This patch allows us to specify special DIB elements via the localrc.
An octavia-tempest-plugin patch[1] linked to this will use this
setting in the gates to configure DIB to use the infra package mirrors.
[1] https://review.openstack.org/#/c/601332
Change-Id: I7444e8941c7175d92c50f1714a87b4181b983829
This patch fixes the Octavia v2 API "list" performance regression.
It also corrects some database model forward reference issues.
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Change-Id: Ic110e0e73938743c1aba01aa28f393bae7141cbd
Story: 2002933
Task: 22920
Since Pike we have the failopver command on the load balancer and
this should be used instead of dsabling the port. Added other
minor updates.
Change-Id: I606518d8d9a52104872a08ee18bd6be62c100de3
In Rocky, octavia-tempest-plugin (v2) got a significant bump in test coverage
surprassing existing tempest tests in Octavia repo (v1). The direction
we are pursuing is to move to v2 only anyway and drop v1 altogether once
neutron-lbaas is dropped. Hence, we should also gate on octavia v2 jobs.
This patch also proposes gating on octavia-v2-dsvm-scenario-centos-7 job
and octavia-v2-dsvm-scenario-ubuntu-bionic as check job.
In addition, this patch cleans up remaining leftovers when transitioned
to Zuul v3, as well removes jobs octavia-v1-dsvm-scenario-multinode and
octavia-v1-dsvm-py3x-scenario-multinode from gate list and nuke
octavia-v1-dsvm-scenario-lxd.
Depends-On: https://review.openstack.org/#/c/600118
Change-Id: I7d2d8223e0b876257dd6a639fc92cbb11f0d6338
Octavia is struggling with proper handling of DB connectivity issues
bringing down all running loadbalancers. Octavia tries to failover
amphorae and can fail in one of the following stages:
1. Octavia can't create new amphora because Nova isn't ready yet after
DB outage. Nova-API throws 500, Octavia nukes amphora instance and
won't try to recreate it again.
2. Octavia tries to recreate amphora instance but it gets stuck in
PENDING_CREATE forever.
3. Octavia fails completely reporting DB connection issues, leaving some
amphoras in error, some in pending_delete as bellow: It affects also
HA deployments.
This patch fixes that by wrapping the DB check for health, waiting for
the connection to be re-established and sleeping off the full
"heartbeat_timeout" interval.
Story: 2003575
Task: 24871
Change-Id: I7b30cd31e1ce0cf9dab61484f4404f1c6ccddd5e
We added the configuration option for reserved IP addresses that cannot
be used for load balancer member addresses, but the validation for
batch update members is missing.
This patch should also be backported to stable branches.
Change-Id: Ibd3145cfd8b92a494f7cceff10414d6e153136e9
Story: 2003413
When batch update members request only contains existing members
update, octavia-api raises exception because 'pool_id' is missing.
This patch should backport to stable branches.
Change-Id: I43a9af83a6615d3bffb7ec9c69f8d0b66c03fc97
Story: 2003608
Task: 24940
DNF is the next upcoming major version of Yum. It has been the default
package manager since Fedora 22. This patch tries to use DNF if
available, and falls back to Yum.
Change-Id: Ic011ef8281eb99ae010c61f47a8423bc186c25b7
There appears to be a kernel regression that is leading to KVM failures
again. This patch adds limestone to the exclusion list based on job
failures[1].
[1] http://logs.openstack.org/32/600332/3/check/octavia-v1-dsvm-scenario/ \
467a1e6/logs/libvirt/qemu/instance-00000001.txt.gz
Change-Id: I356c32c27f9803226e9a449c2f81aa1d04af9671
When running stress tests against the Octavia Health Manager it was
observed that the scalability and performance of the health manager has
degraded.
It was observed that the ORM layer was forming poorly optimized queries,
putting excessive load on the database engine and unnecessary code paths
were executing for each heartbeat message.
This patch optimizes the health manager processing of amphora-agent
heartbeat messages by optimizing the database requests, pool processing,
and event streamer code paths.
Change-Id: I2f75715b09430ad139306d9196df0ec5d7a63da8
Story: 2001896
Task: 14381
It's time to raise the bar for Octavia coverage. We have been at >= 90%
coverage for a while now, so I'm comfortable proposing raising the
minimum to 90%.
Change-Id: Icd9024d076d3d1c13e35e7e293af3c4fc8406ddf
Remove all branch specifiers, the project has zuul.d backported and
branch specifiers are not needed.
Use new template for lower-constraints jobs.
Remove queue name from experimental queue, this is not needed.
Change-Id: I80e9a8efcc163e389c8d114063921e43a4b48039
We added the configuration option for reserved IP addresses that cannot
be used for load balancer member addresses, but the validation for lb
graph creation is missing.
This patch should also be backported to stable branches.
Change-Id: I5ba30d29e7a35b370f21d9f68ec43efed74dd363
Story: 2003413
Task: 24555
Currently the amphora-agent is not reporting UDP listener health
when the UDP listener does not have a pool and members.
This patch changes that behavior to report the listener as healthy
if the keepalived process is started and running in the amphora.
This patch also introduces message versioning for the health
heartbeat messages.
It also corrects a few assertEqual tests that had the reference and
actual values backwards.
Change-Id: Ifc28b4991852e59c0d27b4ab3d1afc4e9965e88b
Story: 2003592
Task: 24911
This patch adds a few optimizations when using the amphora driver.
1. It increases the amp_active_retries from 10 to 30. This increases
the time we wait for nova to mark an instance "ACTIVE". The old default
of 10 was one minute forty seconds, but in some clouds it's been observed
that the nova schedule can get overloaded and take longer than a minute
forty to schedule the instance. Setting this to 30 means we will wait
five minutes for nova to schedule the instance.
2. It enables TCP kernel splicing in HAProxy. This has been shown to
reduce the CPU overhead for very high rate TCP load balancers.
3. Finally it enables "safe" HTTP keepalives on the backend member
connections [1]. This increases the request rate possible while using HTTP
protocol listeners and members.
[1] http://cbonte.github.io/haproxy-dconv/1.6/configuration.html#4-http-reuse
Change-Id: I3af009cac9a9edc8aef793b52c6a1488fde2c59b
OpenStack requirements has added pydot to global requirements.
Even though this isn't the proper fix (still pending networkx 2.2 release)
this will resolve the dependency issue for us, so re-enabling our
flow diagrams.
Change-Id: I49856c8fbd7cb6302be4ec97a14b2c10682cf504
At this moment if ca_private_key_passphrase is None loadbalancer
cannot be created due to AttributeError.
Current change adds check for None before encoding.
Story: 2003588
Task: 24896
Change-Id: I40063aa2f96534c12b284f72d16c9f5a72ad1486
This is a mechanically generated patch to switch the documentation
jobs to use the new PTI versions of the jobs as part of the
python3-first goal.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: Ica898daa44f2bbc37789dc10d929060d031f4618
Story: #2002586
Task: #24316
The amphora no-op driver did not get updated properly for the multi-amphora
failover fix.
This patch fixes that issue and corrects the doc strings for the
haproxy amphora driver update_amphora_listeners method.
Change-Id: Ib0d63da7c5599069f5ea50f0dfbc59eefba58c84
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I0ff16a1354bf716f1df938573993cd9254cf6843
Story: #2002586
Task: #24316
The job definition of octavia-v2-dsvm-scenario-ubuntu.bionic has to be
moved over to octavia-tempest-plugin. Follow-up change
I7d2d8223e0b876257dd6a639fc92cbb11f0d6338 will re-define it and change
Iafd31337fed62affc4125e0e1eea0179db5f776d will re-enable the job
execution.
Change-Id: Iaecb484b7eee6e24e85df38a73d4f1f522e2204c
OVH infra hosts are causing "KVM: entry failed, hardware error 0x0"
failures where instances fail to start (cirros, etc.).
This patch excludes OVH instances from kvm enablement until the issue is
resolved.
Depends-On: https://review.openstack.org/#/c/593452
Change-Id: Idedacb0d029e8166b87ede6a7b972e2f6ce74919
Provide a sane return value for get_keepalivedlvs_pid
to ensure that underlying Python libary code does not
throw a TypeError when joining values:
TypeError: join() argument must be str or bytes, not 'MagicMock'
Change-Id: I174bbaf618a845cc246f3b1926d600d03e710de3
This patch adds a configuration option for reserved IP addresses that
cannot be used for load balancer member addresses. By default, this will
include the nova metadata service address 169.254.169.254.
Change-Id: I25de5ed5f6f35afc55dd1154c3e02934fddb100a
Story: 2003413
Task: 24555
We only use them as a consistent hash, not for anything security
related. Even if someone could manage a hash collision or something,
the worst that could happen is their own LB stops working...
So, just tell bandit to ignore them.
Added a docstring to one function to attempt to be extra clear.
Change-Id: Ic337c32020e12183e2246b844ded07a83c6d3ad8
