The CentOS NFV SIG [1] maintains a RPM repository with extra and newer
packages. This includes HAProxy 2.2 as of this time of writing.
[1] https://wiki.centos.org/SpecialInterestGroup/NFV
Change-Id: I2f64a44c566f138c58ea4be53b1ff90a52012950
ALPN is a TLS extension for application-layer protocol negotiation
within the TLS handshake [1].
This patch extends the Pool API to include a new 'alpn_protocols'
parameter. With this parameter, users can set an ALPN preference list
(descending order of preference) to be advertised by load balancer to
members.
This patch also adds HTTP/2 over TLS support to TLS-enabled pools to the
Amphora provider driver, although default the pool ALPN protocol list
configuration setting has HTTP/2 disabled similarly to the default
listener ALPN protocol list value added in Victoria release.
[1] https://tools.ietf.org/html/rfc7301
Change-Id: I91924486bab22601c15c538c8a5282ad8bc54700
Some network parameters can be validated in the API, it would avoid to
handle exceptions in the worker when plugging networking resources.
This commit validates that port_security_enabled is True on the VIP
network when using the amphora driver.
Story: 2008449
Task: 41422
Change-Id: I1236d3c6231a657b2aa53b1e488a4d0fe3215070
Validate that the amphora driver supports the listener protocol when
receving a listener_create request.
It returns an UnsupportedOptionError exception to the user if the
amphora driver doesn't support a protocol that is defined in the API
(ex: SCTP is supported in the API in the Victoria release, but not in
the amphora driver).
Story: 2008545
Task: 41647
Change-Id: I1c5cb987945a7a465bfecfda399dfe93fc1b76bb
There were a few unit test files that didn't match their
code counterparts, so were a little hard to find. Moved
things around to line-up better, leaving only a handful
of exceptions to ignore. Added a test script to check
things so it won't happen again, copied from Neutron.
No actual code was changed, files were just moved around.
Change-Id: I6d84047b3481a2bf6bf9bd17d482fb504dbc752b
publish-openstack-octavia-amphora-image* jobs started failing because
ubuntu no longer provides yum-utils package.
Now dependencies have been cleaned up for the ubuntu job, and the centos
job uses a centos node. The zuul playbook now works on Ubuntu and
RedHat/Centos nodes.
Change-Id: Ifca01d91d8eb92115d56744f4963e91ac537dd8e
Several tasks require amphora_id parameter to be passed in
get_amphora_for_lb_failover_subflow.
Execution passed results in error:
taskflow.exceptions.NotFound: Mapped argument 'amphora_id' <=
'amphora_id' was not produced by any accessible provider
(1 possible providers were scanned).
Also fix getting ID parameter from amphora dict in
AmphoraIndexListenersReload and add missing retries for create_*
resources in v2 worker.
Change-Id: I5ed6288b2776bd7f1c9b67e9cfd9a8f05b1196be
Fix empty UDP pools status: a UDP pool without members went OFFLINE
instead of ONLINE.
This commit changes the keepalived configuration with empty pools:
the configuration now contains a virtual_server and a comment about the
existing pool. This comment is used by the get_udp_listener_pool_status
to detect that the pool exists and is not offline.
Story 2007984
Task 40610
Change-Id: I30e23ca13d033d77c8ebdabbfdc7b54556a9466b
Some functions in unit tests are creating namedtuples that represent
loadbalancers, these sample loadbalancer objects contain a 'protocol'
field that doesn't exist in real objects and isn't used.
Change-Id: I8f191a720a3d38a7f579ed5f587563bfd40cce15
In RHEL-based distros, cron is provided by the cronie package. This package is
missing from the amphora built images.
This patch maps the cron package to cronie for distros in the Red Hat family.
Change-Id: I6fb7889de90e8e5354c1e6ce2c95ec0199ce90e3
Story: 2008351
Task: 41253
W0404: Reimport 'constants' (imported line 17) (reimported)
constants was already imported, just use the first one.
Change-Id: I5d999d72cfe55600238c0daaa22766b7fe716e41
The package cloud-utils-growpart is missing from Red Hat based image
builds which means the root filesystems are not grown on instance
startup which means not much space for things like logs.
This patch maps the cloud-guest-utils package to cloud-utils-growpart.
Change-Id: I3c830a9f0fd21ca10238946721c0f75d01d3ddff
Story: 2008350
Task: 41252
Setting None in tls_versions and tls_ciphers should reset their value
to the default value
Story 2008367
Task 41276
Change-Id: I64a7072b2c4e1a12b5d908647f1eddcad7ec3b90
Add support for removal of all tags by PUTing empty tags array.
Also moved assignment after initial session query for the
object in the listener update path.
Task: #41009
Story: #2008220
Change-Id: I7488f2fae61917f6d4a56cedd05bace7c5e2bc70
Signed-off-by: Andrew Karpow <andrew.karpow@sap.com>
Some package must have moved forward recently, causing
the pep8 job to start failing. Fix the issues since
they're all valid.
Also changed other messages using an exception string
to use str(e) to avoid any possible py3 issues.
Fixes the grenade job to properly build the test server.
Change-Id: I5c98c6d41cc4bce907e09dcb20ede3a9e7268b44
If a call to update loadbalancer status cannot find the
specified listener, the API server will throw an exception:
"Error while updating the load balancer status: 'NoneType'
object has no attribute 'update'"
Change ListenerRepository.update() to check the DB query
returned a record, and if not, raise a NotFound exception
back to the caller.
Change-Id: I6693be3e2d2f0e34f19f07f55b0429f8fda317b2
Task: 41108
Story: 2008254
This patch is a complement of [1] which we ensure
a fresh lb object, but only for AmpListenersUpdate
class.
It was observed, at least on train and ussuri
deployments that multiple failed amphoras were still
happening when using session persistence.
That is fixed and failover works flawless with session
persistence when we also ensure a fresh lb object on
AmphoraIndexListenerUpdate class.
[1] https://review.opendev.org/#/c/756597/
Change-Id: I923accd73e0c9cadc91c115157c576432f428622
Story: 2008099
Task: 40802
The following jobs with default amphorav2 added as experimental:
* octavia-v2-dsvm-noop-api
* octavia-v2-dsvm-tls-barbican
* octavia-v2-dsvm-spare-pool
* octavia-v2-act-stdby-dsvm-scenario
* octavia-grenade
* octavia-v2-dsvm-cinder-amphora
* octavia-v2-dsvm-scenario-two-node
Note: octavia-grenade-amphorav2 will show valid result
with renamed alias amphorav2 -> amphora.
Change-Id: I03385d93575db4e44a72335c0af4fde490a93b0f
assertItemsEqual was removed from Python's unittest.TestCase in
Python 3.3 [1][2]. We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: Id354d9e30b6fa6f4b72116a659d16a2fb8030c87
Align failover_amphora and failover_loadbalancer to use
run_flow.
Also avoid NoneType error in logging of create_health_monitor.
Change-Id: I1b4c18d3bec5ff62adf48d3d751d553eb359ccbe
In what appears to be a race condition, load balancer cascade delete can
fail while deleting numerous pools. The load balancer can still be
deleted with one or more follow-up cascade delete API calls but this is
suboptimal.
Per local testing, the ValueError exception is harmless so we can just
ignore it and continue the pool delete flow, with no orphan resources
left behind resulting from the exception skip.
Task: 41096
Story: 2008249
Change-Id: I9283d9804feb83a1d5a160da48da6146b19da88c
requirements.txt is unnecessary when run tox -e releasenotes,
releasenotes relative stuffs is in doc/requirements.txt
Change-Id: Ia6649ba95bdaa5d4c48f766bc8c1a87bab4f07b3
Fix Object of type 'bytes' is not JSON serializable
error while writing barbican tls data to persistence database.
Also fix _encrypt_listener_dict to encrypt dicts properly:
error - data must be bytes (HTTP 500)
Story: 2007877
Task: 40245
Change-Id: If69b5973e2a82c8e8d323a89eefb426a3986cd8f
There was a bug in the initial PROXYV2 patch that causes pools to
go into ERROR when using PROXYV2 protocol.
This patch corrects that issue.
Change-Id: If403a90ec27721ef63b6ae666fd77dfc9df0295e
Story: 2008237
Task: 41080
There was a bug in the load balancer failover code for the amphora
v1 driver where if there were multiple failed amphora, with session
persistence, could cause a load balancer failover to not complete.
Change-Id: Ia46a05ab9fdc97ed9be699e5b2ae90daca3ab9a2
Story: 2008099
Task: 40802