Use overcloud-full instead of atomic-image

This switches to using overcloud-full as the OS image for containerized compute. It includes the following changes: - install docker, until this change lands I1eab2a6de721c8f3c21c7df0019f2d4d1cc3775f - agent image pull has been removed. This avoids a race between docker starting and the current call to pull. This relies on "docker run" to do the initial pull and leaves open the option of some other prefetch mechanism to do the initial pull - rely on unit Conflicts= to ensure heat-docker-agents and os-collect-config do not run at the same time - tweaks to host bind mounts - removal of commands which only apply to atomic Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I2e82634785834a877a4dbdbdcd788a9ac1c14a9d
2016-11-08 20:50:17 +00:00 · 2016-11-08 20:50:17 +00:00 · 5c272e9de3
parent d5cd18d3c5
commit 5c272e9de3
3 changed files with 29 additions and 131 deletions
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@ -1,76 +1,56 @@
 #!/bin/bash
 set -eux
-/sbin/setenforce 0
+# TODO remove this when built image includes docker
-/sbin/modprobe ebtables
+if [ ! -f "/usr/bin/docker" ]; then
-
+    yum -y install docker
-# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes
+fi
 chmod 666 /dev/pts/ptmx
 # We need hostname -f to return in a centos container for the puppet hook
 HOSTNAME=$(hostname)
 echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
 # update docker for local insecure registry(optional)
 # Note: This is different for different docker versions
 # For older docker versions < 1.4.x use commented line
 #echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker
 #echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
 # Local docker registry 1.8
 # NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is
 # a place holder for text replacement done via heat
-if [ "$docker_namespace_is_registry" = True ]; then
+if [ "$docker_namespace_is_registry" = "True" ]; then
    /usr/bin/systemctl stop docker.service
    # if namespace is used with local registry, trim all namespacing
    trim_var=$docker_registry
    registry_host="${trim_var%%/*}"
    /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker
    /usr/bin/systemctl start --no-block docker.service
 fi
 /usr/bin/docker pull $agent_image &
 DOCKER_PULL_PID=$!
 mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
 # NOTE(flaper87): Heat Agent required mounts
-AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \
+AGENT_COMMAND_MOUNTS="\
-                      -v /run:/run \
+-v /var/lib/etc-data:/var/lib/etc-data \
-                      -v /etc:/host/etc \
+-v /run:/run \
-                      -v /usr/bin/atomic:/usr/bin/atomic \
+-v /etc/hosts:/etc/hosts \
-                      -v /var/lib/dhclient:/var/lib/dhclient \
+-v /etc:/host/etc \
-                      -v /var/lib/cloud:/var/lib/cloud \
+-v /var/lib/dhclient:/var/lib/dhclient \
-                      -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
+-v /var/lib/cloud:/var/lib/cloud \
-                      -v /etc/sysconfig/docker:/etc/sysconfig/docker \
+-v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
-                      -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
+-v /var/lib/os-collect-config:/var/lib/os-collect-config \
-                      -v /var/lib/os-collect-config:/var/lib/os-collect-config \
+-v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \
-                      -v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \
+-v /var/lib/heat-config:/var/lib/heat-config \
-                      -v /var/lib/heat-config:/var/lib/heat-config \
+-v /etc/sysconfig/docker:/etc/sysconfig/docker \
-                      -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2"
+-v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
-
+-v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2 \
-
+-v /usr/bin/docker:/usr/bin/docker \
-# NOTE(flaper87): Some of these commands may not be present depending on the
+-v /usr/bin/docker-current:/usr/bin/docker-current \
-# atomic version.
+-v /var/lib/os-collect-config:/var/lib/os-collect-config"
 for docker_cmd in docker docker-current docker-latest; do
    if [ -f "/usr/bin/$docker_cmd" ]; then
        AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd"
    fi
 done
 # heat-docker-agents service
 cat <<EOF > /etc/systemd/system/heat-docker-agents.service
 [Unit]
 Description=Heat Docker Agent Container
 After=docker.service
 Requires=docker.service
 Before=os-collect-config.service
 Conflicts=os-collect-config.service
 [Service]
 User=root
-Restart=on-failure
+Restart=always
-ExecStartPre=-/usr/bin/docker kill heat-agents
+ExecStartPre=-/usr/bin/docker rm -f heat-agents
 ExecStartPre=-/usr/bin/docker rm heat-agents
 ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \
    $AGENT_COMMAND_MOUNTS \
    --entrypoint=/usr/bin/os-collect-config $agent_image
@ -78,35 +58,12 @@ ExecStop=/usr/bin/docker stop heat-agents
 [Install]
 WantedBy=multi-user.target
 EOF
 # enable and start heat-docker-agents
 chmod 0640 /etc/systemd/system/heat-docker-agents.service
 /usr/bin/systemctl enable heat-docker-agents.service
 /usr/bin/systemctl start --no-block heat-docker-agents.service
-# Disable NetworkManager and let the ifup/down scripts work properly.
+# Disable libvirtd
-/usr/bin/systemctl disable NetworkManager
+/usr/bin/systemctl disable libvirtd.service
-/usr/bin/systemctl stop NetworkManager
+/usr/bin/systemctl stop libvirtd.service
 # Atomic's root partition & logical volume defaults to 3G.  In order to launch
 # larger VMs, we need to enlarge the root logical volume and scale down the
 # docker_pool logical volume. We are allocating 80% of the disk space for
 # vm data and the remaining 20% for docker images.
 ATOMIC_ROOT='/dev/mapper/atomicos-root'
 ROOT_DEVICE=`pvs -o vg_name,pv_name --no-headings | grep atomicos | awk '{ print $2}'`
 growpart $( echo "${ROOT_DEVICE}" | sed -r 's/([^0-9]*)([0-9]+)/\1 \2/' )
 pvresize "${ROOT_DEVICE}"
 lvresize -l +80%FREE "${ATOMIC_ROOT}"
 xfs_growfs "${ATOMIC_ROOT}"
 cat <<EOF > /etc/sysconfig/docker-storage-setup
 GROWPART=true
 AUTO_EXTEND_POOL=yes
 POOL_AUTOEXTEND_PERCENT=30
 POOL_AUTOEXTEND_THRESHOLD=70
 EOF
 wait $DOCKER_PULL_PID
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@ -25,16 +25,6 @@ parameters:
    default: 'tripleoupstream'
    type: string
  DockerOpenvswitchDBImage:
    description: image
    default: 'centos-binary-openvswitch-db-server'
    type: string
  DockerOvsVswitchdImage:
    description: image
    default: 'centos-binary-openvswitch-vswitchd'
    type: string
  LibvirtConfig:
    type: string
    default: "/etc/libvirt/libvirtd.conf"
@ -206,52 +196,6 @@ resources:
        nova_config: {get_param: NovaConfig}
        neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig}
  NovaComputeContainersDeploymentOVS:
    type: OS::Heat::StructuredDeploymentGroup
    depends_on: CopyJsonDeployment
    properties:
      name: NovaComputeContainersDeploymentOVS
      config: {get_resource: NovaComputeContainersConfigOVS}
      servers: {get_param: [servers, {{role.name}}]}
  NovaComputeContainersConfigOVS:
    type: OS::Heat::StructuredConfig
    properties:
      group: docker-cmd
      config:
        openvswitchdb:
          image:
            list_join:
              - '/'
              - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ]
          net: host
          restart: always
          volumes:
            - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json
            - /etc/localtime:/etc/localtime:ro
            - /run:/run
            - logs:/var/log/kolla/
            - openvswitch_db:/var/lib/openvswitch/
          environment:
            - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
        ovsvswitchd:
          image:
            list_join:
              - '/'
              - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ]
          net: host
          privileged: true
          restart: always
          volumes:
            - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json
            - /etc/localtime:/etc/localtime:ro
            - /lib/modules:/lib/modules:ro
            - /run:/run
            - logs:/var/log/kolla/
          environment:
            - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
  {{role.name}}ContainersConfig_Step1:
    type: OS::Heat::StructuredConfig
    depends_on: CopyJsonDeployment
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@ -13,7 +13,6 @@ resource_registry:
  OS::TripleO::Services: ../docker/services/services.yaml
 parameter_defaults:
  NovaImage: atomic-image
  # Defaults to 'tripleoupstream'.  Specify a local docker registry
  # Example: 192.0.2.1:8787/tripleoupstream
  DockerNamespace: tripleoupstream
@ -24,8 +23,6 @@ parameter_defaults:
  DockerNovaComputeImage: centos-binary-nova-compute:newton
  DockerLibvirtImage: centos-binary-nova-libvirt:newton
  DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:newton
  DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:newton
  DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:newton
  ComputeServices:
    - OS::TripleO::Services::NovaCompute