A user may not rely on nova-keypairs to access their cluster
such as a preconfigured SSSD.
story: 2004402
task: 28035
Change-Id: I77fbdc174d3dddfd312fb8dac20516314d4c182e
Currently, there is no guarantee to make sure all nodes of one cluster are
created on different compute hosts. So it would be nice if we can create
a server group and set it with anti-affinity policy to get a better HA
for cluster. This patch is proposing to create a server group for master
and minion nodes with soft-anti-affinity policy by default.
Closes-Bug: #1737802
Change-Id: Icc7a73ef55296a58bf00719ca4d1cdcc304fab86
In the drivers section of magnum.conf add openstack_ca_file.
This file is expected to be a CA Certificate OR CA bundle
which will be passed on every node and it will be installed
on the host's CA bundle.
Update devstack plugin to use the ssl bundle if tls-proxy is
enabled.
Install the CA for drivers:
k8s_coreos_v1
k8s_fedora_atomic_v1
k8s_fedora_ironic_v1
mesos_ubuntu_v1
swarm_fedora_atomic_v1
swarm_fedora_atomic_v2
Add doc in troubleshooting-guide.
Add release notes.
Closes-Bug: #1580704
Partially-Implements: blueprint heat-agent
Change-Id: Id48fbea187da667a5e7334694c3ec17c8e2504db
Allow any value to be passed on the docker_storage_driver field by turning it
into a StringField (was EnumField), and remove the constraints limiting the
values to 'devicemapper' and 'overlay'.
Change the docker storage setup to have a generic setup for all drivers with
the exception of 'devicemapper', which keeps its own specific storage config
function. For all others, do the same we already did for overlay (with two
cases for usage of a cinder volume or not) and simply set the storage driver
in the docker configuration to the value provided in the cluster template.
Change-Id: I9aa8f232ce64ece4d439c0a476f463820a499617
Closes-Bug: #1722522
Added configuration parameter, verify_ca, to magnum.conf with default
value of True. This parameter is passed to the heat templates to
indicate whether the cluster nodes validate the Certificate Authority
when making requests to the OpenStack APIs (Keystone, Magnum, Heat).
This configuration parameter can be set to False to disable CA
validation.
Co-Authored-By: Vijendar Komalla <vijendar.komalla@rackspace.com>
Change-Id: Iab02cb1338b811dac0c147378dbd0e63c83f0413
Partial-Bug: #1663757
At the moment, no_proxy variable is evaluated separately for docker
daemon and for swarm-manager container running in docker. Evaluated
value for swarm-manager is not getting into cloud-init script, because
$NODE_PROXY token is getting replaced by Heat str_replace function.
This commit is intended to unify NO_PROXY evaluation and also fix the
issue with swarm-manager.
Related-Bug: #1647815
Related-Bug: #1632698
Related-Bug: #1660562
Change-Id: I336024265008b6cae308bf7b614476b71b81fa01
The instance type of servers at the moment can become quite long
due to the Heat autogenerated names. This patch cleans up the names
so that they are shorter yet contain all the info needed to be able
to know where they belong to.
Change-Id: I5bcbe73f08844242d049b8408221da40d22cd3dc
This change uses the curl_cli attribute of heat's waitconditions in
the swarm driver which provides a preconstructed curl command which
can be used for signalling the waitcondition. This pattern has been
used elsewhere in magnum and simplifies the process of using wait
conditions.
Change-Id: I8e5f63e6d905266cc43d4957ce95e53659d01321
* add docker_volume_type for the cinder volumes which are
used for docker storage.
* add default_docker_volume_type configuration option
Related-Bug: #1678153
Change-Id: Ie18096acf24873ef91a904df4f1a84694a2bb644
Atomic image contains:
kubernetes-1.5.2-2.fc25.x86_64
docker-1.12.6-5.git037a2f5.fc25.x86_64
flannel-0.5.5-8.fc25.x86_64
etcd-3.0.15-1.fc25.x86_64
The ironic image contains exactly the same packages.
* For this upgrade the upstream image is used, which is
uploaded here [1].
* Minor changes for flannel and docker-storage-setup
were needed.
* The image will be built in the CI and uploaded to
tarballs.openstack.org as soon as possible.
* Ironic image [2].
Notes:
* docker-storage-setup config changes were needed because in
the previous images it was disabled and it was started by us.
* We can have selinux enables in containers since the images
have kernel 4.9.x.
[1] https://fedorapeople.org/groups/magnum/fedora-atomic-25-latest.qcow2
[2] https://fedorapeople.org/groups/magnum/fedora-25-kubernetes-ironic.tar.gz
Change-Id: Iac6e30c530821a49a5c3978e335e0b1d56a576e0
Following changes for cluster-drivers, move coe specific monitors
at driver level. This change is needed to add the driver field
properly.
Change-Id: Id4658b8f7400bf3c86c8ff81756fb33d1211a0b3
Implements: blueprint bay-drivers
If a fixed_network and fixed_subnet is specified no private network
is created by the templates and the specified network is
used instead for VMs provisioning, like in the Ironic driver.
Currently missing is the code to handle the use case where you
specify a fixed_network but not a fixed_subnet, this will come
in a following patch.
Partially Implements: blueprint decouple-private-network
Change-Id: I2003eb709b22b905063d846eb71570fc5e033618
We should upgrade swarm because 1.0.0 is more than
one year old and lack features and bug fixes.
Change-Id: Ia236e473ce3152a6bf3115a3bfc62fbf0af100d7
Closes-Bug: 1644620
Remove custom docker unit file and pass the necessary options
through /etc/sysconfig/docker file.
Change-Id: I6bf91843b9120b700d13aad54cef38342ae1f8bd
Closes-Bug: #1646123
Currently for each driver has following code
1) Create a fixed Network.
2) Create a fixed subnet in the network created at step 1.
3) Create a router
4) Attach subnet(created at step2) to router(created at step 3)
A new resource is created for above tasks in network.yaml file.
New resource does the above tasks and output the fixed network ID
and fixed subnet id, which is used by other parts of the heat
template.
Change-Id: Ib347ce5c54c6566300a43e05b277bf80351a2256
Closes-Bug: #1606912
There is a default policy for that in Fedora, however it doesn't
work in Atomic since /usr/local is a symlink to /var/usrlocal
Closes-Bug: 1646421
Change-Id: I4c5b836f4f76ff93a2c55f85ff6ff0cbe990bcff
Refactor driver interface to encapsulate the orchestration
strategy. This first patch only refactors the main driver
operations. A follow-on will handle the state synchronization
and removing the poller from the conductor.
1. Make driver interface abstract
2. Move external cluster operations into driver interface
3. Make Heat-based driver abstract and update based on
driver interface changes
4. Move Heat driver code into its own module
5. Update existing Heat drivers based on interface changes
Change-Id: Icfa72e27dc496862d950ac608885567c911f47f2
Partial-Blueprint: bp-driver-consolodation
It creates a mismatch between the generated Nova name
and its hostname which can lead to weird problems.
Closes-Bug: 1645730
Change-Id: I1c7dd459caefacaf41dd77e59c1a6e1df3ef0d42
All traffic was allowed for swarm manager. With this patch
following secgroup is created for restricted access.
Security Group: secgroup_swarm_manager
1) Allow TCP 22, 2376 ports for everyone.
2) Allow all the ports to subnet created.
3) Allow UDP 53 port for everyone.
Change-Id: Ie1aa4fffeb6317dc200a764319ac93e18d414a4b
Depends-On: I9ad6e0577918e811e9dd051b56aa69bfe2c391a0
Closes-bug: #1501050
In the swarm_atomic and k8s_atomic drivers container images are
stored in a dedicated cinder volume per cluster node. It is
proven that this architecture can be a scalability bottleneck.
Make the use of cinder volumes for container images and opt-in
option. If docker-volume-size is not specified no cinder
volumes will be created. Before, if docker-volume-size wasn't
specified the default value was 25.
To use cinder volumes for container storage the user will
interact with magnum as before, (meaning the valid values are
integers starting from 1).
Closes-Bug: #1638006
Change-Id: I3394c62a43bbf950b7cf0b86a71b1d9b0481d68f
Swarm cluster can be created by specifying any of the scheduler
strategy supported by swarm. The strategy can be specified
while creating cluster template using labels parameter, Ex:-
--labels swarm_strategy=spread
Supported values for swarm_strategy=spread, binpack, random
Change-Id: If471f10a3b1f955638a77d5afe462aebdeb4277c
Implements: blueprint add-support-different-strategy-in-swarmbay
This patch splits the swarm atomic template to support
both swarm vm and bm drivers.
Change-Id: Ib03e1d6cb441230a17df2c47e1ed79052f3394bf
Partially-Implements: blueprint magnum-baremetal-full-support
LBaaS v1 api is completely removed by neutron, so it
cannot be used now. Added Support of LBaaS v2 API.
Now all COE's uses LBaaS v2.
Co-Authored-By: yatin karel <yatin.karel@nectechnologies.in>
Change-Id: Idbccbe1065857449fc8e158115b7833b68c2da9f
Partially-Implements: blueprint magnum-lbaasv2-support
This is patch 3 of 3 to change the internal usage of the terms
Bay and BayModel. This patch updates Bay to Cluster in DB and
Object as well as all the usages. No functionality should be
changed by this patch, just naming and db updates.
Change-Id: Ife04b0f944ded03ca932d70e09e6766d09cf5d9f
Implements: blueprint rename-bay-to-cluster
Built-in in docker >= 1.9, it justs need a K-V store.
This patch reuses the existing etcd supporting Swarm.
Change-Id: Iae2e5aa1d8836d344f16ec911c766c426b1b558a
In this commit enable-docker-registery.sh file has been removed
from k8s fedora and swarm driver and put at the common location
to avoid duplicacy and redundancy of code.
Change-Id: I6f3bb301fa46452745c770332a8083fd65b8a561
Partial-bug: 1517218
* Volumes are created using the bay's trusstee user
scoped by the bay's trustID.
* In volume-service.sh it is checked if rexray exists
in the image, so if you have built an image with
rexray it will configure and start rexray service.
This change replaces:
Ie5e78e6b9d06fd2c92915b8635b8062c008e9696
Change-Id: I11043d5edcf73a87220c86320f9938b9347c118f
Partially-Implements: blueprint magnum-integrate-with-cinder
In this commit configure-docker-storage.sh file has been removed
from k8s coreos, fedora and swarm driver and put at the common
location to avoid duplicacy and redundancy of code.
Partial-bug: #1517218
Change-Id: Ie467c1691cc148435da47448d31c35e7a1865984
Moves magnum.drivers from using Baymodel to ClusterTemplate naming to align
with bay to cluster blueprint.
First part of the rest of magnum.drivers update, with the next part renaming
Bay to Cluster.
Change-Id: I34c5a8bb2b2617b9a057cf7063d4749fa5a39f58
Implements: blueprint rename-bay-to-cluster
Currently bay-show operation does not return bay/cluster
version information. This change contain changes to return
bay/cluster version and container version info.
Change-Id: Ie12b6583e6d85faa3607f87295c04d72698034a5
Closes-Bug: #1613413
"../../common/templates/environments/" path seems to be redundant
in each drivers.
So it should be const variable.
Change-Id: I5cbd30e350c861b611b327a4dda3f92a6316e45b
Closes-Bug: #1616259
Dockerfile to build Openvswitch image
The Kuryr driver for Swarm bay requires Openvswitch and the Neutron
L2 agent running on the nodes. Since the Fedora Atomic does not
have these packages installed and it is preferrable to not use a
custom-built image, we need to run these packages in a container.
This Dockerfile is used to build the Docker image hosted on
Docker Hub:
openstackmagnum/fedora23-neutron-ovs:testing
Partially implements: blueprint kuryr-swarm-integration
Change-Id: I5132ccc2bc5660aa9688430bbc51f6759f6b7a81
This reverts commit 748cf13182.
This commit breaks to setup.py install phase.
Closes-Bug: #1615026
Change-Id: Ie29a723319775e1becff5a6099cb58e3541e399c
Jim Bach