Ensure the --live-restore is not in the Docker daemon OPTIONS.
Some images has this option by default which will cause the node
not being able to perform it swarm init process.
Cluster update was used for scaling operations only,
but if the heat-temaplates where changed for any reason
(eg upgrade of the magnum server), the stack update command
This patch uses the existing parameter in the stack update call.
Add kubelet on the master nodes. This work was
done already for calico, this patch applies the
same config when calico is used as well.
tls-ca-file flag is unused and was removed from kube-apiserver
in kubernetes 1.11. This means that any cluster with this
option specified will fail on apiserver start
Pull request on flag removal:
1. pods with host network can not reach coredns or any svc or resolve
their own hostname
2. If webhooks are deployed in the cluster, the apiserver needs to
contact them, which means kube-proxy is required in the master node with
the cluster-cidr set.
The statement in configure-kubernetes-master and minion
that is checking weather to enable the cloud provider needs
to be split into two and use one '='.
When create a cluster in Openstack, a master-node has failed during
cloud-init scripts. It failed in 'make-cert.sh' because it couldn't get
a right token. The extra_params['auth_url'] has a slash at the end so
the requested url was wrong.
Returend url of url_for() has a slash at the end.
Just add rstrip('/') to fix this error.
When we create a cluster and pass the ca.key in a software deployment we
must ensure that the apiserver will start before calico, dashboard etc
which require the api to return ok. 
The heat agent process the deployment serially, so if coredns arrives
first in the agent, it will wait forever for the coredns script to
Putting the cert_manager_api first solves the issue.
 curl http://127.0.0.1:8080/healthz
A new label `service_cluster_ip_range` is added for k8s so that
user can set the service portal ip range to avoid conflicts with
pod ip range.
This is a part of fixes for k8s v1.11.1 recently we're doing. When
testing the k8s v1.11.1, we just found some small but annoying issues:
1. cgroup-driver with systemd not working well with Fedora Atomic, so
we're going to use cgroupfs as the default cgroup-driver.
2. The $ char need to be escaped wc-notify-master.sh
Due to a change in Go 1.10.3, which k8s v1.11.1 is based on, now
magnum is failing to create a working k8s cluster with version 1.11.1.
This patch is changing removing the extention usage for server auth
for ca cert and using simple public/private keys for k8s service account
When using calico network driver for k8s, kubelet will be
enabled/installed on master node. So we need to make sure
the /etc/kubernetes/manifests directory is accessible. Same
thing has been done for minion node.
In these environments, the Kubelet needs to be told to use
a different flexvolume plugin directory that is accessible
and writeable (rw). By default, it's /usr/libexec/kubernetes/\
kubelet-plugins/volume/exec/. It raised read-only directory error
The patch simply change flexvolume dir to accessible and
Add "trustee_keystone_region_name" optional configuration parameter
that allows Magnum to specify a region when searching for auth_url
in the Identity service.
This parameter is useful for multi-regional OpenStack installations
with different Identity service for every region.
There are 2 fixes included in this patch:
1. A regression issue introduced by the multi region patch,
see https://review.openstack.org/#/c/579043 for more details.
There is a missing bracket.
2. Issues in the Dockerfile of heat-container-agent. Some depedencies
are renamed or we don't really need them. And because of the
multi region bug, we need a new version for os-collect-config. So
switching to pip from dnf is much eaiser than building a new RPM
package for those python libs we care about. To be more clear,
for the multi region issue, we need os-collect-config 9.1.0, and
with dnf you can only find 5.0.0.
While the stack is not COMPLETE, we do not need
to resolve the outputs of the stack. Resolving the
outputs is expensive for large stacks.
Signed-off-by: Spyros Trigazis <email@example.com>
Add 'cloud_provider_enabled' label for the k8s_fedora_atomic
driver. Defaults to true. For specific kubernetes versions if
'cinder' is selected as a 'volume_driver', it is implied that
the cloud provider will be enabled since they are combined.
The motivation for this change is that in environments with
high load to the OpenStack APIs, users might want to disable
the cloud provider.
Currently, Magnum is using k8s API /version to check the API
availibility which is not a good way because /version only
reflects if the basic k8s api is working on not. And it will
return response even the etcd service is down. This patch fixes
it by using /healthz to replace /version.