Commit Graph

277 Commits

Author SHA1 Message Date
liumk 9c694a6b06 Fix cidr format error about ip_address in allowed_address_pairs.
In HEAT template OS:Neutron:Port, the value of ip_address in
parameter allowed_address_pairs should be of type of net_cidr,
then the string '/32' should be added after virtual_ip. Without
string '/32', the error about wrong IP subnet cidr will occurred.

Change-Id: I0652b668423f393ae306db056255827c5d065bad
2020-08-06 13:55:18 +08:00
zhurong 0ce2ad12d0 Update semantic_version to 2.8.2 and remove multiattach in volume template
Change-Id: I7fedbcf85ee9c4dbacf1fc50cec25380c3b3e93d
2019-09-19 02:45:34 +00:00
zhurong 81acfe0f17 Add ip_version for NeutronNetwork subnet
Change-Id: I84791c93319dbd70fde436cc538b0e776e2a2a6d
2019-08-22 00:44:12 +00:00
Andy Botting 241607ebba Fix contract violation for User resource
When trying to use the io.murano.user resource, you get the error:
io.murano.User.extra['options'] Value {} violates string() contract
because the output is dict, not a string.

This commit changes the contract type to become $ rather than $.string()
which matches what the Project resource has.

Change-Id: If6ef0e2e3750a39aaa022a7b12f4c130a692d691
2019-01-16 16:21:00 +11:00
Zuul 0673aede66 Merge "Remove use of deprecated term, Usage: Action" 2018-04-16 06:10:19 +00:00
Zuul 003da9ce1c Merge "Allow port security to be disabled" 2018-04-14 01:26:16 +00:00
Ellen Batbouta 3103a4f5e5 Remove use of deprecated term, Usage: Action
Replace the deprecated term, Usage: Action, with the new
term, Scope: Public, in the file, Environment.yaml.

This will remove the deprecated warning messages in the
murano-engine log file.

Change-Id: I2f798bac1b2fd60ead1a2396ad1d24def300a33d
Closes-Bug: 1763836
2018-04-13 17:18:18 -04:00
Ellen Batbouta 17f00ca8b0 Allow port security to be disabled
Allow Murano application packages to specify whether port security
should be disabled for a network.  With this change, Murano will now
propagate to Heat the application's desire to disable port security
if the application sets a new flag, port_security_disable, to true
in the Neutron network object.

Change-Id: Iab25b4901010c24aef42213a7a9082b7594a5a16
Closes-Bug: 1759914
2018-04-11 09:44:27 -04:00
Ellen Batbouta 475545a621 Fix Contract on Project property, extra.
The current contract for this property (in Project.yaml) is:

      extra:
        Contract:
          $.string().notNull(): $.string()

Deploying my Murano application, the code attempts to populate this
property with:

     u'tags': []

and gets this error:

    ContractViolationException: [io.murano.Project.extra['tags']] Value [] violates string() contract

My fix is:

        extra:
        Contract:
          $.string().notNull(): $

This allows the 2nd value of the pair to be any scalar or data structure.  A string
or a list of strings is acceptable now.

Change-Id: I1b0438ad451db2b7a89a9fb65dc948b52ceb2f3f
Co-Authored-By: Devjani Ray <devjani.ray@oracle.com>
Closes-Bug: 1762821
2018-04-10 17:09:43 -04:00
Stan Lagun ef3b0d4f7d Option to configure pip source for murano-agent
With this small changes it becomes possible to instruct murano to
provision murano-agent of version other than latest, or from
custom git branch or from a http source.

Use cases:
* Use agent with custom modifications that are not available in
  PyPI version
* Development of new agent features - agent can be installed from
  the private git repo
* Environments without internet connectivity

Change-Id: Icbea95abf070ef35781474a54461cc34bb9927af
2018-01-17 02:39:01 +00:00
Zuul c1613c2bc8 Merge "Murano-engine side implementation of agent message signing" 2018-01-17 02:32:27 +00:00
Stan Lagun 6f6897c132 Murano-engine side implementation of agent message signing
Change-Id: I1a23d185ac19f10c98d66f29a6930dfd17793954
Partial-Blueprint: message-signing
2018-01-15 16:56:54 +00:00
Stan Lagun dfc51525f3 Remove python-dev from list of preinstalled packages
python-dev package causes cloud-init to fail on Fedora-based
distros because the package is called python-devel there.
Since this package is present in python-pip recommended dependencies
and thus going to be installed anyway, there is no need to include
it explicitly. With this fix it becomes possible to use bare
Fedora cloud image with murano.

Change-Id: I276839b9ba772d8f0a6bac975b204b0308839170
2018-01-10 20:17:07 +00:00
Gerry Buteau 823ec20003 Support shared IP address range
* Add support for range of shared IPs using
  new class SharedIpRange

* Add support for shared IPs on non-external
  networks, floating IP not available in
  this case

Change-Id: I7faa946e99d0070c375408b7f18546a281c668d4
Closes-Bug: #1727349
2017-12-28 03:58:23 +00:00
Victor Araujo 3990acfcce Ensure assigned-ips output is present in Heat template with Nova Network
When using Murano with Nova Network, the assigned-ips output is only added to
the template when a floating IP is assigned. This makes the deployment fail
when the engine tries to get the list of IPs of the created instance.

This patch makes sure that the hostname-assigned-ips output is added to the
template also when a floating IP is not assigned.

Change-Id: I8970a34e7c0b9fefdc236b046d6506f778143f3a
Closes-Bug: 1710623
2017-08-14 15:39:18 +02:00
Victor Araujo 075f5777d9 Add securityGroups param to NovaNetwork joinInstance method in Core Library
Commit 103f67815a added a securityGroups
parameter to the joinInstance method in meta/io.murano/Classes/resources/
Instance.yaml, but not in meta/io.murano/Classes/resources/
NovaNetwork.yaml. This omission makes deployments with Nova Network as a
driver fail. This commit adds the securityGroups parameter to
NovaNetwork.yaml.

Change-Id: If814d48d6491f1e16a5fb2b8632723224071d575
Closes-Bug: #1710576
2017-08-14 11:21:07 +02:00
zhurong e667abdb84 Make cinder volume attachments available
This commit is revert from Ib996bf50e1b7d542b98cf9d7125b824771c143d6,

Change-Id: Ie866833d205c119254b811654426c586c338d7c8
Closes-Bug: #1703387
2017-07-19 09:21:58 +08:00
zhurong 0c42290126 Unskip test_deploy_app_with_volume_creation test
1.Unskip test_deploy_app_with_volume_creation test
2.change flavor from m1.small to m1.tiny, to reduce the
test failing chances.

Closes-Bug: #1701230

Change-Id: Ib996bf50e1b7d542b98cf9d7125b824771c143d6
2017-07-07 08:34:23 +00:00
Paul Bourke 103f67815a Allow users to assign a security group to an app
This patch allows users to supply a list* of their own security groups to
an instance, rather than using the application defined one (built via
the SecurityGroupManager).

* Note, while we can support multiple security groups, murano-dashboard
currently has no UI element to select multiple items. This means that
currently users are restricted to selecting one group. If/when the
UI is improved this change can easily support multiple groups.

Example
=======

Application authors can make this available in their apps as follows:

UI.yaml
-------
Forms:
  - instanceConfiguration:
      fields:
          ...
        - name: securityGroups
          type: securitygroup
          label: Security Group
          required: false

Class.yaml:
----------
  Application:
    ?:
       type: com.paul.HelloWorld
    instance:
      ?:
        type: io.murano.resources.LinuxMuranoInstance
      name: $.instanceConfiguration.hostname
      securityGroups: $.instanceConfiguration.securityGroups
      ...

DocImpact
Change-Id: I60d37cfe034c467e894ee93cf3718e463bf49337
Partially-Implements: blueprint app-use-existing-security-group
2017-04-27 17:37:20 +01:00
Paul Bourke 107fc981be Make CinderVolume attachment info available
Make the 'attachments' attribute of OS::Cinder::Volume available in
MuranoPL.

Users can do the following in their applications:

  - For: blockDevice
    In: $this.instance.blockDevices
    Do:
      - For: attachment
        In: $blockDevice.volume.attachments
        Do:
          - $reporter.report($this, attachment.device)
          - $reporter.report($this, attachment.attachment_id)
          ...

Implements: blueprint devicename-from-volume-attachment
Change-Id: I2986efde085dd8029f2520cb5744e75f6a66f282
2017-04-13 10:32:21 +01:00
Artem Tiumentcev ec4c71fd80 Fixed opportunity run muranoagent twice
The variable name $PIDNAME doesnt exist, therefore we can
start murano-agent twice or more.

Closes-bug: #1663194
Change-Id: I3056b89645d517375dfdecf2eceaebb249d24e6e
2017-02-09 12:58:09 +00:00
Stan Lagun 6f787ab5a2 ExistingNeutronNetwork didn't return IPs for the instance
When deploying an Instance joined to ExistingNeutronNetwork its
ipAddresses property returned an empty list, which was causing most of
the applications to fail. This happened because the responsibility of
managing HOT outputs for the instance IP was moved to the Network
classes and was implemented for the NeutronNetwork but not the
ExistingNeutronNetwork.

This commit moves the logic to the base class for all Neutron networks
and refactors it so that it could be used for them all

Change-Id: I552098683e0faeb66f7c622ea8c1d073a82d6338
Closes-Bug: #1649715
2016-12-13 23:00:48 +00:00
Alexander Tivelkov 247c4bdfb9 Murano can now properly attach VMs to shared networks
When spawning VMs attached to pre-existing networks murano used to
generate a Heat template with a fixed_ips property for Neutron ports.
This can cause a policy violation if the target network is not owned
by the deploying tenant (i.e. the network is shared by some other
project).

This has been addressed: ExistingNeutronNetwork class no longer
generates the fixed_ips property of the port if the target network is
not owned by a current project.

Change-Id: I0c60a522f4223fdc47f87b950da1a0822a8cbdbe
Closes-bug: #1644797
2016-11-29 18:17:12 +03:00
Alexander Tivelkov d76f236547 Fixed SharedIp class
Since the introduction of multi-region capabilities the
`io.murano.SharedIp` class was not working, since it utilized but
didn't define the 'getRegion' method, and directly used the
defaultNetworks.environment property of the Environment assuming it is
a class (yet it became a template quite recently).

Both these issues have been addressed so the shared ips may be used
again.

Change-Id: I50075b03cb2b61d97bf23300478c07d9d5d774cf
Closes-bug: #1645724
2016-11-29 17:39:45 +03:00
Jenkins 5553aea934 Merge "Always declare agent RabbitMQ queues" 2016-11-29 02:57:03 +00:00
Stan Lagun 53abad42ab Always declare agent RabbitMQ queues
Murano uses 1 RMQ queue per agent + 1 queue for agent
listener. Listener queue is declared upon listener startup
which happens when the first agent command sent.
The agent queues were created by explicit call to Agent.prepare()
which was done from Instance.deploy() method.
This creates a problem if RabbitMQ server is restarted after deployment,
all non-persistent queues disappear and then an action get called. If
that action is not calling Instance.deploy() (because it assumes instance to be
deployed by that time) and sends a command to an agent it will never be
received.

This commit removes explicit prepare() method. Now the queues are going
to be created on demand, similar to listener queues do.

Change-Id: I21ae1efd483f32bb7c8e3dc1849af656b3bed56f
Closes-Bug: #1645419
2016-11-28 20:29:09 +00:00
Stan Lagun a10a7d1098 2 forgotten files from https://review.openstack.org/#/c/401327
Change-Id: I961541bb5647e00dca50ded64ce614395db76239
2016-11-28 19:46:27 +00:00
Jenkins edf6394dbe Merge "Ability to retrieve current/owner user/project" 2016-11-26 04:48:32 +00:00
Jenkins 664bbb0dc9 Merge "Multi-region support for WindowsInstance" 2016-11-25 03:35:26 +00:00
Artem Akulshin 5e36ae8fc6 Add Nova anti-affinity rules
Change-Id: I62a94daf47983443b557f038217b6a0d35761c81
Closes-Bug: #1625017
2016-11-24 10:50:52 +00:00
Alexander Tivelkov 81eebd12ad Ability to retrieve current/owner user/project
Added an ability to retrieve information about the current user,
current project, environment owner (both user and project)
from keystone. Appropriate information (including
extra fields but excluding internal system data) is fetched from
Keystone using the same service credentials that are used to validate
tokens, create trusts etc.

- io.murano.User and io.murano.Project classes were added.
- Both classes have 2 static methods to get current and environment
   owner object of appropriate class
- Object model now contains project_id/user_id of the user who
   created the environment
- Deployment task contains project_id (renamed from tenant_id)
   and user_id of the user who initiated the deployment

Change-Id: Ic7e24c1d2b669ed315851047bcdb27e075cfc56b
2016-11-24 02:07:34 -08:00
Jenkins f1bc936a6e Merge "Configuration is now properly applied to new nodes" 2016-11-24 07:06:42 +00:00
Stan Lagun 3f53c5ea07 Multi-region support for WindowsInstance
During implementation of multi-regions many of the
objects that used to be in Environment were moved
to the CloudRegion. Instance/LinuxMuranoInstance
classes were updated for the change, but WindowsInstance
was forgotten. This commit brings similar change to the
WindowsInstance class.

Change-Id: Iabbf7ec1fc0ef0dffc09eaefdece54d7f0d98058
Closes-Bug: #1643971
2016-11-23 06:15:33 +00:00
Stan Lagun a19a66707b HeatStack async mode fix
Improve asynchronous push mode of HeatStack:
- Use spawn_after instead of spawn_after_local. Otherwise the data is never
   pushed if the initiated thread were to exit
- Cancel background thread instead of killing it. Cancel cancels the thread
   only if it hasn't started yet instead of killing it somewhere in the middle.
- Add post-execution cleanup to guarantee that async data push happens
   before the execution session end
- Make Instance destruction use async push to speed up the destruction
   in case when there are many servers and to test the HeatStack async mode

Closes-Bug: #1643702
Change-Id: I11d157844cb1d973d2cac62c2e6d67d047f75164
2016-11-22 16:02:12 +00:00
Alexander Tivelkov d698116869 Configuration is now properly applied to new nodes
If the configuration of software component has not been changed, but a
set of nodes in the server group has been modified, the component's
default checkClusterIsConfigured method will now properly return true,
thus the configuration will be applied on newly added nodes.

This is achieved by storing instance ids as part of component's
'configuration' attributed stored for its server group.

Change-Id: Ic8bbddc577518071d90a6e33518156047a1d2e2e
Closes-bug: #1634206
2016-11-17 00:48:11 +00:00
Jenkins 1f81e6e17b Merge "Fixed Shellcheck's warnings in murano-agent" 2016-10-21 06:07:52 +00:00
Artem Tiumentcev ace26c5db3 Fixed Shellcheck's warnings in murano-agent
Shellcheck complains like this:
meta/io.murano/Resources/murano-agent|26 col 3 warning|
In POSIX sh, 'local' is undefined. [SC2039] [sh/shellcheck]
And add quotes to prevent word splitting.

Change-Id: I99a296ebc33a101bcd0e4f9d824d3f217ec7c438
Closes-Bug: #1622384
2016-10-20 12:46:37 +03:00
Jenkins d2ea832a2f Merge "Added LICENSE to application development library" 2016-10-18 04:08:23 +00:00
npraveen35 bbc3b20a3a Added LICENSE to application development library
Change-Id: Ib9c936c15c86284a2194b2d28ba254aeece8105f
Closes-Bug: #1633546
2016-10-17 13:19:46 +05:30
Stan Lagun 753c8cb422 Remove getRegion() calls from network initializers
.init methods of the components are called before
the environment is initialized. Thus regions are not
configured at this point. Thus if the object is not
directly or indirectly owned by the CloudRegion
it cannot call getRegion() from the initializer.

Normally networks do belong to CloudRegion
so there is no problem. However a Network instance
such as ExistingNetwork might be passed to the Instance
class which is not owned by the ClouydRegion and in this
case an exception will be thrown.

Change-Id: I1f3c4f53d4ebc92772c79c9991b19840aa0b0ed7
Closes-Bug: #1633096
2016-10-13 09:25:58 -07:00
Alexander Tivelkov f258b577fb MetadataAware mixin added to Core Library
Added a mixin class 'MetadataAware' which contains logic to retrieve
metadata attributes from the object of class which inherits it and
from all objects owning this one. Metadata attrbiutes applied to
objects which are deeper in the stack ovewrite ones from objects which
are higher.

The mixin can also validate if the attribute may be applied to the
objects of the given resource type; the type is defined by its
overridable abstract method 'getResourceType'. This check uses
MetadefBrowser class to retrieve the meta definition namespaces of the
needed resource type.

Instance and CinderVolume classes now inherit this mixin.

Change-Id: I43a081fe2a88e666f61de04b8a2789e1b8e96e38
Targets-blueprint: metadata-assignment-and-propagation
2016-10-06 15:22:04 +03:00
Jenkins 0fa1b7a006 Merge "Murano bindings to Glance Metadef API" 2016-10-04 16:32:02 +00:00
Jenkins c6255b24df Merge "Correctly release CinderVolumes" 2016-10-04 16:26:27 +00:00
Stan Lagun 63956cf2c2 Correctly release CinderVolumes
Added missing call to .getRegion() in CinderVolume's
releaseResource method.

Change-Id: I68d436c1a9bc4ce856de29881fd2d7ed10c4c089
Closes-Bug: #1629795
2016-10-04 12:53:53 +03:00
Jenkins debbe7e034 Merge "Prevent unnecessary stack.push in Instance::releaseResources" 2016-10-03 18:50:17 +00:00
Tetiana Lashchova 4a53732501 Fix indentation in ReplicationGroup class
Change-Id: I5dba69da4a1488ad3f0c6e745fa39174e34a85cd
Closes-Bug: #1629853
2016-10-03 18:30:56 +03:00
Jenkins 4ba85020e2 Merge "Refactoring of Instance::ipAddresses retrieving" 2016-09-30 14:44:15 +00:00
Snihyr Kostyantyn d6a546801a Refactoring of Instance::ipAddresses retrieving
This patch moves network-related heat output processing
from Instance class to Network subclasses
There are 2 reasons for this patch:
1. Instance::ipAddresses should be retrieved from Network subclasses
instead of direct reading Heat template output in Instance.
In current implementation ipAddresses property initialized
from Instance output in Heat template.
The same information can be retrieved via Instance::joinedNetworks
property with Network method usage.
It breaks single responsibility principle.
2. Implementation details of resource classes methods
should be hidden from Instance objects

Change-Id: Id26c65b6e73da64fe0b930a6a4c1594aa829ccea
2016-09-30 16:50:50 +03:00
Snihyr Kostyantyn 510583ffff Prevent unnecessary stack.push in Instance::releaseResources
All stack resources will be released if current CloudRegion object
should be destroyed (isDoomed). There is no reason to push stack into Heat
for each released instance.

Change-Id: Id393d668e0c26c3fc47009f9dc68827618999397
Closes-bug: #1628905
2016-09-30 12:43:42 +03:00
Jenkins 7174a9f5f7 Merge "Call addGroupingress() in init of NeutronSecurityGroupManager" 2016-09-29 13:50:17 +00:00