* Add a CoreOS test class TestCoreosKubernetesAPIs
* Add a CoreOS test environment in tox.ini
* Create a base class BaseK8sTest and move OS-agnostic k8s testing
code to that class.
* Increase the disk size from 8G to 10G for m1.magnum and s1.magnum,
since CoreOS image requires more disk space to boot.
* Set os-distro property for CoreOS image.
Partial-Bug: #1546101
Change-Id: Ie56a9442ecebe05f39c7669bc950f5a6ca11df33
If the bay is pending on CREATE_IN_PROCESS, it won't contain the
IP addresses of the nodes. Therefore, we need to get them from
the Heat stack if missing.
Closes-Bug: #1571272
Change-Id: I487f9000b4c229be3e1b576258473e39cda66f9e
tempest-lib is deprecated for future bug-fixes and code changes
in favor of tempest.
On gate testing, we installed tempest from source code so remove
it from test-requirements.txt.
Closes-Bug: #1553047
Change-Id: I405ad31e1c218868c6dbffb967a755163674fc80
Add docker registry support for swarm in heat template. After this
patch is merged, we can use docker registry in swarm bay.
Change-Id: I5161a4c0259a2df89dfc8591453aebc6f037d40d
Partially-Implements: blueprint registryv2-in-master
It's hard to indentify which node is master and which is slave now, add
prefix `master` or `node` to logs directory on functional testing
failure.
Change-Id: Ida739845d5276d53b037ac32dcb1b72bc717936f
Use the healthcheck middleware from oslo_middleware. This adds a new
pipeline that depends if /etc/magnum/healthcheck_disable file exists.
The healthcheck middleware is avalible under the /healthcheck URL.
Return values:
200 OK (If the file does not exist)
503 DISABLED BY FILE (If file exists)
Change-Id: I23179d5285831af12de7f392849c490d86a5682e
The Mesos slave has many different flags and different user have
different requirement for different parameters, add isolation,
work_dir, image_providers parameters for slave in mesos bay to
give end user more choice. for example Set the parameters to
support Container Images in Mesos Containerizer
Note: support Container Images in Mesos Containerizer needs mesos
version >= 0.28
Partially-Implements:blueprint mesos-slave-flags
Change-Id: Ib4fd7076704a3266f0cf2addf08896729ec6062f
Setting the following in functional_creds.conf doesn't have any effect
for failed functional container tests:
copy_logs = False
Description of changes/issues addressed:
- Client functional tests look in functional_creds.conf for the
copy_logs setting while tempest/api tests look in tempest.conf.
So an accessor method 'get_copy_logs' is added for BaseMagnumTest
(for tempest tests), and this gets overridden by BaseMagnumClient.
- Call to lamda was missing an argument in copy_logs_handler.
- set_copy_logs in config.py was setting cls.copy logs inconsistently
(sometimes boolean True, otherwise to a string).
- BaseMagnumClient was calling bool() on a string: "bool(copy_logs)".
bool() on a string always returns True except for null string.
Change-Id: I234fd0433602914fdf03f04f2394f6dc802df4fd
Closes-Bug: #1570949
Commit I34e5e49ae650219f986a2b0032df65672c319ec6 tried to fix mem_limit
not passed to docker when create container for docker API vesion >=1.19
in a wrong way, this patch fixes it by passing Memory unit to host_config
Closes-Bug: #1567834
Change-Id: Id8da5e40cf165317a9a5453036490cc028bd2e0d
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
In Ia400b5b6919753d6241233a6666a2c30c7618bc9, we are
adding a new library to global requirements. This
python-k8sclient library essentially has the same
code that was in Magnum so it's a straight replace.
Change-Id: Ib85bcf532e4163d5c1ac95ef701a1ec3133b69eb
It seems Magnum gate often broke after switching to neutron-lbaas
devstack plugin. To fix the gate, we remove the plugin for now.
We need to add it back once the issue is resolved.
Change-Id: I777c147a34e32a98592d5f5d8229763cceeb83e7
The Magnum functional tests currently use a DNS server setting of
8.8.8.8 when configuring nodes in a cluster. In some environments,
this DNS server setting doesn't work. When this is the case, and
functional tests are run locally, bay creation times out and the
functional tests fail.
This patch enhances the functional tests to allow configuration of
DNS nameserver to be used in baymodels that are created in
functional tests.
Change-Id: I958d199565ae5741dd6f4b8764e51ea16a8d505b
Closes-Bug: #1570543
Fix gate broken, we keep project configs in gate_hook.sh so we don't
need to subumit requests to project-config and wait for their
approval
Change-Id: Ia9cc4c40b41db1159ad6fd3c4ec1b17b502e0f5b
After this patch is merged, docker registry will be available.
We can push docker images into local repo on a bay node.
Change-Id: I1245bde7ef3173226617e60e6436759f433eb464
Partially-Implements: blueprint registryv2-in-master
From http://logs.openstack.org/64/302064/6/check/
gate-magnum-python27/6c92a13/console.html the log clearly
said bay-xx-xx-xx-xx is an invalid UUID. Using UUIDFields
with invalid UUIDs is no longer supported, so in our test
let's use real UUID case for that.
Change-Id: I0f3dbd8748293741cb5501365aee710220eb3ea0
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Kubernetes bay needs to be fully functional before notifying Heat
to bring the stack to CREATE_COMPLETE. This patch added a systemd
unit that keeps pinging the kube-apiserver and notify Heat once
it goes through.
Change-Id: Ib4fb22f3040d76d488c6cac6873d64b4d973ebb1
Closes-Bug: #1551824
* Rename tenant to project in functional test In particular,
rename "admin_tenant_name" to "admin_project_name" and
rename "tenant_name" to "project_name". These configs have been
renamed in tempest [1], so Magnum needs to adapt the change.
* Temporarily remove "subjectAltName" from CSR config, because
it caused failure of certificate signing, possibly, due to a
bug or imcompatible change in pyOpenSSL 16.0.0.
[1] https://review.openstack.org/#/c/301167/
Change-Id: I41438cbfaefd9d04d7e73a4f46f5ece1494b349c
Closes-Bug: #1568212
Closes-Bug: #1567691
Magnum SSH into each bay node and copy logs when a test fails.
The specified SSH key path is relative to the home directory ("~"),
which didn't get expanded correctly.
Change-Id: Ie7265adf8027309a4482247283dd52a18397d5d7
Closes-Bug: #1566501
Trust can only be deleted by the user who creates it. So when
other users in the same project want to delete the bay, we need
use the trustee which can impersonate the trustor to delete the
trust.
Change-Id: I9f87cdf07066d316722e798cd0755f0fff5c2a02
Closes-Bug: #1552457
Currently, we use the users auth token, which expires after a while.
We need to use a trust instead.
Remove user_token at the same time.
Change-Id: Id1d34c59eccd70be24c5b9e00cd921b5a9d59860
Partially-Implements: blueprint use-trust-for-tls-cert-generation
Cpu metric is important to a cluster, add cpu util to notification bus.
After this patch get applied, we will get following metrics:
{'metrics': [{'unit': '%', 'name': 'cpu_util', 'value': 30.0}, {'unit':
'%', 'name': 'memory_util', 'value': 4.795204795204795}]
Change-Id: I450c8b5afe766be4da4fb42c2ecb47db52b245f3
Change the devstack image to the default Atomic 23 image.
Update templates not to rely on interface naming because the names
changed between Atomic 21 and Atomic 23 images.
Add a functional test to validate minion node registration.
Update docs to refer to a generic Atomic image.
Co-Authored-By: Hongbin Lu <hongbin.lu@huawei.com>
Implements: blueprint atomic23
Change-Id: Id67244e3f452b3c7c3c46fdabcca3a5c141a76c0
Cryptography 1.3.1 has been released which closes this bug, meaning this
patch can now be reverted. As the problem has now been fixed.
https://github.com/pyca/cryptography/issues/2844 is now closed.
This reverts commit a75b5fb77a.
Change-Id: I387ff9fe099460f98303cf930b79db1632791ccd
Previously,the kubernetes bay type did not support the Magnum Container
Volume Model. This patch adds support for volume through the following:
1. Add volume_driver, region_name to
kubernetes bay type.
2. Update kubernetes unit tests to support container volume.
3. Update kubernetes heat templates for container volume model.
Note: The Container Volume Model of Kubernetes need the
kubernetes Version >= 1.1.1 and docker version >= 1.8.3
Change-Id: I8f568087f8e8254cb14a81edb526e596da33abcc
Partially-Implements: blueprint magnum-integrate-with-cinder
Cpu metric is important to a clutser, add cpu util to notification bus.
After this patch get applied, we will get following metrics:
{'metrics': [{'unit': '%', 'name': 'cpu_util', 'value': 30.0}, {'unit':
'%', 'name': 'memory_util', 'value': 4.795204795204795}]
Change-Id: I44cc2edf2a33ff2991ba0b006d802dc3efee42b6
The "Patch" function in the magnum/api/controllers/v1/container.py
isn't called,so we should delete it.
Change-Id: I6f7d041978fd5340d13747b11ebf8bb7b3d195f5
Closes-Bug: #1561401
This patch does, basically, three things:
* Updates the default auth section to keystone_auth;
* Introduces keystoneauth sessions and plugins;
* Adds a deprecation warning and options when loading
legacy auth.
Config, tests and client code are also updated.
Co-Authored-By: Henrique Truta <henrique@lsd.ufcg.edu.br>
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Closes-Bug: 1496810
Closes-Bug: 1515014
Change-Id: I5c1cd24ca28d66ae7ae40e7f707b81870cf0e457
Allow update baymodel's public field to be True even if referenced by bays,
User case is one operator wants to share this baymodel to others but doesn't
want to delete the referenced bay.
Please note we only allow to update public to be True case. In case of
True->False, this may lead bays lost baymodel, so don't do this.
Closes-Bug: #1557943
Change-Id: Ia08a2e9611de3559c5cec4eee832bade1f9af09e
Docker client api has this decorator utils.check_resource for
pause/unpause action when we pass a container dict as the parameter
of `action` method.
Also cleanup logs method
Change-Id: I64983c5b07bcda049d9a5df054238703ef345055
Certificates and trust/trustee should be released correctly
when creating bay is failed.
This fixes it.
Change-Id: Ic784a57ef751526123898f00447ebe8fac650d3e
Closes-Bug: #1560308
We can not get public baymodel now.
Fix it by:
1. Union public baymodel when fetch baymodel from DB.
2. Don't apply policy checking if the baymodel is public
Closes-Bug: #1557977
Change-Id: Ie5b1432d06611cd697a55f67fd66207e1e757382
This patch aimed to reduce db call count when we invode k8sAPI.
For those user using bay name to do pod/rc/service operations, we
can saving a db call.
Change-Id: I1488d0526e1d444cb681b408f8a13ce25b4aee6f
Add the ability to pass an image name using an env
var, to provide more flexibility on image testing.
Change-Id: Iddb2ab3efb5746a070e147ccc2180915c788c5c2
Gate picks cryptography 1.3 version, for x509, it is
_ModuleWithDeprecations instead of a module, see
https://github.com/pyca/cryptography/issues/2844 .
So that will bring trouble when an mocked object __exit__().
This fix is only works for v1.3 cryptography (on gate).
Closes-Bug: #1559845
Change-Id: I852e6c5bf4c16b234ba92b2449c09b991fa6c5a0
Heat client will raise HTTPConflict(409) when try to delete a
in-progress stack, this will lead Magnum 500 erro, mapping HTTPConflict
to OperationInProgres(400)
Closes-Bug: #1559803
Change-Id: Ia1795b0f75952db9c8c84c45e03c7674ed8cf64e
Allow configuring Flannel with 3 different backends
Magnum deploys k8s/swarm over a dedicated neutron private network,
possibly using flannel. Flannel's `host-gw` backend gives the best
performance in this topopolgy (private layer2): no packet processing
overhead, no reduction to MTU, scales to many hosts as well as the
alternatives. The performance difference is significant, see bug for
performance numbers for the 3 backend options.
Note that part of this change involves relaxing the minion IP spoofing
rules to allow traffic from all dynamically-allocated flannel subnets.
This is morally equivalent to what we were doing previously with
encapsulation - only now neutron is able to see the inner IP header
directly.
This patch repurposes the label "flannel_use_vxlan" when the network
driver is flannel.
1. Rename the label flannel_use_vxlan to flannel_backend
2. Redefine the value of this label from "yes/no"
to "udp/vxlan/host-gw"
For example, to create a bay model with flannel as network driver:
--network-driver flannel --labels flannel_backend=host-gw
Other backend options are udp and vxlan.
Co-Authored-By: Ton Ngo <ton@us.ibm.com>
Partial-Bug: #1518605
Closes-Bug: #1516789
Change-Id: I6d2441664ad1baaca14d0e6ff4bcddbe75bee094
get_template_contents in heat client(>=0.6.0) will return {} as
tpl_files, so we don't need to convert it from list to dict cause that
will bring performance issue.
Closes-Bug: #1558352
Change-Id: I5a5400b22b05046dffa7e76b0f7099244186b683
mem_limit and memswap_limit are moved to host_config in docker client
api for API version >= 1.19
427e3a6023
Closes-Bug: #1557895
Change-Id: I34e5e49ae650219f986a2b0032df65672c319ec6
Add tests for container action policy that only the user who creates
the container can operate the container.
Change-Id: I9c7337ea279c893dd9645735a784f7946176ed64
Closes-Bug: #1557268
This patch adds below,
* trust_manager like cert_manager
* Unit tests for create_trust and delete_trust
* Delete trust if creating bay is failed
* Delete trust if deleting stack is failed
Change-Id: Id99a597cd124d4f3ccc11c4086fa618f16b836ca
Partially-Implements: blueprint create-trustee-user-for-each-bay
A better description than magnum2 would be helpful as
we are creating a smaller vm.
So renamed m1.magnum2 to s1.magnum to indicate its a slave flavor.
Change-Id: Ibd74931e0b5b2ac98dc960b31aa2b64a721200ea
Closes-Bug: #1543338
Now, when we update baymodel with the invalid flavor_id or
master_flavor_id parameters, the baymodel can be updated
successfully.
We need to validate the flavor_id, master_flavor, keypair and so on
before patching baymodel.
Closes-Bug: #1555490
Change-Id: I4ae3cd7c0be1161dacb6f0a80c5ee1b53d06d03d
LOG.warn is deprecated. It still used in a few places.
Updated to non-deprecated LOG.warning.
Change-Id: I7e613df8c07616c8cc40a443f3f594407b3555c4
Closes-Bug:#1508442
Hongbin Lu
Eli Qiao
Hua Wang
Niall Bunting
wangqun
Dane LeBlanc
Davanum Srinivas
Kai Qiang Wu(Kennan)
Corey O'Brien
Aaron-DH
Paulo Ewerton
Deeksha
OTSUKA, Yuanying
Yolanda Robla
Angus Lees
Swapnil Kulkarni (coolsvap)