By default, docker containers inherit ulimit from limits of docker
deamon. On CentOS 7, docker daemon default NOFILE is 1048576.
It can found in /usr/lib/systemd/system/docker.service.
The big limit will cause many problem. we should control it in
production environment.
Change-Id: Iab962446a94ef092977728259d9818b86cfa7f68
Nova services may reasonably expect cell databases to exist when they
start. The current cell setup tasks in kolla run after the nova
containers have started, meaning that cells may or may not exist in the
database when they start, depending on timing. In particular, we are
seeing issues in kolla CI currently with jobs timing out waiting for
nova compute services to start. The following error is seen in the nova
logs of these jobs, which may or may not be relevant:
No cells are configured, unable to continue
This change creates the cell0 and cell1 databases prior to starting nova
services.
In order to do this, we must create new containers in which to run the
nova-manage commands, because the nova-api container may not yet exist.
This required adding support to the kolla_docker module for specifying a
command for the container to run that overrides the image's command.
We also add the standard output and error to the module's result when a
non-detached container is run. A secondary benefit of this is that the
output of bootstrap containers is now displayed in the Ansible output if
the bootstrapping command fails, which will help with debugging.
Change-Id: I2c1e991064f9f588f398ccbabda94f69dc285e61
Closes-Bug: #1808575
This change adds support to comfigure tty,
it was enabled by default but a recent patch
removed it. Some services such as Karaf in opendaylight
requires a TTY during startup.
Closes-Bug: #1806662
Change-Id: Ia4335523b727d0e45505cbb1efb40ccf04c27db7
With a pseudo terminal, service is not treated as a daemon
and signals would not work as expected.
Change-Id: I16aa29a7924df51659d973a81d8005ae3d86f57b
Related-Bug: #1799642
move the merge_yaml and merge_config module's DOCUMENTATION and
EXAMPLES into action_plugins.
Change-Id: I84c5b94afb870fc9a25838782389f7b1f8b882fd
Closes-Bug: #1799236
This commit is to apply resource-constraints only to few OpenStack services.
Commit to apply constraints to other services will be made in coming commits.
Partially-Implements: blueprint resource-constraints
Change-Id: Icafa54baca24d2de64238222a5677b9d8b90e2aa
This commit will constrain the dimensions of service `Nova`
and sub-containers deployed along with it.
A user can give the dimension values in `/etc/kolla/globals.yml`
the data-types just like stated in this commit.
Reference-Docs:
https://docs.docker.com/config/containers/resource_constraints/
Added Test-cases for the same.
Partially-Implements: blueprint resource-constraints
Change-Id: I6458d8fb7b26a6e7c3a9fd0d674d9cf129b0bf5d
This patch increases the default timeout for
the kolla_toolbox ansible module when talking
with the docker API from the default 60 to 180 secs.
This is required on slower deployments,
specially when bootstraping an environment and fernet
tokes are in usage. For faster deployments this will
be harmless, but for slower deployments this would be
beneficial.
Bug: #1767136
Change-Id: I0391715b16cf86d6c27fecf8a666de64f2735a7d
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
In old docker, if you do not specify ipc_mode, the default value is empty,
but in the latest docker, such as 17.09.0, if not specified, the default
is "IpcMode": "shareable", which will cause all containers to be deleted
and re-create when to redeploy or upgrade. This commit solves the
problem.
Change-Id: Ia8269b9c8066880e4aee23d6fdea8d9c04c41e44
Closes-Bug: #1747586
When upgrade from ceph Jewel to ceph luminous, the client.admin caps
should add `mgr 'allow *'` caps
Change-Id: Ia4cb7a59d4cf215a1dce1efe31e00f1401e0b753
Closes-Bug: #1750967
Missing container status check in recreate_or_restart_container,
this causes if the container is not running (kolla-ansible stop),
to not be started with deploy/reconfigure/upgrade if any other param
changes.
Change-Id: I5cff5f367e963ba8b1807ec46469da817e40e468
Closes-Bug: #1714015
In some case, docker can not remove container and raise following error
message:
Unable to remove filesystem for xxx remove
/var/lib/docker/containers/xxx/shm: device or resource busy
But the container is removed. This patch assumes container is
removed if only container name is not shown in docker ps.
Closes-Bug: #1662598
Change-Id: I079d5ec6178018403ec7a49c975f137e27eb9ad4
Ansible check if modules parameters are named like
%password% and allow to hidden log param in this case.
This requires adding "no_log" parameters.
This patch just add "no_log" param in order to avoid
this warning.
Change-Id: I9c1df1093e0fd101090292d6e8bf3527f99aeb17
Closes-Bug: #1702244
The pypi package 'docker-py' [1] has been renamed to 'docker' [2].
It is better to move to the new 'docker' package because the old
package will be deprecated and all the new features will go into
the new package only.
Package 'docker' has been added to requirements [3]. The old
package 'docker-py' is still allowed to be in the global requirements
during the transition period but it should be removed after all or
most of the projects finsih the migration.
[1] https://pypi.python.org/pypi/docker-py
[2] https://pypi.python.org/pypi/docker
[3] https://review.openstack.org/#/c/423715/
Change-Id: Ibcd5a57a1fbf55dcc5a690e41f20917f95b63da0
When docker-py is newer than docker daemon following
APIError may be raised:
client is newer than server (client API version: 1.24, server API version: 1.22)
So it's better to pass api_version='auto' to docker client,
so client will discover suitable version if not specified.
Change-Id: Ib747ed91b315ca762936a6efa6b71a29b2d2ae1e
Signed-off-by: Pavel Glushchak <pglushchak@virtuozzo.com>
Currently, when stoping/restarting container, Kolla uses default timeout value
between SIGTERM and SIGKILL provided by docker which is 10 sec. But some
services require more than it to finish graceful shutdown progress.
This patchset adds graceful_timeout to kolla_docker to override the default
one.
Partial Implements: bp signaling-to-container
Change-Id: Ica0b48a53c650cc23dfa1955027d2cf936a5932f
At the moment, the process to determine if an image has
changed or not relies on the Docker API which depending
on the Docker release server can return different results.
This patch addresses this issue by grabbing the SHA256
of the image before pulling (defaulting to None if it does
not exist) and then comparing it after the pull is complete
which should always be successful at determining if the
image did change or not.
The test for unknown status images is removed because this
is not a possible scenario as we do not rely on status
anymore except for failures (which are still tested).
Change-Id: Ia60a7f34420b02f50597dddb96a4c36ff3996612
Closes-Bug: #1668059
docker-py 2.0.0 is released with renaming docker.Client to
docker.APIClient. and with a new python package name "docker" rather
than "docker-py".
This patch support docker and docker-py packages.
Change-Id: Ib4400a4d2ce803191ee6215c5b28f0052970332c
Closes-Bug: #1668346
A empty docker volume item will cause start_container to fail.
This bug is not triggered in current kolla deployment scripts, but
only if you pass a empty volume item to kolla_docker module.
E.g. Using a if expression in items of volumes list while calling
start_container. Like the one in start.yml of iscsi and cinder.
Change-Id: I389246fb9650ab5304463e943459ecb68706167f
There is inconsistent use of either `/usr/bin/python` or
`/usr/bin/env python`. This makes for unexpected results when a
user might be using a virtualenv.
Change-Id: Ibb030f920a8869f9113ade70b66a921cc815060d
bypass_checks is disabled by Ib2e19794bbe804470a880253d5870254041358c8 .
But we use pid_mode: "{{ service.pid_mode | default('') }}" pattern in
the yaml file. whereas pid_mode only support "host" value, this patch
add '' as a choice of these two parameters.
Change-Id: Ib83ed5e437ca868f0e42ce740ad1125d2fa48ff4
Recreate and start a new container when container parameter is changed
in COPY_ALWAYS strategy.
Change-Id: I1e45c0dc34a93a18b664109823d6fd5b88c331a2
Closes-Bug: #1659799
docker engine 1.10 and docker engine 1.12 have different response for
list containers. Use status=running filter instead. It is provided by
all docker version.
Closes-Bug: #1658015
Change-Id: I54df4b08f215322d97d604ebd84e04255a359ef6
