281 Commits

Author SHA1 Message Date
Jenkins
ccb28288e0 Merge "Remove pip install paunch" 2017-06-12 18:07:24 +00:00
Jenkins
f2331fe312 Merge "Fix containerized SwiftRawDisks usage" 2017-06-12 18:06:31 +00:00
Jenkins
38f811ca14 Merge "Containerize Manila API service" 2017-06-12 17:40:15 +00:00
Jenkins
9a319d42b6 Merge "Don't mount all of config-data /etc, /etc/httpd" 2017-06-12 09:55:57 +00:00
Jenkins
5781c925f4 Merge "Containerized collectd" 2017-06-11 22:45:13 +00:00
Steve Baker
9e759c971d Don't mount all of config-data /etc, /etc/httpd
This change modifies these mounts to be more specific mounts based on
the files which puppet actually modifies.

The result is something a bit more self-documenting, and allows for
trying other techniques for populating /etc other than directly mounting
config-data directories.

Change-Id: Ied1eab99d43afcd34c00af25b7e36e7e55ff88e6
2017-06-12 09:18:09 +12:00
Michele Baldessari
30bf499eae Remove pip install paunch
We now have python-paunch-1.1.1 [1] in the overcloud images so we do not
need to pip install it any longer.

[1] https://trunk.rdoproject.org/centos7-master-head/current/python-paunch-1.1.1-0.20170602043913.c8e22e5.el7.centos.noarch.rpm

Change-Id: I1ede514a8aee7ac217fa75843e67fb6542e06f99
2017-06-11 20:21:42 +02:00
Jenkins
2f5f8fcb2b Merge "Write md5sum for service config directories" 2017-06-09 13:12:38 +00:00
Jenkins
2895d8d65a Merge "Make container names consistent" 2017-06-09 11:28:50 +00:00
Jenkins
cf17396a37 Merge "Containerize Tacker Services" 2017-06-09 09:25:13 +00:00
Jenkins
2f1bc9d142 Merge "Containerize Congress API service" 2017-06-09 09:25:05 +00:00
Martin André
af3828437e Make container names consistent
This commit change the container names to consistently use the `_` char
as a word separator and make the kolla external config file match the
container name to make operators' life easier.

Change-Id: Ibac9d76dde474b94c3cb86031ead0fd0327e126f
2017-06-09 09:04:44 +02:00
Jenkins
753d0f9ace Merge "Modify libvirtd container command line when TLS is enabled" 2017-06-09 04:56:20 +00:00
Jenkins
7756c9f4ab Merge "Run the nova-compute container as the nova user" 2017-06-09 04:35:38 +00:00
Jenkins
52b6ed7e27 Merge "Containerize Horizon" 2017-06-08 20:30:50 +00:00
Oliver Walsh
2a138df930 Run the nova-compute container as the nova user
Change-Id: Ie6469d2fd2119952669f5c9fdaa41fb273185973
Depends-On: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6
Closes-bug: #1693844
2017-06-08 19:53:56 +00:00
Matthias Runge
396cd6ba2b Containerized collectd
Change-Id: I05126a108f5ab790e729d1f98399dca5801ebd69
2017-06-08 17:16:52 +02:00
Steven Hardy
e77de0d5ff Write md5sum for service config directories
The configuration generated by docker-puppet may change on update,
so checksum the combined files from the config-data directories,
to enable detecting those that have changed and restarting the
appropriate containers - we need to merge this checksum into
the environment passed to the containters, as this will cause
paunch to correctly restart containers when the configuration
generated changes, even if the rest of the json definition
provided by heat does not.

Change-Id: I40d9080cf3ad708ef4ed91e46d2b2ae1138bb9c3
2017-06-08 16:06:20 +01:00
Pradeep Kilambi
87603cda9c Containerize Tacker Services
Closes-bug: #1668935

Change-Id: I83a02735eb445e831bc74ec786f2bb42cd2f87d6
2017-06-08 09:10:34 +02:00
Pradeep Kilambi
26b77f7881 Containerize Congress API service
Closes-bug: #1668929

Change-Id: I051edcf2980bb9c2521e21c410055690c012a0d1
2017-06-08 09:07:07 +02:00
Christian Schwede
ef8572acfe Fix containerized SwiftRawDisks usage
This patch partitions the defined devices and mounts them on the
hostnode.

It also disables the mount_check inside Swift because it is currently
not possible to detect wether a given directory is a mounted device or
not. This is just a workaround until a better solution has been
implemented in Swift itself.

Change-Id: I6e8e1328d7ffb18bb96ed1a940013dbb8b6b433e
2017-06-08 08:42:56 +02:00
Jenkins
61fdeb67a0 Merge "Mount /var/run/libvirt on ceilo agent compute" 2017-06-08 00:00:10 +00:00
Oliver Walsh
e825cda0f9 Modify libvirtd container command line when TLS is enabled
Libvirtd needs the --listen arg to enable the TLS socket.

Change-Id: I535165f0a2634728045491b2a37a56b1891b13fe
Resolves-Bug: #1694958
2017-06-08 00:55:41 +01:00
Pradeep Kilambi
f02d691838 Mount /var/run/libvirt on ceilo agent compute
Without this evidently agent logs IO errors.

Change-Id: I3031212c582381ae6b6147a48101bf83a05caa8a
2017-06-07 20:19:47 +00:00
Steven Hardy
00be6e603b Add host logging for redis service template
This got missed in the patch which added host logging for most
other services.

Change-Id: I0be8a5bce6558ebaf5b4830138d1f6c31aec6394
2017-06-07 20:19:07 +00:00
Victoria Martinez de la Cruz
c3ead7a3f3 Containerize Manila API service
Co-Authored-By: Martin André <m.andre@redhat.com>

Partial-Bug: #1668922

Change-Id: I0c98f26b19caf755bbc80bd6a75fc17b5d191ae4
2017-06-07 20:14:07 +00:00
Jenkins
3c98a1bc3f Merge "Map /etc/ssh/ssh_known_hosts to all containers" 2017-06-07 17:57:44 +00:00
Jenkins
b932aeef51 Merge "Ensure /etc/ssh/ssh_known_hosts exist in docker config-data." 2017-06-07 17:57:36 +00:00
Jenkins
671db66b9c Merge "Convert puppet and docker steps to ansible" 2017-06-07 17:31:42 +00:00
Jenkins
50939eb777 Merge "Stop/disable l3 agent in docker service upgrade_tasks" 2017-06-07 15:11:07 +00:00
Oliver Walsh
1f946b63a2 Map /etc/ssh/ssh_known_hosts to all containers
This allows any ssh client spawned from a container to validate ssh host key.

Change-Id: I86d95848e5f049e8af98107cd7027098d6cdee7c
Closes-bug: #1693841
2017-06-07 11:17:19 +00:00
Oliver Walsh
e7b7d4a0e3 Ensure /etc/ssh/ssh_known_hosts exist in docker config-data.
Works around the issue encountered in 1696283.

Change-Id: I1947d9d1e3cabc5dfe25ee1af994d684425bdbf7
Resolves-Bug: #1696283
2017-06-07 12:16:01 +01:00
Steven Hardy
93151cc580 Stop/disable l3 agent in docker service upgrade_tasks
This service is missing the task to stop/disable the service on
the host prior to it being started in a container.

Change-Id: I33d70d32c3b55e1f2738441f57c74b007e7bd766
Closes-Bug: #1695017
2017-06-07 10:16:04 +00:00
Jenkins
7167e44f07 Merge "Fix upgrade tasks to use correct service name" 2017-06-07 07:27:23 +00:00
Jenkins
d18e1a6b64 Merge "Containerize HAProxy for the non-ha case" 2017-06-06 18:37:29 +00:00
Pradeep Kilambi
00c21a9a19 Fix upgrade tasks to use correct service name
Change-Id: I149ca7cdd939ed7c1767a416bb9569ada163e820
Closes-bug: #1696089
2017-06-06 12:39:47 -04:00
Steven Hardy
03811f176a Convert puppet and docker steps to ansible
Replace the multiple SoftwareDeployment resources with a common
playbook that runs on all roles, consuming the configuration data
written via the HostPrepAnsible tasks.

This hopefully simplifies things, and will enable re-running the
deploy steps for minor updates (we'll need some way to detect
a container should be replaced, but that will be done via a
follow-up patch).

Change-Id: I674a4d9d2c77d1f6fbdb0996f6c9321848e32662
2017-06-06 15:44:01 +01:00
Damien Ciabrini
233a71c74e Containerize HAProxy for the non-ha case
This change implements an initial container for haproxy in the non-HA
case (aka when the container is not spawn by pacemaker).

We tested this using a stock kolla haproxy container image and we were
able to get haproxy running on a container with net=host correctly.

Change-Id: I90253412a5e2cd8e56e74cce3548064c06d022b1
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Depends-on: I51c482b70731f15fee4025bbce14e46a49a49938
Closes-Bug: #1668936
2017-06-06 04:59:16 -04:00
Jenkins
af1aed8269 Merge "Containerize Redis for HA" 2017-06-04 11:57:35 +00:00
Damien
0413a12512 Containerize Redis for HA
This service allows configuring and deploying Redis containers
in a HA overcloud managed by pacemaker.

The containers are managed and run by pacemaker. Inside there is
pacemaker_remote which will invoke the resource agent managing galera.
The resources themselves are created via puppet-pacemaker inside a
short-lived container used for this purpose (mysql_init_bundle).
This container needs to use the 'docker_config' section to invoke
puppet (as opposed to 'docker_puppet_tasks'), because due to the HA
composability each resource creation needs to happen on the bootstrap
node of that service and 'docker_puppet_tasks' will only run on the
controller/primary role.

Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Closes-Bug: #1692924

Depends-On: Ia1131611d15670190b7b6654f72e6290bf7f8b9e

Change-Id: Ie045954fcc86ef2b3e4562b6f012853177f03948
2017-06-04 10:07:34 +02:00
Jenkins
1c01242194 Merge "Containerize clustercheck galera monitor for HA deployments" 2017-06-03 19:55:10 +00:00
Jenkins
f45d7de408 Merge "Containerize HAProxy for HA" 2017-06-03 18:17:45 +00:00
Jenkins
acb0b5289d Merge "Containerize RabbitMQ for HA" 2017-06-03 18:17:38 +00:00
Jenkins
035942d920 Merge "Containerize MySQL for HA" 2017-06-03 18:17:31 +00:00
Jenkins
b344f5994f Merge "Containerized nova-compute working with Deployed Server" 2017-05-31 10:05:58 +00:00
Jenkins
5f374b863d Merge "docker bootstrap service commands" 2017-05-30 13:52:28 +00:00
Jiri Stransky
8b1bcf00cd Containerized nova-compute working with Deployed Server
When using the Deployed Server feature, we rely on Puppet to install
packages. But nova-compute/libvirt puppet is running in a container, so
it cannot install anything on the host. We rely on virtlogd on the host,
so we need to install it there some way. This patch uses host_prep_tasks
for that, conditionally based on the EnablePackageInstall stack
parameter value.

Also multinode-container-upgrade.yaml env is copied as
multinode-containers.yaml, to remove the naming confusion, as the
environment file can be used for more than just upgrades. The old env
file will be removed once we make the upgrade job use the new one (catch
22 type of issue).

Change-Id: Ia9b3071daa15bc30792110e5f34cd859cc205fb8
2017-05-29 13:42:34 +02:00
Dan Prince
bccfedc84d Containerize RabbitMQ for HA
This service allows configuring and deploying RabbitMQ containers
in a HA overcloud managed by pacemaker.

The containers are managed and run by pacemaker. Inside there is
pacemaker_remote which will invoke the resource agent managing galera.
The resources themselves are created via puppet-pacemaker inside a
short-lived container used for this purpose (mysql_init_bundle).
This container needs to use the 'docker_config' section to invoke
puppet (as opposed to 'docker_puppet_tasks'), because due to the HA
composability each resource creation needs to happen on the bootstrap
node of that service and 'docker_puppet_tasks' will only run on the
controller/primary role.

Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Co-Authored-By: John Eckersberg <jeckersb@redhat.com>
Closes-Bug: #1692909

Depends-On: I0722e4a4d4716f477e8304cfa1aadd3eef7c2f31

Change-Id: I942737134385af775cade40c2d69516d4fe31a99
2017-05-24 15:54:24 -04:00
Damien Ciabrini
0bfadacc74 Containerize MySQL for HA
This service allows configuring and deploying MySQL/galera containers
in a HA overcloud managed by pacemaker.

The containers are managed and run by pacemaker. Inside there is
pacemaker_remote which will invoke the resource agent managing galera.
The resources themselves are created via puppet-pacemaker inside a
short-lived container used for this purpose (mysql_init_bundle).
This container needs to use the 'docker_config' section to invoke
puppet (as opposed to 'docker_puppet_tasks'), because due to the HA
composability each resource creation needs to happen on the bootstrap
node of that service and 'docker_puppet_tasks' will only run on the
controller/primary role.

Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Closes-Bug: #1692842

Depends-On: I3b4d8ad2eec70080419882d5d822f78ebd3721ae

Change-Id: I790dbc30b3de1c1a3fe76d3d8f060e4d7f95e2e7
2017-05-24 15:52:40 -04:00
Damien Ciabrini
4d4b50393c Containerize HAProxy for HA
This service allows configuring and deploying HAProxy containers
in a HA overcloud managed by pacemaker.

The containers are managed and run by pacemaker. Pacemaker runs the
standard Kolla image but overrides the initial command so that
it explicitely calls HAProxy. This way, we shield ourselves from any
unexpected future change in Kolla.
This container needs to use the 'docker_config' section to invoke
puppet (as opposed to 'docker_puppet_tasks'), because due to the HA
composability each resource creation needs to happen on the bootstrap
node of that service and 'docker_puppet_tasks' will only run on the
controller/primary role.

Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Closes-Bug: #1692908

Depends-On: Ifcf890a88ef003d3ab754cb677cbf34ba8db9312

Change-Id: I2f679bfe195733f4507e9b9e920b678e1370bb82
2017-05-24 15:51:26 -04:00