In HEAT template OS:Neutron:Port, the value of ip_address in
parameter allowed_address_pairs should be of type of net_cidr,
then the string '/32' should be added after virtual_ip. Without
string '/32', the error about wrong IP subnet cidr will occurred.
Change-Id: I0652b668423f393ae306db056255827c5d065bad
When trying to use the io.murano.user resource, you get the error:
io.murano.User.extra['options'] Value {} violates string() contract
because the output is dict, not a string.
This commit changes the contract type to become $ rather than $.string()
which matches what the Project resource has.
Change-Id: If6ef0e2e3750a39aaa022a7b12f4c130a692d691
Replace the deprecated term, Usage: Action, with the new
term, Scope: Public, in the file, Environment.yaml.
This will remove the deprecated warning messages in the
murano-engine log file.
Change-Id: I2f798bac1b2fd60ead1a2396ad1d24def300a33d
Closes-Bug: 1763836
Allow Murano application packages to specify whether port security
should be disabled for a network. With this change, Murano will now
propagate to Heat the application's desire to disable port security
if the application sets a new flag, port_security_disable, to true
in the Neutron network object.
Change-Id: Iab25b4901010c24aef42213a7a9082b7594a5a16
Closes-Bug: 1759914
The current contract for this property (in Project.yaml) is:
extra:
Contract:
$.string().notNull(): $.string()
Deploying my Murano application, the code attempts to populate this
property with:
u'tags': []
and gets this error:
ContractViolationException: [io.murano.Project.extra['tags']] Value [] violates string() contract
My fix is:
extra:
Contract:
$.string().notNull(): $
This allows the 2nd value of the pair to be any scalar or data structure. A string
or a list of strings is acceptable now.
Change-Id: I1b0438ad451db2b7a89a9fb65dc948b52ceb2f3f
Co-Authored-By: Devjani Ray <devjani.ray@oracle.com>
Closes-Bug: 1762821
With this small changes it becomes possible to instruct murano to
provision murano-agent of version other than latest, or from
custom git branch or from a http source.
Use cases:
* Use agent with custom modifications that are not available in
PyPI version
* Development of new agent features - agent can be installed from
the private git repo
* Environments without internet connectivity
Change-Id: Icbea95abf070ef35781474a54461cc34bb9927af
python-dev package causes cloud-init to fail on Fedora-based
distros because the package is called python-devel there.
Since this package is present in python-pip recommended dependencies
and thus going to be installed anyway, there is no need to include
it explicitly. With this fix it becomes possible to use bare
Fedora cloud image with murano.
Change-Id: I276839b9ba772d8f0a6bac975b204b0308839170
* Add support for range of shared IPs using
new class SharedIpRange
* Add support for shared IPs on non-external
networks, floating IP not available in
this case
Change-Id: I7faa946e99d0070c375408b7f18546a281c668d4
Closes-Bug: #1727349
When using Murano with Nova Network, the assigned-ips output is only added to
the template when a floating IP is assigned. This makes the deployment fail
when the engine tries to get the list of IPs of the created instance.
This patch makes sure that the hostname-assigned-ips output is added to the
template also when a floating IP is not assigned.
Change-Id: I8970a34e7c0b9fefdc236b046d6506f778143f3a
Closes-Bug: 1710623
Commit 103f67815a added a securityGroups
parameter to the joinInstance method in meta/io.murano/Classes/resources/
Instance.yaml, but not in meta/io.murano/Classes/resources/
NovaNetwork.yaml. This omission makes deployments with Nova Network as a
driver fail. This commit adds the securityGroups parameter to
NovaNetwork.yaml.
Change-Id: If814d48d6491f1e16a5fb2b8632723224071d575
Closes-Bug: #1710576
1.Unskip test_deploy_app_with_volume_creation test
2.change flavor from m1.small to m1.tiny, to reduce the
test failing chances.
Closes-Bug: #1701230
Change-Id: Ib996bf50e1b7d542b98cf9d7125b824771c143d6
This patch allows users to supply a list* of their own security groups to
an instance, rather than using the application defined one (built via
the SecurityGroupManager).
* Note, while we can support multiple security groups, murano-dashboard
currently has no UI element to select multiple items. This means that
currently users are restricted to selecting one group. If/when the
UI is improved this change can easily support multiple groups.
Example
=======
Application authors can make this available in their apps as follows:
UI.yaml
-------
Forms:
- instanceConfiguration:
fields:
...
- name: securityGroups
type: securitygroup
label: Security Group
required: false
Class.yaml:
----------
Application:
?:
type: com.paul.HelloWorld
instance:
?:
type: io.murano.resources.LinuxMuranoInstance
name: $.instanceConfiguration.hostname
securityGroups: $.instanceConfiguration.securityGroups
...
DocImpact
Change-Id: I60d37cfe034c467e894ee93cf3718e463bf49337
Partially-Implements: blueprint app-use-existing-security-group
Make the 'attachments' attribute of OS::Cinder::Volume available in
MuranoPL.
Users can do the following in their applications:
- For: blockDevice
In: $this.instance.blockDevices
Do:
- For: attachment
In: $blockDevice.volume.attachments
Do:
- $reporter.report($this, attachment.device)
- $reporter.report($this, attachment.attachment_id)
...
Implements: blueprint devicename-from-volume-attachment
Change-Id: I2986efde085dd8029f2520cb5744e75f6a66f282
The variable name $PIDNAME doesnt exist, therefore we can
start murano-agent twice or more.
Closes-bug: #1663194
Change-Id: I3056b89645d517375dfdecf2eceaebb249d24e6e
When deploying an Instance joined to ExistingNeutronNetwork its
ipAddresses property returned an empty list, which was causing most of
the applications to fail. This happened because the responsibility of
managing HOT outputs for the instance IP was moved to the Network
classes and was implemented for the NeutronNetwork but not the
ExistingNeutronNetwork.
This commit moves the logic to the base class for all Neutron networks
and refactors it so that it could be used for them all
Change-Id: I552098683e0faeb66f7c622ea8c1d073a82d6338
Closes-Bug: #1649715
When spawning VMs attached to pre-existing networks murano used to
generate a Heat template with a fixed_ips property for Neutron ports.
This can cause a policy violation if the target network is not owned
by the deploying tenant (i.e. the network is shared by some other
project).
This has been addressed: ExistingNeutronNetwork class no longer
generates the fixed_ips property of the port if the target network is
not owned by a current project.
Change-Id: I0c60a522f4223fdc47f87b950da1a0822a8cbdbe
Closes-bug: #1644797
Since the introduction of multi-region capabilities the
`io.murano.SharedIp` class was not working, since it utilized but
didn't define the 'getRegion' method, and directly used the
defaultNetworks.environment property of the Environment assuming it is
a class (yet it became a template quite recently).
Both these issues have been addressed so the shared ips may be used
again.
Change-Id: I50075b03cb2b61d97bf23300478c07d9d5d774cf
Closes-bug: #1645724
Murano uses 1 RMQ queue per agent + 1 queue for agent
listener. Listener queue is declared upon listener startup
which happens when the first agent command sent.
The agent queues were created by explicit call to Agent.prepare()
which was done from Instance.deploy() method.
This creates a problem if RabbitMQ server is restarted after deployment,
all non-persistent queues disappear and then an action get called. If
that action is not calling Instance.deploy() (because it assumes instance to be
deployed by that time) and sends a command to an agent it will never be
received.
This commit removes explicit prepare() method. Now the queues are going
to be created on demand, similar to listener queues do.
Change-Id: I21ae1efd483f32bb7c8e3dc1849af656b3bed56f
Closes-Bug: #1645419
Added an ability to retrieve information about the current user,
current project, environment owner (both user and project)
from keystone. Appropriate information (including
extra fields but excluding internal system data) is fetched from
Keystone using the same service credentials that are used to validate
tokens, create trusts etc.
- io.murano.User and io.murano.Project classes were added.
- Both classes have 2 static methods to get current and environment
owner object of appropriate class
- Object model now contains project_id/user_id of the user who
created the environment
- Deployment task contains project_id (renamed from tenant_id)
and user_id of the user who initiated the deployment
Change-Id: Ic7e24c1d2b669ed315851047bcdb27e075cfc56b
During implementation of multi-regions many of the
objects that used to be in Environment were moved
to the CloudRegion. Instance/LinuxMuranoInstance
classes were updated for the change, but WindowsInstance
was forgotten. This commit brings similar change to the
WindowsInstance class.
Change-Id: Iabbf7ec1fc0ef0dffc09eaefdece54d7f0d98058
Closes-Bug: #1643971
Improve asynchronous push mode of HeatStack:
- Use spawn_after instead of spawn_after_local. Otherwise the data is never
pushed if the initiated thread were to exit
- Cancel background thread instead of killing it. Cancel cancels the thread
only if it hasn't started yet instead of killing it somewhere in the middle.
- Add post-execution cleanup to guarantee that async data push happens
before the execution session end
- Make Instance destruction use async push to speed up the destruction
in case when there are many servers and to test the HeatStack async mode
Closes-Bug: #1643702
Change-Id: I11d157844cb1d973d2cac62c2e6d67d047f75164
If the configuration of software component has not been changed, but a
set of nodes in the server group has been modified, the component's
default checkClusterIsConfigured method will now properly return true,
thus the configuration will be applied on newly added nodes.
This is achieved by storing instance ids as part of component's
'configuration' attributed stored for its server group.
Change-Id: Ic8bbddc577518071d90a6e33518156047a1d2e2e
Closes-bug: #1634206
Shellcheck complains like this:
meta/io.murano/Resources/murano-agent|26 col 3 warning|
In POSIX sh, 'local' is undefined. [SC2039] [sh/shellcheck]
And add quotes to prevent word splitting.
Change-Id: I99a296ebc33a101bcd0e4f9d824d3f217ec7c438
Closes-Bug: #1622384
.init methods of the components are called before
the environment is initialized. Thus regions are not
configured at this point. Thus if the object is not
directly or indirectly owned by the CloudRegion
it cannot call getRegion() from the initializer.
Normally networks do belong to CloudRegion
so there is no problem. However a Network instance
such as ExistingNetwork might be passed to the Instance
class which is not owned by the ClouydRegion and in this
case an exception will be thrown.
Change-Id: I1f3c4f53d4ebc92772c79c9991b19840aa0b0ed7
Closes-Bug: #1633096
Added a mixin class 'MetadataAware' which contains logic to retrieve
metadata attributes from the object of class which inherits it and
from all objects owning this one. Metadata attrbiutes applied to
objects which are deeper in the stack ovewrite ones from objects which
are higher.
The mixin can also validate if the attribute may be applied to the
objects of the given resource type; the type is defined by its
overridable abstract method 'getResourceType'. This check uses
MetadefBrowser class to retrieve the meta definition namespaces of the
needed resource type.
Instance and CinderVolume classes now inherit this mixin.
Change-Id: I43a081fe2a88e666f61de04b8a2789e1b8e96e38
Targets-blueprint: metadata-assignment-and-propagation
This patch moves network-related heat output processing
from Instance class to Network subclasses
There are 2 reasons for this patch:
1. Instance::ipAddresses should be retrieved from Network subclasses
instead of direct reading Heat template output in Instance.
In current implementation ipAddresses property initialized
from Instance output in Heat template.
The same information can be retrieved via Instance::joinedNetworks
property with Network method usage.
It breaks single responsibility principle.
2. Implementation details of resource classes methods
should be hidden from Instance objects
Change-Id: Id26c65b6e73da64fe0b930a6a4c1594aa829ccea
All stack resources will be released if current CloudRegion object
should be destroyed (isDoomed). There is no reason to push stack into Heat
for each released instance.
Change-Id: Id393d668e0c26c3fc47009f9dc68827618999397
Closes-bug: #1628905