There is no reason to create internal and admin endpoints in DevStack,
most other services have stopped doing so a long time ago.
Also use the global SERVICE_PROTOCOL variable as default for
OCTAVIA_PROTOCOL instead of "http", this will make us automatically
use the secure API access when the tls-proxy service is enabled.
Fix the instructions for using the devstack plugin, too.
Change-Id: I0154b83cb64952844a28895721694d3e2ff82be2
Clearning tls_versions was throwing a TypeError ('NoneType' object is
not iterable). This patch fixes that and resets tls_versions and
tls_ciphers to their default values set in the API configuration file.
Task: 40607
Story: 2007981
Change-Id: I4540bbb2cb5b1200b268300cb8a9f0ad1e5104a9
Fix "AttributeError: 'dict' object has no attribute 'project_id'"
job octavia-v2-dsvm-scenario-amphora-v2 hit this issue.
Change-Id: I2fc51596434e97d6f4ca2522ceabab8d1f65194e
Disabled UDP listeners appeared as ONLINE, as the heartbeat message
always showed listeners as OPEN, even if disabled.
This commit fixes the configuration file for UDP listeners, previously
enabling or disabling a UDP listener created the same config file. Now
disabling a UDP listener explicitly adds a comment in the file.
Based on this comment, the heartbeat message doesn't include status
updates for disabled UDP listeners.
Story: 2007979
Task: 40605
Change-Id: I400dde533f78bc14ee568bfd9714eafac97e8a39
This package provides rtas_errd which is necessary to process hotplug
events like VIP and member port attachments.
https://bugzilla.redhat.com/show_bug.cgi?id=1862726
Change-Id: I8b20602c5b075a6e47d3f7dc42a1bffb1b7a14ea
This patch fixes the Octavia listener API from accepting the
'insert_headers' parameter for protocols that do not support header
insertion.
Change-Id: I4ec2299b64b180f8b2d8f0b8485a6be9fe32d2eb
Story: 2007967
Task: 40464
Our periodic amphora image build jobs started failing around mid June
with:
"The conditional check 'install_packages|success' failed. The error was:
template error while templating string: no filter named 'success'.
String: {% if install_packages|success %} True {% else %} False {% endif
%}"
Filters have changed in Ansible 2.9 after a deprecation period.
Additionally, install python3-venv and set virtualenv_command (defaults
to Python 2 "virtualenv") as it seems to be required now too.
Change-Id: I3efa89992cc4a8e2645803dd867d7d2f6e39b966
The pyroute2 package version 0.5.13 introduced a bug[1] that breaks
amphora. Unfortunately neutron needs a different fix that is in 0.5.13,
so we are going to work around the problem until we can get pyroute2 fixed.
This patch uninstalls pyroute2 and installs version 0.5.12.
[1] https://github.com/svinota/pyroute2/issues/724
Change-Id: I365d719810de792213da47ebafa46e7e0fd2e9fa
The user log format string has two special parameters: {{ project_id }}
and {{ lb_id }}. These parameters are documented as being wrapped around
double curly brackets and a whitespace, and are being used as so by
operators/installers. However, the actual substitution is single curly
bracket with no whitespace, i.e. {project_id} and {lb_id}. Fix this
issue by aligning the code with the documentation.
Task: 40444
Story: 2007958
Change-Id: Ifdc24033db288ec615391e576c1c77e6b35aba1f
With 1.8.x releases, haproxy consumes a lot of memory when
using 1,000,000 as default connection_limit.
This commit introduces a new configuration option for the Amphora
provider: [haproxy_amphora].default_connection_limit (defaulted to
50,000). This value is used when creating a listener with -1 (which is
the default) as connection_limit, or when unsetting connection_limit in
a listener.
Updating an existing listener by setting connection_limit to -1 also
sets it to default_connection_limit.
The global connection_limit for a load balancer is the sum of the
connection_limit of the listeners, but it cannot be over
HAPROXY_MAX_MAXCONN (which is still 1,000,000).
Story: 2007794
Task: 40046
Change-Id: Ibc525d9a046a5ab7f090a942459d80a2df66ae2e
Task CertComputeCreate requires SERVER_GROUP_ID but this dependency is
missing when nova anti-affinity is enabled and load balancer topology is
SINGLE. This patch fixes this issue.
Task: 40408
Story: 2007943
Closes-Bug: #1888397
Change-Id: I757d84e4624f488382ec4ff9af3f489cd9a85ed3
Recent change [1] improved the reliability and lowered the job duration
significatly (as low as 41m39s per a recent run) [2]. This enables us to
more comfortably (less wait time) and confidently (less timeouts) run
scenario tests on CentOS 8.
Should this job prove to have a record of being stable for a reasonable
amount of time/builds, we can follow up with a patch to promote it to
voting.
[1] https://review.opendev.org/#/c/738246/
[2] https://zuul.openstack.org/builds?job_name=octavia-v2-dsvm-scenario-centos-8
Change-Id: Ia20caacd31ae5a411981a33d9a7f2a6330902760
The configuration option tls_cipher_blacklist has been
deprecated and replaced by tls_cipher_prohibit_list.
Change-Id: I6152838c697e12d19b27343e3a0714e55ca52d88
Neutron now needs to have a router attached to the subnet to provide
the router advertisement messages needed for slaac address
configuration.
This patch adds this router to the lb-mgmt-network, allowing
the amphora instances to configure an IPv6 address.
Change-Id: I638c5c8baf1d76365fff2c99ded9c6b310348710
With the removal of Python 2.x we can remove the unittest2 compat
wrappers and switch to assertCountEqual instead of assertItemsEqual
We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: I3e8725eb77ea947e71d85ea406a60ed94c7bf971
The recent patch[1] that adds a neutron subnet lookup using the user
context is not honoring the interface/endpoint_type or region_name
settings for neutron in the octavia configuration file.
This is causing problems for deployments that use the "internal"
endpoint for neutron and the current code will always return
the "public" endpoint.
This patch corrects this problem by including those filter
parameters when the neutron endpoint is looked up in keystone.
[1] https://review.opendev.org/726042
Change-Id: I7b8f7c7d653b37395f9a660be67f954a3a6f26d9
Story: 2007863
Task: 40173
Running amphora failover against the amphora noop driver was raising a
TypeError (reload() takes from 2 to 3 positional arguments but 4 were
given).
Change-Id: I64172d6995959cf377364584ad9a2395f9ec0605
Remove net.ipv4.tcp_tw_recycle because it has been
removed from kernel since 4.12.
Change for tcp_timeout_time_wait/tcp_timeout_fin_wait
to net.netfilter.nf_*.
Change-Id: I0e3cde5aad9e9b6007f975eafb0205e2912b19d3
Signed-off-by: Mikhail Ushanov <gm.mephisto@gmail.com>
