55 Commits

Author SHA1 Message Date
Michael Johnson
b9d357ac76 Fix 'additive_only' parameter api-ref
The 'additive_only' patch was missing the "min_version" parameter
in the api-ref. This patch fixes that so users will know which API
version supports this parameter.

Change-Id: I05439ea1dd01c35bedcfc3eaa5d17ed8dd2ca348
2019-09-18 05:50:00 +00:00
Maciej Józefczyk
2eac7a7862 Add new algorithm SOURCE_IP_PORT
LB_ALGORITHM_SOURCE_IP_PORT is an algorithm used by OVN
Load Balancer [0]. This patch adds its support to the API.

[0] https://review.opendev.org/#/c/660369
Depends-On: I605f44f0f50219aa003df477de9bae4062f3c308

Change-Id: I436a6e553065d1755d465d20ad36f7ba2cbb8eba
Task: 35952
Story: 2006264
2019-09-13 15:19:15 +00:00
Carlos Goncalves
f3b48bc2f7 Add VIP access control list
This patch extends the listener API to include the new parameter
'allowed_cidrs'. This parameter is a list of IPv4 or IPv6 CIDRs. Leaving
this list unset defaults to the traditional behavior of allowing all
ingress traffic to the listener. Setting it will deny all traffic but
all CIDRs set in the 'allowed_cidrs' list.

Note that the API will validate that all CIDRs match the same IP version
of the VIP. This may change later as part of work to allow multiple VIPs
per LB (Change-Id Id7153dbf33b9616d7af685fcf13ad9a79793c06b).

Task: 26210
Story: 2003686

Change-Id: Id2b560df1cde9ce9403afbd593bbaa6cae5f06d6
2019-09-13 10:09:25 +02:00
Adam Harwell
4b907b0627 Add additive_only parameter to Batch Member call
If `additive_only` is set, don't do a complete delta -- skip delete and
only update and create members (making the call additive rather than a
full replacement). This will allow for adding members in batches without
wiping out existing members.

Change-Id: I5e47d64243667cfaa10430e12229099b508de40e
2019-09-10 22:22:13 +00:00
Colin Gibbons
3b5a19c386 Standardizes terminology in Listener documentation
This addresses the potentially confusing use of two terms
(TERMINATED_TLS and TERMINATED_HTTPS) used to describe the same
behavior by standardizing on the term TERMINATED_HTTPS in the
parameters of the documentation.

Change-Id: I3f444ba8e68ba8fc692ba41eec1ad4672ba5a16b
Story: 2006405
Task: 36289
2019-08-15 14:03:38 -07:00
Michael Johnson
7d1bdc31bb Fix missing REDIRECT_PREFIX in the api-ref
The Octavia API reference was missing the option of "REDIRECT_PREFIX"
as one of the L7 policy actions. This patch corrects that.

Change-Id: I5fa14354fb88b325380834e0deec09bfb813b409
2019-04-15 16:03:42 -07:00
ZhaoBo
44833d5d5e Support Host header inject for healthmonitor HTTP 1.1 health check
This patch adds 2 new options for healthmonitor HTTP health check.
'http_version' is for user to specify the HTTP version, 1.0 and 1.1 are
available.
'domain_name' is for user to specify the HTTP host header inject to check
the HTTP backend health.
'domain_name' only available when HTTP version is 1.1

Story: 2002160
Task: 20010
Change-Id: Id3bf3962a02fbf77cf886c40ac64588cbacd3832
2019-03-06 01:24:31 +00:00
ZhaoBo
25fb7e4c32 Support L7policy redirect http code
Currently, L7Policy already support the redirection by url_prefix.
Then we can support the redirection with HTTP code.

This patch adds an new option 'redirect_http_code' to L7Policy API.

Story: 2003609
Task: 24941
Change-Id: Id0c9c376ffbc2fb10ddb988537d0ef1a8205e586
2019-03-04 15:04:53 -08:00
ZhaoBo
e0e9af3b51 Add boolean tls_enabled option into Pool
Add "tls_enabled" option in Pool API.
This option will work on cert cases or no cert cases.

Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I62e31aaa66748ba652dfd5dbfd5a8b06d9ba0dfe
2019-03-01 00:20:38 +00:00
ZhaoBo
7aa115a553 Add 2 new fields into Pool API for support re-encryption
Add tls_ca_container_id and crl_container_id into Pool API.

Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I6cd6e2ca8e48a5df707a70d22505dec9d752c7eb
2019-02-28 16:20:09 -08:00
ZhaoBo
aa7ac7ab73 Pool support sni cert for backend re-encryption
Add 1 fields like Listener does, which is 'tls_container_ref', this
field is introduced into Pool for storage the pool client certificate to
the backend servers, when the traffic willing to bring a cert to the
servers and check for tls connection.

Story: 2003859
Task: 26685
Change-Id: I29b7c7116e6087c942179ed9efdead494ef277a3
2019-02-28 11:36:48 -08:00
ZhaoBo
f77d7d0220 L7rule support client certificate cases
This patch add 4 new types for SSL connection ACL configuration.
Which are:
L7RULE_TYPE_SSL_CONN_HAS_CERT
L7RULE_TYPE_VERIFY_RESULT
L7RULE_TYPE_DN_FIELD

The first type can just accept the compare type "EQUAL_TO" and value
"True" string.
The second can just accept the int value string to check the certificate
verify result, also just support "EQUAL_TO" compare type.
The third can accept key, the distinguished name field and a match string,
this one supports all kind compare types.

Story: 2002165
Task: 20025
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I71b57d0f32d4839a770396645d2b9945d24f2853
2019-02-24 23:31:09 +00:00
ZhaoBo
20509e2337 Add crl-file option for certification
Add crl-file in Listener side.

Story: 2002165
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I9e2ec06719fbbfd19482c2b8d39220e7e4ed81e3
2019-02-24 15:29:59 -08:00
ZhaoBo
7a8eb3ce22 Add an option to the Octavia V2 listener API for client cert
Listener API for client cerificate authentication with "None,
Optional, Mandatory" options

Story: 2002165
Task: 20019
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: Ia753659981d99b315504f166c09afb8f5b14f195
2019-02-24 01:52:20 +00:00
ZhaoBo
0cc546a7c7 Add client_ca_tls_container_ref to listener API
This patch add 'client_ca_tls_container_ref' into listener API for front
client authentication.

Story: 2002165
Task: 20018
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I8a96d6fdfe53a16d1abcfd09bc6afedd6c490de2
2019-02-24 01:51:35 +00:00
Michael Johnson
1afeeb95d3 Add provider driver capabilities API
This patch adds an API that allows operators to query a provider driver
for the list of supported flavor capabilities.

Change-Id: Ia3d62acdc3b1af2e666f58d32a06d2238706dee6
2019-01-25 12:38:03 -08:00
Michael Johnson
15282ff9d6 Add flavors/flavor_profile api-ref
This patch adds the api-ref updates for the new flavors and flavor profile
API.

Change-Id: I11ab9af188731a1eaf1f402c4d55a944dc85ea88
2019-01-25 12:30:24 -08:00
Michael Johnson
fb0bbb9826 Update api-ref for tag filtering
This patch also updates the API version to 2.5 to represent the tags
support.

Change-Id: Ia57724c231c10efad9cee46be4969fa276fff8b1
Co-Authored-By: Lingxian Kong <anlin.kong@gmail.com>
2019-01-22 00:55:19 +00:00
Michael Johnson
66298f9a48 Add amphora statistics to the admin API
This patch adds an admin API for getting per-amphora statistics.

Change-Id: Ib57b2136dbb41067d6b8949ee42f946f109616e7
2018-12-20 22:28:51 -08:00
Yang JianFeng
ae8d6fb2de Add compute_flavor field for amphora api
Operators want to have the ability to see amphora flavor information.
But they haven't access permisson of octavia configuration file. So
it is necessary to show amphora flavor information as part of command
'openstack loadbalancer amphora list/show'.

Story: 2002896
Task: 22986

Change-Id: Ib3ca05d816747d08ef7055ec532b81746468cbf9
2018-12-18 19:48:56 +08:00
wangxiyuan
d62189366c Tags support for lb resources
Add tags support for all lb related resources. It includes:
load balancer, listener, member, pool, L7rule, L7policy
and health-monitor

Change-Id: Ib33a002b3b59820db29897454e9d4303c73310b2
Story: 2003890
Task: 26757
2018-12-17 07:58:04 +00:00
Zuul
8e373c8053 Merge "Remove deprecated parameters" 2018-10-19 20:59:02 +00:00
Zuul
ed301d7fa2 Merge "Add API versioning to the api-ref" 2018-10-14 13:43:59 +00:00
Jacky Hu
6d21b33cdc Remove deprecated parameters
This is a follow up of I70e5cb07a4435f58f5da3999be70162efa7f0bd8, which
eliminated the usage of the parameters removed here.

Change-Id: I9c52aa6ef73482e2f2d83a6b228407790e18ca74
2018-10-11 09:25:41 +08:00
Michael Johnson
9aea3501d1 Add API versioning to the api-ref
This patch documents the new parameters added, by API version greater
than 2.0.

Change-Id: Ieb2c30653e832b9fa726f8430da603945fd10cc2
2018-10-10 16:24:36 -07:00
sapd
62192dba3a Support REDIRECT_PREFIX action for L7Policy
Currently, Octavia only support three actions for L7Policy,
in this patch we will implement new action for L7Policy.

Story: 2003700

Change-Id: Ie99591ede097b566294ebdb673c460442dd6d942
2018-09-28 18:10:39 +07:00
Michael Johnson
5022588164 Fix UDP release note for CentOS
This patch removes the comment about the UDP patch not working on CentOS
because we fixed the issues that were impacting CentOS based amphora.

It also corrects a typo in the api-ref where the protocol field was listed
as an "integer" type, where it should be "string".

Change-Id: I0857015f25de607ab8364b9e1d59a65f8b072c3c
2018-08-08 13:25:24 -07:00
Michael Johnson
cc97397d1c Followup patch for UDP support
1. Removes the misc_dynamic setting from the UDP-CONNECT health monitor
   as our script does not use it.
2. Adds a release note for the UDP features.
3. Updates the API reference for UDP support.
4. Adds a comment to the keepalived config with the LB ID.
5. Updates the status message type to be the correct UDP protocol.
6. Fix error during deleting a listener if there are multiple amphoraes.
7. Refactors systemd service script handling.

Story: 2003306
Task: 24258
Change-Id: I09240023d066ac5a71836d01045cda6ce5678712
2018-08-07 20:55:11 -07:00
Michael Johnson
87fca27e37 Fix version discovery for the Octavia API
This adds the required "links" part of the version discovery document.

Change-Id: I18e75116e1da47991d68b0842892f1036adec41a
Story: 2001796
Task: 12518
2018-07-08 14:19:04 -07:00
Michael Johnson
6349976cde Implement provider drivers - Cleanup
This patch addresses the following:
Fixes some unit tests.
Cleans up some code from the parent patches,
Adds a release note for the provider driver support.
Adds the "List providers" API.
Adds a document listing the know provider drivers.
Adds a provider driver development guide.

Change-Id: I90dc39e5e9d7d5839913dc2dbf187d935ee2b8b5
Story: 1655768
Task: 5165
2018-06-04 19:34:42 -07:00
Michael Johnson
dda45f0cb8 Add pool session persistence validation
This patch adds validation to the pool session persistence options.
It validates the cookie_name specified and whether that option is valid
for the session persistence type specified.

Change-Id: I2f35a1a267bf2fc35bbb93a7f5390213ca20d1a8
Story: 2001818
Task: 12555
2018-04-11 12:00:48 -07:00
Adam Harwell
bb0447e98b Expose timeout options
Various timeout options need to be exposed to enable use-cases more
complex than standard HTTP requests.

In this patch we expose four new timeout values:
* timeout_client_data
* timeout_member_connect
* timeout_member_data
* timeout_tcp_inspect

Change-Id: Id4667201c1bfaa06f7af9060c936ba00c2f314f9
Story: 1457556
Task: 5453
2018-04-04 13:06:01 +09:00
Adam Harwell
e819e4521a Allow members to be set as "backup"
Setting a member as "backup" means no traffic will be sent to it unless
all non-backup members are marked as down.

This should be essentially the same in every backend provider AFAIU.

This was requested by at least one operator (me) and was agreed during
the PTG to add value.

Story: 2001777
Task: 12483
Change-Id: I953abe71a0988da78efc6b3961f7518c81c2a06d
2018-04-04 07:47:31 +09:00
Adam Harwell
6ee20b272e Add image_id to amphora table
Story: 2001491
Task: 6215
Change-Id: I5ab6707591c856e43a0e0f49c84e1e721f01893c
2018-02-27 14:46:25 +00:00
Zuul
fdc8d17ec5 Merge "Update api-ref for uuid type and fix tox" 2018-02-04 03:57:34 +00:00
Michael Johnson
711f6159c1 Update api-ref for uuid type and fix tox
The API reference documentation theme now supports the "uuid" type[1].
This patch updates the Octavia API reference to use the uuid type where
appropriate to clarify the type.

This patch also fixes the api-ref tox target for the new documentation
requirements.txt file.

[1] https://review.openstack.org/#/c/528597/

Change-Id: Ia7dfe2a26140fba0208531bd8e8e82163eb75347
2018-02-03 21:38:12 +00:00
Adam Harwell
8934a629df Switch to using PKCS12 for TLS Term certs
*NOT* deprecating the old way of storing these, as I believe that would
create a huge mess for anyone already using it.

Change-Id: I1fee174d8b8956f3d2053781a7f18c2940b21765
2018-01-23 07:17:14 +00:00
ZhaoBo
51f6f7258b Extend api to accept qos_policy_id
This patch extend Octavia v2 API to access qos_policy_id from neutron.
Users can pass it as 'vip_qos_policy_id' to Octavia request body to
create/update Loadbalancers, and the vrrp ports will have the qos
abilities.

This patch modifies the Loadbalancer Post/Put request body and response
body. It also extends the 'vip' table with the new column named
'qos_policy_id' to store the qos_id from neutron.

Co-Authored-By: Reedip <reedip.banerjee@nectechnologies.in>

Change-Id: I43aba9d2ae816b1498d16da077936d6bdb62e30a
2017-12-20 09:23:16 +08:00
Bar RH
3ada33d4c7 Fix filtering in list API calls
The API's filtering arguments were not handled properly, and
therefore, some were consistently ignored.
This patch resolves this by translating the argument names to
the ORM data model's fields, and then validating them.

Additionally, enforcing of arguments validity is now the default
behavior. Should unrecognized filtering arguments be entered,
the API call will fail with code 400.

Task: 5844
Story: 2001224

Change-Id: I8f61880d6c11037d32b96e9827fb4e810dc219c2
2017-12-05 16:13:56 +02:00
Adam Harwell
b8ebbe9919 Add cached_zone to the amphora record
This will enable a number of possible features that need to select
amphorae based on their availability zone.

This would allow for quick-lookups on large lists and could be stale,
but it would be expected that future code that uses this would check
with nova for an update if it needs fully accurate data.

Having it be explicitly "cached" should take care of concerns about
users (operators, in this case) being confused about correctness.
Using simply the word "zone" should address concerns about commonality
between compute providers.

Change-Id: I8e26f99bca3496a454ba7bae2570f517e07d5fc2
Story: 2001221
Task: 5732
2017-10-31 17:15:45 -07:00
Adam Harwell
7f1c5011ed Add admin endpoint for amphora info
Administrators can now use /v2.0/octavia/amphorae to retrieve internal
information about amphora details like compute_id and lb_network_ip.

Change-Id: I5ac8d1ce189db09d52e518d42aeb3a192b8a8814
2017-09-22 23:39:46 +00:00
Michael Johnson
3007738fec Update some links to the new docs locations.
Change-Id: Ic10c2a2d924e5daa5567f33ccb80d6e33949f636
2017-07-05 15:37:28 -07:00
johnsom
2ca2b8076d Add v2 Quota API section
This patch adds the quota section to the v2 API reference.

Change-Id: I23cd2c4a65e4d7bf3c85f176a3042fefe0fb35b9
Partial-Bug: #1558385
2017-06-28 09:32:56 -07:00
johnsom
debcbc50c8 Add v2 L7 Rule API section
This patch adds the L7 rule section to the v2 API reference.

Change-Id: I43ad86c7cc72b4844247c39f76f30dde349e7a65
Partial-Bug: #1558385
2017-06-27 10:03:49 -07:00
johnsom
bc886f2f65 Add v2 L7 Policy API section
This patch adds the L7 policy section to the v2 API reference.

This patch also updates the child object create error code lists to
include 409 as a possible error code.

Change-Id: I6cb469c65832af3440c18dc71c7786a8fbf9bd2b
Partial-Bug: #1558385
2017-06-26 13:33:26 -07:00
Adam Harwell
897214a4ff SSL Health Monitors didn't actually ... check very much
Change HTTPS monitors to be a real check, and add TLS-HELLO type to
perform the older check functionality if desired.
The only reason you would need TLS-HELLO instead of HTTPS is if your
application does client-cert validation, as the HAProxy box won't have a
valid client cert.

Also add missing PING type to the DB, so PING monitors can be used.

Change-Id: I15a79b7fb0c2ff1020090b4057909a1f41a2c8ad
2017-06-22 00:04:19 +00:00
johnsom
425d6017fd Add v2 health monitor API section
This patch adds the health monitor section to the v2 API reference.

Change-Id: I269eb6e457d317e7d942adcc1d957bc96e4a315f
Partial-Bug: #1558385
2017-06-05 18:28:34 +00:00
johnsom
63b2b0e1ce Add v2 member API section
This patch adds the member section to the v2 API reference.

Change-Id: I5e10a215d685c27a7e5be882a2598fe7cb3875ee
Partial-Bug: #1558385
2017-06-05 18:28:27 +00:00
Jenkins
b14147d337 Merge "Add v2 pool API section" 2017-06-05 15:02:14 +00:00
johnsom
639aa1cd04 Add v2 pool API section
This patch adds the pool section to the v2 API reference.

Change-Id: I70e5cb07a4435f58f5da3999be70162efa7f0bd8
Partial-Bug: #1558385
2017-06-01 09:12:03 -07:00