Includes some updates to docs and configs and related files to remove
references to neutron-lbaas. Also remove handlers.
Change-Id: I3082962841d3b645f3cbd1a6b41fc7fb28dcf7e6
The Octavia API reference was missing the option of "REDIRECT_PREFIX"
as one of the L7 policy actions. This patch corrects that.
Change-Id: I5fa14354fb88b325380834e0deec09bfb813b409
This patch adds 2 new options for healthmonitor HTTP health check.
'http_version' is for user to specify the HTTP version, 1.0 and 1.1 are
available.
'domain_name' is for user to specify the HTTP host header inject to check
the HTTP backend health.
'domain_name' only available when HTTP version is 1.1
Story: 2002160
Task: 20010
Change-Id: Id3bf3962a02fbf77cf886c40ac64588cbacd3832
Currently, L7Policy already support the redirection by url_prefix.
Then we can support the redirection with HTTP code.
This patch adds an new option 'redirect_http_code' to L7Policy API.
Story: 2003609
Task: 24941
Change-Id: Id0c9c376ffbc2fb10ddb988537d0ef1a8205e586
Add "tls_enabled" option in Pool API.
This option will work on cert cases or no cert cases.
Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I62e31aaa66748ba652dfd5dbfd5a8b06d9ba0dfe
Add tls_ca_container_id and crl_container_id into Pool API.
Story: 2003858
Task: 26672
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I6cd6e2ca8e48a5df707a70d22505dec9d752c7eb
Add 1 fields like Listener does, which is 'tls_container_ref', this
field is introduced into Pool for storage the pool client certificate to
the backend servers, when the traffic willing to bring a cert to the
servers and check for tls connection.
Story: 2003859
Task: 26685
Change-Id: I29b7c7116e6087c942179ed9efdead494ef277a3
This patch add 4 new types for SSL connection ACL configuration.
Which are:
L7RULE_TYPE_SSL_CONN_HAS_CERT
L7RULE_TYPE_VERIFY_RESULT
L7RULE_TYPE_DN_FIELD
The first type can just accept the compare type "EQUAL_TO" and value
"True" string.
The second can just accept the int value string to check the certificate
verify result, also just support "EQUAL_TO" compare type.
The third can accept key, the distinguished name field and a match string,
this one supports all kind compare types.
Story: 2002165
Task: 20025
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I71b57d0f32d4839a770396645d2b9945d24f2853
Add new ssl headers:
'X-SSL-Client-Verify', 'X-SSL-Client-Has-Cert', 'X-SSL-Client-DN',
'X-SSL-Client-CN', 'X-SSL-Issuer', 'X-SSL-Client-SHA1',
'X-SSL-Client-Not-Before', 'X-SSL-Client-Not-After'
Allow users to send to the backend with multiple choices when
tls_terminated is enabled for client certificate.
Story: 2002165
Task: 20020
Change-Id: I112936ee85c9e0dcfb87b962176ba7d623989a30
Add crl-file in Listener side.
Story: 2002165
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I9e2ec06719fbbfd19482c2b8d39220e7e4ed81e3
Listener API for client cerificate authentication with "None,
Optional, Mandatory" options
Story: 2002165
Task: 20019
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: Ia753659981d99b315504f166c09afb8f5b14f195
This patch add 'client_ca_tls_container_ref' into listener API for front
client authentication.
Story: 2002165
Task: 20018
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I8a96d6fdfe53a16d1abcfd09bc6afedd6c490de2
This patch adds an API that allows operators to query a provider driver
for the list of supported flavor capabilities.
Change-Id: Ia3d62acdc3b1af2e666f58d32a06d2238706dee6
This patch also updates the API version to 2.5 to represent the tags
support.
Change-Id: Ia57724c231c10efad9cee46be4969fa276fff8b1
Co-Authored-By: Lingxian Kong <anlin.kong@gmail.com>
Operators want to have the ability to see amphora flavor information.
But they haven't access permisson of octavia configuration file. So
it is necessary to show amphora flavor information as part of command
'openstack loadbalancer amphora list/show'.
Story: 2002896
Task: 22986
Change-Id: Ib3ca05d816747d08ef7055ec532b81746468cbf9
Add tags support for all lb related resources. It includes:
load balancer, listener, member, pool, L7rule, L7policy
and health-monitor
Change-Id: Ib33a002b3b59820db29897454e9d4303c73310b2
Story: 2003890
Task: 26757
A Starlingx patch[1] changed the signature for some openstackdocstheme
methods which is causing Octavia docs to not build.
This patch updates the octavia docs configuration for the new
openstackdocstheme.
[1] https://review.openstack.org/#/c/607298
Change-Id: Id09ab3b78291c28e116f1f4ffb8836eac0537d94
This is a follow up of I70e5cb07a4435f58f5da3999be70162efa7f0bd8, which
eliminated the usage of the parameters removed here.
Change-Id: I9c52aa6ef73482e2f2d83a6b228407790e18ca74
Currently, Octavia only support three actions for L7Policy,
in this patch we will implement new action for L7Policy.
Story: 2003700
Change-Id: Ie99591ede097b566294ebdb673c460442dd6d942
This patch removes the comment about the UDP patch not working on CentOS
because we fixed the issues that were impacting CentOS based amphora.
It also corrects a typo in the api-ref where the protocol field was listed
as an "integer" type, where it should be "string".
Change-Id: I0857015f25de607ab8364b9e1d59a65f8b072c3c
1. Removes the misc_dynamic setting from the UDP-CONNECT health monitor
as our script does not use it.
2. Adds a release note for the UDP features.
3. Updates the API reference for UDP support.
4. Adds a comment to the keepalived config with the LB ID.
5. Updates the status message type to be the correct UDP protocol.
6. Fix error during deleting a listener if there are multiple amphoraes.
7. Refactors systemd service script handling.
Story: 2003306
Task: 24258
Change-Id: I09240023d066ac5a71836d01045cda6ce5678712
Adding support for the octavia listener X-Forwarded-Proto header insertion.
A X-Forwarded-Proto header is inserted into the end of request to the backend
member. HTTP for the HTTP listener protocol type, HTTPS for
the TERMINATED_HTTPS listener protocol type.
Adding X-Forwarded-Proto to the list of HTTP headers which are supported.
File: octavia/master/octavia/octavia/common/constants.py:
SUPPORTED_HTTP_HEADERS = ['X-Forwarded-For',
'X-Forwarded-Port',
'X-Forwarded-Proto']
Adding the lines to the macros.j2 realizing the the http/https insertion
to the backend member according to listener protocol type:
File: octavia/common/jinja/haproxy/templates/macros.j2
{% if listener.insert_headers.get('X-Forwarded-Proto',
'False').lower() == 'true' %}
{% if listener.protocol.lower() == constants.PROTOCOL_HTTP.lower() %}
http-request set-header X-Forwarded-Proto http
{% elif listener.protocol.lower() ==
constants.PROTOCOL_TERMINATED_HTTPS.lower() %}
http-request set-header X-Forwarded-Proto https
{% endif %}
{% endif %}
Change-Id: Id017bb277eebae98f0441663e41d07b40b6e3e38
Story: 2002173
Task: 20038
This patch addresses the following:
Fixes some unit tests.
Cleans up some code from the parent patches,
Adds a release note for the provider driver support.
Adds the "List providers" API.
Adds a document listing the know provider drivers.
Adds a provider driver development guide.
Change-Id: I90dc39e5e9d7d5839913dc2dbf187d935ee2b8b5
Story: 1655768
Task: 5165
This matches neutron-lbaas. This was never actually used, so changing it
should not be an issue hopefully.
Change-Id: If5dfcb291e7fa5c406ea99905f61673786823c8b
This patch adds validation to the pool session persistence options.
It validates the cookie_name specified and whether that option is valid
for the session persistence type specified.
Change-Id: I2f35a1a267bf2fc35bbb93a7f5390213ca20d1a8
Story: 2001818
Task: 12555
Various timeout options need to be exposed to enable use-cases more
complex than standard HTTP requests.
In this patch we expose four new timeout values:
* timeout_client_data
* timeout_member_connect
* timeout_member_data
* timeout_tcp_inspect
Change-Id: Id4667201c1bfaa06f7af9060c936ba00c2f314f9
Story: 1457556
Task: 5453
Setting a member as "backup" means no traffic will be sent to it unless
all non-backup members are marked as down.
This should be essentially the same in every backend provider AFAIU.
This was requested by at least one operator (me) and was agreed during
the PTG to add value.
Story: 2001777
Task: 12483
Change-Id: I953abe71a0988da78efc6b3961f7518c81c2a06d
The API reference document had a typo where the "X-Forwarded-Port"
parameter for the HTTP header insertions was listed as an integer
instead of as a string. It also corrects "X-Forwarded-For" to be a
string. This patch corrects that mistake.
Change-Id: I3996d5e1950f8d979eb1c354dfac70a0ddefdca2
This patch adds oslo.serialization to the test-requirements.txt file as it is
used in some tests.
It also fixes the parameter ordering in the api-ref for the new qos parameters
on load balancers.
Change-Id: I0baf00457cb131a05b31ac83c03a7ed4a176160c
The API reference documentation theme now supports the "uuid" type[1].
This patch updates the Octavia API reference to use the uuid type where
appropriate to clarify the type.
This patch also fixes the api-ref tox target for the new documentation
requirements.txt file.
[1] https://review.openstack.org/#/c/528597/
Change-Id: Ia7dfe2a26140fba0208531bd8e8e82163eb75347
This patch updates the docs configuration to have bugs links that take the
reporter to storyboad instead of launchpad.
It also sets the docs up for PDF rendering and multiple versions of the
documentation.
Change-Id: I66187e09e038efe605db45a26e3505218a7a4c65
*NOT* deprecating the old way of storing these, as I believe that would
create a huge mess for anyone already using it.
Change-Id: I1fee174d8b8956f3d2053781a7f18c2940b21765
This patch extend Octavia v2 API to access qos_policy_id from neutron.
Users can pass it as 'vip_qos_policy_id' to Octavia request body to
create/update Loadbalancers, and the vrrp ports will have the qos
abilities.
This patch modifies the Loadbalancer Post/Put request body and response
body. It also extends the 'vip' table with the new column named
'qos_policy_id' to store the qos_id from neutron.
Co-Authored-By: Reedip <reedip.banerjee@nectechnologies.in>
Change-Id: I43aba9d2ae816b1498d16da077936d6bdb62e30a
The API's filtering arguments were not handled properly, and
therefore, some were consistently ignored.
This patch resolves this by translating the argument names to
the ORM data model's fields, and then validating them.
Additionally, enforcing of arguments validity is now the default
behavior. Should unrecognized filtering arguments be entered,
the API call will fail with code 400.
Task: 5844
Story: 2001224
Change-Id: I8f61880d6c11037d32b96e9827fb4e810dc219c2
