A user may not rely on nova-keypairs to access their cluster
such as a preconfigured SSSD.
story: 2004402
task: 28035
Change-Id: I77fbdc174d3dddfd312fb8dac20516314d4c182e
Currently, there is no guarantee to make sure all nodes of one cluster are
created on different compute hosts. So it would be nice if we can create
a server group and set it with anti-affinity policy to get a better HA
for cluster. This patch is proposing to create a server group for master
and minion nodes with soft-anti-affinity policy by default.
Closes-Bug: #1737802
Change-Id: Icc7a73ef55296a58bf00719ca4d1cdcc304fab86
In the drivers section of magnum.conf add openstack_ca_file.
This file is expected to be a CA Certificate OR CA bundle
which will be passed on every node and it will be installed
on the host's CA bundle.
Update devstack plugin to use the ssl bundle if tls-proxy is
enabled.
Install the CA for drivers:
k8s_coreos_v1
k8s_fedora_atomic_v1
k8s_fedora_ironic_v1
mesos_ubuntu_v1
swarm_fedora_atomic_v1
swarm_fedora_atomic_v2
Add doc in troubleshooting-guide.
Add release notes.
Closes-Bug: #1580704
Partially-Implements: blueprint heat-agent
Change-Id: Id48fbea187da667a5e7334694c3ec17c8e2504db
Allow any value to be passed on the docker_storage_driver field by turning it
into a StringField (was EnumField), and remove the constraints limiting the
values to 'devicemapper' and 'overlay'.
Change the docker storage setup to have a generic setup for all drivers with
the exception of 'devicemapper', which keeps its own specific storage config
function. For all others, do the same we already did for overlay (with two
cases for usage of a cinder volume or not) and simply set the storage driver
in the docker configuration to the value provided in the cluster template.
Change-Id: I9aa8f232ce64ece4d439c0a476f463820a499617
Closes-Bug: #1722522
Added configuration parameter, verify_ca, to magnum.conf with default
value of True. This parameter is passed to the heat templates to
indicate whether the cluster nodes validate the Certificate Authority
when making requests to the OpenStack APIs (Keystone, Magnum, Heat).
This configuration parameter can be set to False to disable CA
validation.
Co-Authored-By: Vijendar Komalla <vijendar.komalla@rackspace.com>
Change-Id: Iab02cb1338b811dac0c147378dbd0e63c83f0413
Partial-Bug: #1663757
The instance type of servers at the moment can become quite long
due to the Heat autogenerated names. This patch cleans up the names
so that they are shorter yet contain all the info needed to be able
to know where they belong to.
Change-Id: I5bcbe73f08844242d049b8408221da40d22cd3dc
* add docker_volume_type for the cinder volumes which are
used for docker storage.
* add default_docker_volume_type configuration option
Related-Bug: #1678153
Change-Id: Ie18096acf24873ef91a904df4f1a84694a2bb644
If a fixed_network and fixed_subnet is specified no private network
is created by the templates and the specified network is
used instead for VMs provisioning, like in the Ironic driver.
Currently missing is the code to handle the use case where you
specify a fixed_network but not a fixed_subnet, this will come
in a following patch.
Partially Implements: blueprint decouple-private-network
Change-Id: I2003eb709b22b905063d846eb71570fc5e033618
We should upgrade swarm because 1.0.0 is more than
one year old and lack features and bug fixes.
Change-Id: Ia236e473ce3152a6bf3115a3bfc62fbf0af100d7
Closes-Bug: 1644620
Currently for each driver has following code
1) Create a fixed Network.
2) Create a fixed subnet in the network created at step 1.
3) Create a router
4) Attach subnet(created at step2) to router(created at step 3)
A new resource is created for above tasks in network.yaml file.
New resource does the above tasks and output the fixed network ID
and fixed subnet id, which is used by other parts of the heat
template.
Change-Id: Ib347ce5c54c6566300a43e05b277bf80351a2256
Closes-Bug: #1606912
All traffic was allowed for swarm manager. With this patch
following secgroup is created for restricted access.
Security Group: secgroup_swarm_manager
1) Allow TCP 22, 2376 ports for everyone.
2) Allow all the ports to subnet created.
3) Allow UDP 53 port for everyone.
Change-Id: Ie1aa4fffeb6317dc200a764319ac93e18d414a4b
Depends-On: I9ad6e0577918e811e9dd051b56aa69bfe2c391a0
Closes-bug: #1501050
In the swarm_atomic and k8s_atomic drivers container images are
stored in a dedicated cinder volume per cluster node. It is
proven that this architecture can be a scalability bottleneck.
Make the use of cinder volumes for container images and opt-in
option. If docker-volume-size is not specified no cinder
volumes will be created. Before, if docker-volume-size wasn't
specified the default value was 25.
To use cinder volumes for container storage the user will
interact with magnum as before, (meaning the valid values are
integers starting from 1).
Closes-Bug: #1638006
Change-Id: I3394c62a43bbf950b7cf0b86a71b1d9b0481d68f
Swarm cluster can be created by specifying any of the scheduler
strategy supported by swarm. The strategy can be specified
while creating cluster template using labels parameter, Ex:-
--labels swarm_strategy=spread
Supported values for swarm_strategy=spread, binpack, random
Change-Id: If471f10a3b1f955638a77d5afe462aebdeb4277c
Implements: blueprint add-support-different-strategy-in-swarmbay
LBaaS v1 api is completely removed by neutron, so it
cannot be used now. Added Support of LBaaS v2 API.
Now all COE's uses LBaaS v2.
Co-Authored-By: yatin karel <yatin.karel@nectechnologies.in>
Change-Id: Idbccbe1065857449fc8e158115b7833b68c2da9f
Partially-Implements: blueprint magnum-lbaasv2-support
This is patch 3 of 3 to change the internal usage of the terms
Bay and BayModel. This patch updates Bay to Cluster in DB and
Object as well as all the usages. No functionality should be
changed by this patch, just naming and db updates.
Change-Id: Ife04b0f944ded03ca932d70e09e6766d09cf5d9f
Implements: blueprint rename-bay-to-cluster
* Volumes are created using the bay's trusstee user
scoped by the bay's trustID.
* In volume-service.sh it is checked if rexray exists
in the image, so if you have built an image with
rexray it will configure and start rexray service.
This change replaces:
Ie5e78e6b9d06fd2c92915b8635b8062c008e9696
Change-Id: I11043d5edcf73a87220c86320f9938b9347c118f
Partially-Implements: blueprint magnum-integrate-with-cinder
This patch modifies the swarm bay driver/templates to allow its LBaaS
resources to be conditionally enabled/disabled.
Change-Id: Ic6ebec89514288837a7b540ce5517413e579f488
Partially-Implements: blueprint decouple-lbaas
Make consistent default version of heat template across
kubernetes, swarm and mesos
Change-Id: I5f8231336a6832ae8ecd8f789ed0b51ba5062729
Closes-Bug: #1425368
'flannel_network_subnetlen' is the size of subnet assigned to each
nodes. The value of 'flannel_network_subnetlen' will pass to SubnetLen.
So the type of flannel_network_subnetlen should be 'number' or int,
not string.
Change-Id: I49816fcfad7fcce7f77f6c0db20f82b630426512
Moved all the swarm templates and template_definition code
to the magnum/drivers folder.
Moved base template_definition classes to drivers/common
folder
Change-Id: Ieff57f0f47835c35d9f17c3d7d1b7e6a40907462
Partially-Implements: blueprint bay-drivers
Co-Authored-by: Spyros Trigazis <strigazi@gmail.com>
Jim Bach