Fix ironic failed

* Mount system folder in ironic-conductor * Add package need in ironic-conductor * Fix the log path issue * Add ironic sudoer in ironic-base * Fix credential issue * Do not start nova-compute when enable ironic Closes-Bug: #1629334 Change-Id: If9d478c6513de37465403d458a88cf0da7ebd8a6
2016-09-29 11:38:10 +08:00 · 2016-09-29 11:38:10 +08:00 · 903b0ff211
commit 903b0ff211
parent 0226cca1a2
10 changed files with 64 additions and 17 deletions
--- a/ansible/roles/ironic/tasks/start.yml
+++ b/ansible/roles/ironic/tasks/start.yml
@ -17,8 +17,10 @@
    common_options: "{{ docker_common_options }}"
    image: "{{ ironic_api_image_full }}"
    name: "ironic_api"
-    volumes: 
+    volumes:
      - "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla"
  when: inventory_hostname in groups['ironic-api']

 - name: Starting ironic-conductor container
@ -27,9 +29,15 @@
    common_options: "{{ docker_common_options }}"
    image: "{{ ironic_conductor_image_full }}"
    name: "ironic_conductor"
+    privileged: True
    volumes:
      - "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro"
      - "/etc/localtime:/etc/localtime:ro"
+      - "/sys:/sys"
+      - "/dev:/dev"
+      - "/run:/run"
+      - "kolla_logs:/var/log/kolla"
+      - "ironic:/var/lib/ironic"
      - "ironic_pxe:/tftpboot/"
  when: inventory_hostname in groups['ironic-conductor']

--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@ -1,6 +1,8 @@
 [DEFAULT]
 debug = {{ ironic_logging_debug }}

+log_dir = /var/log/kolla/ironic
+
 admin_user = {{ openstack_auth.username }}
 admin_password = {{ keystone_admin_password }}

@ -16,7 +18,7 @@ host_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['a
 {% if service_name == 'ironic-conductor' %}
 [conductor]
 api_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}
-clean_nodes = false
+automated_clean=false
 {% endif %}

 {% if service_name == 'ironic-inspector' %}
@ -41,9 +43,9 @@ auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_po
 auth_type = password
 project_domain_id = default
 user_domain_id = default
-admin_tenant_name = service
-admin_user = {{ ironic_keystone_user }}
-admin_password = {{ ironic_keystone_password }}
+project_name = service
+username = {{ ironic_keystone_user }}
+password = {{ ironic_keystone_password }}

 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
--- a/ansible/roles/nova/tasks/start_compute.yml
+++ b/ansible/roles/nova/tasks/start_compute.yml
@ -49,6 +49,7 @@
  when:
    - inventory_hostname in groups['compute']
    - not enable_nova_fake | bool
+    - not enable_ironic | bool

 - name: Starting nova-compute-ironic container
  kolla_docker:
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@ -96,6 +96,7 @@ html5proxy_port = {{ nova_spicehtml5proxy_port }}
 username = {{ ironic_keystone_user }}
 password = {{ ironic_keystone_password }}
 auth_url = {{ openstack_auth.auth_url }}/v3
+auth_type = password
 project_name = service
 user_domain_name = default
 project_domain_name = default
--- a/docker/ironic/ironic-api/Dockerfile.j2
+++ b/docker/ironic/ironic-api/Dockerfile.j2
@ -16,8 +16,8 @@ MAINTAINER {{ maintainer }}

 {% endif %}

-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
+RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start

 {% block ironic_api_footer %}{% endblock %}
 {% block footer %}{% endblock %}
--- a/docker/ironic/ironic-base/Dockerfile.j2
+++ b/docker/ironic/ironic-base/Dockerfile.j2
@ -18,16 +18,24 @@ MAINTAINER {{ maintainer }}

 ADD ironic-base-archive /ironic-base-source
 RUN ln -s ironic-base-source/* ironic \
-    && useradd --user-group ironic \
+    && useradd --user-group --create-home --home-dir /var/lib/ironic ironic \
    && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ironic \
-    && mkdir -p /etc/ironic /var/log/ironic /home/ironic \
+    && mkdir -p /etc/ironic /var/lib/ironic \
    && cp -r /ironic/etc/ironic/* /etc/ironic/ \
-    && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic \
+    && chown -R ironic: /etc/ironic /var/lib/ironic \
    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf

+ADD ironic_sudoers /etc/sudoers.d/kolla_ironic_sudoers
+RUN chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers
+
 {% endif %}

-RUN usermod -a -G kolla ironic \
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+
+RUN touch /usr/local/bin/kolla_ironic_extend_start \
+    && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ironic_extend_start \
+    && usermod -a -G kolla ironic \
    && chown -R ironic: /etc/ironic

 {% block ironic_base_footer %}{% endblock %}
--- a/docker/ironic/ironic-base/extend_start.sh
+++ b/docker/ironic/ironic-base/extend_start.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+
+LOG_PATH=/var/log/kolla/ironic
+
+if [[ ! -d "${LOG_PATH}" ]]; then
+    mkdir -p "${LOG_PATH}"
+fi
+if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then
+    chmod 755 "${LOG_PATH}"
+fi
+
+. /usr/local/bin/kolla_ironic_extend_start
--- a/docker/ironic/ironic-base/ironic_sudoers
+++ b/docker/ironic/ironic-base/ironic_sudoers
@ -0,0 +1 @@
+ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf *
--- a/docker/ironic/ironic-conductor/Dockerfile.j2
+++ b/docker/ironic/ironic-conductor/Dockerfile.j2
@ -9,25 +9,39 @@ MAINTAINER {{ maintainer }}
    {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
        {% set ironic_conductor_packages = [
            'openstack-ironic-conductor',
-            'qemu-img'
+            'qemu-img',
+            'ipmitool',
+            'parted',
+            'gdisk',
+            'psmisc'
        ] %}
    {% elif base_distro in ['ubuntu'] %}
        {% set ironic_conductor_packages = [
            'ironic-conductor',
            'qemu-utils',
-            'ipmitool'
+            'ipmitool',
+            'gdisk',
+            'psmisc',
+            'parted'
        ] %}
    {% endif %}
 {% elif install_type == 'source' %}
    {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
        {% set ironic_conductor_packages = [
            'qemu-img',
-            'ipmitool'
+            'ipmitool',
+            'parted',
+            'gdisk',
+            'psmisc',
+            'fuse'
        ] %}
    {% elif base_distro in ['ubuntu', 'debian'] %}
        {% set ironic_conductor_packages = [
            'qemu-utils',
-            'ipmitool'
+            'ipmitool',
+            'gdisk',
+            'psmisc',
+            'parted'
        ] %}
    {% endif %}
 {% endif %}
--- a/docker/ironic/ironic-pxe/Dockerfile.j2
+++ b/docker/ironic/ironic-pxe/Dockerfile.j2
@ -21,8 +21,8 @@ MAINTAINER {{ maintainer }}
 {{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }}

 COPY tftp-map-file /map-file
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
+RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start

 {% block ironic_pxe_footer %}{% endblock %}
 {% block footer %}{% endblock %}
				`@ -0,0 +1 @@`
				`ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf *`