The local.conf example includes setting up Horizon. It should include
setting up the lbaas-dashboard as well.
Change-Id: I44073aea3f1769dc1211967baa629bb6d2f1323d
The failover flow was not plugging the ports back into the
amphora if the failover used an amphora from the spares pool.
This patch adds a task to plug the ports back into the amphora
during failover
Change-Id: Id7f0e60650ca2b35afb2695181897674abb9d8cf
Closes-Bug: #1558934
Devstack allows configuration of the OVS bridge which will be used.
Octavia plugin has the default, br-int hardcoded.
Plugin should use OVS_BRIDGE when the value is set, or default to br-int.
Change-Id: I1a92667790c4e58691c3d946d6cecc6527211b9b
Fixing the keystone token issue due to the different
keystone version env variables
Change-Id: I6a60502f7b8369755f69a231a81032d04cf518ab
Closes-Bug: #1559223
This patch moves the Octavia configuration option documentation
into the Octavia repository. The OpenStack docs team deleted
this documentation from the Mitaka release[1]. The Octavia
team finds value in this documentation so we are moving it into
our repository.
[1] https://review.openstack.org/#/c/259889/
Change-Id: I4fcc2a7dc8fa3ef343456d98202ea7d4f9cd1289
The Octavia devstack plugin does not shutdown the dhclient
instance for the o-hm0 interface it creates. This leads to
many dhclients running on the same interface.
This patch removes the cleanup of haproxy services (octavia doesn't
run haproxy on the devstack host) and replaces it with cleanup of
the dhclient processes for the o-hm0 interface.
Change-Id: If8d73e7771177d9a446a85c5db8511c96ae06a1b
Closes-Bug: #1557242
While updating the admin-state-up of LB, Listener, Pool,
or member the update fails due to the wrong order of the
positional parameters.
This leads to SQL syntax error and eventually
Loadbalancer gets stuck in PENDING_UPDATE provisioning
status.
The haproxy jinja was not taking into account if objects
were enabled or not.
This patch fixes the above issue.
This patch also adds the OpenFixture class from neutron
to enable safer mocks of os.open. This was needed for the
test of this code.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Closes-Bug: #1547123
Closes-Bug: #1549036
Closes-Bug: #1549186
Closes-Bug: #1552098
Change-Id: Id5733cc8e26ec7092b821c2c18c41696d6789265
Single create was accepted on the condition that some unit test coverage was
added afterward. In testing I found a few errors involving the "pop" method,
and included those fixes here.
Closes-Bug: #1551427
Change-Id: If6dc8521ecf3bd194638f163e128fa2015320da8
Added hacking check to ensure not to use xrange. Also,
fixed issues with EoF missing newline [W391].
Change-Id: Iba8d240c042e46cb34eb6ed057534d62efb6f903
Closes-Bug: #1538118
Since single-create utilizes the existing objects already documented, I added an
example for the request and response, and indicated to look for more details
in the appropriate object's section.
Change-Id: Icdf7f21867457e22086f9c44ab657f95617bee1a
Closes-Bug: #1551428
The API WSME Types all inherit a to_dict method that accepts as a parameter
render_unsets. It is currently set to True by default but should be False for
consistency and also because it just makes better sense. This has caused some
unnecessary workarounds and work before it was known this existed.
Closes-Bug: 1555493
Change-Id: Idd21a003c0b1e3092f979013f8c19d75f17d0249
This patch adds unit tests for the data model manipulations which were
added in L7 and the subsequent model update flow fix and session
persistence update fix patches. While writing these unit tests, it
became apparent that we could simplify some of the logic in the L7
Policy data model update method-- so this has been done.
Closes-Bug: #1548944
Change-Id: I0df4e234e3383cf310d6169349844a344633ba1a
It appears the improved L7Policy validation code recently merged broke
some types of L7Policy updates. This patch fixes this regression.
Further, the validations were reworked significantly since I had made an
incorrect assumption about which API parameters would be filled by the
l7policy API controller put method.
Change-Id: Ibd8723400d60e286e2704a8d52ac0baf582f38a3
Closes-Bug: #1555420
Our code for updating a pool in the repository was off: You could
potentially update other pool parameters (ie. not session_persistence)
and it would unexpectedly clear the session_persistence. This patch
corrects this problem and cleans up the code dealing with session
persistence so that it's more understandable what it's doing.
There was also a bug in Neutron-LBaaS' handling of session_persistence
which was making troubleshooting this problem more difficult. This patch
is a prerequisite for the Neutron-LBaaS bugfix.
Beyond this, this patch also cleans up calls to
repository.update_pool_and_sp to not require the sp_dict parameter
(which, it turns out, did not need to be split out of the pool data
structure prior to calling this method anyway).
Closes-Bug: #1547157
Change-Id: Idcf12e463fbaa3a61a211f13986d8472f52036d2
We were using inconsistent type checking for the project_id in various
API endpoints. This could lead to erratic behavior if some API requests
specified the project_id UUID with hyphens and some without hyphens and
normlization occurred.
This patch changes this behavior to use consistent type checking for the
project_id for all API endpoints. Since this bug is a regression that is
less than 2 weeks old, I've also introduced a few unit tests which
should ensure we don't have another regression of the desired behavior
anytime soon.
Change-Id: I4c3ec52c01547196160e977029ecc5ded97c79ed
Closes-Bug: #1555401
Currently Octavia cannot validate against SSL service endpoints,
which would be keystone, neutron, nova and glance in this case.
This patch adds a config option under nova, neutron and glance
sections to read the specified CA certificate files
for validation. It's slightly different in the case of glance,
because glance session method invocations depend on the endpoint
URL whether it starts with HTTP or HTTPS.
Also added is the "insecure" option for these services in case
the cert validation needs to be skipped.
For keystone, we read config params from keystone middleware. Thus,
instead of defining a new config option, we can make use of it's
pre-defined "cafile".
Barbican is not added because we do not yet have a barbican endpoint
override in it's config. This could be added in the future as a
separate patch, if needed.
Lastly, unrelated to the above, fixes the amphora REST api default
bind_port in octavia.conf
Change-Id: Id57672a3dc7c962b8ee07db0cb7a743041082c66
Closes-Bug: #1552987
This patch removes an unused configuration option
"haproxy_cert_dir" that was flagged as a potential security
risk.
Change-Id: I31af43e8265431767544802451d9b5c297d83d28
Closes-Bug: #1548556
This commit fleshes out the unit tests for the recently-added L7Rule and
L7Policy classes. While writing these unit tests, I realized with the
recently-improved l7policy sanitization / validation method that was
merged, the L7Policy update methods were doing work they didn't need to
be doing anymore. I have cleaned up the redundant code.
Closes-Bug: #1548905
Change-Id: I19a7fb6896bfec23b46594f694afb05393d95f93
Note: The only lines not tested in this have to do with the _lookup
method for manipulating L7 rules. Hence the reason the unit test here
ended up in the l7rule.py test file.
Closes-Bug: #1549003
Change-Id: I0c7325a7a974be51d4c57c3d430cad959a09250e
The L7Policy API type checker presently lists the redirect_pool_id
parameter as StringType(). While this is not incorrect, it is more
correct to call it a UuitType().
In addition to the above change, I removed unnecessary string length
checking on string response parameters.
No tests needed updating, as we already have good test coverage of the
validations we do on the redirect_pool_id in the L7Policy API.
Change-Id: I2bf70b51c6bc0949165f8af31c7d47c3407df08b
Closes-Bug: 1549013
For reasons of pure practicality, it is not a good idea to allow tenants
to create arbitrarily long lists of l7rules on their l7policies. After a
brief discussion we decided that 50 rules is good limit, especially
given that we expect most practical uses of L7 functionality to entail 1
to 4 rules per policy at most.
This commit also fixes a minor bug I noticed in the L7 rule API tests,
and cleans up the L7Rule API rule response specification.
Change-Id: I28b8161e85b9e86d4c44be3d48cbf94a3ce631f3
Closes-Bug: 1549100
