Merge "Allow a containerized mistral-executor to access docker"

This commit is contained in:
Zuul 2018-06-20 17:00:28 +00:00 committed by Gerrit Code Review
commit 37ef25cd34
3 changed files with 11 additions and 7 deletions

View File

@ -74,13 +74,15 @@ outputs:
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config
puppet_tags: mistral_config,user,group
step_config:
list_join:
- "\n"
- - {get_attr: [MistralBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerMistralConfigImage}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw
kolla_config:
/var/lib/kolla/config_files/mistral_executor.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
@ -115,6 +117,7 @@ outputs:
# FIXME: this is required in order for Nova cells
# initialization workflows on the Undercloud. Need to
# exclude this on the overcloud for security reasons.
- /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/config-data/nova/etc/nova:/etc/nova:ro
- /var/log/containers/mistral:/var/log/mistral
- /var/lib/mistral:/var/lib/mistral

View File

@ -45,10 +45,6 @@ parameters:
description: The password for the Mistral service and db account, used by the Mistral services.
type: string
hidden: true
MistralDockerGroup:
default: false
description: Add the mistral user to the docker group to allow actions to perform docker operations.
type: boolean
KeystoneRegion:
type: string
default: 'regionOne'
@ -121,7 +117,6 @@ outputs:
- ''
- - {get_param: [EndpointMap, KeystoneV3Internal, uri]}
- '/ec2tokens'
tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
service_config_settings:
keystone:
mistral::keystone::auth::tenant: 'service'

View File

@ -30,6 +30,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MistralDockerGroup:
default: false
description: Add the mistral user to the docker group to allow actions to perform docker operations.
type: boolean
resources:
MistralBase:
@ -48,7 +52,9 @@ outputs:
value:
service_name: mistral_executor
config_settings:
get_attr: [MistralBase, role_data, config_settings]
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
step_config: |
include ::tripleo::profile::base::mistral::executor
upgrade_tasks: