From b1fa503a0b18ae74d41e552bbfcf9a1a910faa04 Mon Sep 17 00:00:00 2001
From: Matt Welch <matt.welch@intel.com>
Date: Fri, 28 Jul 2017 14:40:19 -0400
Subject: [PATCH] Update service node image for new base

Moved build collateral into build/ dir. Updates to build files to
reflect new systemd-based container. Added connect_container_to_network
to create veth pairs and bind container to Linux beidges on the host.
Modeled service node files after upstream compute node files.

Change-Id: I3b662a801403f7d25dd134b3281d204d621ab41b
Signed-off-by: Matt Welch <matt.welch@intel.com>
Signed-off-by: Daniel Farrell <dfarrell@redhat.com>
---
 .../compute/{ => build}/.dockerignore         |   0
 docker/openstack/service/.gitignore           |   4 +
 docker/openstack/service/build/.dockerignore  |   3 +
 docker/openstack/service/build/Dockerfile     |  53 +++++++++
 docker/openstack/service/build/local.conf     | 104 ++++++++++++++++++
 docker/openstack/service/build/restart.sh     |  19 ++++
 docker/openstack/service/build/start.sh       |  68 ++++++++++++
 docker/openstack/service/build_service.sh     |  33 ++++++
 docker/openstack/service/run_service.sh       |  68 ++++++++++++
 9 files changed, 352 insertions(+)
 rename docker/openstack/compute/{ => build}/.dockerignore (100%)
 create mode 100644 docker/openstack/service/.gitignore
 create mode 100644 docker/openstack/service/build/.dockerignore
 create mode 100644 docker/openstack/service/build/Dockerfile
 create mode 100644 docker/openstack/service/build/local.conf
 create mode 100755 docker/openstack/service/build/restart.sh
 create mode 100755 docker/openstack/service/build/start.sh
 create mode 100755 docker/openstack/service/build_service.sh
 create mode 100755 docker/openstack/service/run_service.sh

diff --git a/docker/openstack/compute/.dockerignore b/docker/openstack/compute/build/.dockerignore
similarity index 100%
rename from docker/openstack/compute/.dockerignore
rename to docker/openstack/compute/build/.dockerignore
diff --git a/docker/openstack/service/.gitignore b/docker/openstack/service/.gitignore
new file mode 100644
index 0000000..b899373
--- /dev/null
+++ b/docker/openstack/service/.gitignore
@@ -0,0 +1,4 @@
+logs
+history
+*.history
+testing
diff --git a/docker/openstack/service/build/.dockerignore b/docker/openstack/service/build/.dockerignore
new file mode 100644
index 0000000..397680e
--- /dev/null
+++ b/docker/openstack/service/build/.dockerignore
@@ -0,0 +1,3 @@
+logs
+history
+*.history
diff --git a/docker/openstack/service/build/Dockerfile b/docker/openstack/service/build/Dockerfile
new file mode 100644
index 0000000..42f9ad1
--- /dev/null
+++ b/docker/openstack/service/build/Dockerfile
@@ -0,0 +1,53 @@
+FROM odl-registry:4000/s3p/systemd:v0.1
+
+# Schema: https://github.com/projectatomic/ContainerApplicationGenericLabels
+LABEL name="Int/Pack OpenStack Control Node" \
+      version="0.1" \
+      vendor="OpenDaylight" \
+      summary="OpenStack control node for scale testing" \
+      vcs-url="https://git.opendaylight.org/gerrit/p/integration/packaging.git"
+
+ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
+    DEBIAN_FRONTEND=noninteractive \
+    container=docker
+
+# Install devstack dependencies
+# Start ignoring DockerfileLintBear
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    git \
+    iproute2 \
+    iptables \
+    lsb-release \
+    net-tools \
+    sudo \
+    vim && \
+    rm -rf /var/lib/apt/lists/*
+# Stop ignoring
+
+# remove nologin to allow ssh
+RUN     rm -rf /var/run/nologin
+
+# Add stack user
+RUN groupadd stack && \
+    useradd -g stack -s /bin/bash -m stack && \
+    echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
+    echo "stack:stack" | chpasswd
+
+# Get devstack
+RUN git clone https://git.openstack.org/openstack-dev/devstack /home/stack/devstack
+
+# copy local.conf & scripts
+COPY local.conf /home/stack/local.conf
+COPY start.sh /home/stack/start.sh
+COPY restart.sh /home/stack/restart.sh
+RUN chown -R stack:stack /home/stack && \
+    chmod 766 /home/stack/start.sh && \
+    chmod 766 /home/stack/restart.sh
+
+WORKDIR /home/stack
+
+CMD ["/home/stack/start.sh"]
+
+# vim: set ft=dockerfile sw=4 ts=4 :
+
diff --git a/docker/openstack/service/build/local.conf b/docker/openstack/service/build/local.conf
new file mode 100644
index 0000000..2d829a5
--- /dev/null
+++ b/docker/openstack/service/build/local.conf
@@ -0,0 +1,104 @@
+[[local|localrc]]
+## Services ##
+disable_service n-net
+disable_service n-cpu
+enable_service q-svc
+disable_service q-agt
+disable_service q-l3
+enable_service q-dhcp
+enable_service q-meta
+disable_service c-api c-sch c-vol
+disable_service tempest # workaround for tempest failing to start
+#comment out q-agt for odl setup, uncomment for neutron vanilla
+#enable_service q-agt
+enable_service neutron
+enable_service n-novnc
+enable_service n-xvnc
+enable_service n-crt
+enable_service n-cauth
+enable_service n-api
+
+## Repository sources ##
+GIT_BASE=${GIT_BASE:-https://git.openstack.org}
+
+## logging configuration ##
+HOME=/opt/stack
+DEST=${HOME}
+DATA_DIR=${DEST}/data
+LOGDIR=${DEST}/logs
+SCREEN_LOGDIR=${LOGDIR}/screen-logs
+LOGFILE=${LOGDIR}/stack.sh.log
+LOG_COLOR=False
+VERBOSE=True
+# OFFLINE=True
+# RECLONE=False
+
+## Passwords & authentication ##
+ADMIN_PASSWORD=secret
+MYSQL_PASSWORD=${ADMIN_PASSWORD}
+DATABASE_PASSWORD=${ADMIN_PASSWORD}
+RABBIT_PASSWORD=${ADMIN_PASSWORD}
+SERVICE_PASSWORD=${ADMIN_PASSWORD}
+HORIZON_PASSWORD=${ADMIN_PASSWORD}
+SERVICE_TOKEN_PASSWORD=${ADMIN_PASSWORD}
+SERVICE_TOKEN=111222333
+
+## Hosts & services configuration ##
+MULTI_HOST=1
+HOST_IP=192.168.3.2
+HOST_NAME=$(hostname)
+SERVICE_HOST=${HOST_IP}
+SERVICE_HOST_NAME=${HOST_NAME}
+# this is the default: SERVICE_LISTEN_ADDRESS=0.0.0.0
+# this defaults to 127.0.0.1 and might prevent proxy issues if left at the default: SERVICE_LOCAL_HOST=${SERVICE_HOST}
+MYSQL_HOST=${SERVICE_HOST}
+RABBIT_HOST=${SERVICE_HOST}
+GLANCE_HOSTPORT=${SERVICE_HOST}:9292
+KEYSTONE_AUTH_HOST=${SERVICE_HOST}
+KEYSTONE_SERVICE_HOST=${SERVICE_HOST}
+Q_HOST=${SERVICE_HOST}
+
+## Network Configuration ##
+enable_plugin networking-odl http://git.openstack.org/openstack/networking-odl stable/newton
+IP_VERSION=4
+ENABLE_TENANT_TUNNELS=True
+Q_USE_SECGROUP=False
+Q_PLUGIN=ml2
+ODL_NETVIRT_DEBUG_LOGS=True
+ODL_NETVIRT_KARAF_FEATURE_OVSDB=odl-netvirt-openstack
+ODL_RELEASE=carbon-snapshot-0.6.1
+
+# ML2 config #
+Q_ML2_PLUGIN_MECHANISM_DRIVERS=opendaylight,logger
+Q_ML2_PLUGIN_TYPE_DRIVERS=vxlan,vlan,flat,local
+Q_ML2_TENANT_NETWORK_TYPE=vxlan
+
+# ODL Config
+ODL_MODE=allinone
+ODL_HOST=service-node
+# the provider mapping should reflect the network on which floating IPs should be allocated
+# NOTE: configuration for floating_ip is incomplete
+ODL_PROVIDER_MAPPINGS=public:ethphys02
+ODL_GATE_SERVICE_PROVIDER=vpnservice
+ML2_L3_PLUGIN=odl-router
+# Workaround since netvirt:1 no longer exists in DS!
+ODL_BOOT_WAIT_URL=restconf/operational/network-topology:network-topology/
+
+VNCSERVER_PROXYCLIENT_ADDRESS=${SERVICE_HOST}
+VNCSERVER_LISTEN=0.0.0.0
+
+[[post-config|$NOVA_CONF]]
+[DEFAULT]
+firewall_driver=nova.virt.firewall.NoopFirewallDriver
+scheduler_default_filters=RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,PciPassthroughFilter,NUMATopologyFilter
+novncproxy_host=0.0.0.0
+novncproxy_port=6080
+
+[[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
+[ml2]
+mechanism_drivers=opendaylight
+[agent]
+minimize_polling=True
+
+# vim: set ft=conf :
+
diff --git a/docker/openstack/service/build/restart.sh b/docker/openstack/service/build/restart.sh
new file mode 100755
index 0000000..1b6b8dc
--- /dev/null
+++ b/docker/openstack/service/build/restart.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# file: restart.sh
+# Restart/restack in a container that has already run DEVstack and start.sh
+# restart.sh can safely be used instead of start.sh
+
+# unstack first
+echo "[$(date)] S3P::${0}:: unstacking..."
+/home/stack/devstack/unstack.sh
+rm -rf /home/stack/stacking.status
+
+if [[ "$1" == "clean" ]] ; then
+    /home/stack/devstack/clean.sh
+    rm -rf /opt/stack/*
+fi
+
+# restart
+echo "[$(date)] ${0} :: stacking..."
+/home/stack/start.sh
+
diff --git a/docker/openstack/service/build/start.sh b/docker/openstack/service/build/start.sh
new file mode 100755
index 0000000..141baad
--- /dev/null
+++ b/docker/openstack/service/build/start.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+# On docker run, Env Variables "STACK_PASS & SERVICE_HOST" should be set using -e
+#  example 'docker run -e "STACK_PASS=stack" -e "SERVICE_HOST=192.168.0.5" compute'
+set -o nounset # throw an error if a variable is unset to prevent unexpected behaviors
+# the following variables should be overridden at runtime with docker run -e "..."
+# ODL_NETWORK, SERVICE_HOST
+ODL_NETWORK=${ODL_NETWORK:-True}
+SERVICE_HOST=${SERVICE_HOST:-"192.168.1.2"}
+STACK_PASS=stack
+DEVSTACK_HOME="/home/stack/devstack"
+CONF_PATH=$DEVSTACK_HOME/local.conf
+BRANCH_NAME=stable/newton
+TAG_NAME="origin/${BRANCH_NAME}"
+
+#Set Nameserver to google
+[ -z "$(grep "8.8.8.8" /etc/resolv.conf )" ] && echo nameserver 8.8.8.8 | sudo tee -a /etc/resolv.conf
+
+# change the stack user password
+echo "stack:$STACK_PASS" | sudo chpasswd
+
+# get container IP for mgmt network interface
+ip=`/sbin/ip -o -4 addr list ethphys01 | awk '{print $4}' | cut -d/ -f1`
+# update no_proxy with service-node info
+export no_proxy
+[ -z "$( echo $no_proxy | grep "$(hostname)" )" ] && no_proxy="${no_proxy},$(hostname)"
+[ -z "$( echo $no_proxy | grep "${ip}" )" ] && no_proxy="${no_proxy},${ip}"
+[ -z "$( echo $no_proxy | grep "${SERVICE_HOST}" )" ] && no_proxy="${no_proxy},${SERVICE_HOST}"
+
+# fix address binding issue in mysql
+sudo sed -i 's:^bind-address.*:#&:' /etc/mysql/my.cnf
+
+# allow services to start
+sudo sed -i 's:^exit .*:exit 0:' /usr/sbin/policy-rc.d
+
+# remove any dead screen sessions from previous stacking
+screen -wipe
+
+# set the correct branch in devstack
+cd $DEVSTACK_HOME || exit
+# shellcheck disable=SC2063
+[ -z "$(git branch -a | grep "* ${BRANCH_NAME}")" ] && \
+        git fetch && \
+        git checkout -b ${BRANCH_NAME} -t ${TAG_NAME}
+
+# copy local.conf into devstack and customize, based on environment including:
+# ODL_NETWORK, ip, DEVSTACK_HOME, SERVICE_HOST
+cp /home/stack/local.conf $CONF_PATH
+
+# Configure local.conf
+# update the ip of this host
+sed -i "s:\(HOST_IP=\).*:\1${ip}:" $CONF_PATH
+sed -i "s:\(SERVICE_HOST=\).*:\1${ip}:" $CONF_PATH
+
+# begin stacking
+cd $DEVSTACK_HOME || exit
+$DEVSTACK_HOME/stack.sh
+
+# write a marker file to indicate successful stacking
+if [ $? = 0 ] ; then
+    echo "$(hostname) stacking successful at $(date)" >> stacking.status
+    /home/stack/devstack/tools/info.sh >> stacking.status
+    # set devstack to OFFLINE mode after a successful stack
+    sed -i "s/^#.*\(OFFLINE=True\)/\1/g" /home/stack/$SRC_CONF
+    sed -i "s/^#.*\(RECLONE=False\)/\1/g" /home/stack/$SRC_CONF
+fi
+
+# vim: set et ts=4 sw=4 :
+
diff --git a/docker/openstack/service/build_service.sh b/docker/openstack/service/build_service.sh
new file mode 100755
index 0000000..0b2274a
--- /dev/null
+++ b/docker/openstack/service/build_service.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+# file: build_service.sh
+# info: builds a docker service image
+IMAGE_REGISTRY=${IMAGE_REGISTRY:-odl-registry:4000}
+IMAGE_REPO=${IMAGE_REPO:-s3p/service}
+IMAGE_TAG=${IMAGE_TAG:-latest}
+if [ -n "$1" ] ; then
+    # use arg as image tag if supplied
+    IMAGE_TAG="$1"
+fi
+IMAGE_NAME="${IMAGE_REGISTRY}/${IMAGE_REPO}:${IMAGE_TAG}"
+DOCKERFILE=${DOCKERFILE:-"./build/Dockerfile"}
+
+echo "Building $IMAGE_NAME from Dockerfile=$DOCKERFILE at $(date) ... "
+# shellcheck disable=SC2154
+docker build -t ${IMAGE_NAME} -f ${DOCKERFILE} --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy ./build
+
+EXIT_CODE="$?"
+if [ "$EXIT_CODE" = 0 ] ; then
+    PROXIES=""
+    if [ -n "$http_proxy" ] ; then
+        # noqa ShellCheckBear
+        PROXIES="--env http_proxy=$http_proxy --env https_proxy=$https_proxy --env no_proxy=$no_proxy"
+    fi
+    echo "Docker image $IMAGE_NAME built successfully."
+    docker images $IMAGE_NAME
+    echo "You can launch it with the following example command:"
+    echo "  docker run -it --rm $PROXIES $IMAGE_NAME bash"
+else
+    echo "An error occurred during the build of $IMAGE_NAME"
+    exit $EXIT_CODE
+fi
+
diff --git a/docker/openstack/service/run_service.sh b/docker/openstack/service/run_service.sh
new file mode 100755
index 0000000..d817f00
--- /dev/null
+++ b/docker/openstack/service/run_service.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+# file: run_service.sh
+# info: spawns a docker service image
+# dependencies: assumes proxy variables are defined in the local environment
+# + This service node must complete stacking before compute nodes may join
+# + Service node image must also be available locally or in a registry.
+
+# image selection
+IMAGE_REGISTRY=${IMAGE_REGISTRY:-"odl-registry:4000"}
+IMAGE_REPO=${IMAGE_REPO:-s3p/service}
+IMAGE_TAG=${IMAGE_TAG:-v0.4}
+IMAGE_NAME="${IMAGE_REGISTRY}/${IMAGE_REPO}:${IMAGE_TAG}"
+
+# image configuration
+NAME=${HOST_NAME:-service-node}
+CAPABILITIES="--privileged --cap-add ALL --security-opt apparmor=docker-unconfined "
+SYSTEMD_ENABLING=" --tmpfs /run --tmpfs /run/lock --tmpfs /run/uuid --stop-signal=SIGRTMIN+3 "
+CGROUP_MOUNT=" -v /sys/fs/cgroup:/sys/fs/cgroup:ro "
+MOUNTS="-v /dev:/dev -v /lib/modules:/lib/modules $CGROUP_MOUNT $SYSTEMD_ENABLING "
+PORT_MAP_OFFSET=50000
+HORIZON_PORT_CONTAINER=80
+DLUX_PORT_CONTAINER=8181
+VNC_PORT_CONTAINER=6080
+EXTRA_PORT_CONTAINER=8000
+HORIZON_PORT_HOST=$(( $PORT_MAP_OFFSET + $HORIZON_PORT_CONTAINER ))
+DLUX_PORT_HOST=$(( $PORT_MAP_OFFSET + $DLUX_PORT_CONTAINER ))
+VNC_PORT_HOST=$(( $PORT_MAP_OFFSET + $VNC_PORT_CONTAINER ))
+EXTRA_PORT_HOST=$(( $PORT_MAP_OFFSET + $EXTRA_PORT_CONTAINER ))
+PORT_MAP="-p ${HORIZON_PORT_HOST}:${HORIZON_PORT_CONTAINER} \
+    -p ${DLUX_PORT_HOST}:${DLUX_PORT_CONTAINER} \
+    -p ${VNC_PORT_HOST}:${VNC_PORT_CONTAINER} \
+    -p ${EXTRA_PORT_HOST}:${EXTRA_PORT_CONTAINER}"
+
+# Container environment and OpenStack Config
+STACK_USER=${STACK_USER:-stack}
+STACK_PASS=${STACK_PASS:-stack}
+ODL_NETWORK=${ODL_NETWORK:-True}
+SERVICE_HOST=${SERVICE_HOST:-10.129.19.2}
+NO_PROXY=localhost,10.0.0.0/8,192.168.0.0/16,172.17.0.0/16,127.0.0.1,127.0.0.0/8,$SERVICE_HOST
+
+# noqa ShellCheckBear
+docker run -dit --name ${NAME} --hostname ${NAME} --env TZ=America/Los_Angeles \
+    --env JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 --env JAVA_MAX_MEM=16g \
+    # noqa ShellCheckBear
+    --env http_proxy=$http_proxy --env https_proxy=$https_proxy \
+    # noqa ShellCheckBear
+    --env no_proxy=$NO_PROXY \
+    --env ODL_NETWORK=$ODL_NETWORK \
+    --env STACK_PASS=$STACK_PASS \
+    --env SERVICE_HOST=$SERVICE_HOST \
+    --env container=docker \
+    $PORT_MAP \
+    $MOUNTS \
+    $CAPABILITIES \
+    $IMAGE_NAME \
+    /sbin/init
+
+# connect containers to host bridges (assumes bridges named br_data and br_mgmt exist on the host
+../network/connect_container_to_networks.sh $HOSTNAME 2 service
+
+CONTAINER_SHORT_ID=$(docker ps -aqf "name=${NAME}")
+AUTO_STACK=no
+if [[ "$AUTO_STACK" == "no" ]] ; then
+    docker exec -it -u stack $CONTAINER_SHORT_ID /bin/bash
+else
+    docker exec -d -u stack $CONTAINER_SHORT_ID /bin/bash -c /home/stack/start.sh
+fi
+
-- 
2.36.6