Currently, we use the users auth token, which expires after a while.
We need to use a trust instead.
Remove user_token at the same time.
Change-Id: Id1d34c59eccd70be24c5b9e00cd921b5a9d59860
Partially-Implements: blueprint use-trust-for-tls-cert-generation
Allow configuring Flannel with 3 different backends
Magnum deploys k8s/swarm over a dedicated neutron private network,
possibly using flannel. Flannel's `host-gw` backend gives the best
performance in this topopolgy (private layer2): no packet processing
overhead, no reduction to MTU, scales to many hosts as well as the
alternatives. The performance difference is significant, see bug for
performance numbers for the 3 backend options.
Note that part of this change involves relaxing the minion IP spoofing
rules to allow traffic from all dynamically-allocated flannel subnets.
This is morally equivalent to what we were doing previously with
encapsulation - only now neutron is able to see the inner IP header
directly.
This patch repurposes the label "flannel_use_vxlan" when the network
driver is flannel.
1. Rename the label flannel_use_vxlan to flannel_backend
2. Redefine the value of this label from "yes/no"
to "udp/vxlan/host-gw"
For example, to create a bay model with flannel as network driver:
--network-driver flannel --labels flannel_backend=host-gw
Other backend options are udp and vxlan.
Co-Authored-By: Ton Ngo <ton@us.ibm.com>
Partial-Bug: #1518605
Closes-Bug: #1516789
Change-Id: I6d2441664ad1baaca14d0e6ff4bcddbe75bee094
Url for keystone is needed by trust and other services, such as k8s
and docker registry.
Change-Id: I269332b5736b6c5a9bc85d843f0d03f1a4d059ee
Partially-Implements: blueprint create-trustee-user-for-each-bay
Add trust info into heat params. If any service wants to use the
trust, it can get the info from the heat params.
Change-Id: I406a80d0d4fc92c6045b902945198a0d765f1123
Partially-Implements: blueprint create-trustee-user-for-each-bay
Prevents etcdctl from hanging when etcd has not started by explictly
specifying connection timeouts.
Reduce swarm build time by removing the unneccessary dependency
between masters and nodes.
Only create 1 node instead of 2 nodes
Remove test_update_bay_name_for_existing_bay
Change-Id: If6724497b47247d2858b6da90309949f92314cfb
Closes-Bug: 1541105
Fix incorrect Docker storage configuration at agent nodes which cause
failure of docker-storage-setup.service. Add Cinder volume to the
master and configure Docker DeviceMapper to use them and set proper
volume sizes for integration tests
Change-Id: I57dfd6174143f8c7563db2920dd4e94b4f3c9883
Related-Bug: #1500062
Swarm agent has been moved out of master node in the depending patch,
so it is appropriate to separate the flavor now
Co-Authored-By: Hongbin Lu <hongbin.lu@huawei.com>
Closes-Bug: #1498570
Change-Id: I6f5f15274a10f503a2554ec554e5c822f47a39dc
It is better to have a clear separation between control plane and
user plane, which is the case for k8s and mesos bay.
Change-Id: I948b8e3ab965610569054ef1055bfe9eb0057dd6
Closes-Bug: #1527407
number_of_masters, number_of_minions and number_of_nodes
should be number, not string.
Change-Id: Iac20023f0448aab313302c174e3743b95cd42d7a
Closes-Bug: #1524236
This patch does some cleanup work in swarm heat template including description,
typo fixes, removal of default in nested template.
Also updated magnum.conf.example.
Closes-Bug: #1524134
Change-Id: Id0dd345150aba4cf88df5a7d9ac85dcbb100e3d0
Would like to make swarm much more similar with k8s.
This patch is the preparation of supporting Swarm HA mode:
1. Refactor swarm.yaml to swarmcluster.yaml and swarmmaster.yaml
2. Add api_pool, LB in front of swarm master node.
3. Add etcd_pool
After this change:
Swarm bay will update the fileds of 'master_addresses'.
P.S. notes Swarm HA is not supported yet, master_addresses will be only 1
ip address.
Partially implements: blueprint swarm-high-availability
Change-Id: Ib6346bfd5a7ad0ef2226a6e6bc98b0ad46e577cb
Hua Wang