Currently, we use the users auth token, which expires after a while.
We need to use a trust instead.
Remove user_token at the same time.
Change-Id: Id1d34c59eccd70be24c5b9e00cd921b5a9d59860
Partially-Implements: blueprint use-trust-for-tls-cert-generation
Allow configuring Flannel with 3 different backends
Magnum deploys k8s/swarm over a dedicated neutron private network,
possibly using flannel. Flannel's `host-gw` backend gives the best
performance in this topopolgy (private layer2): no packet processing
overhead, no reduction to MTU, scales to many hosts as well as the
alternatives. The performance difference is significant, see bug for
performance numbers for the 3 backend options.
Note that part of this change involves relaxing the minion IP spoofing
rules to allow traffic from all dynamically-allocated flannel subnets.
This is morally equivalent to what we were doing previously with
encapsulation - only now neutron is able to see the inner IP header
directly.
This patch repurposes the label "flannel_use_vxlan" when the network
driver is flannel.
1. Rename the label flannel_use_vxlan to flannel_backend
2. Redefine the value of this label from "yes/no"
to "udp/vxlan/host-gw"
For example, to create a bay model with flannel as network driver:
--network-driver flannel --labels flannel_backend=host-gw
Other backend options are udp and vxlan.
Co-Authored-By: Ton Ngo <ton@us.ibm.com>
Partial-Bug: #1518605
Closes-Bug: #1516789
Change-Id: I6d2441664ad1baaca14d0e6ff4bcddbe75bee094
Fix incorrect Docker storage configuration at agent nodes which cause
failure of docker-storage-setup.service. Add Cinder volume to the
master and configure Docker DeviceMapper to use them and set proper
volume sizes for integration tests
Change-Id: I57dfd6174143f8c7563db2920dd4e94b4f3c9883
Related-Bug: #1500062
It is better to have a clear separation between control plane and
user plane, which is the case for k8s and mesos bay.
Change-Id: I948b8e3ab965610569054ef1055bfe9eb0057dd6
Closes-Bug: #1527407
This patch does some cleanup work in swarm heat template including description,
typo fixes, removal of default in nested template.
Also updated magnum.conf.example.
Closes-Bug: #1524134
Change-Id: Id0dd345150aba4cf88df5a7d9ac85dcbb100e3d0
Add --replication and --advertise to swarm master to support swarm HA.
After this patch, user can start more than 1 swarm master.
Refer docs: https://docs.docker.com/swarm/multi-manager-setup/
Partially implements: blueprint swarm-high-availability
Change-Id: I3b6c1ad64598541d055178a54f1507af6882c736
Would like to make swarm much more similar with k8s.
This patch is the preparation of supporting Swarm HA mode:
1. Refactor swarm.yaml to swarmcluster.yaml and swarmmaster.yaml
2. Add api_pool, LB in front of swarm master node.
3. Add etcd_pool
After this change:
Swarm bay will update the fileds of 'master_addresses'.
P.S. notes Swarm HA is not supported yet, master_addresses will be only 1
ip address.
Partially implements: blueprint swarm-high-availability
Change-Id: Ib6346bfd5a7ad0ef2226a6e6bc98b0ad46e577cb
Hua Wang