Merge "Allow a containerized mistral-executor to access docker"

docker/services/mistral-executor.yaml

@@ -74,13 +74,15 @@ outputs:
       # BEGIN DOCKER SETTINGS
       puppet_config:
         config_volume: mistral
-        puppet_tags: mistral_config
+        puppet_tags: mistral_config,user,group
         step_config:
           list_join:
             - "\n"
             - - {get_attr: [MistralBase, role_data, step_config]}
               - {get_attr: [MySQLClient, role_data, step_config]}
         config_image: {get_param: DockerMistralConfigImage}
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock:rw
       kolla_config:
         /var/lib/kolla/config_files/mistral_executor.json:
           command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
@@ -115,6 +117,7 @@ outputs:
                   # FIXME: this is required in order for Nova cells
                   # initialization workflows on the Undercloud. Need to
                   # exclude this on the overcloud for security reasons.
+                  - /var/run/docker.sock:/var/run/docker.sock:rw
                   - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
                   - /var/log/containers/mistral:/var/log/mistral
                   - /var/lib/mistral:/var/lib/mistral

puppet/services/mistral-base.yaml

@@ -45,10 +45,6 @@ parameters:
     description: The password for the Mistral service and db account, used by the Mistral services.
     type: string
     hidden: true
-  MistralDockerGroup:
-    default: false
-    description: Add the mistral user to the docker group to allow actions to perform docker operations.
-    type: boolean
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -121,7 +117,6 @@ outputs:
           - ''
           - - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
             - '/ec2tokens'
-        tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
       service_config_settings:
         keystone:
           mistral::keystone::auth::tenant: 'service'

puppet/services/mistral-executor.yaml

@@ -30,6 +30,10 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  MistralDockerGroup:
+    default: false
+    description: Add the mistral user to the docker group to allow actions to perform docker operations.
+    type: boolean
 
 resources:
   MistralBase:
@@ -48,7 +52,9 @@ outputs:
     value:
       service_name: mistral_executor
       config_settings:
-        get_attr: [MistralBase, role_data, config_settings]
+        map_merge:
+          - get_attr: [MistralBase, role_data, config_settings]
+          - tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
       step_config: |
         include ::tripleo::profile::base::mistral::executor
       upgrade_tasks: