Currently, we use the users auth token, which expires after a while.
We need to use a trust instead.
Remove user_token at the same time.
Change-Id: Id1d34c59eccd70be24c5b9e00cd921b5a9d59860
Partially-Implements: blueprint use-trust-for-tls-cert-generation
Allow configuring Flannel with 3 different backends
Magnum deploys k8s/swarm over a dedicated neutron private network,
possibly using flannel. Flannel's `host-gw` backend gives the best
performance in this topopolgy (private layer2): no packet processing
overhead, no reduction to MTU, scales to many hosts as well as the
alternatives. The performance difference is significant, see bug for
performance numbers for the 3 backend options.
Note that part of this change involves relaxing the minion IP spoofing
rules to allow traffic from all dynamically-allocated flannel subnets.
This is morally equivalent to what we were doing previously with
encapsulation - only now neutron is able to see the inner IP header
directly.
This patch repurposes the label "flannel_use_vxlan" when the network
driver is flannel.
1. Rename the label flannel_use_vxlan to flannel_backend
2. Redefine the value of this label from "yes/no"
to "udp/vxlan/host-gw"
For example, to create a bay model with flannel as network driver:
--network-driver flannel --labels flannel_backend=host-gw
Other backend options are udp and vxlan.
Co-Authored-By: Ton Ngo <ton@us.ibm.com>
Partial-Bug: #1518605
Closes-Bug: #1516789
Change-Id: I6d2441664ad1baaca14d0e6ff4bcddbe75bee094
Fix incorrect Docker storage configuration at agent nodes which cause
failure of docker-storage-setup.service. Add Cinder volume to the
master and configure Docker DeviceMapper to use them and set proper
volume sizes for integration tests
Change-Id: I57dfd6174143f8c7563db2920dd4e94b4f3c9883
Related-Bug: #1500062
The swarm func test occasionally failed with the error below. This
error cannot be determinately reproduced. After some experiments,
it seems that swarm will abort connections during registration of
a new swarm agent.
ConnectionError: ('Connection aborted.', BadStatusLine("''",))
This commit tries to fix the issue by waiting for the completion of
agent registration. After the swarm agent service starts, it checks
ETCD to ensure the agent was successfully registered before sending
signal to Heat to indicate its success.
Closes-Bug: #1521395
Change-Id: Iec1772d1df7d85e367676758b1f97a5b604c0eb7
This patch does some cleanup work in swarm heat template including description,
typo fixes, removal of default in nested template.
Also updated magnum.conf.example.
Closes-Bug: #1524134
Change-Id: Id0dd345150aba4cf88df5a7d9ac85dcbb100e3d0
Would like to make swarm much more similar with k8s.
This patch is the preparation of supporting Swarm HA mode:
1. Refactor swarm.yaml to swarmcluster.yaml and swarmmaster.yaml
2. Add api_pool, LB in front of swarm master node.
3. Add etcd_pool
After this change:
Swarm bay will update the fileds of 'master_addresses'.
P.S. notes Swarm HA is not supported yet, master_addresses will be only 1
ip address.
Partially implements: blueprint swarm-high-availability
Change-Id: Ib6346bfd5a7ad0ef2226a6e6bc98b0ad46e577cb
Currently Swarm version in magnum are appear in multiple files.
It's not easy for us to maintain.
This patch add a global var to store swarm image and its version.
so that we can update swarm image more easy.
Change-Id: I3063ff4350f8e2f3c96b0bc3700ed509edad206b
Closes-Bug: #1515567
Previously, Swarm leveraged Docker's public discovery mechanism
for bootstrapping a cluster. Etcd bootstrapping is supported by
Swarm and is preferred for production use for the following reasons:
1. Required for HA.
2. Is more secure.
3. Required for the Flannel network-driver.
Partially-Implements: blueprint extend-baymodel-net-attributes
Partially-Implements: blueprint conductor-template-net-update
Change-Id: Iab844c03ed7cf8bbee69b72ff71c219f0a5ab1dd
Previously, the Swarm templates did not support the Container
Network Model. The templates have been updated to support the
Flannel --network-driver. Conditionals have been added to support
future --network-drivers.
Partially-Implements: blueprint heat-network-refactor
Change-Id: Ie90e41568df05055b91764b861e08de6f689d864
Previously, the swarm bay type did not support using a cinder
volume for docker.
Implements: blueprint swarm-cinder
Change-Id: I8acaf60caab52a5e5a234e4c5f89ce3dd155759c
Rename heat-kubernetes to kubernetes, heat-mesos to mesos,
docker-swarm to swarm in templates. We use heat templates and
no other methods, so I think it is unnecessary to add heat before
coe. kubernetes, mesos, swarm are better than
heat-kubernetes, heat-mesos, docker-swarm.
Change-Id: I257b35c1c4ef55d3172095736f550f2c55c8d81f
Closes-Bug: #1514682
Hua Wang