diff --git a/devstack/lib/magnum b/devstack/lib/magnum index 3867db330c..3d1eac9f2b 100644 --- a/devstack/lib/magnum +++ b/devstack/lib/magnum @@ -296,12 +296,6 @@ function magnum_register_image { if [ ! -z "$fedora_coreos" ]; then magnum_image_property=$magnum_image_property"fedora-coreos" fi - # os_distro property for fedora ironic image - local fedora_ironic="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -i "ironic" \ - | grep -io "fedora" || true;)" - if [ ! -z "$fedora_ironic" ]; then - magnum_image_property=$magnum_image_property"fedora" - fi # get the image name local image_filename=$(basename "$MAGNUM_GUEST_IMAGE_URL") diff --git a/doc/source/user/index.rst b/doc/source/user/index.rst index b4bf4547d2..71b04b2fa4 100644 --- a/doc/source/user/index.rst +++ b/doc/source/user/index.rst @@ -2733,17 +2733,6 @@ The following software are managed as systemd services: The login user for this image is *core*. -Kubernetes on Ironic --------------------- - -This image is built manually using diskimagebuilder. The scripts and -instructions are included in `Magnum code repo -`_. -Currently Ironic is not fully supported yet, therefore more details will be -provided when this driver has been fully tested. - - - Notification ============ diff --git a/magnum/api/controllers/v1/cluster_template.py b/magnum/api/controllers/v1/cluster_template.py index cf26480168..463463e95c 100644 --- a/magnum/api/controllers/v1/cluster_template.py +++ b/magnum/api/controllers/v1/cluster_template.py @@ -271,10 +271,6 @@ class ClusterTemplatesController(base.Controller): "driver. Please migrate to the fedora_coreos driver. fedora_atomic " "driver will be removed in a future Magnum version.") - _fedora_ironic_deprecation_note = ( - "The fedora ironic driver is deprecated. " - "The driver will be removed in a future Magnum version.") - def _generate_name_for_cluster_template(self, context): """Generate a random name like: zeta-22-model.""" @@ -441,13 +437,6 @@ class ClusterTemplatesController(base.Controller): DeprecationWarning) LOG.warning(self._coreos_deprecation_note) - if (cluster_template_dict['coe'] == 'kubernetes' and - cluster_template_dict['cluster_distro'] == 'fedora' and - cluster_template_dict['server_type'] == 'bm'): - warnings.warn(self._fedora_ironic_deprecation_note, - DeprecationWarning) - LOG.warning(self._fedora_ironic_deprecation_note) - # NOTE(yuywz): We will generate a random human-readable name for # cluster_template if the name is not specified by user. arg_name = cluster_template_dict.get('name') diff --git a/magnum/drivers/k8s_fedora_ironic_v1/__init__.py b/magnum/drivers/k8s_fedora_ironic_v1/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/magnum/drivers/k8s_fedora_ironic_v1/driver.py b/magnum/drivers/k8s_fedora_ironic_v1/driver.py deleted file mode 100644 index e34b95cd92..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/driver.py +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2016 Rackspace Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from magnum.drivers.heat import driver -from magnum.drivers.k8s_fedora_ironic_v1 import template_def - - -class Driver(driver.KubernetesDriver): - - @property - def provides(self): - return [ - {'server_type': 'bm', - 'os': 'fedora', - 'coe': 'kubernetes'}, - ] - - def get_template_definition(self): - return template_def.FedoraK8sIronicTemplateDefinition() diff --git a/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/Readme.md b/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/Readme.md deleted file mode 100644 index 760f774745..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/Readme.md +++ /dev/null @@ -1,45 +0,0 @@ -Kubernetes elements -=================== - -This directory contains `[diskimage-builder](https://github.com/openstack/diskimage-builder)` -elements to build an image which contains kubernetes required to use kubecluster-fedora-ironic.yaml. - -An example fedora based image and uploaded to glance with the following: - - # Install diskimage-builder in virtual environment - virtualenv . - . bin/activate - pip install diskimage-builder - git clone https://git.openstack.org/openstack/magnum - git clone https://git.openstack.org/openstack/dib-utils.git - export PATH="${PWD}/dib-utils/bin:$PATH" - export ELEMENTS_PATH=$(python -c 'import os, diskimage_builder, pkg_resources;print(os.path.abspath(pkg_resources.resource_filename(diskimage_builder.__name__, "elements")))') - export ELEMENTS_PATH=${ELEMENTS_PATH}:magnum/magnum/drivers/k8s_fedora_ironic_v1/image - export DIB_RELEASE=25 - disk-image-create baremetal \ - fedora selinux-permissive \ - kubernetes \ - -o fedora-25-kubernetes.qcow2 - - KERNEL_ID=`glance image-create --name fedora-k8s-kernel \ - --visibility public \ - --disk-format=aki \ - --container-format=aki \ - --file=fedora-25-kubernetes.vmlinuz \ - | grep id | tr -d '| ' | cut --bytes=3-57` - RAMDISK_ID=`glance image-create --name fedora-k8s-ramdisk \ - --visibility public \ - --disk-format=ari \ - --container-format=ari \ - --file=fedora-25-kubernetes.initrd \ - | grep id | tr -d '| ' | cut --bytes=3-57` - BASE_ID=`glance image-create --name fedora-k8s \ - --os-distro fedora \ - --visibility public \ - --disk-format=qcow2 \ - --container-format=bare \ - --property kernel_id=$KERNEL_ID \ - --property ramdisk_id=$RAMDISK_ID \ - --file=fedora-25-kubernetes.qcow2 \ - | grep -v kernel | grep -v ramdisk \ - | grep id | tr -d '| ' | cut --bytes=3-57` diff --git a/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/elements-deps b/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/elements-deps deleted file mode 100644 index 7076aba945..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/elements-deps +++ /dev/null @@ -1 +0,0 @@ -package-installs diff --git a/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/package-installs.yaml b/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/package-installs.yaml deleted file mode 100644 index 28b297717b..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes/package-installs.yaml +++ /dev/null @@ -1,5 +0,0 @@ -kubernetes: -etcd: -flannel: -docker-io: -python2: diff --git a/magnum/drivers/k8s_fedora_ironic_v1/template_def.py b/magnum/drivers/k8s_fedora_ironic_v1/template_def.py deleted file mode 100644 index 6a43e52352..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/template_def.py +++ /dev/null @@ -1,75 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from neutronclient.common import exceptions as n_exception -from neutronclient.neutron import v2_0 as neutronV20 -import os - -from magnum.common import exception -from magnum.drivers.heat import k8s_fedora_template_def as kftd -from oslo_config import cfg - -CONF = cfg.CONF - - -class FedoraK8sIronicTemplateDefinition(kftd.K8sFedoraTemplateDefinition): - """Kubernetes template for a Fedora Baremetal.""" - - def __init__(self): - super(FedoraK8sIronicTemplateDefinition, self).__init__() - self.add_parameter('fixed_subnet', - cluster_template_attr='fixed_subnet', - param_type=str, - required=True) - - def get_fixed_network_id(self, osc, cluster_template): - try: - subnet = neutronV20.find_resource_by_name_or_id( - osc.neutron(), - 'subnet', - cluster_template.fixed_subnet - ) - except n_exception.NeutronException as e: - # NOTE(yuanying): NeutronCLIError doesn't have status_code - # if subnet name is duplicated, NeutronClientNoUniqueMatch - # (which is kind of NeutronCLIError) will be raised. - if getattr(e, 'status_code', 400) < 500: - raise exception.InvalidSubnet(message=("%s" % e)) - else: - raise e - - if subnet['ip_version'] != 4: - raise exception.InvalidSubnet( - message="Subnet IP version should be 4" - ) - - return subnet['network_id'] - - def get_params(self, context, cluster_template, cluster, **kwargs): - ep = kwargs.pop('extra_params', {}) - - osc = self.get_osc(context) - ep['fixed_network'] = self.get_fixed_network_id(osc, cluster_template) - - return super(FedoraK8sIronicTemplateDefinition, - self).get_params(context, cluster_template, cluster, - extra_params=ep, - **kwargs) - - @property - def driver_module_path(self): - return __name__[:__name__.rindex('.')] - - @property - def template_path(self): - return os.path.join(os.path.dirname(os.path.realpath(__file__)), - 'templates/kubecluster.yaml') diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml deleted file mode 100644 index cc499011c3..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml +++ /dev/null @@ -1,733 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - This template will boot a Kubernetes cluster with one or more - minions (as specified by the number_of_minions parameter, which - defaults to 1). - -parameters: - - is_cluster_stack: - type: boolean - default: false - - master_role: - type: string - default: "" - - worker_role: - type: string - default: "" - - ssh_key_name: - type: string - description: name of ssh key to be provisioned on our server - default: "" - - ssh_public_key: - type: string - description: The public ssh key to add in all nodes - default: "" - - external_network: - type: string - description: uuid/name of a network to use for floating ip addresses - default: public - - fixed_network: - type: string - description: > - name of private network into which servers get deployed - Important: the Load Balancer feature in Kubernetes requires that - the name for the fixed_network must be "private" for the - address lookup in Kubernetes to work properly - - fixed_subnet: - type: string - description: Sub network from which to allocate fixed addresses. - default: private-subnet - - master_image: - type: string - description: glance image used to boot the server - - minion_image: - type: string - description: glance image used to boot the server - - master_flavor: - type: string - default: m1.small - description: flavor to use when booting the server - - minion_flavor: - type: string - default: baremetal - description: flavor to use when booting the server - - master_nodegroup_name: - type: string - default: "" - description: the name of the nodegroup where the node belongs - - worker_nodegroup_name: - type: string - default: "" - description: the name of the nodegroup where the node belongs - - prometheus_monitoring: - type: boolean - default: false - description: > - whether or not to have the grafana-prometheus-cadvisor monitoring setup - - grafana_admin_passwd: - type: string - default: admin - hidden: true - description: > - admin user password for the Grafana monitoring interface - - dns_nameserver: - type: comma_delimited_list - description: address of a dns nameserver reachable in your environment - default: 8.8.8.8 - - number_of_masters: - type: number - description: how many kubernetes masters to spawn - default: 1 - - number_of_minions: - type: number - description: how many kubernetes minions to spawn - default: 1 - - portal_network_cidr: - type: string - description: > - address range used by kubernetes for service portals - default: 10.254.0.0/16 - - network_driver: - type: string - description: network driver to use for instantiating container networks - default: flannel - - flannel_network_cidr: - type: string - description: network range for flannel overlay network - default: 10.100.0.0/16 - - flannel_network_subnetlen: - type: number - description: size of subnet assigned to each minion - default: 24 - - flannel_backend: - type: string - description: > - specify the backend for flannel, default udp backend - default: "udp" - constraints: - - allowed_values: ["udp", "vxlan", "host-gw"] - - system_pods_initial_delay: - type: number - description: > - health check, time to wait for system pods (podmaster, scheduler) to boot - (in seconds) - default: 30 - - system_pods_timeout: - type: number - description: > - health check, timeout for system pods (podmaster, scheduler) to answer. - (in seconds) - default: 5 - - admission_control_list: - type: string - description: > - List of admission control plugins to activate - default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota" - - kube_allow_priv: - type: string - description: > - whether or not kubernetes should permit privileged containers. - default: "true" - constraints: - - allowed_values: ["true", "false"] - - etcd_volume_size: - type: number - description: > - size of the cinder volume for etcd storage - default: 0 - - docker_volume_size: - type: number - description: > - size of a cinder volume to allocate to docker for container/image - storage - default: 0 - - docker_volume_type: - type: string - description: > - type of a cinder volume to allocate to docker for container/image - storage - - docker_storage_driver: - type: string - description: docker storage driver name - default: "devicemapper" - - wait_condition_timeout: - type: number - description: > - timeout for the Wait Conditions - default: 6000 - - minions_to_remove: - type: comma_delimited_list - description: > - List of minions to be removed when doing an update. Individual minion may - be referenced several ways: (1) The resource name (e.g. ['1', '3']), - (2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should - be empty when doing an create. - default: [] - - discovery_url: - type: string - description: > - Discovery URL used for bootstrapping the etcd cluster. - - registry_enabled: - type: boolean - description: > - Indicates whether the docker registry is enabled. - default: false - - registry_port: - type: number - description: port of registry service - default: 5000 - - swift_region: - type: string - description: region of swift service - default: "" - - registry_container: - type: string - description: > - name of swift container which docker registry stores images in - default: "container" - - registry_insecure: - type: boolean - description: > - indicates whether to skip TLS verification between registry and backend storage - default: true - - registry_chunksize: - type: number - description: > - size fo the data segments for the swift dynamic large objects - default: 5242880 - - volume_driver: - type: string - description: volume driver to use for container storage - default: "" - - region_name: - type: string - description: A logically separate section of the cluster - - username: - type: string - description: > - user account - - password: - type: string - description: > - user password, not set in current implementation, only used to - fill in for Kubernetes config file - default: - ChangeMe - hidden: true - - loadbalancing_protocol: - type: string - description: > - The protocol which is used for load balancing. If you want to change - tls_disabled option to 'True', please change this to "HTTP". - default: TCP - constraints: - - allowed_values: ["TCP", "HTTP"] - - tls_disabled: - type: boolean - description: whether or not to disable TLS - default: False - - kube_dashboard_enabled: - type: boolean - description: whether or not to disable kubernetes dashboard - default: True - - influx_grafana_dashboard_enabled: - type: boolean - description: Enable influxdb with grafana dashboard for data from heapster - default: False - - verify_ca: - type: boolean - description: whether or not to validate certificate authority - - kubernetes_port: - type: number - description: > - The port which are used by kube-apiserver to provide Kubernetes - service. - default: 6443 - - cluster_uuid: - type: string - description: identifier for the cluster this template is generating - - magnum_url: - type: string - description: endpoint to retrieve TLS certs from - - http_proxy: - type: string - description: http proxy address for docker - default: "" - - https_proxy: - type: string - description: https proxy address for docker - default: "" - - no_proxy: - type: string - description: no proxies for docker - default: "" - - trustee_domain_id: - type: string - description: domain id of the trustee - default: "" - - trustee_user_id: - type: string - description: user id of the trustee - default: "" - - trustee_username: - type: string - description: username of the trustee - default: "" - - trustee_password: - type: string - description: password of the trustee - default: "" - hidden: true - - trust_id: - type: string - description: id of the trust which is used by the trustee - default: "" - hidden: true - - auth_url: - type: string - description: url for keystone - - kube_tag: - type: string - description: tag of the k8s containers used to provision the kubernetes cluster - default: v1.11.1 - - kube_version: - type: string - description: version of kubernetes used for kubernetes cluster - default: v1.11.1 - - kube_dashboard_version: - type: string - description: version of kubernetes dashboard used for kubernetes cluster - default: v1.5.1 - - insecure_registry_url: - type: string - description: insecure registry url - default: "" - - container_infra_prefix: - type: string - description: > - prefix of container images used in the cluster, kubernetes components, - kubernetes-dashboard, coredns etc - constraints: - - allowed_pattern: "^$|.*/" - default: "" - - openstack_ca: - type: string - hidden: true - description: The OpenStack CA certificate to install on the node. - - nodes_affinity_policy: - type: string - description: > - affinity policy for nodes server group - constraints: - - allowed_values: ["affinity", "anti-affinity", "soft-affinity", - "soft-anti-affinity"] - - octavia_enabled: - type: boolean - description: > - whether or not to use Octavia for LoadBalancer type service. - default: False - -resources: - - api_lb: - type: ../../common/templates/lb_api.yaml - properties: - fixed_subnet: {get_param: fixed_subnet} - external_network: {get_param: external_network} - protocol: {get_param: loadbalancing_protocol} - port: {get_param: kubernetes_port} - - etcd_lb: - type: ../../common/templates/lb_etcd.yaml - properties: - fixed_subnet: {get_param: fixed_subnet} - protocol: {get_param: loadbalancing_protocol} - port: 2379 - - ###################################################################### - # - # security groups. we need to permit network traffic of various - # sorts. - # - - secgroup_base: - type: OS::Neutron::SecurityGroup - properties: - rules: - - protocol: icmp - - protocol: tcp - port_range_min: 22 - port_range_max: 22 - - secgroup_kube_master: - type: OS::Neutron::SecurityGroup - properties: - rules: - - protocol: tcp - port_range_min: 7080 - port_range_max: 7080 - - protocol: tcp - port_range_min: 8080 - port_range_max: 8080 - - protocol: tcp - port_range_min: 2379 - port_range_max: 2379 - - protocol: tcp - port_range_min: 2380 - port_range_max: 2380 - - protocol: tcp - port_range_min: 6443 - port_range_max: 6443 - - protocol: tcp - port_range_min: 9100 - port_range_max: 9100 - - protocol: tcp - port_range_min: 30000 - port_range_max: 32767 - - secgroup_kube_minion: - type: OS::Neutron::SecurityGroup - properties: - rules: - - protocol: icmp - - protocol: tcp - - protocol: udp - - ###################################################################### - # - # resources that expose the IPs of either the kube master or a given - # LBaaS pool depending on whether LBaaS is enabled for the cluster. - # - - api_address_lb_switch: - type: Magnum::ApiGatewaySwitcher - properties: - pool_public_ip: {get_attr: [api_lb, floating_address]} - pool_private_ip: {get_attr: [api_lb, address]} - master_public_ip: {get_attr: [kube_masters, resource.0.kube_master_external_ip]} - master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]} - - etcd_address_lb_switch: - type: Magnum::ApiGatewaySwitcher - properties: - pool_private_ip: {get_attr: [etcd_lb, address]} - master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]} - - ###################################################################### - # - # resources that expose the IPs of either floating ip or a given - # fixed ip depending on whether FloatingIP is enabled for the cluster. - # - - api_address_floating_switch: - type: Magnum::FloatingIPAddressSwitcher - properties: - public_ip: {get_attr: [api_address_lb_switch, public_ip]} - private_ip: {get_attr: [api_address_lb_switch, private_ip]} - - ###################################################################### - # - # resources that expose one server group for each master and worker nodes - # separately. - # - - master_nodes_server_group: - type: OS::Nova::ServerGroup - properties: - policies: [{get_param: nodes_affinity_policy}] - - worker_nodes_server_group: - type: OS::Nova::ServerGroup - properties: - policies: [{get_param: nodes_affinity_policy}] - - ###################################################################### - # - # kubernetes masters. This is a resource group that will create - # masters. - # - - kube_masters: - type: OS::Heat::ResourceGroup - properties: - count: {get_param: number_of_masters} - resource_def: - type: kubemaster.yaml - properties: - name: - list_join: - - '-' - - [{ get_param: 'OS::stack_name' }, 'master', '%index%'] - prometheus_monitoring: {get_param: prometheus_monitoring} - grafana_admin_passwd: {get_param: grafana_admin_passwd} - api_public_address: {get_attr: [api_lb, floating_address]} - api_private_address: {get_attr: [api_lb, address]} - ssh_key_name: {get_param: ssh_key_name} - server_image: {get_param: master_image} - master_flavor: {get_param: master_flavor} - external_network: {get_param: external_network} - kube_allow_priv: {get_param: kube_allow_priv} - docker_volume_size: {get_param: docker_volume_size} - docker_storage_driver: {get_param: docker_storage_driver} - network_driver: {get_param: network_driver} - flannel_network_cidr: {get_param: flannel_network_cidr} - flannel_network_subnetlen: {get_param: flannel_network_subnetlen} - flannel_backend: {get_param: flannel_backend} - system_pods_initial_delay: {get_param: system_pods_initial_delay} - system_pods_timeout: {get_param: system_pods_timeout} - portal_network_cidr: {get_param: portal_network_cidr} - admission_control_list: {get_param: admission_control_list} - discovery_url: {get_param: discovery_url} - cluster_uuid: {get_param: cluster_uuid} - magnum_url: {get_param: magnum_url} - fixed_network: {get_param: fixed_network} - fixed_subnet: {get_param: fixed_subnet} - api_pool_id: {get_attr: [api_lb, pool_id]} - etcd_pool_id: {get_attr: [etcd_lb, pool_id]} - username: {get_param: username} - password: {get_param: password} - kubernetes_port: {get_param: kubernetes_port} - tls_disabled: {get_param: tls_disabled} - kube_dashboard_enabled: {get_param: kube_dashboard_enabled} - influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled} - verify_ca: {get_param: verify_ca} - secgroup_base_id: {get_resource: secgroup_base} - secgroup_kube_master_id: {get_resource: secgroup_kube_master} - http_proxy: {get_param: http_proxy} - https_proxy: {get_param: https_proxy} - no_proxy: {get_param: no_proxy} - kube_tag: {get_param: kube_tag} - kube_version: {get_param: kube_version} - kube_dashboard_version: {get_param: kube_dashboard_version} - trustee_user_id: {get_param: trustee_user_id} - trustee_password: {get_param: trustee_password} - trust_id: {get_param: trust_id} - auth_url: {get_param: auth_url} - insecure_registry_url: {get_param: insecure_registry_url} - container_infra_prefix: {get_param: container_infra_prefix} - wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]} - etcd_lb_vip: {get_attr: [etcd_lb, address]} - openstack_ca: {get_param: openstack_ca} - nodes_server_group_id: {get_resource: master_nodes_server_group} - octavia_enabled: {get_param: octavia_enabled} - - ###################################################################### - # - # wait condition handler for kubernetes master - # - - master_wait_handle: - type: OS::Heat::WaitConditionHandle - - master_wait_condition: - type: OS::Heat::WaitCondition - properties: - count: {get_param: number_of_masters} - handle: {get_resource: master_wait_handle} - timeout: {get_param: wait_condition_timeout} - - ###################################################################### - # - # kubernetes minions. This is an resource group that will initially - # create minions, and needs to be manually scaled. - # - - kube_minions: - type: OS::Heat::ResourceGroup - properties: - count: {get_param: number_of_minions} - removal_policies: [{resource_list: {get_param: minions_to_remove}}] - resource_def: - type: kubeminion.yaml - properties: - name: - list_join: - - '-' - - [{ get_param: 'OS::stack_name' }, 'minion', '%index%'] - ssh_key_name: {get_param: ssh_key_name} - server_image: {get_param: minion_image} - minion_flavor: {get_param: minion_flavor} - fixed_network: {get_param: fixed_network} - fixed_subnet: {get_param: fixed_subnet} - secgroup_kube_minion_id: {get_resource: secgroup_kube_minion} - flannel_network_cidr: {get_param: flannel_network_cidr} - external_network: {get_param: external_network} - kube_software_configs: {get_attr: [kubeminion_software_configs, kube_minion_init]} - nodes_server_group_id: {get_resource: worker_nodes_server_group} - - ###################################################################### - # - # Software configs for kubernetes minions - # - - kubeminion_software_configs: - type: kubeminion_software_configs.yaml - properties: - prometheus_monitoring: {get_param: prometheus_monitoring} - network_driver: {get_param: network_driver} - kube_master_ip: {get_attr: [api_address_lb_switch, private_ip]} - etcd_server_ip: {get_attr: [etcd_address_lb_switch, private_ip]} - kube_allow_priv: {get_param: kube_allow_priv} - docker_volume_size: {get_param: docker_volume_size} - docker_storage_driver: {get_param: docker_storage_driver} - registry_enabled: {get_param: registry_enabled} - registry_port: {get_param: registry_port} - swift_region: {get_param: swift_region} - registry_container: {get_param: registry_container} - registry_insecure: {get_param: registry_insecure} - registry_chunksize: {get_param: registry_chunksize} - cluster_uuid: {get_param: cluster_uuid} - magnum_url: {get_param: magnum_url} - volume_driver: {get_param: volume_driver} - region_name: {get_param: region_name} - auth_url: {get_param: auth_url} - username: {get_param: username} - password: {get_param: password} - kubernetes_port: {get_param: kubernetes_port} - tls_disabled: {get_param: tls_disabled} - verify_ca: {get_param: verify_ca} - http_proxy: {get_param: http_proxy} - https_proxy: {get_param: https_proxy} - no_proxy: {get_param: no_proxy} - kube_tag: {get_param: kube_tag} - kube_version: {get_param: kube_version} - trustee_user_id: {get_param: trustee_user_id} - trustee_username: {get_param: trustee_username} - trustee_password: {get_param: trustee_password} - trustee_domain_id: {get_param: trustee_domain_id} - trust_id: {get_param: trust_id} - insecure_registry_url: {get_param: insecure_registry_url} - container_infra_prefix: {get_param: container_infra_prefix} - wc_curl_cli: {get_attr: [minion_wait_handle, curl_cli]} - openstack_ca: {get_param: openstack_ca} - octavia_enabled: {get_param: octavia_enabled} - - ###################################################################### - # - # wait condition handler for kubernetes minions - # - - minion_wait_handle: - type: OS::Heat::WaitConditionHandle - - minion_wait_condition: - type: OS::Heat::WaitCondition - properties: - count: {get_param: number_of_minions} - handle: {get_resource: minion_wait_handle} - timeout: {get_param: wait_condition_timeout} - -outputs: - - api_address: - value: - str_replace: - template: api_ip_address - params: - api_ip_address: {get_attr: [api_address_floating_switch, ip_address]} - description: > - This is the API endpoint of the Kubernetes cluster. Use this to access - the Kubernetes API. - - registry_address: - value: - str_replace: - template: localhost:port - params: - port: {get_param: registry_port} - description: - This is the url of docker registry server where you can store docker - images. - - kube_masters_private: - value: {get_attr: [kube_masters, kube_master_ip]} - description: > - This is a list of the "private" IP addresses of all the Kubernetes masters. - - kube_masters: - value: {get_attr: [kube_masters, kube_master_external_ip]} - description: > - This is a list of the "public" IP addresses of all the Kubernetes masters. - Use these IP addresses to log in to the Kubernetes masters via ssh. - - kube_minions_private: - value: {get_attr: [kube_minions, kube_minion_ip]} - description: > - This is a list of the "private" IP addresses of all the Kubernetes minions. - - kube_minions: - value: {get_attr: [kube_minions, kube_minion_external_ip]} - description: > - This is a list of the "public" IP addresses of all the Kubernetes minions. - Use these IP addresses to log in to the Kubernetes minions via ssh. diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml deleted file mode 100644 index 7169b34b2d..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml +++ /dev/null @@ -1,559 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - This is a nested stack that defines a single Kubernetes master, This stack is - included by an ResourceGroup resource in the parent template - (kubecluster.yaml). - -parameters: - - name: - type: string - description: server name - - server_image: - type: string - description: glance image used to boot the server - - master_flavor: - type: string - description: flavor to use when booting the server - - ssh_key_name: - type: string - description: name of ssh key to be provisioned on our server - - external_network: - type: string - description: uuid/name of a network to use for floating ip addresses - - portal_network_cidr: - type: string - description: > - address range used by kubernetes for service portals - - kube_allow_priv: - type: string - description: > - whether or not kubernetes should permit privileged containers. - constraints: - - allowed_values: ["true", "false"] - - docker_volume_size: - type: number - description: > - size of a cinder volume to allocate to docker for container/image - storage - - docker_storage_driver: - type: string - description: docker storage driver name - default: "devicemapper" - - flannel_network_cidr: - type: string - description: network range for flannel overlay network - - flannel_network_subnetlen: - type: number - description: size of subnet assigned to each master - - flannel_backend: - type: string - description: > - specify the backend for flannel, default udp backend - constraints: - - allowed_values: ["udp", "vxlan", "host-gw"] - - system_pods_initial_delay: - type: number - description: > - health check, time to wait for system pods (podmaster, scheduler) to boot - (in seconds) - default: 30 - - system_pods_timeout: - type: number - description: > - health check, timeout for system pods (podmaster, scheduler) to answer. - (in seconds) - default: 5 - - admission_control_list: - type: string - description: > - List of admission control plugins to activate - - discovery_url: - type: string - description: > - Discovery URL used for bootstrapping the etcd cluster. - - tls_disabled: - type: boolean - description: whether or not to enable TLS - - kube_dashboard_enabled: - type: boolean - description: whether or not to disable kubernetes dashboard - - influx_grafana_dashboard_enabled: - type: boolean - description: Enable influxdb with grafana dashboard for data from heapster - - verify_ca: - type: boolean - description: whether or not to validate certificate authority - - kubernetes_port: - type: number - description: > - The port which are used by kube-apiserver to provide Kubernetes - service. - - cluster_uuid: - type: string - description: identifier for the cluster this template is generating - - magnum_url: - type: string - description: endpoint to retrieve TLS certs from - - prometheus_monitoring: - type: boolean - description: > - whether or not to have prometheus and grafana deployed - - grafana_admin_passwd: - type: string - hidden: true - description: > - admin user password for the Grafana monitoring interface - - api_public_address: - type: string - description: Public IP address of the Kubernetes master server. - default: "" - - api_private_address: - type: string - description: Private IP address of the Kubernetes master server. - default: "" - - fixed_network: - type: string - description: Network from which to allocate fixed addresses. - - fixed_subnet: - type: string - description: Subnet from which to allocate fixed addresses. - - network_driver: - type: string - description: network driver to use for instantiating container networks - - secgroup_base_id: - type: string - description: ID of the security group for base. - - secgroup_kube_master_id: - type: string - description: ID of the security group for kubernetes master. - - api_pool_id: - type: string - description: ID of the load balancer pool of k8s API server. - - etcd_pool_id: - type: string - description: ID of the load balancer pool of etcd server. - - auth_url: - type: string - description: > - url for kubernetes to authenticate - - username: - type: string - description: > - user account - - password: - type: string - description: > - user password - - http_proxy: - type: string - description: http proxy address for docker - - https_proxy: - type: string - description: https proxy address for docker - - no_proxy: - type: string - description: no proxies for docker - - kube_tag: - type: string - description: tag of the k8s containers used to provision the kubernetes cluster - - kube_version: - type: string - description: version of kubernetes used for kubernetes cluster - - kube_dashboard_version: - type: string - description: version of kubernetes dashboard used for kubernetes cluster - - trustee_user_id: - type: string - description: user id of the trustee - - trustee_password: - type: string - description: password of the trustee - hidden: true - - trust_id: - type: string - description: id of the trust which is used by the trustee - hidden: true - - insecure_registry_url: - type: string - description: insecure registry url - - container_infra_prefix: - type: string - description: > - prefix of container images used in the cluster, kubernetes components, - kubernetes-dashboard, coredns etc - - wc_curl_cli: - type: string - description : > - Wait condition notify command for Master. - - etcd_lb_vip: - type: string - description: > - etcd lb vip private used to generate certs on master. - default: "" - - openstack_ca: - type: string - description: The OpenStack CA certificate to install on the node. - - nodes_server_group_id: - type: string - description: ID of the server group for kubernetes cluster nodes. - - octavia_enabled: - type: boolean - description: > - whether or not to use Octavia for LoadBalancer type service. - default: False - -resources: - - ###################################################################### - # - # resource that exposes the IPs of either the kube master or the API - # LBaaS pool depending on whether LBaaS is enabled for the cluster. - # - - api_address_switch: - type: Magnum::ApiGatewaySwitcher - properties: - pool_public_ip: {get_param: api_public_address} - pool_private_ip: {get_param: api_private_address} - master_public_ip: {get_attr: [kube_master_floating, floating_ip_address]} - master_private_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]} - - ###################################################################### - # - # software configs. these are components that are combined into - # a multipart MIME user-data archive. - # - - write_heat_params: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: - str_replace: - template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params-master.yaml} - params: - "$PROMETHEUS_MONITORING": {get_param: prometheus_monitoring} - "$KUBE_API_PUBLIC_ADDRESS": {get_attr: [api_address_switch, public_ip]} - "$KUBE_API_PRIVATE_ADDRESS": {get_attr: [api_address_switch, private_ip]} - "$KUBE_API_PORT": {get_param: kubernetes_port} - "$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv} - "$DOCKER_VOLUME": 'None' - "$DOCKER_VOLUME_SIZE": {get_param: docker_volume_size} - "$DOCKER_STORAGE_DRIVER": {get_param: docker_storage_driver} - "$NETWORK_DRIVER": {get_param: network_driver} - "$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr} - "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen} - "$FLANNEL_BACKEND": {get_param: flannel_backend} - "$SYSTEM_PODS_INITIAL_DELAY": {get_param: system_pods_initial_delay} - "$SYSTEM_PODS_TIMEOUT": {get_param: system_pods_timeout} - "$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr} - "$ADMISSION_CONTROL_LIST": {get_param: admission_control_list} - "$ETCD_DISCOVERY_URL": {get_param: discovery_url} - "$AUTH_URL": {get_param: auth_url} - "$USERNAME": {get_param: username} - "$PASSWORD": {get_param: password} - "$CLUSTER_SUBNET": {get_param: fixed_subnet} - "$TLS_DISABLED": {get_param: tls_disabled} - "$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled} - "$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled} - "$VERIFY_CA": {get_param: verify_ca} - "$CLUSTER_UUID": {get_param: cluster_uuid} - "$MAGNUM_URL": {get_param: magnum_url} - "$HTTP_PROXY": {get_param: http_proxy} - "$HTTPS_PROXY": {get_param: https_proxy} - "$NO_PROXY": {get_param: no_proxy} - "$KUBE_TAG": {get_param: kube_tag} - "$KUBE_VERSION": {get_param: kube_version} - "$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version} - "$WAIT_CURL": {get_param: wc_curl_cli} - "$TRUSTEE_USER_ID": {get_param: trustee_user_id} - "$TRUSTEE_PASSWORD": {get_param: trustee_password} - "$TRUST_ID": {get_param: trust_id} - "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url} - "$CONTAINER_INFRA_PREFIX": {get_param: container_infra_prefix} - "$ENABLE_CINDER": "False" - "$ETCD_LB_VIP": {get_param: etcd_lb_vip} - "$OCTAVIA_ENABLED": {get_param: octavia_enabled} - - install_openstack_ca: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: - str_replace: - params: - $OPENSTACK_CA: {get_param: openstack_ca} - template: {get_file: ../../common/templates/fragments/atomic-install-openstack-ca.sh} - - make_cert: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/make-cert.sh} - - configure_docker_storage: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: - str_replace: - params: - $configure_docker_storage_driver: {get_file: ../../common/templates/fragments/configure_docker_storage_driver_atomic.sh} - template: {get_file: ../../common/templates/fragments/configure-docker-storage.sh} - - configure_etcd: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/configure-etcd.sh} - - write_kube_os_config: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh} - - configure_kubernetes: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-master.sh} - - write_flannel_config: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/write-flannel-config.sh} - - flannel_config_service: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/flannel-config-service.sh} - - enable_services: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/enable-services-master.sh} - - flannel_service: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh} - - enable_kube_controller_manager_scheduler: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-controller-manager-scheduler.sh} - - kube_apiserver_to_kubelet_role: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh} - - kube_ui_service: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh} - - enable_kube_proxy: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh} - - master_wc_notify: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/wc-notify-master.sh} - - disable_selinux: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh} - - add_proxy: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/add-proxy.sh} - - start_container_agent: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/start-container-agent.sh} - - kube_master_init: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: install_openstack_ca} - - config: {get_resource: disable_selinux} - - config: {get_resource: write_heat_params} - - config: {get_resource: configure_etcd} - - config: {get_resource: write_kube_os_config} - - config: {get_resource: make_cert} - - config: {get_resource: configure_docker_storage} - - config: {get_resource: configure_kubernetes} - - config: {get_resource: add_proxy} - - config: {get_resource: enable_services} - - config: {get_resource: write_flannel_config} - - config: {get_resource: flannel_config_service} - - config: {get_resource: flannel_service} - - config: {get_resource: kube_apiserver_to_kubelet_role} - - config: {get_resource: enable_kube_controller_manager_scheduler} - - config: {get_resource: enable_kube_proxy} - - config: {get_resource: kube_ui_service} - - config: {get_resource: start_container_agent} - - config: {get_resource: master_wc_notify} - - enable_prometheus_monitoring: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - str_replace: - template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh} - params: - "$ADMIN_PASSWD": {get_param: grafana_admin_passwd} - - enable_prometheus_monitoring_deployment: - type: OS::Heat::SoftwareDeployment - properties: - signal_transport: HEAT_SIGNAL - config: {get_resource: enable_prometheus_monitoring} - server: {get_resource: kube-master} - actions: ['CREATE'] - - ###################################################################### - # - # a single kubernetes master. - # - - # do NOT use "_" (underscore) in the Nova server name - # it creates a mismatch between the generated Nova name and its hostname - # which can lead to weird problems - kube-master: - type: OS::Nova::Server - properties: - name: {get_param: name} - image: {get_param: server_image} - flavor: {get_param: master_flavor} - key_name: {get_param: ssh_key_name} - user_data_format: SOFTWARE_CONFIG - software_config_transport: POLL_SERVER_HEAT - user_data: {get_resource: kube_master_init} - networks: - - port: {get_resource: kube_master_eth0} - scheduler_hints: { group: { get_param: nodes_server_group_id }} - - kube_master_eth0: - type: "OS::Neutron::Port" - properties: - network_id: - get_param: fixed_network - security_groups: - - {get_param: secgroup_kube_master_id} - fixed_ips: - - subnet_id: - get_param: fixed_subnet - allowed_address_pairs: - - ip_address: {get_param: flannel_network_cidr} - - kube_master_floating: - type: OS::Neutron::FloatingIP - properties: - floating_network: - get_param: external_network - port_id: - get_resource: kube_master_eth0 - - api_pool_member: - type: Magnum::Optional::Neutron::LBaaS::PoolMember - properties: - pool: {get_param: api_pool_id} - address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]} - subnet: { get_param: fixed_subnet } - protocol_port: {get_param: kubernetes_port} - - etcd_pool_member: - type: Magnum::Optional::Neutron::LBaaS::PoolMember - properties: - pool: {get_param: etcd_pool_id} - address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]} - subnet: { get_param: fixed_subnet } - protocol_port: 2379 - -outputs: - - kube_master_ip: - value: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]} - description: > - This is the "private" IP address of the Kubernetes master node. - - kube_master_external_ip: - value: {get_attr: [kube_master_floating, floating_ip_address]} - description: > - This is the "public" IP address of the Kubernetes master node. diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion.yaml deleted file mode 100644 index 7e038b0fbc..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion.yaml +++ /dev/null @@ -1,125 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - This is a nested stack that defines a single Kubernetes minion, This stack is - included by an AutoScalingGroup resource in the parent template - (kubecluster.yaml). - -parameters: - - name: - type: string - description: server name - - server_image: - type: string - description: glance image used to boot the server - - minion_flavor: - type: string - description: flavor to use when booting the server - - ssh_key_name: - type: string - description: name of ssh key to be provisioned on our server - - external_network: - type: string - description: uuid/name of a network to use for floating ip addresses - - fixed_network: - type: string - description: Network from which to allocate fixed addresses. - - fixed_subnet: - type: string - description: Subnet from which to allocate fixed addresses. - - secgroup_kube_minion_id: - type: string - description: ID of the security group for kubernetes minion. - - flannel_network_cidr: - type: string - description: network range for flannel overlay network - - kube_software_configs: - type: string - description : > - ID of the multipart mime. - - nodes_server_group_id: - type: string - description: ID of the server group for kubernetes cluster nodes. - -resources: - - ###################################################################### - # - # a single kubernetes minion. - # - - # do NOT use "_" (underscore) in the Nova server name - # it creates a mismatch between the generated Nova name and its hostname - # which can lead to weird problems - kube-minion: - type: OS::Nova::Server - properties: - name: {get_param: name} - image: {get_param: server_image} - flavor: {get_param: minion_flavor} - key_name: {get_param: ssh_key_name} - user_data_format: RAW - user_data: {get_param: kube_software_configs} - networks: - - port: {get_resource: kube_minion_eth0} - scheduler_hints: { group: { get_param: nodes_server_group_id }} - - kube_minion_eth0: - type: "OS::Neutron::Port" - properties: - network_id: - get_param: fixed_network - security_groups: - - {get_param: secgroup_kube_minion_id} - fixed_ips: - - subnet_id: - get_param: fixed_subnet - allowed_address_pairs: - - ip_address: {get_param: flannel_network_cidr} - - kube_minion_floating: - type: OS::Neutron::FloatingIP - properties: - floating_network: - get_param: external_network - port_id: - get_resource: kube_minion_eth0 - -outputs: - - kube_minion_ip: - value: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]} - description: > - This is the "public" IP address of the Kubernetes minion node. - - kube_minion_external_ip: - value: {get_attr: [kube_minion_floating, floating_ip_address]} - description: > - This is the "public" IP address of the Kubernetes minion node. - - ###################################################################### - # - # NOTE(flwang): Returning the minion node server ID here so that - # consumer can send API request to Heat to remove a particular - # node with removal_policies. Otherwise, the consumer (e.g. AutoScaler) - # has to use index to do the remove which is confusing out of the - # OpenStack world. - # https://storyboard.openstack.org/#!/story/2005054 - # - ###################################################################### - - OS::stack_id: - value: { get_resource: kube-minion } - description: > - This is the Ironic server id of the node. diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml deleted file mode 100644 index 27b694a838..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml +++ /dev/null @@ -1,355 +0,0 @@ -heat_template_version: 2014-10-16 - -description: > - This is a nested stack that defines software configs for Kubernetes minions. - -parameters: - - kube_allow_priv: - type: string - description: > - whether or not kubernetes should permit privileged containers. - constraints: - - allowed_values: ["true", "false"] - - docker_volume_size: - type: number - description: > - size of a cinder volume to allocate to docker for container/image - storage - - docker_storage_driver: - type: string - description: docker storage driver name - default: "devicemapper" - - tls_disabled: - type: boolean - description: whether or not to enable TLS - - verify_ca: - type: boolean - description: whether or not to validate certificate authority - - kubernetes_port: - type: number - description: > - The port which are used by kube-apiserver to provide Kubernetes - service. - - cluster_uuid: - type: string - description: identifier for the cluster this template is generating - - magnum_url: - type: string - description: endpoint to retrieve TLS certs from - - prometheus_monitoring: - type: boolean - description: > - whether or not to have the node-exporter running on the node - - kube_master_ip: - type: string - description: IP address of the Kubernetes master server. - - etcd_server_ip: - type: string - description: IP address of the Etcd server. - - network_driver: - type: string - description: network driver to use for instantiating container networks - - registry_enabled: - type: boolean - description: > - Indicates whether the docker registry is enabled. - - registry_port: - type: number - description: port of registry service - - swift_region: - type: string - description: region of swift service - - registry_container: - type: string - description: > - name of swift container which docker registry stores images in - - registry_insecure: - type: boolean - description: > - indicates whether to skip TLS verification between registry and backend storage - - registry_chunksize: - type: number - description: > - size fo the data segments for the swift dynamic large objects - - volume_driver: - type: string - description: volume driver to use for container storage - - region_name: - type: string - description: A logically separate section of the cluster - - username: - type: string - description: > - user account - - password: - type: string - description: > - user password, not set in current implementation, only used to - fill in for Kubernetes config file - hidden: true - - http_proxy: - type: string - description: http proxy address for docker - - https_proxy: - type: string - description: https proxy address for docker - - no_proxy: - type: string - description: no proxies for docker - - kube_tag: - type: string - description: tag of the k8s containers used to provision the kubernetes cluster - - kube_version: - type: string - description: version of kubernetes used for kubernetes cluster - - trustee_domain_id: - type: string - description: domain id of the trustee - - trustee_user_id: - type: string - description: user id of the trustee - - trustee_username: - type: string - description: username of the trustee - - trustee_password: - type: string - description: password of the trustee - hidden: true - - trust_id: - type: string - description: id of the trust which is used by the trustee - hidden: true - - auth_url: - type: string - description: > - url for keystone, must be v2 since k8s backend only support v2 - at this point - - insecure_registry_url: - type: string - description: insecure registry url - - container_infra_prefix: - type: string - description: > - prefix of container images used in the cluster, kubernetes components, - kubernetes-dashboard, coredns etc - - wc_curl_cli: - type: string - description : > - Wait condition notify command for Minion. - - openstack_ca: - type: string - description: The OpenStack CA certificate to install on the node. - - octavia_enabled: - type: boolean - description: > - whether or not to use Octavia for LoadBalancer type service. - default: False - -resources: - - ###################################################################### - # - # software configs. these are components that are combined into - # a multipart MIME user-data archive. - # - - write_heat_params: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: - str_replace: - template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params.yaml} - params: - $PROMETHEUS_MONITORING: {get_param: prometheus_monitoring} - $KUBE_ALLOW_PRIV: {get_param: kube_allow_priv} - $KUBE_MASTER_IP: {get_param: kube_master_ip} - $KUBE_API_PORT: {get_param: kubernetes_port} - $ETCD_SERVER_IP: {get_param: etcd_server_ip} - $DOCKER_VOLUME: 'None' - $DOCKER_VOLUME_SIZE: {get_param: docker_volume_size} - $DOCKER_STORAGE_DRIVER: {get_param: docker_storage_driver} - $NETWORK_DRIVER: {get_param: network_driver} - $REGISTRY_ENABLED: {get_param: registry_enabled} - $REGISTRY_PORT: {get_param: registry_port} - $SWIFT_REGION: {get_param: swift_region} - $REGISTRY_CONTAINER: {get_param: registry_container} - $REGISTRY_INSECURE: {get_param: registry_insecure} - $REGISTRY_CHUNKSIZE: {get_param: registry_chunksize} - $TLS_DISABLED: {get_param: tls_disabled} - $VERIFY_CA: {get_param: verify_ca} - $CLUSTER_UUID: {get_param: cluster_uuid} - $MAGNUM_URL: {get_param: magnum_url} - $USERNAME: {get_param: username} - $PASSWORD: {get_param: password} - $VOLUME_DRIVER: {get_param: volume_driver} - $REGION_NAME: {get_param: region_name} - $HTTP_PROXY: {get_param: http_proxy} - $HTTPS_PROXY: {get_param: https_proxy} - $NO_PROXY: {get_param: no_proxy} - $KUBE_TAG: {get_param: kube_tag} - $KUBE_VERSION: {get_param: kube_version} - $WAIT_CURL: {get_param: wc_curl_cli} - $TRUSTEE_DOMAIN_ID: {get_param: trustee_domain_id} - $TRUSTEE_USER_ID: {get_param: trustee_user_id} - $TRUSTEE_USERNAME: {get_param: trustee_username} - $TRUSTEE_PASSWORD: {get_param: trustee_password} - $TRUST_ID: {get_param: trust_id} - $AUTH_URL: {get_param: auth_url} - $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url} - $CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix} - $ENABLE_CINDER: "False" - $OCTAVIA_ENABLED: {get_param: octavia_enabled} - - install_openstack_ca: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: - str_replace: - params: - $OPENSTACK_CA: {get_param: openstack_ca} - template: {get_file: ../../common/templates/fragments/atomic-install-openstack-ca.sh} - - make_cert: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh} - - configure_docker_storage: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: - str_replace: - params: - $configure_docker_storage_driver: {get_file: ../../common/templates/fragments/configure_docker_storage_driver_atomic.sh} - template: {get_file: ../../common/templates/fragments/configure-docker-storage.sh} - - configure_docker_registry: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/fragments/configure-docker-registry.sh} - - configure_kubernetes_minion: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-minion.sh} - - flannel_service: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh} - - enable_services: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/enable-services-minion.sh} - - enable_docker_registry: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/fragments/enable-docker-registry.sh} - - enable_kube_proxy: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh} - - minion_wc_notify: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: - str_replace: - template: | - #!/bin/bash -v - if [ "verify_ca" == "True" ]; then - VERIFY_CA="" - else - VERIFY_CA="-k" - fi - wc_notify $VERIFY_CA --data-binary '{"status": "SUCCESS"}' - params: - wc_notify: {get_param: wc_curl_cli} - verify_ca: {get_param: verify_ca} - - disable_selinux: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh} - - add_proxy: - type: OS::Heat::SoftwareConfig - properties: - group: ungrouped - config: {get_file: ../../common/templates/kubernetes/fragments/add-proxy.sh} - - kube_minion_init: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: install_openstack_ca} - - config: {get_resource: disable_selinux} - - config: {get_resource: write_heat_params} - - config: {get_resource: make_cert} - - config: {get_resource: configure_docker_storage} - - config: {get_resource: configure_docker_registry} - - config: {get_resource: configure_kubernetes_minion} - - config: {get_resource: flannel_service} - - config: {get_resource: add_proxy} - - config: {get_resource: enable_services} - - config: {get_resource: enable_kube_proxy} - - config: {get_resource: enable_docker_registry} - - config: {get_resource: minion_wc_notify} - -outputs: - kube_minion_init: - value: {get_resource: kube_minion_init} - description: ID of the multipart mime for kubeminion. diff --git a/magnum/drivers/k8s_fedora_ironic_v1/version.py b/magnum/drivers/k8s_fedora_ironic_v1/version.py deleted file mode 100644 index 785358afab..0000000000 --- a/magnum/drivers/k8s_fedora_ironic_v1/version.py +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright 2016 - Rackspace Hosting -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -version = '1.0.0' -driver = 'k8s_fedora_ironic_v1' -container_version = '1.12.6' diff --git a/magnum/tests/contrib/gate_hook.sh b/magnum/tests/contrib/gate_hook.sh index 781d667156..b2c6660fac 100755 --- a/magnum/tests/contrib/gate_hook.sh +++ b/magnum/tests/contrib/gate_hook.sh @@ -41,51 +41,6 @@ if [[ -e /etc/ci/mirror_info.sh ]]; then source /etc/ci/mirror_info.sh fi -if [ "${coe}${special}" = "k8s-ironic" ]; then - export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-kubernetes-ironic-latest.tar.gz'" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-kubernetes-ironic-latest'" - - export DEVSTACK_GATE_VIRT_DRIVER="ironic" - # NOTE(strigazi) keep cinder - # export DEVSTACK_LOCAL_CONFIG+=$'\n'"disable_service cinder c-sch c-api c-vol" - - export DEVSTACK_LOCAL_CONFIG+=$'\n'"enable_plugin ironic https://git.openstack.org/openstack/ironic" - - # NOTE(TheJulia): Ironic switched to "hardware types" in Queens and - # removed legacy "drivers" in Rocky. "ipmi" superceeds *_ipmitool drivers. - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_DEPLOY_DRIVER=ipmi" - # NOTE(ykarel) Ironic to work with magnum, requires devstack to be configured with IP_VERSION=4 - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IP_VERSION=4" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_BAREMETAL_BASIC_OPS=True" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_LOG_DIR=/opt/stack/new/ironic-bm-logs" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"DEFAULT_INSTANCE_TYPE=baremetal" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"BUILD_TIMEOUT=600" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_CALLBACK_TIMEOUT=600" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"Q_AGENT=openvswitch" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"Q_ML2_TENANT_NETWORK_TYPE=vxlan" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_BUILD_DEPLOY_RAMDISK=False" - - # We don't enable swift in Gate Jobs so not required - # export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_ENABLE_TEMPURLS=True" - # export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_TEMPURL_KEY=password" - # export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_HASH=password" - # NOTE(TheJulia): Enable interface order will result in the iscsi - # deployment method being used by default. - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_ENABLED_DEPLOY_INTERFACES=iscsi,direct" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"VOLUME_BACKING_FILE_SIZE=24G" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"FORCE_CONFIG_DRIVE=True" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_RAMDISK_TYPE=tinyipa" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_IPXE_ENABLED=False" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_COUNT=2" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SSH_PORT=22" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_RAM=1024" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_DISK=10" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_EPHEMERAL_DISK=5" -else - export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20220116.3.0/x86_64/fedora-coreos-35.20220116.3.0-openstack.x86_64.qcow2.xz'" - export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-coreos-35.20220116.3.0-openstack.x86_64'" -fi - # Enable magnum plugin in the last step export DEVSTACK_LOCAL_CONFIG+=$'\n'"enable_plugin magnum https://git.openstack.org/openstack/magnum" diff --git a/magnum/tests/contrib/post_test_hook.sh b/magnum/tests/contrib/post_test_hook.sh index 7723cbb51f..808f1ae0d9 100755 --- a/magnum/tests/contrib/post_test_hook.sh +++ b/magnum/tests/contrib/post_test_hook.sh @@ -27,23 +27,8 @@ function create_test_data { # First we test Magnum's command line to see if we can stand up # a cluster_template, cluster and a pod - coe=$1 - special=$2 - if [ "${coe}${special}" == 'k8s-ironic' ]; then - local bm_flavor_id=$(openstack flavor show baremetal -f value -c id) - die_if_not_set $LINENO bm_flavor_id "Failed to get id of baremetal flavor" - # NOTE(TheJulia): This issue was fixed in Feb 2018 as part of change - # Ifb9a49d4258a559cf2175d902e9424a3f98065c5. Commented out in Oct 2018. - # NOTE(yuanying): Workaround fix for ironic issue - # cf. https://bugs.launchpad.net/ironic/+bug/1596421 - # echo "alter table ironic.nodes modify instance_info LONGTEXT;" | mysql -uroot -p${MYSQL_PASSWORD} ironic - # NOTE(yuanying): Ironic instances need to connect to Internet - openstack subnet set private-subnet --dns-nameserver 8.8.8.8 - local container_format="ami" - else - local image_name="fedora-coreos" - local container_format="bare" - fi + local image_name="fedora-coreos" + local container_format="bare" # if we have the MAGNUM_IMAGE_NAME setting, use it instead # of the default one. In combination with MAGNUM_GUEST_IMAGE_URL @@ -161,10 +146,6 @@ echo "Running magnum functional test suite for $1" coe=$1 special=$2 -if [[ "-ironic" != "$special" ]]; then - add_flavor -fi - # Get admin credentials pushd ../devstack source openrc admin admin @@ -182,13 +163,6 @@ EXIT_CODE=$? echo_summary "Running keypair-delete" openstack keypair delete default -if [[ "-ironic" != "$special" ]]; then - # Delete the flavor used in the functional test. - echo_summary "Running flavor-delete" - openstack flavor delete m1.magnum - openstack flavor delete s1.magnum -fi - # Save functional testing log sudo cp $MAGNUM_DIR/functional-tests.log /opt/stack/logs/ diff --git a/magnum/tests/unit/drivers/test_template_definition.py b/magnum/tests/unit/drivers/test_template_definition.py index a02902190b..a3f9d17e3a 100644 --- a/magnum/tests/unit/drivers/test_template_definition.py +++ b/magnum/tests/unit/drivers/test_template_definition.py @@ -13,7 +13,6 @@ # under the License. import abc -from neutronclient.common import exceptions as n_exception from unittest import mock from magnum.common import exception @@ -24,8 +23,6 @@ from magnum.drivers.k8s_fedora_atomic_v1 import driver as k8sa_dr from magnum.drivers.k8s_fedora_atomic_v1 import template_def as k8sa_tdef from magnum.drivers.k8s_fedora_coreos_v1 import driver as k8s_fcos_dr from magnum.drivers.k8s_fedora_coreos_v1 import template_def as k8s_fcos_tdef -from magnum.drivers.k8s_fedora_ironic_v1 import driver as k8s_i_dr -from magnum.drivers.k8s_fedora_ironic_v1 import template_def as k8si_tdef from magnum.tests import base from requests import exceptions as req_exceptions @@ -60,17 +57,6 @@ class TemplateDefinitionTestCase(base.TestCase): self.assertIsInstance(definition, k8sa_tdef.AtomicK8sTemplateDefinition) - @mock.patch('magnum.drivers.common.driver.Driver.get_driver') - def test_get_bm_fedora_kubernetes_ironic_definition(self, mock_driver): - mock_driver.return_value = k8s_i_dr.Driver() - cluster_driver = driver.Driver.get_driver('bm', - 'fedora', - 'kubernetes') - definition = cluster_driver.get_template_definition() - - self.assertIsInstance(definition, - k8si_tdef.FedoraK8sIronicTemplateDefinition) - @mock.patch('magnum.drivers.common.driver.Driver.get_driver') def test_get_vm_fcos_kubernetes_definition(self, mock_driver): mock_driver.return_value = k8s_fcos_dr.Driver() @@ -1550,107 +1536,3 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): self.assertEqual(extra_params["master_lb_allowed_cidrs"], "192.168.0.0/16,172.24.0.0/16") - - -class FedoraK8sIronicTemplateDefinitionTestCase(base.TestCase): - - def get_definition(self): - return k8s_i_dr.Driver().get_template_definition() - - def assert_neutron_find(self, mock_neutron_v20_find, - osc, cluster_template): - mock_neutron_v20_find.assert_called_once_with( - osc.neutron(), - 'subnet', - cluster_template.fixed_subnet - ) - - def assert_raises_from_get_fixed_network_id( - self, - mock_neutron_v20_find, - exeption_from_neutron_client, - expected_exception_class - ): - definition = self.get_definition() - osc = mock.MagicMock() - cluster_template = mock.MagicMock() - mock_neutron_v20_find.side_effect = exeption_from_neutron_client - - self.assertRaises( - expected_exception_class, - definition.get_fixed_network_id, - osc, - cluster_template - ) - - @mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id') - def test_get_fixed_network_id(self, mock_neutron_v20_find): - expected_network_id = 'expected_network_id' - - osc = mock.MagicMock() - cluster_template = mock.MagicMock() - definition = self.get_definition() - mock_neutron_v20_find.return_value = { - 'ip_version': 4, - 'network_id': expected_network_id, - } - - self.assertEqual( - expected_network_id, - definition.get_fixed_network_id(osc, cluster_template) - ) - self.assert_neutron_find(mock_neutron_v20_find, osc, cluster_template) - - @mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id') - def test_get_fixed_network_id_with_invalid_ip_ver(self, - mock_neutron_v20_find): - osc = mock.MagicMock() - cluster_template = mock.MagicMock() - definition = self.get_definition() - mock_neutron_v20_find.return_value = { - 'ip_version': 6, - 'network_id': 'expected_network_id', - } - - self.assertRaises( - exception.InvalidSubnet, - definition.get_fixed_network_id, - osc, - cluster_template - ) - - @mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id') - def test_get_fixed_network_id_with_duplicated_name(self, - mock_neutron_v20_find): - ex = n_exception.NeutronClientNoUniqueMatch( - resource='subnet', - name='duplicated-name' - ) - - self.assert_raises_from_get_fixed_network_id( - mock_neutron_v20_find, - ex, - exception.InvalidSubnet, - ) - - @mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id') - def test_get_fixed_network_id_with_client_error(self, - mock_neutron_v20_find): - ex = n_exception.BadRequest() - - self.assert_raises_from_get_fixed_network_id( - mock_neutron_v20_find, - ex, - exception.InvalidSubnet, - ) - - @mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id') - def test_get_fixed_network_id_with_server_error(self, - mock_neutron_v20_find): - ex = n_exception.ServiceUnavailable() - - self.assert_raises_from_get_fixed_network_id( - mock_neutron_v20_find, - ex, - n_exception.ServiceUnavailable, - ) diff --git a/playbooks/magnum-functional-base.yaml b/playbooks/magnum-functional-base.yaml index 457a7cc545..dd7b072e34 100644 --- a/playbooks/magnum-functional-base.yaml +++ b/playbooks/magnum-functional-base.yaml @@ -49,16 +49,6 @@ export DEVSTACK_SUBNODE_CONFIG+=$'\n'"disable_service tempest" fi - if [ "{{ ironic }}" -eq 1 ] ; then - export PROJECTS="openstack/ironic $PROJECTS" - export PROJECTS="openstack/ironic-lib $PROJECTS" - export PROJECTS="openstack/ironic-python-agent $PROJECTS" - export PROJECTS="openstack/python-ironicclient $PROJECTS" - export PROJECTS="x/pyghmi $PROJECTS" - export PROJECTS="openstack/virtualbmc $PROJECTS" - export MAGNUM_GATE_SPECIAL="-ironic" - fi - if [ "{{ horizon }}" -eq 0 ] ; then export DEVSTACK_LOCAL_CONFIG+=$'\n'"disable_service horizon" else diff --git a/releasenotes/notes/drop-k8s-fedora-ironic-6c9750a0913435e2.yaml b/releasenotes/notes/drop-k8s-fedora-ironic-6c9750a0913435e2.yaml new file mode 100644 index 0000000000..becc78a932 --- /dev/null +++ b/releasenotes/notes/drop-k8s-fedora-ironic-6c9750a0913435e2.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - | + ``k8s_fedora_ironic_v1`` driver has been dropped. diff --git a/setup.cfg b/setup.cfg index c1b5526823..a396918451 100644 --- a/setup.cfg +++ b/setup.cfg @@ -53,7 +53,6 @@ oslo.policy.policies = magnum.drivers = k8s_fedora_atomic_v1 = magnum.drivers.k8s_fedora_atomic_v1.driver:Driver k8s_fedora_coreos_v1 = magnum.drivers.k8s_fedora_coreos_v1.driver:Driver - k8s_fedora_ironic_v1 = magnum.drivers.k8s_fedora_ironic_v1.driver:Driver magnum.database.migration_backend = sqlalchemy = magnum.db.sqlalchemy.migration diff --git a/tox.ini b/tox.ini index 2c0e71b5aa..2e332b06c3 100644 --- a/tox.ini +++ b/tox.ini @@ -37,17 +37,6 @@ commands = find . -type f -name "*.py[c|o]" -delete stestr run {posargs} -[testenv:functional-k8s-ironic] -sitepackages = True -setenv = {[testenv]setenv} - OS_TEST_PATH=./magnum/tests/functional/k8s_ironic - OS_TEST_TIMEOUT=7200 -deps = - {[testenv]deps} -commands = - find . -type f -name "*.py[c|o]" -delete - stestr run {posargs} - [testenv:functional-k8s-coreos] sitepackages = True setenv = {[testenv]setenv}