This fixes an issue with --registry-enabled that was previously fixed [1] but
somehow dropped after a refactoring [2]
[1] Change Ib93a7c0f761d047da3408703a5cf4208821acb33
[2] Change Ibbed59bc135969174a20e5243ff8464908801a23
Task: 41306
Story: 2008383
Change-Id: I76fedd34edec55f5a906a96672529ed15775f5da
(cherry picked from commit 679a174a0a)
When the Cinder volume is presented as a virtio-scsi volume, the
device_name detection fails. This change allows the device name to be
retrieved correctly for both virtio-pci and virtio-scsi cases.
Story: 2008618
Task: 41808
Change-Id: Ia6a848eae11bc38ff71ef4575247010a8ffaa47b
(cherry picked from commit 68e6c0e48d)
(cherry picked from commit 31b0aec56b)
In I05cbd1ec62e9a68c68a1666ff62f20138bf8c731, fedora_coreos_v1 driver was
missed in version bump. This PS bumps it to 1.4.4 for both fedora_coreos_v1 and
fedora_atomic_v1 drivers.
Story: 2008451
Task: 42098
Change-Id: I22b698cd925dcf4f10805ae9493b77ddc9709f3f
(cherry picked from commit 1de9b140f4)
Create certificates for kubelet and kube-proxy on control-plane
nodes similar to worker nodes. Use the secure kube-apiserver
port on control-plane nodes.
story: 2008524
task: 41602
Change-Id: Ibeb32a24ca25914cab32c63a9ccafaf711148a84
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
(cherry picked from commit d11f4e8393)
Seen while validating release, in the heat container agent journal:
```
/var/lib/heat-config/heat-config-script/0c399610-30a6-4728-80f2-702b0630400f:
line 776: --cluster-cidr: command not found
error: expected 'logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER]'.
```
Task: 41231
Story: 2008330
Change-Id: I3fdd186b73950b4b3e5790752eaafc47ff7da8f3
(cherry picked from commit 9adfc44309)
The default admission controller list of k8s is being updated in
this patch by removing the SecurityContextDeny controller, which
will fix the k8s dashboard and metrics/prometheus creating issue.
Story: 2008426
Change-Id: I2cd53bc9c59a60b90f708b1434381f120ace8c49
(cherry picked from commit fade245170)
1. Update default containerd version to 1.4.3
2. Fix the redirect issue of containerd tarball download
story: 2008451
Change-Id: I05cbd1ec62e9a68c68a1666ff62f20138bf8c731
(cherry picked from commit 8bdf0e76c6)
* in 1.20 8080 is not supported anymore
** use only 6443
** change all probes for health to use kubectl and 6443
* configure the signing key in API
story: 2008524
task: 41731
Change-Id: Ibaf1840214016d2dd6ac15e2137eb3cd3d767889
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
(cherry picked from commit 1b72456e12)
During the reshuffling of bash fragments,
we missed sourcing bashrc which contains the
location of kubeconfig.
Fix addition of /srv/magnum/bin to PATH.
story: 2007591
task: 39938
Change-Id: I238f7e2a1cbcb696a51880fb6ea75ea0a7ce6288
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
(cherry picked from commit 2c93427d49)
This patch changes the rpc server to re-use
the transport in the same manner as the rpc client.
Story: 2008494
Task: 41752
Change-Id: I93eecacbe45d19c4f73e9a974d60e642e87bbdf0
(cherry picked from commit 672b119507)
Currently master_lb_enabled can be enabled at cluster creation
but validation is only done for cluster_template.
We need to validate in cluster.
Fix testing
task: 41535
story: 2007634
story: 2008487
Change-Id: Icf32de2b803aa160dc3b7993e128deff11d02fcb
(cherry picked from commit acc7084889)
On mysql 8, Boolean fields create constraints which later
make it impossible to alter the name of the column.
See: https://github.com/sqlalchemy/alembic/issues/699
Per upstream alembic recommendation, do not create constraints
explicitly.
https://github.com/sqlalchemy/alembic/issues/699#issuecomment-760983057
story: 2008488
task: 41537
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
(cherry picked from commit bcf771bc6f)
Fix database migrations
The pattern of adding a column and then reading a table with it
no longer works in SQLAlchemy 1.3.20. This has been reported
upstream [1].
[1] https://github.com/sqlalchemy/sqlalchemy/issues/5669
squashed with: I5fd1deeef9cf70794bc61c101e1d7d4379d4b96b
(cherry picked from commit f5cf6b958c)
Change-Id: I51659c6e179d7e4e2cfc5be46348fac483d76e3b
A regression issue introduced by [1], which is causing Cinder CSI pods
failed to start. This patch will fixed it.
[1] https://review.opendev.org/#/c/749101/
Change-Id: If9dd67672becb6def9f97afa7e60b2660cf5b27e
Task: 41097
Story: 2008250
(cherry picked from commit 56583ac8fe)
At present, insecure registry doesn't work as expected when Podman is
used. This patch addresses the issue by fixing the ignition user data so
that Podman is configured correctly. Then it ensures that
--insecure-registry flag is provided to Docker in /etc/sysconfig/docker.
Story: 2008479
Task: 41519
Change-Id: I2e1c86e0c88ab5b59185fd523e9c9696ce0f951e
(cherry picked from commit 7bfd7519af)
This patch aims to fix clusters that uses only private network
and monitoring_enabled.
It was observed that:
- no floating ip, so the kube_master_external_ip is null
- because of that, the value that gets sent to the shell
for KUBE_MASTERS_PRIVATE is actually [null]
- this happens when deploying prometheus-operator
( label monitoring_enable=true )
Those topics above results in a cluster taking around 30
minutes to be completed until monitoring gives up configuring
endpoints.
Change-Id: I0fb4b2604f38bd3a325f82b1364b78ff17792c65
(cherry picked from commit 34f65582eb)
We are currently creating a new transport for each api
call. This patch changes that so that each worker
can re-use the same transport for multiple requests.
Story: 2008494
Task: 41544
Change-Id: I11a24f035a9d66a536e5e58328084ee08f0c6285
(cherry picked from commit 987c9d809e)
During cluster deletion, magnum tries to delete the cluster's load
balancers in advance of deleting the heat stack. If these load balancers
do not exist for some reason, the cluster deletion will fail with an
error such as the following:
Failed to pre-delete resources for cluster
748b628a-2cd8-456f-8aee-c93804b2099b, error: list indices must be
integers or slices, not str.
This happens because the heat stack has the physical_resource_id set to
None for the load balancer, which causes the load_balancer_show method
of octavia client to GET all load balancers, rather than just one. The
returned data is a list, rather than a dict, leading to the error above.
This change fixes the issue by checking if physical_resource_id is set
to None, and skipping the load balancer deletion if so.
Change-Id: I8f4ca497a01ad04db6cb6c4bc81caed0d714b5a6
Story: 2008548
Task: 41669
(cherry picked from commit 8018bf9124)
Projects like oslo are dropping lower constraints
testing. There is also discussion to drop it until
we find a proper setup. For details, please follow
the ML thread. TC will have updates soon.
http://lists.openstack.org/pipermail/openstack-discuss/2021-January/019679.html
story: 2008482
task: 41565
Change-Id: Ifd57405d72ed6c1406bc9cecca3a412507bb8a02
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Magnum cluster deletion is not behaving as expected. While it appears to
delete successfully, _delete_complete routine in
magnum/drivers/heat/driver.py is never called because the status of
nodegroups have not had the chance to sync with Heat before
_check_delete_complete is called. As a result, for example, trustee user
accounts are left orphaned. This PS changes or order of activities so
that _delete_complete is invoked successfully.
Story: 2007965
Task: 40459
Change-Id: Ibadd5b57fe175bb0b100266e2dbcc2e1ea4efcf9
(cherry picked from commit 1cdc0628a2)
Now Magnum is not deploying any service or workload on k8s
worker nodes which need to get credentials from local to talk
to Magnum control plane. So the cloud-config file should be
removed from worker nodes to reduce the attach surface from
a security point of view.
Task: 40791
Story: 2008090
Change-Id: I72e418491cbd19291527bbe4b504d599c740fea9
(cherry picked from commit c84653cd74)
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/victoria branch, tests will
continue to use the upper-constraints list on master.
Change-Id: Ica4ddd5eb3d2a3deec6c4807bac863fa08cc79e1
Jake Yip
Bharat Kunwar
Zuul
Lingxian Kong
Spyros Trigazis
Diogo Guerra
Feilong Wang
Erik Olof Gunnar Andersson
okozachenko
Ionuț Bîru
guilhermesteinmuller
Mark Goddard
OpenStack Release Bot