Chapter 8. Containerized Services
The director installs the core OpenStack Platform services as containers on the overcloud. This section provides some background information on how containerized services work.
8.1. Containerized Service Architecture
				The director installs the core OpenStack Platform services as containers on the overcloud. The templates for the containerized services are located in the /usr/share/openstack-tripleo-heat-templates/docker/services/. These templates reference their respective composable service templates. For example, the OpenStack Identity (keystone) containerized service template (docker/services/keystone.yaml) includes the following resource:
			
				The type refers to the respective OpenStack Identity (keystone) composable service and pulls the outputs data from that template. The containerized service merges this data with its own container-specific data.
			
				All nodes using containerized services must enable the OS::TripleO::Services::Docker service. When creating a roles_data.yaml file for your custom roles configuration, include the the OS::TripleO::Services::Docker service with the base composable services, as the containerized services. For example, the Keystone role uses the following role definition:
			
8.2. Containerized Service Parameters
				Each containerized service template contains an outputs section that defines a data set passed to the director’s OpenStack Orchestration (heat) service. In addition to the standard composable service parameters (see Section 7.2.4, “Examining Role Parameters”), the template contain a set of parameters specific to the container configuration.
			
- puppet_config
- Data to pass to Puppet when configuring the service. In the initial overcloud deployment steps, the director creates a set of containers used to configure the service before the actual containerized service runs. This parameter includes the following sub-parameters: + - 
									config_volume- The mounted docker volume that stores the configuration.
- 
									puppet_tags- Tags to pass to Puppet during configuration. These tags are used in OpenStack Platform to restrict the Puppet run to a particular service’s configuration resource. For example, the OpenStack Identity (keystone) containerized service uses thekeystone_configtag to ensure all required only thekeystone_configPuppet resource run on the configuration container.
- 
									step_config- The configuration data passed to Puppet. This is usually inherited from the referenced composable service.
- 
									config_image- The container image used to configure the service.
 
- 
									
- kolla_config
- A set of container-specific data that defines configuration file locations, directory permissions, and the command to run on the container to launch the service.
- docker_config
- Tasks to run on the service’s configuration container. All tasks are grouped into steps to help the director perform a staged deployment. The steps are: + - Step 1 - Load balancer configuration
- Step 2 - Core services (Database, Redis)
- Step 3 - Initial configuration of OpenStack Platform service
- Step 4 - General OpenStack Platform services configuration
- Step 5 - Service activation
 
- host_prep_tasks
- Preparation tasks for the bare metal node to accommodate the containerized service.
8.3. Modifying OpenStack Platform Containers
				Red Hat provides a set of pre-built container images through the Red Hat Container Catalog (registry.redhat.io). It is possible to modify these images and add additional layers to them. This is useful for adding RPMs for certified 3rd party drivers to the containers.
			
To ensure continued support for modified OpenStack Platform container images, ensure that the resulting images comply with the "Red Hat Container Support Policy".
				This example shows how to customize the latest openstack-keystone image. However, these instructions can also apply to other images:
			
- Pull the image you aim to modify. For example, for the - openstack-keystoneimage:- sudo docker pull registry.redhat.io/rhosp13/openstack-keystone:latest - $ sudo docker pull registry.redhat.io/rhosp13/openstack-keystone:latest- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Check the default user on the original image. For example, for the - openstack-keystoneimage:- sudo docker run -it registry.redhat.io/rhosp13/openstack-keystone:latest whoami - $ sudo docker run -it registry.redhat.io/rhosp13/openstack-keystone:latest whoami root- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow Note- The - openstack-keystoneimage uses- rootas the default user. Other images use specific users. For example,- openstack-glance-apiuses- glancefor the default user.
- Create a - Dockerfileto build an additional layer on an existing container image. The following is an example that pulls the latest OpenStack Identity (keystone) image from the Container Catalog and installs a custom RPM file to the image:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Build and tag the new image. For example, to build with a local - Dockerfilestored in the- /home/stack/keystonedirectory and tag it to your undercloud’s local registry:- docker build /home/stack/keystone -t "192.168.24.1:8787/rhosp13/openstack-keystone-acme:rev1" - $ docker build /home/stack/keystone -t "192.168.24.1:8787/rhosp13/openstack-keystone-acme:rev1"- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Push the resulting image to the undercloud’s local registry: - docker push 192.168.24.1:8787/rhosp13/openstack-keystone-acme:rev1 - $ docker push 192.168.24.1:8787/rhosp13/openstack-keystone-acme:rev1- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- 
						Edit your overcloud container images environment file (usually overcloud_images.yaml) and change the appropriate parameter to use the custom container image.
The Container Catalog publishes container images with a complete software stack built into it. When the Container Catalog releases a container image with updates and security fixes, your existing custom container will not include these updates and will require rebuilding using the new image version from the Catalog.
8.4. Deploying a Vendor Plugin
To use third-party hardware as a Block Storage back end, you must deploy a vendor plugin. The following example demonstrates how to deploy a vendor plugin to use Dell EMC hardware as a Block Storage back end.
- Log in to the - registry.connect.redhat.comcatalog:- docker login registry.connect.redhat.com - $ docker login registry.connect.redhat.com- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Download the plugin: - docker pull registry.connect.redhat.com/dellemc/openstack-cinder-volume-dellemc-rhosp13 - $ docker pull registry.connect.redhat.com/dellemc/openstack-cinder-volume-dellemc-rhosp13- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Tag and push the image to the local undercloud registry using the undercloud IP address relevant to your OpenStack deployment: - docker tag registry.connect.redhat.com/dellemc/openstack-cinder-volume-dellemc-rhosp13 192.168.24.1:8787/dellemc/openstack-cinder-volume-dellemc-rhosp13 docker push 192.168.24.1:8787/dellemc/openstack-cinder-volume-dellemc-rhosp13 - $ docker tag registry.connect.redhat.com/dellemc/openstack-cinder-volume-dellemc-rhosp13 192.168.24.1:8787/dellemc/openstack-cinder-volume-dellemc-rhosp13 $ docker push 192.168.24.1:8787/dellemc/openstack-cinder-volume-dellemc-rhosp13- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Deploy the overcloud with an additional environment file that contains the following parameter: - parameter_defaults: DockerCinderVolumeImage: 192.168.24.1:8787/dellemc/openstack-cinder-volume-dellemc-rhosp13 - parameter_defaults: DockerCinderVolumeImage: 192.168.24.1:8787/dellemc/openstack-cinder-volume-dellemc-rhosp13- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow