1b74f3a11c
podman >= 1.4.x bails out when duplicate mount points are passed to it
and with tls-everywhere the neutron_dhcp container will fail with:
2019-10-25 09:43:06.168 117719 DEBUG paunch [ ] $ podman create --name neutron_dhcp --label config_id=tripleo_step4 --label container_name=neutron_dhcp --label managed_by=paunch --label config_data={"depends_on": ["openvswitch"], "environment": ["KOLLA_CONFIG_STRATEGY=COPY_ALWAYS", "TRIPLEO_CONFIG_HASH=553e07d2d41900907a6cb501d10e15af"], "healthcheck": {"test": "/openstack/healthcheck 5672"}, "image": "192.168.24.1:8787/rh-osbs/rhosp15-openstack-neutron-dhcp-agent:20191022.1", "net": "host", "pid": "host", "privileged": true, "restart": "always", "security_opt": "label=disable", "start_order": 10, "ulimit": ["nofile=16384"], "volumes": ["/etc/hosts:/etc/hosts:ro", "/etc/localtime:/etc/localtime:ro", "/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro", "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", "/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro", "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", "/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro", "/dev/log:/dev/log", "/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro", "/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro", "/etc/puppet:/etc/puppet:ro", "/var/log/containers/neutron:/var/log/neutron:z", "/var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro", "/var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro", "/lib/modules:/lib/modules:ro", "/run/openvswitch:/run/openvswitch:shared,z", "/var/lib/neutron:/var/lib/neutron:shared,z", "/run/netns:/run/netns:shared", "/var/lib/neutron/dnsmasq_wrapper:/usr/local/bin/dnsmasq:ro", "/var/lib/neutron/dhcp_haproxy_wrapper:/usr/local/bin/haproxy:ro", "/etc/pki/tls/certs/neutron.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron.crt:ro", "/etc/pki/tls/private/neutron.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron.key:ro", "/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro"]} --conmon-pidfile=/var/run/neutron_dhcp.pid --detach=true --log-driver k8s-file --log-opt path=/var/log/containers/stdouts/neutron_dhcp.log --env=KOLLA_CONFIG_STRATEGY=COPY_ALWAYS --env=TRIPLEO_CONFIG_HASH=553e07d2d41900907a6cb501d10e15af --net=host --pid=host --ulimit=nofile=16384 --privileged=true --volume=/etc/hosts:/etc/hosts:ro --volume=/etc/localtime:/etc/localtime:ro --volume=/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro --volume=/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro --volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro --volume=/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro --volume=/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro --volume=/dev/log:/dev/log --volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro --volume=/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro --volume=/etc/puppet:/etc/puppet:ro --volume=/var/log/containers/neutron:/var/log/neutron:z --volume=/var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro --volume=/var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro --volume=/lib/modules:/lib/modules:ro --volume=/run/openvswitch:/run/openvswitch:shared,z --volume=/var/lib/neutron:/var/lib/neutron:shared,z --volume=/run/netns:/run/netns:shared --volume=/var/lib/neutron/dnsmasq_wrapper:/usr/local/bin/dnsmasq:ro --volume=/var/lib/neutron/dhcp_haproxy_wrapper:/usr/local/bin/haproxy:ro --volume=/etc/pki/tls/certs/neutron.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron.crt:ro --volume=/etc/pki/tls/private/neutron.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron.key:ro --volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro --security-opt=label=disable --cpuset-cpus=0,1,2,3 192.168.24.1:8787/rh-osbs/rhosp15-openstack-neutron-dhcp-agent:20191022.1
"b'Error: /etc/ipa/ca.crt: duplicate mount destination\\n'
That is because the /etc/ipa/ca.crt is provided by both
[ContainersCommon, volumes] and the step_4/neutron_dhcp itself
We can simply remove it from the neutron_dhcp container.
Change-Id: I99fd308e7e63699cb9deac1d0a4ace5cd4f43c68
Closes-Bug: #1850663
(cherry picked from commit
|
||
---|---|---|
ci | ||
common | ||
container_config_scripts | ||
deployed-server | ||
deployment | ||
environments | ||
extraconfig | ||
firstboot | ||
network | ||
plan-samples | ||
puppet | ||
releasenotes | ||
roles | ||
sample-env-generator | ||
scripts | ||
tools | ||
tripleo_heat_templates | ||
validation-scripts | ||
zuul.d | ||
.gitignore | ||
.gitreview | ||
.testr.conf | ||
LICENSE | ||
README.rst | ||
all-nodes-validation.yaml | ||
babel.cfg | ||
bindep.txt | ||
capabilities-map.yaml | ||
config-download-software.yaml | ||
config-download-structured.yaml | ||
default_passwords.yaml | ||
hosts-config.yaml | ||
j2_excludes.yaml | ||
lower-constraints.txt | ||
net-config-bond.j2.yaml | ||
net-config-bridge.j2.yaml | ||
net-config-linux-bridge.j2.yaml | ||
net-config-noop.j2.yaml | ||
net-config-standalone.j2.yaml | ||
net-config-static-bridge-with-external-dhcp.j2.yaml | ||
net-config-static-bridge.j2.yaml | ||
net-config-static.j2.yaml | ||
net-config-undercloud.j2.yaml | ||
network_data.yaml | ||
network_data_dashboard.yaml | ||
network_data_ganesha.yaml | ||
network_data_routed.yaml | ||
network_data_subnets_routed.yaml | ||
network_data_undercloud.yaml | ||
overcloud-resource-registry-puppet.j2.yaml | ||
overcloud.j2.yaml | ||
plan-environment.yaml | ||
requirements.txt | ||
roles_data.yaml | ||
roles_data_undercloud.yaml | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
tripleo-heat-templates
Heat templates to deploy OpenStack using OpenStack.
- Free software: Apache License (2.0)
- Documentation: https://docs.openstack.org/tripleo-docs/latest/
- Source: https://opendev.org/openstack/tripleo-heat-templates
- Bugs: https://bugs.launchpad.net/tripleo
- Release notes: https://docs.openstack.org/releasenotes/tripleo-heat-templates/
Features
The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:
- Choice of deployment/configuration tooling: puppet, (soon) docker
- Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage
- physical network configuration: support for isolated networks, bonding, and standard ctlplane networking
Directories
A description of the directory layout in TripleO Heat Templates.
- environments: contains heat environment files that can be used with -e
on the command like to enable features, etc.
- extraconfig: templates used to enable 'extra' functionality. Includes
functionality for distro specific registration and upgrades.
- firstboot: example first_boot scripts that can be used when initially
creating instances.
- network: heat templates to help create isolated networks and ports
- puppet: templates mostly driven by configuration with puppet. To use these
templates you can use the overcloud-resource-registry-puppet.yaml.
- validation-scripts: validation scripts useful to all deployment
configurations
- roles: example roles that can be used with the tripleoclient to generate
a roles_data.yaml for a deployment See the roles/README.rst for additional details.
Service testing matrix
The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:
- | scn000 | scn001 | scn002 | scn003 | scn004 | scn006 | scn007 | scn009 | scn010 | non-ha | ovh-ha |
---|---|---|---|---|---|---|---|---|---|---|---|
keystone |
|
|
|
|
|
|
|
|
|
|
|
glance |
|
swift |
|
|
|
|
|
|
|
||
cinder |
|
iscsi | |||||||||
heat |
|
|
|||||||||
ironic |
|
||||||||||
mysql |
|
|
|
|
|
|
|
|
|
|
|
neutron |
|
|
|
|
|
|
|
|
|
||
neutron-bgpvpn |
|
||||||||||
ovn |
|
||||||||||
neutron-l2gw |
|
||||||||||
om-rpc | rabbit | rabbit |
|
rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | ||
om-notify | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | ||
redis |
|
|
|||||||||
haproxy |
|
|
|
|
|
|
|
|
|
||
memcached |
|
|
|
|
|
|
|
|
|
||
pacemaker |
|
|
|
|
|
|
|
|
|
||
nova |
|
|
|
|
ironic |
|
|
|
|
||
ntp |
|
|
|
|
|
|
|
|
|
|
|
snmp |
|
|
|
|
|
|
|
|
|
|
|
timezone |
|
|
|
|
|
|
|
|
|
|
|
sahara |
|
||||||||||
mistral |
|
||||||||||
swift |
|
||||||||||
aodh |
|
|
|||||||||
ceilometer |
|
|
|||||||||
gnocchi |
|
|
|||||||||
barbican |
|
||||||||||
zaqar |
|
||||||||||
ec2api |
|
||||||||||
cephrgw |
|
||||||||||
tacker |
|
||||||||||
cephmds |
|
||||||||||
manila |
|
||||||||||
collectd |
|
||||||||||
designate |
|
||||||||||
octavia |
|