADD ironic-base-archive /ironic-base-source
 RUN ln -s ironic-base-source/* ironic \
-    && useradd --user-group ironic \
+    && useradd --user-group --create-home --home-dir /var/lib/ironic ironic \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ironic \
-    && mkdir -p /etc/ironic /var/log/ironic /home/ironic \
+    && mkdir -p /etc/ironic /var/lib/ironic \
     && cp -r /ironic/etc/ironic/* /etc/ironic/ \
-    && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic \
+    && chown -R ironic: /etc/ironic /var/lib/ironic \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf
 
+ADD ironic_sudoers /etc/sudoers.d/kolla_ironic_sudoers
+RUN chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers
+
 {% endif %}
 
-RUN usermod -a -G kolla ironic \
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+
+RUN touch /usr/local/bin/kolla_ironic_extend_start \
+    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ironic_extend_start \
+    && usermod -a -G kolla ironic \
     && chown -R ironic: /etc/ironic
 
 {% block ironic_base_footer %}{% endblock %}
diff --git a/docker/ironic/ironic-base/extend_start.sh b/docker/ironic/ironic-base/extend_start.sh
new file mode 100644
index 0000000000..e3b1d4e2dc
--- /dev/null
+++ b/docker/ironic/ironic-base/extend_start.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+LOG_PATH=/var/log/kolla/ironic
+
+if [[ ! -d "${LOG_PATH}" ]]; then
+    mkdir -p "${LOG_PATH}"
+fi
+if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then
+    chmod 755 "${LOG_PATH}"
+fi
+
+. /usr/local/bin/kolla_ironic_extend_start
diff --git a/docker/ironic/ironic-base/ironic_sudoers b/docker/ironic/ironic-base/ironic_sudoers
new file mode 100644
index 0000000000..3e7c843f39
--- /dev/null
+++ b/docker/ironic/ironic-base/ironic_sudoers
@@ -0,0 +1 @@
+ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf *
diff --git a/docker/ironic/ironic-conductor/Dockerfile.j2 b/docker/ironic/ironic-conductor/Dockerfile.j2
index 69196958c4..00ddc40d53 100644
--- a/docker/ironic/ironic-conductor/Dockerfile.j2
+++ b/docker/ironic/ironic-conductor/Dockerfile.j2
@@ -9,25 +9,39 @@ MAINTAINER {{ maintainer }}
     {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
         {% set ironic_conductor_packages = [
             'openstack-ironic-conductor',
-            'qemu-img'
+            'qemu-img',
+            'ipmitool',
+            'parted',
+            'gdisk',
+            'psmisc'
         ] %}
     {% elif base_distro in ['ubuntu'] %}
         {% set ironic_conductor_packages = [
             'ironic-conductor',
             'qemu-utils',
-            'ipmitool'
+            'ipmitool',
+            'gdisk',
+            'psmisc',
+            'parted'
         ] %}
     {% endif %}
 {% elif install_type == 'source' %}
     {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
         {% set ironic_conductor_packages = [
             'qemu-img',
-            'ipmitool'
+            'ipmitool',
+            'parted',
+            'gdisk',
+            'psmisc',
+            'fuse'
         ] %}
     {% elif base_distro in ['ubuntu', 'debian'] %}
         {% set ironic_conductor_packages = [
             'qemu-utils',
-            'ipmitool'
+            'ipmitool',
+            'gdisk',
+            'psmisc',
+            'parted'
         ] %}
     {% endif %}
 {% endif %}
diff --git a/docker/ironic/ironic-pxe/Dockerfile.j2 b/docker/ironic/ironic-pxe/Dockerfile.j2
index 4f3692b5f5..1545ca4102 100644
--- a/docker/ironic/ironic-pxe/Dockerfile.j2
+++ b/docker/ironic/ironic-pxe/Dockerfile.j2
@@ -21,8 +21,8 @@ MAINTAINER {{ maintainer }}
 {{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }}
 
 COPY tftp-map-file /map-file
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
+RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start
 
 {% block ironic_pxe_footer %}{% endblock %}
 {% block footer %}{% endblock %}