Deploy fuel-dockerctl tools via puppet

Docketctl is needed for docker containers deployment and
management.

Also updated nailgun/examples/host-only.pp manifest to make it
deploy supervisord in the way we need it for proper work of
docker containers.

Related to: https://review.openstack.org/#/c/88280/

blueprint fuel-containerization-of-services

Change-Id: Ib929c1263a887efef766552588ba3716daa7d790

deployment/puppet/docker/files/supervisor/astute.conf

@@ -0,0 +1,24 @@
+[program:docker-astute]
+command=dockerctl start astute --attach
+numprocs=1
+numprocs_start=0
+priority=30
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)serr.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/cobbler.conf

@@ -0,0 +1,24 @@
+[program:docker-cobbler]
+command=dockerctl start cobbler --attach
+numprocs=1
+numprocs_start=0
+priority=5
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/mcollective.conf

@@ -0,0 +1,24 @@
+[program:docker-mcollective]
+command=dockerctl start mcollective --attach
+numprocs=1
+numprocs_start=0
+priority=40
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/nailgun.conf

@@ -0,0 +1,24 @@
+[program:docker-nailgun]
+command=dockerctl start nailgun --attach
+numprocs=1
+numprocs_start=0
+priority=40
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/nginx.conf

@@ -0,0 +1,24 @@
+[program:docker-nginx]
+command=dockerctl start nginx --attach
+numprocs=1
+numprocs_start=0
+priority=80
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/ostf.conf

@@ -0,0 +1,24 @@
+[program:docker-ostf]
+command=dockerctl start ostf --attach
+numprocs=1
+numprocs_start=0
+priority=50
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/postgres.conf

@@ -0,0 +1,24 @@
+[program:docker-postgres]
+command=dockerctl start postgres --attach
+numprocs=1
+numprocs_start=0
+priority=10
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/rabbitmq.conf

@@ -0,0 +1,24 @@
+[program:docker-rabbitmq]
+command=dockerctl start rabbitmq --attach
+numprocs=1
+numprocs_start=0
+priority=15
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/rsync.conf

@@ -0,0 +1,24 @@
+[program:docker-rsync]
+command=dockerctl start %(program_name)s --attach
+numprocs=1
+numprocs_start=0
+priority=20
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/files/supervisor/rsyslog.conf

@@ -0,0 +1,24 @@
+[program:docker-rsyslog]
+command=dockerctl start rsyslog --attach
+numprocs=1
+numprocs_start=0
+priority=80
+autostart=true
+autorestart=true
+startsecs=10
+startretries=1000000
+exitcodes=0,2
+stopsignal=INT
+stopwaitsecs=60
+redirect_stderr=true
+stdout_logfile=/var/log/%(program_name)s.log
+stdout_logfile_maxbytes=50MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=0
+stdout_events_enabled=false
+stderr_logfile=/var/log/%(program_name)s-err.log
+stderr_logfile_maxbytes=50MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=0
+stderr_events_enabled=false
+serverurl=AUTO

deployment/puppet/docker/manifests/dockerctl.pp

@@ -0,0 +1,41 @@
+class docker::dockerctl (
+  $bin_dir    = '/usr/bin',
+  $share_dir  = '/usr/share/dockerctl',
+  $config_dir = '/etc/dockerctl',
+  $release,
+  $production,
+) {
+
+  # Make sure we have needed directories
+  file { "$bin_dir":
+    ensure => directory;
+  }
+  file { "$share_dir":
+    ensure => directory;
+  }
+  file { "$config_dir":
+    ensure => directory;
+  }
+
+  # Deploy files
+  file { "$bin_dir/dockerctl":
+    require => File["$bin_dir"],
+    mode    => 0755,
+    content => template("docker/dockerctl.erb");
+  }
+  file { "$bin_dir/disable-services.sh":
+    require => File["$bin_dir"],
+    mode    => 0755,
+    content => template("docker/disable-services.sh.erb");
+  }
+  file { "$share_dir/functions":
+    require => File["$share_dir"],
+    mode    => 0644,
+    content => template("docker/functions.sh.erb");
+  }
+  file { "$config_dir/config":
+    require => File["$config_dir"],
+    mode    => 0644,
+    content => template("docker/dockerctl_config.erb");
+  }
+}

deployment/puppet/docker/manifests/init.pp

@@ -2,6 +2,15 @@ class docker (
 $limit = "102400",
 $docker_package = "docker-io",
 $docker_service = "docker",
+$dependent_dirs = ["/var/log/docker-logs", "/var/log/docker-logs/remote",
+  "/var/log/docker-logs/audit", "/var/log/docker-logs/cobbler",
+  "/var/log/docker-logs/ConsoleKit", "/var/log/docker-logs/coredump",
+  "/var/log/docker-logs/httpd", "/var/log/docker-logs/lxc",
+  "/var/log/docker-logs/nailgun", "/var/log/docker-logs/naily",
+  "/var/log/docker-logs/nginx", "/var/log/docker-logs/ntpstats",
+  "/var/log/docker-logs/puppet", "/var/log/docker-logs/rabbitmq",
+  "/var/log/docker-logs/rhsm", "/var/log/docker-logs/supervisor",
+  ]
 ) {
 
   package {$docker_package:
@@ -20,4 +29,19 @@ $docker_service = "docker",
     mode => 0644,
     notify => Service["docker"],
   }
+  file { $dependent_dirs:
+    ensure => directory,
+    owner => 'root',
+    group => 'root',
+    mode => '0755',
+  }
+  exec {'build docker containers':
+    command => 'dockerctl build all',
+    path    => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin",
+    require => [
+               File[$dependent_dirs],
+               Service[$docker_service],
+               ],
+    before  => Service['supervisord'],
+  }
 }

deployment/puppet/docker/templates/disable-services.sh.erb

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+system_services="cobblerd httpd xinetd postgresql rabbitmq-server nginx dnsmasq rsyslog mcollective"
+supervisord_services="assassind nailgun ostf receiverd astute"
+
+for system_service in $system_services; do
+  chkconfig $system_service off
+  service $system_service stop
+done
+for supervisord_service in $supervisord_services; do
+  supervisorctl stop $supervisord_service
+done
+#Because rabbitmq-server doesn't really stop correctly
+pkill -u rabbitmq

deployment/puppet/docker/templates/dockerctl.erb

@@ -0,0 +1,92 @@
+#!/bin/bash
+
+confdir="<%= @config_dir %>"
+. "$confdir/config"
+. "<%= @share_dir %>/functions"
+DEBUG=true
+
+if [ -z "$1" ] || [ "$1" = "help" ]; then
+  echo "Please specify a command."
+  show_usage
+  exit 1
+fi
+
+if [ -z "$2" ] || [ "$2" = "all" ]; then
+  container="all"
+else
+  container=$2
+fi
+
+if [ "$1" == "build" ]; then
+  if [ "$container" = "storage" ]; then
+    build_storage_containers
+    run_storage_containers
+  elif [ "$container" = "all" ];then
+    #Step 1: prepare storage containers
+    build_storage_containers
+    run_storage_containers
+
+    #Step 2: import app images
+    import_images ${SOURCE_IMAGES[@]}
+
+    #Prepare iptables just in case ICC is broken
+    allow_all_docker_traffic
+
+    #Step 3: Launch all in order
+    apps="postgres rabbitmq rsync astute rsyslog nailgun mcollective ostf nginx cobbler"
+    for service in $apps; do
+      start_container $service
+      sleep 4
+    done
+
+    #Deploy supervisord scripts
+    #TODO(mattymo): puppetize this in host-only role
+    #yum install -y supervisor
+    #mkdir -p /etc/supervisord.d
+    #cp -R $confdir/supervisor/* /etc/supervisord.d/$VERSION/
+    #cp /etc/puppet/modules/nailgun/templates/supervisord.conf.base.erb /etc/supervisord.conf
+    #service supervisord start
+
+    #Step 4: Test deployment TODO(mattymo)
+    #run_tests $apps
+  else
+    import_images ${SOURCE_IMAGES[$container]}
+    start_container $container
+  fi
+elif [ "$1" == "start" ]; then
+  if [ "$container" = "all" ];then
+    apps="postgres rabbitmq rsync astute rsyslog nailgun mcollective ostf nginx cobbler"
+
+    for service in $apps; do
+      start_container $service
+      #supervisorctl start $service
+      sleep 4
+    done
+  else
+    shift 2
+    start_container $container $@
+  fi
+elif [ "$1" == "restart" ]; then
+  shift 2
+  restart_container $container $@
+elif [ "$1" == "stop" ]; then
+  shift 2
+  stop_container $container $@
+elif [ "$1" == "shell" ]; then
+  shift 2
+  shell_container $container $@
+elif [ "$1" == "upgrade" ]; then
+  shift 2
+  upgrade_container $container $@
+elif [ "$1" == "backup" ]; then
+  shift 2
+  backup_container $container $@
+elif [ "$1" == "destroy" ]; then
+  shift 2
+  destroy_container $container $@
+elif [ "$1" == "logs" ]; then
+  logs $container
+else
+  echo "Invalid selection."
+  show_usage
+fi

deployment/puppet/docker/templates/dockerctl_config.erb

@@ -0,0 +1,133 @@
+#!/bin/bash
+
+### Container information
+#Paths
+DOCKER_ROOT="/var/www/nailgun/docker"
+IMAGE_DIR="${DOCKER_ROOT}/images"
+SOURCE_DIR="${DOCKER_ROOT}/sources"
+#SUPERVISOR_CONF_DIR="${docker_root}/supervisor.d"
+#SUPERVISOR_CONF_DIR="${docker_root}/supervisor"
+#SUPERVISOR_CONF_DIR="<%= @config_dir %>/supervisor/"
+ASTUTE_YAML=/etc/astute.yaml
+#Version of Fuel to deploy
+VERSION="<%= @release %>"
+IMAGE_PREFIX="fuel"
+# busybox image for storage containers
+BUSYBOX_IMAGE="busybox.tar.gz"
+# base centos image for all containers
+BASE_IMAGE="centos.tar.gz"
+
+ZIP_EXT=${ZIP_EXT:-".tar.xz"}
+# source images for apps
+declare -A SOURCE_IMAGES
+SOURCE_IMAGES['cobbler']="${IMAGE_DIR}/cobbler${ZIP_EXT}"
+SOURCE_IMAGES['postgres']="${IMAGE_DIR}/postgres${ZIP_EXT}"
+SOURCE_IMAGES['rabbitmq']="${IMAGE_DIR}/rabbitmq${ZIP_EXT}"
+SOURCE_IMAGES['rsync']="${IMAGE_DIR}/rsync${ZIP_EXT}"
+SOURCE_IMAGES['astute']="${IMAGE_DIR}/astute${ZIP_EXT}"
+SOURCE_IMAGES['nailgun']="${IMAGE_DIR}/nailgun${ZIP_EXT}"
+SOURCE_IMAGES['ostf']="${IMAGE_DIR}/ostf${ZIP_EXT}"
+SOURCE_IMAGES['nginx']="${IMAGE_DIR}/nginx${ZIP_EXT}"
+SOURCE_IMAGES['rsyslog']="${IMAGE_DIR}/rsyslog${ZIP_EXT}"
+SOURCE_IMAGES['mcollective']="${IMAGE_DIR}/mcollective${ZIP_EXT}"
+
+# storage container names
+PREFIX_STORAGE="fuel-storage-${VERSION}-"
+DUMP_CNT="${PREFIX_STORAGE}dump"
+REPO_CNT="${PREFIX_STORAGE}repo"
+PUPPET_CNT="${PREFIX_STORAGE}puppet"
+LOG_CNT="${PREFIX_STORAGE}log"
+
+# app container names
+declare -A CONTAINER_NAMES
+prefix="fuel-core-${VERSION}-"
+CONTAINER_NAMES['cobbler']="${prefix}cobbler"
+CONTAINER_NAMES['postgres']="${prefix}postgres"
+CONTAINER_NAMES['rabbitmq']="${prefix}rabbitmq"
+CONTAINER_NAMES['rsync']="${prefix}rsync"
+CONTAINER_NAMES['astute']="${prefix}astute"
+CONTAINER_NAMES['nailgun']="${prefix}nailgun"
+CONTAINER_NAMES['ostf']="${prefix}ostf"
+CONTAINER_NAMES['nginx']="${prefix}nginx"
+CONTAINER_NAMES['rsyslog']="${prefix}rsyslog"
+CONTAINER_NAMES['mcollective']="${prefix}mcollective"
+
+# app container options
+declare -A CONTAINER_OPTIONS
+base_opts="-t"
+FOREGROUND="-i"
+BACKGROUND="-d"
+CONTAINER_OPTIONS["cobbler"]="-p 53:53/udp -p 69:69/udp -p 80:80 -p 443:443 --privileged $base_opts"
+CONTAINER_OPTIONS["postgres"]="-p 5432:5432 $base_opts"
+CONTAINER_OPTIONS["rabbitmq"]="-p 5672:5672 -p 4369:4369 -p 15672:15672 -p 61613:61613 $base_opts"
+CONTAINER_OPTIONS["rsync"]="-p 873:873 $base_opts"
+CONTAINER_OPTIONS["astute"]="$base_opts"
+CONTAINER_OPTIONS["nailgun"]="-v /etc/nailgun -p 8001:8001 $base_opts"
+CONTAINER_OPTIONS["ostf"]="-p 8777:8777 $base_opts"
+CONTAINER_OPTIONS["nginx"]="-p 8000:8000 -p 8080:8080 $base_opts"
+CONTAINER_OPTIONS["rsyslog"]="--privileged -p 514:514 -p 514:514/udp -p 25150 $base_opts"
+CONTAINER_OPTIONS["mcollective"]="--privileged $base_opts"
+
+######
+#DRAFT: Dependency of volumes for deployment
+#####
+
+#Host volumes
+declare -A HOST_VOL
+HOST_VOL['dump']="-v /var/www/nailgun/dump:/dump"
+#HOST_VOL['dump']="-v /var/www/nailgun/dump:/var/www/nailgun/dump"
+HOST_VOL['repo']="-v /var/www/nailgun:/repo:ro"
+HOST_VOL['puppet']="-v /etc/puppet:/puppet:ro"
+HOST_VOL['sshkey']="-v /root/.ssh:/root/.ssh:ro"
+HOST_VOL['astuteyaml']="-v /etc/fuel:/etc/fuel:ro"
+HOST_VOL['remotelogs']="-v /var/log/remote:/remote"
+HOST_VOL['dockerlogs']="-v /var/log/docker-logs:/log"
+
+#Storage container volume mounts
+declare -A CONTAINER_VOLUMES
+CONTAINER_VOLUMES[$DUMP_CNT]="${HOST_VOL['dump']}"
+CONTAINER_VOLUMES[$REPO_CNT]="${HOST_VOL['repo']}"
+#TODO(mattymo): inject puppet modules to puppet container during initial run
+#instead of relaying host dir
+CONTAINER_VOLUMES[$PUPPET_CNT]="${HOST_VOL['puppet']}"
+CONTAINER_VOLUMES[$LOG_CNT]="${HOST_VOL['dockerlogs']} ${HOST_VOL['remotelogs']}"
+
+#Storage container volumes
+DUMP_VOL="--volumes-from $DUMP_CNT"
+REPO_VOL="--volumes-from $REPO_CNT"
+PUPPET_VOL="--volumes-from $PUPPET_CNT"
+LOG_VOL="-v /var/log/docker-logs:/var/log"
+#LOG_VOL="--volumes-from $LOG_CNT"
+
+#Nailgun static files are in nailgun container
+NAILGUN_VOL="--volumes-from ${CONTAINER_NAMES['nailgun']}"
+
+#App container volume mounts
+###requirements cheat sheet
+###ALL: astuteyaml $REPO_CNT $LOG_VOL
+###sshkey: nailgun cobbler astute mcollective
+###dump: nginx mcollective
+###remotelogs: rsyslog nailgun nginx
+###nailgun: nginx mcollective
+
+declare -A REQS
+REQS["${HOST_VOL['astuteyaml']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective"
+REQS["$REPO_VOL"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective"
+#Most containers work from local integrated puppet
+REQS["$PUPPET_VOL"]="rsync"
+#REQS["$PUPPET_VOL"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective"
+REQS["$LOG_VOL"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective"
+REQS["${HOST_VOL['sshkey']}"]="nailgun cobbler astute mcollective"
+REQS["${HOST_VOL['dump']}"]="nginx mcollective"
+#REQS["${HOST_VOL['remotelogs']}"]="rsyslog nailgun nginx"
+REQS["$NAILGUN_VOL"]="nginx mcollective"
+
+#assemble requirements 
+for requirement in "${!REQS[@]}"; do
+  for container in ${REQS["$requirement"]}; do
+    CONTAINER_VOLUMES["$container"]+="${requirement} "
+  done
+done
+
+
+

deployment/puppet/docker/templates/functions.sh.erb

@@ -0,0 +1,285 @@
+#!/bin/bash
+
+function show_usage {
+  echo "Usage:"
+  echo "  $0 command"
+  echo
+  echo "Available commands: (Note: work in progress)"
+  echo "  help: show this message"
+  echo "  build: create all Docker containers"
+  echo "  start: start all Docker containers"
+  echo "  restart: restart one or more Docker containers"
+  echo "  stop: stop one or more Docker containers"
+  echo "  shell: start a shell or run a command in a Docker container"
+  echo "  upgrade: upgrade deployment"
+  echo "  destroy: destroy one or more containers"
+}
+function debug {
+  if $DEBUG; then
+    echo $@
+  fi
+}
+function build_image {
+  docker build -t $2 $1
+}
+
+function build_storage_containers {
+  build_image $SOURCE_DIR/storage-dump storage/dump
+  build_image $SOURCE_DIR/storage-repo storage/repo
+  build_image $SOURCE_DIR/storage-puppet storage/puppet
+  build_image $SOURCE_DIR/storage-log storage/log
+}
+
+function run_storage_containers {
+  #Run storage containers once
+  #Note: storage containers exit, but keep volumes available
+
+  #Remove existing ones if they exist
+  #kill_storage_containers
+  docker run -d ${CONTAINER_VOLUMES[$DUMP_CNT]} --name "$DUMP_CNT" storage/dump || true
+  docker run -d ${CONTAINER_VOLUMES[$REPO_CNT]} --name "$REPO_CNT" storage/repo || true
+  docker run -d ${CONTAINER_VOLUMES[$PUPPET_CNT]} --name "$PUPPET_CNT" storage/puppet || true
+  #docker run -d ${CONTAINER_VOLUMES[$LOG_CNT]} --name "$LOG_CNT" storage/log || true
+}
+
+function kill_storage_containers {
+  containers=$(docker ps -a | egrep "($DUMP_CNT|$REPO_CNT|$PUPPET_CNT)" | cut -d' ' -f1)
+  if [ -n "$containers" ]; then
+    docker rm $containers || true
+  fi
+}
+function import_images {
+  #Imports images with xz, gzip, or simple tar format
+  for image_archive in $@; do
+    if [ ! -f $image_archive ]; then
+      echo "Warning: $image_archive does not exist. Skipping..."
+      continue
+    fi
+    debug "Importing $image_archive"
+    image="$(echo $image_archive | cut -d. -f1)"
+    if egrep -q "gz\$" <<< "$image_archive"; then
+      zcat "$image_archive" | docker load
+    elif egrep -q "xz\$" <<< "$image_archive"; then
+      #xz -dkc "$image_archive" | docker load - "${IMAGE_PREFIX}/${image}"
+      xz -dkc "$image_archive" | docker load
+    else
+      #try to just import
+      cat "$image_archive" | docker load
+    fi
+  done
+}
+
+function export_containers {
+  #--trim option removes $CNT_PREFIX from container name when exporting
+  if [[ "$1" == "--trim" ]]; then
+    trim=true
+    shift
+  else
+    trim=false
+  fi
+
+  for image in $@; do
+    [ $trim ] && image=$(sed "s/${CNT_PREFIX}//" <<< "$image")
+    docker export $1 | gzip -c > "${image}.tar.gz"
+  done
+}
+
+function commit_container {
+  container_name="${CONTAINER_NAMES[$1]}"
+  image="$IMAGE_PREFIX/$1"
+  docker commit $container_name $image
+}
+function start_container {
+  if [ -z "$1" ]; then
+    echo "Must specify a container name" 1>&2
+    exit 1
+  fi
+  image_name="$IMAGE_PREFIX/$1"
+  container_name=${CONTAINER_NAMES[$1]}
+  if container_created "$container_name"; then
+    if is_running "$container_name"; then
+      if is_ghost "$container_name"; then
+        restart_container $1
+      else
+        echo "$container_name is already running."
+      fi
+    else
+      docker start $container_name
+    fi
+    if [ "$2" = "--attach" ]; then
+      attach_container $container_name
+    fi
+  else
+    first_run_container "$1" $2
+  fi
+
+}
+
+function attach_container {
+  echo "Attaching to container $container_name..."
+  docker attach $1
+}
+
+function shell_container {
+  container_name=${CONTAINER_NAMES[$1]}
+  if ! is_running $container_name; then
+    echo "Container $1 is not running. Cannot attach." 1>&2
+  fi
+  id=$(docker inspect -f='{{.ID}}' ${CONTAINER_NAMES[$1]})
+  if [ -z "$id" ]; then
+     echo "Could not get docker ID for $container. Is it running?" 1>&2
+     return 1
+  fi
+  if [ -z "$2" ]; then
+    command="/bin/bash"
+  else
+    shift
+    command="$@"
+  fi
+  lxc-attach --name "$id" -- $command
+}
+function stop_container {
+  if [[ "$1" == 'all' ]]; then
+    docker stop ${CONTAINER_NAMES[$1]}
+  else
+    for container in $@; do
+      echo "Stopping $container..."
+      docker stop ${CONTAINER_NAMES[$container]}
+    done
+  fi
+}
+
+function destroy_container {
+  if [[ "$1" == 'all' ]]; then
+    stop_container all
+    docker rm ${CONTAINER_NAMES[@]}
+  else
+    for container in $@; do
+      stop_container $container
+      docker rm ${CONTAINER_NAMES[$container]}
+      if [ $? -ne 0 ]; then
+        #This happens because devicemapper glitched
+        #Try to unmount all devicemapper mounts manually and try again
+        echo "Destruction of container $container failed. Trying workaround..."
+        id=$(docker inspect -f='{{.ID}}' ${CONTAINER_NAMES[$container]})
+        if [ -z $id ]; then
+          echo "Could not get docker ID for $container" 1>&2
+          return 1
+        fi
+        umount -l $(grep "$id" /proc/mounts | awk '{print $2}' | sort -r)
+        #Try to delete again
+        docker rm ${CONTAINER_NAMES[$container]}
+        if [ $? -ne 0 ];then
+          echo "Workaround failed. Unable to destroy container $container."
+        fi
+      fi
+    done
+  fi
+}
+
+function logs {
+  docker logs ${CONTAINER_NAMES[$1]}
+}
+
+
+
+function restart_container {
+  docker restart ${CONTAINER_NAMES[$1]}
+}
+
+function container_lookup {
+  echo ${CONTAINER_NAMES[$1]}
+}
+
+function container_created {
+  docker ps -a | grep -q $1
+  return $?
+}
+function is_ghost {
+  LANG=C docker ps | grep $1 | grep -q Ghost
+  return $?
+}
+function is_running {
+  docker ps | grep -q $1
+  return $?
+}
+function first_run_container {
+
+  opts="${CONTAINER_OPTIONS[$1]} ${CONTAINER_VOLUMES[$1]}"
+  container_name="${CONTAINER_NAMES[$1]}"
+  image="$IMAGE_PREFIX/$1_$VERSION"
+  if ! is_running $container_name; then
+      pre_hooks $1
+      docker run $opts $BACKGROUND --name=$container_name $image
+      post_hooks $1
+  else
+      echo "$container_name is already running."
+  fi
+  if [ "$2" = "--attach" ]; then
+      attach_container $container_name
+  fi
+  return 0
+}
+
+function pre_hooks {
+  return 0
+}
+
+function post_hooks {
+  case $1 in
+    cobbler)   setup_dhcrelay_for_cobbler
+               ;;
+    rsyslog)   remangle_syslog
+               ;;
+    nginx)     remangle_nginx
+               ;;
+    *)         ;;
+  esac
+}
+function remangle_port {
+  proto=$1
+  port=$2
+  admin_interface=$(grep interface: $ASTUTE_YAML | cut -d':' -f2 | tr -d ' ')
+  #Use facter and ipcalc to get admin network CIDR
+  admin_net_ip=$(facter "ipaddress_${admin_interface}")
+  admin_net_netmask=$(facter "netmask_$admin_interface")
+  eval $(ipcalc -np "$admin_net_ip" "$admin_net_netmask")
+  iptables -t nat -I POSTROUTING 1 -s "$NETWORK/$PREFIX" -p $proto -m $proto --dport $port -j ACCEPT
+  iptables -I FORWARD -i $admin_interface -o docker0  -m state --state NEW -p $proto  -m $proto --dport $port -j ACCEPT
+}
+
+function remangle_nginx {
+  #Necessary to forward packets to rsyslog with correct src ip
+  remangle_port tcp 8000
+  remangle_port tcp 8080
+}
+
+function remangle_syslog {
+  #Necessary to forward packets to rsyslog with correct src ip
+  remangle_port tcp 514
+  remangle_port udp 514
+}
+
+function setup_dhcrelay_for_cobbler {
+  if ! is_running "cobbler"; then
+    echo "ERROR: Cobbler container isn't running." 1>&2
+    exit 1
+  fi
+  cobbler_ip=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' ${CONTAINER_NAMES["cobbler"]})
+  admin_interface=$(grep interface: $ASTUTE_YAML | cut -d':' -f2 | tr -d ' ')
+  cat > /etc/sysconfig/dhcrelay << EOF
+# Command line options here
+DHCRELAYARGS=""
+# DHCPv4 only
+INTERFACES="$admin_interface docker0"
+# DHCPv4 only
+DHCPSERVERS="$cobbler_ip"
+EOF
+  rpm -q dhcp 2>&1 > /dev/null || yum --quiet -y install dhcp
+  chkconfig dhcrelay on
+  service dhcrelay restart
+}
+
+function allow_all_docker_traffic {
+  iptables -A POSTROUTING -t nat  -o docker0  -j MASQUERADE
+}

deployment/puppet/nailgun/examples/host-only.pp

@@ -8,6 +8,11 @@ $::fuel_version['VERSION']['production'] {
 else {
     $production = 'dev'
 }
+Class['nailgun::packages'] ->
+Class['nailgun::host'] ->
+Class['docker::dockerctl'] ->
+Class['docker'] ->
+Class['nailgun::supervisor']
 
 class { 'nailgun::packages': }
 
@@ -22,4 +27,35 @@ class { "openstack::clocksync":
   config_template => "ntp/ntp.conf.centosserver.erb",
 }
 
+class { "docker::dockerctl":
+  release    => $::fuel_version['VERSION']['release'],
+  production => $production,
+}
 class { "docker": }
+
+class { "nailgun::supervisor":
+  nailgun_env => false,
+  ostf_env    => false,
+  require     => File["/etc/supervisord.d/current", "/etc/supervisord.d/${::fuel_version['VERSION']['release']}"],
+  conf_file   => "nailgun/supervisord.conf.base.erb",
+}
+
+file { "/etc/supervisord.d":
+  ensure  => directory,
+}
+
+file { "/etc/supervisord.d/${::fuel_version['VERSION']['release']}":
+  require => File["/etc/supervisord.d"],
+  owner   => root,
+  group   => root,
+  recurse => true,
+  ensure  => directory,
+  source  => "puppet:///modules/docker/supervisor",
+}
+
+file { "/etc/supervisord.d/current":
+  require => File["/etc/supervisord.d/${::fuel_version['VERSION']['release']}"],
+  replace => true,
+  ensure  => "/etc/supervisord.d/${::fuel_version['VERSION']['release']}",
+}
+

deployment/puppet/nailgun/manifests/host.pp

@@ -42,4 +42,11 @@ $gem_source = "http://localhost/gems/",
     group => 'root',
     mode  => '0750',
   }
+  file { "/var/www/nailgun/dump":
+    ensure => directory,
+    owner => 'root', 
+    group => 'root',
+    mode  => '0755',
+  }
+
 }

deployment/puppet/nailgun/templates/supervisord.conf.base.erb

@@ -15,4 +15,4 @@ childlogdir=/var/log/supervisor
 serverurl=unix:///var/run/supervisor.sock
 
 [include]
-files = /etc/supervisord.d/*.conf
+files = /etc/supervisord.d/*.conf /etc/supervisord.d/current/*.conf