This patch moves k8s-coreos specific templates and
template_definition class to the new drivers folder.
It also deletes the /magnum/templates folder
as everything has been moved to the drivers directory.
Change-Id: I6b2ca49e4d7d5fcfb96d0abc373d6476fd907358
Paritially-Implements: blueprint bay-drivers
Moves templates and template_definitions to the new
directory structure.
Change-Id: I42e4d2bd056f3d8082ef51ef599d917f2fe82960
Paritially-Implements: blueprint bay-drivers
Moved all the swarm templates and template_definition code
to the magnum/drivers folder.
Moved base template_definition classes to drivers/common
folder
Change-Id: Ieff57f0f47835c35d9f17c3d7d1b7e6a40907462
Partially-Implements: blueprint bay-drivers
Co-Authored-by: Spyros Trigazis <strigazi@gmail.com>
Currently when we create a Bay, magnum is not enough to prevent bay creation failure,
due to Invalid discovery url can be referenced and there're no check toward it. We
should check the discovery url before creating bay, a 400 Invalid will be raised if
the discovery url is invalid:
1.the discovery url should be a correct url of etcd cluster.
2.the discovery url should have suitable cluster size.
Change-Id: Ib75f9f2aade18b16dd46035efe139311faf93e1e
Add a parameter 'slaves_to_remove' that lists resources to be
removed on stack update. The value will be passed to
removal_policies of the 'mesos_slaves' resource group.
Change-Id: I18fcd0be962dd7414329dcfcad8bb4c79958ee9a
Partially-Implements: blueprint mesos-smart-bay-scale-down
1.when self.get_output_value() return None, K8sApiAddressOutputMapping's
set_output() and SwarmApiAddressOutputMapping's set_output() should
checks whether output_value is None at first.
2.'output_value = "%(protocol)s://%(address)s:%(port)s" % params'
certainly not is None, So 'if output_value is not None' is useless.
Change-Id: I637ee0793e966ef46bfee6e51fbda2a15032979e
mesos_slave_executor_env_variables is mesos executor
environment variables, and it should be a json form.
(1) validate mesos_slave_executor_env_variables
if matching the json form.
(2) modify the mesos slave configure file
(3) unit test
Partially-Implements:blueprint mesos-slave-flags
Change-Id: I35e56515f321b0df52b3ba0e8aba48d7dd421d58
Add docker registry support for swarm in heat template. After this
patch is merged, we can use docker registry in swarm bay.
Change-Id: I5161a4c0259a2df89dfc8591453aebc6f037d40d
Partially-Implements: blueprint registryv2-in-master
The Mesos slave has many different flags and different user have
different requirement for different parameters, add isolation,
work_dir, image_providers parameters for slave in mesos bay to
give end user more choice. for example Set the parameters to
support Container Images in Mesos Containerizer
Note: support Container Images in Mesos Containerizer needs mesos
version >= 0.28
Partially-Implements:blueprint mesos-slave-flags
Change-Id: Ib4fd7076704a3266f0cf2addf08896729ec6062f
After this patch is merged, docker registry will be available.
We can push docker images into local repo on a bay node.
Change-Id: I1245bde7ef3173226617e60e6436759f433eb464
Partially-Implements: blueprint registryv2-in-master
From http://logs.openstack.org/64/302064/6/check/
gate-magnum-python27/6c92a13/console.html the log clearly
said bay-xx-xx-xx-xx is an invalid UUID. Using UUIDFields
with invalid UUIDs is no longer supported, so in our test
let's use real UUID case for that.
Change-Id: I0f3dbd8748293741cb5501365aee710220eb3ea0
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Currently, we use the users auth token, which expires after a while.
We need to use a trust instead.
Remove user_token at the same time.
Change-Id: Id1d34c59eccd70be24c5b9e00cd921b5a9d59860
Partially-Implements: blueprint use-trust-for-tls-cert-generation
Previously,the kubernetes bay type did not support the Magnum Container
Volume Model. This patch adds support for volume through the following:
1. Add volume_driver, region_name to
kubernetes bay type.
2. Update kubernetes unit tests to support container volume.
3. Update kubernetes heat templates for container volume model.
Note: The Container Volume Model of Kubernetes need the
kubernetes Version >= 1.1.1 and docker version >= 1.8.3
Change-Id: I8f568087f8e8254cb14a81edb526e596da33abcc
Partially-Implements: blueprint magnum-integrate-with-cinder
Allow configuring Flannel with 3 different backends
Magnum deploys k8s/swarm over a dedicated neutron private network,
possibly using flannel. Flannel's `host-gw` backend gives the best
performance in this topopolgy (private layer2): no packet processing
overhead, no reduction to MTU, scales to many hosts as well as the
alternatives. The performance difference is significant, see bug for
performance numbers for the 3 backend options.
Note that part of this change involves relaxing the minion IP spoofing
rules to allow traffic from all dynamically-allocated flannel subnets.
This is morally equivalent to what we were doing previously with
encapsulation - only now neutron is able to see the inner IP header
directly.
This patch repurposes the label "flannel_use_vxlan" when the network
driver is flannel.
1. Rename the label flannel_use_vxlan to flannel_backend
2. Redefine the value of this label from "yes/no"
to "udp/vxlan/host-gw"
For example, to create a bay model with flannel as network driver:
--network-driver flannel --labels flannel_backend=host-gw
Other backend options are udp and vxlan.
Co-Authored-By: Ton Ngo <ton@us.ibm.com>
Partial-Bug: #1518605
Closes-Bug: #1516789
Change-Id: I6d2441664ad1baaca14d0e6ff4bcddbe75bee094
Url for keystone is needed by trust and other services, such as k8s
and docker registry.
Change-Id: I269332b5736b6c5a9bc85d843f0d03f1a4d059ee
Partially-Implements: blueprint create-trustee-user-for-each-bay
Previously,the mesos bay type did not support the Magnum Container
Volume Model. This patch adds support for volume through the following:
1. Add username, tenant_name, preempt, region_name, domain_name to
mesos bay type.
2. Add get_parameter to mesos.
3. Update mesos unit tests to support container volume.
4. Update mesos heat templates for container volume model
Change-Id: Icf7cb9fc38c7facb2d49904b6e52bbce974948f7
Partially-Implements: blueprint magnum-integrate-with-cinder
If discovery endpoint is not accessible, magnum returns "ERROR: Timed
out waiting for a reply to message ID a74fe7ec63b34f298c46c9f6659257d7
(HTTP 500)" when we create a bay. The response is misleading.
So we should raise exception when magnum fails to get discovery_url
and make the response easy to understand.
Change-Id: Ia649e55de0878160f42fecf1647d9da7fc954d72
Closes-Bug: #1529200
Object "stack" returned by Heat doesn't necessary have the "outputs"
attribute. This could happen when a stack is in failure state. Magnum
needs to handle this case robustly.
Closes-Bug: #1525678
Change-Id: I288af63bd9e2704f9869f3eaf8d8d4c6495a7973
To create a HA mesos bay, users need to specify at least 3 master
nodes. For example:
magnum bay-create --name mesosbay --baymodel mesosbaymodel \
--master-count 3
Change-Id: I85c2113fec0fd743cc3b142e6a490bdfb3b896e6
Implements: blueprint mesos-multi-master-node
Move Mesos master into its own nested template. This will make the
style consistent with k8s templates.
Change-Id: Icfb0df1b486febacc08f34ca86a58a80dc83f812
Partial-Implements: blueprint heat-network-refactor
Previously, Swarm leveraged Docker's public discovery mechanism
for bootstrapping a cluster. Etcd bootstrapping is supported by
Swarm and is preferred for production use for the following reasons:
1. Required for HA.
2. Is more secure.
3. Required for the Flannel network-driver.
Partially-Implements: blueprint extend-baymodel-net-attributes
Partially-Implements: blueprint conductor-template-net-update
Change-Id: Iab844c03ed7cf8bbee69b72ff71c219f0a5ab1dd
api_address is a API address instead of master node's IP address.
This patch fix it by adding a new OutputMapping, it will help to handle
the mapping from master address to api_address.
Also test cases added.
Closes-Bug: #1514311
Change-Id: I47baf92dd466150adbd75746d0cb804d108f7d5f
After this commit, all Heat templates have five common outputs:
* api_address: API endpoint of specific COE.
* kube_masters/swarm_master/mesos_master: Public IP address(es) of
master node(s).
* kube_masters_private/swarm_master_private/mesos_master_private:
Private IP address(es) of master node(s).
* kube_minions/swarm_nodes/mesos_slaves: List of public IP addresses
of worker nodes.
* kube_minions_private/swarm_nodes_private/mesos_slaves_private:
List of private IP addresses of worker nodes.
Change-Id: Ie44136dafa326db598a5f17978d89adce8e69801
Closes-Bug: #1514252
The error is caused by change of user_token on bay-update. In
particular, when a bay is created, magnum pass user token to heat
as a parameter. Heat in term pass the token to each bay node via
user_data. When a bay is scaled up/down, another token is generated
and passed to heat, which changes the user_data of each bay nodes.
As a result, heat have to replace all the bay nodes to update the
user_data, which cause the error.
Change-Id: If3c3a0d435893d4fa4ed96f7ffd3c414200770f8
Closes-Bug: #1504689
Some tests used incorrect order assertEqual(observed, expected).
The correct order expected by testtools is
assertEqual(expected, observed).
This patch fix the issue in the module magnum/tests/unit/conductor/.
Change-Id: Ib8ead5a00b8095892341e08b1662b053ac1ec36b
Partial-Bug: #1259292
This patch modifies template to generate certificates and configure TLS
settings for kube-apiserver/kubelet/kube-proxy.
Co-Authored-By: Andrew Melton <andrew.melton@rackspace.com>
Partially-Implements: bp secure-kubernetes
Change-Id: I76b0f91f0c44f9880980e35c6b8856ea48ed3ce1
Kubernetes service provides the LoadBalancer feature
This is supported through an OpenStack plugin in Kubernetes code.
Enabling this feature requires configuring the cluster properly for
Kubernetes to interface with Neutron. Kubernetes backend will then
create the Neutron load balancer pool, members, VIP and monitor,
and manage the pool members as pods are added/removed from the
service.
This patch updates the Fedora Atomic heat templates and scripts for
the following changes:
1. Update command line parameters for Kubernetes services.
2. Pass along OpenStack info and generate the configuration file
for Kubernetes to talk to OpenStack.
3. Adjust the name for minion and private network to match what
Kubernetes expects.
4. Let kubelet register the minion automatically instead of
registering manually.
With this patch, a Kubernetes service containing the attribute
"type: LoadBalancer" will have a load balancer created in Neutron.
The new image fedora-21-atomic-6.qcow2 needs to be used since it
contains required fixes for the kube-controller-manager.
The load balancer support will be disabled by default, the user
needs to log into the master node to enter the password to
enable the feature. See the guide for details.
The templates for CoreOS and Ironic are in following patches.
Partially-Implements: blueprint external-lb
Change-Id: I2c4b854f94fb2dfc99fc460c897f33bf59d260e3
Adds labels to the following:
1. api baymodel attribute
2. conductor template definitions and entrypoints
3. a new column to the baymodel db
4. objects. Note: Updates baymodel object version
5. Tests
Partially-Implements: blueprint extend-api-network-attributes
Partially-Implements: blueprint extend-baymodel-net-attributes
Partially-Implements: blueprint conductor-template-net-update
Change-Id: I49f9c7df28f806cdedb3a382b1cb41bc48ff4e90
The names of some of the variables had too much copy-paste, and they
were named k8s even in the mesos and swarm tests. The mesos test was
also named AtomicMesos* even though it was testing the UbuntuMesos
template definition class.
This is super trivial, but staring at these tests made me get irked by
them a little too much.
Change-Id: I863c080a8606992a66d7b517b63982da4caf9798
Closes-Bug: #1496568
In commit 6a264b6f, we involved template_def as a member of HeatPoller,
so this helper function _update_stack_outputs will be useless since
we don't need to call get_template_definition again.
Besides, adjuest the testcases.
Closes-Bug: #1493192
Change-Id: Ie2ff8bf6f7e29092b8b11f663b70fe1cc4e93814
get_discovery_url should never return an empty
URL. Added check and exception for this situation.
Co-Authored-By: Vilobh Meshram <vilobhmm@yahoo-inc.com>
DocImpact
Closes-Bug: #1491178
Change-Id: I2d5b3996c0ee53f40399ca3fd0d6b987daa26f79
By default the key to get node count is "number_of_minions"
which is not true for baymodels other than kubernetes
and it raises "KeyError" so that status of bay will not
be updated.
Closes-Bug: #1489725
Change-Id: I9f6a8ebbc26f501d54ef97937329845a12002d6c
In before, the etcd cluster size was hard-coded to 1, since HA mode
hadn't been implemented at that time. Now, we fix it. The etcd
cluster size is set to the number of master nodes.
Change-Id: I198ca604401bc805f31e8187f5245177761edf56
Closes-Bug: #1491602
* Configure etcd to use a discovery_url to bootstrap the cluster.
* Users can provide discovery_url for individual bay.
* If discovery_url is not provided, it will be generated at runtime
by using a discovery service.
* Admin can set the endpoint of the discovery service in config file.
Default is the public etcd discovery service.
Change-Id: I9dd3a47f6d50ebadf74c4ee65701183f18c9d629
Partially-Implements: blueprint make-master-ha
This test case will become huge when adding more unit test to each
TemplateDefinition classes. This patch splits this test case.
Change-Id: Ia968b1c3e7fabca1d00773bb6979dd80bae2562f
Closes-Bug: #1477833
Sometimes template needs some parameters from context not only baymodel and
bay. For example, heat-kubernetes template needs such parameters to build a
secure cluster. This adds context to TemplateDefinition.extract_definition
method.
Change-Id: Ia291bf9b2f2a40bcd918e14aebf0348f4706e46a
Partially-Implements: bp secure-kubernetes
After this commit, users should be able to create a Mesos bay.
To do that, they need to create a baymodel first. The baymodel
should have a coe attribute with value 'mesos'. Then they can
create a Mesos bay by using the baymodel.
Change-Id: I19eaa7abf028ab81070bea18991940462ad509ad
Partial-Implements: blueprint mesos-bay-type
We currently allow Magnum to scale down bays by removing nodes from
the Bay's ResourceGroup by updating the heat stack that created the bay.
The problem with this approach is that Heat decides which node to delete,
and all containers on that node will also be deleted. This patch make
the selection process smarter: we ask Heat to delete Bay node(s)
that have NO CONTAINERS on them.
Change-Id: Ic4d754dfe358dd8aad020bc3b80a4c9f3f1525fc
Implements: blueprint magnum-smart-bay-scale-down
When you are writing a multiple method invocation (or other similar
syntax)
```
obj.method(argument1,
argument2,
...)
```
If you put argument1 in the first line, the following lines should have
the same hanging distance to argument1.
If you put argument1 in the second line, the hanging distance should
always be four.
```
obj.method(
argument1,
argument2,
...
)
```
Otherwise PEP8 would complain for continuation line under/over indented
problems. See below for more details
https://www.python.org/dev/peps/pep-0008/#indentation
This patch fixes all the continuation line indentation problems and
enables related checks in tox.ini.
Closes-bug: #1459514
Change-Id: I80995c2ae71b817ad78a87ab7c567f0d36112710
This change will allow deployers to select either Kubernetes
or Swarm to be the CoE used in Magnum's bays. A Swarm bay uses
a subset of the BayModel parameters used for Kubernetes.
Node discovery is provided via Docker's public discovery
endpoint, but operators and users can override this with
Bay's discovery_url argument.
Implements: bp multiple-bay-templates
Change-Id: I5278e6d477298085d07673810e5d8813d21b7730