From b4de9e5fbc1699f9cc9e877235eec4ac636e8eb7 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Sat, 15 Jul 2017 14:07:47 -0400 Subject: [PATCH] Add docker templates to configure Ironic inspector Co-Authored-By: Dmitry Tantsur Change-Id: Ib3eab702c0ca5219ef6eb52861589d82f54c6db1 --- docker/services/ironic-inspector.yaml | 173 ++++++++++++++++++ .../services-docker/ironic-inspector.yaml | 2 + puppet/services/ironic-inspector.yaml | 1 + 3 files changed, 176 insertions(+) create mode 100644 docker/services/ironic-inspector.yaml create mode 100644 environments/services-docker/ironic-inspector.yaml diff --git a/docker/services/ironic-inspector.yaml b/docker/services/ironic-inspector.yaml new file mode 100644 index 0000000000..2db49099bb --- /dev/null +++ b/docker/services/ironic-inspector.yaml @@ -0,0 +1,173 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ironic Inspector service (EXPERIMENTAL) + +parameters: + DockerIronicInspectorImage: + description: image + type: string + DockerIronicInspectorConfigImage: + description: The container image to use for the ironic_inspector config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + IronicInspectorBase: + type: ../../puppet/services/ironic-inspector.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + ServiceData: {get_param: ServiceData} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + +outputs: + role_data: + description: Role data for the Ironic Inspector role. + value: + service_name: ironic_inspector + step_config: &step_config + list_join: + - "\n" + - - {get_attr: [IronicInspectorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} + config_settings: + map_merge: + - get_attr: [IronicInspectorBase, role_data, config_settings] + # Match what we do for Ironic containers + - ironic::inspector::tftp_root: /var/lib/ironic/tftpboot + - ironic::inspector::http_root: /var/lib/ironic/httpboot + service_config_settings: {get_attr: [IronicInspectorBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: ironic_inspector + puppet_tags: ironic_inspector_config + step_config: *step_config + config_image: {get_param: DockerIronicInspectorConfigImage} + volumes: + - /var/lib/ironic:/var/lib/ironic + kolla_config: + /var/lib/kolla/config_files/ironic_inspector.json: + command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/ironic-inspector + owner: ironic-inspector:ironic-inspector + recurse: true + /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json: + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + command: /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf -k --log-facility=/var/log/ironic-inspector/dnsmasq.log + docker_config: + step_3: + ironic_inspector_init_log: + start_order: 0 + image: &ironic_inspector_image + get_param: DockerIronicInspectorImage + user: root + volumes: + - /var/log/containers/ironic-inspector:/var/log/ironic-inspector + command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector'] + ironic_inspector_db_sync: + start_order: 1 + image: *ironic_inspector_image + net: host + user: root + privileged: false + detach: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro + - /var/log/containers/ironic-inspector:/var/log/ironic-inspector + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'" + step_4: + ironic_inspector: + start_order: 92 + image: *ironic_inspector_image + privileged: true + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro + - /var/lib/ironic:/var/lib/ironic + - /var/log/containers/ironic-inspector:/var/log/ironic-inspector + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + ironic_inspector_dnsmasq: + start_order: 93 + image: *ironic_inspector_image + privileged: true + net: host + restart: always + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/ironic-inspector:/var/log/ironic-inspector + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent ironic-inspector logs directory + file: + path: /var/log/containers/ironic-inspector + state: directory + upgrade_tasks: + - name: Stop and disable ironic_inspector service + tags: step2 + service: name=openstack-ironic-inspector state=stopped enabled=no + - name: Stop and disable ironic_inspector dnsmasq service + tags: step2 + service: name=openstack-ironic-inspector-dnsmasq state=stopped enabled=no diff --git a/environments/services-docker/ironic-inspector.yaml b/environments/services-docker/ironic-inspector.yaml new file mode 100644 index 0000000000..33cdde59f5 --- /dev/null +++ b/environments/services-docker/ironic-inspector.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::IronicInspector: ../../docker/services/ironic-inspector.yaml diff --git a/puppet/services/ironic-inspector.yaml b/puppet/services/ironic-inspector.yaml index 0cff07826a..2dc1e02399 100644 --- a/puppet/services/ironic-inspector.yaml +++ b/puppet/services/ironic-inspector.yaml @@ -104,6 +104,7 @@ outputs: ironic::inspector::ironic_password: {get_param: IronicPassword} ironic::inspector::ironic_tenant_name: 'service' ironic::inspector::ironic_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + ironic::inspector::ipxe_timeout: 60 ironic::inspector::ironic_max_retries: 6 ironic::inspector::ironic_retry_interval: 10 ironic::inspector::ironic_user_domain_name: 'Default'