Fixed: Consider using {} instead of a call to 'dict' (use-dict-literal)
Fixed: Unnecessary parens after '=' keyword (superfluous-parens)
Fixed: Metaclass class method __new__ should have 'mcs' as first
argument (bad-mcs-classmethod-argument)
Added: Raising too general exception: Exception (broad-exception-raised)
to the ignore list
This new warning should be addressed in a follow-up patch, not in a
quick fix for unblocking the CI.
Change-Id: I1fdb804d7b561bb3a746d14a51b50edcd445dbe6
When enabling INFO-level logs in taskflow and using jobboard with
amphorav2, taskflow prints the string representation of a job when it is
completed. It includes the parameters of the flow, which might include
private information from TLS-enabled listeners and pools such as
certificates, private_key and intermediate certificates.
This commit filters out the private information from the logs by using
logging.Filter, it replaces private attributes with '***'.
Story 2010523
Task 47125
Change-Id: I2df8a49851feb1445b5128ce99b880ddb77782ad
- scripts were not in allowlist for pep8 environment
- skipsdist setting breaks the docs environment
Change-Id: I5ac930e0d3928bb8acba4212dfff25f788acd442
Creating a listener with the fully-populated API was broken in SINGLE
topology, one required parameter was missing from the flow.
Story 2010488
Task 47060
Change-Id: I98cce51a2536bcf204e5753ce4984af57e7e69e3
If a HTTPS termination listener exists, set the tune.ssl.cachesize
setting to use about half of the available
memory (free + buffers + cached) on the amphora minus the memory needed
for network sockets based on the global max connections setting.
A larger SSL cache allows for more resumed SSL sessions and
therefore less computationally expensive SSL handshakes.
Change-Id: I87efba18017aa3e8b9b3cc812664efc11af1c4c4
nohz_full (or full dynticks) is a Linux kernel setting that should reduce
kernel noise on configured CPUs to a minimum. This change activates this
setting on all vCPUs except the first one.
Change-Id: Ie009aff52d572873da0bb5cc43fedd7f3325dccc
Uses the amphora agent for optimizing HAProxy for vertical scaling:
Set cpu_map setting so that HAProxy pins each of its worker threads to
one specific CPU (except CPU0, which remains reserved for other tasks).
In order not
to change previous behavior this feature will only be enabled if the
amphora image was built with vCPU vertical scaling enabled (the new
default).
This change assumes an amphora image with HAProxy version 1.5 or higher.
Story: 2010236
Task: 46043
Change-Id: Ifbbe714c66117e57f96614534e6f20a9634c26eb
The new "cpu-pinning" element optimizes the amphora image for better
vertical scaling. When an amphora flavor with multiple vCPUs is
configured it will configure the kernel to isolate (isolcpus)
all vCPUs except the first one.
Furthermore, it uninstalls irqbalance and sets the IRQ affinity to the
first CPU. That way the other CPUs are free to be used by HAProxy
exclusively. A new customized TuneD profile applies some more tweaks
for improving network latency.
This new feature is disabled by default in diskimage-create.sh.
Story: 2010236
Task: 46042
Change-Id: I1a0591de79be867483a044705e866b2368b2a567
Before restarting haproxy, the amphora-agent dumps the state of the
servers in a file, so when haproxy reloads, it can recover the operating
state of its backends' members.
But with haproxy 2.4 (in Centos 9 Stream), it fails with a "corrupted
global server state file" error when reading this file. It seems that
most recent haproxy releases have a more strict validation of the format
of the file and ensure that it is terminated with a newline.
This commit adds a newline to the file (all the responses to haproxy
queries are stripped in the amphora-agent). It fixes the issue on Centos
9 Stream (and turns off a warning on Ubuntu).
Story: 2010442
Task: 46873
Change-Id: I00e327e1d94e46aa13a38120df9865ec34eaa593
A commit [0] has changed the behavior of the task that waits for a
compute server to be active. The task used to have a loop that was
waiting until the server was active, it is now using a Retry feature in
taskflow: the task throws an exception if the server is not active,
taskflow marks the task as failed, but it retries to execute it later
(until a max number of retries).
The exception thrown by the task should be hidden to the user, it is not
a real error, but it is part of the workflow. The exception is correctly
filtered out when jobboard is enabled, but it is not when jobboard is
disabled.
[0] I174e63cfe176e1792d0bbcd348dbc9115544e297
Story https://storyboard.openstack.org/#!/story/2010369
Task 46595
Change-Id: I282fa6a4ce43f0d2cb9cba48b7149ef66ede44fc
The prometheus-proxy service is called octavia-prometheus-proxy in RDO's
RPMs [0].
Add a svc-map for the service name to fix the amphora-agent element for
these distros.
[0] https://review.rdoproject.org/r/c/openstack/octavia-distgit/+/44152
Partial-Bug: 1992668
Change-Id: Ie739cd582103d1aab3021c56654e395b5919358f
If castellan is used, it requires one of the following context types to
be provided during init: KeystonePassword, KeystoneToken or
RequestContext [1]
Also it makes sense to be consistent across projects and with
oslo_context regarding context class naming.
[1] 86712360f3/castellan/key_manager/barbican_key_manager.py (L208-L210)
Change-Id: Ic08ad89b4e07e0fe8a80b3e5db6d50276aafff82
Currently castellan can't be configured through octavia.conf as
conf is not passed while initializing backend.
Also document castellan configuration options in reference.
Change-Id: I30b81866989c22b94fb77e62e7abd180f0f0af50
This patch fixes the creation of a full loadbalancer graph in case the
jobboard_enabled config value is False, when no "listeners" parameter was
passed to the get_create_load_balancer_flow function call: use kwargs as the
flow creation function parameters and handle "store" separately.
Story 2010335
Task 46462
Signed-off-by: Anton Kurbatov <Anton.Kurbatov@acronis.com>
Change-Id: Id328b27db1ec9c8e17bf18120259e41e75dab3b9
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I13b614b7e24bccef715043562e20df8488f489a8
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Idd228074e38fb56a137e7edb4667464df1420f46
A previous patch [0] introduced a keepalive mechanism that allows a
controller to notify taskflow that a task is being executed.
But it doesn't handle "resumed" tasks (tasks that have been rescheduled
from one controller to another controller).
This patch moves this keepalive task in a thread that is attached to a
taskflow conductor, the thread will extend the expiration of the tasks
that are executed by this conductor.
[0] I6619ba117f7051fe44086389789bc6e2810fd23d
Story 2009998
Task 45089
Change-Id: I29fcad9e121a30d6e8f8178f2f078cf10771a32a
Gregory Thiemonge
OpenStack Release Bot