The default values needed for magnum's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to the default initialization procedure. This ensures
that if a value remains unset in the configuration file, it will
fallback to using sane defaults. It also ensures that an operator
modifying the configuration will be presented with that same
set of defaults.
Change-Id: I7d8f8708d53bbab117600070982ac80482fa0a77
Closes-Bug: 1551836
* Remove bandit.yaml so bandit just uses internal defaults. Results
in much less maintenance.
* Raise the severity level of the scan to just medium and high
* Added nosec to line that makes use of file:// scheme. That support
should probably be droppped at a later time.
* Removed a misleading log message noting what address it was
serving on. Bandit also flagged this as a potential security issue
serving on 0.0.0.0.
Change-Id: I3e08e462255f7b4ba8405d69f5843ed3c001d055
The trustee_domain_admin_password config option needs to be marked
secret in order to avoid leaking of the password into the logs.
Change-Id: I45d87b5fc09ffbc075cba2575869a8c5cf10bc8b
Closes-Bug: #1555276
As described in [1], we should pass bay or baymodel as target in
enforce. Otherwise we can not user generic-checks. We need this
check for some situations, for example only allow the user who
creates a bay can delete the bay.
http://docs.openstack.org/developer/oslo.policy/api/
oslo_policy.html#generic-checks
Change-Id: I60f8870dd1a2bb07efbadf5f16a453f0a2e0cb3d
Closes-Bug: #1553914
When creating a bay using heat resources, OS::Magnum::Bay, the first
bay status returns None, then the following bay status returns the
correct CREATE_IN_PROGRESS.
Change-Id: I6e3802b1321de5d300e167c5b0f1a9ebf291fe13
Closes-Bug: #1507598
SELinux is an important security features. We need to turn it on
after cloud-init. This patch did that for swarm.
Change-Id: I1862a63498613535741c3aae9c0378911ec21315
Partial-Bug: #1543308
There is no document how to setup trustee domain and
trustee domain admin.
This patch adds it.
Closes-Bug: #1554403
Change-Id: I3e700a250b7008f289b80ac1da03a7907da098c7
Looks like this function was not in use ever.
It adds nova networking related options to the magnum.conf,
which normally would belong to the nova.conf.
Change-Id: I8435c674db17af2d0641afcf3cab140830130784
Someone changed the base class of BayTest to wait bay complete in setUp
method, but TestSwarmAPIs tries to get bay's api_address in setUpClass.
Closes-Bug: #1553042
Change-Id: I7e238dfd18c109ac0e29854a623eceb1b7aa81dd
API like bay-list/container-list/magnum-service-list etc..
there is no rpc call and only access the database in these methods
move them to api controller.
Change-Id: Icdee1c5d3d835efd57238fb4cb8e897485da9b6d
Closes-Bug:#1552131
This change replaces the hard coded WSGI app creation with a pipeline
of WSGI apps declared in a configuration file.
Paste Deploy was used to create the pipeline since it is used by many other
OpenStack projects and it is an active project
with new contributors and supports Python 3. Dependency on Paste is
localized so switching to another library would not be hard if OpenStack moves
to another package in the future.
Change-Id: I9a45f974c2c8c67a01748583639e6a6248003b85
Closes-Bug:#1551134
This reverts commit cf85c5ac03.
The kube-scheduler failed to spin up after that commit. As a result,
the k8s bay is not functioning. I would suggest to revert that
commit first if we cannot figure out a quick fix.
Closes-Bug: #1551648
Change-Id: If7f8164368be3eec39f9a795a5e7748af68a6f48
We get priv_key in remote_exec, so every time we call remote_exec, we
need to compute it again, this can be move out.
Closes-Bug: #1552502
Change-Id: Id44cd5e98f070985feef2583162bd21bca44baf2
Make thhe minions work correctly without depending on the master.
Removing this dependency decreases provisioning time by provisioning
nodes in parallel.
Change-Id: I025dbf54ef0cdafc4fe26acc33a9faed8cacd1ca
Partial-Bug: 1536739
Partial-Bug: 1551824
Url for keystone is needed by trust and other services, such as k8s
and docker registry.
Change-Id: I269332b5736b6c5a9bc85d843f0d03f1a4d059ee
Partially-Implements: blueprint create-trustee-user-for-each-bay
Only the user who creates the bay can get the certificate and call
the certificate signing request of the bay and create containers
in the bay, which is needed by [1].
[1] https://github.com/openstack/magnum/blob/master/specs/
create-trustee-user-for-each-bay.rst
Change-Id: Id959b76cb136ffbb0e6bcb8c3b83e02b30de66cf
Closes-Bug: #1536883
Partially-Implements: blueprint create-trustee-user-for-each-bay
Now, when we create baymodel with the invalid flavor_id and
master_flavor_id parameters, the baymodel can be created
successfully.
We need to validate the flavor_id and master_flavor before
creating baymodel.
Change-Id: Id6768d8246c97d56e529cbc1cab6c8c7d28ca43a
Closed-Bug: #1547345
Spyros Trigazis
wangqun
Michael Krotscheck
Eric Brown
Jenkins
Hua Wang
Surojit Pathak
Hongbin Lu
OTSUKA, Yuanying
houming-wang
Attila Fazekas
Eli Qiao
Aaron-DH
OpenStack Proposal Bot
Corey O'Brien
Anh Tran