This is part of the steps to remove usage of six library, which is no
longer needed since python 2 support was removed.
Change-Id: I529759167f960714ebf93be7b89ee849040361b2
oslo.db 12.1.0 has changed the default value for the 'autocommit'
parameter of 'LegacyEngineFacade' from 'True' to 'False'. This is a
necessary step to ensure compatibility with SQLAlchemy 2.0. However, we
are currently relying on the autocommit behavior and need changes to
explicitly manage sessions. Until that happens, we need to override the
default.
Also squashed change: [CI] move queue setting to project level
Jobs are currently not running. Fix as described in [1][2]
[1] https://lists.opendev.org/pipermail/service-announce/2022-September/000044.html
[2] https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html
Story: 2010296
Co-Authored-By: Stephen Finucane <stephenfin@redhat.com>
Co-Authored-By: Jake Yip <jake.yip@ardc.edu.au>
Change-Id: I625500d9e6670a429c70a0f6d582d0865ce78fd1
In Change I523a4a85867f82d234ba1f3e6fad8b8cd2291182, the pep8 test was
accidentally dropped.
Fix up code so that pep8 passes.
In addition to that following change has been added here to unbreak CI:
Add WebTest as an indirect test dependency
Pecan has made webtest an optional dependency for testing only [1].
Since it is still used for testing we need to add it to our
test-requirements.txt.
[1]: https://github.com/pecan/pecan/pull/140
Change-Id: I2f85adb4ef29a43389897c201e6152fd4c7be9d6
Due to a bug in the db api code for sqlalchemy, deleting a single
quota was actually deleting all existing quotas.
Change-Id: Ia588db99fad0276ca9c512799e4e8c89d29d42fb
In Ib6e3ed40dc8b075c3cecb967b7417097e3cab60d, a breaking change was
introduced to suppose SQLAlchemy 1.4.x but this PS ensures backward
compatibility with 1.3.x.
Change-Id: I73ef4f99f02abc8b1083860f34a8a8e084ad96fd
We noticed that from the user perspective it is hard
to know when a cluster_template provided by the cloud
admin is mature enough for a production release.
This field will allow the administrator to add an
annotation to the cluster template like
{deprecated, recommended, testing} giving further
usefull information to the end user about the
template's life cycle
This patch adds the necessary database column and
API objects to handle the new argument.
story: 2007857
task: 40160
Change-Id: I5d1c4221f089bc5cd12b25f620aa01771a029df9
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>
Since each nodegroup will be one independent stack, we have to add
more fields to the table and object in order to track each stack
contained in the cluster. This adds the stack_id, version, status,
status_reason and version fields to the nodegroup object.
Change-Id: I6d36b2d3bc6476efbef6a9f702ffc73cfa0fab8c
This commit removes the fields node_addresses, master_addresses,
node_count and master_count from the cluster object since this info
will be stored in the nodegroups. At the same time, provides the way
to adapt existing clusters to the new schema.
story: 2005266
Change-Id: Iaf2cef3cc50b956c9b6d7bae13dbb716ae54eaf7
Add a new hidden flag to cluster templates. This allows an operator to
keep a cluster public (accessible to all users) while not showing them
in cluster template listing.
Story: 2004941
Task: 29342
Change-Id: Ia2717ca960041753f6e772bf2d41c7f5a196dae6
To get a better cluster template versioning and relieve the pain
of maintaining public cluster template, the patch is proposing
that the name of cluster template can be changed.
A folllowing patch/spec will be proposed to add a new field
'deprecated' to allow ops to hide old/deprecated templates.
Task: 26889
Story: 2003960
Change-Id: Id1db81d35bc3dccff0fac481be7801de200d52de
this commit introduces a new `Federation` table to
Magnum database, as well as the necessary DB layer
APIs to access and manage it.
this belongs to the first phase of the implementation
of the federation api. check [1] for more details.
[1] https://review.openstack.org/#/c/489609/
Change-Id: Ie8a68cd3198c8fc7930069fd2e55f1cad55b6c9b
Partially-Implements: blueprint federation-api
we have enable multiple workers of magnum-conductor that
result in multiple processes save same DB entry concurrently.
This patch logs warning message instead of raising exception
Change-Id: I548d50bed5d80e96042f88039e880075e1bffc53
Close-Bug: #1711324
This commit addresses multiple potential vulnerabilities in
Magnum. It makes the following changes:
* Permissions for /etc/sysconfig/heat-params inside Magnum
created instances are tightened to 0600 (used to be 0755).
* Certificate retrieval is modified to work without the need
for a Keystone trust.
* The cluster's Keystone trust id is only passed into
instances for clusters where that is actually needed. This
prevents the trustee user from consuming the trust in cases
where it is not needed.
* The configuration setting trust/cluster_user_trust (False by
default) is introduced. It needs to be explicitely enabled
by the cloud operator to allow clusters that need the
trust_id to be passed into instances to work. Without this
setting, attempts to create such clusters will fail.
Please note, that none of these changes apply to existing
clusters. They will have to be deleted and rebuilt to benefit
from these changes.
Change-Id: I643d408cde0d6e30812cf6429fb7118184793400
Currently there is no limit on the number of clusters that can
be created in a project. This change limits number of clusters
in a project by checking cluster quota on cluster-create.
Change-Id: Ifa17d12692751fc6929e62be8bb59d481a2fd205
Partially-Implements: blueprint resource-quota
* Add osprofiler wsgi middleware. This middleware is used for 2 things:
1) It checks that person who wants to trace is trusted and knows
secret HMAC key.
2) It starts tracing in case of proper trace headers
and adds first wsgi trace point, with info about HTTP request
* Add initialization of osprofiler at start of service
Currently that includes oslo.messaging notifer instance creation
to send Ceilometer backend notifications.
* Traces HTTP/RPC/DB API calls
Demo: https://hieulq.github.io/cluster-create-false-new-html.html
Co-Authored-By: Hieu LE <hieulq@vn.fujitsu.com>
Implements: blueprint osprofiler-support-in-magnum
Change-Id: I7d68995aab81d365433950aada078ef1fcd5469b
This change introduces a new /stats REST endpoint that
provide the following basic information;
1) Total number of clusters and nodes for the given tenant.
2) Total number of clusters and nodes across all the tenants.
Follow-up patches include more stats.
Change-Id: Iac0bf9343549de31654545d5b1fd7601e56142a7
Partially Implements blueprint magnum-stats-api
The provision_state parameter was copied from ironic
with following patch:
https://review.openstack.org/#/c/138280
It should be removed as it's not required in magnum.
Change-Id: Id9e08ee731ae79531c8e29fd47e4fa650b1c5dcc
Partial-Bug: #1627663
This is patch 3 of 3 to change the internal usage of the terms
Bay and BayModel. This patch updates Bay to Cluster in DB and
Object as well as all the usages. No functionality should be
changed by this patch, just naming and db updates.
Change-Id: Ife04b0f944ded03ca932d70e09e6766d09cf5d9f
Implements: blueprint rename-bay-to-cluster
This patch is the first of 3 patches to change the internal
usage of the terms Bay and BayModel. This patch updates
BayModel to ClusterTemplate. No functionality should be
changed by this patch, just naming and db updates.
Change-Id: I0803e81be6482962be2878a8ea2c7480f89111ac
Implements: blueprint rename-bay-to-cluster
Passed arguments in key value form, while raising
MagnumServiceNotFound exception, as expected by the exception
message.
Change-Id: Iae767db0bbd264bb668b2845284fc5d876f7025d
Closes-Bug: #1619225
This is the first of several patches to add new Cluster commands
that will replace the Bay terminalogy in Magnum. This patch adds
the new Cluster and ClusterTemplate commands in addition to the
Bay and Baymodel commands. Additional patches will be created
for client, docs, and additional functional tests.
Change-Id: Ie686281a6f98a1a9931158d2a79eee6ac21ed9a1
Implements: blueprint rename-bay-to-cluster
Following the removal of service [1], pod [2] and container [3], remove
COE specific object ReplicationController.
This change also removes k8s_conductor.
[1] I4f06bb779caa0ad369a2b96b4714e1bf2db8acc6
[2] I8c2499ccb97aae39d80868ce02fbef292d762c10
[3] I288fa7a9717519b1ae8195820975676d99b4d6d2
Change-Id: Ica100c8d2dfdd7dc709feb1f5cdc5a3f3d6c7318
Partially-Implements: blueprint delete-container-endpoint
Partially-Implements: blueprint bay-drivers
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the container object, drop the db table and remove references to
the container object. The docker_conductor has also been removed as this
was used for managing containers using Magnum objects.
Change-Id: I288fa7a9717519b1ae8195820975676d99b4d6d2
Partially-Implements: blueprint delete-container-endpoint
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the service object, drop the db table and remove references to
the service object.
Change-Id: I4f06bb779caa0ad369a2b96b4714e1bf2db8acc6
Partially-Implements: blueprint delete-container-endpoint
This patch does following:
* Removes X509keypair controller as there is already Certificate
controller for same purpose.
* Removes X509keypair conductor.
* Removes name, ca_cert and bay_uuid from x509keypair model as
Bay model already holds certificate references.
* Add intermediates and private_key_passphrase to x509keypair
model.
* Remove related tests and changes.
Change-Id: I9271221cd1d07c672c4a380a4ae3593237fca66a
Partially-Implements: blueprint barbican-alternative-storeX
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the pod object, drop the db table and remove references to the
pod object.
Change-Id: I8c2499ccb97aae39d80868ce02fbef292d762c10
Partially-Implements: blueprint delete-container-endpoint
Allow update baymodel's public field to be True even if referenced by bays,
User case is one operator wants to share this baymodel to others but doesn't
want to delete the referenced bay.
Please note we only allow to update public to be True case. In case of
True->False, this may lead bays lost baymodel, so don't do this.
Closes-Bug: #1557943
Change-Id: Ia08a2e9611de3559c5cec4eee832bade1f9af09e
We can not get public baymodel now.
Fix it by:
1. Union public baymodel when fetch baymodel from DB.
2. Don't apply policy checking if the baymodel is public
Closes-Bug: #1557977
Change-Id: Ie5b1432d06611cd697a55f67fd66207e1e757382
Introduce Quota Table and Quota list/create API's. With
this concept it will be possible to set quota on a
resource within a project. Fox example X number
of bay creation within a project and if the request
exceeds X bay creation will not be allowed. This change
only introduces the db layer changes.
Change-Id: I8990052df48bdbf6eee426e88ed6c9c2f8cfd344
Partially-Implements: bp resource-quota
The node object represents either a bare metal or virtual machine
node that is provisioned with an OS to run the containers, or
alternatively, run kubernetes. Magnum use Heat to deploy the nodes,
so it is unnecessary to maintain node object in Magnum. Heat can do
the work for us. The code about node object is useless now, so let's
remove it from Magnum.
Closes-Bug: #1540790
Change-Id: If8761b06a364127683099afb4dc51ea551be6f89
Fix the ignored E711 hacking rule and remove this exclusion in tox.ini.
This will make Magnum code have no pep8 violations and exceptions.
Change-Id: If7bf9f0cd61cebf2c85011156eb187453578faf7
It is very dangerous to update a baymodel when it is referenced by
bay(s). We should disallow updating a baymodel if it is referenced
by one or multiple bays. A BayModelReferenced exception will be raised
when do this action.
DocImpact
Closes-Bug: #1517259
Change-Id: I6c6cd1eebbb6e1f4b5e1657d3909b1bc8d287a35
In some Magnum source code files, oslo log is imported but not used.
Remove it.
from oslo_log import logging
LOG = logging.getLogger(__name__)
Closes-Bug: #1529253
Change-Id: I4d3911b94aed4c74b8163993b38e756139198049
Add bay filter to container, so that we can filter containers by bay_uuid.
Change-Id: Ie48757df37c1859211d775282cfcee82fe4fc9f8
Partially-Implements: blueprint filter-resource-by-bay
This patch makes API call to Kubernetes secure using the certificate
and key.
Co-Authored-By: Madhuri Kumari<madhuri.kumari@intel.com>
Co-Authored-By: OTSUKA, Yuanying<yuanying@fraction.jp>
Depends-On: I76b0f91f0c44f9880980e35c6b8856ea48ed3ce1
Change-Id: Id4dceb83f67b80f5b39e3047011f9e34e840359d
Partially-Implements: blueprint secure-kubernetes
With docker, users have an option to specify memory size when
creating containers. This patch bring this capability to Magnum.
Specifying memory size is optional but recommended. If memory size
is unset, magnum will set mem_limit as None on docker create.
Change-Id: Ife88284402ff39a7b2e051f6e66913e502f2ba8c
Closes-Bug: #1487224