X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=docker%2Ffirstboot%2Fstart_docker_agents.sh;h=acb44ce5de204e5838a61b8ebd58d2343170197d;hb=e7cb607872e6f62b5ae199545877e5928bb0baaa;hp=cb8b2a5d0bce1182c9ba8fd865de2fdcdf89efd9;hpb=5090ae849b6300dba17fb55c250bc50825f7d21e;p=apex-tripleo-heat-templates.git diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index cb8b2a5d..acb44ce5 100644 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -1,14 +1,59 @@ #!/bin/bash set -eux -# firstboot isn't split out by role yet so we handle it this way -if ! hostname | grep compute &>/dev/null; then - echo "Exiting. This script is only for the compute role." - exit 0 +/sbin/setenforce 0 +/sbin/modprobe ebtables + +# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes +chmod 666 /dev/pts/ptmx + +# We need hostname -f to return in a centos container for the puppet hook +HOSTNAME=$(hostname) +echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts + +# update docker for local insecure registry(optional) +# Note: This is different for different docker versions +# For older docker versions < 1.4.x use commented line +#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker +#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker + +# Local docker registry 1.8 +# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is +# a place holder for text replacement done via heat +if [ "$docker_namespace_is_registry" = True ]; then + /usr/bin/systemctl stop docker.service + # if namespace is used with local registry, trim all namespacing + trim_var=$docker_registry + registry_host="${trim_var%%/*}" + /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker + /usr/bin/systemctl start --no-block docker.service fi +/usr/bin/docker pull $agent_image & +DOCKER_PULL_PID=$! + mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container +# NOTE(flaper87): Heat Agent required mounts +AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \ + -v /run:/run \ + -v /etc:/host/etc \ + -v /usr/bin/atomic:/usr/bin/atomic \ + -v /var/lib/dhclient:/var/lib/dhclient \ + -v /var/lib/cloud:/var/lib/cloud \ + -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ + -v /etc/sysconfig/docker:/etc/sysconfig/docker \ + -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2" + + +# NOTE(flaper87): Some of these commands may not be present depending on the +# atomic version. +for docker_cmd in docker docker-current docker-latest; do + if [ -f "/usr/bin/$docker_cmd" ]; then + AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd" + fi +done + # heat-docker-agents service cat < /etc/systemd/system/heat-docker-agents.service @@ -22,8 +67,9 @@ User=root Restart=on-failure ExecStartPre=-/usr/bin/docker kill heat-agents ExecStartPre=-/usr/bin/docker rm heat-agents -ExecStartPre=/usr/bin/docker pull $agent_image -ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image +ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \ + $AGENT_COMMAND_MOUNTS \ + --entrypoint=/usr/bin/os-collect-config $agent_image ExecStop=/usr/bin/docker stop heat-agents [Install] @@ -31,30 +77,6 @@ WantedBy=multi-user.target EOF -# update docker for local insecure registry(optional) -# Note: This is different for different docker versions -# For older docker versions < 1.4.x use commented line -#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker -#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker - -# Local docker registry 1.8 -if [ $docker_namespace_is_registry ]; then - # if namespace is used with local registry, trim all namespacing - trim_var=$docker_registry - registry_host="${trim_var%%/*}" - /bin/sed -i "s/# INSECURE_REGISTRY='--insecure-registry'/INSECURE_REGISTRY='--insecure-registry $registry_host'/g" /etc/sysconfig/docker -fi - -/sbin/setenforce 0 -/sbin/modprobe ebtables - -# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes -chmod 666 /dev/pts/ptmx - -# We need hostname -f to return in a centos container for the puppet hook -HOSTNAME=$(hostname) -echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts - # enable and start heat-docker-agents chmod 0640 /etc/systemd/system/heat-docker-agents.service /usr/bin/systemctl enable heat-docker-agents.service @@ -82,3 +104,5 @@ AUTO_EXTEND_POOL=yes POOL_AUTOEXTEND_PERCENT=30 POOL_AUTOEXTEND_THRESHOLD=70 EOF + +wait $DOCKER_PULL_PID