The grenade job resource.sh script is waiting for the created object
status but not the overall load balancer status to go ACTIVE.
This can lead to the script failing with a 409 error.
This patch adds a check for the load balancer to be unlocked before
advancing to the next create call.
Change-Id: I6505243ddbf1eab7d110e9bfa03bffda840f07ae
The default value for timeout parameters in the BaseListenerType was
not correctly set because the class was defined before reading the
config file.
Story 2008666
Task 41953
Change-Id: Ia4aa2047a79ad6fc3e33c7ebe2da9438914f7a88
pylint 2.7.0 added additional checks for inconsistent-return-statements:
- inconsistent-return-statements message is now emitted if one of
try/except statement is not returning explicitly while the other do.
Change-Id: I196e13996ce4bce93d9a8eed87f6c3cb8ef3cea1
Also removed a block of shell code in install-ubuntu.rst,
because the block triggered an error in the doc job and it was unused.
Change-Id: I41033e8cd9710a91b9502db11577b1f1cb85fa46
There was a bug that would cause a pool to go into ERROR if you attempted
to update the CRL or client certificate on the pool.
Change-Id: I736816247131715f5c385b4680614ec3218a2ad7
Story: 2008295
Task: 41180
{admin,tenant}_log_targets options are configured with
MGMT_PORT_IP in devstack, which contains the IP address
of the local management interface. In multinode setup,
it means that the second node should run a rsyslog
service to receive logs from amphorae that have been
spawned by its worker.
Change-Id: If2841720009c2e402127e2e0080efdd56b68f6c9
The secure RBAC work requires the of oslo.policy's scope_types argument,
which was made available in 1.32.0. This commit updates to version 2.1.0
so that we're using something more relevant.
Required oslo.context bump.
Change-Id: I48e8882f629886d1b8abadff6e60aad91d1169c7
This allows us to use the Wallaby release marker in versionutils for
deprecations.
Required some other bumps to satisfy lower-constraints.
Change-Id: I3c2be8a5189dcda24c42ed7ab4d8fa33a03c5d3e
NetworkManager in Centos images configures new network devices as soon
as they appear in the default namespace, it means that we might have
conflicts between the management interface's routes and address and the
new VIP or member interfaces' routes and addresses during a small period
of time before they are moved to the amphora-haproxy namespace.
Now, the "no-auto-default=*" option is enabled in NetworkManager, it
disables the configuration of new interfaces, while the management
interface is still enabled/configured through cloud-init.
Story 2008599
Task 41773
Change-Id: I6dd8e99b07ff557674871cb503dece96a9df3ada
Add SCTP support in the Amphora (with keepalived).
Add amphora-health-checker script for customized SCTP health checks
(INIT/INIT-ACK/ABORT).
Change-Id: I30997ae6cc6b8ec724f0e9dcfdfe49356b320ff4
Story: 2007884
Task: 40932
The CentOS NFV SIG [1] maintains a RPM repository with extra and newer
packages. This includes HAProxy 2.2 as of this time of writing.
[1] https://wiki.centos.org/SpecialInterestGroup/NFV
Change-Id: I2f64a44c566f138c58ea4be53b1ff90a52012950
we don't set default value for enabled column now,
and mysql will fill them with 0 value(false)
if we upgrade from ocata or ealier, all l7rules is disabled.
so they will not render to haproxy config file in amphora.
this will cause all l7rules stop work after a update.
Change-Id: Ib8549d71b7adb95d0dcb36903c1744190056adae
ALPN is a TLS extension for application-layer protocol negotiation
within the TLS handshake [1].
This patch extends the Pool API to include a new 'alpn_protocols'
parameter. With this parameter, users can set an ALPN preference list
(descending order of preference) to be advertised by load balancer to
members.
This patch also adds HTTP/2 over TLS support to TLS-enabled pools to the
Amphora provider driver, although default the pool ALPN protocol list
configuration setting has HTTP/2 disabled similarly to the default
listener ALPN protocol list value added in Victoria release.
[1] https://tools.ietf.org/html/rfc7301
Change-Id: I91924486bab22601c15c538c8a5282ad8bc54700
Some network parameters can be validated in the API, it would avoid to
handle exceptions in the worker when plugging networking resources.
This commit validates that port_security_enabled is True on the VIP
network when using the amphora driver.
Story: 2008449
Task: 41422
Change-Id: I1236d3c6231a657b2aa53b1e488a4d0fe3215070
Validate that the amphora driver supports the listener protocol when
receving a listener_create request.
It returns an UnsupportedOptionError exception to the user if the
amphora driver doesn't support a protocol that is defined in the API
(ex: SCTP is supported in the API in the Victoria release, but not in
the amphora driver).
Story: 2008545
Task: 41647
Change-Id: I1c5cb987945a7a465bfecfda399dfe93fc1b76bb
There were a few unit test files that didn't match their
code counterparts, so were a little hard to find. Moved
things around to line-up better, leaving only a handful
of exceptions to ignore. Added a test script to check
things so it won't happen again, copied from Neutron.
No actual code was changed, files were just moved around.
Change-Id: I6d84047b3481a2bf6bf9bd17d482fb504dbc752b
publish-openstack-octavia-amphora-image* jobs started failing because
ubuntu no longer provides yum-utils package.
Now dependencies have been cleaned up for the ubuntu job, and the centos
job uses a centos node. The zuul playbook now works on Ubuntu and
RedHat/Centos nodes.
Change-Id: Ifca01d91d8eb92115d56744f4963e91ac537dd8e
Several tasks require amphora_id parameter to be passed in
get_amphora_for_lb_failover_subflow.
Execution passed results in error:
taskflow.exceptions.NotFound: Mapped argument 'amphora_id' <=
'amphora_id' was not produced by any accessible provider
(1 possible providers were scanned).
Also fix getting ID parameter from amphora dict in
AmphoraIndexListenersReload and add missing retries for create_*
resources in v2 worker.
Change-Id: I5ed6288b2776bd7f1c9b67e9cfd9a8f05b1196be
Fix empty UDP pools status: a UDP pool without members went OFFLINE
instead of ONLINE.
This commit changes the keepalived configuration with empty pools:
the configuration now contains a virtual_server and a comment about the
existing pool. This comment is used by the get_udp_listener_pool_status
to detect that the pool exists and is not offline.
Story 2007984
Task 40610
Change-Id: I30e23ca13d033d77c8ebdabbfdc7b54556a9466b
Some functions in unit tests are creating namedtuples that represent
loadbalancers, these sample loadbalancer objects contain a 'protocol'
field that doesn't exist in real objects and isn't used.
Change-Id: I8f191a720a3d38a7f579ed5f587563bfd40cce15
In RHEL-based distros, cron is provided by the cronie package. This package is
missing from the amphora built images.
This patch maps the cron package to cronie for distros in the Red Hat family.
Change-Id: I6fb7889de90e8e5354c1e6ce2c95ec0199ce90e3
Story: 2008351
Task: 41253
W0404: Reimport 'constants' (imported line 17) (reimported)
constants was already imported, just use the first one.
Change-Id: I5d999d72cfe55600238c0daaa22766b7fe716e41
The package cloud-utils-growpart is missing from Red Hat based image
builds which means the root filesystems are not grown on instance
startup which means not much space for things like logs.
This patch maps the cloud-guest-utils package to cloud-utils-growpart.
Change-Id: I3c830a9f0fd21ca10238946721c0f75d01d3ddff
Story: 2008350
Task: 41252