This patch changes to be able to build the k8s cluster on local
environment with devstack-plugin-container by setting
KUBERNETES_VIM=True in local.conf.
This patch also includes the following fixes:
* Remove settings related to kuryr-kubernetes.
* Added processing to configure required settings in
devstack-plugin-container.
* Modify related documents.
* Dropping octavia.
Change-Id: I6a898c3d82bd82b6b687d1941565e0efa963cdbb
For the default network backend driver is changed to OVN[1], update
params for neutron and also kuryr-kubernetes in examples of `local.conf`
to deploy OVN.
[1] https://review.opendev.org/c/openstack/devstack/+/791436
Signed-off-by: Yasufumi Ogawa <yasufum.o@gmail.com>
Change-Id: I04460c525ff5d5751908e12911e4c7797ef09353
This patch adds new test with separated NFVO such as Grant API.
The test requires additinal config of Tacker, and we cannot use
Tacker with such config for other tests. So we add new FT set for
separated NFVO environment.
Change-Id: I9fb5ef027b9010becc088ca0b66138bcf52512c2
This patch fixes the broken devstack plugin script and slightly changes
the way the var IS_ZUUL_FT is used. When the var is unset, a bash unary
operator expected error should've been emitted because of this part:
${IS_ZUUL_FT+yes}. Unset vs set was a bit confusing so this patch not
only fixes the part but forces the var into always being set and changes
it to "True" vs "False".
Change-Id: I25b418f7776d0d9a00fcf7846a406aba62d40190
The number of required plugins has increased to the extent that
controller on Zuul FT infrastructure almost runs out of memory [1].
This potentially induces various problems such as FT failure noises
or POST_FAILURE at the ansible task 'export-devstack-journal'.
To request expanded images such as ubuntu-focal-expanded (16GB) or
ubuntu-focal-32GB would be an option, but it turns out that would
lead us to another problematic situation. [2]
This patch, instead, addresses the issue by subdividing the memory
load. As a first step, introduce a new subnode 'tacker-controller',
on which both tacker-server and tacker-conductor are located.
Note:
* when we re-locate some other components to this new subnode, it might
better to rename it.
* `devstack_local_conf: {}` in .zuul.yaml is to cancel out the global
job.vars devstack_local_conf.post-config.$NEUTRON_DHCP_CONF, which
is not present on 'tacker-controller' in the first place.
* TACKER_MODE is set to 'standalone'. 'all-in-one' supposes core
services like nova, neutron, keystone, etc. api servers are located
on the same host as tacker-server.
* in devstack/lib/tacker:create_tacker_accounts, SERVICE_HOST should
have been TACKER_HOST. this minor fix is included.
* in roles/setup-default-vim/tasks/main.yaml, the same where conditions
were scattered but all tasks in it just needed to run on 'controller'
only. so let us wrap them all in a block.
* renamed devstack/plugin.sh:tacker_register_default_vim for clarity.
* policy file modification for Heat is now done by an ansible task.
it frees us from the co-location requirements for Tacker and Heat.
* drop devstack/lib/tacker:is_tacker_enabled as it's no longer needed.
[1]: we investigated how severe the memory load on 'controller' was
on Zuul FT infrastructure:
* The highest memory-consuming processes in desc order:
808.70MB (9.87%) 828112 /usr/sbin/mysqld
179.81MB (2.19%) 184124 ... /usr/local/bin/tacker-server ...
152.57MB (1.86%) 156232 ... /usr/local/bin/tacker-conductor .
146.67MB (1.79%) 150188 ... /usr/local/bin/neutron-server ...
132.96MB (1.62%) 136148 ... /usr/local/bin/neutron-server ...
129.08MB (1.58%) 132180 ... /usr/local/bin/heat-engine ...
127.48MB (1.56%) 130544 ... /usr/local/bin/heat-engine ...
122.16MB (1.49%) 125092 nova-apiuWSGI worker 1
121.00MB (1.48%) 123900 neutron-openvswitch-agent ...
119.50MB (1.46%) 122368 cinder-apiuWSGI worker 1
---(snip)---
* `free -m` output
total used free shared buff/cache available
Mem: 7955 7427 196 16 331 219
Swap: 1022 1019 3
[2]: http://eavesdrop.openstack.org/irclogs/%23openstack-infra/
%23openstack-infra.2020-11-25.log.html
Change-Id: I030ffd5fd11b7ca9abca56e85e449ed4c4d709bd
This patch describes the way to install Kubernetes VIM via Devstack and
register Kubernetes VIM in Tacker.
Tacker reuses the efforts from Kuryr-Kubernetes project to create
Kubernetes cluster. This patch also sets up native Neutron-based networking
between Kubernetes and OpenStack VIMs to connect VM based and container based
VNFs together, that bring hybrid deployment SFC in the future.
Partially Implements: blueprint kubernetes-as-vim
Change-Id: Idf04f012c6daf93a33ad89a5a7c737f3668eb405
1. Add new option 'use_barbican' in config file [vim_keys] section,
default value is False for Pike.
2. Use fernet to encrypt vim password, and save the fernet key into
barbican as a secret.
3. Add new fields 'key_type', 'secret_uuid' into VimAuth.auth_cred
json string. secret_uuid is masked in vim-show or vim-list response.
4. Set the vim's default 'shared' value to False,
vim can only be used by who created it.
5. Add a devref to show how to test.
6. Add a release note.
Implements: blueprint encryption-with-barbican
Partial-bug: #1667652
Change-Id: I5c779041df5a08a361b9aaefac7d241369732551
Mistral vim monitor task connects to conductor via conductor's AMQP
topic, calls the update_vim RPC method.
The RPC method will update vim and event DB entries and then return
passed in status.
This patch refactors the common_services_db and nfvo_db in order
not to import too many classes in the conductor process.
One more thing is on devstack, where tacker-conductor service is
introduced.
DocImpact
Implements: blueprint refactor-vim-monitor
Change-Id: Ic2b3c381cca796edc00f3c77cc790cb4c4955db7
Now that heat is available as a devstack plugin, it should be
used. The document is updated to enable the heat devstack plugin
before the tacker plugin.
Co-Authored-By: Kanagaraj Manickam <mkr1481@gmail.com>
Change-Id: I9d20d72dfa50f36ee454f56f3c67d063012ef05b
Introduce a TACKER_MODE variable. If this is set to 'all', the
tacker devstack plugin will install other components just like
previous way. If it is set to 'standalone', the tacker devstack
plugin will disable all other services and enable the mysql,
keystone, tacker and horizon services.
Change-Id: I5d7613566ed45aa273848bfe85d76c7a7fe97ba1
Closes-bug: 1633327
Closes-bug: 1620163
python-tackerclient is now available in global
requirements [1]. Moving to use pip dependency
to pull in tackerclient instead of directly
referring to the release tarball.
[1] https://review.openstack.org/334641
Change-Id: I2bc758a56f2371671db60eb626ae87194506c0a4
Currently, when tacker is enabled, some neutron agents are
automatically enabled.
In some case, those are not needed in the same node that tacker is
running.
Change-Id: Iff4daa862a596cdef4ed569c805a2c1e9657ea9a
Closes-Bug: #1548141
