Currently, there is no guarantee to make sure all nodes of one cluster are
created on different compute hosts. So it would be nice if we can create
a server group and set it with anti-affinity policy to get a better HA
for cluster. This patch is proposing to create a server group for master
and minion nodes with soft-anti-affinity policy by default.
In the drivers section of magnum.conf add openstack_ca_file.
This file is expected to be a CA Certificate OR CA bundle
which will be passed on every node and it will be installed
on the host's CA bundle.
Update devstack plugin to use the ssl bundle if tls-proxy is
Install the CA for drivers:
Add doc in troubleshooting-guide.
Add release notes.
Partially-Implements: blueprint heat-agent
Allow any value to be passed on the docker_storage_driver field by turning it
into a StringField (was EnumField), and remove the constraints limiting the
values to 'devicemapper' and 'overlay'.
Change the docker storage setup to have a generic setup for all drivers with
the exception of 'devicemapper', which keeps its own specific storage config
function. For all others, do the same we already did for overlay (with two
cases for usage of a cinder volume or not) and simply set the storage driver
in the docker configuration to the value provided in the cluster template.
Added configuration parameter, verify_ca, to magnum.conf with default
value of True. This parameter is passed to the heat templates to
indicate whether the cluster nodes validate the Certificate Authority
when making requests to the OpenStack APIs (Keystone, Magnum, Heat).
This configuration parameter can be set to False to disable CA
Co-Authored-By: Vijendar Komalla <firstname.lastname@example.org>
At the moment, no_proxy variable is evaluated separately for docker
daemon and for swarm-manager container running in docker. Evaluated
value for swarm-manager is not getting into cloud-init script, because
$NODE_PROXY token is getting replaced by Heat str_replace function.
This commit is intended to unify NO_PROXY evaluation and also fix the
issue with swarm-manager.
The instance type of servers at the moment can become quite long
due to the Heat autogenerated names. This patch cleans up the names
so that they are shorter yet contain all the info needed to be able
to know where they belong to.
This change uses the curl_cli attribute of heat's waitconditions in
the swarm driver which provides a preconstructed curl command which
can be used for signalling the waitcondition. This pattern has been
used elsewhere in magnum and simplifies the process of using wait
* add docker_volume_type for the cinder volumes which are
used for docker storage.
* add default_docker_volume_type configuration option
Atomic image contains:
The ironic image contains exactly the same packages.
* For this upgrade the upstream image is used, which is
uploaded here .
* Minor changes for flannel and docker-storage-setup
* The image will be built in the CI and uploaded to
tarballs.openstack.org as soon as possible.
* Ironic image .
* docker-storage-setup config changes were needed because in
the previous images it was disabled and it was started by us.
* We can have selinux enables in containers since the images
have kernel 4.9.x.
Following changes for cluster-drivers, move coe specific monitors
at driver level. This change is needed to add the driver field
Implements: blueprint bay-drivers
If a fixed_network and fixed_subnet is specified no private network
is created by the templates and the specified network is
used instead for VMs provisioning, like in the Ironic driver.
Currently missing is the code to handle the use case where you
specify a fixed_network but not a fixed_subnet, this will come
in a following patch.
Partially Implements: blueprint decouple-private-network
Currently for each driver has following code
1) Create a fixed Network.
2) Create a fixed subnet in the network created at step 1.
3) Create a router
4) Attach subnet(created at step2) to router(created at step 3)
A new resource is created for above tasks in network.yaml file.
New resource does the above tasks and output the fixed network ID
and fixed subnet id, which is used by other parts of the heat
Refactor driver interface to encapsulate the orchestration
strategy. This first patch only refactors the main driver
operations. A follow-on will handle the state synchronization
and removing the poller from the conductor.
1. Make driver interface abstract
2. Move external cluster operations into driver interface
3. Make Heat-based driver abstract and update based on
driver interface changes
4. Move Heat driver code into its own module
5. Update existing Heat drivers based on interface changes
All traffic was allowed for swarm manager. With this patch
following secgroup is created for restricted access.
Security Group: secgroup_swarm_manager
1) Allow TCP 22, 2376 ports for everyone.
2) Allow all the ports to subnet created.
3) Allow UDP 53 port for everyone.
In the swarm_atomic and k8s_atomic drivers container images are
stored in a dedicated cinder volume per cluster node. It is
proven that this architecture can be a scalability bottleneck.
Make the use of cinder volumes for container images and opt-in
option. If docker-volume-size is not specified no cinder
volumes will be created. Before, if docker-volume-size wasn't
specified the default value was 25.
To use cinder volumes for container storage the user will
interact with magnum as before, (meaning the valid values are
integers starting from 1).
Swarm cluster can be created by specifying any of the scheduler
strategy supported by swarm. The strategy can be specified
while creating cluster template using labels parameter, Ex:-
Supported values for swarm_strategy=spread, binpack, random
Implements: blueprint add-support-different-strategy-in-swarmbay
LBaaS v1 api is completely removed by neutron, so it
cannot be used now. Added Support of LBaaS v2 API.
Now all COE's uses LBaaS v2.
Co-Authored-By: yatin karel <email@example.com>
Partially-Implements: blueprint magnum-lbaasv2-support
This is patch 3 of 3 to change the internal usage of the terms
Bay and BayModel. This patch updates Bay to Cluster in DB and
Object as well as all the usages. No functionality should be
changed by this patch, just naming and db updates.
Implements: blueprint rename-bay-to-cluster
In this commit enable-docker-registery.sh file has been removed
from k8s fedora and swarm driver and put at the common location
to avoid duplicacy and redundancy of code.
* Volumes are created using the bay's trusstee user
scoped by the bay's trustID.
* In volume-service.sh it is checked if rexray exists
in the image, so if you have built an image with
rexray it will configure and start rexray service.
This change replaces:
Partially-Implements: blueprint magnum-integrate-with-cinder
In this commit configure-docker-storage.sh file has been removed
from k8s coreos, fedora and swarm driver and put at the common
location to avoid duplicacy and redundancy of code.
Moves magnum.drivers from using Baymodel to ClusterTemplate naming to align
with bay to cluster blueprint.
First part of the rest of magnum.drivers update, with the next part renaming
Bay to Cluster.
Implements: blueprint rename-bay-to-cluster
Currently bay-show operation does not return bay/cluster
version information. This change contain changes to return
bay/cluster version and container version info.
Dockerfile to build Openvswitch image
The Kuryr driver for Swarm bay requires Openvswitch and the Neutron
L2 agent running on the nodes. Since the Fedora Atomic does not
have these packages installed and it is preferrable to not use a
custom-built image, we need to run these packages in a container.
This Dockerfile is used to build the Docker image hosted on
Partially implements: blueprint kuryr-swarm-integration