This patch adds a test skip for two tests that are impacted by the
recent sqlalchemy 1.3.16 release.
With this release, a patch[1], changes the default commit behavior
of a transaction. With this change we are seeing that the load
balancer created in the tree-create test disappears from the
transaction context during the test and the pool create call will
throw a foreign key error as the load balancer is not in the database.
It's not clear if this is purely a sqlalchemy, pysqlite, or sqlite3
bug at this time.
Given the requirements are already in freeze for the Ussuri release,
we are opting to disable the tests (we know only sqlite is impacted),
instead of attempt to blacklist 1.3.16 in requirements.
[1] 9ebbf8614a (diff-e9762e21a27d8e6c44db6f9dd4edc694R455)
Change-Id: I7910ebe4cff692bab67349bbf3e4ee4e24b5fa7a
This patch introduces 2 macros in lvs.
1. Support HTTP GET, allow users create HTTP healthmonitor for udp pool.
2. Support TCP check, allow users create TCP healthmonitor for udp pool.
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Change-Id: I61c7d8d4df54710a92b8c055be84bba29bf3d7e6
Story: 2003200
Task: 23356
Story: 2003199
Task: 23355
Run taskflow jobboard conductor only if amphorav2 provider is
enabled.
Fixes devstack plugin.sh conditions for amphorav2 provider.
Change-Id: I49b587cf748996658859667485400307205d209b
The devstack plugin code was sourcing a file that was
enabling bash errexit, which was then inheriting it in
later operations that could cause the shell to exit
unexpectedly.
Change both scripts to 'set +e' near exit so sourcing
them doesn't have issues.
Change-Id: I16513b0066c05cd6fc606da341df636094010a34
Flask's stream always returns bytes, file write always takes string.
This causes py3 amps to return 500 on cert rotation AND wipe out the
certificate, so the amphora are no longer controllable and go to ERROR
state. Anyone running py3 amps prior to this patch will experience
amphorae breaking on a timer due to housekeeping cert rotation!
Change-Id: I831b0b48d719397c14d80f8ebcbad997c50c7795
Template was using timeout value instead of delay value.
Also clean up redundant values in the templates (things like retry and
delay_before_retry only need to be specified once at the top level).
Change-Id: I376917e40eb7a92f7f03e691ed9a0c23fd2ce8f8
Introduce TaskFlowServiceController which uses taskflow
jobboard feature and saves jobs info into persistence backend.
Jobboard could be operated via RedisTaskFlowDriver or
ZookeeperTaskFlowDriver, that could be set via the config.
RedisTaskFlowDriver is intoduced as default backend for jobboard.
Usage of jobboard allows to resume jobs in case of restart/stop
of Octavia controller services.
Persistence backend saves state of flow tasks that required in
case of resuming job. SQLAlchemy backend is used here.
Bump taskflow version to 3.7.1 and add dependency to
SQLAlchemy-Utils (required for taskflow sqlalchemy
backend support).
Story: 2005072
Task: 30806
Task: 30816
Task: 30817
Change-Id: I92ee4e879e98e4718d2e9aba56486341223a9157
Pools can now be each be assigned an OpenSSL cipher string with the
field tls_ciphers. A new configuration option, default_pool_ciphers,
specifies what cipher string to use for new tls-enabled pools
if one is not explicitly specified at time of creation.
Change-Id: Iedb7774bfb8d70ea307d6a513248e1fe2389fa34
Depends-On: I77da6f14063877af0077f2c12df1aab5d5ead187
Story: 2006627
Task: 37172
A recent change in oslo.policy has made it register its cli opts on
the global config object. This was done to fix a bug where the opts
passed to the oslo.policy cli tools would get lost once it called
into project code because it was previously using a private config
object.
Octavia had already fixed this bug in a different way by filtering
the args in the enforcer code, which should no longer be necessary
now that the oslo.policy fix has merged.
However, the use of the global config object by the policy cli has
introduced a new problem, which is that after the config object is
initialized you can't register more cli opts. Because Octavia was
registering cli opts on import, this means that when the policy
tools call the Octavia policy entrypoint those opts get registered
and cause a failure.
To fix that, this change moves the cli opt registration into a
function that gets called from config.init so they will only get
registered when running an actual Octavia service. A separate
function was needed because they also need to be registered in
unit tests, and we don't want to actually initialize the entire
config object there. This way they can be initialized properly
in both scenarios.
Change-Id: I48ae260335f67e8ab1a188a94e44a7f1968e6fe9
Listeners will now be able to each be assigned their own OpenSSL
cipher string with a new field: tls_ciphers. There is also a new
configuration option, default_listener_ciphers, which specifies the
cipher string to assign to new listeners when one is not explicitly
specified.
Change-Id: I77da6f14063877af0077f2c12df1aab5d5ead187
Depends-On: Id5f4c20abd40dd092558a711987953012d4ae67f
Story: 2006627
Task: 36839
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Add test-requirements.txt to doc building, hacking is now imported and
needed for autodoc.
Change-Id: I06211ef20131c64deba135123e53d87f3b5356a2
Red Hat/centos do not ship acpid for ppc64le, but others do.
This patch sets up a package map for DIB to exclude the acpid
package on Red Hat family image builds, while allowing it for the
other distros.
Change-Id: Iaef520e5f2a66833228e824ec4fb41f5915169af
Should have done "pad to 8 characters" on the hex conversion, but it was
instead hardcoded to pad a single `0`, which is right in a lot of cases
but not all.
For example:
>>> ip1 = ipaddress.ip_address('98.136.140.23')
>>> ip2 = ipaddress.ip_address('10.1.1.1')
>>> "%X" % ip1._ip
'62888C17'
>>> "%X" % ip2._ip
'A010101'
Change-Id: Ia9fec4e72c00f7086489b245d9dc50ed9c27f12a
healthcheck middleware adds a /healthcheck url that allows
unauthenticated access to provide a simple check when running
octavia-api behind a load balancer
https://docs.openstack.org/oslo.middleware/latest/reference/healthcheck_plugins.html
Co-authored-by: Michael Johnson <johnsomor@gmail.com>
Change-Id: I10db6226750f7b7c703067d2ab82eea3a9875112
Convert all code to not require six library and instead
use python 3.x logic.
Created one helper method in common.utils for binary
representation to limit code changes.
Change-Id: I2716ce93691d11100ee951a3a3f491329a4073f0
Change example string and depend on devstack change to
make sure we won't break.
Depends-on: https://review.opendev.org/#/c/711492
Change-Id: I5ca700b27c3c5be26dc5132fafd9b6cffade2b6b
We missed a line when removing the requirement to grant Octavia
access to the secret in barbican.
This patch corrects that oversight.
Change-Id: I3c6459becc415d6dc0792c44ca75e717b239cd92
On base operating systems that use DNF there can be a systemd timer
that attempts to call out and update the dnf cache every hour.
This patch adds an diskimage-builder element that disables this
timer as most amphora will not be successful in updating this cache
because they do not have network access or DNS services avaialable.
Change-Id: I5dec631d3e66e1dfb6b8741caea89938ee18a7d8
Story: 2007408
Task: 39019
