Break out image prepare into its own "service"

This makes the docker-registry service focused on installing the registry, as it should be. Also this makes it possible to invoke this service during overcloud deploy too. This change also switches to calling the tripleo-common script tripleo-container-image-prepare instead of the full openstack command. This will allow a mistral image to do a prepare without depending on the python-tripleoclient package. The {{role}}Services and {{role}}Count are propagated to tripleo-container-image-prepare so that images are filtered correctly. sudo is used instead of become:true so that the tripleo-common mistral sudoers pattern matches. Depends-On: Ic1648e43f45bb7604d4c0f9abf247a475fb23707 Change-Id: Ibc16bed673de7b22cd8eef3f6fb0d45871083873 Blueprint: container-prepare-workflow
2018-07-12 12:12:14 +12:00 · 2018-07-12 12:12:14 +12:00 · 1bda1fd9a7
commit 1bda1fd9a7
parent dfb946ff19
6 changed files with 105 additions and 37 deletions
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@ -4,6 +4,7 @@ resource_registry:
  OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml
  OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml
  OS::TripleO::Services::DockerRegistry: ../puppet/services/docker-registry.yaml
+  OS::TripleO::Services::ContainerImagePrepare: ../puppet/services/container-image-prepare.yaml
  # Allows us to control the external VIP for Undercloud SSL
  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml

--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@ -302,6 +302,7 @@ resource_registry:
  OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
  OS::TripleO::Services::Docker: puppet/services/docker.yaml
  OS::TripleO::Services::DockerRegistry: OS::Heat::None
+  OS::TripleO::Services::ContainerImagePrepare: OS::Heat::None
  OS::TripleO::Services::CertmongerUser: puppet/services/certmonger-user.yaml
  OS::TripleO::Services::Clustercheck: OS::Heat::None
  OS::TripleO::Services::RsyslogSidecar: OS::Heat::None
--- a/puppet/services/container-image-prepare.j2.yaml
+++ b/puppet/services/container-image-prepare.j2.yaml
@ -1,7 +1,7 @@
 heat_template_version: rocky

 description: >
-  Configures docker-registry on a host.
+  Prepare container images

 parameters:
  EndpointMap:
@ -30,10 +30,6 @@ parameters:
    default: {}
    description: Parameters specific to the role
    type: json
-  LocalContainerRegistry:
-    default: ''
-    description: The IP address used to bind the local container registry
-    type: string
  ContainerImagePrepare:
    default: {}
    description: Used to run "openstack tripleo container image prepare".
@ -44,41 +40,38 @@ parameters:
    default: 'tripleo-container-image-prepare.log'
    type: string
    description: Used to store outputs of "openstack tripleo container image prepare".
+  DockerInsecureRegistryAddress:
+    description: Optional. The IP Address and Port of an insecure docker
+                 namespace that will be configured in /etc/sysconfig/docker.
+                 The value can be multiple addresses separated by commas.
+    type: comma_delimited_list
+    default: []

-conditions:
-  local_container_registry_is_empty: {equals : [{get_param: LocalContainerRegistry}, '']}
+{% for role in roles %}
+  # Parameters generated for {{role.name}} Role
+  {{role.name}}Services:
+    description: A list of service resources (configured in the Heat
+                 resource_registry) which represent nested stacks
+                 for each service that should get installed on the {{role.name}} role.
+    type: comma_delimited_list
+
+  {{role.name}}Count:
+    description: Number of {{role.name}} nodes to deploy
+    type: number
+    default: {{role.CountDefault|default(0)}}
+{% endfor %}

 outputs:
  role_data:
-    description: Role data for the docker registry service
+    description: Role data for container image prepare
    value:
-      service_name: docker_registry
-      config_settings:
-        tripleo.docker_registry.firewall_rules:
-          '155 docker-registry':
-            dport:
-              - 8787
-              - 13787
-      step_config: ''
-      host_prep_tasks:
-        - name: Install, Configure and Run Docker Distribution
-          block:
-          # NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621
-          - set_fact:
-              container_registry_host:
-                if:
-                - local_container_registry_is_empty
-                - {get_param: [EndpointMap, DockerRegistryInternal, host]}
-                - {get_param: LocalContainerRegistry}
-              container_registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]}
-              log_file: {get_param: ContainerImagePrepareLogFile}
-          - include_role:
-              name: container-registry
-              tasks_from: docker-distribution
+      service_name: container_image_prepare
      external_deploy_tasks:
        - name: Container image prepare
          when: step|int == 1
          block:
+          - set_fact:
+              log_file: {get_param: ContainerImagePrepareLogFile}
          - name: Create temp file for prepare parameter
            tempfile:
              state: file
@ -95,12 +88,17 @@ outputs:
              content:
                parameter_defaults:
                  ContainerImagePrepare: {get_param: ContainerImagePrepare}
+                  DockerInsecureRegistryAddress: {get_param: DockerInsecureRegistryAddress}
+{% for role in roles %}
+                  {{role.name}}Services: {get_param: {{role.name}}Services}
+                  {{role.name}}Count: {get_param: {{role.name}}Count}
+{% endfor %}
          - name: Write role data file
            copy:
              dest: "{{ '{{' }} role_data.path {{ '}}' }}"
              content: {{ roles }}
-          - name: Run openstack tripleo container image prepare
-            command: openstack tripleo container image prepare --log-file {{ '{{' }} log_file {{ '}}' }} --roles-file {{ '{{' }} role_data.path {{ '}}' }} --environment-file {{ '{{' }} prepare_param.path {{ '}}' }} --cleanup partial --verbose
+          - name: Run tripleo-container-image-prepare
+            shell: sudo /usr/bin/tripleo-container-image-prepare --roles-file {{ '{{' }} role_data.path {{ '}}' }} --environment-file {{ '{{' }} prepare_param.path {{ '}}' }} --cleanup partial 2> {{ '{{' }} log_file {{ '}}' }}
          - name: Delete param file
            file:
              dest: "{{ '{{' }} prepare_param.path {{ '}}' }}"
@ -109,7 +107,3 @@ outputs:
            file:
              dest: "{{ '{{' }} role_data.path {{ '}}' }}"
              state: absent
-      upgrade_tasks:
-        - name: Install docker packages on upgrade if missing
-          when: step|int == 3
-          package: name=docker-distribution state=latest
--- a/puppet/services/docker-registry.yaml
+++ b/puppet/services/docker-registry.yaml
@ -0,0 +1,70 @@
+heat_template_version: rocky
+
+description: >
+  Configures docker-registry on a host.
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  LocalContainerRegistry:
+    default: ''
+    description: The IP address used to bind the local container registry
+    type: string
+
+conditions:
+  local_container_registry_is_empty: {equals : [{get_param: LocalContainerRegistry}, '']}
+
+outputs:
+  role_data:
+    description: Role data for the docker registry service
+    value:
+      service_name: docker_registry
+      config_settings:
+        tripleo.docker_registry.firewall_rules:
+          '155 docker-registry':
+            dport:
+              - 8787
+              - 13787
+      step_config: ''
+      host_prep_tasks:
+        - name: Install, Configure and Run Docker Distribution
+          block:
+          # NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621
+          - set_fact:
+              container_registry_host:
+                if:
+                - local_container_registry_is_empty
+                - {get_param: [EndpointMap, DockerRegistryInternal, host]}
+                - {get_param: LocalContainerRegistry}
+              container_registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]}
+          - include_role:
+              name: container-registry
+              tasks_from: docker-distribution
+      upgrade_tasks:
+        - name: Install docker packages on upgrade if missing
+          when: step|int == 3
+          package: name=docker-distribution state=latest
--- a/roles/Undercloud.yaml
+++ b/roles/Undercloud.yaml
@ -30,6 +30,7 @@
    - OS::TripleO::Services::CinderApi
    - OS::TripleO::Services::CinderScheduler
    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::ContainerImagePrepare
    - OS::TripleO::Services::ContainersLogrotateCrond
    - OS::TripleO::Services::Docker
    - OS::TripleO::Services::DockerRegistry
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@ -33,6 +33,7 @@
    - OS::TripleO::Services::CinderApi
    - OS::TripleO::Services::CinderScheduler
    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::ContainerImagePrepare
    - OS::TripleO::Services::ContainersLogrotateCrond
    - OS::TripleO::Services::Docker
    - OS::TripleO::Services::DockerRegistry