Ensure the --live-restore is not in the Docker daemon OPTIONS.
Some images has this option by default which will cause the node
not being able to perform it swarm init process.
Change-Id: I287a5274143903fad5d4476e9d1640b26bdb46d4
Story: 2004095
Task: 27497
Update heat-container-agent version tag to include the multi region
fix.
Task: 27051
Story: 2003992
Change-Id: Ided337dafa52cce771126e96ef41a62a3358fda1
Cluster update was used for scaling operations only,
but if the heat-temaplates where changed for any reason
(eg upgrade of the magnum server), the stack update command
was destructive.
This patch uses the existing parameter in the stack update call.
story: 1722573
task: 21583
Change-Id: Id84e5d878b21c908021e631514c2c58b3fe8b8b0
USER_TOKEN variable is empty because the grep expression
is not ignoring case and certs are not created.
Change-Id: I175cb2d4c64d5f7024b13ce11c1184029f63c317
Task: 26189
Story: 2003671
To upgrade cluster we need to be able to set image tags
so this change adds to labels for corresponding containers
Task: 23314
Story: 2003171
Change-Id: I4cd0270a69fb889c59bdb28966821adb11fd0292
Allow traffic on TCP port 2377 to the swarm master node
which is used by the nodes to join the cluster using a token.
Story: 2003582
Task: 24888
Change-Id: Iee662e7d76c6863f83d28dfe7a8897fb25b33ed1
Add kubelet on the master nodes. This work was
done already for calico, this patch applies the
same config when calico is used as well.
story: 2003521
task: 24797
Change-Id: Id33fb59ef23da740712d9a9b7ec4205bd6579b35
Since python3.6 os.path.join can be either bytes or
a str. So mock os.path.join in order for the unit tests to
pass.
Change-Id: I82c793875d888092e5c814727a6c4ad4053e76fb
Signed-off-by: Chuck Short <chucks@redhat.com>
tls-ca-file flag is unused and was removed from kube-apiserver
in kubernetes 1.11. This means that any cluster with this
option specified will fail on apiserver start
Pull request on flag removal:
https://github.com/kubernetes/kubernetes/pull/61386
Task: 24858
Story: 2003566
Change-Id: I9c192b94056629a949ee92d867e8cda5c4ff6810
Currently, Magnum is running periodic tasks to collect k8s cluster
metrics to message bus. Unfortunately, it's collecting pods info
only from "default" namespace which makes this function useless.
What's more, even Magnum can get all pods from all namespaces, it
doesn't make much sense to keep this function in Magnum. Because
operators only care about the health of cluster nodes. If they
want to know the status of pods, they can use heapster or other
tools to get that.
Task: 22619
Story: 1775116
Change-Id: I3ca0f2e96fe63870406cc5323f08fa018ac6e8be
1. pods with host network can not reach coredns or any svc or resolve
their own hostname
2. If webhooks are deployed in the cluster, the apiserver needs to
contact them, which means kube-proxy is required in the master node with
the cluster-cidr set.
Change-Id: Icb8e7c3b8c75a3ab087c818c8580c0c8a9111d30
story: 2003460
task: 24719
The statement in configure-kubernetes-master and minion
that is checking weather to enable the cloud provider needs
to be split into two and use one '='.
Change-Id: I64b2d5be10058b2d03c406519b3d80e212844d15
story: 1775358
When create a cluster in Openstack, a master-node has failed during
cloud-init scripts. It failed in 'make-cert.sh' because it couldn't get
a right token. The extra_params['auth_url'] has a slash at the end so
the requested url was wrong.
Returend url of url_for() has a slash at the end.
Just add rstrip('/') to fix this error.
Change-Id: I1f2f0e07a913268b2ba821a8b85b8a3973cb59dc
Task: 23277
Story: 2003144
When we create a cluster and pass the ca.key in a software deployment we
must ensure that the apiserver will start before calico, dashboard etc
which require the api to return ok. [0]
The heat agent process the deployment serially, so if coredns arrives
first in the agent, it will wait forever for the coredns script to
complete.
Putting the cert_manager_api first solves the issue.
[0] curl http://127.0.0.1:8080/healthz
Change-Id: I031ab34141045dde171bcf6206e227fa7eb5885d
story: 2003434
task: 24630
A new label `service_cluster_ip_range` is added for k8s so that
user can set the service portal ip range to avoid conflicts with
pod ip range.
Task: 22568
Story: 2002725
Change-Id: Ie6e95a953059cc4bd5cf15a44f8666b714defb13
This is a part of fixes for k8s v1.11.1 recently we're doing. When
testing the k8s v1.11.1, we just found some small but annoying issues:
1. cgroup-driver with systemd not working well with Fedora Atomic, so
we're going to use cgroupfs as the default cgroup-driver.
2. The $ char need to be escaped wc-notify-master.sh
Task: 23223
Story: 2003103
Change-Id: I995f5b82abadfdb7f78f7c098ac7a7f1e5c34fd3
Though user has set the docker_volume_size in cluster template, the
docker volume won't be created if docker_volume_size not set when
creating cluster. It's because Magnum API failed to set it for this
scenario.
Task: 23301
Story: 2003165
Change-Id: Ic590731b36186ccf2e3a81873505864aaaef7563
Due to a change in Go 1.10.3[1], which k8s v1.11.1 is based on, now
magnum is failing to create a working k8s cluster with version 1.11.1.
This patch is changing removing the extention usage for server auth
for ca cert and using simple public/private keys for k8s service account
keys.
[1] https://go.googlesource.com/go/+/09fa131c99da0ef9f78c9f4f6cd955237ccc01cd
Task: 23210
Story: 2003103
Change-Id: Ieba8f55d55db2afda6888d4bc6c2caa87370d13d
When using calico network driver for k8s, kubelet will be
enabled/installed on master node. So we need to make sure
the /etc/kubernetes/manifests directory is accessible. Same
thing has been done for minion node.
Task: 23211
Story: 2003103
Change-Id: I33ed0ccc224179f1f8fb7968e340cbbb9805cafc
In these environments, the Kubelet needs to be told to use
a different flexvolume plugin directory that is accessible
and writeable (rw). By default, it's /usr/libexec/kubernetes/\
kubelet-plugins/volume/exec/. It raised read-only directory error
when creating.
The patch simply change flexvolume dir to accessible and
writeable one.
Change-Id: Iaa470890547a2ccf734e37498e0c5286e815ff97
Task: 22565
Story: 2002723
Add "trustee_keystone_region_name" optional configuration parameter
that allows Magnum to specify a region when searching for auth_url
in the Identity service.
This parameter is useful for multi-regional OpenStack installations
with different Identity service for every region.
Task: 22990
Story: 2002981
Change-Id: I5dd70ac0fdcbc19761833ccae3f5496c154f0804
There are 2 fixes included in this patch:
1. A regression issue introduced by the multi region patch,
see https://review.openstack.org/#/c/579043 for more details.
There is a missing bracket.
2. Issues in the Dockerfile of heat-container-agent. Some depedencies
are renamed or we don't really need them. And because of the
multi region bug, we need a new version for os-collect-config. So
switching to pip from dnf is much eaiser than building a new RPM
package for those python libs we care about. To be more clear,
for the multi region issue, we need os-collect-config 9.1.0, and
with dnf you can only find 5.0.0.
Task: 23099
Story: 2002768
Change-Id: I015af15dccd5fe622137c1f5fe042d3d29cc9a47
While the stack is not COMPLETE, we do not need
to resolve the outputs of the stack. Resolving the
outputs is expensive for large stacks.
story: 2002959
task: 22961
Change-Id: I26861214bba8cc92f4e7f9ecba5ba51df99346cb
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Spyros Trigazis