The amphora agent should be able to add interfaces by using the
/etc/network/interfaces file as well as the /etc/network/interfaces.d/*.cfg
files.
Closes-Bug: #1507889
Change-Id: I7840931fc426a0c74386512dfae3666d223049f8
It some instances it is required to not allow access to the Amphora.
In order to solve both cases make the option configurable.
DocImpact
Closes-Bug: #1515078
Change-Id: I8a04ca86e4111c44a0bf44c8993b87a7acc334a2
Adds the cert manager option the conf file to make it easier
for users to enable Barbican for TLS termination
Change-Id: I38b9fa9b74fd3fc2046dc7e2eb403932e4573479
For booting on systems where upstart isnt used, such as
Debian, an init.d script can be used.
Change-Id: I2fadc32dc73f31d733c424591d64448059de89e3
Closes-Bug: #1502542
On hosts without nested virtualization enabled, network calls
can timeout. This triples the number of retries Octavia attempts
for networking calls.
Change-Id: I31ff9cbbdb073d0ee92971894fac86a2245c93f8
In some cases, such as test environements, it is required
to run with an insecure keystone connection. Allow for a
configuration option to set the verify flag.
Change-Id: I4b0658322b5d737b116d5659551fb2fe4f9e68a1
Updating a listener caused issues because SNI was not being appropriately
handles on a listener update. This has been "fixed" but another patch will be
needed to make sure that every listener update does not clear out the list. I
think it is best to leave that for another review though.
This also fixes the bug where security groups were not getting cleaned up when
a load balancer is deleted. Since neutron does not synchronously remove a
security group from a port, a retry mechanism had to be used and thus more
config options to tune the interval and max attempts.
Change-Id: I0434b8ced144ab08413b91569bd008295ef1784e
Closes-Bug: #1464953
We also set request_poll_timeout to be 3000 in neutron.conf;
This can help to resolve the error for could not ssh to instance for octavia gate-setting.
This patch is needed by https://review.openstack.org/#/c/209675/
Change-Id: I90002a8913dd7db375ff5740a3f9cd5566b82054
Used binary compressed encoding of json dumped object. To reduce
the size needed to send heart beats incase some stats objects
start getting sent later on. Also used sha256 instead of sha1
with hmac.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Co-Authored-By: German Eichberger <german.eichbeger@hp.com>
Co-Authored-By: Carlos Garza <carlos.garza@rackspace.com>
Partially implements: health-manager
Change-Id: I932c693101b94c9132e1741291610508876eab43
This model is used to check amphora health
Add a column 'busy' and primary key for data table amphora health
Add mutiprocessing code in cmd/health_manager, one for health check, the other is for UDP pacakge listening,
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Co-Authored-By: min wang <swiftwangster@gmail.com>
Implements: blueprint health-manager
Change-Id: I8aeb6b82b58b59951a414e7c2e4c2c58c33a5d15
By increasing te times of amphora active retries,we are targeting for octavia gate setting to work.
Change-Id: If81cc13966a0a24368225b89c9678f6b0fdc1a7b
Octavia does not support keystone regions and can choose an incorrect
endpoint url when multiple regions provides same services.
Change-Id: I5ea9de380419592920555a2c2fe7ac6f6935e700
Closes-Bug: #1487359
Config section [oslo_messaging] used to set rabbit config is wrong and not used anymore.
New section [oslo_messaging_rabbit] must be used.
Change-Id: Id06bcdfbfecda202bff13915c4f020bc00e19c3c
Updating config file to include attributes for spare check and db cleanup
Validate the spare amphora count and create new ones when needed
Perform DB cleanup of the expired amphora
Implements: blueprint housekeeping-manager
Change-Id: I98990fbd3a3cb281a70e0eab97f256c960ca5dcb
Adds rest driver methods
Adds rest driver tests
Add cert task for generating server certs
Modified compute task/flow
Fixed local certificate stuff
Refactored to use requests-mock inetad of responses
Added a "conditiobal flow" for REST
Cleaned up and changed the code to work with
https://review.openstack.org/#/c/160034/
Replaces:
https://review.openstack.org/#/c/144348/https://review.openstack.org/#/c/145637/14
Change-Id: Ibcbf0717b785aab4c604deef1061e8b2fa41006c
Co-Authored-By: Phillip Toohill <phillip.toohill@rackspace.com>
Co-Authored-By: German Eichberger <german.eichberger@hp.com>
Co-Authored-By: Stephen Balukoff <sbalukoff@bluebox.net>
Implements: bp/haproxy-amphora-driver
- Added configuration
- Added uploading of haproxy config
- Added start, stop, reload (async)
- Added get_details
- Fixed returns of API -- they are now all spec conform
- Added info, get haproxy file
- Added function to get listener status
- Added class to parse haproxy stats socket
- Added methods to handle certs
- Added client cert validation to the sever
- Added script to generate example certs
- Added init script for agent
- Added network and vip plugging
- Added devstack stuff
- Added diskimage scripts; upstart ini file
Change-Id: Ib1db8da9e019e68e9a0f4a16a622b8b1286afd3e
Implements: blueprint amphora-api
Update haproxy_amphora section with sane defaults
Fixed inconsistency with example conf
Updated controller worker and test to reflect updated config option
Change-Id: Ib178df4476bab3fa220c6955dc57c49e4d8f1066
Adds config value to retrieve key for amphora access
Adds a HAProxyManager class with methods to modify/delete/start/stop an amphora
Modified sample_config to include amphorae on load balancer
Change-Id: I3fc2423a480ecc4b1b732a83fa1d4981c213da47
Implements: blueprint bp/haproxy-amphora-driver
The config loading code for keystone v3 authtokens
require domian paramters, but the keystone middleware
currently doesn't have those configuration options.
This fixes the config loading for the domains.
Change-Id: Ieb1571e64ef52b8e48fe21883d3c9f57c8402a54
Updates controller base to load handler via stevedore
Updates setup.cfg with entry point
Updates octavia.conf for api_handler default example
Updates config.py for api_handler
Updates requirements.txt for stevedore
Change-Id: I67e3da376fad1d48cec7f56f990c4b13ac7f4b83
tenant_name is no longer accepted for the v3 client authentication.
This patch updates that to project_name which is accepted on v3.
Change-Id: Iccc460c1a4bae10ff530ce09888b877bfd5c39f4
Added nova_driver for amphora creation through nova
Added amphora types list and an entry for Virtual Machine type to constants
Added nova version list and available versions to constants
Added amphora status list and UP/DOWN statuses to constants
Added to amphora data_model for reuse in response from nova_driver
Added testing for nova_driver
Change-Id: I6c45dae5dbdd39515f9db02e8765d68871da2762
Partially-Implements: blueprint nova-compute-driver
pymysql does not require any system dependencies so it just
requires a pip install unlike MySQL-Python.
Change-Id: I4839e2995869b6dc857052632701affbd9bfcc5e
Setup executable to use wsgiref.simple_server
Simple setup of pecan
Defined controllers that define the API resources
Implemented all controllers to manipulate database and send to handler
Added repository methods required for creating multiple items in one transaction
Defined a few API exceptions based of wsme exceptions
Defined the wsme types that define the resource response and request bodies
Defined an abstract handler that all handlers should subclass
Defined a simple handler that is responsible for sending to controller
Added some wsme type tests
Implements: bp/operator-api
Change-Id: I0d91934db47a6e45f0c9ac22089f8689957bd239
A basic local filesystem implementation of CertManager and
a local pyOpenSSL implementation of CertGenerator.
Change-Id: I0eb0476afaad8a1bbb2eaaf90564eb63f7872546
Partially-implements: blueprint tls-data-security
Create an interface CertManager for handling certificate data.
Create an interface CertGenerator for signing certificates from CSRs.
Change-Id: I7a18496b9665b74c6ca89c503e68ef33a8581d0f
Partially-implements: blueprint tls-data-security