Break out image prepare into its own "service"

This makes the docker-registry service focused on installing the
registry, as it should be. Also this makes it possible to invoke this
service during overcloud deploy too.

This change also switches to calling the tripleo-common script
tripleo-container-image-prepare instead of the full openstack command.
This will allow a mistral image to do a prepare without depending on
the python-tripleoclient package.

The {{role}}Services and {{role}}Count are propagated to
tripleo-container-image-prepare so that images are filtered correctly.

sudo is used instead of become:true so that the tripleo-common mistral
sudoers pattern matches.

Depends-On: Ic1648e43f45bb7604d4c0f9abf247a475fb23707
Change-Id: Ibc16bed673de7b22cd8eef3f6fb0d45871083873
Blueprint: container-prepare-workflow

environments/undercloud.yaml

@@ -4,6 +4,7 @@ resource_registry:
   OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml
   OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml
   OS::TripleO::Services::DockerRegistry: ../puppet/services/docker-registry.yaml
+  OS::TripleO::Services::ContainerImagePrepare: ../puppet/services/container-image-prepare.yaml
   # Allows us to control the external VIP for Undercloud SSL
   OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml
 

overcloud-resource-registry-puppet.j2.yaml

@@ -302,6 +302,7 @@ resource_registry:
   OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
   OS::TripleO::Services::Docker: puppet/services/docker.yaml
   OS::TripleO::Services::DockerRegistry: OS::Heat::None
+  OS::TripleO::Services::ContainerImagePrepare: OS::Heat::None
   OS::TripleO::Services::CertmongerUser: puppet/services/certmonger-user.yaml
   OS::TripleO::Services::Clustercheck: OS::Heat::None
   OS::TripleO::Services::RsyslogSidecar: OS::Heat::None

puppet/services/container-image-prepare.j2.yaml

@@ -1,7 +1,7 @@
 heat_template_version: rocky
 
 description: >
-  Configures docker-registry on a host.
+  Prepare container images
 
 parameters:
   EndpointMap:
@@ -30,10 +30,6 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
-  LocalContainerRegistry:
-    default: ''
-    description: The IP address used to bind the local container registry
-    type: string
   ContainerImagePrepare:
     default: {}
     description: Used to run "openstack tripleo container image prepare".
@@ -44,41 +40,38 @@ parameters:
     default: 'tripleo-container-image-prepare.log'
     type: string
     description: Used to store outputs of "openstack tripleo container image prepare".
+  DockerInsecureRegistryAddress:
+    description: Optional. The IP Address and Port of an insecure docker
+                 namespace that will be configured in /etc/sysconfig/docker.
+                 The value can be multiple addresses separated by commas.
+    type: comma_delimited_list
+    default: []
 
-conditions:
+{% for role in roles %}
-  local_container_registry_is_empty: {equals : [{get_param: LocalContainerRegistry}, '']}
+  # Parameters generated for {{role.name}} Role
+  {{role.name}}Services:
+    description: A list of service resources (configured in the Heat
+                 resource_registry) which represent nested stacks
+                 for each service that should get installed on the {{role.name}} role.
+    type: comma_delimited_list
+
+  {{role.name}}Count:
+    description: Number of {{role.name}} nodes to deploy
+    type: number
+    default: {{role.CountDefault|default(0)}}
+{% endfor %}
 
 outputs:
   role_data:
-    description: Role data for the docker registry service
+    description: Role data for container image prepare
     value:
-      service_name: docker_registry
+      service_name: container_image_prepare
-      config_settings:
-        tripleo.docker_registry.firewall_rules:
-          '155 docker-registry':
-            dport:
-              - 8787
-              - 13787
-      step_config: ''
-      host_prep_tasks:
-        - name: Install, Configure and Run Docker Distribution
-          block:
-          # NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621
-          - set_fact:
-              container_registry_host:
-                if:
-                - local_container_registry_is_empty
-                - {get_param: [EndpointMap, DockerRegistryInternal, host]}
-                - {get_param: LocalContainerRegistry}
-              container_registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]}
-              log_file: {get_param: ContainerImagePrepareLogFile}
-          - include_role:
-              name: container-registry
-              tasks_from: docker-distribution
       external_deploy_tasks:
         - name: Container image prepare
           when: step|int == 1
           block:
+          - set_fact:
+              log_file: {get_param: ContainerImagePrepareLogFile}
           - name: Create temp file for prepare parameter
             tempfile:
               state: file
@@ -95,12 +88,17 @@ outputs:
               content:
                 parameter_defaults:
                   ContainerImagePrepare: {get_param: ContainerImagePrepare}
+                  DockerInsecureRegistryAddress: {get_param: DockerInsecureRegistryAddress}
+{% for role in roles %}
+                  {{role.name}}Services: {get_param: {{role.name}}Services}
+                  {{role.name}}Count: {get_param: {{role.name}}Count}
+{% endfor %}
           - name: Write role data file
             copy:
               dest: "{{ '{{' }} role_data.path {{ '}}' }}"
               content: {{ roles }}
-          - name: Run openstack tripleo container image prepare
+          - name: Run tripleo-container-image-prepare
-            command: openstack tripleo container image prepare --log-file {{ '{{' }} log_file {{ '}}' }} --roles-file {{ '{{' }} role_data.path {{ '}}' }} --environment-file {{ '{{' }} prepare_param.path {{ '}}' }} --cleanup partial --verbose
+            shell: sudo /usr/bin/tripleo-container-image-prepare --roles-file {{ '{{' }} role_data.path {{ '}}' }} --environment-file {{ '{{' }} prepare_param.path {{ '}}' }} --cleanup partial 2> {{ '{{' }} log_file {{ '}}' }}
           - name: Delete param file
             file:
               dest: "{{ '{{' }} prepare_param.path {{ '}}' }}"
@@ -109,7 +107,3 @@ outputs:
             file:
               dest: "{{ '{{' }} role_data.path {{ '}}' }}"
               state: absent
-      upgrade_tasks:
-        - name: Install docker packages on upgrade if missing
-          when: step|int == 3
-          package: name=docker-distribution state=latest

puppet/services/docker-registry.yaml

@@ -0,0 +1,70 @@
+heat_template_version: rocky
+
+description: >
+  Configures docker-registry on a host.
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  LocalContainerRegistry:
+    default: ''
+    description: The IP address used to bind the local container registry
+    type: string
+
+conditions:
+  local_container_registry_is_empty: {equals : [{get_param: LocalContainerRegistry}, '']}
+
+outputs:
+  role_data:
+    description: Role data for the docker registry service
+    value:
+      service_name: docker_registry
+      config_settings:
+        tripleo.docker_registry.firewall_rules:
+          '155 docker-registry':
+            dport:
+              - 8787
+              - 13787
+      step_config: ''
+      host_prep_tasks:
+        - name: Install, Configure and Run Docker Distribution
+          block:
+          # NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621
+          - set_fact:
+              container_registry_host:
+                if:
+                - local_container_registry_is_empty
+                - {get_param: [EndpointMap, DockerRegistryInternal, host]}
+                - {get_param: LocalContainerRegistry}
+              container_registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]}
+          - include_role:
+              name: container-registry
+              tasks_from: docker-distribution
+      upgrade_tasks:
+        - name: Install docker packages on upgrade if missing
+          when: step|int == 3
+          package: name=docker-distribution state=latest

roles/Undercloud.yaml

@@ -30,6 +30,7 @@
     - OS::TripleO::Services::CinderApi
     - OS::TripleO::Services::CinderScheduler
     - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::ContainerImagePrepare
     - OS::TripleO::Services::ContainersLogrotateCrond
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::DockerRegistry

roles_data_undercloud.yaml

@@ -33,6 +33,7 @@
     - OS::TripleO::Services::CinderApi
     - OS::TripleO::Services::CinderScheduler
     - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::ContainerImagePrepare
     - OS::TripleO::Services::ContainersLogrotateCrond
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::DockerRegistry