The provided etc/octavia.conf file is typically installed by system
packages. It is important to set correct configuration option names and
default values even when commented out.
Task: 37525
Story: 2006891
Change-Id: Ia9da64d76e31422464af9d24b675094f25350f48
The "Show Provider Flavor Capabilities" would silently ignore
filtering parameters passed into the API. This patch corrects this
such that you can filter the providers capabilities list.
Change-Id: I9a2aa4ed5b4ef60545c60a6d5bd06066ef361a56
Story: 2006817
Task: 37377
There is a potential race condition in the start order for the
amphora-agent service and the certs-ramfs service.
This patch configures an explict ordering for the services.
Change-Id: I8e449b19af72d72f6effd52e0a2debb5754a19b3
Story: 2006823
Task: 37396
Currently the keepalivedlvs_query script calls ipvsadm -Ln --stats
to query the local lvs for connection information. If any of these
values grow large enough they will be abbreviated with human-
friendly suffixes (K, M, G) and cause the get_ipvsadm_info func
to raise an exception when it receives a non-integer value from
its command output. By using the --exact argument in addition to
the existing arguments, we can ensure the output is always expanded
numbers, per the ipvsadm man page, and will only ever offer integer
outputs to the get_ipvsadm_info command.
Change-Id: I2e8c0be2221c0c23b752fdf2cdff065cddf830a5
Story: 2006791
Task: 37331
The single process patch changed the way listeners and load balancers
are deployed inside the amphora. This caused listeners with SNI
enabled to load all of the certificates for all of the TLS enabled
listeners on a load balancer.
This patch corrects that by configuring each listener with a
specific list of certificates.
Change-Id: I2f3c7ab4137dbd84d77a6a6b675975af406249d0
Story: 2006758
Task: 37252
If the list of changes was empty, the worker would fail to fetch the
pool because it was retrieved implicitly from one of the changed
members. Pass it explicitly instead, and also short-circuit on NOOPs.
Story: 2006719
Task: 37090
Depends-On: https://review.opendev.org/#/c/688546/
Change-Id: I161a522abad4a2aa521ea46cb1065c5b05a2cd2e
Mocks were done slightly incorrectly for pyroute2, correct this and add
a missing mock for os.path.isfile since it only coincidentally worked.
Change-Id: Id178784ebb4a9da348d295201fd6aa715c5b4abe
This allows the Octavia devstack plugin to use IPv6 for the service
endpoint as well as for the lb-mgmt-net.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I87917440565ea953ec0d762a7e219d912c56c418
Previously, if a secret became unavailable in barbican, the user saw
a generic error raised from the barbican client and was unable to delete
load balancer resources. This patch corrects both of those issues.
Change-Id: I97bd1b2a97a44d0a0566ae56167fa4f2e503ee2d
Story: 2006676
Task: 37012
Task: 37077
It appears that these are required to have the upper constraints properly applied. We need to revert this change.
This reverts commit 7b8e6de1b8230e5d31ca36624e7fdfba25e3e077.
Change-Id: I4941df3894148482c597d30f3a8db70659fd1b7a
This patch adds a cookbook section for creating backend re-encryption
pools with optional client authentication.
Change-Id: If2a732d7b692f3cd6c422efbb1f71103ffecc4c9
This patch adds a cookbook section for creating client authentication
enabled listeners.
It also removes two references to granting access to secrets in
barbican that are no longer required.
Change-Id: Iaada1b5d519bfc57528aa15bae8c0ee2b55f0567
Octavia was using train jobs template: openstack-python3-train-jobs
but now we are in Ussuri cycle so let's switch to new template.
Modeled after neutron change https://review.opendev.org/#/c/688104/
Change-Id: I824c3ed541cfd42e3c8f02be5da694f42f40d7c2
Since the base testenv tox target sets `usedevelop=True`, tox will
install the application (Octavia) into the virtualenv as well. Since
installing Octavia will install everything in requirements.txt, we don't
need to specify it again in tox.ini.
Change-Id: I31bdb2956ae37d1116069c2b37656ce2ee3c2dd5
Use the bandit testenv block in tox.ini instead of inlining
it. Also changed the call back to '-x tests' since that is
correct syntax, it was just broken in version 1.6.0, which
is now in the blacklist.
Change-Id: Id0bf1c6b1633ffb4143c7628b722434faf433d7d
Added the bashate script style checker to the pep8
check target in tox.ini. It actually found two valid
issues - a bad function declaration and a local variable
issue, but mostly just indentation noise. Fixed all the
complaints.
Change-Id: I43b60e7dcf53acf259c8a52b248fbb8c63d3c8d4
CentOS sets a restrictive umask by default that will override the
rsyslog file permissions settings. This can cause our tempest tests
to no be able to read the log offload files in our CentOS gate jobs.
This patch clears this umask override in the devstack rsyslog
configuration.
Note: This is a global setting for rsyslog and you probably do not
want to set this outside of a testing environment.
Change-Id: I5962e335acff79152fa49c27c883aef2879593db
Re-factored code to not insert a log-format line in haproxy
config when 'no log' is set in the template. Adjusted tests
as necessary.
Story: 2006181
Task: 35706
Change-Id: I8a0cdf7ee912d39d9ac24244728094a1d1e15c63
This patch adds the Amphora image building guide from the
diskimage-create README.rst to the Administration documentation.
It also re-organizes the Adminstration guides to be broken down
by category as the old page was becoming a long list of guides.
(I like that kind of problem)
The diskimage-create README has a few formating corrections to make
it render better for the documentation.
Change-Id: Ice4071e1f872c8c0d0595427cff6f02ffbcf7968
The value of gunicorn's option 'cert_reqs` for client-cert requirement
does not take a boolean, but rather `ssl.CERT_REQUIRED` which is `2`.
Story: 2006660
Task: 36916
SecurityImpact: CVE-2019-17134
Change-Id: I5619f5e40d7c9a2ee7741bf4664c0d2d08963992
When calling ./stack.sh twice, octavia devstack plugin fails because
local certificate directory already exists.
This commit deletes the directory each time a certificate creation
script is called and when the user cleans up his devstack's
installation.
Change-Id: I21dfffa9b30274fa0fa9f365a88222b8f4c89e29
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: I7240d59e81529cd787a3975cc834208ec5db3deb
Sem-Ver: feature
