The Magnum service allow enables policies (RBAC) new defaults and scope by
default. The Default value of config options ``[oslo_policy] enforce_scope``
and ``[oslo_policy] oslo_policy.enforce_new_defaults`` are both to
``False``, but will change to ``True`` in following cycles.
To enable them then modify the below config options value in
``magnum.conf`` file::
[oslo_policy]
enforce_new_defaults=True
enforce_scope=True
reference tc goal for more detail:
https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
Related blueprint secure-rbac
Change-Id: I249942a355577c4f1ef51b3988f0cc4979959d0b
- Drop bay and baymodel tests
- Drop bay and baymodel from controllers
Depends-On: Ib85e4fda8e4ac467bd49590dc72ba5913bb9a19d
Story: 2009104
Task: 42957
Task: 42959
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>
Change-Id: Ida2e42c86400438951d9804e3ce122c56a46b94f
In Change I523a4a85867f82d234ba1f3e6fad8b8cd2291182, the pep8 test was
accidentally dropped.
Fix up code so that pep8 passes.
In addition to that following change has been added here to unbreak CI:
Add WebTest as an indirect test dependency
Pecan has made webtest an optional dependency for testing only [1].
Since it is still used for testing we need to add it to our
test-requirements.txt.
[1]: https://github.com/pecan/pecan/pull/140
Change-Id: I2f85adb4ef29a43389897c201e6152fd4c7be9d6
Up till now, cluster api controller cluster_template_id was a
property field loading the id from the DB every time. With this
change the field becomes of text type and mandatory, so wsme fwk
guarantees that the field is provided when needed.
Cluster objects will not load the cluster template on creation.
Instead cluster templates will be loaded when they are actually
needed.
story: 2006693
task: 36989
Co-Authored-By: Stavros Moiras <stavros.moiras@cern.ch>
Change-Id: I2313c6a8b647e521cfa476f9cec65ab286fa5a23
At present, all clients can request resize of cluster nodes to zero.
This PS ensures that only requests with 1.10 microversion header or more
are fulfilled.
Story: 2007851
Task: 41841
Additionally, unit tests are also included to ensure that the
microversions are respected for create, update and resizing clusters
with zero node count.
Additionally, unit tests for the following APIs are tested explictly:
- resize API with microversion 1.7
- upgrade API with microversion 1.8
- nodegroup API with microversion 1.9
Story: 2005054
Task: 41840
Change-Id: Iba9d619d2e92abcbaa3eca5da68f5e0f203dea8d
This change allows users to create clusters and nodegroups with
node_count equal to 0. Also adds support for resizing existing
nodegroups to 0.
Change-Id: Id63459d0fe9836e678bb7569f23d29eabc225e9e
story: 2007851
task: 40145
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>
Currently master_lb_enabled can be enabled at cluster creation but validation
is only done for cluster_template.
We need to validate in cluster.
Fix testing
task: 41535
story: 2007634
story: 2008487
Change-Id: Icf32de2b803aa160dc3b7993e128deff11d02fcb
At present, when a cluster is patched without node_count (e.g. when
health_status and health_status_reason are patched), the node_count in
the cluster_update invocation contains cluster.node_count instead of
default_ng_worker.node_count which causes unexpected behaviour when a
cluster has additional nodegroups (e.g. the default-worker size gets
incremented by 1 if the additional nodegroup has 1 worker each time the
cluster is patched).
This PS fixes this issue by using default_ng_worker.node_count if path
"/node_count" is not present in the patch object.
Story: 2005266
Task: 39962
Change-Id: I0df5149860604f0adf52701df371e34a6e667b9d
- Deprecate in-tree Cinder volume driver for removal in X cycle in
favour of out-of-tree Cinder CSI plugin for Kubernetes.
- Set cinder_csi_enabled to True by default from V cycle.
- Add unit test for in-tree Cinder deprecation.
- Add mssing unit tests for resent docker_storage_driver deprecation.
Change-Id: I6f033049b5ff18c19866637efc8cf964272097f5
Story: 2007048
Task: 37873
The post for both clusters and nodegroups is adapted to wait for a
boolean flag called merge_labels. Based on this flag the API will
either merge the provided with the parent labels or just use the
provided labels.
At the same time, the get methods of both clusters and nodegroups
are adapted to include new fields in the response called
"labels_overridden", "labels_added", "labels_skipped". The fields
contain the differnces with the parent labels.
story: 2007515
task: 39691
Change-Id: I1054c54da96005a49e874de6f4cf60b5db57fc02
While working on [0], we encountered a pep8 warning
for "E741 ambiguous variable name".
story: 2007657
task: 39744
Change-Id: I72546aca1a50d479c7fad8a2b56bae13d4f20469
Signed-off-by: Spyros Trigazis <strigazi@gmail.com>
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I6245a207ec65df0ef11a798b4cffe3157abccb73
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Co-Authored-By: Spyros Trigazis <spyridon.trigazis@cern.ch>
The original design of k8s cluster health status is allowing
the health status being updated by Magnum control plane. However,
it doesn't work when the cluster is private. This patch supports
updating the k8s cluster health status via the Magnum cluster
update API by a 3rd party service so that a controller (e.g.
magnum-auto-healer) running inside the k8s cluster can call
the Magnum update API to update the cluster health status.
Task: 38583
Story: 2007242
Change-Id: Ie7189d328c4038403576b0324e7b0e8a9b305a5e
This adds the changes needed in the API and conductor level to support
creating updating and deleting nodegroups.
Change-Id: I4ad60994ad6b4cb9cac18129557e1e87e61ae98c
This commit removes the fields node_addresses, master_addresses,
node_count and master_count from the cluster object since this info
will be stored in the nodegroups. At the same time, provides the way
to adapt existing clusters to the new schema.
story: 2005266
Change-Id: Iaf2cef3cc50b956c9b6d7bae13dbb716ae54eaf7
Now Magnum supports list, get, delete user's cluster/template by admin,
but not allowed for updating. We're seeing this could be a very useful
feature for us, since sometimes we need to help our customer to update
their templates or clusters on behalf.
Task: 30251
Story: 2005323
Change-Id: I3ab1d4583b5eb3d1c377e46fd73347c2477c3e08
This changes the existing cluster APIs and the cluster conductor to
take into consideration nodegroups:
* create: now creates the default nodegroups for the cluster
* update: updates the default nodegroups of the cluster
* delete: deletes also the nodegroups that belong to the cluster
* cluster_resize: takes into account the nodegroup provided by the API
story: 2005266
Change-Id: I5478c83ca316f8f09625607d5ae9d9f3c02eb65a
After merging https://review.openstack.org/#/c/531066/
it would be interesting for admin users to be able to
delete clusters and cluster templates as well.
Related-Bug: #1740982
Change-Id: I91f909e8814b86fd5f8b555573238b99b47ffd03
As an admin user, I'd like to access all clusters or templates across
all projects for operation purpose. Similar function is supported by
most of the other services, like Nova, Neutron, Cinder, Heat, etc.
Related-Bug: #1740982
Change-Id: Icaba09de79a3452286fb60fee80a53430317cba0
Add flavor_id as an option during cluster create. If not given,
the default is taken from the cluster template.
Add flavor_id in the Cluster object and use that instead
of the one from ClusterTemplate.
Update both magnum and magnum cli documentation to reflect the above changes.
Partial-Bug: #1699245
Change-Id: Ib60c05cce1cf2639ca4740abdd264403033433f9
Add master_flavor_id as an option during cluster create. If not given,
the default is taken from the cluster template.
Add master_flavor_id in the Cluster object and use that instead
of the one from ClusterTemplate.
Update both magnum and magnum cli documentation to reflect the above changes.
Partial-Bug: #1699247
Change-Id: Id1d973167b381538121583a0a9691304b39e98de
Add labels as an option during cluster create. If not given,
the default is taken from the cluster template.
Add labels in the Cluster object and use that instead
of the one from ClusterTemplate.
Update both magnum and magnum cli documentation to reflect the above changes.
Partial-Bug: #1697651
Implements: blueprint flatten-attributes
Change-Id: I8990c78433dcbbca5bc4aa121678b02636346802
Following [1], cluster objects have a docker_volume_size attribute.
If not explicitly set on creation, the value of this attribute should
default to the value of the same field on the cluster's template.
When not provided, the API Cluster object's docker_volume_size field
takes the value wsme.Unset, rather than None.
[1]
79039bb419
Change-Id: Iad5231643c01ec9698c932b59806781034390795
Depends-On: I510ff10d708a237be0cb88d3ff7094d7c81f5875
Closes-Bug: #1702314
Add docker_volume_size as an option during cluster create. If not given,
the default is taken from the cluster template.
Add docker_volume_size in the Cluster object and use that instead
of the one from ClusterTemplate.
Update both magnum and magnum cli documentation to reflect the above changes.
Partial-Bug: #1697648
Implements: blueprint flatten-attributes
Change-Id: Ic6d77e6fdf5b068fa5319b238f4fd98b4d499be4
Currently cluster-update is rolling back in case of update
failure irrespective of whether the rollback flag set to
True or False. This change fixes the issue by setting the
right parameter type in cluster patch method.
Change-Id: I6c28c583e7e3b98622634ac2381513b442eb57b6
Closes-Bug: #1664781
Currently there is no limit on the number of clusters that can
be created in a project. This change limits number of clusters
in a project by checking cluster quota on cluster-create.
Change-Id: Ifa17d12692751fc6929e62be8bb59d481a2fd205
Partially-Implements: blueprint resource-quota
In the unit code for cluster testing, the valid name and invalid
name have many possibilities. We can list all the possibilities
of cluster's name through a list, to reduce some repetitive code.
Change-Id: Ib98540523ff083147a007b5cb893122f3c965fe1
Closes-Bug: #1651013
Keypair can now be added during Cluster create command. This allows
Clusters to be created from the same ClusterTemplate but have
different keypair values when created. If not specified on create
then the value from the ClusterTemplate will be used. Adds keypair_id
to Cluster object and uses of keypair_id will use the value from Cluster
instead of ClusterTemplate.
Added release note for new features in magnum and magnum CLI.
Change-Id: I177a5aa06f881156944a9f74c9ccc3cd2abac492
Implements: blueprint keypair-override-on-create
This is patch 3 of 3 to change the internal usage of the terms
Bay and BayModel. This patch updates Bay to Cluster in DB and
Object as well as all the usages. No functionality should be
changed by this patch, just naming and db updates.
Change-Id: Ife04b0f944ded03ca932d70e09e6766d09cf5d9f
Implements: blueprint rename-bay-to-cluster
This patch fixes a few missed changes. It also updates Cluster
and ClusterTemplate with a few changes that were merged while the
main patch was a WIP. Updates changes from patches:
Idd02769f98078702404a11dc9f7a3339ce4e22eb and
I1abc5626f39958351935f4c711c19588651d2bc6
Change-Id: I509520d1af0f0e2c04d53359705973d6a6f97a26
Implements: blueprint rename-bay-to-cluster
Attributes which are mandatory (ie, required for object creation) should
not be removable. However, some attributes (such as baymodel.server_type)
are not required for object creation, but should not be removable if they
are set. This commit does the following:
- rename JsonPatchType.mandatory_attrs to non_removable_attrs to better
describe its meaning,
- change its return type to set-of-strings for faster lookup
- ensure all mandatory attributes on the type being patched are
included in the set of non-removable attributes,
- add a new field, JsonPatchType._extra_non_removable_attrs, which
should be a set of attributes that are not required for creation but
should not be removed if set.
Since the object to be patched does not exist at patch-validation time,
we leave the validation logic in methods of JsonPatchType and
subclasses. This means introspecting the types to be patched.
This patch is copied from ironic [1].
[1] https://review.openstack.org/#/c/240202/9
Change-Id: Ifcfc4e48a05d75b919a33ef463754c199da94a8e
Close-Bug: #1530771
This is the first of several patches to add new Cluster commands
that will replace the Bay terminalogy in Magnum. This patch adds
the new Cluster and ClusterTemplate commands in addition to the
Bay and Baymodel commands. Additional patches will be created
for client, docs, and additional functional tests.
Change-Id: Ie686281a6f98a1a9931158d2a79eee6ac21ed9a1
Implements: blueprint rename-bay-to-cluster
Michal Nasiadka