- Fix loadbalancer stuck in PENDING_DELETE in cascade delete
with TERMINATED_HTTPS listener if TLS storage not available
Closes-Bug: #2077348
Change-Id: Iae2b075de5412bb183db6a21f7f8376801853e00
Signed-off-by: Evgeniy Bykov <chypakabre@gmail.com>
(cherry picked from commit ec9a50599012b99deaf8bb26683fedcd381db1a6)
If a user requests a batch update of the members and includes the same
member twice in the body of the request, taskflow triggers an exception
(because of a duplicate Atom) and the load balancer is stuck in
PENDING_UPDATE. Now the API denies such calls and returns a
ValidationException if a member is updated more than once in the same
call.
Story 2010399
Task 46777
Change-Id: Ide2d5e637e5feb2dad43f952d5be1a195da1ae37
(cherry picked from commit d7b090702523cb07ae4aed0338f9e80fe30791a6)
The previous patch[1] that added a check for Amphora status missed
adding a task that generates the Amphora status information when a
listener is updated.
This patch corrects that by adding the AmphoraeGetConnectivityStatus
task to the firewall rules subflow.
[1] https://review.opendev.org/c/openstack/octavia/+/912599
Change-Id: I325de85b03080db646da847b58c15c3fbbdc6be2
(cherry picked from commit 70f15c54d29d085c6ea4753ac66ee2195c427078)
new pylint release introduces new checkers.
the policy in Octavia is to pin linters on stable branches.
Change-Id: Ie069ca415e8ff8eab2c9bb3db439a950751d8854
When creating a LB + a listener with an allowed_cidr with the
fully-populated API, an issue happened when Octavia validated that the
allowed_cidrs and the VIP ip address have the same IP version. The
vip.ip_address value was not updated in the load balancer object,
forcing the expiration of the DB object before entering _graph_create
fixes this issue.
Note: there's no change in the tests, the test function for this feature
exists, looks correct, and passes successfully, the bug is only
reproducible in octavia-api.
Closes-Bug: 2057751
Change-Id: Ia106d81c1b2588e5d938d2238c8a2f6660bf5ef1
(cherry picked from commit 5d9b23c6021ad961fafc17866c6b8ea50f2dc824)
Octavia replace "limit" with None when it is less 1. (for example 0, -1)
However the further code failed to compare None and int values.
This patch fixes it by validation, that limit is None.
Co-Authored-By: Roman Goncharov <gadzhet007@gmail.com>
Closes-Bug: #2060917
Change-Id: I9bb45a1aca6b7b18644752a3dccc3ebfb7c106ef
(cherry picked from commit 85cfb6c2ae974d110712b5ea673cdafcfecb9e69)
Check that delay field is not UnsetType before further validation
Closes-Bug: #2059894
Change-Id: Ia853d43dc273019c76da09104f31aa7e1b154fec
(cherry picked from commit 824b51a1dad80292b7a8ad5d61bf3ce706b1fb29)
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/2024.1 branch, tests will
continue to use the upper-constraints list on master.
Change-Id: I85ed3a39421a298e7dc08d88f047e537af0f0b78
Ubuntu Focal is no longer part of the tested environments, because of
newer LTS available now (Jammy).
Change-Id: I7a6df974762abdd94784416609304618ce702b6e
As noted on an earlier patch[1], the "SetAmphoraFirewallRules" task was not
checking the Amphora status nor using an API timeout. This could cause failover
flows to take longer than necessary if one of the Amphora is missing.
This patch corrects that issue by honoring both the Amphora status and timeout.
[1] https://review.opendev.org/c/openstack/octavia/+/910101/13/octavia/controller/worker/v2/flows/amphora_flows.py
Change-Id: Ic5e8140b13164267236f0a5d9a48fbd84bcdd688
So far we did not mention the --wait argument when we created Octavia
resources in the cookbook.
This argument will save the user some (loadbalancer show) API calls,
so one won't have to make sure the Octavia resources are ready every
now and then.
Change-Id: If066e420a7ada869f67fbea29c50dc896f8a72ea
This adds a release note to explain updates made recently in redis
jobboard driver[1][2].
[1] 16f6b2e8f65e12ba3bc51529d4a8a828ea2b8b16
[2] bd3ef61a0c0042fb4198ea7746e567ae3ca8a17a
Change-Id: I6c43a0a810f01632696f254a31e9a17c2f2cd73d
There was a mistake in the load balancer create flow where duplicate
tasks were added to the flow when an SRIOV VIP was used. This patch corrects
that by removing the duplicate tasks.
Change-Id: Id3dce30639cce6724d41fd2ccd53612384eba87f
Redis Sentinel client implementation support using multiple sentinel
servers for redundancy, but only a single server from the servers list
was passed down to it.
This uses the new taskflow interface to add fallback servers, and
register the remaining servers in the list as fallbacks.
Depends-on: https://review.opendev.org/c/openstack/taskflow/+/907674
Change-Id: I6b281d2520db0048329b12b33108273ba2f96534
Redis introduced ACL feature in 4.0.0, and this feature is supported by
redis-py since 3.4.0[1]. When ACL is enabled, authentication requires
username in addition to password.
Also this removes the default password string because it can confuse
underlying libraries in case a more strict check such as 'is None' is
implemented there.
[1] 8df8cd54d1
Depends-on: https://review.opendev.org/c/openstack/taskflow/+/907667
Change-Id: Ie85589ab4e02046f54864a10b9b8adce6996d82a
This patch adds the initial nftables support in the amphora for SR-IOV
VIPs. Followup patches will add rules to the nftables chain. As this
point in the patch chain, SR-IOV VIPs will not pass any traffic.
Change-Id: Ib2a1c3f49a26690d2e0e9c7330e047748c0b5105