This adds the changes needed in the API and conductor level to support
creating updating and deleting nodegroups.
Change-Id: I4ad60994ad6b4cb9cac18129557e1e87e61ae98c
To enable the rolling upgrade ability of Kubernetes Cluster, this
patch is proposing a new API /upgrade to support upgrade the
base operating system of nodes and the version of Kubernetes, even
add-ons running on the k8s cluster:
POST <ClusterID>/actions/upgrade
And the post body will be:
{
"cluster_template": 'dd9cc5ed-3a2b-11e9-9233-fa163e46bcc2',
"max_batch_size": 1,
"nodegroup": "production_group"
}
Co-Authored-By: Feilong Wang <flwang@catalyst.net.nz>
Task: 30168
Story: 2002210
Change-Id: Ia168877778aa0d473383eb06b1c8a16dc06b0576
This changes the existing cluster APIs and the cluster conductor to
take into consideration nodegroups:
* create: now creates the default nodegroups for the cluster
* update: updates the default nodegroups of the cluster
* delete: deletes also the nodegroups that belong to the cluster
* cluster_resize: takes into account the nodegroup provided by the API
story: 2005266
Change-Id: I5478c83ca316f8f09625607d5ae9d9f3c02eb65a
Now an OpenStack driver for Kubernetes Cluster Autoscaler is being
proposed to support autoscaling when running k8s cluster on top of
OpenStack. However, currently there is no way in Magnum to let
the external consumer to control which node will be removed. The
alternative option is calling Heat API directly but obviously it
is not the best solution and it's confusing k8s community. So with
this patch, we're going to add a new API:
POST <ClusterID>/actions/resize
And the post body will be:
{
"node_count": 3,
"nodes_to_remove": ["dd9cc5ed-3a2b-11e9-9233-fa163e46bcc2"],
"nodegroup": "production_group"
}
The API will be working in a declarative way. For example, there
are 3 nodes in the cluser now, user can propose an API request
like above. Magnum will call Heat to remove the node
dd9cc5ed-3a2b-11e9-9233-fa163e46bcc2 firstly, then bring the node
count back to 3 again.
Task: 29563
Story: 2005052
Change-Id: I7e36ce82c3f442976cc498153950b19c56a1759f
this commit introduces a new '/federations'
endpoint to Magnum API, as well as its controllers,
entities and conductor handlers.
this corresponds to the first phase of the
federation-api spec. please refer to [1] for more
details.
[1] https://review.openstack.org/#/c/489609/
Change-Id: I662ac2d6ddec07b50712109541486fd26c5d21de
Partially-Implements: blueprint federation-api
This will give admins a way to revoke access to an existing cluster
once a user has been granted access.
Bumped the API microversion to 1.5 for the new endpoint.
Deprecated policy certificate:get in favor of certificate:get_ca for
clarity and consistency.
Depends-On: Ie960464e45445e195e75b91e8d65a4046eb21e93
Implements: blueprint revoke-cluster-cert
Change-Id: Ief28bef3a79f212acf4166e443a96e5419fbb757
* Add osprofiler wsgi middleware. This middleware is used for 2 things:
1) It checks that person who wants to trace is trusted and knows
secret HMAC key.
2) It starts tracing in case of proper trace headers
and adds first wsgi trace point, with info about HTTP request
* Add initialization of osprofiler at start of service
Currently that includes oslo.messaging notifer instance creation
to send Ceilometer backend notifications.
* Traces HTTP/RPC/DB API calls
Demo: https://hieulq.github.io/cluster-create-false-new-html.html
Co-Authored-By: Hieu LE <hieulq@vn.fujitsu.com>
Implements: blueprint osprofiler-support-in-magnum
Change-Id: I7d68995aab81d365433950aada078ef1fcd5469b
This is patch 3 of 3 to change the internal usage of the terms
Bay and BayModel. This patch updates Bay to Cluster in DB and
Object as well as all the usages. No functionality should be
changed by this patch, just naming and db updates.
Change-Id: Ife04b0f944ded03ca932d70e09e6766d09cf5d9f
Implements: blueprint rename-bay-to-cluster
This is patch #2 of 3 to rename the term bay to cluster within
the internal references and objects of magnum. This patch changes
all references to the certificate objects bay_uuid field to
cluster_uuid. Certifcate does not have a db table so no db
changes were made. No functionality is changed by this patch,
just internal naming.
Change-Id: I68a3b87b75b49de43a7855355807b50a4ae695f3
Implements: blueprint rename-bay-to-cluster
There is a rollback mechanism in heat after the stack
update failed. There should be a rollback mechanism in
magnum after bay update failed.
This patch add new microversion 1.3 to add rollback
support for Magnum bay, user can enable rollback on bay
update failure by specifying microversion 1.3 in header(
{'OpenStack-API-Version': 'container-infra 1.3'}) and
passing 'rollback=True'(http://XXX/v1/bays/XXX/?rollback=True)
when issuing bay update reqeust.
Change-Id: Idd02769f98078702404a11dc9f7a3339ce4e22eb
Partially-Implements: blueprint bay-rollback-on-update-failure
Current implementation of magnum bay operations are synchronous
and as a result API requests are blocked until response from HEAT
service is received. With this change bay-create, bay-update and
bay-delete calls will be asynchronous.
Please note that with this change bay-create/bay-update api calls
will return bay uuid instead of bay object and also microversion
1.2 is added for new behavior.
Change-Id: I4ca1f9f386b6417726154c466e7a9104b6e6e5e1
Closes-Bug: #1588425
Following the removal of service [1], pod [2] and container [3], remove
COE specific object ReplicationController.
This change also removes k8s_conductor.
[1] I4f06bb779caa0ad369a2b96b4714e1bf2db8acc6
[2] I8c2499ccb97aae39d80868ce02fbef292d762c10
[3] I288fa7a9717519b1ae8195820975676d99b4d6d2
Change-Id: Ica100c8d2dfdd7dc709feb1f5cdc5a3f3d6c7318
Partially-Implements: blueprint delete-container-endpoint
Partially-Implements: blueprint bay-drivers
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the container object, drop the db table and remove references to
the container object. The docker_conductor has also been removed as this
was used for managing containers using Magnum objects.
Change-Id: I288fa7a9717519b1ae8195820975676d99b4d6d2
Partially-Implements: blueprint delete-container-endpoint
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the service object, drop the db table and remove references to
the service object.
Change-Id: I4f06bb779caa0ad369a2b96b4714e1bf2db8acc6
Partially-Implements: blueprint delete-container-endpoint
This patch does following:
* Removes X509keypair controller as there is already Certificate
controller for same purpose.
* Removes X509keypair conductor.
* Removes name, ca_cert and bay_uuid from x509keypair model as
Bay model already holds certificate references.
* Add intermediates and private_key_passphrase to x509keypair
model.
* Remove related tests and changes.
Change-Id: I9271221cd1d07c672c4a380a4ae3593237fca66a
Partially-Implements: blueprint barbican-alternative-storeX
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the pod object, drop the db table and remove references to the
pod object.
Change-Id: I8c2499ccb97aae39d80868ce02fbef292d762c10
Partially-Implements: blueprint delete-container-endpoint
API like bay-list/container-list/magnum-service-list etc..
there is no rpc call and only access the database in these methods
move them to api controller.
Change-Id: Icdee1c5d3d835efd57238fb4cb8e897485da9b6d
Closes-Bug:#1552131
This patch addes filters when doing container.list().
One example is when list containter, we might want only list some specify
contianers with given bay_uuid:
objects.Container.list(context, filters={'bay_uuid': 'uuid'})
Partially implements: blueprint add-bay-column-to-container
Change-Id: Ia2f7e6664b8dce77c61bdf18c1ffecd28c8c49b8
Currently k8s objects (pod/rc/service) are read from the
database. In order for native clients to work, they must
be read from the ReST bay endpoint. To execute native
clients, we must have one truth of the state of the
system, not two as we do now. This patch proposes the
change to the Pod object.
Also, please refer to the related-bug as to the temporary changes
done to make the test work for other objects namely rc,
service. These changes will be removed when the object from bay
patches for all the k8s objects are merged as part of a seperate
patch.
Partially-Implements: bp objects-from-bay
Related-Bug: #1502367
Related-Bug: #1504379
Change-Id: Id5be7fba2eb8622fcfeb48068728e440a0af3f5e
Currently k8s objects (pod/rc/service) are read from the
database. In order for native clients to work, they must
be read from the ReST bay endpoint. To execute native
clients, we must have one truth of the state of the
system, not two as we do now. This patch proposes the
change to the Service object.
Also, please refer to the related-bug as to the temporary changes
done to make the test work for other objects namely pod, rc. These
changes will be removed when the object from bay patches for
all the k8s objects are merged as part of a seperate patch.
Partially-Implements: bp objects-from-bay
Related-Bug: #1502367
Related-Bug: #1504379
Change-Id: I05177944a693710c70a22cae57f521b0fe738e9e
Cleanup baymodel operations in conductor/api.py which are never
been called.
Magnum do not need to call conductor (rpc call) to do any operation
for baymodel. All baymodel related operations are DB operation.
Closes-Bug: #1517338
Change-Id: If5078efd71eaf57b8700e0c8097c89386583cf02
Currently objects (pod/rc/service) are read from the
database. In order for native clients to work, they
must be read from the ReST bay endpoint. To execute
native clients, we must have one truth of the state
of the system, not two as we do now. This patch adds
changes for Replication Controller.
Also, please refer to the related-bug as to the temporary changes
done to make the test work for other objects namely pod,
service. These changes will be removed when the object from bay
patches for all the k8s objects are merged as part of a seperate
patch.
Partially-Implements: bp objects-from-bay
Related-Bug: #1502367
Related-Bug: #1504379
Change-Id: I7905af9e22f47b16d92043cc1fdcb1cdf72ebc48
These changes implement the API level support for querying magnum
services.
Partially-Implements: blueprint magnum-service-list
Closes-bug: #1498158
Depends-On: Ia0c09222405c87cb61e5de4a43ba345ae3405b50
Change-Id: Ib816f595ba2edef29edaec40fa940570755b10aa
The Certificate controller has 2 operations:
1. POST
Generate X509 certificate using bay's CA cert.
Below is an example of Certificate POST API request using magnum command:
Example Request:
curl -X POST -H 'Content-Type: application/json' \
-d '{"bay_uuid": "<bay_uuid>", "csr": "<csr>"}' \
http://localhost:9511/v1/certificates
This creates a X509 certificate signed by the given bay's CA and returns
it. No database information is stored in Magnum against it. For each POST
request, a new certificate is generated.
Example Response:
{"bay_uuid": "<bay_uuid>", "csr": "<csr>",
"pem": "<pem encoded certifiacte>"}
2. GET
Fetches the CA cert associated with a bay. Below is an example of CA GET
API request using magnum command:
Example Request:
curl -X GET http://localhost:9511/v1/certificates/<bay_uuid>
This fetches stored CA cert for the given Bay, which can be used to validate
any client and node certificates signed by the Bay's CA. The value for each
is fetched from Barbican or Magnum db based on the different configuration
for storage of certificates.
Example Response:
{"bay_uuid": "<bay_uuid>", "pem": "<pem encoded certifiacte>"}
Co-Authored-By: Andrew Melton <andrew.melton@rackspace.com>
Change-Id: I4b72cc1e1bddc7a7c7eeb0ab22d3769a666ccb2b
Partially-Implements: bp secure-kubernetes
When an object is received in an incompatible version,
IncompatibleObjectVersion is raised. Implementation of the indirection API
allows the object to be backported to a supported version by the conductor.
Related to blueprint versioned-objects-indirection-api
Change-Id: I99fe686b4b4e497be6b5d35a1d2e41833865799a
This patch adds X509KeyPair controller and conductor to handle all
x509keypair related operation and also add test for it.
Change-Id: I5773fcd5bdf8a30fd195714e3e0fdc9d1b0c962d
Partially-Implements: bp secure-kubernetes
The argument 'name' and 'container_uuid' is redundant, since it can be retrieve
from container object.
Change-Id: I691ba046f03ba8179903f51a602c22d4e0501178
Closes-Bug: #1479108
This is more consistent with the "docker exec" command,
and causes the user to do less typing, which they will appreciate.
Closes-Bug: #1459877
Change-Id: I721059e01fa617dcf63c6205ca63b3f1d7def089
Now that kubectl is not used in magnum, we need to update the docs.
This patch does the necessary changes.
Change-Id: I99067af163b51ef4ee279498d85c6bd223210e7a
Implements: blueprint python-k8sclient
Currently, we don't support a manifest change when we update a rc.
This patch fix this problem so that we can update the replica count
or other useful attributes of a rc.
Change-Id: I8e42768f215c6dd30fae6e1a9f20cf34bfe8bd93
Implements: blueprint magnum-resource-manifest-update
Currently, we don't support a manifest change when we update a service.
This patch fix this problem so that we can update the label or other
useful attributes of a service.
Change-Id: Ibecf97ce3a356d1eb83315e5e635e738f06cd47a
Partially-Implements: blueprint magnum-resource-manifest-update
Add timeout parameter to bay create
Update test cases for the timeout parameter
Change-Id: If8603fc47ba3659eba145e91bcaa30095cabd094
Closes-bug: #1433109
Currently, we don't support a manifest change when we update a pod.
This patch fix this problem so that we can update the label or other
useful attributes of a pod.
Partial-Bug: #1444383
Change-Id: I87e220e88bc32d7eee9d37c552aea9920a027056
The conductor listener RPC API and its handler provide a way for
conductors to confirm that other conductors are still alive. This
will be used during acquisition of a lock. In particular, if a conductor
wants to perform an operation on a bay and the bay was locked, the
conductor will attempt to communicate with the conductor who owns that lock.
If the conductor responds affirmatively, the lock will be considered active.
Change-Id: I17a6f9cdc2e8b40d997c1b4e1964658d8e372297
Partial-Implements: blueprint horizontal-scale
It is implemented by updating the Heat stack with the new node_count
Partially implements: blueprint update-node-count
Change-Id: I2c331043bb6e6fce14fc82932dcd9c3677448598
Oslo team is recommending everyone to use the direct imports and
not use the Oslo namespaces. So switch all our code to use oslo_*
instead of "from oslo." or "import oslo" or "from oslo"
NOTE: some of the tests still have mocks referring to oslo.utils
@mock.patch('oslo.utils.timeutils.utcnow')
as the tests break otherwise. We should do this later.
Closes-bug: #1419385
Change-Id: I8e3fbeb833cddc3f55674a0e781ffe69d5033ad4
This tests create and delete at the AMQP level and makes certain the AMQP
code is being called. This does not actually test the connection to the
handlers, which would be more like a functional test.
This test case purpose is meant to introduce pain when changing the
interface. The interface should not be changed, a new version should
be implemented.
Change-Id: Icfca04df842497515c20138ba58694805b266b55
the rpcapi does not need ctxt for pod create. This results in an error
creating the POD complaining about incorrect number of parameters.
Change-Id: I98adb0c68fbcc527cd012ff353e4fd831297658b
The rpcapi client does not need ctxt. the rpcapi delivery will generate
a context automatically via the RPC subsystem.
Change-Id: Iac1e8937a24db193db94cf20307fdabba408037f
Theodoros Tsioutsias