There are cases where DIB can fail to create an image but devstack
does not abort. This leads the gate job to run all the way down to
starting the tempest test before the job will fail out.
This adds a simple check for the image file and will abort early
if the image is not present.
Change-Id: I7ebf4137feb04827490dffc0dac3d6e4c8888075
Run taskflow jobboard conductor only if amphorav2 provider is
enabled.
Fixes devstack plugin.sh conditions for amphorav2 provider.
Change-Id: I49b587cf748996658859667485400307205d209b
Introduce TaskFlowServiceController which uses taskflow
jobboard feature and saves jobs info into persistence backend.
Jobboard could be operated via RedisTaskFlowDriver or
ZookeeperTaskFlowDriver, that could be set via the config.
RedisTaskFlowDriver is intoduced as default backend for jobboard.
Usage of jobboard allows to resume jobs in case of restart/stop
of Octavia controller services.
Persistence backend saves state of flow tasks that required in
case of resuming job. SQLAlchemy backend is used here.
Bump taskflow version to 3.7.1 and add dependency to
SQLAlchemy-Utils (required for taskflow sqlalchemy
backend support).
Story: 2005072
Task: 30806
Task: 30816
Task: 30817
Change-Id: I92ee4e879e98e4718d2e9aba56486341223a9157
The diskimage-create.sh tool will now default to CentOS 8 when building
CentOS-based amphora images.
This patch also removes leftover references to support for Ubuntu Trusty
and Xenial.
Change-Id: I3aba59c8dd86aeeee28cc6a67af93697912fb55b
Fix an issue that prevents graceful shutdown of controller workers.
cotyledon.Service.terminate function is by definition the graceful
termination function and doesn't have any 'graceful' optional boolean
argument (https://cotyledon.readthedocs.io/en/latest/api.html).
Because of this error, message_listener.wait() was never called in the
consumers' termination functions, so flows could be interrupted before
completion and could leave resources such as load balancer in a
PENDING_* provisioning state.
By default cotyledon.Service terminates the server after a timeout if
the worker could not shutdown itself gracefully. The default value
for the timeout is 300 seconds (set in devstack plugin) and can be
overriden using the graceful_shutdown_timeout setting in octavia.conf
The default value will be updated to a lower value when work on
persistant taskflow will be merged.
Story: 2006603
Task: 36770
Change-Id: I3f776bd018246897c9a889699a2d0ecbbfbb7098
This allows the Octavia devstack plugin to use IPv6 for the service
endpoint as well as for the lb-mgmt-net.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I87917440565ea953ec0d762a7e219d912c56c418
Added the bashate script style checker to the pep8
check target in tox.ini. It actually found two valid
issues - a bad function declaration and a local variable
issue, but mostly just indentation noise. Fixed all the
complaints.
Change-Id: I43b60e7dcf53acf259c8a52b248fbb8c63d3c8d4
When calling ./stack.sh twice, octavia devstack plugin fails because
local certificate directory already exists.
This commit deletes the directory each time a certificate creation
script is called and when the user cleans up his devstack's
installation.
Change-Id: I21dfffa9b30274fa0fa9f365a88222b8f4c89e29
openstackclient 4.0.0 introduced in
I9878f327e39f56852cc0fb6e4eee9105b7141da9 a new format for displaying
columns with complex python types.
It breaks our devstack plugin because we rely on 'openstack port show -c
fixed_ips -f value' to find the ip address of our management port.
This commit fixes the parsing of openstack port show command.
Change-Id: I6c5ebdea8149166f8d0ebb69cfe63692892f5ab9
In some deploy production, using volume based instead of localdisk
to protect data and live migrate can perform.
This patch adds:
- creation a cinder volume for amphora
- boot amphora with cinder volume
- config options for cinder client
- unit tests for cinder functionality
Story: 2001594
Co-authored-by: Vadim Ponomarev <velizarx@gmail.com>
Co-authored-by: Margarita Shakhova <shakhova.margarita@gmail.com>
Change-Id: I8181ed696b9ab556e7741c08839d79167aff8350
This patch updates the devstack plugin to use a dual Certificate
Authority (CA) with intermediate CAs for the Octavia controller
deployment.
This is a more realistic deployment model for testing.
Note: This change uses weak security to save gate resources. Please
refer to the Octavia Certificate Configuration Guide for production
instructions.
Change-Id: I3ec135766c9a1ddb7ac6655c0ee1ccb1e78ead5c
This patch makes sure that the amphora service VMs have an rng
device available to them that by default sources from
/dev/urandom on the compute host.
Depends-On: https://review.opendev.org/675745
Change-Id: Ifc9ce78755b33b6ad88b1a0c4f100c27f35bd77e
This patch changes the devstack plugin to use the infra pypi
mirror if one is declared in the environment.
Depends-On: https://review.opendev.org/675468
Change-Id: Iae839b6e59c43bc4be1e12702b3e2197b038b4c2
This patch adds a note to the diskimage-create README that
reminds users to set the hardware architecture property on the
amphora image if the cloud has multiple architectures available
in nova.
It also sets this property in our devstack plugin to provide an
example/reminder.
Change-Id: I15c2cabb1bced0a5646a3e1aed50bece78afcdce
Configure rsyslog to forward logs to a target host
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Story: 1665069
Task: 33646
Change-Id: I00703f86555cbb574b943794b14a36fbc644f1b2
There are many references to review.openstack.org, and while the
redirect should work, we can also go ahead and fix them.
Change-Id: I02b3758e707319489e03a6cd00766b0b9381dc12
Commit I3082962841d3b645f3cbd1a6b41fc7fb28dcf7e6 removed
octavia/tests/tempest directory
This patch removed other references to this path.
Change-Id: I665503aa4f69308ff31be53824b26faea13d2ad1
Includes some updates to docs and configs and related files to remove
references to neutron-lbaas. Also remove handlers.
Change-Id: I3082962841d3b645f3cbd1a6b41fc7fb28dcf7e6
This is the base patch that updates octavia to use the new octavia-lib.
It is backwards compatible by using debtcollector moves.
It adds a new controller process called the "driver-agent".
This patch also adds unit test coverage for a few additional modules.
Depends-On: https://review.openstack.org/#/c/641180/
Change-Id: I438e1548ec0fb6111d1ab85b05015007d9d0a006
Octavia creates certificates and keys to manage encrypted
communication channel to amphorae.
When debug is enabled, the python taskflow module will log
all the information we provide to tasks (and sub-flows)
when we create amphorae or handle with anything related to
certificates and keys management (rotations, etc).
There are ways to tell taskflow to exclude specific things
from being logged (e.g., I136081045787c1bbe3ee846d5845a34201c57864).
While this handles some information in specific flows from being
logged, it is susceptive to code changes.
To avoid an everlasting whack-a-mole game, this patch will merely
encrypt sensitive information so we can safely log it and decrypts
it only when we need to use it.
Change-Id: I06d329ca53bc36bd27f7870ae7c7ca0cf18575b2
This patch will ensure DIB binary dependencies are installed at an early
phase of deployment. As result, we prevent DIB from failing due to unmet
binary dependencies later on while building amphora images as seen in
[1].
[1] http://logs.openstack.org/81/600381/9/check/octavia-v2-dsvm-\
scenario-fedora-latest/ced40d4/controller/logs/dib-build/amphora\
-x64-haproxy.qcow2_log.txt.gz#_2019-01-18_23_15_52_244
Depends-On: https://review.openstack.org/#/c/630889
Change-Id: I6b7244b6a1398994d1c537f358086e22d1e781c1
This patch makes the following changes in preparation for the new
multi-node gates:
1. Resolves some issues in the devstack plugin in multi-node mode.
2. Removes the legacy non-voting multi-node gates and playbooks.
3. Removes the lxd legacy playbook as the jobs were removed in a previous
patch.
Change-Id: I3fb303a67cc66ec44a4ef4d09a16ed6470cbbaff
This patch adds Cloud Auditing Data Federation (CADF) auditing support to the
Octavia API. This is implemented using the keystonemiddleware audit filter.
Change-Id: I87a7e15171dfaf28b6ed97ca71d4423d18fbdbea
After the upgrade Apache seems unable to reach the Octavia API.
It appears that the devstack plugin.sh enables the octavia-wsgi site,
but fails to restart the Apache server to pick up this change.
This patch corrects that by restarting Apache after any Apache site
changes.
Change-Id: I972c7d7934268131765ce5eebab1d81cc326fd49
The recent change to log the DIB output assumes the /var/log/dib-build
directory does not exist. This is not the case on dev systems.
This patch now handles the case where an old /var/log/dib-build exists.
Change-Id: If4116e2c9b13db64b07ffbc3fd6af13e2373b860
Update the diskimage-create.sh to have a "-l" option to pass into
dib's "--logfile" option. In the devstack job, use this to redirect
the dib output to a separate logfile. Turn on verbose logging by
default for this log.
Copy this in the v1 jobs. v2 jobs are covered by a similar change in
octavia-tempest-plugin: I5bc0d9a3b071733cbe31d618f7236a3c2285b3e5
Depends-On: https://review.openstack.org/612865
Change-Id: Ie639af4266152d4626f8312b1849deeba5048348
We moved "bind_host", "bind_port", "auth_strategy", and "api_handler"
into the api_settings section in the configuration file. These settings
have now reached the end of their deprecation cycle and are being removed.
Change-Id: I323a7bdceae5a8d0e3025800beaf1d0a13c12ef8
This patch allows us to specify special DIB elements via the localrc.
An octavia-tempest-plugin patch[1] linked to this will use this
setting in the gates to configure DIB to use the infra package mirrors.
[1] https://review.openstack.org/#/c/601332
Change-Id: I7444e8941c7175d92c50f1714a87b4181b983829
Setting DIB_REPOREF_amphora_agent with git -c does not work. The option
-c is for passing key-value configurations and git -C option was
introduced in git v1.8.5 which some distros do not include (e.g. CentOS
7.5 ships with git v1.8.3.1). As a result, DIB_REPOREF_amphora_agent is
not set on any git version !=1.8.5.
The alternative that works across all tested Git versions is: git
--git-dir=/.git sub-command
Change-Id: I41993fa0f8bfde4b7ca9509872de5b54e2ed5680
Story: 2003067
Task: 23114
Load balancer topology options are SINGLE and ACTIVE_STANDBY. We default
to SINGLE as it is the default in-code too.
Change-Id: Id5af2397122ca3c031e9a5becccfcdd75506876f
For API drivers which only use API service, devstack needs:
- To skip creation of o-oh0 interface, as there's no amphora VMs
- Create endpoint, roles
Change-Id: I168b9ccc968a680ed2db326435f7523c35e7a020
When running tempest with a high concurrency the service account
will run out of security group quota. This patch increases the
service account security group quota to 100 when using the octavia
devstack plugin.
Change-Id: I1483745963b858463c45db7e85438920f90ca447
It shouldn't be a requirement to put python-octaviaclient into
LIBS_FROM_GIT in local.conf. This commit makes Octavia's DevStack plugin
install it from pip if it's not present in LIBS_FROM_GIT.
Story: 2001830
Task: 12587
Change-Id: I37014a766e27f6117c96aef976fa1e0b5a9ca031
Apparmor will block dhclient from accessing the o-hm0 configuration file
under /etc/octavia. This patch moves our dhclient.conf under /etc/dhcp/octavia
to allow the dhclient to access the file when apparmor is running.
Change-Id: I3153f8bd9237470f406a9edeb4e2a0767fc747b8
Story: 1673269
Task: 5434
This patch adds the OCTAVIA_USE_LEGACY_RBAC variable to our devstack plugin.
When set to True it will install the legacy Admin/Owner RBAC policy.json file
for the devstack Octavia install.
This is useful for tempest testing the neutron-lbaas proxy driver that passes
neutron LBaaSv2 API requests through to the Octavia API.
Change-Id: I5f112131b9c57e394349f29fa1b675643784b867
Options that are unset should not use '' as their default because it
actually puts them literally into the command which will cause it to
skip parsing args after any empty quotes.
Change-Id: I54c0170bad28adb26df87024bd16f31827702f1e
We were using neutron lib/neutron-legacy on our devstack plugin as we
were enabling legacy services. This commit changes it so we rely on
lib/neutron.
Co-Authored-By: Carlos Goncalves <cgoncalves@redhat.com>
Change-Id: I159dd4b371b870dc752fa01f738a2910263e3918
By spliting them up, we can now start Octavia without going through the
extra initialization steps, which are not idempotent (or meant to be
anyway), exiting with error code and preventing from continuing the
so desired start process of Octavia. The split-up will allow Grenade to
call out octavia_start solely for the purpose of starting Octavia
services.
This patch also fixes awk from matching itself when stopping Octavia.
This keeps awk from showing itself in the output, grabbing only relevant
PIDs. Otherwise awk PID is added to PID list resulting in kill command
exiting with error as awk is no longer running. This is equially
important and required grenading Octavia, else an exit error would be
thrown.
Change-Id: I1b53076953eaf1a6c6934a10439d00977c875fec
Somehow it was pulling in barbican-tempest-plugin incorrectly, and
didn't have image size set right for centos.
Also fix the devstack plugin to size the flavor correctly based on the
image size variable.
Change-Id: I724f5064309d07fe05f86fcf2c7a488d9319e54c
The devstack plugin should only use the openstackclient to
interact with OpenStack services via CLI.
This patch fixes both the devstack plugin and the examples.
Task: 5678
Task: 5680
Task: 5698
Story: 2001183
Change-Id: Id30ab0484edb350f0a424a0fc90c381357614b8e
This patch ensure that the proper git format is used based on
the git version, i.e., if the git version is below 1.8.5, it
forces to use git -c -- since -C option is not available.
Otherwise it used git -C.
Change-Id: I9522765fae633f096c095a60f470467c0ff221c0
Story: 2001204
Task: 5709
In plugin.sh, there is only support for neutron reference
implementation, with either openvswitch or linuxbridge agent.
This change allows external devstack plugins to define hooks needed in
devstack.
Change-Id: I1d5797a1becb4201d76c0e522f84dad09804c5b6
Closes-Bug: #1712077
Configures the octavia devstack plugin to use devstack's setup_logging
function to standardize the octavia gate log format.
Octavia processes will now print the version string to the logs on startup.
Change-Id: I094636a983fb0bcac2a1a1445b3487eac88a5e75
Closes-Bug: #1694588
Michael Johnson
Ann Taraday
Carlos Goncalves
Gregory Thiemonge
Adam Harwell
Brian Haley
sapd
German Eichberger
melissaml
Adit Sarfaty
Kenichi Omichi
Nir Magnezi
Ian Wienand
Kobi Samoray
Michał Dulko
Daniel Mellado
Luis Tomas Bolivar
Omer Anson