Previously, network namespaces would not work correctly when
restarting or stop/rm/start the neutron-agents container. This
is because network namespaces created within the container are
associated to the container's pid: /pid/$CONTAINER_PID/ns/net.
With this patch, when a container starts or restarts, the l3/dhcp
agent start scripts will remove any existing qrouter/qdhcp network
namespaces before starting the agents. The agents will recreate the
necessary network namespaces since they are stored in the db.
Closes-Bug: 1444219
Change-Id: Ia86729766fe8c2fc145b3a02d519746b149a73bb
The cirros image uses an old dhcp client which does not work
properly with hardware that has checksum offload enabled. Add
a bootp rule to rewrite the checksum via iptables.
Latest cirros 0.3.33 is afflicted by this bug.
Change-Id: Ibfd1f87af5d0bef9fcb1354121e76e4e0db8ab5e
The nova-config.sh script was exiting because of incorrect shell syntax.
The correct syntax for a regex search is
[[ haystack =~ needle ]]. The .*needle.* is unnecessary. I think this shell
script exited because a period was missing.
Change-Id: I3aca5e0729eb5fedbe9ecb4d75ed85d5a1c7815a
For some reason glance sometimes fails to permanently find keystone
while other services do find keystone. The host also has full access
to keystone. Change wait_for to fail_unless.
This could be a docker bug, a wait_for bug, or some other problem.
Change-Id: I02d611d65b7ffddb9c27101fd60e2a8b7cc25658
The libvirt package has a dependency on systemd-libs and systemd,
while the centos 7.1 container installs systemd-container-libs
and systemd-container. We don't need either of these systemd tools
but they reuslt in a broken build of the system if they are missing.
As is, the libvirt container will not build.
Change-Id: I8e5aac0e3a7e9d88a81733a3048971fe9d48ba56
Previously, check_required_vars was requiring log file variables
to be set in openstack.env. This would cause an error when
starting nova/neutron containers that used default (blank) log
file settings. Since the log files are not required
for the services to start, the default log files are left blank
(without a value in the K/V pair). This patch removes the
log_file variable for check_required_vars in each nova/neutron
script.
Change-Id: I169baab28f63a0e0ae06c8aef21b5e8d3155bdda
Previously, the agents ran in seperate containers. Since some of
the agents create and use network namespaces, runnning them in
seperate containers has become a challenge. This patch adds
neutron agent support in a single container.
Partially Implements: blueprint compute-operation-neutron
Change-Id: If4f893abd50d90b58e8435ec2659870dce36951c
Previously, logging was hard coded into the nova and neutron
containers. This patch creates two common params for logging:
DEBUG_LOGGING
VERBOSE_LOGGING
and sets default values of verbose=true and debug=false. This patch
implements logging for Nova and Neutron. Add'l OS service config
scripts and images will need to be updated to use the logging
params.
Change-Id: I03d48005d5b4789aa3c519879a20d963ef1cbaa3
The EXPOSE options will create a local docker-proxy. This is
unnecessary with --net=host mode. The docker-proxy adds about
20 microseconds of latency. Add documentation to the specification
to indicate where to find the ports that are exposed by the
services in case someone were to desire to add EXPOSE back to
the Dockerfiles.
Change-Id: I398e922fe096d6022a2d5985bb92498f89a5ea31
COPR is a repository for third party packages built by the Fedora build
system. Instead of dragging in 250MB of dependencies to build pam, build
externally and load only the RPM into the image.
The pam that is built externally is built with the --with-noaudit flag
and a Provides: pam line.
Change-Id: I28396996943d2fdc12b253faf62af8623c8b0e73
the libvirtd package "Provides" wwas removed from the libvirt packaging.
To workaround this problem just install libvirt-daemon in CentOS 7.1 or Fedora
20+.
WIthout this change, an install of libvirtd does not actually install
libvirtd. The yum tool will not fail if libvirtd is specified so we weren't
catching this in the build.
Change-Id: I81e64f6f659aa0466369dad4b0574ebb24c99555
Rely on the the `check_for_*` functions and remove redundant
`fail_unless_*` calls.
Also change `wait_for` to exit when it is missing a required argument.
Change-Id: I90c4545691d53185556e2838303ac3df0afaf9fa
In order for the `check_for_*` functions to be consumed by `wait_for`,
they should notify of their success but not exit.
As a consequence, the previous behavior is restored by the fail_unless_*
companion functions.
With this change, it is now possible to do:
wait_for 30 1 check_for_os_service_running keystone
Change-Id: I16ddf8913027030c3ccb5487713d172904508fd6
libvirt is compiled with lxc support. On Ubuntu hosts, without this file
libvirt is nonusable. The container exits immediately.
Change-Id: Ifbc2d75defe082cbe3b80b1821799f1f965c2a85
When using ';' this can allow the previous command to fail and while the
docker build proceeds without realizing a command failed. Switching to
'&&' allows the exit code to make it to the docker build command and the
build to fail appropriately.
Change-Id: Idd0991ed4549542bb10d27da1a0a025d0503b6c1
This patch builds pam with no auditing. This allows the images to
operate on Ubuntu 14.04 which contain a kernel bug and have not been
updated.
Change-Id: I2b8bd192abcc26df27ca276dc3d0fde377048f20
Previously, nova enabled_apis was hard coded and metdata_host
was using PUBLIC_IP param instead of exposing an individual
param.
Extending these params and creating a separate compose yml that
includes compute/libvirt/network/api is required to support
nova network multi_host.
Additional details can be found here:
http://docs.openstack.org/admin-guide-cloud/content/section_metadata-service.html
Change-Id: I5d417a0ee460f8ad9b2982fe83d63ab57013918e
Previously, eth0 was set as the nova flat interface. This
interface is used to bridge VM traffic between instances and
should not have an IP. It's a problem when you associate an
interface with an IP to the FLAT_INTERFACE.
Change-Id: I38c516094430e2d55b1b4c047a1bbcfe711a2dff
Heat container is having trouble accessing heat meta data.
Heat needs to have HEAT_CFN_API_SERVICE_HOST set in order
to properly receive meta data.
Closes-bug 1435288
Change-Id: Ia28ece3ae91ec7acc62cc86039612841ac487f36
A data container is meant to operate without bindmounts.
Change-Id: I2624a63fd75db7ed8050054c17e19885f8a7ac8a
Co-Authored-By: Daneyon Hansen (danehans@cisco.com)
A data volume container is far superior to bind mounting the
host's shared directories. It preserves the idempotency,
immutability and declarative properties of the containers.
The way this works in practice is that a data volume container is
created. Then when the containers start they use LVM to access
the filesystem where /var/lib/docker is contained. Then the
container startup logic bindmounts the data volume stored on the
host filesystem in /var/lib/docker/vfs/dir/ID. This prevents
people with access to the host operating system from damaging
the contents of the data container.
It does mean that now we must use tools/stop to stop our containers
rather than tools/cleanup-containers -f.
This is a containers best practice. For more details see:
https://docs.docker.com/userguide/dockervolumes/
Big credit goes to Danyeon Hansen for seeding this idea in the
mariadb containers.
Note occasionally docker-compose start/stop seems to not want to stop
a container. This bug needs to be addressed upstream separately
from our utilization of this best practice.
Change-Id: Iaa1419f606e1b1b7a7560a095c49e79d643164f1
Previously, the nwfilter daemon/conf pkgs would need to be
installed on the host. Compose would then mount the host DIR
to the compute containers. A more efficient approach is to simply
install the nwfilter config/daemon in the libvirt container. Both
appoaches address the following error when booting an instance:
'no-mac-spoofing' is missing
Change-Id: I81b446d198920473bf99b97ef5eac6ef5ee85024
The Horizon dashboard was not working properly prior to this work.
Also a docker-compose file was added to start the dashboard.
Change-Id: I8a438c15b967b0cec00bfe44b997f833bf745191
Previously, the database container was configured for use with
Kubernetes. This patch removed any k8s dependencies, adds a script
to manage mysql server.cnf settings and splits data and app
containers. Splitting the containers provides additional
portability and operational efficiencies compared to host mounts.
Change-Id: I80656450c02dda5f2959d187eec20d5877dc54a2
Previously, the keydtone openrc file was not using the proper
auth url, whcih was broken with too many double ticks. Also
changed the auth port from public to admin since keystone user
is an admin tenant. Changed DIR for scripts to align with the
rest of the project.
Change-Id: Iadde3239227e65ecca479b16a7b7db51d3a579c8
Add `wait_for_output` and `wait_for_output_unless` helper functions that
only succeed when the command output contains the expected string, with
a possibility to exit early with a failure for `wait_for_output_unless`.
Change-Id: Ie20e7c72fb84f626f1a3fe9c4d2f22c9d6863dbe
Previously glance was not using keystone for authentication. This resulted
in --is-public true failing when doing image-create.
Co-Authored-By: Lars Stedman (larsks@redhat.com)
Change-Id: I54273115242ee169201643fe0ad559392650c883
The hostname command is required to allow mariadb to access
the network properly. Without it, in some cases mariadb cannot
execute name service resolution.
Change-Id: Ia215585faad23012143b63c4d82acd6ba69f59b7
