Announcing the Alpha Release of Capablanca

As ManageIQ progresses toward its next milestone release, the development team is pleased to announce the availability of the alpha release of Capablanca.

Capablanca promises to be a strong update to the ManageIQ cloud and virtualization management platform, and this alpha release will give users an early look at those changes. Users are encouraged to download the alpha and report any bugs found.

Topping the list of user-visible features are:

  • A new container management provider. The provider supports managing Kubernetes clusters, either “plain” or as part of OpenShift.
  • A new container management UI. This new user interface has been designed by the group along with the Red Hat UX team as a modern UI based on the latest technology and UX research. The UI uses the Patternfly/Angular frameworks and includes cool widgets like heat maps and a topology viewer. The UI is exposed under the new top-level “Containers” tab.
  • A Microsoft Azure provider. Work has begun on supporting the management of virtual machines and associated objects on Microsoft Azure. The provider uses the “Azure Resource Manager” RESTful API recently introduced by Microsoft. The API is accessed through a newly developed Ruby gem called azure-armrest. Currently basic inventory collection is available.
  • Revamping the UI to the Angular/Patternfly frameworks. This ongoing work will be completed over the coming releases. One place where you can already see the new UI is in the cloud provider and host editors.
  • Provider cross-linking. ManageIQ now knows that Kubernetes node X is running on virtual machine Y.

In addition, the following technical improvements have been made:

  • ManageIQ runs on Ruby 2.2 and Rails 4.2.
  • The appliance is based on CentOS 7.1, PostgreSQL 9.4.1, and Apache 2.4.
  • The appliance was tested against FreeIPA 4.1 to provide users with two-factor authentication.
  • Work has begun that moves all providers to their own files and directories, and makes them live in their own namespaces. This makes it much easier to add new providers.

These are just some of the new features coming in this alpha release. For a complete list of new and updated features, see the release notes.

The Capablanca alpha can be downloaded now. Either use the site's download workflow or choose what you want from the list of available images.

This is a companion discussion topic for the original entry at
1 Like

How can I add an openshift provider? While I was able to validate a token, I’m not sure how to give the user in OpenShift adequate permissions for it to view the necessary pieces of OpenShift. Right now, I get a 403 when refreshing the OpenShift provider because the service account’s token I use in OpenShift doesn’t have permissions to see everything in the cluster. Is there a document that describes the permissions the service account in OpenShift needs and how to make the permission changes? Thanks!

@abonas @simon3z Can you help out @jameslabocki?

Thanks. @abonas and @simon3z any help our pointers as to how to setup the service account properly or minimum permissions required in OpenShift via the container provider would be greatly appreciated!

Hi @jameslabocki I am currently working on a tool that will automate the account creation for manageiq.

Meanwhile I can share with you the basic steps:

# cat manageiq-sa.yaml
apiVersion: v1
kind: ServiceAccount
  name: manageiq
  namespace: default

# oc create -f manageiq-sa.yaml

# osadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:default:manageiq

# oc get secrets

Pick one of the two manageiq tokens and:

# oc get secrets <manageiq-token-name> -t '{{.data.token}}' | base64 -d
(...token to use in manageiq...)

Some of these parameters are still uncertain (e.g. cluster-reader may not be enough and we’re working with openshift to prepare a special role for us), but anyway this should get you up and running.

I have improved the simon3z’s script so it does everything automatically:

oc create -f - <<EOF
apiVersion: v1
kind: ServiceAccount
  name: manageiq
  namespace: default

openshift admin policy add-cluster-role-to-user admin system:serviceaccount:default:manageiq
openshift admin policy add-cluster-role-to-user cluster-admin system:serviceaccount:default:manageiq

kubectl get secrets `kubectl describe serviceaccount manageiq | awk '/Tokens:/ { print $2 }'` -t '{{.data.token}}' | base64 -d

Please note that:

openshift admin policy add-cluster-role-to-user admin system:serviceaccount:default:manageiq

is just a temporary workaround for a couple of extra permission we need at the moment (it shouldn’t be necessary in the future).