From f4fd47dc2cdb5eee6ac366788c25c2a6a21ca362 Mon Sep 17 00:00:00 2001
From: Steven Dake <stdake@cisco.com>
Date: Sat, 21 Mar 2015 15:13:32 -0700
Subject: [PATCH] Make nova-compute-network use a data volume container

A data volume container is far superior to bind mounting the
host's shared directories.  It preserves the idempotency,
immutability and declarative properties of the containers.

The way this works in practice is that a data volume container is
created.  Then when the containers start they use LVM to access
the filesystem where /var/lib/docker is contained.  Then the
container startup logic bindmounts the data volume stored on the
host filesystem in /var/lib/docker/vfs/dir/ID.  This prevents
people with access to the host operating system from damaging
the contents of the data container.

It does mean that now we must use tools/stop to stop our containers
rather than tools/cleanup-containers -f.

This is a containers best practice.  For more details see:

https://docs.docker.com/userguide/dockervolumes/

Big credit goes to Danyeon Hansen for seeding this idea in the
mariadb containers.

Note occasionally docker-compose start/stop seems to not want to stop
a container.  This bug needs to be addressed upstream separately
from our utilization of this best practice.

Change-Id: Iaa1419f606e1b1b7a7560a095c49e79d643164f1
---
 compose/nova-compute-network.yml               | 18 ++++++++++--------
 .../nova-compute/nova-compute-data/Dockerfile  | 10 ++++++++++
 docker/nova-compute/nova-compute-data/build    |  1 +
 docker/nova-compute/nova-compute/Dockerfile    |  2 --
 docker/nova-compute/nova-libvirt/Dockerfile    |  1 -
 docker/nova-compute/nova-network/Dockerfile    |  3 ---
 6 files changed, 21 insertions(+), 14 deletions(-)
 create mode 100644 docker/nova-compute/nova-compute-data/Dockerfile
 create mode 120000 docker/nova-compute/nova-compute-data/build

diff --git a/compose/nova-compute-network.yml b/compose/nova-compute-network.yml
index c9efa5fb2..299573ae4 100644
--- a/compose/nova-compute-network.yml
+++ b/compose/nova-compute-network.yml
@@ -1,3 +1,7 @@
+computedata:
+   image: kollaglue/centos-rdo-nova-compute-data
+   name: computedata
+
 libvirt:
    image: kollaglue/centos-rdo-nova-libvirt
    name: libvirt
@@ -10,9 +14,8 @@ libvirt:
    volumes:
     - /run:/run
     - /sys/fs/cgroup:/sys/fs/cgroup
-    - /var/lib/nova:/var/lib/nova
-    - /var/lib/libvirt:/var/lib/libvirt
-    - /etc/libvirt/qemu:/etc/libvirt/qemu
+   volumes_from:
+    - computedata
 
 novanetwork:
    image: kollaglue/centos-rdo-nova-network
@@ -25,8 +28,8 @@ novanetwork:
    volumes:
     - /run:/run
     - /sys/fs/cgroup:/sys/fs/cgroup
-    - /var/lib/nova:/var/lib/nova
-    - /var/lib/libvirt:/var/lib/libvirt
+   volumes_from:
+    - computedata
 
 novacompute:
    image: kollaglue/centos-rdo-nova-compute
@@ -39,6 +42,5 @@ novacompute:
    volumes:
     - /run:/run
     - /sys/fs/cgroup:/sys/fs/cgroup
-    - /var/lib/nova:/var/lib/nova
-    - /var/lib/libvirt:/var/lib/libvirt
-    - /etc/libvirt/qemu:/etc/libvirt/qemu
+   volumes_from:
+    - computedata
diff --git a/docker/nova-compute/nova-compute-data/Dockerfile b/docker/nova-compute/nova-compute-data/Dockerfile
new file mode 100644
index 000000000..07e26709d
--- /dev/null
+++ b/docker/nova-compute/nova-compute-data/Dockerfile
@@ -0,0 +1,10 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+VOLUME [ "/var/lib/nova" ]
+VOLUME [ "/var/lib/libvirt" ]
+VOLUME [ "/etc/libvirt/qemu" ]
+
+# Command needed to start the data container.
+# Note: data containers do not need to be persistent.
+CMD ["/bin/true"]
diff --git a/docker/nova-compute/nova-compute-data/build b/docker/nova-compute/nova-compute-data/build
new file mode 120000
index 000000000..43944faa0
--- /dev/null
+++ b/docker/nova-compute/nova-compute-data/build
@@ -0,0 +1 @@
+../../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/nova-compute/nova-compute/Dockerfile b/docker/nova-compute/nova-compute/Dockerfile
index 6e24c456e..bdc7ba3cd 100644
--- a/docker/nova-compute/nova-compute/Dockerfile
+++ b/docker/nova-compute/nova-compute/Dockerfile
@@ -9,7 +9,5 @@ ADD config-nova-compute.sh /opt/kolla/config-nova-compute.sh
 ADD ./start.sh /start.sh
 
 VOLUME [ "/sys/fs/cgroup" ]
-VOLUME [ "/var/lib/nova" ]
-VOLUME [ "/var/lib/libvirt" ]
 
 CMD ["/start.sh"]
diff --git a/docker/nova-compute/nova-libvirt/Dockerfile b/docker/nova-compute/nova-libvirt/Dockerfile
index bc64e1002..36b8dfc01 100644
--- a/docker/nova-compute/nova-libvirt/Dockerfile
+++ b/docker/nova-compute/nova-libvirt/Dockerfile
@@ -6,7 +6,6 @@ RUN yum -y install libvirtd libguestfs qemu-system-x86 \
         libvirt-daemon-config-nwfilter; yum clean all
 
 VOLUME [ "/sys/fs/cgroup" ]
-VOLUME [ "/var/lib/nova" ]
 
 ADD ./start.sh /start.sh
 
diff --git a/docker/nova-compute/nova-network/Dockerfile b/docker/nova-compute/nova-network/Dockerfile
index 2ee4deff4..11eb7effa 100644
--- a/docker/nova-compute/nova-network/Dockerfile
+++ b/docker/nova-compute/nova-network/Dockerfile
@@ -7,7 +7,4 @@ RUN yum -y install openstack-nova-network \
 ADD config-nova-network.sh /opt/kolla/config-nova-network.sh
 ADD ./start.sh /start.sh
 
-VOLUME [ "/var/lib/nova" ]
-VOLUME [ "/var/lib/libvirt" ]
-
 CMD ["/start.sh"]
-- 
GitLab