Label validator function has been left behind, although it's not
checking for anything right now - might be useful in future.
Change-Id: I74c744dc957d73aef7556aff00837611dadbada7
Added configuration parameter, verify_ca, to magnum.conf with default
value of True. This parameter is passed to the heat templates to
indicate whether the cluster nodes validate the Certificate Authority
when making requests to the OpenStack APIs (Keystone, Magnum, Heat).
This configuration parameter can be set to False to disable CA
validation.
Co-Authored-By: Vijendar Komalla <vijendar.komalla@rackspace.com>
Change-Id: Iab02cb1338b811dac0c147378dbd0e63c83f0413
Partial-Bug: #1663757
At the moment, no_proxy variable is evaluated separately for docker
daemon and for swarm-manager container running in docker. Evaluated
value for swarm-manager is not getting into cloud-init script, because
$NODE_PROXY token is getting replaced by Heat str_replace function.
This commit is intended to unify NO_PROXY evaluation and also fix the
issue with swarm-manager.
Related-Bug: #1647815
Related-Bug: #1632698
Related-Bug: #1660562
Change-Id: I336024265008b6cae308bf7b614476b71b81fa01
This change uses the curl_cli attribute of heat's waitconditions in
the swarm driver which provides a preconstructed curl command which
can be used for signalling the waitcondition. This pattern has been
used elsewhere in magnum and simplifies the process of using wait
conditions.
Change-Id: I8e5f63e6d905266cc43d4957ce95e53659d01321
The heat waitcondition signal API accepts status, reason, data and id
fields in a JSON object supplied as POST data. Missing fields will be
filled with defaults. Previously, the swarm script fragments used a
capitalised form of these keys (Status, Reason, Data, Id) which was
not being recognised by heat. This caused failures to not be reported.
This change uses the correct lowercase names for these fields and also
fixes some quoting and incorrect use of UUIDs provided as the id field.
Change-Id: I9bfe36e5dd956280eaa42d1c3f1620c4ec27bc0c
Closes-Bug: #1504059
New release of Fedora Atomic [1].
The new release of Fedora Ironic includes the same
packages.
Main changes:
Kubernetes 1.5.3
etcd 3.1.3
Plus several fixes and version bumps.
Add :Z when mounting certs in the swarm containers to set
selinux labels properly.
[1] http://www.projectatomic.io/blog/2017/03/fedora_atomic_mar28/
Closes-Bug: #1677664
Change-Id: I2539ae83401db5b34716ebd4bbdfbe288f5c768b
In swarm nodes the docker certs are named server.crt and server.key.
Replace filenames in swarm-agent service from client to server.
Change-Id: Ic3bc228d98c3829b583403156d8ad3ad4939037a
PArtially-Implements: blueprint secure-etcd-cluster-coe
With this patch following are done:-
- Configure Etcd with TLS support
Configure Following to commuicate with TLS enabled Etcd:-
- Swarm manager
- Swarm agent
- Docker
- Flannel
Etcd also listens at http://127.0.0.1:2379,
so on master nodes etcdctl can be used without certificates.
if TLS_DISABLED="True" then no TLS is enabled for etcd.
Change-Id: I6cadfebcfaaaf7ac7a7660b377b7d96748f0f9f0
Partially-Implements: blueprint secure-etcd-cluster-coe
The swarm bay should pass specified "UniqueId" to the resource of
OS::Heat::WaitConditionHandle, but the "UniqueId" is "00000" in
the templates of swarm. So let's use UUID instead of "00000".
In addition, "UniqueID" seems to be obsolete, Use "Id" instead.
Change-Id: I86739db4a2e6faf93d55fe4998bada110de118c6
Closes-Bug: #1606486
Similarly to pep8 checks, this allows enforcing a consistent
style of the shell scripts accross modfications. For now
only the indentation is enforced to reduce code churn.
Closes-Bug: 1648099
Change-Id: Ie66cbe1aea4bd01a8bba8833ef6cbd2cff6a7c6a
Currently a user can accidentally delete swarm infra
conatiners (swarm-manager, swarm-agent). This change is
to restart infra containers if they were deleted/killed.
Change-Id: I4640dfb3dbb4bb6684da86998424936d3128eade
Closes-Bug: #1640312
A lot of deployments use self signed certs. Curl breaks in those
cases trying to validate certs against known set of CAs
Change-Id: Ib36f9a99a91ce2c4d2141421ab7295303ead716f
This patch splits the swarm atomic template to support
both swarm vm and bm drivers.
Change-Id: Ib03e1d6cb441230a17df2c47e1ed79052f3394bf
Partially-Implements: blueprint magnum-baremetal-full-support
Michal Nasiadka