diff --git a/ansible/roles/ironic/tasks/start.yml b/ansible/roles/ironic/tasks/start.yml
index 142faec669..7c1fbe8994 100644
--- a/ansible/roles/ironic/tasks/start.yml
+++ b/ansible/roles/ironic/tasks/start.yml
@@ -17,8 +17,10 @@
common_options: "{{ docker_common_options }}"
image: "{{ ironic_api_image_full }}"
name: "ironic_api"
- volumes:
+ volumes:
- "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla"
when: inventory_hostname in groups['ironic-api']
- name: Starting ironic-conductor container
@@ -27,9 +29,15 @@
common_options: "{{ docker_common_options }}"
image: "{{ ironic_conductor_image_full }}"
name: "ironic_conductor"
+ privileged: True
volumes:
- "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
+ - "/sys:/sys"
+ - "/dev:/dev"
+ - "/run:/run"
+ - "kolla_logs:/var/log/kolla"
+ - "ironic:/var/lib/ironic"
- "ironic_pxe:/tftpboot/"
when: inventory_hostname in groups['ironic-conductor']
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 076a73f004..c1f84ae554 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -1,6 +1,8 @@
[DEFAULT]
debug = {{ ironic_logging_debug }}
+log_dir = /var/log/kolla/ironic
+
admin_user = {{ openstack_auth.username }}
admin_password = {{ keystone_admin_password }}
@@ -16,7 +18,7 @@ host_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['a
{% if service_name == 'ironic-conductor' %}
[conductor]
api_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}
-clean_nodes = false
+automated_clean=false
{% endif %}
{% if service_name == 'ironic-inspector' %}
@@ -41,9 +43,9 @@ auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_po
auth_type = password
project_domain_id = default
user_domain_id = default
-admin_tenant_name = service
-admin_user = {{ ironic_keystone_user }}
-admin_password = {{ ironic_keystone_password }}
+project_name = service
+username = {{ ironic_keystone_user }}
+password = {{ ironic_keystone_password }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/nova/tasks/start_compute.yml b/ansible/roles/nova/tasks/start_compute.yml
index ac8bf97df7..df76747939 100644
--- a/ansible/roles/nova/tasks/start_compute.yml
+++ b/ansible/roles/nova/tasks/start_compute.yml
@@ -49,6 +49,7 @@
when:
- inventory_hostname in groups['compute']
- not enable_nova_fake | bool
+ - not enable_ironic | bool
- name: Starting nova-compute-ironic container
kolla_docker:
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 7a635c66f3..82c991e94f 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -96,6 +96,7 @@ html5proxy_port = {{ nova_spicehtml5proxy_port }}
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
auth_url = {{ openstack_auth.auth_url }}/v3
+auth_type = password
project_name = service
user_domain_name = default
project_domain_name = default
diff --git a/docker/ironic/ironic-api/Dockerfile.j2 b/docker/ironic/ironic-api/Dockerfile.j2
index eada8e359e..32f2d36e08 100644
--- a/docker/ironic/ironic-api/Dockerfile.j2
+++ b/docker/ironic/ironic-api/Dockerfile.j2
@@ -16,8 +16,8 @@ MAINTAINER {{ maintainer }}
{% endif %}
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
+RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start
{% block ironic_api_footer %}{% endblock %}
{% block footer %}{% endblock %}
diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2
index 027c49f7d7..2b24ed3b73 100644
--- a/docker/ironic/ironic-base/Dockerfile.j2
+++ b/docker/ironic/ironic-base/Dockerfile.j2
@@ -18,16 +18,24 @@ MAINTAINER {{ maintainer }}
ADD ironic-base-archive /ironic-base-source
RUN ln -s ironic-base-source/* ironic \
- && useradd --user-group ironic \
+ && useradd --user-group --create-home --home-dir /var/lib/ironic ironic \
&& /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ironic \
- && mkdir -p /etc/ironic /var/log/ironic /home/ironic \
+ && mkdir -p /etc/ironic /var/lib/ironic \
&& cp -r /ironic/etc/ironic/* /etc/ironic/ \
- && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic \
+ && chown -R ironic: /etc/ironic /var/lib/ironic \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf
+ADD ironic_sudoers /etc/sudoers.d/kolla_ironic_sudoers
+RUN chmod 750 /etc/sudoers.d \
+ && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers
+
{% endif %}
-RUN usermod -a -G kolla ironic \
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+
+RUN touch /usr/local/bin/kolla_ironic_extend_start \
+ && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ironic_extend_start \
+ && usermod -a -G kolla ironic \
&& chown -R ironic: /etc/ironic
{% block ironic_base_footer %}{% endblock %}
diff --git a/docker/ironic/ironic-base/extend_start.sh b/docker/ironic/ironic-base/extend_start.sh
new file mode 100644
index 0000000000..e3b1d4e2dc
--- /dev/null
+++ b/docker/ironic/ironic-base/extend_start.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+LOG_PATH=/var/log/kolla/ironic
+
+if [[ ! -d "${LOG_PATH}" ]]; then
+ mkdir -p "${LOG_PATH}"
+fi
+if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then
+ chmod 755 "${LOG_PATH}"
+fi
+
+. /usr/local/bin/kolla_ironic_extend_start
diff --git a/docker/ironic/ironic-base/ironic_sudoers b/docker/ironic/ironic-base/ironic_sudoers
new file mode 100644
index 0000000000..3e7c843f39
--- /dev/null
+++ b/docker/ironic/ironic-base/ironic_sudoers
@@ -0,0 +1 @@
+ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf *
diff --git a/docker/ironic/ironic-conductor/Dockerfile.j2 b/docker/ironic/ironic-conductor/Dockerfile.j2
index 69196958c4..00ddc40d53 100644
--- a/docker/ironic/ironic-conductor/Dockerfile.j2
+++ b/docker/ironic/ironic-conductor/Dockerfile.j2
@@ -9,25 +9,39 @@ MAINTAINER {{ maintainer }}
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
{% set ironic_conductor_packages = [
'openstack-ironic-conductor',
- 'qemu-img'
+ 'qemu-img',
+ 'ipmitool',
+ 'parted',
+ 'gdisk',
+ 'psmisc'
] %}
{% elif base_distro in ['ubuntu'] %}
{% set ironic_conductor_packages = [
'ironic-conductor',
'qemu-utils',
- 'ipmitool'
+ 'ipmitool',
+ 'gdisk',
+ 'psmisc',
+ 'parted'
] %}
{% endif %}
{% elif install_type == 'source' %}
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
{% set ironic_conductor_packages = [
'qemu-img',
- 'ipmitool'
+ 'ipmitool',
+ 'parted',
+ 'gdisk',
+ 'psmisc',
+ 'fuse'
] %}
{% elif base_distro in ['ubuntu', 'debian'] %}
{% set ironic_conductor_packages = [
'qemu-utils',
- 'ipmitool'
+ 'ipmitool',
+ 'gdisk',
+ 'psmisc',
+ 'parted'
] %}
{% endif %}
{% endif %}
diff --git a/docker/ironic/ironic-pxe/Dockerfile.j2 b/docker/ironic/ironic-pxe/Dockerfile.j2
index 4f3692b5f5..1545ca4102 100644
--- a/docker/ironic/ironic-pxe/Dockerfile.j2
+++ b/docker/ironic/ironic-pxe/Dockerfile.j2
@@ -21,8 +21,8 @@ MAINTAINER {{ maintainer }}
{{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }}
COPY tftp-map-file /map-file
-COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
+RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start
{% block ironic_pxe_footer %}{% endblock %}
{% block footer %}{% endblock %}