In order to support Python 3.7, pylint has to be updated to 2.0.0
minimum. Newer versions of Pylint enforce additional checkers which can
be addressed with some code refactoring rather than silently ignoring
them in pylintrc; except useless-object-inheritance which is required to
be silented so that we stay compatible with Python 2.x.
This patch adds a new flavor capability to the amphora driver called
'compute_flavor'. This allows an amphora flavor to specify a compute
(nova) flavor to be used for the load balancer instances.
Operators want to have the ability to see amphora flavor information.
But they haven't access permisson of octavia configuration file. So
it is necessary to show amphora flavor information as part of command
'openstack loadbalancer amphora list/show'.
Replace calls to the nova client with calls to the compute driver.
This will help non vm efforts (e.g. zune) and also make the code
easier to break up later.
This also fix build-openstack-sphinx-docs, there was a change introduced
in sphinx 1.6.6:
If the size of __init__.py is less than 2, then the module would be
skipped which will cause the sphinx consistency checking failing later.
There was an edge case where if we were not able to extract nova interface
information our code that extracts the nova fault information would be
bypassed. This patch moves the fault extraction to a point where it will
be able to capture the fault string even if it was network interface
This will enable a number of possible features that need to select
amphorae based on their availability zone.
This would allow for quick-lookups on large lists and could be stale,
but it would be expected that future code that uses this would check
with nova for an update if it needs fully accurate data.
Having it be explicitly "cached" should take care of concerns about
users (operators, in this case) being confused about correctness.
Using simply the word "zone" should address concerns about commonality
between compute providers.
This patch updates the Octavia documentation in support of the
OpenStack documentation migration.
 https://specs.openstack.org/openstack/docs-specs/specs \
Octavia was not exposing the underlying compute driver exception
information to the operator in the octavia logs. This meant debugging
required examining the compute service logs.
This patch will pass through the fault message provided by the compute
driver in the exceptions raised and clarify in the logs when the
nova driver caused the failure.
Some nova deployments automatically select their networks on boot.
We can allow for this by assuming there will be some default network if
the amp_boot_network_list is empty.
Change methods used in backend to authenticate with keystone.
Use autodetection mechanizm for API version and refactor config
options specified in Octavia.
This patch adds an optional configuration setting that allows an
operator to restrict the amphora glance image selection to a specific
owner id. This is a recommended security setting for clouds that
allow user uploadable images.
_extract_amp_image_id_by_tag should always return the last created
image_id, with the amp_image_tag ("amphora" by default), but it won't.
For the sort='created_at' to work, we should use 'desc' as sorting
direction and take the first element from the images list.
In addition, we now limit the length of the returned images list to 2.
The reason is that we don't need the whole list in order to warn the
system administrator that more than one image has the amp_image_tag.
Currently the amp_network is a stringOpt and in code it
translates that to a list for processing. It may
be required to deploy with multiple networks,
a listOpt for amp_network option allows this.
Currently Octavia cannot validate against SSL service endpoints,
which would be keystone, neutron, nova and glance in this case.
This patch adds a config option under nova, neutron and glance
sections to read the specified CA certificate files
for validation. It's slightly different in the case of glance,
because glance session method invocations depend on the endpoint
URL whether it starts with HTTP or HTTPS.
Also added is the "insecure" option for these services in case
the cert validation needs to be skipped.
For keystone, we read config params from keystone middleware. Thus,
instead of defining a new config option, we can make use of it's
Barbican is not added because we do not yet have a barbican endpoint
override in it's config. This could be added in the future as a
separate patch, if needed.
Lastly, unrelated to the above, fixes the amphora REST api default
bind_port in octavia.conf
Deprecated amp_image_id option with the new amp_image_tag option.
Also switched devstack plugin to rely on the tag to update the image
used for new load balancers.
Implements: blueprint use-glance-tags-to-manage-image
Added a new column in lb table for server group id;
Added a new task in compute tasks for creating server group;
Added a new task in dtabase tasks to update server
group id info for lb;
Add server group id in create method in nova driver to support
anti-affinity when creating compute instance
When getting a service catalog from keystone there might be
multiple endpoint types. Adds new parameters to specify
the endpoint type to use in each of the new neutron/nova
Nova config attributes are removed as the endpoint would be retrieved
from the service catalog with respective endpoint_type and corresponding
roles would define nova access.
CONFIG is added as needed and cfg being removed.
In some implementations overriding the neutron and/or nova endpoint returned in
the keystone catalog will be necessary. Adding this will allow that to happen.
Passing region, or any other service lookup, authentication, authorization to
the drivers from the controller worker doesn't make much sense. The driver
implementation should just pull it from the config if the driver needs it.
Otherwise it doesn't matter. The controller technically should know nothing
about how the driver communicates out, or any setup information like that.
It should be up to the driver to decide that.
The nova compute driver currently raises an exception if the
instance has already been deleted.
This patch logs a warning, but does not raise an exception when
the instance being deleted is not found.
Octavia code base should be more generic, because containers
can be used in a near future.
This patch corrects naming methods and fix some docstrings.
The noop drivers suffered from not being updated and just not being tested
with being called within flows like normal real op drivers. This gets the noop
drivers to succeed when called liked other drivers. They do not do anything
and will return fake information whenever it is required they return data.
This can be improved later so that they actually do their own data store, but
that would require a much larger update and I'm not sure there's much value
Used binary compressed encoding of json dumped object. To reduce
the size needed to send heart beats incase some stats objects
start getting sent later on. Also used sha256 instead of sha1
Co-Authored-By: Michael Johnson <firstname.lastname@example.org>
Co-Authored-By: German Eichberger <email@example.com>
Co-Authored-By: Carlos Garza <firstname.lastname@example.org>
Partially implements: health-manager
Added a flow to complete automated failover for an amphora. Added new tasks
to retrieve ports, change port device ids for re-allocating to new amphora,
and added functionality to include existing ports on amphora creation.
Co-Authored-By: Brandon Logan <email@example.com>
Co-Authored-By: Michael Johnson <firstname.lastname@example.org>
Octavia does not support keystone regions and can choose an incorrect
endpoint url when multiple regions provides same services.
This is for fixing the octavia issue.
We ran the Octavia code base through a static code analyser and several issues got flagged.
As an exercise we looked at each issue and are now proposing fixes to the complexity/code style issues.