Add Cinder service

tested only with ceph...
Example conf:

configs:
  cinder_enable_ceph: true
  cinder_ceph_key: "AQCeQ+5XUCgdDBAARRl6lx8Lze9wwf2IzCgBnA=="
  cinder_rbd_secret_uuid: "b416770d-f3d4-4ac9-b6db-b6a7ac1c61c0"
  ceph_fsid: "afca8524-2c47-4b81-a0b7-2300e62212f9"
  ceph_initial_members: "initial_members_from_ceph_conf"
  ceph_mon_host: "IP OF CEPH MON NODE"

Change-Id: I31fde6e2beaf6303fef7188eb2c859beb90567ab
Depends-On: I012243016557670067518f64ed7f4f669e1ea14e

.gitignore

@@ -0,0 +1,68 @@
+*.py[cod]
+
+# C extensions
+*.so
+
+# Packages
+*.egg
+*.egg-info
+dist
+build
+.eggs
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+.installed.cfg
+lib
+lib64
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+cover
+.tox
+nosetests.xml
+.testrepository
+.venv
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# Complexity
+output/*.html
+output/*/index.html
+
+# Sphinx
+doc/build
+
+# oslo-config-generator
+etc/*.sample
+
+# pbr generates these
+AUTHORS
+ChangeLog
+
+# Editors
+*~
+.*.swp
+.*sw?
+
+# Vagrant
+.vagrant
+vagrant/Vagrantfile.custom
+vagrant/vagrantkey*
+
+# generated openrc
+openrc
+
+tests/.cache*

docker/cinder-api/Dockerfile.j2

@@ -0,0 +1,6 @@
+FROM {{ namespace }}/cinder-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN apt-get install -y --no-install-recommends mysql-client
+
+USER cinder

docker/cinder-base/Dockerfile.j2

@@ -0,0 +1,25 @@
+FROM {{ namespace }}/openstack-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+COPY sources.list.debian /etc/apt/sources.list.d/ceph.list
+RUN apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 460F3994 \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends qemu-utils ceph-common python-ceph python-rados \
+    && apt-get clean
+
+{{ copy_sources("openstack/cinder", "/cinder") }}
+
+RUN useradd --user-group cinder \
+    && /var/lib/microservices/venv/bin/pip --no-cache-dir install --upgrade /cinder \
+    && mkdir -p /etc/cinder /var/lib/cinder /home/cinder \
+    && cp -r /cinder/etc/cinder/* /etc/cinder/ \
+    && chown -R cinder: /etc/cinder /var/lib/cinder /home/cinder \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf
+
+COPY cinder_sudoers /etc/sudoers.d/cinder_sudoers
+
+RUN usermod -a -G microservices cinder \
+    && mkdir -p /etc/ceph \
+    && chown -R cinder: /etc/ceph \
+    && chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/cinder_sudoers

docker/cinder-base/cinder_sudoers

@@ -0,0 +1 @@
+cinder ALL = (root) NOPASSWD: /var/lib/microservices/venv/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *

docker/cinder-base/sources.list.debian

@@ -0,0 +1 @@
+deb http://download.ceph.com/debian-jewel jessie main

docker/cinder-scheduler/Dockerfile.j2

@@ -0,0 +1,4 @@
+FROM {{ namespace }}/cinder-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+USER cinder

docker/cinder-volume/Dockerfile.j2

@@ -0,0 +1,9 @@
+FROM {{ namespace }}/cinder-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+COPY cinder_sudoers /etc/sudoers.d/cinder_sudoers
+
+RUN chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/cinder_sudoers
+
+USER cinder

docker/cinder-volume/cinder_sudoers

@@ -0,0 +1,5 @@
+cinder ALL = (root) NOPASSWD: /var/lib/microservices/venv/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
+%microservices ALL=(root) NOPASSWD: /bin/chown -R cinder\:microservices /var/lib/cinder, /usr/bin/chown -R cinder\:microservices /var/lib/cinder
+%microservices ALL=(root) NOPASSWD: /bin/chmod 2775 /var/lib/cinder, /usr/bin/chmod 2775 /var/lib/cinder
+%microservices ALL=(root) NOPASSWD: /bin/chown -R cinder\:microservices /etc/iscsi, /usr/bin/chown -R cinder\:microservices /etc/iscsi
+%microservices ALL=(root) NOPASSWD: /bin/chmod 2775 /etc/iscsi, /usr/bin/chmod 2775 /etc/iscsi

service/cinder-api.yaml

@@ -0,0 +1,77 @@
+service:
+  name: cinder-api
+  ports:
+    - {{ cinder_api_port }}
+  containers:
+    - name: cinder-api
+      image: cinder-api
+      probes:
+        readiness: "true"
+        liveness: "true"
+      pre:
+        - name: cinder-db-create
+          dependencies:
+            - mariadb
+          type: single
+          command:
+            mysql -u root -p{{ db_root_password }} -h mariadb -e "create database {{ cinder_db_name }};
+            grant all privileges on {{ cinder_db_name }}.* to '{{ cinder_db_username }}'@'%' identified by '{{ cinder_db_password }}';"
+        - name: cinder-db-sync
+          files:
+            - cinder-conf
+          dependencies:
+            - cinder-db-create
+          type: single
+          command: cinder-manage db sync
+        - name: cinder-user-create
+          dependencies:
+            - keystone
+          type: single
+          command: openstack user create --domain default --password {{ cinder_password  }} {{ cinder_username }}
+        - name: cinder-role-add
+          dependencies:
+            - cinder-user-create
+          type: single
+          command: openstack role add --project service --user {{ cinder_username }} admin
+        - name: cinder-service-create
+          dependencies:
+            - keystone
+          type: single
+          command: openstack service create --name cinder --description "OpenStack Cinder Service" volumev2
+        - name: cinder-public-endpoint-create
+          dependencies:
+            - cinder-service-create
+          type: single
+          command: openstack endpoint create --region RegionOne volumev2 public http://{{ address('cinder-api') }}:{{ cinder_api_port }}/v2/%\(tenant_id\)s
+        - name: cinder-internal-endpoint-create
+          dependencies:
+            - cinder-service-create
+          type: single
+          command: openstack endpoint create --region RegionOne volumev2 internal http://{{ address('cinder-api') }}:{{ cinder_api_port }}/v2/%\(tenant_id\)s
+        - name: cinder-admin-endpoint-create
+          dependencies:
+            - cinder-service-create
+          type: single
+          command: openstack endpoint create --region RegionOne volumev2 admin http://{{ address('cinder-api') }}:{{ cinder_api_port }}/v2/%\(tenant_id\)s
+      daemon:
+        command: cinder-api --config-file /etc/cinder/cinder.conf
+        files:
+          - cinder-conf
+          # {% if cinder_enable_ceph %}
+          - ceph-conf
+          - cinder-ceph-key
+          # {% endif %}
+        dependencies:
+          - memcached
+          - rabbitmq
+
+files:
+  cinder-conf:
+    path: /etc/cinder/cinder.conf
+    content: cinder.conf.j2
+  ceph-conf:
+    path: /etc/ceph/ceph.conf
+    content: ceph.conf.j2
+  cinder-ceph-key:
+    path: /etc/ceph/ceph.client.cinder.keyring
+    content: ceph.client.cinder.keyring.j2

service/cinder-scheduler.yaml

@@ -0,0 +1,18 @@
+service:
+  name: cinder-scheduler
+  containers:
+    - name: cinder-scheduler
+      image: cinder-scheduler
+      probes:
+        readiness: "true"
+        liveness: "true"
+      daemon:
+        command: cinder-scheduler --config-file /etc/cinder/cinder.conf
+        files:
+          - cinder-conf
+        dependencies:
+          - cinder-api
+files:
+  cinder-conf:
+    path: /etc/cinder/cinder.conf
+    content: cinder.conf.j2

service/cinder-volume.yaml

@@ -0,0 +1,36 @@
+service:
+  name: cinder-volume
+  containers:
+    - name: cinder-volume
+      image: cinder-volume
+      privileged: true
+      probes:
+        readiness: "true"
+        liveness: "true"
+      volumes:
+        - name: run
+          type: host
+          path: /run
+        - name: dev
+          type: host
+          path: /dev
+      daemon:
+        command: cinder-volume --config-file /etc/cinder/cinder.conf
+        files:
+          - cinder-conf
+          # {% if cinder_enable_ceph %}
+          - ceph-conf
+          - cinder-ceph-key
+          # {% endif %}
+        dependencies:
+          - cinder-api
+files:
+  cinder-conf:
+    path: /etc/cinder/cinder.conf
+    content: cinder.conf.j2
+  ceph-conf:
+    path: /etc/ceph/ceph.conf
+    content: ceph.conf.j2
+  cinder-ceph-key:
+    path: /etc/ceph/ceph.client.cinder.keyring
+    content: ceph.client.cinder.keyring.j2

service/files/ceph.client.cinder.keyring.j2

@@ -0,0 +1,3 @@
+[client.cinder]
+key = {{ cinder_ceph_key }}
+

service/files/ceph.conf.j2

@@ -0,0 +1,8 @@
+[global]
+fsid = {{ ceph_fsid }}
+mon_initial_members = {{ ceph_initial_members }}
+mon_host = {{ ceph_mon_host }}
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+

service/files/cinder.conf.j2

@@ -0,0 +1,63 @@
+[DEFAULT]
+debug = {{ cinder_debug }}
+use_forwarded_for = True
+use_stderr = True
+
+volume_name_template = volume-%s
+
+glance_api_servers = {{ address('glance-api') }}:{{ glance_api_port }}
+
+glance_num_retries = 3
+glance_api_version = 2
+
+os_region_name = RegionOne
+
+enabled_backends = {{ cinder_enabled_backends }}
+
+osapi_volume_listen = {{ network_topology["private"]["address"] }}
+osapi_volume_listen_port = {{ cinder_api_port }}
+
+api_paste_config = /etc/cinder/api-paste.ini
+nova_catalog_info = compute:nova:internalURL
+glance_catalog_info = image:glance:internalURL
+
+auth_strategy = keystone
+rpc_backend = rabbit
+
+[oslo_messaging_rabbit]
+rabbit_hosts = {{ address('rabbitmq') }}:{{ rabbitmq_port }}
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_virtual_host = /
+rabbit_ha_queues = False
+
+[database]
+connection = mysql+pymysql://{{ cinder_db_username }}:{{ cinder_db_password }}@{{ address('mariadb') }}/{{ cinder_db_name }}
+max_retries = -1
+
+[keystone_authtoken]
+auth_version = v3
+auth_uri = http://{{ address('keystone') }}:{{ keystone_public_port }}/v3
+auth_url = http://{{ address('keystone') }}:{{ keystone_admin_port }}/v3
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ cinder_username }}
+password = {{ cinder_password }}
+memcached_servers = {{ address('memcached') }}:{{ memcached_port }}
+
+[oslo_concurrency]
+lock_path = /var/lib/cinder/tmp
+
+{% if cinder_enable_ceph %}
+[rbd]
+volume_driver = cinder.volume.drivers.rbd.RBDDriver
+rbd_user = {{ cinder_ceph_username }}
+rbd_secret_uuid = {{ nova_rbd_secret_uuid }}
+rbd_pool = {{ cinder_ceph_pool_name }}
+rbd_ceph_conf = /etc/ceph/ceph.conf
+{% endif %}
+
+[privsep_entrypoint]
+helper_command=sudo cinder-rootwrap /etc/cinder/rootwrap.conf privsep-helper --config-file /etc/cinder/cinder.conf

service/files/defaults.yaml

@@ -0,0 +1,24 @@
+configs:
+  cinder_api_port: 8776
+  cinder_debug: false
+
+  cinder_db_name: "cinder"
+  cinder_db_username: "cinder"
+  cinder_db_password: "password"
+
+  cinder_username: "cinder"
+  cinder_password: "password"
+
+  cinder_enabled_backends: "rbd"
+
+  cinder_enable_ceph: false
+  cinder_ceph_key: "Changeme"
+  cinder_ceph_username: "cinder"
+  cinder_ceph_pool_name: "volumes"
+  cinder_ceph_backup_pool_name: "backup"
+  cinder_rbd_secret_uuid: "Changeme"
+
+sources:
+  openstack/cinder:
+    git_url: https://github.com/openstack/cinder.git
+    git_ref: stable/newton

tools/yamllint.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -ex
+
+workdir=$(dirname $0)
+yamllint -c $workdir/yamllint.yaml $(find . -not -path '*/\.*' -type f -name '*.yaml')

tools/yamllint.yaml

@@ -0,0 +1,21 @@
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+  comments:
+    level: error
+  comments-indentation:
+    level: warning
+  document-end:
+    present: no
+  document-start:
+    level: error
+    present: no
+  empty-lines:
+    max: 1
+    max-start: 0
+    max-end: 0
+  line-length:
+    level: warning
+    max: 120

tox.ini

@@ -0,0 +1,9 @@
+[tox]
+minversion = 1.6
+envlist = linters
+skipsdist = True
+
+[testenv:linters]
+deps = yamllint
+commands =
+    {toxinidir}/tools/yamllint.sh