32 Commits

Author SHA1 Message Date
Lukas Bezdicka
81db32ca8c Upgrades: Refactor httpd_enabled variable
To not to redefine variable multiple times in each service we
split httpd_enabled to per service fact set in step|int == 0 block.

Change-Id: Icea0865aadd9253ead464247bf78f45842b3a578
2018-05-31 13:46:15 +02:00
Carlos Camacho
44ef2a3ec1 Change template names to rocky
The new master branch should point now to rocky.

So, HOT templates should specify that they might contain features
for rocky release [1]

Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
2018-05-09 08:28:42 +02:00
Cédric Jeanneret
4f2c29e83f Expose Horizon "DocumentRoot" on host
This will allow webroot plugin for Let's Encrypt to actually work.
The container has no need to write in this location.

Change-Id: Ia76a0cc007abfdec6f25e1371eb696864f2925fd
Closes-Bug: 1768519
2018-05-02 15:15:31 +02:00
Radomir Dopieralski
e792b9972a Enable heat-ui plugin for horizon by default
Since the orchestration tab was moved in Horizon into a plugin,
we have a regression if we don't enable that plugin by default.

Change-Id: Ia99b23f3ece61830954f73704e85a6efaa5f7428
2018-04-24 12:33:28 +02:00
Carlos Goncalves
562d223dbb Enable Octavia dashboard on horizon container
Depends-On: https://review.openstack.org/#/c/556888/
Change-Id: I41423f7e71cd94d414b33686d9ec3693ab705c14
2018-03-30 16:52:24 +01:00
Martin André
c2538f78f1 Disable murano horizon plugin until dep is met
Murano dashboard has a dependency on heat-dashboard which is not yet in
the horizon image. The heat-dashboard was recently packaged in RDO [1]
but hasn't yet made it's way into current-tripleo or current-passed-ci.

We need to add the package into the kolla image once there is a RDO
promotion and re-enable the plugin.

[1] https://github.com/rdo-packages/heat-dashboard-distgit

Change-Id: I7c0ccd915d8429bb348c09ab621163aef275c669
Related-Bug: #1752132
2018-02-27 18:10:29 +01:00
Emilien Macchi
995cf71057 docker: don't override horizon::vhost_extra_params
horizon::vhost_extra_params is already configured in
puppet/services/horizon.yaml, and users can change the value with
HorizonVhostExtraParams parameter.

Docker deployments didn't have HorizonVhostExtraParams taken in account
since we were overriding with Hiera. This patch fix it.

Closes-Bug: #1749627
Change-Id: I77f1312112c7f613d795242060709082ef72f150
2018-02-17 18:00:02 +00:00
Lukas Bezdicka
0cb5c847f3 Always evaluate step first in conditional
If we use variables defined in later step in conditional before
checking which step are we on we will fail.

Resolves: rhbz#1535457
Closes-Bug: #1743764
Change-Id: Ic21f6eb5c4101f230fa894cd0829a11e2f0ef39b
2018-02-09 17:12:29 +01:00
marios
dec003def8 Convert tags to when statements for Q major upgrade workflow
This converts "tags: stepN" to "when: step|int == N" for the direct
execution as an ansible playbook, with a loop variable 'step'.
The tasks all include the explicit cast |int.

This also adds a set_fact task for handling of the package removal
with the UpgradeRemovePackages parameter (no change to the interface)

The yaml-validate also now checks for duplicate 'when:' statements

Q upgrade spec @ Ibde21e6efae3a7d311bee526d63c5692c4e27b28
Related Blueprint: major-upgrade-workflow
[0]: 394a92f761/tripleo_common/utils/config.py (L141)
Change-Id: I6adc5619a28099f4e241351b63377f1e96933810
2018-01-08 13:57:47 +02:00
Jose Luis Franco Arza
ce64848abe Add validation task in docker services [Horizon]
Docker services are missing the pre-upgrade validation task
in the upgrade_tasks section which verifies if the service
is running before going on with the upgrade.

Change-Id: Ib30826c41489cb22174cc083a01c3c3b091f3fe3
Partial-Bug: #1704389
2017-11-28 16:08:26 +01:00
Carlos Camacho
927495fe3d Change template names to queens
The new master branch should point now to queens instead of pike.

So, HOT templates should specify that they might contain features
for queens release [1]

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#queens

Change-Id: I7654d1c59db0c4508a9d7045f452612d22493004
2017-11-23 10:15:32 +01:00
Beth Elwell
df18509bc5 Disabled fwaas plugin for horizon
Disabled fwaas plugin to prevent deployment crashing with horizon in
continuous restarting state due to missing image.

Change-Id: I44140f04ba793a039f6032739b64794ae7ad084d
Closes-bug: 1732937
2017-11-17 15:40:31 +00:00
Zuul
6a72a9f1b4 Merge "Drop step_config as top level docker requirement" 2017-11-17 08:33:29 +00:00
Zuul
a4631060f6 Merge "Write readme.txt into old log directories" 2017-11-15 22:42:34 +00:00
Dan Prince
a307fe7ffc Drop step_config as top level docker requirement
Step config is only required within the puppet_configs section
of docker/services/*. This patch drops the top level 'step_config'
and updates the unit tests accordingly.

Change-Id: I7dc7cfae3ef1965ec95b1d9ef23e7f162418c034
2017-11-15 16:01:16 -05:00
Jiri Stransky
85ec193403 Write readme.txt into old log directories
This should help operators find the new log files. We do have them
documented, but not everybody reads every word in the docs :)

The readme creation has ignore_errors: true so that if the directory
isn't present at all (e.g. on deployed server environments, which
don't have openstack packages installed), we don't fail the deployment
when we're not able to create the readme.

Change-Id: I6b36db7b7ce8b3e4da566eb7828d0c3b8646a14f
Partial-Bug: #1730957
2017-11-14 10:35:11 +01:00
Zuul
b52658cf2a Merge "Enable horizon plugins by default in docker" 2017-11-14 00:48:51 +00:00
Radomir Dopieralski
2827fa428c Fix rights to local_settings.d for dockerized Horizon
For some reasonf that directory doesn't have r/x rights, so when
compress is ran as root, it can access config files in it, but when
horizon is run by apache, it can't, and expects different theme files,
thus failing with OfflineGenerationError. Giving apache access to that
directory fixes the problem and makes the custom theme work.

Closes-bug: #1730911
Change-Id: I53f6db23b036bc9b5a689bbac958550f384194c6
2017-11-08 10:00:25 +01:00
Radomir Dopieralski
7204290f3c Enable horizon plugins by default in docker
Horizon's docker image needs explicit configuration for Kolla to
enable its plugins.

This patch only enables the plugins that actually are installed.

Change-Id: I99a20abc3ac4452a3b10167e615957911327cfaa
Closes-bug: #1723929
2017-10-25 15:05:14 +02:00
Rhys Oxenham
fd657aa4e6 Fix /etc/openstack-dashboard/ permissions for access to *policy.json
The Kolla Dockerfile sets the permissions for /etc/openstack-dashboard/
to horizon:horizon. We need this to be readable by the apache user
as the horizon user is not the user in which httpd runs with. We may
want to consider fixing this in the upstream Dockerfile instead, e.g.
checking if we're using centos/rhel and changing the permissions that
way. I'm not sure why it's set to horizon:horizon upstream, and I'm keen
not to break any existing functionality that relies on the horizon based
permissions.

Closes-Bug: #1723125
Change-Id: If5feebae38f7fdfffa60bfaedc4521f676006484
2017-10-12 13:54:05 +00:00
Jenkins
988d1a54ef Merge "Fix permissions for dockerized horizon" 2017-10-04 03:00:15 +00:00
Radomir Dopieralski
960d7ff102 Fix permissions for dockerized horizon
Horizon needs write access to its log file and read permissions for all
of its configuration files.

The code that was supposed to set the permissions did it in the wrong
directory.

Closes-Bug: #1719590
Co-Authored-By: Martin Andre <m.andre@redhat.com>
Change-Id: I0c125fac38cd186f98b9bc69bcc570f669eb6de1
2017-09-27 13:28:34 +02:00
Juan Badia Payno
5dbe1121e9 docker: add logging(source & groups)
The services that docker depends on, have logging_sources and logging_groups;
but those are not set on the docker outputs so they are not used when dockers
are deployed.

Added logging_source & logging_groups as docker optional parameters in
tools/yaml-validate.py

Closes-Bug: #1718110
Change-Id: I8795eaf4bd06051e9b94aa50450dee0d8761e526
2017-09-27 07:37:14 +00:00
Bogdan Dobrelya
287e84585c Persist containerized services httpd logs
Store the httpd logs under dedicated /var/log/containers/httpd/
paths.
Additionally, add release notes describing upgrade impact
for containerized services logs.

Closes-bug: #1700045

Change-Id: I8120c56f2315700862bd0f708b8baa8910275b09
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-08-25 14:36:53 +00:00
Juan Antonio Osorio Robles
8ba30a1912 TLS for containerized horizon
bind mount the certificates needed for TLS.

bp tls-via-certmonger-containers

Change-Id: Ib9b533249be37665b77396a76133cc42fd15ee2b
2017-08-21 12:30:58 +00:00
Jenkins
2185b83560 Merge "Use a single configuration file for specifying docker containers." 2017-07-15 06:19:13 +00:00
Ian Main
e76d84f784 Use a single configuration file for specifying docker containers.
This removes the default container names from all the templates
and uses a single environment file to specify the full container
name and registry from which to pull.  Also does away with most
of DockerNamespace.

Change-Id: Ieaedac33f0a25a352ab432cdb00b5c888be4ba27
Depends-On: Ibc108871ebc2beb1baae437105b2da1d0123ba60
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
2017-07-14 22:23:02 +00:00
Giulio Fidente
baf6eee501 Adds network/cidr mapping into a new service property
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.

Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).

Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-14 13:44:04 +02:00
Martin André
cf18e865d1 Copy only generated puppet files into the container
This solves a problem with bind-mounts when the containers are holding
files descriptors open.

At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.

Partial-Bug: #1698323
Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
2017-07-10 11:13:25 +02:00
Martin André
a474ae82d5 Add heat parameter for all of config_volume images
This commit consistently defines a heat template parameter in the form
of DockerXXXConfigImage where XXX represents the name of the
config_volume that is used by docker-puppet.

The goal is to mitigate hard to debug errors where the templates would
set different defaults for the image docker-puppet.py uses to run, for
the same config_volume name.

This fixes a couple of inconsistencies on the way.

Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b
Closes-Bug: #1699791
2017-06-28 10:48:53 +02:00
Jiri Stransky
248099db8c Fix race conditions between containers
In many occasions we had log directory initialization containers
without `detach: false`, which didn't guarantee that they'll finish
before the container depending on them will start using the log
directory.

This is now fixed by moving the initialization container one global
step earlier, so that we can keep the concurrency when creating the
log dirs. (Using `detach: false` makes paunch handle just one
container at a time, and as such it can have negative performance
impact.)

For services which have their container(s) starting in step_1,
initialization cannot be moved to an earlier step, so the solution
here was to just add `detach: false`.

As a minor related change, cinder DB sync container now mounts the log
directory from host to put cinder-manage.log into the expected
location.

Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
2017-06-14 15:58:55 +02:00
Radomir Dopieralski
1a43e3bbb4 Containerize Horizon
Adds a service definition for Horizon running inside a docker container.

Co-Authored-By: Martin André <m.andre@redhat.com>
Closes-Bug: #1668926
Depends-On: I677ad57672215f6afe918e13b28c9ce2e1de5a81
Change-Id: I29f18722f4da48dab18f9e5c51b01fba42316734
2017-05-17 17:45:25 +02:00