- The details on 'admin' user and its ID doesn't provide significant
information
- The 2nd 'tls_secret1' in the HTTP and TLS-terminated HTTPS section is
not used
Change-Id: Ic8fd7fed4454d1c7c7e66d433655c0d54221e86a
This is the base patch that updates octavia to use the new octavia-lib.
It is backwards compatible by using debtcollector moves.
It adds a new controller process called the "driver-agent".
This patch also adds unit test coverage for a few additional modules.
Depends-On: https://review.openstack.org/#/c/641180/
Change-Id: I438e1548ec0fb6111d1ab85b05015007d9d0a006
Recent patches have missed some updates to the provider driver guide.
This patch corrects those oversights.
Change-Id: Ibf6c4bbfe56bd398e01043486406f3c4aef9db95
Add "tls_enabled" option in Pool API.
This option will work on cert cases or no cert cases.
Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I62e31aaa66748ba652dfd5dbfd5a8b06d9ba0dfe
Add tls_ca_container_id and crl_container_id into Pool API.
Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I6cd6e2ca8e48a5df707a70d22505dec9d752c7eb
Add 1 fields like Listener does, which is 'tls_container_ref', this
field is introduced into Pool for storage the pool client certificate to
the backend servers, when the traffic willing to bring a cert to the
servers and check for tls connection.
Story: 2003859
Task: 26685
Change-Id: I29b7c7116e6087c942179ed9efdead494ef277a3
This patch add 4 new types for SSL connection ACL configuration.
Which are:
L7RULE_TYPE_SSL_CONN_HAS_CERT
L7RULE_TYPE_VERIFY_RESULT
L7RULE_TYPE_DN_FIELD
The first type can just accept the compare type "EQUAL_TO" and value
"True" string.
The second can just accept the int value string to check the certificate
verify result, also just support "EQUAL_TO" compare type.
The third can accept key, the distinguished name field and a match string,
this one supports all kind compare types.
Story: 2002165
Task: 20025
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I71b57d0f32d4839a770396645d2b9945d24f2853
Add crl-file in Listener side.
Story: 2002165
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I9e2ec06719fbbfd19482c2b8d39220e7e4ed81e3
Listener API for client cerificate authentication with "None,
Optional, Mandatory" options
Story: 2002165
Task: 20019
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: Ia753659981d99b315504f166c09afb8f5b14f195
This patch add 'client_ca_tls_container_ref' into listener API for front
client authentication.
Story: 2002165
Task: 20018
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I8a96d6fdfe53a16d1abcfd09bc6afedd6c490de2
This patch validates that a flavor is compatible with using spares
pool amphora. It will also update the amphora-agent config after
a spares pool amphora has been allocated.
This patch enables the ability to update a running amphora's agent
configuration and have the mutatable options be adopted.
The following amphora agent configuration options can be updated:
heartbeat_key
controller_ip_port_list
heartbeat_interval
loadbalancer_topology
This patch adds the support to the amphora-agent and the amphora
driver. A follow on patch will expose this capabililty via the
amphora admin API.
Change-Id: I97bdf5188808193516509f20767e82c0f8d2f5a5
This patch adds an administrator guide for flavors and a release note for
the new flavors feature.
Depends-On: https://review.openstack.org/#/c/624294/
Change-Id: Id6b107994515776e2996d949186c03df4b4295a5
This patch adds an administrator guide that describes the process for
setting up a dual certificate authority configuration for Octavia.
Change-Id: Ibe236a851833ffa24c19695ef67547b504453f9c
This patch adds Cloud Auditing Data Federation (CADF) auditing support to the
Octavia API. This is implemented using the keystonemiddleware audit filter.
Change-Id: I87a7e15171dfaf28b6ed97ca71d4423d18fbdbea
This commit adds the functionality of octavia-status CLI for performing
upgrade checks as part of the Stein cycle upgrade-checkers goal.
It only includes a sample check which must be replaced by real checks in
future.
Change-Id: I8b6d134b0bf5b5c82a19177fed6145ef8aaf7507
Story: 2003657
Task: 26146
A Starlingx patch[1] changed the signature for some openstackdocstheme
methods which is causing Octavia docs to not build.
This patch updates the octavia docs configuration for the new
openstackdocstheme.
[1] https://review.openstack.org/#/c/607298
Change-Id: Id09ab3b78291c28e116f1f4ffb8836eac0537d94
Currently, Octavia only support three actions for L7Policy,
in this patch we will implement new action for L7Policy.
Story: 2003700
Change-Id: Ie99591ede097b566294ebdb673c460442dd6d942
Since Pike we have the failopver command on the load balancer and
this should be used instead of dsabling the port. Added other
minor updates.
Change-Id: I606518d8d9a52104872a08ee18bd6be62c100de3
OpenStack requirements has added pydot to global requirements.
Even though this isn't the proper fix (still pending networkx 2.2 release)
this will resolve the dependency issue for us, so re-enabling our
flow diagrams.
Change-Id: I49856c8fbd7cb6302be4ec97a14b2c10682cf504
This patch is intended to clarify that Octavia is a service project
and not a library. It clarifies that the driver support callbacks are
temporary and will be removed in favor of a driver support endpoint.
Change-Id: Ic9dc596e86d414da1e8e20562f10ad490c51dbd9
The networkx package changed their dependecy model in version 2.1 and
now uses "pydot" and adds the dependency via setuptools "extras".
Unfortunately they only define an "extra" of "all" which installs packages
we do not need and fail to install.
So until the "extras" are fixed in networkx, we need to disable flow
diagraming.
Change-Id: I4f9082c267dc7da14b81cb551eeb10bbf58c175a
See: https://github.com/networkx/networkx/pull/3080
This patch implements the provider driver support library.
This library contains the callback methods that allow provider drivers
to update status and statistics.
This patch also clears some tech debt by correcting the IP addresses
used in some test cases.
Change-Id: I4e91e1b4f7ce611e603ea7aeb17f5c649cdb3c3d
Story: 1655768
Task: 5165
