Commit Graph

22 Commits (8ae82a47e1928f99dd32f08785f876b3d1d9c3cb)

Author SHA1 Message Date
Dawson Coleman 9a6da86481 Add TLS version configuration for pools
Add field tls_versions to pools for restricing TLS versions used.
This is a colon-separated string of versions to be used.
Available values (as defined in octavia-lib):
SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

Add default_pool_tls_versions in octavia.conf

Note: TLSv1.3 connections will use haproxy's default ciphers
instead of the listener's tls_ciphers field

Change-Id: I480b7fb9756d98ba9dbcdfd1d4b193ce6868e291
Story: 2006733
Task: 37173
Depends-On: Ic33d9b9a256490ae1b048cdfd2475d6340509fdb
3 years ago
Dawson Coleman d47f164a60 Add ability to specify TLS cipher list for pools
Pools can now be each be assigned an OpenSSL cipher string with the
field tls_ciphers.  A new configuration option, default_pool_ciphers,
specifies what cipher string to use for new tls-enabled pools
if one is not explicitly specified at time of creation.

Change-Id: Iedb7774bfb8d70ea307d6a513248e1fe2389fa34
Depends-On: I77da6f14063877af0077f2c12df1aab5d5ead187
Story: 2006627
Task: 37172
3 years ago
ZhaoBo e0e9af3b51 Add boolean tls_enabled option into Pool
Add "tls_enabled" option in Pool API.
This option will work on cert cases or no cert cases.

Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <>
Change-Id: I62e31aaa66748ba652dfd5dbfd5a8b06d9ba0dfe
4 years ago
ZhaoBo 7aa115a553 Add 2 new fields into Pool API for support re-encryption
Add tls_ca_container_id and crl_container_id into Pool API.

Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <>
Change-Id: I6cd6e2ca8e48a5df707a70d22505dec9d752c7eb
4 years ago
ZhaoBo aa7ac7ab73 Pool support sni cert for backend re-encryption
Add 1 fields like Listener does, which is 'tls_container_ref', this
field is introduced into Pool for storage the pool client certificate to
the backend servers, when the traffic willing to bring a cert to the
servers and check for tls connection.

Story: 2003859
Task: 26685
Change-Id: I29b7c7116e6087c942179ed9efdead494ef277a3
4 years ago
wangxiyuan d62189366c Tags support for lb resources
Add tags support for all lb related resources. It includes:
load balancer, listener, member, pool, L7rule, L7policy
and health-monitor

Change-Id: Ib33a002b3b59820db29897454e9d4303c73310b2
Story: 2003890
Task: 26757
5 years ago
ZhaoBo 4c6846a568 UDP for [3][5][6]
Add new types into db table.
Extending the existing API, including Listener, Pool, HealthMonitor for
UDP fields support.

For healthmonitor part, need to wait for other patch to fix the default

Patch List:

[1] Finish keepalived LVS jinja template for UDP support
[2] Extend the ability of amp agent for upload/refresh the keepalived
[3] Extend the db model and db table with necessary fields for met the new
udp backend
[4] Add logic/workflow elements process in UDP cases
[5] Extend the existing API to access udp parameters in Listener API
[6] Extend the existing pool API to access the new option in
session_persistence fields

Story: 1657091
Task: 5484
Change-Id: If728705f142f4195fe624bd9ef17413722d54fe3
5 years ago
Carlos Goncalves fd20d06896 Fix fields translation on filtering
Filtering load balancers by VIP data would raise an internal server
error (500 HTTP) in octavia-api. This patch fixes that as well as pool
filtering by healthmonitor_id.

The patch also adds vip.qos_policy_id to the load balancer filtering

Story: 2001944
Task: 15061

Change-Id: Iaa4877f71e98689b7e92b3e2abb9d7da2c5ca521
5 years ago
Adam Harwell 555c057e88 Pool PUT should validate name/description length
Change-Id: I75aba494f08153bb1da94338edb9916713c5bc58
Backport-Candidate: Queens Pike
5 years ago
Michael Johnson dda45f0cb8 Add pool session persistence validation
This patch adds validation to the pool session persistence options.
It validates the cookie_name specified and whether that option is valid
for the session persistence type specified.

Change-Id: I2f35a1a267bf2fc35bbb93a7f5390213ca20d1a8
Story: 2001818
Task: 12555
5 years ago
Jude Cross f5ea8ac085 Add statistics to V2 API
This patch implements stats to the Octavia API.

It also corrects the path for load balancer status.

Change-Id: I9405857ab4f62664daca13562cc07ee8e1a519c7
Co-Authored-By: Michael Johnson <>
6 years ago
Jude Cross ee08aaff56 Add status tree to V2 API
This patch implements status tree to the Octavia API.

Change-Id: I92a5bb7d1814c79e7d03c75916b5324f1497f2e4
Co-Authored-By: German Eichberger <>
Co-Authored-By: Michael Johnson <>
6 years ago
Jude Cross 487750a877 Add filtering and field selection to API
This patch implements API filtering based off of
query parameters passed to the Octavia API. Additonally
this patch implements field selection for the Octavia

Change-Id: I9fe26abe37f464d9c028b8c476485007143d3b5c
6 years ago
Adam Harwell 6fa379c21b Fix pool response to fill healthmonitor_id properly
This means both renaming the field to healthmonitor_id and also adding
the code to fill it.
Also rename health_monitor objects to healthmonitor for consistency.

Change-Id: I4c3deb9ad20f5089168030f27fc0929155379585
Closes-Bug: #1693044
6 years ago
Carlos D. Garza 9bfa58af9f Implement sorting and pagination for octavia
Use glance sorting and pagination from inside the SQLAlchemy query
to handle the sorting and pagination for octavia.

Change-Id: I5489c5c89691b8871e32caf3f85ab1978bc3618c
Co-Authored-By: Adam Harwell <>
Co-Authored-By: Lubosz "diltram" Kosnik <>
Closes-Bug: #1596628
Closes-Bug: #1596625
6 years ago
Adam Harwell fb0da76c27 Add support for single-create for APIv2
Still need to fix the entry-points for each individual type, but that
wasn't even in the original spec. Not sure if we even want that.

I think this may not do things EXACTLY how the old one did it, we'll
need to look into whether it matters, as we never published docs for it
and I don't think it ever actually worked properly in neutron-lbaas.

Also closing a few bugs that are only peripherally related, because we
(possibly me) forgot to tag them on the individual CRs, but I'm
considering them closed as of this patch. See below for my reasoning on
each individual bug, and feel free to post counter-arguments.

For #1673546 (single-call create): This is the obvious one!
For #1673499 (lb return pool object): Rolled into this patch as a matter
of course, abandoned the original fix as it is no longer relevant.
For #1544214 (root tags): All existing resources now have root tags. Any
new ones will also need root tags, but I would consider this bug closed.
For #1596636 (tenant facing API): Every object is now creatable via the
v2 API, so I would consider this to be complete. Quotas and some
additional work is being finished, but it's not necessary for this IMO.
For #1665446 (hm id): This was resolved in the HM patch, I just forgot
to close it, and including it here will ensure it is release-tracked.
For #1685789 (listener quota): Just shoving it in here as I do the
single-create quotas.
For #1685827 (hm quota): Same as listener quota.

Closes-Bug: #1673546
Closes-Bug: #1673499
Closes-Bug: #1544214
Closes-Bug: #1596636
Closes-Bug: #1665446
Closes-Bug: #1685789
Closes-Bug: #1685827

Depends-On: I3d86482a2999197a60a81d42afc5ef7a6e71e313

Change-Id: I4ff03593e1cfd8dca00a13c0550d6cf95b93d746
6 years ago
Adam Harwell ed8867692f Purge more tenant_id references that I missed
Change-Id: I3adfeec5d4512bba9e7a640653346addb5eb3d19
6 years ago
Adam Harwell 7f6c1b5016 project_id should remain in the response for v2 objects
Also, finally completely remove tenant_id!

Change-Id: I435ace4d2bffdf323238b57499eba39e03de90f3
6 years ago
cheng 76d88d2b94 Fix set cookie_name to None if not in PUT content
Closes-Bug: #1676671

Change-Id: I8139593266e9679a4f32c2a8a1aa61efede943f5
Signed-off-by: cheng <>
6 years ago
Sindhu Devale cdf0e53acf Fix import in v2 pool types
Closes-Bug: #1680148
Co-Authored-By: Adam Harwell <>
Change-Id: I7e166244f3f136b1c25972dc985d58aba7ba8fc4
6 years ago
Sindhu Devale c9daa3ff6e Align Octavia API to n-lbaasv2 for L7Policy
GET all - /v2.0/lbaas/l7policies/<l7policy-id>
GET one - /v2.0/lbaas/l7policies/<l7policy-id>
POST - /v2.0/lbaas/l7policies {<body>}
PUT - /v2.0/lbaas/l7policies/<l7policy-id> {<body>}
DELETE - /v2.0/lbaas/l7policies/<l7policy-id>

Co-Authored-By: Nakul Dahiwade <>
Co-Authored-By: Adam Harwell <>

Partially-Implements: #1616655

Change-Id: I91baf79df16d4a1eefd151ed87ec871b57ac6ef8
6 years ago
Sindhu Devale 1a935b9118 Introduce Octavia v2 API for pools
Make API path for pools independent of Loadbalancers and

- /v2.0/lbaas/pools/
- /v2.0/pools/

GET all - /pools/
GET one - /pools/<pool-id>
POST - /pools/ {<body>}
PUT - /pools/<pool-id> {<body>}
DELETE - /pools/<pool-id>

Co-Authored-By: Shashank Kumar Shankar <>
Co-Authored-By: Adam Harwell <>

Partially-Implements: #1616641

Change-Id: I7679cc7b3f559db774a9d036580177cf1aa7e693
6 years ago