magnum 5.0.2 (pike)

17 Apr 2019

We are pumped to announce the release of:

magnum 5.0.2: Container Management project for OpenStack

This release is part of the pike stable release series.

The source is available from:

    https://git.openstack.org/cgit/openstack/magnum

Download the package from:

    https://tarballs.openstack.org/magnum/

Please report issues through:

    https://bugs.launchpad.net/magnum/+bugs

For more details, please see below.

5.0.2
^^^^^


Security Issues
***************

* Add new configuration option *openstack_ca_file* in the *drivers*
  section to pass the CA bundle used for the OpenStack API. Setting
  this file and setting *verify_ca* to *true* will result to all
  requests from the cluster nodes to the OpenStack APIs to be
  verified.


Bug Fixes
*********

* [bug 1663757 (https://bugs.launchpad.net/magnum/+bug/1663757)] A
  configuration parameter, verify_ca, was added to magnum.conf with a
  default value of True and passed to the heat templates to indicate
  whether the cluster nodes validate the Certificate Authority when
  making requests to the OpenStack APIs (Keystone, Magnum, Heat). This
  parameter can be set to False to disable CA validation if you have
  self-signed certificates for the OpenStack APIs or you have your own
  Certificate Authority and you have not installed the Certificate
  Authority to all nodes.

* From now on, server names are prefixed with the cluster name. The
  cluster name is truncated to 30 characters, ('_', '.') are mapped to
  '-' and non alpha-numeric characters are removed to ensure FQDN
  compatibility.

* Fixed a bug where --live-restore was passed to Docker daemon
  causing the swarm init to fail. Magnum now ensures the --live-
  restore is not passed to the Docker daemon if it's default in an
  image.

Changes in magnum 5.0.1..5.0.2
------------------------------

6777ba56 Replace openstack.org git:// URLs with https://
2ba0cbce support http/https proxy for discovery url
01aec172 [swarm-mode] Remove --live-restore from Docker daemon options
d73d912f import zuul job settings from project-config
fa04f3d3 Stop using slave_scripts/install-distro-packages.sh
6d9914de Document use of kube_tag label
7167aff3 Add openstack_ca_file configuration option
a342f920 Zuul: Remove project name
79818036 Change the name of kubernetes-dashboard deployment in Pike.
9aacda8f Leverage heat-container-agent for monitoring
d0f08306 Add missing translation for verify_ca
1f4a13e9 Add verify_ca configuration parameter
c58b727b Generate lower case stack name
6a2d14d3 Generate stack name as a valid hostname
ca4b2908 Add required job definition
83988459 Add zuul v3 jobs in stable/pike
7944417c Fix magnum TLS cert generation
0475a84f Fix prometheus scrape configuration
9c7a0c4b Avoid running periodic processes inside each worker process
d1481574 Update CoreDNS to 011
feffcb2b k8s: Fix node-exporter manifest
0d570bdb Updated from global requirements
b945702a Clean-up server names in drivers
d46fce8f Add attribute 'disabled' for service-list


Diffstat (except docs and test files)
-------------------------------------

.zuul.yaml                                         | 288 ++++++++++++++
.../source/common/configure_2_edit_magnum_conf.rst |   3 +
magnum/api/controllers/v1/magnum_services.py       |   3 +-
magnum/cmd/conductor.py                            |   7 +
magnum/common/rpc_service.py                       |   5 +-
magnum/common/utils.py                             |  10 +
magnum/conf/__init__.py                            |   2 +
magnum/conf/drivers.py                             |  44 +++
.../common/image/heat-container-agent/Dockerfile   |  49 +++
.../heat-container-agent/config.json.template      | 373 ++++++++++++++++++
.../common/image/heat-container-agent/launch       |   5 +
.../image/heat-container-agent/manifest.json       |   4 +
.../scripts/50-heat-config-docker-compose          | 116 ++++++
.../heat-container-agent/scripts/55-heat-config    | 194 +++++++++
.../scripts/configure_container_agent.sh           |  36 ++
.../scripts/heat-config-notify                     | 163 ++++++++
.../heat-container-agent/scripts/hooks/atomic      | 115 ++++++
.../scripts/hooks/docker-compose                   | 127 ++++++
.../heat-container-agent/scripts/hooks/script      |  96 +++++
.../scripts/write-os-apply-config-templates.sh     |  71 ++++
.../image/heat-container-agent/service.template    |  11 +
.../image/heat-container-agent/tmpfiles.template   |  10 +
.../fragments/atomic-install-openstack-ca.sh       |  12 +
.../kubernetes/fragments/configure-etcd.sh         |  14 +-
.../kubernetes/fragments/core-dns-service.sh       |   6 +-
.../kubernetes/fragments/enable-monitoring.sh      | 139 -------
.../kubernetes/fragments/enable-node-exporter.sh   |   7 +-
.../fragments/enable-prometheus-monitoring         | 434 +++++++++++++++++++++
.../kubernetes/fragments/kube-dashboard-service.sh |   2 +-
.../kubernetes/fragments/make-cert-client.sh       |  12 +-
.../templates/kubernetes/fragments/make-cert.sh    |  12 +-
.../kubernetes/fragments/start-container-agent.sh  |  16 +
.../kubernetes/fragments/wc-notify-master.sh       |   8 +-
.../fragments/write-grafana-service.yaml           |  67 ----
.../fragments/write-heat-params-master.yaml        |   1 +
.../kubernetes/fragments/write-heat-params.yaml    |   1 +
.../kubernetes/fragments/write-kube-os-config.sh   |   2 +
.../fragments/write-prometheus-configmap.yaml      |  82 ----
.../fragments/write-prometheus-service.yaml        |  60 ---
.../swarm/fragments/add-docker-daemon-options.sh   |   5 +
.../common/templates/swarm/fragments/cfn-signal.sh |   8 +-
.../common/templates/swarm/fragments/make-cert.py  |  21 +-
.../fragments/write-cluster-failure-service.yaml   |   2 +-
.../swarm/fragments/write-heat-params-master.yaml  |   1 +
.../swarm/fragments/write-heat-params-node.yaml    |   1 +
.../swarm/fragments/write-swarm-agent-service.sh   |   8 +-
.../swarm/fragments/write-swarm-master-service.sh  |   8 +-
magnum/drivers/heat/driver.py                      |  16 +-
magnum/drivers/heat/k8s_template_def.py            |   3 +-
magnum/drivers/heat/swarm_fedora_template_def.py   |   3 +-
magnum/drivers/heat/template_def.py                |  35 +-
.../templates/fragments/add-ext-ca-certs.yaml      |  32 ++
.../templates/fragments/make-cert-client.yaml      |  12 +-
.../templates/fragments/make-cert.yaml             |  12 +-
.../templates/fragments/wc-notify.yaml             |   2 +-
.../fragments/write-heat-params-master.yaml        |   1 +
.../templates/fragments/write-heat-params.yaml     |   1 +
.../k8s_coreos_v1/templates/kubecluster.yaml       |  21 +
.../k8s_coreos_v1/templates/kubemaster.yaml        |  28 ++
.../k8s_coreos_v1/templates/kubeminion.yaml        |  28 ++
.../templates/kubecluster.yaml                     |  21 +
.../k8s_fedora_atomic_v1/templates/kubemaster.yaml |  90 +++--
.../k8s_fedora_atomic_v1/templates/kubeminion.yaml |  33 +-
.../templates/kubecluster.yaml                     |  21 +
.../k8s_fedora_ironic_v1/templates/kubemaster.yaml |  90 +++--
.../k8s_fedora_ironic_v1/templates/kubeminion.yaml |   5 +
.../templates/kubeminion_software_configs.yaml     |  28 +-
.../templates/fragments/add-ext-ca-certs.sh        |  27 ++
.../templates/mesos_slave_software_configs.yaml    |  22 +-
.../mesos_ubuntu_v1/templates/mesoscluster.yaml    |  20 +
.../mesos_ubuntu_v1/templates/mesosmaster.yaml     |  27 ++
.../mesos_ubuntu_v1/templates/mesosslave.yaml      |   5 +
.../swarm_fedora_atomic_v1/templates/cluster.yaml  |  21 +
.../templates/swarmmaster.yaml                     |  27 ++
.../templates/swarmnode.yaml                       |  26 ++
.../fragments/write-heat-params-master.yaml        |   1 +
.../fragments/write-swarm-master-service.sh        |  14 +-
.../fragments/write-swarm-worker-service.sh        |  12 +-
.../templates/swarmcluster.yaml                    |  26 ++
.../templates/swarmmaster.yaml                     |  25 ++
.../templates/swarmnode.yaml                       |  25 ++
.../handlers/test_k8s_cluster_conductor.py         |  25 +-
.../handlers/test_mesos_cluster_conductor.py       |  16 +-
.../handlers/test_swarm_cluster_conductor.py       |  18 +-
playbooks/magnum-buildimages-base.yaml             | 102 +++++
playbooks/magnum-functional-base.yaml              |  82 ++++
playbooks/magnum-tox-migration.yaml                |  85 ++++
playbooks/post/upload-images.yaml                  |  21 +
playbooks/post/upload-logs-tox.yaml                |  67 ++++
playbooks/post/upload-logs.yaml                    |  14 +
playbooks/pre/prepare-workspace-images.yaml        |  10 +
playbooks/pre/prepare-workspace.yaml               |  23 ++
.../notes/bug-1580704-32a0e91e285792ea.yaml        |   7 +
.../notes/bug-1663757-198e1aa8fa810984.yaml        |  12 +
.../notes/bug-1718947-0d4e67529e2817d7.yaml        |   6 +
.../notes/swarm-live-restore-b03ad192367abced.yaml |   6 +
requirements.txt                                   |   2 +-
specs/containers-service.rst                       |   2 +-
test-requirements.txt                              |   4 +-
107 files changed, 3673 insertions(+), 506 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index 845022a0..e1e68a38 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9 +9 @@ Babel!=2.4.0,>=2.3.4 # BSD
-PyYAML>=3.10 # MIT
+PyYAML>=3.10.0 # MIT
diff --git a/test-requirements.txt b/test-requirements.txt
index 3edc3f0f..d07ac57f 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -14 +14 @@ hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
-mock>=2.0.0 # BSD
+mock>=2.0 # BSD
@@ -28 +28 @@ testtools>=1.4.0 # MIT
-reno>=2.5.0 # Apache-2.0
+reno!=2.3.1,>=1.8.0 # Apache-2.0

    

no-reply＠openstack.org

tags

participants (1)