Use token and endpoint URL to initialize neutron client for the
request user.
Story: 2007619
Task: 39641
Change-Id: I05a541a77f254a77ad5036e1062b61c8ce93b754
There are cases where DIB can fail to create an image but devstack
does not abort. This leads the gate job to run all the way down to
starting the tempest test before the job will fail out.
This adds a simple check for the image file and will abort early
if the image is not present.
Change-Id: I7ebf4137feb04827490dffc0dac3d6e4c8888075
E741 ambiguous variable name 'l'
Change 'l' to another variable in affected code.
Also had to set the latex_engine to 'xelatex' in doc/source/conf.py
in order to get past an openstackdocstheme change the broke the pdf
doc build.
Change-Id: Idd176e40ccf2a79832a5c99140bd30e5e1f9c0d8
Add new configuration option "tls_cipher_blacklist" to octavia.conf.
Blacklisted ciphers are blocked from being used in listeners, pools, or
default cipher strings.
Change-Id: I44fd4da1b47faee9cc01b9426898a28b6f13f223
Story: 2006627
Task: 37168
These classes were deprecated in Stein and marked for removal in Ussuri.
By removing these classes, we fix pep8 issues (catching-non-exception)
we started seeing at the gate with the release of astroid 2.4.0.
Change-Id: I66b2d0687f4edfbcbff99c29c9c5d539e4e7ea7f
Now that we are running the Victoria tests that include a
voting py38, we can now add the Python 3.8 metadata to the
package information to reflect that support.
Change-Id: I3c1e65466fa22747e66b25ea09dd518fcc311723
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I49c63fb53c425a980b7f657acbf25a56688ab9c9
Sem-Ver: feature
When disable a loadbalancer have listener, the Heath Manager not update
amphora heath make it keep failover after heartbeat_timeout end time
Story: 2007587
Task: 39521
Change-Id: Ia6d3f40ae1b9b352492162513c9262748ee67e6f
In the section about creating a key pair for the amphora instance, there
were a few small typos. This change fixes those.
TrivialFix
Change-Id: Ic6af32cc566abb6931ef61c979407780121e4bb6
Signed-off-by: Raimund Hook <openstack@sting-ray.za.net>
* Make sure the user has access to the subnet in the request for
creating or updating pool member.
* Make sure the user has access to port or subnet or network for
creating load balancer
Story: 2007531
Task: 39339
Change-Id: I479019a911b5a1acfc1951d1cbbc2a351089cb4d
The python 3.8 unit test jobs are failing on a
mock.Mock(spec=secrets.Secret) call. Since this is legacy code and
we don't really need to be testing python-barbicanclient code here,
I'm removing the spec= for these tests to stop artificial failures
when running unit tests on python 3.8.
Change-Id: I9132e2d05bf67ddff4f2d7879d799c8dd25bd3c7
This patch adds a test skip for two tests that are impacted by the
recent sqlalchemy 1.3.16 release.
With this release, a patch[1], changes the default commit behavior
of a transaction. With this change we are seeing that the load
balancer created in the tree-create test disappears from the
transaction context during the test and the pool create call will
throw a foreign key error as the load balancer is not in the database.
It's not clear if this is purely a sqlalchemy, pysqlite, or sqlite3
bug at this time.
Given the requirements are already in freeze for the Ussuri release,
we are opting to disable the tests (we know only sqlite is impacted),
instead of attempt to blacklist 1.3.16 in requirements.
[1] 9ebbf8614a (diff-e9762e21a27d8e6c44db6f9dd4edc694R455)
Change-Id: I7910ebe4cff692bab67349bbf3e4ee4e24b5fa7a
This patch introduces 2 macros in lvs.
1. Support HTTP GET, allow users create HTTP healthmonitor for udp pool.
2. Support TCP check, allow users create TCP healthmonitor for udp pool.
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Change-Id: I61c7d8d4df54710a92b8c055be84bba29bf3d7e6
Story: 2003200
Task: 23356
Story: 2003199
Task: 23355
Run taskflow jobboard conductor only if amphorav2 provider is
enabled.
Fixes devstack plugin.sh conditions for amphorav2 provider.
Change-Id: I49b587cf748996658859667485400307205d209b
The devstack plugin code was sourcing a file that was
enabling bash errexit, which was then inheriting it in
later operations that could cause the shell to exit
unexpectedly.
Change both scripts to 'set +e' near exit so sourcing
them doesn't have issues.
Change-Id: I16513b0066c05cd6fc606da341df636094010a34
Flask's stream always returns bytes, file write always takes string.
This causes py3 amps to return 500 on cert rotation AND wipe out the
certificate, so the amphora are no longer controllable and go to ERROR
state. Anyone running py3 amps prior to this patch will experience
amphorae breaking on a timer due to housekeeping cert rotation!
Change-Id: I831b0b48d719397c14d80f8ebcbad997c50c7795
Template was using timeout value instead of delay value.
Also clean up redundant values in the templates (things like retry and
delay_before_retry only need to be specified once at the top level).
Change-Id: I376917e40eb7a92f7f03e691ed9a0c23fd2ce8f8
Introduce TaskFlowServiceController which uses taskflow
jobboard feature and saves jobs info into persistence backend.
Jobboard could be operated via RedisTaskFlowDriver or
ZookeeperTaskFlowDriver, that could be set via the config.
RedisTaskFlowDriver is intoduced as default backend for jobboard.
Usage of jobboard allows to resume jobs in case of restart/stop
of Octavia controller services.
Persistence backend saves state of flow tasks that required in
case of resuming job. SQLAlchemy backend is used here.
Bump taskflow version to 3.7.1 and add dependency to
SQLAlchemy-Utils (required for taskflow sqlalchemy
backend support).
Story: 2005072
Task: 30806
Task: 30816
Task: 30817
Change-Id: I92ee4e879e98e4718d2e9aba56486341223a9157
Pools can now be each be assigned an OpenSSL cipher string with the
field tls_ciphers. A new configuration option, default_pool_ciphers,
specifies what cipher string to use for new tls-enabled pools
if one is not explicitly specified at time of creation.
Change-Id: Iedb7774bfb8d70ea307d6a513248e1fe2389fa34
Depends-On: I77da6f14063877af0077f2c12df1aab5d5ead187
Story: 2006627
Task: 37172
A recent change in oslo.policy has made it register its cli opts on
the global config object. This was done to fix a bug where the opts
passed to the oslo.policy cli tools would get lost once it called
into project code because it was previously using a private config
object.
Octavia had already fixed this bug in a different way by filtering
the args in the enforcer code, which should no longer be necessary
now that the oslo.policy fix has merged.
However, the use of the global config object by the policy cli has
introduced a new problem, which is that after the config object is
initialized you can't register more cli opts. Because Octavia was
registering cli opts on import, this means that when the policy
tools call the Octavia policy entrypoint those opts get registered
and cause a failure.
To fix that, this change moves the cli opt registration into a
function that gets called from config.init so they will only get
registered when running an actual Octavia service. A separate
function was needed because they also need to be registered in
unit tests, and we don't want to actually initialize the entire
config object there. This way they can be initialized properly
in both scenarios.
Change-Id: I48ae260335f67e8ab1a188a94e44a7f1968e6fe9
Listeners will now be able to each be assigned their own OpenSSL
cipher string with a new field: tls_ciphers. There is also a new
configuration option, default_listener_ciphers, which specifies the
cipher string to assign to new listeners when one is not explicitly
specified.
Change-Id: I77da6f14063877af0077f2c12df1aab5d5ead187
Depends-On: Id5f4c20abd40dd092558a711987953012d4ae67f
Story: 2006627
Task: 36839
Zuul
Lingxian Kong
Michael Johnson
Brian Haley
Carlos Goncalves
Dawson Coleman
Sean McGinnis
archiephan
Raimund Hook
Adam Harwell
ZhaoBo
Ann Taraday
OpenStack Proposal Bot
Ben Nemec