this commit introduces a new '/federations'
endpoint to Magnum API, as well as its controllers,
entities and conductor handlers.
this corresponds to the first phase of the
federation-api spec. please refer to [1] for more
details.
[1] https://review.openstack.org/#/c/489609/
Change-Id: I662ac2d6ddec07b50712109541486fd26c5d21de
Partially-Implements: blueprint federation-api
Stoping magnum-cond without having invoke start(),
results in "WARNING oslo_messaging.server Possible
hang: stop is waiting for start to complete".
A magnum instance with 16 workers was taking 1m to stop
with this change it takes 1 to 10 seconds. This change
doesn't break the fix in [1].
[1] If9e13effc14fd35e646d02bb4f568e79786aa958
Related-Bug: #1702349
Related issue in sahara:
Related-Bug: #1546119
Change-Id: Ied7ab43398d4e499514fa0bd5dba64971d1956bf
The periodic jobs are currently getting registered per each worker
which means that in cases with large number of workers, the APIs
for services such as Heat and Keystone will be hit very hard.
This patch resolves this issue by registering the jobs only to the
main process, ensuring that they run once per instance (or group
of workers).
Closes-Bug: #1702349
Change-Id: If9e13effc14fd35e646d02bb4f568e79786aa958
Multiple process workers support for magnum-conductor.
Adds new option 'workers' to group [conductor] of magnum.conf.
Change-Id: If4d47769c97f756dbf5f45ac4413df7971731f21
Implements: blueprint magnum-multiple-process-workers
* Add osprofiler wsgi middleware. This middleware is used for 2 things:
1) It checks that person who wants to trace is trusted and knows
secret HMAC key.
2) It starts tracing in case of proper trace headers
and adds first wsgi trace point, with info about HTTP request
* Add initialization of osprofiler at start of service
Currently that includes oslo.messaging notifer instance creation
to send Ceilometer backend notifications.
* Traces HTTP/RPC/DB API calls
Demo: https://hieulq.github.io/cluster-create-false-new-html.html
Co-Authored-By: Hieu LE <hieulq@vn.fujitsu.com>
Implements: blueprint osprofiler-support-in-magnum
Change-Id: I7d68995aab81d365433950aada078ef1fcd5469b
Multiple process workers support for magnum-api.
Adds new option 'workers' to group [api] of magnum.conf.
Change-Id: I0e8327ada6926602d577d1f36d384dd49426c7ee
Implements: blueprint magnum-multiple-process-workers
After patch: https://review.openstack.org/#/c/374906/
magnum-template-manage didn't worked because load_entry_point
method moved to Driver class.
With this patch, magnum-template-manage can be used to list
all available drivers in magnum.
The patch also renames magnum-template-manage cli to
magnum-driver-manage.
Drivers can now be listed using:-
magnum-driver-manage list-drivers
magnum-driver-manage list-drivers -d -p
DocImpact
Change-Id: I17ba94b0e2000486b5fcbf792991ad98183bd26c
Partially-Implements: blueprint bay-drivers
Closes-Bug: #1632630
This is patch 3 of 3 to change the internal usage of the terms
Bay and BayModel. This patch updates Bay to Cluster in DB and
Object as well as all the usages. No functionality should be
changed by this patch, just naming and db updates.
Change-Id: Ife04b0f944ded03ca932d70e09e6766d09cf5d9f
Implements: blueprint rename-bay-to-cluster
Add new unit tests for cmd/db_manage.py.
Increase the coverage for cmd/db_manage.py from 0 to 100%.
Move the subcommand 'command' of db_manage to out side
of method main for easier testing.
Change-Id: I686fbc25fd58aea91b5a862fc61c832f4e0d8684
Partial-Bug: #1511667
Currently magnum-manage-template command doesn't read config file
properly. This patch make manage-template script read config file
and display template list the right way.
Add new unit tests for cmd/template_manage.py.
Increase the coverage for cmd/template_manage.py from 0 to 100%.
Change-Id: I3a4df33834201148f824ebe013c5a22aee3ec1f8
Partial-Bug: #1511667
Closes-Bug: #1612596
wsgiref.simple_server is mono threaded process that can not
support SSL context. This patch aim to replace wsgiref.simple_server
with werkzeug for running development API server supporting SSL.
Change-Id: Ib4360d77030e4cce8abf5ea543d87b7982e0e285
Closes-Bug: #1614596
Following the removal of service [1], pod [2] and container [3], remove
COE specific object ReplicationController.
This change also removes k8s_conductor.
[1] I4f06bb779caa0ad369a2b96b4714e1bf2db8acc6
[2] I8c2499ccb97aae39d80868ce02fbef292d762c10
[3] I288fa7a9717519b1ae8195820975676d99b4d6d2
Change-Id: Ica100c8d2dfdd7dc709feb1f5cdc5a3f3d6c7318
Partially-Implements: blueprint delete-container-endpoint
Partially-Implements: blueprint bay-drivers
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the container object, drop the db table and remove references to
the container object. The docker_conductor has also been removed as this
was used for managing containers using Magnum objects.
Change-Id: I288fa7a9717519b1ae8195820975676d99b4d6d2
Partially-Implements: blueprint delete-container-endpoint
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Moved all the swarm templates and template_definition code
to the magnum/drivers folder.
Moved base template_definition classes to drivers/common
folder
Change-Id: Ieff57f0f47835c35d9f17c3d7d1b7e6a40907462
Partially-Implements: blueprint bay-drivers
Co-Authored-by: Spyros Trigazis <strigazi@gmail.com>
This patch does following:
* Removes X509keypair controller as there is already Certificate
controller for same purpose.
* Removes X509keypair conductor.
* Removes name, ca_cert and bay_uuid from x509keypair model as
Bay model already holds certificate references.
* Add intermediates and private_key_passphrase to x509keypair
model.
* Remove related tests and changes.
Change-Id: I9271221cd1d07c672c4a380a4ae3593237fca66a
Partially-Implements: blueprint barbican-alternative-storeX
* Remove bandit.yaml so bandit just uses internal defaults. Results
in much less maintenance.
* Raise the severity level of the scan to just medium and high
* Added nosec to line that makes use of file:// scheme. That support
should probably be droppped at a later time.
* Removed a misleading log message noting what address it was
serving on. Bandit also flagged this as a potential security issue
serving on 0.0.0.0.
Change-Id: I3e08e462255f7b4ba8405d69f5843ed3c001d055
This change replaces the hard coded WSGI app creation with a pipeline
of WSGI apps declared in a configuration file.
Paste Deploy was used to create the pipeline since it is used by many other
OpenStack projects and it is an active project
with new contributors and supports Python 3. Dependency on Paste is
localized so switching to another library would not be hard if OpenStack moves
to another package in the future.
Change-Id: I9a45f974c2c8c67a01748583639e6a6248003b85
Closes-Bug:#1551134
There are files containing string format arguments inside logging
messages. Using logging function parameters should be preferred.
Change-Id: Id558f66de13146f6ae76a7a69f49721b6c3d6257
Closes-Bug: #1321274
Updated import order as per the OpenStack import standards [1].
Modules under magnum/common/pythonk8sclient are not covered in
this patch because this code is generated via a third party
tool "swagger-codegen" which does not follows openstack
standards yet.
[1] http://docs.openstack.org/developer/hacking/#import-order-template
Change-Id: Ia87f3e797ee627bf3c04d2bae9639fd305b41b0d
In some Magnum source code files, oslo log is imported but not used.
Remove it.
from oslo_log import logging
LOG = logging.getLogger(__name__)
Closes-Bug: #1529253
Change-Id: I4d3911b94aed4c74b8163993b38e756139198049
PEP-0274 introduced dict comprehensions to replace dict constructor
with a sequence of length-2 sequences, these are benefits copied
from [1]:
The dictionary constructor approach has two distinct disadvantages
from the proposed syntax though. First, it isn't as legible as a
dict comprehension. Second, it forces the programmer to create an
in-core list object first, which could be expensive.
Magnum does not support python 2.6, we can leverage this.
There is deep dive about PEP-0274[2] and basic tests about
performance[3].
Note: This commit doesn't handle dict constructor with kwagrs.
This commit also adds a hacking rule.
[1]http://legacy.python.org/dev/peps/pep-0274/
[2]http://doughellmann.com/2012/11/12/the-performance-impact-of-using
-dict-instead-of-in-cpython-2-7-2.html
[3]http://paste.openstack.org/show/480757/
Change-Id: I61992fa428d6760449afe3754b02506336e8b421
To support 'magnum service-list' after 'nova service-list', we need to
introduce periodic status update functionality for internal services.
Change-Id: Ia0c09222405c87cb61e5de4a43ba345ae3405b50
Partially-Implements: blueprint magnum-service-list
Closes-bug: #1492501
The Certificate controller has 2 operations:
1. POST
Generate X509 certificate using bay's CA cert.
Below is an example of Certificate POST API request using magnum command:
Example Request:
curl -X POST -H 'Content-Type: application/json' \
-d '{"bay_uuid": "<bay_uuid>", "csr": "<csr>"}' \
http://localhost:9511/v1/certificates
This creates a X509 certificate signed by the given bay's CA and returns
it. No database information is stored in Magnum against it. For each POST
request, a new certificate is generated.
Example Response:
{"bay_uuid": "<bay_uuid>", "csr": "<csr>",
"pem": "<pem encoded certifiacte>"}
2. GET
Fetches the CA cert associated with a bay. Below is an example of CA GET
API request using magnum command:
Example Request:
curl -X GET http://localhost:9511/v1/certificates/<bay_uuid>
This fetches stored CA cert for the given Bay, which can be used to validate
any client and node certificates signed by the Bay's CA. The value for each
is fetched from Barbican or Magnum db based on the different configuration
for storage of certificates.
Example Response:
{"bay_uuid": "<bay_uuid>", "pem": "<pem encoded certifiacte>"}
Co-Authored-By: Andrew Melton <andrew.melton@rackspace.com>
Change-Id: I4b72cc1e1bddc7a7c7eeb0ab22d3769a666ccb2b
Partially-Implements: bp secure-kubernetes
When an object is received in an incompatible version,
IncompatibleObjectVersion is raised. Implementation of the indirection API
allows the object to be backported to a supported version by the conductor.
Related to blueprint versioned-objects-indirection-api
Change-Id: I99fe686b4b4e497be6b5d35a1d2e41833865799a
Currently magnum has two type of migration tools, one is oslo.db
migration_cli, other is calling alembic migration tool directly.
This fixes to get more consistency.
Closes-Bug: #1487248
Change-Id: I705dd2cc65c1f879ce1e2ebaaf2015dc6dc24c64
Previously, it throw error message when database connection was
not defined,
"ValueError: Database connection not set in /etc/magnum/magnum.conf"
even if it was explicitly run with "--config-file /other/location".
So remove that hardcoded config file location.
Change-Id: I3af00f1f6572c3cd9e56141e1774acf373bbce8b
Closes-Bug: #1487258
This patch adds X509KeyPair controller and conductor to handle all
x509keypair related operation and also add test for it.
Change-Id: I5773fcd5bdf8a30fd195714e3e0fdc9d1b0c962d
Partially-Implements: bp secure-kubernetes
Oslo_reports enables OpenStack projects to dump Guru Meditation
Reports with useful debugging information to files or stderr.
So we introduce it into magnum.
Change-Id: Ibf78d87559f9646cc314cd064d7da4f94edc1ff7
Implements: blueprint guru-meditation-report
As 'vm' is not proper for platform, we now used server_type
to replace platfrom. As server_type can be vm or baremetal(bm) etc.
Closes-Bug: #1473257
Change-Id: I9e769e73ba3ea48069f0e69c4a93240bb1fe6c63
Clenimar Filemon
yatin