Commit Graph

3271 Commits (8ae82a47e1928f99dd32f08785f876b3d1d9c3cb)

Author SHA1 Message Date
Zuul 8ae82a47e1 Merge "Stop to use the __future__ module." 2020-07-10 13:41:37 +00:00
Zuul 0317855d9d Merge "Add a router to the lb-mgmt-net for slaac" 2020-07-09 10:36:32 +00:00
Brian Haley 7890f0d999 Remove blacklist terminology in the Octavia tree
The configuration option tls_cipher_blacklist has been
deprecated and replaced by tls_cipher_prohibit_list.

Change-Id: I6152838c697e12d19b27343e3a0714e55ca52d88
2020-07-08 15:19:52 -04:00
Zuul bf196db6bc Merge "Remove translation sections from setup.cfg" 2020-07-08 10:22:14 +00:00
Michael Johnson 77f5c3893c Add a router to the lb-mgmt-net for slaac
Neutron now needs to have a router attached to the subnet to provide
the router advertisement messages needed for slaac address
This patch adds this router to the lb-mgmt-network, allowing
the amphora instances to configure an IPv6 address.

Change-Id: I638c5c8baf1d76365fff2c99ded9c6b310348710
2020-07-07 09:16:21 -07:00
melissaml 103653503c Switch from unittest2 compat methods to Python 3.x methods
With the removal of Python 2.x we can remove the unittest2 compat
wrappers and switch to assertCountEqual instead of assertItemsEqual

We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.

[1] -
[2] -
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277

Change-Id: I3e8725eb77ea947e71d85ea406a60ed94c7bf971
2020-07-07 09:52:52 +08:00
Zuul f68e3aba49 Merge "Remove amp_ssH_access_allowed option" 2020-06-30 20:23:35 +00:00
Zuul b8a351092f Merge "Remove amp_image_id option" 2020-06-30 17:54:32 +00:00
Brian Haley f6a66d86d4 Remove deprecated status_update_threads option
It was marked for removal in the Stein cycle.

Change-Id: Ib82014f92eecbcfd96a4219f2de307e5631486cb
2020-06-29 21:51:01 -04:00
Zuul ec2f89830d Merge "Fix UDP pool transform in LVS driver" 2020-06-30 01:17:20 +00:00
Zuul a1b5b81cc5 Merge "Add warning when running simple_server" 2020-06-30 00:17:43 +00:00
Zuul 179f00e839 Merge "Add minimum TLS version option in octavia.conf" 2020-06-29 22:47:36 +00:00
Zuul f399bd83c2 Merge "Fix error on devstack cleanup" 2020-06-26 21:38:42 +00:00
Michael Johnson 40731e572f Fix neutron subnet lookup ignoring endpoint_type
The recent patch[1] that adds a neutron subnet lookup using the user
context is not honoring the interface/endpoint_type or region_name
settings for neutron in the octavia configuration file.
This is causing problems for deployments that use the "internal"
endpoint for neutron and the current code will always return
the "public" endpoint.
This patch corrects this problem by including those filter
parameters when the neutron endpoint is looked up in keystone.


Change-Id: I7b8f7c7d653b37395f9a660be67f954a3a6f26d9
Story: 2007863
Task: 40173
2020-06-25 17:10:38 +00:00
Carlos Goncalves 41c628a084 Fix missing params in amphora base and noop driver
Running amphora failover against the amphora noop driver was raising a
TypeError (reload() takes from 2 to 3 positional arguments but 4 were

Change-Id: I64172d6995959cf377364584ad9a2395f9ec0605
2020-06-24 12:05:05 +02:00
Carlos Goncalves cd52cce7f7 Remove amp_ssH_access_allowed option
This option entered deprecation in Queens and is used no where nowadays.

Change-Id: I3734a9083fa83174c530b65128baee2fe0e593d7
2020-06-24 10:16:20 +02:00
Carlos Goncalves 33d28b07c2 Remove amp_image_id option
This option entered deprecation in Mitaka and is long due to be removed.

Change-Id: Ide048da1c87a4e9bc6574b39e2cf6b96b4dfaf95
2020-06-23 19:54:20 +02:00
Carlos Goncalves 89123c0fc1 Add missing reload method in amphora noop driver
The reload method was also missing in the abstract class.

Task: 40140
Story: 2007847

Change-Id: I2328b3dc4d5b95c8771a305d3d4bb1dee6019117
2020-06-23 10:58:22 +02:00
Zuul e475734b2a Merge "Clarify health monitor behavior" 2020-06-23 08:06:09 +00:00
Zuul e92c72b970 Merge "Cap jsonschema 3.2.0 as the minimal version" 2020-06-22 09:05:35 +00:00
Zuul dcb18c22fe Merge "fix(elements): fix nf_conntrack sysctl param names" 2020-06-22 07:02:55 +00:00
Zuul d8aceef0d5 Merge "Update the API audit map" 2020-06-21 16:23:51 +00:00
Zuul 3e765636c5 Merge "Fix API audit CADF audit map for failover action" 2020-06-21 16:22:44 +00:00
Zuul 265e4cbd98 Merge "Prioritize policy validation" 2020-06-21 16:22:42 +00:00
Mikhail Ushanov 3ef4a75a17 fix(elements): fix nf_conntrack sysctl param names
Remove net.ipv4.tcp_tw_recycle because it has been
removed from kernel since 4.12.
Change for tcp_timeout_time_wait/tcp_timeout_fin_wait
to net.netfilter.nf_*.

Change-Id: I0e3cde5aad9e9b6007f975eafb0205e2912b19d3
Signed-off-by: Mikhail Ushanov <>
2020-06-21 12:00:51 +00:00
Zuul 77786595e5 Merge "Refactor the failover flows" 2020-06-19 21:58:32 +00:00
Michael Johnson 8394633635 Prioritize policy validation
This patch makes sure that we validate RBAC compliance before
other validation tasks.

Change-Id: I670087163b265e7098af35063572d6aa9d068bb9
2020-06-19 14:18:40 -07:00
Zuul 4a78b453d9 Merge "diskimage-create compatible with ShellCheck." 2020-06-19 21:12:46 +00:00
Thobias Salazar Trevisan d8d722b54d diskimage-create compatible with ShellCheck.
Update diskimage-create script to pass in
ShellCheck ( tool.

Change-Id: Ia0dddac00155e11098fcbd3e95bcae12f2fc63d4
2020-06-19 10:22:07 -03:00
Michael Johnson 955bb88406 Refactor the failover flows
This patch refactors the failover flows to improve the performance
and reliability of failovers in Octavia.

Specific improvements are:
* More tasks and flows will retry when other OpenStack services are
* Failover can now succeed even when all of the amphora are missing
  for a given load balancer.
* It will check and repair the load balancer VIP should the VIP
  port(s) become corrupted in neutron.
* It will cleanup extra resources that may be associated with a
  load balancer in the event of a cloud service failure.

This patch also removes some dead code.

Change-Id: I04cb2f1f10ec566298834f81df0cf8b100ca916c
Story: 2003084
Task: 23166
Story: 2004440
Task: 28108
2020-06-18 16:25:21 -07:00
Michael Johnson e77355714b Update the API audit map
Recent additions to the Octavia API did not update the Octavia API
CADF audit map. This patch corrects that by adding the new API

Change-Id: I22107317837e68e54a29f8a4051c464120b29809
2020-06-18 21:43:34 +00:00
Michael Johnson 18887f5f60 Fix API audit CADF audit map for failover action
There was a bug in the CADF audit map file for the "failover" action.

This patch corrects the audit map file to handle "failover" correctly
and stop keystonemiddleware from raising an exception.

Change-Id: If3954ba34740e26937dba10bdd8061acde758c88
Story: 2007831
Task: 40116
2020-06-18 10:03:59 -07:00
Gregory Thiemonge 3ee9bc0d65 Fix listener API's test_create* assertions
Assertions were using the same expressions on both side: optionals and
lb_listener are both parameters to the API (and the lb_listener dict
contains all optionals items).
Those assertions should compare the parameters to the API results.

Change-Id: I6f372a3f82fdf4f41e661e640e4a983cf484ed6d
2020-06-18 14:17:33 +02:00
ramboman f26ab8b97b add the verify for the session
We run the octavia scenario test failed when the OpenStack env
enable TLS. So we need add the verify for the session.

Story: 2007662
Task:  39754
Closes-Bug: #1877818
Change-Id: Ie71db27dc383c93496c1dfd69f486a4fd02b597e
2020-06-17 09:05:24 +00:00
Carlos Goncalves e5951ced5f Use uwsgi binary from path
In-line with devstack patch [1], switch invocations to find uwsgi in the


Change-Id: I5e6aee49f434820881051874c9ad2628b4fcada7
2020-06-17 10:59:29 +02:00
Zuul 24acbe099b Merge "Improve terminology in an old spec file" 2020-06-16 03:37:01 +00:00
Gregory Thiemonge c176cf60d4 Fix error on devstack cleanup
Change I7ebf4137feb04827490dffc0dac3d6e4c8888075 added 'set -e' in
devstack/, but on devstack cleanup, some commands may fail
because of non-working services (i.e after a reboot).
This commit allows 'openstack keypair delete' to fail on clean up.

Change-Id: Ic782faba3eb907d29b6735ac0a6d6a8a2e104e00
2020-06-15 08:44:32 +02:00
Hervé Beraud 8119b21452 Cap jsonschema 3.2.0 as the minimal version
Previous versions of jsonschema (<3.2.0) doesn't support python 3.8 [1].
Python 3.8 is part of the victoria supported runtimes [2] so we now force
to use jsonschema version 3.2.0 to avoid issues, remove ambiguity and ensure
that everything works with python 3 in general.


Change-Id: I2816360b59f82c996038929ed6e90b744feb3f75
2020-06-12 19:23:10 +02:00
Zuul 6418ae00c9 Merge "Fix netcat option in for CentOS/RHEL" 2020-06-11 23:24:53 +00:00
Zuul 0a697a352c Merge "Switch oslo.policy over to yaml" 2020-06-11 22:11:11 +00:00
Zuul 18918267e3 Merge "Fix batch member create for v1 amphora driver" 2020-06-11 22:06:04 +00:00
Zuul 647fae2822 Merge "Fix some typos in the explanatory notes" 2020-06-11 22:02:49 +00:00
Zuul b6e0221ca8 Merge "Remove all deprecated driver code that moved to octavia-lib" 2020-06-11 22:02:48 +00:00
Michael Johnson 66a67ba5af Clarify health monitor behavior
The basic cookbook document implied that pools without a health
monitor would eventually remove a failed member from the pool.
This will not happen as if there is not health monitor, the members
are assumed as ONLINE.

Change-Id: I6c52f163d8ac0456b4faf7d9bf5cc4a19ee6eeb7
2020-06-11 09:10:20 -07:00
Michael Johnson 958c3a18bd Improve terminology in an old spec file
Change-Id: I20bd0070c7eb24e981becbd24e8a98ca5eaff929
2020-06-11 07:37:51 -07:00
zhaoleilc 76616f35e7 Fix some typos in the explanatory notes
This patch changes 'defiend' to 'defined'
in the explanatory notes in octavia/

Change-Id: Ibb7f0f416a013b98edf72a5803aada71015cfade
2020-06-11 14:53:39 +08:00
Zuul aee9cd6fe4 Merge "Use unittest.mock instead of mock" 2020-06-11 03:16:30 +00:00
Hervé Beraud 6cce3a72ae Use unittest.mock instead of mock
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.

Also added and enabled a hacking check that would have caught this.

Change-Id: Idb10f84fd32c50db24f844352cb85de452181439
2020-06-09 11:25:00 -04:00
Zuul be2acaeb36 Merge "Fix test_barbican_legacy for Python 3.8" 2020-06-09 12:18:23 +00:00
Brian Haley de69b2c7ff Remove all deprecated driver code that moved to octavia-lib
In octavia was
changed to use octavia-lib for a lot of API driver-related
code and deprecation warnings put in place. Now that
we're in Victoria remove all the deprecation shims and
use octavia-lib exclusively.

Change-Id: If92988150479a7daf465af5f8df22818664a0fce
2020-06-08 14:41:00 -04:00