Commit Graph

240 Commits (65e132a734f005f090a384bfa129482d195c6d6e)

Author SHA1 Message Date
Zuul 80f4647648 Merge "Fix member API handling of None/null updates" 2019-07-27 00:49:25 +00:00
Michael Johnson 48371c98ee Add warning log if auth_strategy is not keystone
A user came to the IRC channel with CLI errors:
"Client-side error: Validation failure: Missing project ID in
request where one is required."

The root cause was the [api_settings] auth_strategy was set to
"noauth" instead of "keystone".

This patch adds a warning log message to the API process that
warns users that typically the auth_strategy should be set to
It also points the user to have an administrator check the keystone
settings in the octavia.conf.

Change-Id: I7793d7a9113b23ac88e7c53d5dc292a70b9453b5
2019-07-11 09:15:00 -07:00
Zuul 3a9df30a9a Merge "Fix pool API handling of None/null updates" 2019-06-24 04:53:43 +00:00
Zuul b2d40c1120 Merge "Fix health monitor API handling of None updates" 2019-06-24 04:32:53 +00:00
Michael Johnson 0ab16921ae Create Amphora V2 provider driver
This patch creates an Amphora v2 provider driver as well as a
V2 controller worker.
This is in preparation for having the amphora driver use the new
provider driver data models and rely less on native Octavia database
It is also a prepartion step for enabling TaskFlow JobBoard as
this work will move to storing dictionaries in the flows instead
of database models.

Change-Id: Ia65539a8c39560e2276750d8e79a637be4c0f265
Story: 2005072
Task: 30806
2019-06-05 14:30:29 -07:00
Michael Johnson a95f748156 Fix health monitor API handling of None updates
The current health monitor API does not properly handle
clearing/reseting values on update. Some integer only fields,
such as max_retries_down, will accept null, but will store the
value as "None". These will will cause failures updating the
amphora configuration.

This patch corrects this to appropriately handle None/null updates
to the health monitor parameters.

Change-Id: Ida1d544933aec9e5cd556aef57a06e9f19f1b255
Story: 2005374
Task: 33533
2019-05-30 11:15:36 -07:00
Michael Johnson fc9163fce9 Fix member API handling of None/null updates
The current member API does not properly handle clearing/reseting
values on update. Some integer only fields, such as weight,
will accept null, but will store the value as "None". These will
will cause failures updating the amphora configuration.

This patch corrects this to appropriately handle None/null updates
to the member parameters.

Change-Id: I41038b1d8d882efa19d991c07dca47f06dcbb5ca
Story: 2005374
Task: 33523
2019-05-29 14:37:13 -07:00
Zuul 09020b6bfc Merge "Add Python 3.7 support" 2019-05-16 06:30:28 +00:00
Michael Johnson db212fc304 Fix pool API handling of None/null updates
The current pool API does not properly handle clearing/reseting
values on update. There was a case where removing the CA and CRL
at the same time could be refused, requiring you to remove the
CRL first, then the CA reference. This patch resolves that issue.

This patch corrects this to appropriately handle None/null updates
to the pool parameters.

Change-Id: Iee8a12b693a09e96e59313e58beffe1b1985084f
Story: 2005374
Task: 31007
2019-05-14 17:51:03 -07:00
zhulingjie ff50886d79 Update hacking version to latest
This resolves extranous "improper escape sequence" warnings on
python 3.6+[1].

Note, this does not resolve those warnings from pylint. There
is already another proposed patch to address pylint[2].


Change-Id: Ie160436913e4d935bab118d31ba10193ac38bd8f
2019-05-14 17:38:58 -07:00
Carlos Goncalves c4faac25de Add Python 3.7 support
In order to support Python 3.7, pylint has to be updated to 2.0.0
minimum. Newer versions of Pylint enforce additional checkers which can
be addressed with some code refactoring rather than silently ignoring
them in pylintrc; except useless-object-inheritance which is required to
be silented so that we stay compatible with Python 2.x.

Story: 2004073
Task: 27434

Change-Id: I52301d763797d619f195bd8a1c32bc47f1e68420
2019-05-14 17:11:22 +00:00
Michael Johnson 930a3236bf Fix listener API handling of None/null updates
The current listener API does not properly handle clearing/reseting
values on update. Some integer only fields, such as connection-limit,
will accept null, but will store the value as "None". These will
will cause failures updating the amphora configuration.

This patch corrects this to appropriately handle None/null updates
to the listener parameters.

Change-Id: I41c9bedd8a3452513af3d409fbacd65ea287f02a
Story: 2005374
Task: 30352
2019-04-22 16:24:14 -07:00
Zuul a728bc000f Merge "Fix setting of VIP QoS policy" 2019-04-03 22:37:52 +00:00
Carlos Goncalves e0c45ce4d2 Fix setting of VIP QoS policy
Load balancers were going in to ERROR when updating vip_qos_policy_id in
two different cases:

- QoS extension enabled: the VIP DB data model was incorrectly
  constructed ('vip_qos_policy_id' where it should have been
- QoS extension disabled: setting an UUID or None would fail in the LB
  update flow as the extension is disabled, and the API would return
  HTTP 202 to the user.

Story: 2004602
Task: 28512

Change-Id: Ie974afa52fe70cbab72b7e7f75bf7ee1015e148c
2019-04-03 14:59:58 +02:00
Michael Johnson f73fe9c084 Fix a lifecycle bug with child objects
In some edge cases, when a request comes in to update a child
resource (member, HM, or l7rule), the API would not always make
sure the parent object (pool or l7policy) was in a mutable status.

This patch fixes this by checking the parent provisioning_status
before allowing a muttable change on a child object.

It also resolves two cases where a parent object status was not being
reset on a reverted flow.

Change-Id: I86f76bebce0993215fd34ccd33251ba1e6c325a9
Story: 2005249
Task: 30043
2019-03-20 12:47:54 -07:00
Zuul 12668dec63 Merge "Fix LB failover when in ERROR" 2019-03-12 23:44:08 +00:00
Zuul 6362aa4a2a Merge "Fix health monitor exception" 2019-03-08 01:29:47 +00:00
ZhaoBo 44833d5d5e Support Host header inject for healthmonitor HTTP 1.1 health check
This patch adds 2 new options for healthmonitor HTTP health check.
'http_version' is for user to specify the HTTP version, 1.0 and 1.1 are
'domain_name' is for user to specify the HTTP host header inject to check
the HTTP backend health.
'domain_name' only available when HTTP version is 1.1

Story: 2002160
Task: 20010
Change-Id: Id3bf3962a02fbf77cf886c40ac64588cbacd3832
2019-03-06 01:24:31 +00:00
Adit Sarfaty f941ca741a Fix health monitor exception
expected_codes validation raised the wrong error

Change-Id: Iebe5331e549d5313a0b71907a0f628e79666eab8
2019-03-05 15:05:00 +02:00
ZhaoBo 25fb7e4c32 Support L7policy redirect http code
Currently, L7Policy already support the redirection by url_prefix.
Then we can support the redirection with HTTP code.

This patch adds an new option 'redirect_http_code' to L7Policy API.

Story: 2003609
Task: 24941
Change-Id: Id0c9c376ffbc2fb10ddb988537d0ef1a8205e586
2019-03-04 15:04:53 -08:00
Zuul 5942aacf02 Merge "Add boolean tls_enabled option into Pool" 2019-03-02 11:57:22 +00:00
Zuul 51e93fe4fd Merge "Add 2 new fields into Pool API for support re-encryption" 2019-03-02 08:13:23 +00:00
Zuul d719a1f359 Merge "Pool support sni cert for backend re-encryption" 2019-03-02 04:16:15 +00:00
ZhaoBo e0e9af3b51 Add boolean tls_enabled option into Pool
Add "tls_enabled" option in Pool API.
This option will work on cert cases or no cert cases.

Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <>
Change-Id: I62e31aaa66748ba652dfd5dbfd5a8b06d9ba0dfe
2019-03-01 00:20:38 +00:00
ZhaoBo 7aa115a553 Add 2 new fields into Pool API for support re-encryption
Add tls_ca_container_id and crl_container_id into Pool API.

Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <>
Change-Id: I6cd6e2ca8e48a5df707a70d22505dec9d752c7eb
2019-02-28 16:20:09 -08:00
ZhaoBo aa7ac7ab73 Pool support sni cert for backend re-encryption
Add 1 fields like Listener does, which is 'tls_container_ref', this
field is introduced into Pool for storage the pool client certificate to
the backend servers, when the traffic willing to bring a cert to the
servers and check for tls connection.

Story: 2003859
Task: 26685
Change-Id: I29b7c7116e6087c942179ed9efdead494ef277a3
2019-02-28 11:36:48 -08:00
Zuul 486eee5862 Merge "Add new ssl header into Listener for client certificate" 2019-02-26 11:07:30 +00:00
Zuul f9bb294206 Merge "Add crl-file option for certification" 2019-02-26 11:07:29 +00:00
Zuul 4f00f7f520 Merge "Add an option to the Octavia V2 listener API for client cert" 2019-02-26 11:04:52 +00:00
Zuul a569a6e935 Merge "Add client_ca_tls_container_ref to listener API" 2019-02-26 10:54:59 +00:00
Zuul 6008859476 Merge "Fix the loss of access to barbican secrets" 2019-02-25 06:22:43 +00:00
ZhaoBo aa1bca0271 Add new ssl header into Listener for client certificate
Add new ssl headers:
'X-SSL-Client-Verify', 'X-SSL-Client-Has-Cert', 'X-SSL-Client-DN',
'X-SSL-Client-CN', 'X-SSL-Issuer', 'X-SSL-Client-SHA1',
'X-SSL-Client-Not-Before', 'X-SSL-Client-Not-After'

Allow users to send to the backend with multiple choices when
tls_terminated is enabled for client certificate.

Story: 2002165
Task: 20020

Change-Id: I112936ee85c9e0dcfb87b962176ba7d623989a30
2019-02-24 23:30:59 +00:00
ZhaoBo 20509e2337 Add crl-file option for certification
Add crl-file in Listener side.

Story: 2002165
Co-Authored-By: Michael Johnson <>
Change-Id: I9e2ec06719fbbfd19482c2b8d39220e7e4ed81e3
2019-02-24 15:29:59 -08:00
Michael Johnson 72b382b46d Fix the loss of access to barbican secrets
The listener delete method could remove access to barbican secrets that
are used on multiple listeners, in different roles.
It is also not thread safe and was un-tested.
This patch removes the "unset_acls" calls from the listener delete method.

Change-Id: Ic832fcd2a5a45993f8414b7514b1a58dcec13de3
Story: 2005041
Task: 29536
2019-02-24 10:57:46 -08:00
ZhaoBo 7a8eb3ce22 Add an option to the Octavia V2 listener API for client cert
Listener API for client cerificate authentication with "None,
Optional, Mandatory" options

Story: 2002165
Task: 20019
Co-Authored-By: Michael Johnson <>
Change-Id: Ia753659981d99b315504f166c09afb8f5b14f195
2019-02-24 01:52:20 +00:00
ZhaoBo 0cc546a7c7 Add client_ca_tls_container_ref to listener API
This patch add 'client_ca_tls_container_ref' into listener API for front
client authentication.

Story: 2002165
Task: 20018
Co-Authored-By: Michael Johnson <>
Change-Id: I8a96d6fdfe53a16d1abcfd09bc6afedd6c490de2
2019-02-24 01:51:35 +00:00
Carlos Goncalves 503e3949f8 Fix LB failover when in ERROR
Load balancers in ERROR provisioning status could not be failed over.

One possible scenario where LBs go into ERROR is when services are
started before compute nodes are up on a cluster reboot:

- Octavia services are started
- Health Manager does not receive heartbeat and triggers failover
- Failover fails due to lack of availabble compute nodes to spawn
  amphora VMs

Story: 2005078
Task: 29657

Change-Id: Ic4b4516cd6b2a254ea32939668c906486066da42
2019-02-22 23:59:14 +00:00
Zuul f309139324 Merge "Fix oslo messaging connection leakage" 2019-02-21 08:41:35 +00:00
Erik Olof Gunnar Andersson ad7e627185 Fix oslo messaging connection leakage
Story: 2004993
Task: 29464

Change-Id: I8e9cca7c0a7eb82b2a029a3ead2486dd1742b65f
2019-02-18 15:28:22 -08:00
Michael Johnson 52ffdd16a6 Add amphora agent configuration update admin API
This patch adds a new admin API that updates an amphora's agent

Change-Id: I41ce6843fb53fa21ab84e5b1d0734e70380d716a
2019-02-11 17:30:53 -08:00
Vadim Ponomarev 05e16a3498 Fix check redirect pool for creating a fully populated load balancer.
Change-Id: Id0f347f9d89e6ca801edb9044302216da4ffbb3b
Story: 2004961
2019-02-07 18:17:09 +03:00
Michael Johnson 1afeeb95d3 Add provider driver capabilities API
This patch adds an API that allows operators to query a provider driver
for the list of supported flavor capabilities.

Change-Id: Ia3d62acdc3b1af2e666f58d32a06d2238706dee6
2019-01-25 12:38:03 -08:00
Michael Johnson 0b1fe6a526 Adds flavor support to the amphora driver
This patch adds support for flavor metadata validation by the amphora driver
and support for setting the load balancer topology via a flavor.
It also adds "flavor_id" to the load balancer table in the database.

Change-Id: I8eae870abdb20dc32917957e32606deef387ec88
2019-01-25 20:34:11 +00:00
Pradeep Kumar Singh 637009ecd0 Add flavor, flavor_profile table and their APIs
This patch adds flavor and flavor_profile tables.
It also implements flavors and flavorprofiles apis.

Partially-Implements: Blueprint octavia-lbaas-flavors
Co-Authored-By: Michael Johnson <>

Change-Id: I99a673438458757d0acdaa46dd8ee041edb3be9c
2019-01-25 12:25:13 -08:00
Michael Johnson 66298f9a48 Add amphora statistics to the admin API
This patch adds an admin API for getting per-amphora statistics.

Change-Id: Ib57b2136dbb41067d6b8949ee42f946f109616e7
2018-12-20 22:28:51 -08:00
Yang JianFeng ae8d6fb2de Add compute_flavor field for amphora api
Operators want to have the ability to see amphora flavor information.
But they haven't access permisson of octavia configuration file. So
it is necessary to show amphora flavor information as part of command
'openstack loadbalancer amphora list/show'.

Story: 2002896
Task: 22986

Change-Id: Ib3ca05d816747d08ef7055ec532b81746468cbf9
2018-12-18 19:48:56 +08:00
wangxiyuan d62189366c Tags support for lb resources
Add tags support for all lb related resources. It includes:
load balancer, listener, member, pool, L7rule, L7policy
and health-monitor

Change-Id: Ib33a002b3b59820db29897454e9d4303c73310b2
Story: 2003890
Task: 26757
2018-12-17 07:58:04 +00:00
Zuul 2deadd3f83 Merge "Remove unused methods." 2018-10-27 08:39:50 +00:00
Vadim Ponomarev be377afcca Remove unused methods.
Remove unused methods _reset_lb_and_listener_statuses, _reset_lb_status,
_reset_lb_listener_policy_statuses from controllers.

Change-Id: I8e5980489bc905daa946ff4e2e7c3ae698d5b0b4
Story: 1655768
2018-10-22 13:56:28 +00:00
Kamil Sambor 8923935df2 Add posibilities to set default timeouts
Default timeouts for backend member and frontend
client can be set now via config file.
Timeouts exposed in config in section haproxy_amphora:
 * timeout_client_data
 * timeout_member_connect
 * timeout_member_data
 * timeout_tcp_inspect

Change-Id: I6e1be42c5c15c4171b012734e4c2a1fded51dbc7
Partial-Bug: 1797130
Story: 2004042
Task: 27046
2018-10-22 12:55:08 +00:00