Merge "Allow a containerized mistral-executor to access docker"

2018-06-20 17:00:28 +00:00 · 2018-06-20 17:00:28 +00:00 · 37ef25cd34
commit 37ef25cd34
parent 4286727ae7 9104980524
3 changed files with 11 additions and 7 deletions
--- a/docker/services/mistral-executor.yaml
+++ b/docker/services/mistral-executor.yaml
@ -74,13 +74,15 @@ outputs:
      # BEGIN DOCKER SETTINGS
      puppet_config:
        config_volume: mistral
-        puppet_tags: mistral_config
+        puppet_tags: mistral_config,user,group
        step_config:
          list_join:
            - "\n"
            - - {get_attr: [MistralBase, role_data, step_config]}
              - {get_attr: [MySQLClient, role_data, step_config]}
        config_image: {get_param: DockerMistralConfigImage}
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock:rw
      kolla_config:
        /var/lib/kolla/config_files/mistral_executor.json:
          command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
@ -115,6 +117,7 @@ outputs:
                  # FIXME: this is required in order for Nova cells
                  # initialization workflows on the Undercloud. Need to
                  # exclude this on the overcloud for security reasons.
+                  - /var/run/docker.sock:/var/run/docker.sock:rw
                  - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
                  - /var/log/containers/mistral:/var/log/mistral
                  - /var/lib/mistral:/var/lib/mistral
--- a/puppet/services/mistral-base.yaml
+++ b/puppet/services/mistral-base.yaml
@ -45,10 +45,6 @@ parameters:
    description: The password for the Mistral service and db account, used by the Mistral services.
    type: string
    hidden: true
-  MistralDockerGroup:
-    default: false
-    description: Add the mistral user to the docker group to allow actions to perform docker operations.
-    type: boolean
  KeystoneRegion:
    type: string
    default: 'regionOne'
@ -121,7 +117,6 @@ outputs:
          - ''
          - - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
            - '/ec2tokens'
-        tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
      service_config_settings:
        keystone:
          mistral::keystone::auth::tenant: 'service'
--- a/puppet/services/mistral-executor.yaml
+++ b/puppet/services/mistral-executor.yaml
@ -30,6 +30,10 @@ parameters:
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
+  MistralDockerGroup:
+    default: false
+    description: Add the mistral user to the docker group to allow actions to perform docker operations.
+    type: boolean

 resources:
  MistralBase:
@ -48,7 +52,9 @@ outputs:
    value:
      service_name: mistral_executor
      config_settings:
-        get_attr: [MistralBase, role_data, config_settings]
+        map_merge:
+          - get_attr: [MistralBase, role_data, config_settings]
+          - tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
      step_config: |
        include ::tripleo::profile::base::mistral::executor
      upgrade_tasks: