diff --git a/ansible/roles/ironic/tasks/start.yml b/ansible/roles/ironic/tasks/start.yml index 142faec669..7c1fbe8994 100644 --- a/ansible/roles/ironic/tasks/start.yml +++ b/ansible/roles/ironic/tasks/start.yml @@ -17,8 +17,10 @@ common_options: "{{ docker_common_options }}" image: "{{ ironic_api_image_full }}" name: "ironic_api" - volumes: + volumes: - "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla" when: inventory_hostname in groups['ironic-api'] - name: Starting ironic-conductor container @@ -27,9 +29,15 @@ common_options: "{{ docker_common_options }}" image: "{{ ironic_conductor_image_full }}" name: "ironic_conductor" + privileged: True volumes: - "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" + - "/sys:/sys" + - "/dev:/dev" + - "/run:/run" + - "kolla_logs:/var/log/kolla" + - "ironic:/var/lib/ironic" - "ironic_pxe:/tftpboot/" when: inventory_hostname in groups['ironic-conductor'] diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index 076a73f004..c1f84ae554 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -1,6 +1,8 @@ [DEFAULT] debug = {{ ironic_logging_debug }} +log_dir = /var/log/kolla/ironic + admin_user = {{ openstack_auth.username }} admin_password = {{ keystone_admin_password }} @@ -16,7 +18,7 @@ host_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['a {% if service_name == 'ironic-conductor' %} [conductor] api_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }} -clean_nodes = false +automated_clean=false {% endif %} {% if service_name == 'ironic-inspector' %} @@ -41,9 +43,9 @@ auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_po auth_type = password project_domain_id = default user_domain_id = default -admin_tenant_name = service -admin_user = {{ ironic_keystone_user }} -admin_password = {{ ironic_keystone_password }} +project_name = service +username = {{ ironic_keystone_user }} +password = {{ ironic_keystone_password }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/nova/tasks/start_compute.yml b/ansible/roles/nova/tasks/start_compute.yml index ac8bf97df7..df76747939 100644 --- a/ansible/roles/nova/tasks/start_compute.yml +++ b/ansible/roles/nova/tasks/start_compute.yml @@ -49,6 +49,7 @@ when: - inventory_hostname in groups['compute'] - not enable_nova_fake | bool + - not enable_ironic | bool - name: Starting nova-compute-ironic container kolla_docker: diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index 7a635c66f3..82c991e94f 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -96,6 +96,7 @@ html5proxy_port = {{ nova_spicehtml5proxy_port }} username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} auth_url = {{ openstack_auth.auth_url }}/v3 +auth_type = password project_name = service user_domain_name = default project_domain_name = default diff --git a/docker/ironic/ironic-api/Dockerfile.j2 b/docker/ironic/ironic-api/Dockerfile.j2 index eada8e359e..32f2d36e08 100644 --- a/docker/ironic/ironic-api/Dockerfile.j2 +++ b/docker/ironic/ironic-api/Dockerfile.j2 @@ -16,8 +16,8 @@ MAINTAINER {{ maintainer }} {% endif %} -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 755 /usr/local/bin/kolla_extend_start +COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start +RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start {% block ironic_api_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2 index 027c49f7d7..2b24ed3b73 100644 --- a/docker/ironic/ironic-base/Dockerfile.j2 +++ b/docker/ironic/ironic-base/Dockerfile.j2 @@ -18,16 +18,24 @@ MAINTAINER {{ maintainer }} ADD ironic-base-archive /ironic-base-source RUN ln -s ironic-base-source/* ironic \ - && useradd --user-group ironic \ + && useradd --user-group --create-home --home-dir /var/lib/ironic ironic \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ironic \ - && mkdir -p /etc/ironic /var/log/ironic /home/ironic \ + && mkdir -p /etc/ironic /var/lib/ironic \ && cp -r /ironic/etc/ironic/* /etc/ironic/ \ - && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic \ + && chown -R ironic: /etc/ironic /var/lib/ironic \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf +ADD ironic_sudoers /etc/sudoers.d/kolla_ironic_sudoers +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers + {% endif %} -RUN usermod -a -G kolla ironic \ +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_ironic_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ironic_extend_start \ + && usermod -a -G kolla ironic \ && chown -R ironic: /etc/ironic {% block ironic_base_footer %}{% endblock %} diff --git a/docker/ironic/ironic-base/extend_start.sh b/docker/ironic/ironic-base/extend_start.sh new file mode 100644 index 0000000000..e3b1d4e2dc --- /dev/null +++ b/docker/ironic/ironic-base/extend_start.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +LOG_PATH=/var/log/kolla/ironic + +if [[ ! -d "${LOG_PATH}" ]]; then + mkdir -p "${LOG_PATH}" +fi +if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then + chmod 755 "${LOG_PATH}" +fi + +. /usr/local/bin/kolla_ironic_extend_start diff --git a/docker/ironic/ironic-base/ironic_sudoers b/docker/ironic/ironic-base/ironic_sudoers new file mode 100644 index 0000000000..3e7c843f39 --- /dev/null +++ b/docker/ironic/ironic-base/ironic_sudoers @@ -0,0 +1 @@ +ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf * diff --git a/docker/ironic/ironic-conductor/Dockerfile.j2 b/docker/ironic/ironic-conductor/Dockerfile.j2 index 69196958c4..00ddc40d53 100644 --- a/docker/ironic/ironic-conductor/Dockerfile.j2 +++ b/docker/ironic/ironic-conductor/Dockerfile.j2 @@ -9,25 +9,39 @@ MAINTAINER {{ maintainer }} {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} {% set ironic_conductor_packages = [ 'openstack-ironic-conductor', - 'qemu-img' + 'qemu-img', + 'ipmitool', + 'parted', + 'gdisk', + 'psmisc' ] %} {% elif base_distro in ['ubuntu'] %} {% set ironic_conductor_packages = [ 'ironic-conductor', 'qemu-utils', - 'ipmitool' + 'ipmitool', + 'gdisk', + 'psmisc', + 'parted' ] %} {% endif %} {% elif install_type == 'source' %} {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} {% set ironic_conductor_packages = [ 'qemu-img', - 'ipmitool' + 'ipmitool', + 'parted', + 'gdisk', + 'psmisc', + 'fuse' ] %} {% elif base_distro in ['ubuntu', 'debian'] %} {% set ironic_conductor_packages = [ 'qemu-utils', - 'ipmitool' + 'ipmitool', + 'gdisk', + 'psmisc', + 'parted' ] %} {% endif %} {% endif %} diff --git a/docker/ironic/ironic-pxe/Dockerfile.j2 b/docker/ironic/ironic-pxe/Dockerfile.j2 index 4f3692b5f5..1545ca4102 100644 --- a/docker/ironic/ironic-pxe/Dockerfile.j2 +++ b/docker/ironic/ironic-pxe/Dockerfile.j2 @@ -21,8 +21,8 @@ MAINTAINER {{ maintainer }} {{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }} COPY tftp-map-file /map-file -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 755 /usr/local/bin/kolla_extend_start +COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start +RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start {% block ironic_pxe_footer %}{% endblock %} {% block footer %}{% endblock %}