docker bootstrap service commands
authorDan Prince <dprince@redhat.com>
Wed, 17 May 2017 12:58:57 +0000 (08:58 -0400)
committerDan Prince <dprince@redhat.com>
Mon, 22 May 2017 16:04:42 +0000 (12:04 -0400)
This patch guards db syncs and initialization code from executing
on multiple nodes at the same time by using the new
bootstrap_host_exec script. This helper script checks to make
sure the container is executing on the "bootstrap host" for the
specified service (arg 0) and then if it matches runs the
specified command.

Depends-On: If25f217bbb592edab4e1dde53ca99ed93c0e146c
Depends-On: Ic1585bae27c318bd6bafc287e905f2ed250cce0f

Change-Id: I0c864ca093ea476248b619d8c88477ef0b64e2eb
Closes-Bug: 1688380

docker/services/aodh-api.yaml
docker/services/containers-common.yaml
docker/services/glance-api.yaml
docker/services/gnocchi-api.yaml
docker/services/heat-engine.yaml
docker/services/ironic-api.yaml
docker/services/keystone.yaml
docker/services/mistral-api.yaml
docker/services/neutron-api.yaml
docker/services/nova-api.yaml
docker/services/panko-api.yaml

index 8a02d8f..f802e4e 100644 (file)
@@ -100,13 +100,14 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
                   - /var/log/containers/aodh:/var/log/aodh
-            command: /usr/bin/aodh-dbsync
+            command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
         step_4:
           aodh_api:
             image: *aodh_image
index fad1456..45a462f 100644 (file)
@@ -9,6 +9,8 @@ outputs:
     value:
       - /etc/hosts:/etc/hosts:ro
       - /etc/localtime:/etc/localtime:ro
+      # required for bootstrap_host_exec
+      - /etc/puppet:/etc/puppet:ro
       # OpenSSL trusted CAs
       - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
       - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
index ef1e00e..b2dc8ce 100644 (file)
@@ -100,6 +100,7 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes: &glance_volumes
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
@@ -110,6 +111,7 @@ outputs:
             environment:
               - KOLLA_BOOTSTRAP=True
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
         step_4:
           map_merge:
             - glance_api:
index 9b47473..e59d609 100644 (file)
@@ -100,13 +100,14 @@ outputs:
             net: host
             detach: false
             privileged: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
                   - /var/log/containers/gnocchi:/var/log/gnocchi
-            command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"]
+            command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
         step_4:
           gnocchi_api:
             image: *gnocchi_image
index 8c554a5..0adad53 100644 (file)
@@ -94,13 +94,14 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
                   - /var/log/containers/heat:/var/log/heat
-            command: ['heat-manage', 'db_sync']
+            command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
         step_4:
           heat_engine:
             image: *heat_engine_image
index 300aa0b..c8978aa 100644 (file)
@@ -100,13 +100,14 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/ironic/etc/:/etc/:ro
                   - /var/log/containers/ironic:/var/log/ironic
-            command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
+            command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
         step_4:
           ironic_api:
             start_order: 10
index ca64374..772859e 100644 (file)
@@ -131,8 +131,9 @@ outputs:
             environment:
               - KOLLA_BOOTSTRAP=True
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
           keystone:
-            start_order: 1
+            start_order: 2
             image: *keystone_image
             net: host
             privileged: false
@@ -141,10 +142,10 @@ outputs:
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
           keystone_bootstrap:
-            start_order: 2
+            start_order: 3
             action: exec
             command:
-              [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+              [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
       docker_puppet_tasks:
         # Keystone endpoint creation occurs only on single node
         step_3:
index 3b256fd..5586d41 100644 (file)
@@ -100,19 +100,21 @@ outputs:
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/mistral/etc/:/etc/:ro
                   - /var/log/containers/mistral:/var/log/mistral
-            command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
+            command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
           mistral_db_populate:
             start_order: 2
             image: *mistral_image
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
@@ -121,7 +123,7 @@ outputs:
                   - /var/log/containers/mistral:/var/log/mistral
             # NOTE: dprince this requires that we install openstack-tripleo-common into
             # the Mistral API image so that we get tripleo* actions
-            command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
+            command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'"
         step_4:
           mistral_api:
             start_order: 15
index 748371d..5f9c956 100644 (file)
@@ -110,8 +110,6 @@ outputs:
             net: host
             privileged: false
             detach: false
-            # FIXME: we should make config file permissions right
-            # and run as neutron user
             user: root
             volumes:
               list_concat:
@@ -120,7 +118,10 @@ outputs:
                   - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
                   - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
                   - /var/log/containers/neutron:/var/log/neutron
-            command: ['neutron-db-manage', 'upgrade', 'heads']
+            command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
+            # FIXME: we should make config file permissions right
+            # and run as neutron user
+            #command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
         step_4:
           map_merge:
             - neutron_api:
index d571b21..2375dad 100644 (file)
@@ -103,6 +103,7 @@ outputs:
             image: *nova_api_image
             net: host
             detach: false
+            user: root
             volumes: &nova_api_volumes
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
@@ -110,7 +111,7 @@ outputs:
                   - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
                   - /var/log/containers/nova:/var/log/nova
-            command: ['/usr/bin/nova-manage', 'api_db', 'sync']
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
           # FIXME: we probably want to wait on the 'cell_v2 update' in order for this
           # to be capable of upgrading a baremetal setup. This is to ensure the name
           # of the cell is 'default'
@@ -119,11 +120,9 @@ outputs:
             image: *nova_api_image
             net: host
             detach: false
+            user: root
             volumes: *nova_api_volumes
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'map_cell0'
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
           nova_api_create_default_cell:
             start_order: 3
             image: *nova_api_image
@@ -134,18 +133,16 @@ outputs:
             # this idempotent (if the resource already exists a conflict
             # is raised)
             exit_codes: [0,2]
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'create_cell'
-              - '--name="default"'
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
           nova_db_sync:
             start_order: 4
             image: *nova_api_image
             net: host
             detach: false
             volumes: *nova_api_volumes
-            command: ['/usr/bin/nova-manage', 'db', 'sync']
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
         step_4:
           nova_api:
             start_order: 2
@@ -164,10 +161,8 @@ outputs:
             net: host
             detach: false
             volumes: *nova_api_volumes
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'discover_hosts'
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
       host_prep_tasks:
         - name: create persistent logs directory
           file:
index 46cfa5a..b9e6e93 100644 (file)
@@ -101,13 +101,14 @@ outputs:
             net: host
             detach: false
             privileged: false
+            user: root
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
                   - /var/lib/config-data/panko/etc/panko:/etc/panko:ro
                   - /var/log/containers/panko:/var/log/panko
-            command: /usr/bin/panko-dbsync
+            command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
         step_4:
           panko_api:
             start_order: 2