This change introduces the config file for the oslo-config-generator
command, so that users can easily generate octavia.conf.example without
tox.
Note this change adds parameters of oslo.policy and oslo.middleware
which were missing previously.
Change-Id: I5ea921cf8d63b28c5143f95dbb47802d5018d7a4
The FIPS jobs use centos-8-stream controllers but the image is still
based on ubuntu, this commit updates the amphora images to
centos-8-stream and enable FIPS inside the amphora.
Change-Id: I8916796ed6727a103907a33d3c14e99e1d3734e6
A recent commit [0] sets log_opt_values to INFO in order to display
config options even if DEBUG is not enabled, but it makes our functional
tests 3 times slower because each api test dumps the configuration.
Mock log_opt_values in our API functional tests to speed up the
execution of the tests.
$OS_AUTH_URL was previously used to configure the service_auth.auth_url
setting in octavia.conf but this env var was removed from devstack in
[1]. Switch to $KEYSTONE_SERVICE_URI which was used to set OS_AUTH_URL.
[0] https://review.opendev.org/c/openstack/octavia/+/792697
[1] I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
Change-Id: Ib9123365079502093b355db3430a98928a3a16d1
When cleaning up a devstack environment with amphorav2 enabled,
./clean.sh might fail because redis has already been stopped and
uninstalled.
This commit move the stop_redis step to the octavia_stop step and
ensures that stopping redis doesn't fail.
Change-Id: I987535e90cbf13917c50c5905c64b614188928ec
The disk image create tool can now build aarch64/arm64 amphora images.
The devstack plugin will facilitate image builds and upload to Glance
for this CPU architecture.
Change-Id: I1cebd8a3da58dc56ebbfac22f7802ab7f52585e1
{admin,tenant}_log_targets options are configured with
MGMT_PORT_IP in devstack, which contains the IP address
of the local management interface. In multinode setup,
it means that the second node should run a rsyslog
service to receive logs from amphorae that have been
spawned by its worker.
Change-Id: If2841720009c2e402127e2e0080efdd56b68f6c9
The following jobs with default amphorav2 added as experimental:
* octavia-v2-dsvm-noop-api
* octavia-v2-dsvm-tls-barbican
* octavia-v2-dsvm-spare-pool
* octavia-v2-act-stdby-dsvm-scenario
* octavia-grenade
* octavia-v2-dsvm-cinder-amphora
* octavia-v2-dsvm-scenario-two-node
Note: octavia-grenade-amphorav2 will show valid result
with renamed alias amphorav2 -> amphora.
Change-Id: I03385d93575db4e44a72335c0af4fde490a93b0f
Change I612ea1c583090897bd44453b867d75929a01b7fc [1] removed
diskimage-builder from the root requirements.txt file. Devstack
deployments not setting LIBS_FROM_GIT+=diskimage-builder will not
install diskimage-builder. This means our diskimage-create.sh tool will
fail to build amphora images and abort the deployment.
[1] https://review.opendev.org/#/c/741960/
Change-Id: Id535d2d5ea6c23c9646c568a17d7695f82c0c1a9
This patch adds support for nftables (an iptables replacement) to
the devstack plugin and the amphora agent.
Change-Id: I9e2c4d6e68da67d68c6dfeb3b47edd600d1ba397
With this image driver interface, we align our codebase with other
existing driver interfaces like compute, network and volume.
This interface also allows the amphora provider driver to check for
existence of tagged images at API level (e.g. amphora image tag
capability in Octavia flavors).
Change-Id: Id808c082808fafe1a1e004957ff47eca57f97ee8
As Octavia allows to use RedisTaskFlowDriver or
ZookeeperTaskFlowDriver we should install python clients that
allows to work with redis and zookeeper backends.
Story: 2007892
Change-Id: I7312c8c1057618e909339aa7a4dfeb836f4b8f33
This new diskimage-builder element installs octavia-lib from Git for
source install type image builds rather than from released versions.
To mention some advantages:
1. allow custom octavia-lib versions (useful for development)
2. test unreleased octavia-lib changes in CI
3. install latest changes from master and stable branches
(aligns with approach taken with amphora-agent)
Branch checkout to stable/* from master for octavia-lib DIB element will
be automated on branch create. See https://review.opendev.org/#/c/745877
Change-Id: I6d87b6bd25c536b2bed1994427cd933bdcc091d6
Recent changes to the Octavia tempest tests has caused our test
runs to exceed the default neutron security group rule quota.
This patch increases that quota for the Octavia project in devstack.
Change-Id: I49e92f81b23e0b306c62c406a45029b96dce20df
Currently some phases of the devstack plugin do not have xtrace
enabled, which can make it hard to debug issues in the devstack
plugin.
This patch makes sure that xtrace is enabled while the Octavia
devstack plugin is running so that we can see the commands being
executed. It will restore the previous setting after our plugin
is done running.
Change-Id: Id6828b86779f1daca6a00a03f43c78fe26828f4f
This patch adds a new configuration setting to enable/disable jobboard
functionality in the amphorav2 provider. When disabled, the amphorav2
provider behaves similarly to the amphora v1 provider.
The default setting is jobboard disabled while jobboard remains an
experimental feature.
Change-Id: I063d832f5a049d7ae38378766200c7f82a35996d
There is no reason to create internal and admin endpoints in DevStack,
most other services have stopped doing so a long time ago.
Also use the global SERVICE_PROTOCOL variable as default for
OCTAVIA_PROTOCOL instead of "http", this will make us automatically
use the secure API access when the tls-proxy service is enabled.
Fix the instructions for using the devstack plugin, too.
Change-Id: I0154b83cb64952844a28895721694d3e2ff82be2
Neutron now needs to have a router attached to the subnet to provide
the router advertisement messages needed for slaac address
configuration.
This patch adds this router to the lb-mgmt-network, allowing
the amphora instances to configure an IPv6 address.
Change-Id: I638c5c8baf1d76365fff2c99ded9c6b310348710
In-line with devstack patch [1], switch invocations to find uwsgi in the
path.
[1] https://review.opendev.org/#/c/577779/
Change-Id: I5e6aee49f434820881051874c9ad2628b4fcada7
Change I7ebf4137feb04827490dffc0dac3d6e4c8888075 added 'set -e' in
devstack/plugin.sh, but on devstack cleanup, some commands may fail
because of non-working services (i.e after a reboot).
This commit allows 'openstack keypair delete' to fail on clean up.
Change-Id: Ic782faba3eb907d29b6735ac0a6d6a8a2e104e00
Oslo.policy is moving away from using json format policy files[1].
This patch updates the Octavia documentation, policy configuration file, and
legacy admin-or-owner policy file to be in yaml format.
Octavia will continue to honor and support the json format file as long
as oslo.policy does, but this patch will encourage new deployments
to use the yaml format.
[1] https://docs.openstack.org/oslo.policy/latest/admin/policy-json-file.html
Change-Id: I925cc05981e677c0552b18f845fdbc512d2af22c
There are cases where DIB can fail to create an image but devstack
does not abort. This leads the gate job to run all the way down to
starting the tempest test before the job will fail out.
This adds a simple check for the image file and will abort early
if the image is not present.
Change-Id: I7ebf4137feb04827490dffc0dac3d6e4c8888075
Run taskflow jobboard conductor only if amphorav2 provider is
enabled.
Fixes devstack plugin.sh conditions for amphorav2 provider.
Change-Id: I49b587cf748996658859667485400307205d209b
Introduce TaskFlowServiceController which uses taskflow
jobboard feature and saves jobs info into persistence backend.
Jobboard could be operated via RedisTaskFlowDriver or
ZookeeperTaskFlowDriver, that could be set via the config.
RedisTaskFlowDriver is intoduced as default backend for jobboard.
Usage of jobboard allows to resume jobs in case of restart/stop
of Octavia controller services.
Persistence backend saves state of flow tasks that required in
case of resuming job. SQLAlchemy backend is used here.
Bump taskflow version to 3.7.1 and add dependency to
SQLAlchemy-Utils (required for taskflow sqlalchemy
backend support).
Story: 2005072
Task: 30806
Task: 30816
Task: 30817
Change-Id: I92ee4e879e98e4718d2e9aba56486341223a9157
The diskimage-create.sh tool will now default to CentOS 8 when building
CentOS-based amphora images.
This patch also removes leftover references to support for Ubuntu Trusty
and Xenial.
Change-Id: I3aba59c8dd86aeeee28cc6a67af93697912fb55b
Fix an issue that prevents graceful shutdown of controller workers.
cotyledon.Service.terminate function is by definition the graceful
termination function and doesn't have any 'graceful' optional boolean
argument (https://cotyledon.readthedocs.io/en/latest/api.html).
Because of this error, message_listener.wait() was never called in the
consumers' termination functions, so flows could be interrupted before
completion and could leave resources such as load balancer in a
PENDING_* provisioning state.
By default cotyledon.Service terminates the server after a timeout if
the worker could not shutdown itself gracefully. The default value
for the timeout is 300 seconds (set in devstack plugin) and can be
overriden using the graceful_shutdown_timeout setting in octavia.conf
The default value will be updated to a lower value when work on
persistant taskflow will be merged.
Story: 2006603
Task: 36770
Change-Id: I3f776bd018246897c9a889699a2d0ecbbfbb7098
This allows the Octavia devstack plugin to use IPv6 for the service
endpoint as well as for the lb-mgmt-net.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I87917440565ea953ec0d762a7e219d912c56c418
Added the bashate script style checker to the pep8
check target in tox.ini. It actually found two valid
issues - a bad function declaration and a local variable
issue, but mostly just indentation noise. Fixed all the
complaints.
Change-Id: I43b60e7dcf53acf259c8a52b248fbb8c63d3c8d4
When calling ./stack.sh twice, octavia devstack plugin fails because
local certificate directory already exists.
This commit deletes the directory each time a certificate creation
script is called and when the user cleans up his devstack's
installation.
Change-Id: I21dfffa9b30274fa0fa9f365a88222b8f4c89e29
openstackclient 4.0.0 introduced in
I9878f327e39f56852cc0fb6e4eee9105b7141da9 a new format for displaying
columns with complex python types.
It breaks our devstack plugin because we rely on 'openstack port show -c
fixed_ips -f value' to find the ip address of our management port.
This commit fixes the parsing of openstack port show command.
Change-Id: I6c5ebdea8149166f8d0ebb69cfe63692892f5ab9
In some deploy production, using volume based instead of localdisk
to protect data and live migrate can perform.
This patch adds:
- creation a cinder volume for amphora
- boot amphora with cinder volume
- config options for cinder client
- unit tests for cinder functionality
Story: 2001594
Co-authored-by: Vadim Ponomarev <velizarx@gmail.com>
Co-authored-by: Margarita Shakhova <shakhova.margarita@gmail.com>
Change-Id: I8181ed696b9ab556e7741c08839d79167aff8350
This patch updates the devstack plugin to use a dual Certificate
Authority (CA) with intermediate CAs for the Octavia controller
deployment.
This is a more realistic deployment model for testing.
Note: This change uses weak security to save gate resources. Please
refer to the Octavia Certificate Configuration Guide for production
instructions.
Change-Id: I3ec135766c9a1ddb7ac6655c0ee1ccb1e78ead5c
This patch makes sure that the amphora service VMs have an rng
device available to them that by default sources from
/dev/urandom on the compute host.
Depends-On: https://review.opendev.org/675745
Change-Id: Ifc9ce78755b33b6ad88b1a0c4f100c27f35bd77e
This patch changes the devstack plugin to use the infra pypi
mirror if one is declared in the environment.
Depends-On: https://review.opendev.org/675468
Change-Id: Iae839b6e59c43bc4be1e12702b3e2197b038b4c2
Takashi Kajinami