From 1bda1fd9a7ddd45c3d2cded441a875328247b5ad Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Thu, 12 Jul 2018 12:12:14 +1200
Subject: [PATCH] Break out image prepare into its own "service"

This makes the docker-registry service focused on installing the
registry, as it should be. Also this makes it possible to invoke this
service during overcloud deploy too.

This change also switches to calling the tripleo-common script
tripleo-container-image-prepare instead of the full openstack command.
This will allow a mistral image to do a prepare without depending on
the python-tripleoclient package.

The {{role}}Services and {{role}}Count are propagated to
tripleo-container-image-prepare so that images are filtered correctly.

sudo is used instead of become:true so that the tripleo-common mistral
sudoers pattern matches.

Depends-On: Ic1648e43f45bb7604d4c0f9abf247a475fb23707
Change-Id: Ibc16bed673de7b22cd8eef3f6fb0d45871083873
Blueprint: container-prepare-workflow
---
 environments/undercloud.yaml                  |  1 +
 overcloud-resource-registry-puppet.j2.yaml    |  1 +
 ...2.yaml => container-image-prepare.j2.yaml} | 68 ++++++++----------
 puppet/services/docker-registry.yaml          | 70 +++++++++++++++++++
 roles/Undercloud.yaml                         |  1 +
 roles_data_undercloud.yaml                    |  1 +
 6 files changed, 105 insertions(+), 37 deletions(-)
 rename puppet/services/{docker-registry.j2.yaml => container-image-prepare.j2.yaml} (60%)
 create mode 100644 puppet/services/docker-registry.yaml

diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml
index 9563e0440e..d02d31f450 100644
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@@ -4,6 +4,7 @@ resource_registry:
   OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml
   OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml
   OS::TripleO::Services::DockerRegistry: ../puppet/services/docker-registry.yaml
+  OS::TripleO::Services::ContainerImagePrepare: ../puppet/services/container-image-prepare.yaml
   # Allows us to control the external VIP for Undercloud SSL
   OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml
 
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index e713ce05e3..4502ca539f 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -302,6 +302,7 @@ resource_registry:
   OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
   OS::TripleO::Services::Docker: puppet/services/docker.yaml
   OS::TripleO::Services::DockerRegistry: OS::Heat::None
+  OS::TripleO::Services::ContainerImagePrepare: OS::Heat::None
   OS::TripleO::Services::CertmongerUser: puppet/services/certmonger-user.yaml
   OS::TripleO::Services::Clustercheck: OS::Heat::None
   OS::TripleO::Services::RsyslogSidecar: OS::Heat::None
diff --git a/puppet/services/docker-registry.j2.yaml b/puppet/services/container-image-prepare.j2.yaml
similarity index 60%
rename from puppet/services/docker-registry.j2.yaml
rename to puppet/services/container-image-prepare.j2.yaml
index 83c6495b2c..2dad0638d3 100644
--- a/puppet/services/docker-registry.j2.yaml
+++ b/puppet/services/container-image-prepare.j2.yaml
@@ -1,7 +1,7 @@
 heat_template_version: rocky
 
 description: >
-  Configures docker-registry on a host.
+  Prepare container images
 
 parameters:
   EndpointMap:
@@ -30,10 +30,6 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
-  LocalContainerRegistry:
-    default: ''
-    description: The IP address used to bind the local container registry
-    type: string
   ContainerImagePrepare:
     default: {}
     description: Used to run "openstack tripleo container image prepare".
@@ -44,41 +40,38 @@ parameters:
     default: 'tripleo-container-image-prepare.log'
     type: string
     description: Used to store outputs of "openstack tripleo container image prepare".
+  DockerInsecureRegistryAddress:
+    description: Optional. The IP Address and Port of an insecure docker
+                 namespace that will be configured in /etc/sysconfig/docker.
+                 The value can be multiple addresses separated by commas.
+    type: comma_delimited_list
+    default: []
 
-conditions:
-  local_container_registry_is_empty: {equals : [{get_param: LocalContainerRegistry}, '']}
+{% for role in roles %}
+  # Parameters generated for {{role.name}} Role
+  {{role.name}}Services:
+    description: A list of service resources (configured in the Heat
+                 resource_registry) which represent nested stacks
+                 for each service that should get installed on the {{role.name}} role.
+    type: comma_delimited_list
+
+  {{role.name}}Count:
+    description: Number of {{role.name}} nodes to deploy
+    type: number
+    default: {{role.CountDefault|default(0)}}
+{% endfor %}
 
 outputs:
   role_data:
-    description: Role data for the docker registry service
+    description: Role data for container image prepare
     value:
-      service_name: docker_registry
-      config_settings:
-        tripleo.docker_registry.firewall_rules:
-          '155 docker-registry':
-            dport:
-              - 8787
-              - 13787
-      step_config: ''
-      host_prep_tasks:
-        - name: Install, Configure and Run Docker Distribution
-          block:
-          # NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621
-          - set_fact:
-              container_registry_host:
-                if:
-                - local_container_registry_is_empty
-                - {get_param: [EndpointMap, DockerRegistryInternal, host]}
-                - {get_param: LocalContainerRegistry}
-              container_registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]}
-              log_file: {get_param: ContainerImagePrepareLogFile}
-          - include_role:
-              name: container-registry
-              tasks_from: docker-distribution
+      service_name: container_image_prepare
       external_deploy_tasks:
         - name: Container image prepare
           when: step|int == 1
           block:
+          - set_fact:
+              log_file: {get_param: ContainerImagePrepareLogFile}
           - name: Create temp file for prepare parameter
             tempfile:
               state: file
@@ -95,12 +88,17 @@ outputs:
               content:
                 parameter_defaults:
                   ContainerImagePrepare: {get_param: ContainerImagePrepare}
+                  DockerInsecureRegistryAddress: {get_param: DockerInsecureRegistryAddress}
+{% for role in roles %}
+                  {{role.name}}Services: {get_param: {{role.name}}Services}
+                  {{role.name}}Count: {get_param: {{role.name}}Count}
+{% endfor %}
           - name: Write role data file
             copy:
               dest: "{{ '{{' }} role_data.path {{ '}}' }}"
               content: {{ roles }}
-          - name: Run openstack tripleo container image prepare
-            command: openstack tripleo container image prepare --log-file {{ '{{' }} log_file {{ '}}' }} --roles-file {{ '{{' }} role_data.path {{ '}}' }} --environment-file {{ '{{' }} prepare_param.path {{ '}}' }} --cleanup partial --verbose
+          - name: Run tripleo-container-image-prepare
+            shell: sudo /usr/bin/tripleo-container-image-prepare --roles-file {{ '{{' }} role_data.path {{ '}}' }} --environment-file {{ '{{' }} prepare_param.path {{ '}}' }} --cleanup partial 2> {{ '{{' }} log_file {{ '}}' }}
           - name: Delete param file
             file:
               dest: "{{ '{{' }} prepare_param.path {{ '}}' }}"
@@ -109,7 +107,3 @@ outputs:
             file:
               dest: "{{ '{{' }} role_data.path {{ '}}' }}"
               state: absent
-      upgrade_tasks:
-        - name: Install docker packages on upgrade if missing
-          when: step|int == 3
-          package: name=docker-distribution state=latest
diff --git a/puppet/services/docker-registry.yaml b/puppet/services/docker-registry.yaml
new file mode 100644
index 0000000000..7cec328c87
--- /dev/null
+++ b/puppet/services/docker-registry.yaml
@@ -0,0 +1,70 @@
+heat_template_version: rocky
+
+description: >
+  Configures docker-registry on a host.
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  LocalContainerRegistry:
+    default: ''
+    description: The IP address used to bind the local container registry
+    type: string
+
+conditions:
+  local_container_registry_is_empty: {equals : [{get_param: LocalContainerRegistry}, '']}
+
+outputs:
+  role_data:
+    description: Role data for the docker registry service
+    value:
+      service_name: docker_registry
+      config_settings:
+        tripleo.docker_registry.firewall_rules:
+          '155 docker-registry':
+            dport:
+              - 8787
+              - 13787
+      step_config: ''
+      host_prep_tasks:
+        - name: Install, Configure and Run Docker Distribution
+          block:
+          # NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621
+          - set_fact:
+              container_registry_host:
+                if:
+                - local_container_registry_is_empty
+                - {get_param: [EndpointMap, DockerRegistryInternal, host]}
+                - {get_param: LocalContainerRegistry}
+              container_registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]}
+          - include_role:
+              name: container-registry
+              tasks_from: docker-distribution
+      upgrade_tasks:
+        - name: Install docker packages on upgrade if missing
+          when: step|int == 3
+          package: name=docker-distribution state=latest
diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml
index 019490b3d6..0b69a7fdc6 100644
--- a/roles/Undercloud.yaml
+++ b/roles/Undercloud.yaml
@@ -30,6 +30,7 @@
     - OS::TripleO::Services::CinderApi
     - OS::TripleO::Services::CinderScheduler
     - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::ContainerImagePrepare
     - OS::TripleO::Services::ContainersLogrotateCrond
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::DockerRegistry
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index 7f00e8261e..0c7915744f 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -33,6 +33,7 @@
     - OS::TripleO::Services::CinderApi
     - OS::TripleO::Services::CinderScheduler
     - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::ContainerImagePrepare
     - OS::TripleO::Services::ContainersLogrotateCrond
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::DockerRegistry