This patch adds a note to the diskimage-create README that
reminds users to set the hardware architecture property on the
amphora image if the cloud has multiple architectures available
in nova.
It also sets this property in our devstack plugin to provide an
example/reminder.
Change-Id: I15c2cabb1bced0a5646a3e1aed50bece78afcdce
Configure rsyslog to forward logs to a target host
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Story: 1665069
Task: 33646
Change-Id: I00703f86555cbb574b943794b14a36fbc644f1b2
There are many references to review.openstack.org, and while the
redirect should work, we can also go ahead and fix them.
Change-Id: I02b3758e707319489e03a6cd00766b0b9381dc12
Commit I3082962841d3b645f3cbd1a6b41fc7fb28dcf7e6 removed
octavia/tests/tempest directory
This patch removed other references to this path.
Change-Id: I665503aa4f69308ff31be53824b26faea13d2ad1
Includes some updates to docs and configs and related files to remove
references to neutron-lbaas. Also remove handlers.
Change-Id: I3082962841d3b645f3cbd1a6b41fc7fb28dcf7e6
This is the base patch that updates octavia to use the new octavia-lib.
It is backwards compatible by using debtcollector moves.
It adds a new controller process called the "driver-agent".
This patch also adds unit test coverage for a few additional modules.
Depends-On: https://review.openstack.org/#/c/641180/
Change-Id: I438e1548ec0fb6111d1ab85b05015007d9d0a006
Octavia creates certificates and keys to manage encrypted
communication channel to amphorae.
When debug is enabled, the python taskflow module will log
all the information we provide to tasks (and sub-flows)
when we create amphorae or handle with anything related to
certificates and keys management (rotations, etc).
There are ways to tell taskflow to exclude specific things
from being logged (e.g., I136081045787c1bbe3ee846d5845a34201c57864).
While this handles some information in specific flows from being
logged, it is susceptive to code changes.
To avoid an everlasting whack-a-mole game, this patch will merely
encrypt sensitive information so we can safely log it and decrypts
it only when we need to use it.
Change-Id: I06d329ca53bc36bd27f7870ae7c7ca0cf18575b2
This patch will ensure DIB binary dependencies are installed at an early
phase of deployment. As result, we prevent DIB from failing due to unmet
binary dependencies later on while building amphora images as seen in
[1].
[1] http://logs.openstack.org/81/600381/9/check/octavia-v2-dsvm-\
scenario-fedora-latest/ced40d4/controller/logs/dib-build/amphora\
-x64-haproxy.qcow2_log.txt.gz#_2019-01-18_23_15_52_244
Depends-On: https://review.openstack.org/#/c/630889
Change-Id: I6b7244b6a1398994d1c537f358086e22d1e781c1
This patch makes the following changes in preparation for the new
multi-node gates:
1. Resolves some issues in the devstack plugin in multi-node mode.
2. Removes the legacy non-voting multi-node gates and playbooks.
3. Removes the lxd legacy playbook as the jobs were removed in a previous
patch.
Change-Id: I3fb303a67cc66ec44a4ef4d09a16ed6470cbbaff
This patch adds Cloud Auditing Data Federation (CADF) auditing support to the
Octavia API. This is implemented using the keystonemiddleware audit filter.
Change-Id: I87a7e15171dfaf28b6ed97ca71d4423d18fbdbea
After the upgrade Apache seems unable to reach the Octavia API.
It appears that the devstack plugin.sh enables the octavia-wsgi site,
but fails to restart the Apache server to pick up this change.
This patch corrects that by restarting Apache after any Apache site
changes.
Change-Id: I972c7d7934268131765ce5eebab1d81cc326fd49
The recent change to log the DIB output assumes the /var/log/dib-build
directory does not exist. This is not the case on dev systems.
This patch now handles the case where an old /var/log/dib-build exists.
Change-Id: If4116e2c9b13db64b07ffbc3fd6af13e2373b860
Update the diskimage-create.sh to have a "-l" option to pass into
dib's "--logfile" option. In the devstack job, use this to redirect
the dib output to a separate logfile. Turn on verbose logging by
default for this log.
Copy this in the v1 jobs. v2 jobs are covered by a similar change in
octavia-tempest-plugin: I5bc0d9a3b071733cbe31d618f7236a3c2285b3e5
Depends-On: https://review.openstack.org/612865
Change-Id: Ie639af4266152d4626f8312b1849deeba5048348
We moved "bind_host", "bind_port", "auth_strategy", and "api_handler"
into the api_settings section in the configuration file. These settings
have now reached the end of their deprecation cycle and are being removed.
Change-Id: I323a7bdceae5a8d0e3025800beaf1d0a13c12ef8
This patch allows us to specify special DIB elements via the localrc.
An octavia-tempest-plugin patch[1] linked to this will use this
setting in the gates to configure DIB to use the infra package mirrors.
[1] https://review.openstack.org/#/c/601332
Change-Id: I7444e8941c7175d92c50f1714a87b4181b983829
Add devstack/files/rpms-suse/octavia file with a list of
dependencies than need to be installed on (open)SUSE to create an
image based on Ubuntu by diskimage-builder.
Change-Id: Iae54c0342f9040ba13eae9ad36426baeb98dd392
Signed-off-by: Michal Rostecki <mrostecki@suse.de>
Setting DIB_REPOREF_amphora_agent with git -c does not work. The option
-c is for passing key-value configurations and git -C option was
introduced in git v1.8.5 which some distros do not include (e.g. CentOS
7.5 ships with git v1.8.3.1). As a result, DIB_REPOREF_amphora_agent is
not set on any git version !=1.8.5.
The alternative that works across all tested Git versions is: git
--git-dir=/.git sub-command
Change-Id: I41993fa0f8bfde4b7ca9509872de5b54e2ed5680
Story: 2003067
Task: 23114
Load balancer topology options are SINGLE and ACTIVE_STANDBY. We default
to SINGLE as it is the default in-code too.
Change-Id: Id5af2397122ca3c031e9a5becccfcdd75506876f
Zuul v3 does not yet offer native grenade base jobs. Workaround it by
creating a legacy grenade-devstack-octavia playbook.
Change-Id: Ib81557ee75ff2ea365ca8403dcfe6e6724657f75
For API drivers which only use API service, devstack needs:
- To skip creation of o-oh0 interface, as there's no amphora VMs
- Create endpoint, roles
Change-Id: I168b9ccc968a680ed2db326435f7523c35e7a020
When running tempest with a high concurrency the service account
will run out of security group quota. This patch increases the
service account security group quota to 100 when using the octavia
devstack plugin.
Change-Id: I1483745963b858463c45db7e85438920f90ca447
Previously we were using the "ubuntu" diskimage-builder base element as the
default base OS to build the amphora image.
The "ubuntu" element is based on the ubuntu cloud image. This image includes
packages we do not need for the amphora image. At this point it's not clear
that Ubuntu will ship an 18.04 LTS cloud image in the format the "ubuntu"
element requires.
This patch switches the default Ubuntu amphora image to build with the
"ubuntu-minimal" diskimage-builder element.
This patch also moves the amphora agent into a virtual environment inside
the amphora.
It also sets up support for Ubuntu 18.04 (bionic beaver) and HAProxy 1.8.
Change-Id: I84a85ca1363bce2e0f13da64540ec7ba3575e818
It shouldn't be a requirement to put python-octaviaclient into
LIBS_FROM_GIT in local.conf. This commit makes Octavia's DevStack plugin
install it from pip if it's not present in LIBS_FROM_GIT.
Story: 2001830
Task: 12587
Change-Id: I37014a766e27f6117c96aef976fa1e0b5a9ca031
Apparmor will block dhclient from accessing the o-hm0 configuration file
under /etc/octavia. This patch moves our dhclient.conf under /etc/dhcp/octavia
to allow the dhclient to access the file when apparmor is running.
Change-Id: I3153f8bd9237470f406a9edeb4e2a0767fc747b8
Story: 1673269
Task: 5434
This patch changes used keystone token provider from 'uuid' to 'fernet'
in devstack creation script new-octavia-devstack.sh, because the uuid
type deprecated. Changes in keystone:
I76d5c29f6b1572ee3ec7f2b1af63ff31572de2ce
Change-Id: Ia42d8afe62413aa086d9a3751171d42042a700a8
Blueprint: removed-as-of-rocky
Story: 2001732
This patch adds the OCTAVIA_USE_LEGACY_RBAC variable to our devstack plugin.
When set to True it will install the legacy Admin/Owner RBAC policy.json file
for the devstack Octavia install.
This is useful for tempest testing the neutron-lbaas proxy driver that passes
neutron LBaaSv2 API requests through to the Octavia API.
Change-Id: I5f112131b9c57e394349f29fa1b675643784b867
Options that are unset should not use '' as their default because it
actually puts them literally into the command which will cause it to
skip parsing args after any empty quotes.
Change-Id: I54c0170bad28adb26df87024bd16f31827702f1e
We were using neutron lib/neutron-legacy on our devstack plugin as we
were enabling legacy services. This commit changes it so we rely on
lib/neutron.
Co-Authored-By: Carlos Goncalves <cgoncalves@redhat.com>
Change-Id: I159dd4b371b870dc752fa01f738a2910263e3918
By spliting them up, we can now start Octavia without going through the
extra initialization steps, which are not idempotent (or meant to be
anyway), exiting with error code and preventing from continuing the
so desired start process of Octavia. The split-up will allow Grenade to
call out octavia_start solely for the purpose of starting Octavia
services.
This patch also fixes awk from matching itself when stopping Octavia.
This keeps awk from showing itself in the output, grabbing only relevant
PIDs. Otherwise awk PID is added to PID list resulting in kill command
exiting with error as awk is no longer running. This is equially
important and required grenading Octavia, else an exit error would be
thrown.
Change-Id: I1b53076953eaf1a6c6934a10439d00977c875fec
Somehow it was pulling in barbican-tempest-plugin incorrectly, and
didn't have image size set right for centos.
Also fix the devstack plugin to size the flavor correctly based on the
image size variable.
Change-Id: I724f5064309d07fe05f86fcf2c7a488d9319e54c
The devstack plugin should only use the openstackclient to
interact with OpenStack services via CLI.
This patch fixes both the devstack plugin and the examples.
Task: 5678
Task: 5680
Task: 5698
Story: 2001183
Change-Id: Id30ab0484edb350f0a424a0fc90c381357614b8e
