We are frolicsome to announce the release of: magnum 3.1.0: Container Management project for OpenStack This release is part of the newton release series. With source available at: ** http://git.openstack.org/cgit/openstack/magnum Please report issues through launchpad: ** http://bugs.launchpad.net/magnum For more details, please see below. 3.1.0 ^^^^^ Magnum's bay-to-cluster blueprint [1] required changes across much of its codebase to align to industry standards. To support this blueprint, certain group and option names were changed in configuration files [2]. See the deprecations section for more details. [1] https://review.openstack.org/#/q/topic:bp/rename-bay-to- cluster [2] https://review.openstack.org/#/c/362660/ Magnum service type and mission statement was changed [1]. Change service type from "Container service" to "Container Infrastructure Management service". In addition, the mission statement is changed to "To provide a set of services for provisioning, scaling, and managing container orchestration engines." The intend is to narrow the scope of the Magnum project to focus on integrating container orchestration engines (COEs) with OpenStack. API features intended to uniformly create, manage, and delete individual containers across any COE will be removed from Magnum's API, and will be re-introduced as a separate project called Zun. [1] https://review.openstack.org/#/c/311476/ New Features ************ * Add flannel's host-gw backend option. Magnum deploys cluster over a dedicated neutron private network by using flannel. Flannel's host- gw backend gives the best performance in this topopolgy (private layer2) since there is no packet processing overhead, no reduction to MTU, scales to many hosts as well as the alternatives. The label "flannel_use_vxlan" was repurposed when the network driver is flannel. First, rename the label flannel_use_vxlan to flannel_backend. Second, redefine the value of this label from "yes/no" to "udp/vxlan/host-gw". * Add support for a new OpenSUSE driver for running k8s cluster on OpenSUSE. This driver is experimental for now, and operators need to get it from /contrib folder. * Add configuration for overlay networks for the docker network driver in swarm. To use this feature, users need to create a swarm cluster with network_driver set to 'docker'. After the cluster is created, users can create an overlay network (docker network create -d overlay mynetwork) and use it when launching a new container (docker run --net=mynetwork ...). * Auto generate name for cluster and cluster-template. If users create a cluster/cluster-template without specifying a name, the name will be auto-generated. * Decouple the hard requirement on barbican. Introduce a new certificate store called x509keypair. If x509keypair is used, TLS certificates will be stored at magnum's database instead of barbican. To do that, set the value of the config "cert_manager_type" as "x509keypair". * Decouple the hard requirement on neutron-lbaas. Introduce a new property master_lb_enabled in cluster template. This property will determines if a cluster's master nodes should be load balanced. Set the value to false if neutron-lbaas is not installed. * Emit notifications when there is an event on a cluster. An event could be a status change of the cluster due to an operation issued by end-users (i.e. users create, update or delete the cluster). Notifications are sent by using oslo.notify and PyCADF. Ceilometer can capture the events and generate samples for auditing, billing, monitoring, or quota purposes. * Enable Mesos cluster to export more slave flags via labels in cluster template. Add the following labels: mesos_slave_isolation, mesos_slave_image_providers, mesos_slave_work_dir, and mesos_slave_executor_environment_variables. * Integrate Docker Swarm Fedora Atomic driver with the Block Storage Service (cinder). The rexray volume driver was added based on rexray v0.4. Users can create and attach volumes using docker's navive client and they will authenticate using the per cluster trustee user. Rexray can be either added in the Fedora Atomic image or can be used running in a container. Upgrade Notes ************* * Magnum now support SSL for API service. User can enable SSL for API via new 3 config options 'enabled_ssl', 'ssl_cert_file' and 'ssl_key_file'. * Change default API development service from wsgiref simple_server to werkzeug for better supporting SSL. * All container/pod/service/replication controller operations were removed. Users are recommended to use the COE's native tool (i.e. docker, kubectl) to do the equivalent of the removed operations. Deprecation Notes ***************** * The 'bay' group has been renamed to 'cluster' and all options in the former 'bay' group have been moved to 'cluster'. * The 'bay_heat' group has been renamed to 'cluster_heat' and all options in the former 'bay_heat' group have been moved to 'cluster_heat'. * The 'bay_create_timeout' option in the former 'bay_heat' group has been renamed to 'create_timeout' inside the 'cluster_heat' group. * The 'baymodel' group has been renamed to 'cluster_template' and all options in the former 'baymodel' group have been moved to 'cluster_template'. Security Issues *************** * Fix global stack list in periodic task. In before, magnum's periodic task performs a *stack-list* operation across all tenants. This is disabled by Heat by default since it causes a security issue. At this release, magnum performs a *stack-get* operation on each Heat stack by default. This might not be scalable and operators have an option to fall back to *stack-list* by setting the config *periodic_global_stack_list* to *True* (*False* by default) and updating the heat policy file (usually /etc/heat/policy.json) to allow magnum list stacks. Changes in magnum 3.0.0..3.1.0 ------------------------------ 48f79d6 Updates Ubuntu Mesos build 1e1e2a5 [install] Fix keystone_authtoken and trust sections d7f299a Add optional magnum-ui in quickstart 8afa073 delete python bytecode including pyo before every test run 62474be Updated from global requirements 77483bc [install] Fix the cli install instructions 3f861f7 [install] Fix optional services bullet-list 38059d5 Fix the order of enabling devstack plugin 0ea50cb Update kubernetes external load balancer dev guide 8beab88 [suse] Fix OS::stack_id in kubeminion 719018e Use heat devstack plugin 1e7a39b [install] Add cli install in IT 6322a6d [install] Add launch an instance section 347b2aa [install] Update required services and remove bay 9f72954 Add exceptions to cluster db to show failures 735db54 [suse] Rename bay to cluster e8dc23c Create sysconfig mount for kubernetes controller mgr 09284b5 Updated from global requirements 2c63569 Split k8s atomic vm and ironic drivers 2c1f9bd Create bay/cluster api reference 8b354e3 Disable lbaas on k8s-ironic job 5adf24f Create baymodel/cluster template api reference 047b126 Add Scaling section to User Guide 77e6c31 Add Support of LBaaS v2 API 729c2d0 Rename Bay DB, Object, and internal usage to Cluster 1edf9d3 Fix swarm functional tests 7c0be2d Add support for overlay networks in Swarm. f51a579 Fixed fetching api_server address. 1ddcafc Update fedora image for ironic driver 85d4c68 Improve unit test coverage for cmd/db_manage.py 99cfbcb Make magnum manage_template read config file and increase coverage 3775501 Remove magnum service Dockerfile 917bf4e Factor out common k8s definitions and mappings cafda56 Consolidate enable docker registery fragments 33bd242 Clean imports in code 1466f93 Add rexray volume driver to Swarm 5f4e555 Fix typo in quickstart guide 62530c2 Update documentation with bay/cluster version info 0213721 Add python-dev and kpartx to mesos img build eace614 Fix mesos image dockerfile elements location. 2fcbded Fix dev quickstart pointer to mesos img build. 0f6b3b6 Consolidate configure docker storage fragments ba8de7f Fix release note 2c9378d Updates drivers from BayModel to ClusterTemplate 0b7c640 Rename BayModel DB, Object, and internal usage to ClusterTemplate 8e0de76 Rename bay to cluster in certificate object and references b60c447 Correctly raising MagnumServiceNotFound exception 298f3a3 Update service-list output in quickstart 27ced97 Use cls in class method and remove unused CONF 6a7c4f8 Add missing release notes 6ead3e4 Updates CONF usage from bay to cluster. 8a6c6a3 Rename Bay to Cluster in functional tests 0442a27 Install Guide: Set bug project a3d514d Correction in quickstart. ba19bd4 Create certificates api reference bf219eb Create mservices api reference e944685 Create version api reference 12ccdda Cleanup coverage configuration 70c803b Use werkzeug to run Magnum API with SSL edb17b7 Clean up docstrings in BayModel fd05c59 Restrict magnum service name 397b2ec Remove reference: 'modindex' from releasenotes documentation c2512ca Remove Invalid README.md for mesos b68427b modify the home-page info with the developer documentation Diffstat (except docs and test files) ------------------------------------- .coveragerc | 3 +- Dockerfile | 54 -- api-ref/source/baymodels.inc | 366 ++++++++++ api-ref/source/baymodels_clustertemplates.inc | 0 api-ref/source/bays.inc | 259 +++++++ api-ref/source/bays_clusters.inc | 0 api-ref/source/certificates.inc | 120 ++++ api-ref/source/clusters.inc | 259 +++++++ api-ref/source/clustertemplates.inc | 366 ++++++++++ api-ref/source/index.rst | 6 +- api-ref/source/mservices.inc | 49 ++ api-ref/source/parameters.yaml | 579 +++++++++++++++ api-ref/source/samples/bay-create-req.json | 8 + api-ref/source/samples/bay-create-resp.json | 3 + api-ref/source/samples/bay-get-all-resp.json | 24 + api-ref/source/samples/bay-get-one-resp.json | 32 + api-ref/source/samples/bay-update-req.json | 7 + api-ref/source/samples/baymodel-create-req.json | 27 + api-ref/source/samples/baymodel-create-resp.json | 44 ++ api-ref/source/samples/baymodel-get-all-resp.json | 48 ++ api-ref/source/samples/baymodel-update-req.json | 12 + .../source/samples/certificates-ca-show-resp.json | 14 + .../source/samples/certificates-ca-sign-req.json | 4 + .../source/samples/certificates-ca-sign-resp.json | 15 + api-ref/source/samples/cluster-create-req.json | 8 + api-ref/source/samples/cluster-create-resp.json | 3 + api-ref/source/samples/cluster-get-all-resp.json | 24 + api-ref/source/samples/cluster-get-one-resp.json | 32 + api-ref/source/samples/cluster-update-req.json | 7 + .../source/samples/clustertemplate-create-req.json | 27 + .../samples/clustertemplate-create-resp.json | 44 ++ .../samples/clustertemplate-get-all-resp.json | 48 ++ .../source/samples/clustertemplate-update-req.json | 12 + api-ref/source/samples/mservice-get-resp.json | 14 + api-ref/source/samples/versions-01-get-resp.json | 80 +++ api-ref/source/samples/versions-get-resp.json | 18 + api-ref/source/versions.inc | 104 +++ contrib/drivers/k8s_opensuse_v1/template_def.py | 113 +-- .../fragments/write-heat-params-master.yaml | 2 +- .../templates/fragments/write-heat-params.yaml | 2 +- .../k8s_opensuse_v1/templates/kubecluster.yaml | 8 +- .../k8s_opensuse_v1/templates/kubemaster.yaml | 6 +- .../k8s_opensuse_v1/templates/kubeminion.yaml | 8 +- devstack/README.rst | 1 + devstack/lib/magnum | 8 - devstack/settings | 16 +- install-guide/source/common/prerequisites.rst | 3 +- install-guide/source/conf.py | 2 +- install-guide/source/get_started.rst | 6 +- install-guide/source/index.rst | 1 + install-guide/source/install.rst | 48 +- install-guide/source/launch-instance.rst | 213 ++++++ magnum/api/app.py | 12 +- magnum/api/controllers/base.py | 4 +- magnum/api/controllers/v1/bay.py | 104 ++- magnum/api/controllers/v1/baymodel.py | 88 +-- magnum/api/controllers/v1/certificate.py | 21 +- magnum/api/controllers/v1/cluster.py | 95 +-- magnum/api/controllers/v1/cluster_template.py | 29 +- magnum/api/controllers/v1/magnum_services.py | 2 +- magnum/api/controllers/v1/types.py | 14 +- magnum/api/validation.py | 159 +++-- magnum/cmd/api.py | 34 +- magnum/cmd/conductor.py | 4 +- magnum/cmd/db_manage.py | 10 +- magnum/cmd/template_manage.py | 11 +- .../cert_manager/x509keypair_cert_manager.py | 5 - magnum/common/context.py | 12 +- magnum/common/docker_utils.py | 11 +- magnum/common/exception.py | 35 +- magnum/common/keystone.py | 22 +- magnum/common/name_generator.py | 4 +- magnum/common/policy.py | 6 +- magnum/common/rpc_service.py | 4 +- magnum/common/x509/extensions.py | 6 +- magnum/common/x509/operations.py | 17 +- magnum/common/x509/validator.py | 10 +- magnum/conductor/api.py | 39 +- magnum/conductor/handlers/bay_conductor.py | 394 ---------- magnum/conductor/handlers/ca_conductor.py | 11 +- magnum/conductor/handlers/cluster_conductor.py | 409 +++++++++++ magnum/conductor/handlers/common/cert_manager.py | 67 +- magnum/conductor/handlers/common/trust_manager.py | 35 +- magnum/conductor/k8s_api.py | 18 +- magnum/conductor/k8s_monitor.py | 10 +- magnum/conductor/mesos_monitor.py | 10 +- magnum/conductor/monitors.py | 24 +- magnum/conductor/scale_manager.py | 16 +- magnum/conductor/swarm_monitor.py | 12 +- magnum/conductor/utils.py | 41 +- magnum/db/api.py | 122 ++-- .../592131657ca1_add_coe_column_to_baymodel.py | 11 +- .../720f640f43d1_rename_bay_table_to_cluster.py | 35 + ...3fdef8919_rename_baymodel_to_clustertemplate.py | 28 + magnum/db/sqlalchemy/api.py | 195 ++--- magnum/db/sqlalchemy/models.py | 16 +- magnum/drivers/common/k8s_fedora_template_def.py | 96 +++ magnum/drivers/common/k8s_template_def.py | 117 +++ magnum/drivers/common/template_def.py | 179 ++--- .../templates/environments/no_master_lb.yaml | 10 +- .../templates/environments/with_master_lb.yaml | 10 +- .../fragments/configure-docker-storage.sh | 44 ++ .../templates/fragments/enable-docker-registry.sh | 12 + .../templates/kubernetes/fragments/add-proxy.sh | 40 ++ .../kubernetes/fragments/configure-etcd.sh | 25 + .../kubernetes/fragments/configure-flannel.sh | 30 + .../fragments/configure-kubernetes-master.sh | 62 ++ .../fragments/configure-kubernetes-minion.sh | 90 +++ .../kubernetes/fragments/disable-selinux.sh | 8 + .../templates/kubernetes/fragments/enable-etcd.sh | 5 + .../kubernetes/fragments/enable-kube-podmaster.sh | 158 ++++ .../fragments/enable-kube-proxy-master.sh | 39 + .../fragments/enable-kube-proxy-minion.sh | 56 ++ .../kubernetes/fragments/enable-services-master.sh | 11 + .../kubernetes/fragments/enable-services-minion.sh | 17 + .../kubernetes/fragments/kube-examples.yaml | 117 +++ .../fragments/kube-system-namespace-service.sh | 66 ++ .../kubernetes/fragments/kube-ui-service.sh | 121 ++++ .../kubernetes/fragments/make-cert-client.sh | 117 +++ .../templates/kubernetes/fragments/make-cert.sh | 128 ++++ .../kubernetes/fragments/network-config-service.sh | 58 ++ .../kubernetes/fragments/network-service.sh | 78 ++ .../kubernetes/fragments/wc-notify-master.sh | 36 + .../fragments/write-heat-params-master.yaml | 39 + .../kubernetes/fragments/write-heat-params.yaml | 44 ++ .../kubernetes/fragments/write-kube-os-config.sh | 24 + .../kubernetes/fragments/write-kubeconfig.yaml | 24 + .../kubernetes/fragments/write-network-config.sh | 28 + magnum/drivers/k8s_coreos_v1/template_def.py | 115 +-- .../fragments/enable-kube-controller-manager.yaml | 7 + .../templates/fragments/make-cert-client.yaml | 4 +- .../templates/fragments/make-cert.yaml | 6 +- .../fragments/write-heat-params-master.yaml | 2 +- .../templates/fragments/write-heat-params.yaml | 2 +- .../k8s_coreos_v1/templates/kubecluster.yaml | 83 ++- .../k8s_coreos_v1/templates/kubemaster.yaml | 18 +- .../k8s_coreos_v1/templates/kubeminion.yaml | 6 +- magnum/drivers/k8s_coreos_v1/version.py | 2 +- .../image/ironic/kubernetes/Readme.md | 42 -- .../image/ironic/kubernetes/elements-deps | 1 - .../image/ironic/kubernetes/package-installs.yaml | 4 - .../drivers/k8s_fedora_atomic_v1/template_def.py | 236 +----- .../templates/elements/README.md | 29 - .../templates/elements/kubernetes/elements-deps | 1 - .../elements/kubernetes/package-installs.yaml | 4 - .../templates/fragments/add-proxy.sh | 40 -- .../fragments/configure-docker-storage.sh | 44 -- .../templates/fragments/configure-etcd.sh | 25 - .../templates/fragments/configure-flannel.sh | 30 - .../fragments/configure-kubernetes-master.sh | 62 -- .../fragments/configure-kubernetes-minion.sh | 90 --- .../templates/fragments/disable-selinux.sh | 8 - .../templates/fragments/enable-docker-registry.sh | 12 - .../templates/fragments/enable-etcd.sh | 5 - .../templates/fragments/enable-kube-podmaster.sh | 152 ---- .../fragments/enable-kube-proxy-master.sh | 39 - .../fragments/enable-kube-proxy-minion.sh | 56 -- .../templates/fragments/enable-services-master.sh | 11 - .../templates/fragments/enable-services-minion.sh | 17 - .../templates/fragments/kube-examples.yaml | 117 --- .../fragments/kube-system-namespace-service.sh | 66 -- .../templates/fragments/kube-ui-service.sh | 121 ---- .../templates/fragments/make-cert-client.sh | 117 --- .../templates/fragments/make-cert.sh | 128 ---- .../templates/fragments/network-config-service.sh | 58 -- .../templates/fragments/network-service.sh | 78 -- .../templates/fragments/wc-notify-master.sh | 36 - .../fragments/write-heat-params-master.yaml | 39 - .../templates/fragments/write-heat-params.yaml | 44 -- .../templates/fragments/write-kube-os-config.sh | 24 - .../templates/fragments/write-kubeconfig.yaml | 24 - .../templates/fragments/write-network-config.sh | 28 - .../templates/kubecluster-fedora-ironic.yaml | 543 -------------- .../templates/kubecluster.yaml | 85 ++- .../templates/kubemaster-fedora-ironic.yaml | 428 ----------- .../k8s_fedora_atomic_v1/templates/kubemaster.yaml | 54 +- .../templates/kubeminion-fedora-ironic.yaml | 404 ----------- .../k8s_fedora_atomic_v1/templates/kubeminion.yaml | 30 +- magnum/drivers/k8s_fedora_ironic_v1/__init__.py | 0 .../image/kubernetes/Readme.md | 42 ++ .../image/kubernetes/elements-deps | 1 + .../image/kubernetes/package-installs.yaml | 4 + .../drivers/k8s_fedora_ironic_v1/template_def.py | 84 +++ .../templates/kubecluster.yaml | 562 +++++++++++++++ .../k8s_fedora_ironic_v1/templates/kubemaster.yaml | 430 +++++++++++ .../k8s_fedora_ironic_v1/templates/kubeminion.yaml | 404 +++++++++++ magnum/drivers/mesos_ubuntu_v1/README.md | 4 - magnum/drivers/mesos_ubuntu_v1/image/Dockerfile | 9 +- magnum/drivers/mesos_ubuntu_v1/image/README.md | 2 +- .../image/install_imagebuild_deps.sh | 22 + .../mesos_ubuntu_v1/image/validate_image.sh | 27 + magnum/drivers/mesos_ubuntu_v1/template_def.py | 32 +- .../mesos_ubuntu_v1/templates/mesoscluster.yaml | 36 +- .../mesos_ubuntu_v1/templates/mesosmaster.yaml | 5 +- .../image/openvswitch/README.rst | 6 +- .../drivers/swarm_fedora_atomic_v1/template_def.py | 62 +- .../swarm_fedora_atomic_v1/templates/cluster.yaml | 104 ++- .../fragments/configure-docker-storage.sh | 38 - .../templates/fragments/enable-docker-registry.sh | 12 - .../templates/fragments/make-cert.py | 8 +- .../templates/fragments/network-service.sh | 7 + .../templates/fragments/volume-service.sh | 72 ++ .../fragments/write-bay-failure-service.yaml | 16 - .../fragments/write-cluster-failure-service.yaml | 16 + .../fragments/write-heat-params-master.yaml | 4 +- .../fragments/write-heat-params-node.yaml | 4 +- .../templates/swarmmaster.yaml | 43 +- .../templates/swarmnode.yaml | 33 +- magnum/objects/__init__.py | 12 +- magnum/objects/bay.py | 236 ------ magnum/objects/baymodel.py | 233 ------ magnum/objects/certificate.py | 21 +- magnum/objects/cluster.py | 242 +++++++ magnum/objects/cluster_template.py | 241 +++++++ magnum/objects/fields.py | 32 +- magnum/opts.py | 9 +- magnum/service/periodic.py | 185 ++--- .../functional/k8s/test_magnum_python_client.py | 8 +- .../k8s_coreos/test_k8s_python_client.py | 2 +- .../k8s_ironic/test_k8s_python_client.py | 4 +- .../functional/mesos/test_mesos_python_client.py | 8 +- .../functional/swarm/test_swarm_python_client.py | 43 +- .../api/controllers/v1/test_cluster_template.py | 84 ++- .../conductor/handlers/common/test_cert_manager.py | 108 +-- .../handlers/common/test_trust_manager.py | 54 +- .../unit/conductor/handlers/test_bay_conductor.py | 768 -------------------- .../unit/conductor/handlers/test_ca_conductor.py | 24 +- .../conductor/handlers/test_cluster_conductor.py | 794 +++++++++++++++++++++ .../conductor/handlers/test_k8s_bay_conductor.py | 686 ------------------ .../handlers/test_k8s_cluster_conductor.py | 696 ++++++++++++++++++ .../conductor/handlers/test_mesos_bay_conductor.py | 306 -------- .../handlers/test_mesos_cluster_conductor.py | 316 ++++++++ .../conductor/handlers/test_swarm_bay_conductor.py | 402 ----------- .../handlers/test_swarm_cluster_conductor.py | 427 +++++++++++ ...add-hostgw-backend-option-1d1f9d8d95ec374f.yaml | 10 + .../add-opensuse-driver-f69b6d346ca82b87.yaml | 5 + ...overlay-networks-to-swarm-4467986d7853fcd8.yaml | 9 + .../bp-auto-generate-name-052ea3fdf05fdbbf.yaml | 5 + ...arbican-alternative-store-35ec3eda0abb0e25.yaml | 6 + .../notes/bp-decouple-lbaas-c8f2d73313c40b98.yaml | 6 + .../bp-magnum-notifications-8bd44cfe9e80f82b.yaml | 7 + .../bp-mesos-slave-flags-de6cf8c4d2c3c916.yaml | 7 + ...96-support-ssl-magnum-api-e4896928c6562e03.yaml | 6 + ...-bay-to-cluster-in-config-1f2b95d1176d7231.yaml | 27 + .../fix-global-stack-list-7a3a66169f5c4aa8.yaml | 10 + ...remove-container-endpoint-3494eb8bd2406e87.yaml | 20 + ...m-integration-with-cinder-e3068138a3f75dbe.yaml | 10 + releasenotes/source/index.rst | 1 - requirements.txt | 5 +- setup.cfg | 4 +- tox.ini | 14 +- 297 files changed, 13478 insertions(+), 9511 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index bdb243b..e31a5a2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -25 +25 @@ keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0 -netaddr!=0.7.16,>=0.7.12 # BSD +netaddr!=0.7.16,>=0.7.13 # BSD @@ -29 +29 @@ oslo.context>=2.9.0 # Apache-2.0 -oslo.db>=4.10.0 # Apache-2.0 +oslo.db!=4.13.1,!=4.13.2,>=4.10.0 # Apache-2.0 @@ -57,0 +58 @@ urllib3>=1.15.1 # MIT +Werkzeug>=0.7 # BSD License