From 15c93fdbd9325ea62a8e478a2b35f81db994c38e Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Thu, 4 May 2017 08:52:38 -0400
Subject: [PATCH] Move iscsid to a container

This configures iscsid so that it runs as a container on
relevant roles (undercloud, controller, compute, and volume).
When the iscsid docker service is provision it will also run
an ansible snippet that disables the iscsid.socket on the host
OS thus disabling the hosts systemd from auto-starting iscsid
as it normally does.

Co-Authored-By: Jon Bernard <jobernar@redhat.com>

Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
---
 docker/services/iscsid.yaml                | 109 +++++++++++++++++++++
 environments/docker.yaml                   |   1 +
 environments/hyperconverged-ceph.yaml      |   1 +
 overcloud-resource-registry-puppet.j2.yaml |   1 +
 roles/BlockStorage.yaml                    |   1 +
 roles/Compute.yaml                         |   1 +
 roles/Controller.yaml                      |   1 +
 roles/Undercloud.yaml                      |   1 +
 roles_data.yaml                            |   3 +
 roles_data_undercloud.yaml                 |   1 +
 10 files changed, 120 insertions(+)
 create mode 100644 docker/services/iscsid.yaml

diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml
new file mode 100644
index 0000000000..53f5aff29b
--- /dev/null
+++ b/docker/services/iscsid.yaml
@@ -0,0 +1,109 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Iscsid service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerIscsidImage:
+    description: image
+    default: 'centos-binary-iscsid:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+outputs:
+  role_data:
+    description: Role data for the Iscsid API role.
+    value:
+      service_name: iscsid
+      config_settings: {}
+      step_config: ''
+      service_config_settings: {}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: iscsid
+        #puppet_tags: file
+        step_config: ''
+        config_image: &iscsid_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/iscsid.json:
+          command: /usr/sbin/iscsid -f
+      docker_config:
+        step_3:
+          iscsid:
+            start_order: 2
+            image: *iscsid_image
+            net: host
+            privileged: true
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro
+                  - /dev/:/dev/
+                  - /run/:/run/
+                  - /sys:/sys
+                  - /lib/modules:/lib/modules:ro
+                  - /etc/iscsi:/etc/iscsi
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create /etc/iscsi
+          file:
+            path: /etc/iscsi
+            state: directory
+        - name: stat /lib/systemd/system/iscsid.socket
+          stat: path=/lib/systemd/system/iscsid.socket
+          register: stat_iscsid_socket
+        - name: Stop and disable iscsid.socket service
+          service: name=iscsid.socket state=stopped enabled=no
+          when: stat_iscsid_socket.stat.exists
+      upgrade_tasks:
+        - name: stat /lib/systemd/system/iscsid.service
+          stat: path=/lib/systemd/system/iscsid.service
+          register: stat_iscsid_service
+        - name: Stop and disable iscsid service
+          tags: step2
+          service: name=iscsid state=stopped enabled=no
+          when: stat_iscsid_service.stat.exists
+        - name: stat /lib/systemd/system/iscsid.socket
+          stat: path=/lib/systemd/system/iscsid.socket
+          register: stat_iscsid_socket
+        - name: Stop and disable iscsid.socket service
+          tags: step2
+          service: name=iscsid.socket state=stopped enabled=no
+          when: stat_iscsid_socket.stat.exists
+      metadata_settings: {}
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 2852794526..ed94b03583 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -47,6 +47,7 @@ resource_registry:
   OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml
   OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
   OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
+  OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
 
   OS::TripleO::PostDeploySteps: ../docker/post.yaml
   OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index 0f7e114359..05a3a39142 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -36,3 +36,4 @@ parameter_defaults:
     - OS::TripleO::Services::NeutronVppAgent
     - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Iscsid
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index d4c301bba0..c204277aa3 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -263,6 +263,7 @@ resource_registry:
   OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
   OS::TripleO::Services::Docker: OS::Heat::None
   OS::TripleO::Services::CertmongerUser: OS::Heat::None
+  OS::TripleO::Services::Iscsid: OS::Heat::None
 
 parameter_defaults:
   EnablePackageInstall: false
diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml
index d242a5bb9b..6d77247c71 100644
--- a/roles/BlockStorage.yaml
+++ b/roles/BlockStorage.yaml
@@ -12,6 +12,7 @@
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Iscsid
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Ntp
diff --git a/roles/Compute.yaml b/roles/Compute.yaml
index 73ec65953e..c7e2b2763f 100644
--- a/roles/Compute.yaml
+++ b/roles/Compute.yaml
@@ -21,6 +21,7 @@
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Iscsid
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::NeutronLinuxbridgeAgent
diff --git a/roles/Controller.yaml b/roles/Controller.yaml
index 7511d4c0fe..36c46c8c1a 100644
--- a/roles/Controller.yaml
+++ b/roles/Controller.yaml
@@ -57,6 +57,7 @@
     - OS::TripleO::Services::Horizon
     - OS::TripleO::Services::IronicApi
     - OS::TripleO::Services::IronicConductor
+    - OS::TripleO::Services::Iscsid
     - OS::TripleO::Services::Keepalived
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::Keystone
diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml
index 0a9bcadf97..bcdedc71ba 100644
--- a/roles/Undercloud.yaml
+++ b/roles/Undercloud.yaml
@@ -19,6 +19,7 @@
     - OS::TripleO::Services::IronicApi
     - OS::TripleO::Services::IronicConductor
     - OS::TripleO::Services::IronicPxe
+    - OS::TripleO::Services::Iscsid
     - OS::TripleO::Services::Keystone
     - OS::TripleO::Services::Memcached
     - OS::TripleO::Services::MistralApi
diff --git a/roles_data.yaml b/roles_data.yaml
index c536e834e2..a00f89bff7 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -60,6 +60,7 @@
     - OS::TripleO::Services::Horizon
     - OS::TripleO::Services::IronicApi
     - OS::TripleO::Services::IronicConductor
+    - OS::TripleO::Services::Iscsid
     - OS::TripleO::Services::Keepalived
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::Keystone
@@ -144,6 +145,7 @@
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Iscsid
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::NeutronLinuxbridgeAgent
@@ -175,6 +177,7 @@
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::FluentdClient
+    - OS::TripleO::Services::Iscsid
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Ntp
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index ad760fd65d..a31c093e25 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -22,6 +22,7 @@
     - OS::TripleO::Services::IronicApi
     - OS::TripleO::Services::IronicConductor
     - OS::TripleO::Services::IronicPxe
+    - OS::TripleO::Services::Iscsid
     - OS::TripleO::Services::Keystone
     - OS::TripleO::Services::Memcached
     - OS::TripleO::Services::MistralApi