Tag the ha containers with 'pcmklatest' at deploy time

We need to tag the HA containers with a special tag so
that the RA definition never changes. We do this step in THT
as opposed to puppet because we need to guarantee
that all images are tagged on all nodes *before* step 2 where the bundle
gets created.

NB: Getting the image name without the tag will require some more
yaql work to get all the cases right. Right now this works only
if we enforce that the image has a ':tag' at the end of the name.
So far this is always the case. If things change we will need to
amend this code.

Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I362e6cf26fba77d3f949b7d2fc4b35a3eab9087e

diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml
index c6a80ef..c2117c0 100644 (file)
--- a/docker/services/pacemaker/cinder-backup.yaml
+++ b/docker/services/pacemaker/cinder-backup.yaml
@@ -76,7 +76,13 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [CinderBackupBase, role_data, config_settings]
-          - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage}
+          - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest
+              list_join:
+                - ':'
+                - - yaql:
+                      data: {get_param: DockerCinderBackupImage}
+                      expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+                  - 'pcmklatest'
             cinder::backup::manage_service: false
             cinder::backup::enabled: false
       step_config: ""
@@ -102,10 +108,33 @@ outputs:
               owner: cinder:cinder
               recurse: true
       docker_config:
+        step_1:
+          cinder_backup_image_tag:
+            start_order: 1
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    "/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'"
+                  params:
+                    CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage}
+                    CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest
+            image: {get_param: DockerCinderBackupImage}
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /dev/shm:/dev/shm:rw
+              - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+              - /usr/bin:/usr/bin:ro
+              - /var/run/docker.sock:/var/run/docker.sock:rw
         step_3:
           cinder_backup_init_logs:
             start_order: 0
-            image: *cinder_backup_image
+            image: {get_param: DockerCinderBackupImage}
             privileged: false
             user: root
             volumes:
@@ -129,7 +158,7 @@ outputs:
                   params:
                     TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
                     CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle'
-            image: *cinder_backup_image
+            image: {get_param: DockerCinderBackupImage}
             volumes:
               - /etc/hosts:/etc/hosts:ro
               - /etc/localtime:/etc/localtime:ro

diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
index 3c1b7a7..a4f6951 100644 (file)
--- a/docker/services/pacemaker/cinder-volume.yaml
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -69,7 +69,13 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [CinderBase, role_data, config_settings]
-          - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
+          - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest
+              list_join:
+                - ':'
+                - - yaql:
+                      data: {get_param: DockerCinderVolumeImage}
+                      expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+                  - 'pcmklatest'
             cinder::volume::manage_service: false
             cinder::volume::enabled: false
             cinder::host: hostgroup
@@ -93,10 +99,33 @@ outputs:
               owner: cinder:cinder
               recurse: true
       docker_config:
+        step_1:
+          cinder_volume_image_tag:
+            start_order: 1
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    "/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'"
+                  params:
+                    CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage}
+                    CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest
+            image: {get_param: DockerCinderVolumeImage}
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /dev/shm:/dev/shm:rw
+              - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+              - /usr/bin:/usr/bin:ro
+              - /var/run/docker.sock:/var/run/docker.sock:rw
         step_3:
           cinder_volume_init_logs:
             start_order: 0
-            image: *cinder_volume_image
+            image: {get_param: DockerCinderVolumeImage}
             privileged: false
             user: root
             volumes:
@@ -120,7 +149,7 @@ outputs:
                   params:
                     TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
                     CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle'
-            image: *cinder_volume_image
+            image: {get_param: DockerCinderVolumeImage}
             volumes:
               - /etc/hosts:/etc/hosts:ro
               - /etc/localtime:/etc/localtime:ro

diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index 8ba7d72..3de1696 100644 (file)
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -79,7 +79,13 @@ outputs:
       config_settings:
         map_merge:
           - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
-          - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+          - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest
+              list_join:
+                - ':'
+                - - yaql:
+                      data: {get_param: DockerMysqlImage}
+                      expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+                  - 'pcmklatest'
             tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
             tripleo.mysql.firewall_rules:
               '104 mysql galera-bundle':
@@ -141,7 +147,7 @@ outputs:
           mysql_data_ownership:
             start_order: 0
             detach: false
-            image: *mysql_image
+            image: {get_param: DockerMysqlImage}
             net: host
             user: root
             # Kolla does only non-recursive chown
@@ -151,7 +157,7 @@ outputs:
           mysql_bootstrap:
             start_order: 1
             detach: false
-            image: *mysql_image
+            image: {get_param: DockerMysqlImage}
             net: host
             # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
             command:
@@ -196,6 +202,28 @@ outputs:
                           passwords:
                             - {get_param: MysqlRootPassword}
                             - {get_param: [DefaultPasswords, mysql_root_password]}
+          mysql_image_tag:
+            start_order: 2
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'"
+                  params:
+                    MYSQL_IMAGE: {get_param: DockerMysqlImage}
+                    MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest
+            image: {get_param: DockerMysqlImage}
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /dev/shm:/dev/shm:rw
+              - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+              - /usr/bin:/usr/bin:ro
+              - /var/run/docker.sock:/var/run/docker.sock:rw
         step_2:
           mysql_init_bundle:
             start_order: 1
@@ -214,7 +242,7 @@ outputs:
                   params:
                     TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
                     CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
-            image: *mysql_image
+            image: {get_param: DockerMysqlImage}
             volumes:
               - /etc/hosts:/etc/hosts:ro
               - /etc/localtime:/etc/localtime:ro

diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index 75b6d65..0b8aa04 100644 (file)
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -60,7 +60,13 @@ outputs:
           - redis::service_manage: false
             redis::notify_service: false
             redis::managed_by_cluster_manager: true
-            tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
+            tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest
+              list_join:
+                - ':'
+                - - yaql:
+                      data: {get_param: DockerRedisImage}
+                      expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+                  - 'pcmklatest'
             tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
             tripleo.redis.firewall_rules:
               '108 redis-bundle':
@@ -104,6 +110,29 @@ outputs:
               owner: redis:redis
               recurse: true
       docker_config:
+        step_1:
+          redis_image_tag:
+            start_order: 1
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    "/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'"
+                  params:
+                    REDIS_IMAGE: {get_param: DockerRedisImage}
+                    REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest
+            image: {get_param: DockerRedisImage}
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /dev/shm:/dev/shm:rw
+              - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+              - /usr/bin:/usr/bin:ro
+              - /var/run/docker.sock:/var/run/docker.sock:rw
         step_2:
           redis_init_bundle:
             start_order: 2

diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index 5ba54f8..2e5c742 100644 (file)
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -92,6 +92,13 @@ outputs:
             tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory}
             # disable the use CRL file until we can restart the container when the file expires
             tripleo::haproxy::crl_file: null
+            tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest
+              list_join:
+                - ':'
+                - - yaql:
+                      data: {get_param: DockerHAProxyImage}
+                      expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+                  - 'pcmklatest'
       step_config: ""
       service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
@@ -142,6 +149,30 @@ outputs:
               perm: '0600'
               optional: true
       docker_config:
+        step_1:
+          haproxy_image_tag:
+            start_order: 1
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    "/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'"
+                  params:
+                    HAPROXY_IMAGE: {get_param: DockerHAProxyImage}
+                    HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest
+            image: {get_param: DockerHAProxyImage}
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /dev/shm:/dev/shm:rw
+              - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+              - /usr/bin:/usr/bin:ro
+              - /var/run/docker.sock:/var/run/docker.sock:rw
+            image: {get_param: DockerHAProxyImage}
         step_2:
           haproxy_init_bundle:
             start_order: 3
@@ -165,7 +196,7 @@ outputs:
                         - ';'
                         - - 'include ::tripleo::profile::base::pacemaker'
                           - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
-            image: *haproxy_image
+            image: {get_param: DockerHAProxyImage}
             volumes:
               list_concat:
                 - *deployed_cert_mount

diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml
index 7103ba8..c88737a 100644 (file)
--- a/docker/services/pacemaker/manila-share.yaml
+++ b/docker/services/pacemaker/manila-share.yaml
@@ -59,7 +59,13 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [ManilaBase, role_data, config_settings]
-          - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image {get_param: DockerManilaShareImage}
+          - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
+              list_join:
+                - ':'
+                - - yaql:
+                      data: {get_param: DockerManilaShareImage}
+                      expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+                  - 'pcmklatest'
             manila::share::manage_service: false
             manila::share::enabled: false
             manila::host: hostgroup
@@ -93,10 +99,33 @@ outputs:
               owner: manila:manila
               recurse: true
       docker_config:
+        step_1:
+          manila_share_image_tag:
+            start_order: 1
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    "/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'"
+                  params:
+                    MANILASHARE_IMAGE: {get_param: DockerManilaShareImage}
+                    MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest
+            image: {get_param: DockerManilaShareImage}
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /dev/shm:/dev/shm:rw
+              - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+              - /usr/bin:/usr/bin:ro
+              - /var/run/docker.sock:/var/run/docker.sock:rw
         step_3:
           manila_share_init_logs:
             start_order: 0
-            image: *manila_share_image
+            image: {get_param: DockerManilaShareImage}
             privileged: false
             user: root
             volumes:
@@ -120,7 +149,7 @@ outputs:
                   params:
                     TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
                     CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
-            image: *manila_share_image
+            image: {get_param: DockerManilaShareImage}
             volumes:
               - /etc/hosts:/etc/hosts:ro
               - /etc/localtime:/etc/localtime:ro

diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index d8e50af..ba1abaf 100644 (file)
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -62,7 +62,13 @@ outputs:
         map_merge:
           - {get_attr: [RabbitmqBase, role_data, config_settings]}
           - rabbitmq::service_manage: false
-            tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+            tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
+              list_join:
+                - ':'
+                - - yaql:
+                      data: {get_param: DockerRabbitmqImage}
+                      expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+                  - 'pcmklatest'
             tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
             tripleo.rabbitmq.firewall_rules:
               '109 rabbitmq-bundle':
@@ -118,7 +124,7 @@ outputs:
         step_1:
           rabbitmq_bootstrap:
             start_order: 0
-            image: *rabbitmq_image
+            image: {get_param: DockerRabbitmqImage}
             net: host
             privileged: false
             volumes:
@@ -141,6 +147,28 @@ outputs:
                           passwords:
                             - {get_param: RabbitCookie}
                             - {get_param: [DefaultPasswords, rabbit_cookie]}
+          rabbitmq_image_tag:
+            start_order: 1
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'"
+                  params:
+                    RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage}
+                    RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest
+            image: {get_param: DockerRabbitmqImage}
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /dev/shm:/dev/shm:rw
+              - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+              - /usr/bin:/usr/bin:ro
+              - /var/run/docker.sock:/var/run/docker.sock:rw
         step_2:
           rabbitmq_init_bundle:
             start_order: 0
@@ -159,7 +187,7 @@ outputs:
                   params:
                     TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
                     CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
-            image: *rabbitmq_image
+            image: {get_param: DockerRabbitmqImage}
             volumes:
               - /etc/hosts:/etc/hosts:ro
               - /etc/localtime:/etc/localtime:ro