The configuration option tls_cipher_blacklist has been
deprecated and replaced by tls_cipher_prohibit_list.
Change-Id: I6152838c697e12d19b27343e3a0714e55ca52d88
Neutron now needs to have a router attached to the subnet to provide
the router advertisement messages needed for slaac address
configuration.
This patch adds this router to the lb-mgmt-network, allowing
the amphora instances to configure an IPv6 address.
Change-Id: I638c5c8baf1d76365fff2c99ded9c6b310348710
With the removal of Python 2.x we can remove the unittest2 compat
wrappers and switch to assertCountEqual instead of assertItemsEqual
We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: I3e8725eb77ea947e71d85ea406a60ed94c7bf971
The recent patch[1] that adds a neutron subnet lookup using the user
context is not honoring the interface/endpoint_type or region_name
settings for neutron in the octavia configuration file.
This is causing problems for deployments that use the "internal"
endpoint for neutron and the current code will always return
the "public" endpoint.
This patch corrects this problem by including those filter
parameters when the neutron endpoint is looked up in keystone.
[1] https://review.opendev.org/726042
Change-Id: I7b8f7c7d653b37395f9a660be67f954a3a6f26d9
Story: 2007863
Task: 40173
Running amphora failover against the amphora noop driver was raising a
TypeError (reload() takes from 2 to 3 positional arguments but 4 were
given).
Change-Id: I64172d6995959cf377364584ad9a2395f9ec0605
Remove net.ipv4.tcp_tw_recycle because it has been
removed from kernel since 4.12.
Change for tcp_timeout_time_wait/tcp_timeout_fin_wait
to net.netfilter.nf_*.
Change-Id: I0e3cde5aad9e9b6007f975eafb0205e2912b19d3
Signed-off-by: Mikhail Ushanov <gm.mephisto@gmail.com>
This patch refactors the failover flows to improve the performance
and reliability of failovers in Octavia.
Specific improvements are:
* More tasks and flows will retry when other OpenStack services are
failing.
* Failover can now succeed even when all of the amphora are missing
for a given load balancer.
* It will check and repair the load balancer VIP should the VIP
port(s) become corrupted in neutron.
* It will cleanup extra resources that may be associated with a
load balancer in the event of a cloud service failure.
This patch also removes some dead code.
Change-Id: I04cb2f1f10ec566298834f81df0cf8b100ca916c
Story: 2003084
Task: 23166
Story: 2004440
Task: 28108
Recent additions to the Octavia API did not update the Octavia API
CADF audit map. This patch corrects that by adding the new API
paths.
Change-Id: I22107317837e68e54a29f8a4051c464120b29809
There was a bug in the CADF audit map file for the "failover" action.
This patch corrects the audit map file to handle "failover" correctly
and stop keystonemiddleware from raising an exception.
Change-Id: If3954ba34740e26937dba10bdd8061acde758c88
Story: 2007831
Task: 40116
Assertions were using the same expressions on both side: optionals and
lb_listener are both parameters to the API (and the lb_listener dict
contains all optionals items).
Those assertions should compare the parameters to the API results.
Change-Id: I6f372a3f82fdf4f41e661e640e4a983cf484ed6d
We run the octavia scenario test failed when the OpenStack env
enable TLS. So we need add the verify for the session.
Story: 2007662
Task: 39754
Closes-Bug: #1877818
Change-Id: Ie71db27dc383c93496c1dfd69f486a4fd02b597e
In-line with devstack patch [1], switch invocations to find uwsgi in the
path.
[1] https://review.opendev.org/#/c/577779/
Change-Id: I5e6aee49f434820881051874c9ad2628b4fcada7
Change I7ebf4137feb04827490dffc0dac3d6e4c8888075 added 'set -e' in
devstack/plugin.sh, but on devstack cleanup, some commands may fail
because of non-working services (i.e after a reboot).
This commit allows 'openstack keypair delete' to fail on clean up.
Change-Id: Ic782faba3eb907d29b6735ac0a6d6a8a2e104e00
The basic cookbook document implied that pools without a health
monitor would eventually remove a failed member from the pool.
This will not happen as if there is not health monitor, the members
are assumed as ONLINE.
Change-Id: I6c52f163d8ac0456b4faf7d9bf5cc4a19ee6eeb7
This patch changes 'defiend' to 'defined'
in the explanatory notes in octavia/
tests/functional/db/test_repositories.py
Change-Id: Ibb7f0f416a013b98edf72a5803aada71015cfade
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.
Also added and enabled a hacking check that would have caught this.
Change-Id: Idb10f84fd32c50db24f844352cb85de452181439
In https://review.opendev.org/#/c/613709/ octavia was
changed to use octavia-lib for a lot of API driver-related
code and deprecation warnings put in place. Now that
we're in Victoria remove all the deprecation shims and
use octavia-lib exclusively.
Change-Id: If92988150479a7daf465af5f8df22818664a0fce
Zuul