Our vagrant file makes use of ssh-keygen -R to remove any old key
related to an IP address from known_hosts.
But ssh-keygen fails and makes the local.sh exit with failure
(error 2) if the ~/.ssh/known_hosts file does not exist.
Change-Id: I404e79ca644c6c15f51a0f3db6695cc5a895b238
Vagrant rsyncs or mounts by default the directory containing the Vagrantfile
under /vagrant inside the instance.
With this change, it's possible to modify local scripts and redeploy,
eliminating the build dependency on the remote git server.
Change-Id: Ibb016a8c433644c18c033c66bd3a3cc9571af9f4
Implements support for custom header insertion in Octavia.
A listener may be configured to insert custom headers which are
supported by Octavia. Currently implemented support for
X-Forwarded-For header, and X-Forwarded-Port
Change-Id: I784f4939225c3acef362fcb5df57e77dbfb0f774
They are modules, should be imported rather than running in shell,
hence not require for executable privilege.
Change-Id: I869d73411ec8e308a80d780e10e77dcc48097d42
This makes the creation of resources in the sample Vagrant
configuration less dependent on the host resources or hypervisor
execution time.
Before this, the local.sh was randomnly failing at any of it's steps
in my environment.
Change-Id: Ie3795a1f9244b46f5b6469107ad1d03f087a64ed
Currently the keystone auth uri will be set like:
auth_uri = http://127.0.0.1:35357/v3/v2.0
Obviously this is incorrect. Attempting to fix this somewhat sanely.
Change-Id: If443d9625cb9155a378a674aff07ba663b508446
Closes-Bug: #1582879
Make the octavia.api.app module work with web servers running on WSGI.
Take uwsgi for an example:
uwsgi --socket /tmp/octavia.sock \
--pythonpath /home/devstack/octavia/octavia/api \
--module "app:setup_app()" \
--pidfile /tmp/octavia.pid --vacuum \
--daemonize /var/log/octavia/octavia.log
Change-Id: I3282da1191965e8d83c8bf74ef1a1285673a6987
This is a fix for the bug listed below. Adding the amphora id
to the table allows multiple amphora to send statistics via
the heartbeat without each heartbeat overwriting other
heartbeats for the same listener / different amphora.
Change-Id: I9f50a5de2c1b0665e62d45fcc5815f2b4093b2df
Closes-Bug: 1573607
The new taskflow exposed areas we forgot to update
the revert method with the correct object data.
Taskflow now validates the revert data which exposed
those inconsistencies in the project
Change-Id: I319d59b345aab07784ae4dba19e0ffb7fbba0b04
Closes-Bug: #1581615
When adding member to shared pool of load balancer(in spite of this
load balancer has listeners or not), it should plug the member port
into the amphorae if it isn't already plugged.
Change-Id: Ibe4c05fcb8a416caf931e55ab2233220b80613cb
Closes-Bug: #1572342
Bug in devstack plugin caused network option to be corrupted
causing failures during amphora build.
Change-Id: I9585f22e3bb3a53ae70a5ddb8b76a3a930b10b73
Closes-Bug: #1574784
In the current Octavia there is the possibility of an address
space conflict between the Octavia load balancer management
network and a tenant network.
This patch puts the haproxy processes inside the amphora into
a network namespace to provide isolation from the load balancer
management network.
A new file /var/lib/octavia/plugged_interfaces is created and
interfaces are writted to it on every plugVIP or plugNetwork call.
Interfaces in this file are created under the network namespace.
Change-Id: I75472885fe45226a5315867369eaef9b001a112b
Co-Authored-By: Bharath M <bharath.stacker@gmail.com>
Closes-Bug: #1458920
Currently the amp_network is a stringOpt and in code it
translates that to a list for processing. It may
be required to deploy with multiple networks,
a listOpt for amp_network option allows this.
Change-Id: I4364c1d03d4c7b560f0d8030b7d66412583a31ae
During failover process, the new amphorae db info will be populated by
the old one, including 'role' and 'vrrp_priority', which both will be
updated again after plug_network. What's more, 'role' will be an
appropriate flag for failover monitoring tool to decide whether or not
the failover process is almost finished.
Change-Id: I9602b92b36ef265f8ae7c9171170cd86353b2944
Because the intermediate certificates are misplaced(they are not expected
to be at the top of the pem file), there is issue in haproxy config file
generation and hence the listener creation fails. This patch fixes the
ordering issue.
Change-Id: I1e7c3c1579d410ded77962e03b1ac8778b0e5d72
Closes-Bug: 1567031
Replace those unit tests using mock_open with builtins namespace with OpenFixture
Change-Id: Ie635928a6512c2fa647d4ed965fee5976d5e30d2
Closes-Bug: #1522981
Write files using a safer open for writing operations[1].
Modifided the file permission from 666 to 644 in base.j2 to make sure
consistenacy between docs and real file permission.
Edited unit tests based on the new method.
[1] https://security.openstack.org/guidelines/
dg_apply-restrictive-file-permissions.html
Closes-Bug: #1548552
Change-Id: If3f315005fcd22afc2f24da527da08175e230bb1
Remove anchor's default value for username and password
for the sake of a security perspective.
Closes-Bug: #1548555
Change-Id: I14f1b84f5161308fc23ef3776a796636ba61154d
A previous patch [1] mistakenly added a port detach call to the failover
flow. It didn't cause failures due to a type-o in the arguments to the
call, so it would passively fail with a log entry. However, if someone
fixed this it would cause failover to fail due to the port getting
deleted during the detach.
This patch removes that code.
[1] https://review.openstack.org/#/c/295475/
Change-Id: I1eb1ad551636d5cd9253690a59e0e88ca1d238b5
1. Fixes the mismatch between the tls_container_id lengths in neutron.lbaas_sni
and octavia.sni tables.
2. Fixes the syntax error in cert_parser.py field. (tls_container.id => tls_container_id)
3. Removes the certs['sni_certs'] parameter from the rest_api_driver.py as it gets wrongly
assigned to socket_path parameter in the jinja_cfg.py file.
4. Modifies the sample_configs to make the unit tests work with the above changes.
Change-Id: I8fe5854ef2dc508e37a368294c44eef63b5bccba
Closes-Bug: #1520990
