Add HTTP/2 to default lists of ALPN protocols

The two tested Linux distributions for Wallaby release (Ubuntu 20.04 and CentOS 8) [1] provide a recent enough HAProxy version (>=2.0) that allow us to add HTTP/2 to the default ALPN protocols list for listeners and pools. [1] https://governance.openstack.org/tc/reference/runtimes/wallaby.html Change-Id: I998bea5e7bcdc28962f2f393e204791a0b519910
2021-02-22 17:58:03 +01:00 · 2021-02-22 17:58:03 +01:00 · dd3edb635b
parent 79268cc9e3
commit dd3edb635b
4 changed files with 13 additions and 5 deletions
--- a/etc/octavia.conf
+++ b/etc/octavia.conf
@ -86,11 +86,11 @@

 # List of default ALPN protocols to be used on new TLS-terminated
 # listeners.  Available protocols: http/1.0, http/1.1, h2
-# default_listener_alpn_protocols = http/1.1, http/1.0
+# default_listener_alpn_protocols = h2, http/1.1, http/1.0

 # List of default ALPN protocols to be used on new TLS-terminated
 # pools.  Available protocols: http/1.0, http/1.1, h2
-# default_pool_alpn_protocols = http/1.1, http/1.0
+# default_pool_alpn_protocols = h2, http/1.1, http/1.0


 [database]
--- a/octavia/common/config.py
+++ b/octavia/common/config.py
@ -130,12 +130,14 @@ api_opts = [
               choices=constants.TLS_ALL_VERSIONS + [None],
               help=_('Minimum allowed TLS version for listeners and pools.')),
    cfg.ListOpt('default_listener_alpn_protocols',
-                default=[lib_consts.ALPN_PROTOCOL_HTTP_1_1,
+                default=[lib_consts.ALPN_PROTOCOL_HTTP_2,
+                         lib_consts.ALPN_PROTOCOL_HTTP_1_1,
                         lib_consts.ALPN_PROTOCOL_HTTP_1_0],
                help=_('List of ALPN protocols to use for new TLS-enabled '
                       'listeners.')),
    cfg.ListOpt('default_pool_alpn_protocols',
-                default=[lib_consts.ALPN_PROTOCOL_HTTP_1_1,
+                default=[lib_consts.ALPN_PROTOCOL_HTTP_2,
+                         lib_consts.ALPN_PROTOCOL_HTTP_1_1,
                         lib_consts.ALPN_PROTOCOL_HTTP_1_0],
                help=_('List of ALPN protocols to use for new TLS-enabled '
                       'pools.')),
--- a/octavia/tests/functional/api/v2/test_load_balancer.py
+++ b/octavia/tests/functional/api/v2/test_load_balancer.py
@ -2794,7 +2794,8 @@ class TestLoadBalancerGraph(base.BaseAPITest):
            expected_listener['tls_versions'] = (
                constants.TLS_VERSIONS_OWASP_SUITE_B)
            expected_listener['alpn_protocols'] = (
-                [lib_consts.ALPN_PROTOCOL_HTTP_1_1,
+                [lib_consts.ALPN_PROTOCOL_HTTP_2,
+                 lib_consts.ALPN_PROTOCOL_HTTP_1_1,
                 lib_consts.ALPN_PROTOCOL_HTTP_1_0])

        if create_timeout_client_data is not None:
--- a/releasenotes/notes/add-h2-alpn-protocol-to-default-e2d499d21a5d90d1.yaml
+++ b/releasenotes/notes/add-h2-alpn-protocol-to-default-e2d499d21a5d90d1.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The HTTP/2 protocol is now added to the default ALPN protocol list for
+    listener and pools.