3ae13ab413
To reuse the tripleo containers when running libvirtd container
on OCP we need to run it via a wrapper script and create our own
cgroups and run libvirtd using cgexec to break out the default
OCP cgroup of the pod. Otherwise if the libvirtd pod gets
deleted/recreated all VMs get shutdown as OCP cleans up the
resources owned by the pod.
Change-Id: I469b4f51c57e1651f42064b0134aa3916af72d80
(cherry picked from commit dde8702afe)
1038 lines
31 KiB
Django/Jinja
1038 lines
31 KiB
Django/Jinja
{% extends parent_template %}
|
|
{# ======================= HEADERS ====================== #}
|
|
|
|
{# base #}
|
|
|
|
# add ENV for container=oci
|
|
# https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2017-April/msg00011.html
|
|
{% block base_header %}ENV container=oci{% endblock %}
|
|
|
|
{# opendaylight #}
|
|
|
|
# Enable ODL repo in ODL Dockerfile
|
|
{% block opendaylight_header %}
|
|
RUN echo $'[opendaylight-8-devel]\n\
|
|
name=OpenDaylight Oxygen repository\n\
|
|
# The opendaylight packages are currently built noarch, but the repo hosting
|
|
# them is hard-coded as an x86_64 repository. To enable multiarch use of the
|
|
# packages, we can hard-code x86_64 below, and update when the repository
|
|
# definitions are archful.
|
|
baseurl=https://nexus.opendaylight.org/content/repositories/opendaylight-oxygen-epel-7-x86_64-devel/\n\
|
|
enabled=1\n\
|
|
gpgcheck=0' >> /etc/yum.repos.d/opendaylight.repo
|
|
{% endblock %}
|
|
|
|
{# ======================= PACKAGES ====================== #}
|
|
|
|
{# base #}
|
|
|
|
# Disable external repos
|
|
{% set base_yum_repo_files_override = [] %}
|
|
{% set base_yum_url_packages_override = [] %}
|
|
{% set base_yum_repo_keys_override = [] %}
|
|
|
|
{% block dumb_init_installation %}{% endblock %}
|
|
|
|
# Remove EPEL and the dependencies requiring it
|
|
{% set base_centos_yum_repo_keys_remove = [
|
|
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud',
|
|
] %}
|
|
|
|
{% set base_centos_yum_repo_packages_remove = [
|
|
'centos-release-openstack-train',
|
|
'epel-release'
|
|
] %}
|
|
{% set base_centos_yum_repo_packages_append = [
|
|
'centos-release-opstools'
|
|
] %}
|
|
|
|
{% set base_centos_binary_packages_remove = ['scsi-target-utils'] %}
|
|
|
|
# This installs the puppet dependency in the base container and includes helper scripts
|
|
# Rsync is required for docker-puppet.py to move the generated config to /var/lib/config-data
|
|
# Cron is required by multiple services
|
|
# Override dumb-init installation
|
|
{% set base_centos_binary_packages_append = [
|
|
'cronie',
|
|
'crudini',
|
|
'dumb-init',
|
|
'openstack-tripleo-common-container-base',
|
|
'puppet-tripleo',
|
|
'rsync'
|
|
] %}
|
|
|
|
{% if distro_python_version.startswith('3') %}
|
|
# NOTE(aschultz): puppet-firewall throws errors when trying to query the rules
|
|
{% set base_centos_binary_packages_append = base_centos_binary_packages_append + ['iptables-services'] %}
|
|
{% endif %}
|
|
|
|
# Remove packages not present in repos
|
|
#
|
|
{% if distro_python_version.startswith('3') %}
|
|
{% set openstack_base_packages_remove = [
|
|
'python3-cloudkittyclient',
|
|
'python3-congressclient',
|
|
'python3-elasticsearch',
|
|
'python3-magnumclient',
|
|
'python3-muranoclient',
|
|
'python3-pika',
|
|
'python3-troveclient',
|
|
'python3-vitrageclient'
|
|
] %}
|
|
{% else %}
|
|
{% set openstack_base_packages_remove = [
|
|
'python-cloudkittyclient',
|
|
'python-elasticsearch',
|
|
'python-magnumclient',
|
|
'python-muranoclient',
|
|
'python-troveclient',
|
|
'python-vitrageclient',
|
|
'python2-pika'
|
|
] %}
|
|
{% endif %}
|
|
{% set openstack_base_packages_append = ['openstack-selinux'] %}
|
|
|
|
|
|
{# barbican #}
|
|
|
|
{% if distro_python_version.startswith('3') %}
|
|
{% set barbican_api_packages_remove = ['uwsgi-plugin-python3'] %}
|
|
{% else %}
|
|
{% set barbican_api_packages_remove = ['uwsgi-plugin-python'] %}
|
|
{% endif %}
|
|
|
|
|
|
{# cinder #}
|
|
|
|
{% set cinder_volume_packages_append = [
|
|
'libqb',
|
|
'pacemaker',
|
|
'pacemaker-remote',
|
|
'pcs',
|
|
'resource-agents'
|
|
] %}
|
|
{% set cinder_volume_packages_remove = ['scsi-target-utils'] %}
|
|
|
|
|
|
{# ec2 api #}
|
|
|
|
# NOTE (ratailor): ec2-api with TLS needs these packages.
|
|
{% set ec2_api_packages_append = ['httpd', 'mod_ssl'] %}
|
|
|
|
|
|
{# fluentd #}
|
|
|
|
# NOTE(cloudnull): Remove "td-agent" packages and plugins from the fluentd container.
|
|
{% set fluentd_packages_remove = ['td-agent'] %}
|
|
{% set fluentd_packages_append = ['fluentd', 'hostname'] %}
|
|
{% set fluentd_plugins_remove = [
|
|
'fluent-plugin-grep',
|
|
'fluent-plugin-grok-parser',
|
|
'fluent-plugin-kubernetes_metadata_filter',
|
|
'fluent-plugin-parser',
|
|
'fluent-plugin-rewrite-tag-filter',
|
|
'fluent-plugin-secure-forward'
|
|
] %}
|
|
|
|
# make sure no gems are installed
|
|
{% block fluentd_plugins_install %}{% endblock %}
|
|
{% block fluentd_monasca_plugin_install %}{% endblock %}
|
|
|
|
|
|
{# glance #}
|
|
|
|
# NOTE (jaosorior): glance-api with TLS everywhere needs these packages.
|
|
# NOTE(mandre) Apache cleanup done below in glance_api_footer block
|
|
{% set glance_api_packages_append = [
|
|
'httpd',
|
|
'mod_ssl'
|
|
] %}
|
|
|
|
|
|
{# haproxy #}
|
|
|
|
{% set haproxy_packages_append = [
|
|
'libqb',
|
|
'pacemaker',
|
|
'pacemaker-remote',
|
|
'pcs',
|
|
'resource-agents'
|
|
] %}
|
|
|
|
|
|
{# horizon #}
|
|
|
|
# Horizon dashboards we do not support
|
|
# See LP#1767520
|
|
{% set horizon_packages_remove = [
|
|
'openstack-cloudkitty-ui',
|
|
'openstack-murano-ui',
|
|
'openstack-trove-ui'
|
|
] %}
|
|
|
|
|
|
{# ironic #}
|
|
|
|
{% set ironic_conductor_packages_remove = ['shellinabox'] %}
|
|
|
|
|
|
{# manila #}
|
|
|
|
{% set manila_share_packages_append = [
|
|
'libqb',
|
|
'pacemaker',
|
|
'pacemaker-remote',
|
|
'pcs',
|
|
'resource-agents'
|
|
] %}
|
|
|
|
|
|
{# mariadb #}
|
|
|
|
# Use mariadb-server-galera and xinetd for galera and clustercheck
|
|
{# 'pv' # EPEL
|
|
#}
|
|
{% set mariadb_packages_remove = [
|
|
'pv'
|
|
] %}
|
|
{% set mariadb_packages_append = [
|
|
'libqb',
|
|
'pacemaker',
|
|
'pacemaker-remote',
|
|
'pcs',
|
|
'resource-agents',
|
|
'xinetd'
|
|
] %}
|
|
|
|
|
|
{# mistral #}
|
|
|
|
# tripleo-common: Required for mistral-db-populate to load tripleo custom
|
|
# actions on the undercloud
|
|
{% set mistral_base_packages_append = ['openstack-tripleo-common'] %}
|
|
{% if distro_python_version.startswith('3') %}
|
|
{% set mistral_base_packages_append = mistral_base_packages_append + [
|
|
'python3-shade',
|
|
'python3dist\(ansible\)'
|
|
] %}
|
|
{% else %}
|
|
{% set mistral_base_packages_append = mistral_base_packages_append + [
|
|
'ansible',
|
|
'python-shade'
|
|
] %}
|
|
{% endif %}
|
|
# NOTE: Mistral executor needs:
|
|
# ipmitool: for baremetal node discovery
|
|
# nova-common: to run nova-manage cells_v2 commands on
|
|
# openstack-tripleo-validations: validations
|
|
# qemu-img: convert Octavia amphora qcow2 to raw
|
|
# tripleo-heat-templates: to load the default plan from the CLI/UI
|
|
{% set mistral_executor_packages_append = [
|
|
'ipmitool',
|
|
'openstack-nova-common',
|
|
'openstack-tripleo-heat-templates',
|
|
'openstack-tripleo-validations',
|
|
'qemu-img'
|
|
] %}
|
|
# novajoin: This is required for TLS everywhere, as config_drive will contain
|
|
# the cloud-init script provided by the novajoin package in order to enroll the
|
|
# nodes to the CA
|
|
{% if distro_python_version.startswith('3') %}
|
|
{% set mistral_executor_packages_append = mistral_executor_packages_append + ['python3-novajoin'] %}
|
|
{% else %}
|
|
{% set mistral_executor_packages_append = mistral_executor_packages_append + ['python-novajoin'] %}
|
|
{% endif %}
|
|
|
|
|
|
{# neutron #}
|
|
|
|
# NOTE (jaosorior): neutron-server with TLS everywhere needs httpd and mod_ssl packages.
|
|
# NOTE (hjensas): python2-networking-baremetal ML2 plug-in for ironic neutron integration.
|
|
# NOTE (ramishra): python2-networking-ansible ML2 plug-in for neutron ansible integration.
|
|
{% set neutron_server_packages_append = [
|
|
'httpd',
|
|
'mod_ssl'
|
|
] %}
|
|
{% if distro_python_version.startswith('3') %}
|
|
{% set neutron_server_packages_append = neutron_server_packages_append + [
|
|
'python3-networking-ansible',
|
|
'python3-networking-baremetal'
|
|
] %}
|
|
{% else %}
|
|
{% set neutron_server_packages_append = neutron_server_packages_append + [
|
|
'python2-networking-ansible',
|
|
'python2-networking-baremetal'
|
|
] %}
|
|
{% endif %}
|
|
|
|
{% set neutron_metadata_agent_ovn_packages_append = [
|
|
'libseccomp',
|
|
'podman'
|
|
] %}
|
|
{% set neutron_l3_agent_packages_append = [
|
|
'libseccomp',
|
|
'podman'
|
|
] %}
|
|
# Kolla doesn't currently neutron_dhcp_agent_packages on CentOS so the append
|
|
# isn't valid here.
|
|
{% set neutron_dhcp_agent_packages = [
|
|
'libseccomp',
|
|
'podman'
|
|
] %}
|
|
|
|
{% if distro_python_version.startswith('2') %}
|
|
{% set neutron_metadata_agent_ovn_packages_append = neutron_metadata_agent_ovn_packages_append + ['docker'] %}
|
|
{% set neutron_l3_agent_packages_append = neutron_l3_agent_packages_append + ['docker'] %}
|
|
{% set neutron_dhcp_agent_packages = neutron_dhcp_agent_packages + ['docker'] %}
|
|
{% endif %}
|
|
|
|
|
|
{# nova #}
|
|
|
|
# This installs the novajoin package in the nova container images; This is
|
|
# required for TLS everywhere, as config_driuve will contain the cloud-init
|
|
# script provided by the novajoin package in order to enroll the nodes to the
|
|
# CA
|
|
{% if distro_python_version.startswith('3') %}
|
|
{% set nova_api_packages_append = ['python3-novajoin'] %}
|
|
{% set nova_compute_ironic_packages_append = ['python3-novajoin'] %}
|
|
{% else %}
|
|
{% set nova_api_packages_append = ['python-novajoin'] %}
|
|
{% set nova_compute_ironic_packages_append = ['python-novajoin'] %}
|
|
{% endif %}
|
|
|
|
{% set nova_scheduler_packages_append = ['openstack-tripleo-common'] %}
|
|
|
|
# Required for nova migration
|
|
{% set nova_compute_packages_append = [
|
|
'openssh-server',
|
|
'openstack-nova-migration'
|
|
] %}
|
|
{% set nova_libvirt_packages_remove = ['libvirt-daemon-driver-lxc'] %}
|
|
# On RHEL7 /etc/pki/CA was part of base openssl package.
|
|
# On RHEL8 it is now in openssl-perl.
|
|
{% set nova_libvirt_packages_append = [
|
|
'libcgroup-tools',
|
|
'libseccomp',
|
|
'openssl-perl',
|
|
'openstack-nova-migration',
|
|
'podman'
|
|
] %}
|
|
{% if distro_python_version.startswith('2') %}
|
|
{% set nova_libvirt_packages_append = nova_libvirt_packages_append + ['docker'] %}
|
|
{% endif %}
|
|
|
|
|
|
{# octavia #}
|
|
|
|
{% if distro_python_version.startswith('3') %}
|
|
{% set octavia_api_packages_append = ['python3-networking-ovn'] %}
|
|
{% else %}
|
|
{% set octavia_api_packages_append = ['python-networking-ovn'] %}
|
|
{% endif %}
|
|
|
|
|
|
{# ovn #}
|
|
|
|
{% set ovn_northd_packages_append = [
|
|
'libqb',
|
|
'pacemaker',
|
|
'pacemaker-remote',
|
|
'pcs',
|
|
'resource-agents'
|
|
] %}
|
|
|
|
|
|
{# placement #}
|
|
|
|
# Required to allow the mysql-migrate-db.sh data extraction script to be used
|
|
# during an upgrade.
|
|
{% set placement_api_packages_append = ['mariadb'] %}
|
|
|
|
|
|
{# rabbitmq #}
|
|
|
|
{% block rabbitmq_install_plugins %}
|
|
# External rabbitmq plugins installation is disabled
|
|
{% endblock %}
|
|
# workaround for LP #1814233
|
|
# Review https://review.opendev.org/#/c/634365/
|
|
# Remove when https://review.opendev.org/#/c/634402/ is merged
|
|
{% set rabbitmq_packages_remove = ['rabbitmq-server-3.7.10'] %}
|
|
{% set rabbitmq_packages_append = [
|
|
'libqb',
|
|
'pacemaker',
|
|
'pacemaker-remote',
|
|
'pcs',
|
|
'rabbitmq-server',
|
|
'resource-agents'
|
|
] %}
|
|
|
|
|
|
{# redis #}
|
|
|
|
# NOTE (jaosorior): redis with TLS everywhere needs these packages.
|
|
# redis resource-agent requires pidof
|
|
{% set redis_packages_append = [
|
|
'libqb',
|
|
'pacemaker',
|
|
'pacemaker-remote',
|
|
'pcs',
|
|
'resource-agents',
|
|
'stunnel'
|
|
] %}
|
|
{% if distro_python_version.startswith('3') %}
|
|
{% set redis_packages_append = redis_packages_append + ['procps-ng'] %}
|
|
{% else %}
|
|
{% set redis_packages_append = redis_packages_append + ['sysvinit-tools'] %}
|
|
{% endif %}
|
|
|
|
|
|
{# sensu #}
|
|
|
|
{% if base_distro == 'rhel' and base_distro_tag.startswith('8') %}
|
|
{% set sensu_client_packages_append = ['systemd-udev'] %}
|
|
{% endif %}
|
|
{% set sensu_client_packages_remove = [
|
|
'ceph-common',
|
|
'cyrus-sasl-devel',
|
|
'docker-client',
|
|
'gcc-c++',
|
|
'make',
|
|
'mariadb',
|
|
'ntp',
|
|
'python-pymongo',
|
|
'python2-pymongo',
|
|
'python3-pymongo',
|
|
'ruby-devel'
|
|
] %}
|
|
|
|
{% block sensu_clients_install %}{% endblock %}
|
|
|
|
|
|
{# swift #}
|
|
|
|
# FIXME (kolla review to add ceilometer to swift proxy image)
|
|
# NOTE (jaosorior): swift proxy with TLS everywhere needs these packages.
|
|
# NOTE(mandre) Apache cleanup done below in swift_proxy_server_footer block
|
|
{% set swift_proxy_server_packages_append = [
|
|
'httpd',
|
|
'mod_ssl',
|
|
'openstack-ceilometer-common'
|
|
] %}
|
|
|
|
# TODO(mwhahaha): drop this when swift is python3
|
|
{% if base_distro_tag.startswith('8') %}
|
|
{% set swift_proxy_server_packages_remove = ['python-ceilometermiddleware'] %}
|
|
{% set swift_proxy_server_packages_append = swift_proxy_server_packages_append + ['python3-ceilometermiddleware'] %}
|
|
{% endif %}
|
|
|
|
{# ======================= FOOTERS ====================== #}
|
|
|
|
{# base #}
|
|
|
|
{% block base_footer %}
|
|
# workaround LP1696283
|
|
RUN mkdir -p /etc/ssh && touch /etc/ssh/ssh_known_hosts
|
|
# workaround for LP#1765802
|
|
STOPSIGNAL SIGTERM
|
|
# In order to ensure that we have the last base packages, we would like to do
|
|
# a yum update in the kolla base image. All the other images should inherit this
|
|
# but if the base distro container is out of date (i.g. 7.4 but 7.5 is out) this
|
|
# will pull in the updated packages available. Related issue LP#1770355
|
|
RUN yum update -y && yum clean all && rm -rf /var/cache/yum
|
|
{% endblock %}
|
|
|
|
|
|
{# aodh #}
|
|
|
|
{% block aodh_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block aodh_evaluator_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-evaluator /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block aodh_listener_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-listener /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block aodh_notifier_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-notifier /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# barbican #}
|
|
|
|
{% block barbican_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block barbican_keystone_listener_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-keystone-listener /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block barbican_worker_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-worker /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# ceilometer #}
|
|
{% block ceilometer_central_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-central /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block ceilometer_compute_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-compute /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block ceilometer_ipmi_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-ipmi /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block ceilometer_notification_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-notification /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block cinder_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% set cinder_backup_packages_append = [
|
|
'pacemaker', 'pacemaker-remote', 'pcs', 'libqb', 'resource-agents'] %}
|
|
{% block cinder_backup_footer %}
|
|
RUN mkdir -p /etc/libqb /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-backup /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block cinder_scheduler_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-scheduler /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
# remove the block to override the behavior
|
|
{% block cinder_volume_redhat_setup %}{% endblock %}
|
|
{% block cinder_volume_footer %}
|
|
RUN mkdir -p /etc/libqb /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-volume /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# collectd #}
|
|
|
|
{% block collectd_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/collectd /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# ec2 #}
|
|
|
|
{% block ec2_api_footer %}
|
|
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
|
|
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \
|
|
&& echo "if [[ "\$\(whoami\)" == 'root' ]]; then rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*; fi" >> /usr/local/bin/kolla_extend_start
|
|
{% endblock %}
|
|
|
|
|
|
{# etcd #}
|
|
|
|
{% block etcd_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/etcd /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# fluentd #}
|
|
|
|
{% block fluentd_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/fluentd /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# glance #}
|
|
|
|
{% block glance_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/glance-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck && \
|
|
sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && \
|
|
sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf && \
|
|
echo "if [[ "\$\(whoami\)" == 'root' ]]; then rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*; fi" >> /usr/local/bin/kolla_glance_extend_start
|
|
{% endblock %}
|
|
|
|
|
|
{# gnocchi #}
|
|
|
|
{% block gnocchi_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block gnocchi_metricd_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-metricd /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block gnocchi_statsd_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-statsd /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# haproxy #}
|
|
|
|
{% block haproxy_footer %}
|
|
RUN mkdir /etc/libqb
|
|
{% endblock %}
|
|
|
|
|
|
{# heat #}
|
|
|
|
{% block heat_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block heat_api_cfn_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api-cfn /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block heat_engine_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-engine /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# horizon #}
|
|
|
|
{% block horizon_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/horizon /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# ironic #}
|
|
|
|
{% block ironic_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block ironic_conductor_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-conductor /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block ironic_inspector_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-inspector /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block ironic_pxe_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-pxe /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block ironic_neutron_agent_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-neutron-agent /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# iscsi #}
|
|
|
|
{% block iscsid_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/iscsid /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# keystone #}
|
|
|
|
{% block keystone_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/keystone /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# manila #}
|
|
|
|
{% block manila_scheduler_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/manila-scheduler /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block manila_share_footer %}
|
|
RUN mkdir /etc/libqb
|
|
{% endblock %}
|
|
|
|
|
|
{# mariadb #}
|
|
|
|
{% block mariadb_footer %}
|
|
# We'll configure mariadb with galera.cnf.
|
|
# Note: in mariadb 10.3, auth_gssapi.cnf is shipped in optional
|
|
# mariadb-gssapi-server. We don't install it here, so force rm
|
|
RUN rm -f /etc/my.cnf.d/mariadb-server.cnf /etc/my.cnf.d/auth_gssapi.cnf
|
|
|
|
RUN mkdir -p /etc/libqb /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/mariadb /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# memcache #}
|
|
|
|
{% block memcached_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/memcached /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# mistral #}
|
|
|
|
{% block mistral_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block mistral_engine_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-engine /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block mistral_executor_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-executor /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
# TODO(emilien) Remove once proper packaging is released for Ansible
|
|
{% if distro_python_version.startswith('3') %}
|
|
RUN test -f /usr/bin/ansible-playbook-3 || ln -s /usr/bin/ansible-playbook /usr/bin/ansible-playbook-3
|
|
{% endif %}
|
|
USER root
|
|
RUN useradd validations
|
|
USER mistral
|
|
{% endblock %}
|
|
|
|
{% block mistral_event_engine_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-event-engine /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# multipathd #}
|
|
|
|
{% block multipathd_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/multipathd /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# neutron #}
|
|
|
|
{% block neutron_server_footer %}
|
|
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
|
|
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \
|
|
&& echo "if [[ "\$\(whoami\)" == 'root' ]]; then rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*; fi" >> /usr/local/bin/kolla_neutron_extend_start; \
|
|
mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block neutron_dhcp_agent_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-dhcp /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block neutron_l3_agent_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-l3 /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block neutron_metadata_agent_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-metadata /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block neutron_openvswitch_agent_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-ovs-agent /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block neutron_sriov_agent_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-sriov-agent /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block neutron_metadata_agent_ovn_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ovn-metadata /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# nova #}
|
|
|
|
{% block nova_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block nova_compute_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-compute /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block nova_compute_ironic_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-ironic /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block nova_libvirt_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-libvirt /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block nova_novncproxy_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-vnc-proxy /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}]
|
|
|
|
{% block nova_scheduler_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-scheduler /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block nova_conductor_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-conductor /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# octavia #}
|
|
|
|
{% block octavia_api_footer %}
|
|
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
|
|
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \
|
|
&& echo "if [[ "\$\(whoami\)" == 'root' ]]; then rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*; fi" >> /usr/local/bin/kolla_octavia_extend_start; \
|
|
mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block octavia_health_manager_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-health-manager /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block octavia_housekeeping_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-housekeeping /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block octavia_worker_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-worker /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# opendaylight #}
|
|
|
|
{% block opendaylight_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/opendaylight-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# ovn #}
|
|
|
|
{% block ovn_controller_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ovn-controller /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block ovn_northd_footer %}
|
|
RUN mkdir /etc/libqb && mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/ovn-dbs /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# panko #}
|
|
|
|
{% block panko_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/panko-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# placement #}
|
|
|
|
{% block placement_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/placement-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# qrouterd #}
|
|
|
|
{% block qdrouterd_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/qdrouterd /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# rabbitmq #}
|
|
|
|
{% block rabbitmq_footer %}
|
|
RUN mkdir -p /etc/libqb /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/rabbitmq /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# redis #}
|
|
|
|
{% block redis_footer %}
|
|
RUN mkdir /etc/libqb; mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/redis /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# sahara #}
|
|
|
|
{% block sahara_api_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/sahara-api /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block sahara_engine_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/sahara-engine /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# sensu #}
|
|
|
|
{% block sensu_client_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/sensu-client /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
|
|
{# swift #}
|
|
|
|
{% block swift_account_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-account-server /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block swift_container_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-container-server /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block swift_object_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-object-server /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|
|
|
|
{% block swift_proxy_server_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-proxy /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck && \
|
|
sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && \
|
|
sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf && \
|
|
echo "if [[ "\$\(whoami\)" == 'root' ]]; then rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*; fi" >> /usr/local/bin/kolla_extend_start
|
|
{% endblock %}
|
|
|
|
# Note(mmagr): Below block is currently noop because swift-object kolla image is used
|
|
# for swift_rsync container, but it will allow smooth transition
|
|
# to usage of correct image for the service in future.
|
|
{% block swift_rsyncd_footer %}
|
|
RUN mkdir -p /openstack && \
|
|
ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-rsync /openstack/healthcheck && \
|
|
chmod a+rx /openstack/healthcheck
|
|
{% endblock %}
|