Description of problem: I'm working on adding container nodes pods and replicators to Control subsystem. - Being able to define and apply control and compliance policies for these entities. - Exposing incoming Kubernetes events as corresponding policy events. [https://github.com/ManageIQ/manageiq/issues/8654]
https://github.com/ManageIQ/manageiq/pull/9601
https://github.com/ManageIQ/manageiq/pull/8815
https://github.com/ManageIQ/manageiq/pull/9538
Forgot to cross-ref the merged https://github.com/ManageIQ/manageiq/pull/9100 which fixed refresh after some events but is also required to propagate them to policy.
https://github.com/ManageIQ/manageiq/pull/9813
https://github.com/ManageIQ/manageiq/pull/9948
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/2c4ceb70d9b7714ed9ce3b9ed852249fea97cfa0 commit 2c4ceb70d9b7714ed9ce3b9ed852249fea97cfa0 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Mon Jul 4 15:50:28 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Tue Jul 19 01:04:17 2016 +0300 Support for propagating container EmsEvents to policy Covers replicators, pods, nodes. - EventStream container_replicator, container_group, container_node associations, to be used as target= of Automate event_action_policy. - Add to MiqEvent::SUPPORTED_POLICY_AND_ALERT_CLASSES. - Include MiqPolicyMixin in their models. - Implement `tenant_identity` on their models. Same code as in images and a few other places; *absolutely* no idea if it makes sense. https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 app/models/container_group.rb | 9 +++++++++ app/models/container_node.rb | 9 +++++++++ app/models/container_replicator.rb | 9 +++++++++ app/models/event_stream.rb | 4 ++++ app/models/miq_event.rb | 5 +++-- spec/models/ems_event_spec.rb | 34 +++++++++++++++++++++++++--------- 6 files changed, 59 insertions(+), 11 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/10eb0142484b8bf61b34a1e1bee808714ce69853 commit 10eb0142484b8bf61b34a1e1bee808714ce69853 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Tue Jul 5 15:56:21 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Tue Jul 19 01:04:34 2016 +0300 Add icons for new replicator, pod, node events https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 .../images/100/event-containergroup_deadlineexceeded.png | Bin 0 -> 2396 bytes .../images/100/event-containergroup_failedscheduling.png | Bin 0 -> 2396 bytes .../images/100/event-containergroup_failedsync.png | Bin 0 -> 2396 bytes .../images/100/event-containergroup_failedvalidation.png | Bin 0 -> 2396 bytes .../images/100/event-containergroup_hostportconflict.png | Bin 0 -> 2396 bytes .../100/event-containergroup_insufficientfreecpu.png | Bin 0 -> 2396 bytes .../100/event-containergroup_insufficientfreememory.png | Bin 0 -> 2396 bytes .../100/event-containergroup_nodeselectormismatching.png | Bin 0 -> 2396 bytes app/assets/images/100/event-containergroup_outofdisk.png | Bin 0 -> 2396 bytes app/assets/images/100/event-containergroup_scheduled.png | Bin 0 -> 2396 bytes .../images/100/event-containernode_failedmount.png | Bin 0 -> 1514 bytes .../100/event-containernode_invaliddiskcapacity.png | Bin 0 -> 1514 bytes .../images/100/event-containernode_nodenotready.png | Bin 0 -> 1514 bytes .../100/event-containernode_nodenotschedulable.png | Bin 0 -> 1514 bytes app/assets/images/100/event-containernode_nodeready.png | Bin 0 -> 1514 bytes .../images/100/event-containernode_nodeschedulable.png | Bin 0 -> 1514 bytes app/assets/images/100/event-containernode_rebooted.png | Bin 0 -> 1514 bytes .../100/event-containerreplicator_failedcreate.png | Bin 0 -> 2488 bytes .../100/event-containerreplicator_successfulcreate.png | Bin 0 -> 2488 bytes 19 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 app/assets/images/100/event-containergroup_deadlineexceeded.png create mode 100644 app/assets/images/100/event-containergroup_failedscheduling.png create mode 100644 app/assets/images/100/event-containergroup_failedsync.png create mode 100644 app/assets/images/100/event-containergroup_failedvalidation.png create mode 100644 app/assets/images/100/event-containergroup_hostportconflict.png create mode 100644 app/assets/images/100/event-containergroup_insufficientfreecpu.png create mode 100644 app/assets/images/100/event-containergroup_insufficientfreememory.png create mode 100644 app/assets/images/100/event-containergroup_nodeselectormismatching.png create mode 100644 app/assets/images/100/event-containergroup_outofdisk.png create mode 100644 app/assets/images/100/event-containergroup_scheduled.png create mode 100644 app/assets/images/100/event-containernode_failedmount.png create mode 100644 app/assets/images/100/event-containernode_invaliddiskcapacity.png create mode 100644 app/assets/images/100/event-containernode_nodenotready.png create mode 100644 app/assets/images/100/event-containernode_nodenotschedulable.png create mode 100644 app/assets/images/100/event-containernode_nodeready.png create mode 100644 app/assets/images/100/event-containernode_nodeschedulable.png create mode 100644 app/assets/images/100/event-containernode_rebooted.png create mode 100644 app/assets/images/100/event-containerreplicator_failedcreate.png create mode 100644 app/assets/images/100/event-containerreplicator_successfulcreate.png
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/a26e738ba9ec386b98ac44cf78cceb6d620e7eb6 commit a26e738ba9ec386b98ac44cf78cceb6d620e7eb6 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Mon Jul 4 15:49:35 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Tue Jul 19 01:04:34 2016 +0300 Propagate ALL the events! (replicators, pods, nodes) Adds replicators, pods, nodes MiqEvents. Make corresponding EmsEvents trigger the MiqEvents. Using prefix `.class.base_model.name.downcase`, which will be required for compliance events (to be added later). https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 .../Kubernetes.class/node_failedmount.yaml | 2 ++ .../Kubernetes.class/node_invaliddiskcapacity.yaml | 2 ++ .../Kubernetes.class/node_nodenotready.yaml | 2 ++ .../Kubernetes.class/node_nodenotschedulable.yaml | 2 ++ .../EmsEvent/Kubernetes.class/node_nodeready.yaml | 2 ++ .../Kubernetes.class/node_nodeschedulable.yaml | 2 ++ .../EmsEvent/Kubernetes.class/node_rebooted.yaml | 2 ++ .../Kubernetes.class/pod_deadlineexceeded.yaml | 2 ++ .../Kubernetes.class/pod_failedscheduling.yaml | 2 ++ .../EmsEvent/Kubernetes.class/pod_failedsync.yaml | 2 ++ .../Kubernetes.class/pod_failedvalidation.yaml | 2 ++ .../Kubernetes.class/pod_hostportconflict.yaml | 2 ++ .../Kubernetes.class/pod_insufficientfreecpu.yaml | 2 ++ .../pod_insufficientfreememory.yaml | 2 ++ .../pod_nodeselectormismatching.yaml | 2 ++ .../EmsEvent/Kubernetes.class/pod_outofdisk.yaml | 2 ++ .../EmsEvent/Kubernetes.class/pod_scheduled.yaml | 2 ++ .../Kubernetes.class/replicator_failedcreate.yaml | 2 ++ .../replicator_successfulcreate.yaml | 2 ++ db/fixtures/miq_event_definitions.csv | 22 ++++++++++++++++++++++ 20 files changed, 60 insertions(+)
https://github.com/ManageIQ/manageiq/pull/10013
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/1efa258543eef606694dbbbe46b45c4513d6dbbc commit 1efa258543eef606694dbbbe46b45c4513d6dbbc Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Sun Jun 26 13:11:50 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 11:15:26 2016 +0300 Define replicators, pods, nodes compliance events https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 db/fixtures/miq_event_definitions.csv | 10 ++++++++++ 1 file changed, 10 insertions(+)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/d1ca5b45454d07f6f5f8f65439edfa8cb1cc9794 commit d1ca5b45454d07f6f5f8f65439edfa8cb1cc9794 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Wed Jul 6 15:18:09 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 13:22:24 2016 +0300 DRY: Centralize policy & condition folder list Continues refactoring from #7132 which created MiqPolicy::UI_FOLDERS. Moved the const from model into controller. Expanded its use instead of hardcoded lists to more places. [2 hardcoded lists still need touching when adding a model to policies: - ApplicationController::TreeSupport#find_record - ApplicationController::PolicySupport#assign_policies but they have different entries so not refactoring them.] Made tooltip & text same on these explorer children. Differences like text => N_("Container Image Conditions") vs tip => N_("All Container Image Conditions") were somewhat inconsistent, had no real value and were wasting translation effort. https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 app/controllers/miq_policy_controller.rb | 11 +++- .../miq_policy_controller/conditions.rb | 2 +- app/controllers/miq_policy_controller/policies.rb | 2 +- app/models/miq_policy.rb | 2 - app/presenters/tree_builder_condition.rb | 22 ++++--- app/presenters/tree_builder_policy.rb | 71 ++++++++++------------ 6 files changed, 57 insertions(+), 53 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/18c1576372ade5d537ec377106dd52340348d656 commit 18c1576372ade5d537ec377106dd52340348d656 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Wed Jul 6 13:23:48 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 13:22:32 2016 +0300 Icons for replicator, pod, node policies in Control explorer https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 app/assets/images/100/miq_policy_containergroup.png | Bin 0 -> 2396 bytes app/assets/images/100/miq_policy_containernode.png | Bin 0 -> 1514 bytes app/assets/images/100/miq_policy_containerreplicator.png | Bin 0 -> 2488 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 app/assets/images/100/miq_policy_containergroup.png create mode 100644 app/assets/images/100/miq_policy_containernode.png create mode 100644 app/assets/images/100/miq_policy_containerreplicator.png
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/dfb0df6e6ea0fa079ff8344199d25d6e0f539ec6 commit dfb0df6e6ea0fa079ff8344199d25d6e0f539ec6 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Thu Jul 14 16:22:03 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 13:22:32 2016 +0300 UI for container replicator / pod / node policies Covers control and compliance policies, conditions, - icons in separate commit. Dropped unused GET /container_image/squash_toggle route. (Everywhere else it's POST only) https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 .../application_controller/policy_support.rb | 3 ++- app/controllers/application_controller/tree_support.rb | 4 +++- app/controllers/miq_policy_controller.rb | 2 +- app/presenters/tree_builder_condition.rb | 9 ++++++--- app/presenters/tree_builder_policy.rb | 18 ++++++++++++------ config/routes.rb | 10 +++++++++- 6 files changed, 33 insertions(+), 13 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/8b81dbcdabb2d937fc0befb53aefda313d0a500c commit 8b81dbcdabb2d937fc0befb53aefda313d0a500c Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Thu Jul 14 16:32:01 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 13:22:32 2016 +0300 Manage Policies + Check Compliance UI on replicators, pods, nodes Assigning policies to whole container EMS (supported since #7132) works for these entities too. https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 app/controllers/mixins/containers_common_mixin.rb | 60 +++++++++++----------- .../toolbar/container_group_center.rb | 11 ++++ .../toolbar/container_groups_center.rb | 17 ++++++ .../toolbar/container_node_center.rb | 11 ++++ .../toolbar/container_nodes_center.rb | 17 ++++++ .../toolbar/container_replicator_center.rb | 11 ++++ .../toolbar/container_replicators_center.rb | 17 ++++++ app/models/container_group.rb | 1 + app/models/container_node.rb | 1 + app/models/container_replicator.rb | 1 + db/fixtures/miq_product_features.yml | 24 +++++++++ 11 files changed, 142 insertions(+), 29 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/b6fec06689cb9b01398855cf3553f6ea19ac02a6 commit b6fec06689cb9b01398855cf3553f6ea19ac02a6 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Sun Jun 26 12:37:44 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 11:15:26 2016 +0300 Icons for replicator, pod, node compliance events https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 .../images/100/event-containergroup_compliance_check.png | Bin 0 -> 2396 bytes .../100/event-containergroup_compliance_failed.png | Bin 0 -> 2396 bytes .../100/event-containergroup_compliance_passed.png | Bin 0 -> 2396 bytes .../images/100/event-containernode_compliance_check.png | Bin 0 -> 1514 bytes .../images/100/event-containernode_compliance_failed.png | Bin 0 -> 1514 bytes .../images/100/event-containernode_compliance_passed.png | Bin 0 -> 1514 bytes .../100/event-containerreplicator_compliance_check.png | Bin 0 -> 2488 bytes .../100/event-containerreplicator_compliance_failed.png | Bin 0 -> 2488 bytes .../100/event-containerreplicator_compliance_passed.png | Bin 0 -> 2488 bytes 9 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 app/assets/images/100/event-containergroup_compliance_check.png create mode 100644 app/assets/images/100/event-containergroup_compliance_failed.png create mode 100644 app/assets/images/100/event-containergroup_compliance_passed.png create mode 100644 app/assets/images/100/event-containernode_compliance_check.png create mode 100644 app/assets/images/100/event-containernode_compliance_failed.png create mode 100644 app/assets/images/100/event-containernode_compliance_passed.png create mode 100644 app/assets/images/100/event-containerreplicator_compliance_check.png create mode 100644 app/assets/images/100/event-containerreplicator_compliance_failed.png create mode 100644 app/assets/images/100/event-containerreplicator_compliance_passed.png
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/c244d44f688f44e884cf5d5414c81888af8e2cae commit c244d44f688f44e884cf5d5414c81888af8e2cae Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Mon Jul 18 17:00:19 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 15:15:05 2016 +0300 Move textual_group_compliance, textual_compliance_history into mixin textual_compliance_history still defined in controller-specific helpers but now just only overrides :title and/or :explorer. https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 app/helpers/compliance_summary_helper.rb | 22 ++++++++++++++++++++++ .../container_image_helper/textual_summary.rb | 21 ++------------------- app/helpers/host_helper/textual_summary.rb | 15 +-------------- app/helpers/vm_cloud_helper/textual_summary.rb | 17 ++--------------- app/helpers/vm_helper/textual_summary.rb | 17 ++--------------- 5 files changed, 29 insertions(+), 63 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/689e496c3f7e48f5d5a4404e814b9c59d1802010 commit 689e496c3f7e48f5d5a4404e814b9c59d1802010 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Wed Jul 20 17:01:54 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 15:15:06 2016 +0300 Show compliance status/history of replicators, pods, nodes https://bugzilla.redhat.com/show_bug.cgi?id=1341253 https://bugzilla.redhat.com/show_bug.cgi?id=1346057 app/helpers/compliance_summary_helper.rb | 3 ++- app/helpers/container_group_helper.rb | 1 + app/helpers/container_group_helper/textual_summary.rb | 4 ++++ app/helpers/container_node_helper.rb | 1 + app/helpers/container_node_helper/textual_summary.rb | 4 ++++ app/helpers/container_replicator_helper.rb | 1 + app/helpers/container_replicator_helper/textual_summary.rb | 4 ++++ app/models/container_group.rb | 1 + app/models/container_node.rb | 1 + app/models/container_replicator.rb | 1 + app/views/container_group/_main.html.haml | 2 ++ app/views/container_group/show.html.haml | 2 ++ app/views/container_node/_main.html.haml | 2 ++ app/views/container_node/show.html.haml | 2 ++ app/views/container_replicator/_main.html.haml | 2 +- app/views/container_replicator/show.html.haml | 2 ++ 16 files changed, 31 insertions(+), 2 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/60be385d0b14e1f50f7a6aec4a2f0a9494bd8683 commit 60be385d0b14e1f50f7a6aec4a2f0a9494bd8683 Author: Beni Cherniavsky-Paskin <cben> AuthorDate: Sun Jul 24 13:47:49 2016 +0300 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Sun Jul 24 14:06:09 2016 +0300 Add replicators, nodes, pods to _policy_folders view Followup to #9813 given #9543. Control -> Policies accordion -> top-level "Compliance Policies" and "Control Policies" -> list on right side. #9813 adds 3 rows to these lists but without this their text is empty. One of many PRs for https://bugzilla.redhat.com/show_bug.cgi?id=1341253 app/views/miq_policy/_policy_folders.html.haml | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-)
Almost done :-) Node events won't trigger control policies until https://github.com/ManageIQ/manageiq/pull/9913 is merged.
Container Node events: lookup ems & name when UID is bad https://github.com/ManageIQ/manageiq/pull/9913 landed on master => I believe this is Done. (needs QE testing of course)
(In reply to Beni Paskin-Cherniavsky from comment #0) > Description of problem: > I'm working on adding container nodes pods and replicators to Control > subsystem. > - Being able to define and apply control and compliance policies for these > entities. > - Exposing incoming Kubernetes events as corresponding policy events. > [https://github.com/ManageIQ/manageiq/issues/8654] Can you please add more description? Actually it should be in the regular format (i.e. how reproducible, Steps to reproduce, etc.).
This was completely a new (big) feature, not a bug. ("Description of problem" was bad wording on my part) Short summary of the feature: - Policies UI: - [x] Can create & edit Control & Compliance policies. - [x] Can add replicator/pod/node events. - [x] Can add conditions, and actions. - Can add the new policies to a Policy Profile and have them run. - [x] Assigning the profile to the EMS works. - [x] Assigning to specific replicator/pod/node works. - Event propogation works end-to-end. - [x] Incoming POD_FAILEDSYNC events trigger a policy triggering a "Generate log" action. - [x] Incoming NODE_REBOOTED event triggers a policy triggering a "Generate log" action. - [x] Incoming REPLICATOR_SUCCESSFULCREATE event triggers a policy triggering "Generate log" action. There are more events, these are just examples. - Compliance: - [x] "Check Compliance" buttons in UI runs compliance policies. - [x] "Mark as non-compliant" action work from a compliance policy. - [x] replicator/pod/node views show compliance status and link to detailed history (from https://github.com/ManageIQ/manageiq/pull/9813 plus https://github.com/ManageIQ/manageiq/pull/9948 see those for screenshots) Longer answer is Policies and Profiles doc: https://access.redhat.com/documentation/en/red-hat-cloudforms/4.1/policies-and-profiles-guide/policies-and-profiles-guide see everything that mentions "container node", "replicator" or "pod" :-) If you prefer a diff, the docs PR that documented this was https://github.com/ManageIQ/manageiq_docs/pull/87/files I assume you're asking from a QE perspective? Last time QE (Pavel pzagalsk) tested this, IIRC the check was essentially: - creating policies via UI for 1 node event, 1 replicator event, and 1 pod event. - creating and assigning "send email" action. - causing kubernetes to emit these events (e.g. rebooting a node) and verifying the action run. Compliance policies are also worth testing, don't remember if he did.
now got it - thanks! :) I'll start working on this...
This bug blocks this issue: https://bugzilla.redhat.com/show_bug.cgi?id=1394805
(In reply to Pavel Zagalsky from comment #28) > This bug blocks this issue: > https://bugzilla.redhat.com/show_bug.cgi?id=1394805 It seems a misconfiguration, Beni please help Pavel with the configuration here.