ALso tweak the systemd service config for haproxy 1.8 since it no longer
ships with a systemd wrapper.
Change-Id: If4f230dcba8c360c919f6c2d93705bf67089b2cf
The exposed definition was incorrect due to a copy/paste error during
the original creation of these controllers, causing the field filter
list to be read as a single value. A side-effect of this was that the
filtering code still worked, but did an 'in' operation on one string
instead of a list.
This caused two bugs:
1) Multiple field filters were ignored, and only the first would be
returned.
2) The field matching would match inside of the field names, so
filtering for `id` would match `id`, `project_id`, etc. and return
extra fields.
Change-Id: Ibb509c1e487876b957ad02cd66cebebc178bef4d
Backport-Candidate: Queens Pike
It was reported that the Health Manager process could be crashed with
malformed heartbeat packets. I was unable to reproduce the issue
(I suspect oslo_utils fixed the root cause), but I could see how this
could happen and our error handling could be improved.
This is a lower severity as this port is intended to be only accessible
from a private lb-mgmt-net network.
This patch adds additional exception handling to the Health Manager
listener routines to better handle heartbeat packet issues.
Change-Id: I2da6fa394f5152148237d0986fd969b7950815ba
Story: 2001959
Task: 15081
The PluggedVIPNotFound exception is no longer being raised anywhere
so we can drop any references to it.
Change-Id: Ida424233a3a7fbb372a837ba3f484abd089d38aa
This matches neutron-lbaas. This was never actually used, so changing it
should not be an issue hopefully.
Change-Id: If5dfcb291e7fa5c406ea99905f61673786823c8b
Fixes the v2 API returning "DELETED" records until the amphora_expiry_age
timeout expired. The API will now immediately return a 404 HTTP status
code when deleted objects are requested. The API version has been raised
to v2.1 to reflect this change.
Change-Id: Iaf150240b0de32f75ba8cfe605293e3af086cc78
Story: 2001557
Task: 6501
sosreport is a tool that collects information about a system.
The sos plugin for Octavia can gather information of installed packages,
log and configuration files for Octavia controller components and
amphora agent. The result is a generated report that can be used for
troubleshooting. The plugin redacts confidential data such as passwords,
certificates and secrets.
At present sos only installs in Red Hat family images as the plugin does
not support other distributions.
Change-Id: I5131a4cfdedd8b78fb673b4264ef1d7a1d613972
This patch adds the tempest API and scenario jobs from
octavia-tempest-plugin to the Octavia gates list.
Initially in non-voting to gauge stability.
Change-Id: Ifca0d1e0e99424d13752694b5e9c4c5731c3ea95
Previously we were using the "ubuntu" diskimage-builder base element as the
default base OS to build the amphora image.
The "ubuntu" element is based on the ubuntu cloud image. This image includes
packages we do not need for the amphora image. At this point it's not clear
that Ubuntu will ship an 18.04 LTS cloud image in the format the "ubuntu"
element requires.
This patch switches the default Ubuntu amphora image to build with the
"ubuntu-minimal" diskimage-builder element.
This patch also moves the amphora agent into a virtual environment inside
the amphora.
It also sets up support for Ubuntu 18.04 (bionic beaver) and HAProxy 1.8.
Change-Id: I84a85ca1363bce2e0f13da64540ec7ba3575e818
It shouldn't be a requirement to put python-octaviaclient into
LIBS_FROM_GIT in local.conf. This commit makes Octavia's DevStack plugin
install it from pip if it's not present in LIBS_FROM_GIT.
Story: 2001830
Task: 12587
Change-Id: I37014a766e27f6117c96aef976fa1e0b5a9ca031
This patch adds validation to the pool session persistence options.
It validates the cookie_name specified and whether that option is valid
for the session persistence type specified.
Change-Id: I2f35a1a267bf2fc35bbb93a7f5390213ca20d1a8
Story: 2001818
Task: 12555
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: If6eee4ecfb4c6c607c9ee762cc535cf5d6180d88
Modify some health monitor debug log messages to
indicate it is the health monitor ID printed
instead of the pool ID
Change-Id: Id50978aa51d8e0f28d77d401deb513994b6a6c2d
Fixes a neutron-lbaas LBaaS v2 API compatibility issue when requesting a
load balancer status tree via '/statuses'. This patch adds an alias for
'/statuses' to use the same code as '/status'.
Change-Id: I7aebf87c5f48e2e72b1f7f26b95663a861382f36
Story: 2001812
Task: 12547
Apparmor will block dhclient from accessing the o-hm0 configuration file
under /etc/octavia. This patch moves our dhclient.conf under /etc/dhcp/octavia
to allow the dhclient to access the file when apparmor is running.
Change-Id: I3153f8bd9237470f406a9edeb4e2a0767fc747b8
Story: 1673269
Task: 5434
A lot has changed in Octavia since the parapgrahs this patch touches on
were written. We should encourage operators and end-users to use Octavia
as first-class load balancing solution in OpenStack rather than
misleading new users by recommending them to use Neutron LBaaS with
Octavia as provider driver, at least whenever possible. A note is left,
though, for operators and end-users already running Neutron LBaaS to
migrate either to Octavia or, if not immediately possible, use the
Octavia proxy plugin in neutron-lbaas.
Change-Id: Ia7c6bca86d9510ce077295074fe9b034c6b35f54
This prevents forcing keepalived to renegotiate roles between amps more
times than necessary.
Keepalived is already running at the point that we do our initial "amp
start" command, so if we actually force a restart it loses its state and
has to renegotiate. I would consider the fact that this works without
issue right now "very good luck". Let's make this more sane, and only
reload if that's what we need to do.
Change-Id: Ie920bba9b2d718c59c6ce00c0f013058ed2634bb
I *have* seen this in the wild (it caused problems in our cloud with
Liberty neutron), and while I am unsure of the exact cause, it can't
hurt to code a little bit defensively!
Change-Id: I46ec944f7035fd7a5a09b7e7e4a4a38692039ab7
Various timeout options need to be exposed to enable use-cases more
complex than standard HTTP requests.
In this patch we expose four new timeout values:
* timeout_client_data
* timeout_member_connect
* timeout_member_data
* timeout_tcp_inspect
Change-Id: Id4667201c1bfaa06f7af9060c936ba00c2f314f9
Story: 1457556
Task: 5453
