3489 Commits

Author SHA1 Message Date
Michael Johnson
d17b23282c Fix grenade resource waiters
The grenade job resource.sh script is waiting for the created object
status but not the overall load balancer status to go ACTIVE.
This can lead to the script failing with a 409 error.

This patch adds a check for the load balancer to be unlocked before
advancing to the next create call.

Change-Id: I6505243ddbf1eab7d110e9bfa03bffda840f07ae
2021-03-05 01:40:25 +00:00
Zuul
79268cc9e3 Merge "Fix overriding default listener timeout values in config file" 2021-03-03 09:22:36 +00:00
Gregory Thiemonge
b95fbe9ed4 Fix overriding default listener timeout values in config file
The default value for timeout parameters in the BaseListenerType was
not correctly set because the class was defined before reading the
config file.

Story 2008666
Task 41953

Change-Id: Ia4aa2047a79ad6fc3e33c7ebe2da9438914f7a88
2021-03-01 08:57:30 +01:00
Carlos Goncalves
c93a76b9f3 Add HTTP/2 example to the load balancing cookbook
Change-Id: I55453a92ad8107bf19fc8dd20e5b5d90e2b6458b
2021-02-23 08:36:44 +00:00
Gregory Thiemonge
c37738ba6f Fix pep8 errors
pylint 2.7.0 added additional checks for inconsistent-return-statements:
- inconsistent-return-statements message is now emitted if one of
  try/except statement is not returning explicitly while the other do.

Change-Id: I196e13996ce4bce93d9a8eed87f6c3cb8ef3cea1
2021-02-22 17:52:27 +01:00
Gregory Thiemonge
ce2e0d7425 Add test coverage for SCTP health checker script
Also removed a block of shell code in install-ubuntu.rst,
because the block triggered an error in the doc job and it was unused.

Change-Id: I41033e8cd9710a91b9502db11577b1f1cb85fa46
2021-02-19 08:34:46 +01:00
Zuul
38887c6f0f Merge "Configure rsyslog on Octavia service nodes in devstack" 2021-02-17 18:45:25 +00:00
Zuul
de644d398b Merge "Add SCTP support in Amphora" 2021-02-17 16:12:28 +00:00
Zuul
da4e1e26ab Merge "Fix pools going into ERROR when updating the pool" 2021-02-17 08:26:11 +00:00
Zuul
8431d46236 Merge "Disable auto configuration of new interfaces in NetworkManager" 2021-02-16 23:55:37 +00:00
Michael Johnson
370aa4e61c Fix pools going into ERROR when updating the pool
There was a bug that would cause a pool to go into ERROR if you attempted
to update the CRL or client certificate on the pool.

Change-Id: I736816247131715f5c385b4680614ec3218a2ad7
Story: 2008295
Task: 41180
2021-02-11 11:50:41 +01:00
Gregory Thiemonge
f45092a876 Configure rsyslog on Octavia service nodes in devstack
{admin,tenant}_log_targets options are configured with
MGMT_PORT_IP in devstack, which contains the IP address
of the local management interface. In multinode setup,
it means that the second node should run a rsyslog
service to receive logs from amphorae that have been
spawned by its worker.

Change-Id: If2841720009c2e402127e2e0080efdd56b68f6c9
2021-02-09 12:06:19 +01:00
Lance Bragstad
a822f30eb1 Bump oslo.policy version to 2.1.0
The secure RBAC work requires the of oslo.policy's scope_types argument,
which was made available in 1.32.0. This commit updates to version 2.1.0
so that we're using something more relevant.

Required oslo.context bump.

Change-Id: I48e8882f629886d1b8abadff6e60aad91d1169c7
2021-02-08 17:18:55 +00:00
Lance Bragstad
7d8b0db3c8 Bump oslo.log version to 4.3.0
This allows us to use the Wallaby release marker in versionutils for
deprecations.

Required some other bumps to satisfy lower-constraints.

Change-Id: I3c2be8a5189dcda24c42ed7ab4d8fa33a03c5d3e
2021-02-08 17:17:15 +00:00
Gregory Thiemonge
a518cefda1 Disable auto configuration of new interfaces in NetworkManager
NetworkManager in Centos images configures new network devices as soon
as they appear in the default namespace, it means that we might have
conflicts between the management interface's routes and address and the
new VIP or member interfaces' routes and addresses during a small period
of time before they are moved to the amphora-haproxy namespace.

Now, the "no-auto-default=*" option is enabled in NetworkManager, it
disables the configuration of new interfaces, while the management
interface is still enabled/configured through cloud-init.

Story 2008599
Task 41773

Change-Id: I6dd8e99b07ff557674871cb503dece96a9df3ada
2021-02-06 22:26:07 +01:00
Zuul
9c6eb49172 Merge "Add default value for enabled column in l7rule table" 2021-02-01 21:05:46 +00:00
Zuul
f5e6292991 Merge "Bump the minimum coverage to 92%" 2021-01-31 02:03:59 +00:00
Zuul
1a9afe2099 Merge "Correct spell error" 2021-01-30 04:31:30 +00:00
Zuul
2de31e9173 Merge "Add validation for VIP network parameters in amphora driver" 2021-01-30 00:45:33 +00:00
Michael Johnson
9b2c6425a3 Bump the minimum coverage to 92%
As we continue to improve our code coverage we can now bump the
gate minimum to 92% minimum.

Change-Id: I53cf76182d2ba9f1aad81edc9da68bedd4a81aba
2021-01-29 23:02:18 +00:00
Gregory Thiemonge
2888f44e7b Add SCTP support in Amphora
Add SCTP support in the Amphora (with keepalived).
Add amphora-health-checker script for customized SCTP health checks
(INIT/INIT-ACK/ABORT).

Change-Id: I30997ae6cc6b8ec724f0e9dcfdfe49356b320ff4
Story: 2007884
Task: 40932
2021-01-29 13:58:39 +01:00
Zuul
673a5691c1 Merge "Support deletion of all tags" 2021-01-29 05:19:53 +00:00
Zuul
d221cd8937 Merge "Install HAProxy 2.x in CentOS amphora images" 2021-01-29 02:41:30 +00:00
Zuul
b206516c07 Merge "Fix PROXYV2 pools" 2021-01-29 01:13:46 +00:00
Carlos Goncalves
3730d27232 Install HAProxy 2.x in CentOS amphora images
The CentOS NFV SIG [1] maintains a RPM repository with extra and newer
packages. This includes HAProxy 2.2 as of this time of writing.

[1] https://wiki.centos.org/SpecialInterestGroup/NFV

Change-Id: I2f64a44c566f138c58ea4be53b1ff90a52012950
2021-01-28 22:14:52 +00:00
wu.chunyang
53f8c28aa3 Add default value for enabled column in l7rule table
we don't set default value for enabled column now,
and mysql will fill them with 0 value(false)
if we upgrade from ocata or ealier, all l7rules is disabled.
so they will not render to haproxy config file in amphora.
this will cause all l7rules  stop work after a update.

Change-Id: Ib8549d71b7adb95d0dcb36903c1744190056adae
2021-01-28 13:31:21 -08:00
Carlos Goncalves
d2d5fc80f8 Add ALPN support for TLS-enabled pools
ALPN is a TLS extension for application-layer protocol negotiation
within the TLS handshake [1].

This patch extends the Pool API to include a new 'alpn_protocols'
parameter. With this parameter, users can set an ALPN preference list
(descending order of preference) to be advertised by load balancer to
members.

This patch also adds HTTP/2 over TLS support to TLS-enabled pools to the
Amphora provider driver, although default the pool ALPN protocol list
configuration setting has HTTP/2 disabled similarly to the default
listener ALPN protocol list value added in Victoria release.

[1] https://tools.ietf.org/html/rfc7301

Change-Id: I91924486bab22601c15c538c8a5282ad8bc54700
2021-01-28 14:42:48 +01:00
Gregory Thiemonge
dda1d8665c Add validation for VIP network parameters in amphora driver
Some network parameters can be validated in the API, it would avoid to
handle exceptions in the worker when plugging networking resources.
This commit validates that port_security_enabled is True on the VIP
network when using the amphora driver.

Story: 2008449
Task: 41422

Change-Id: I1236d3c6231a657b2aa53b1e488a4d0fe3215070
2021-01-26 17:34:21 +01:00
Gregory Thiemonge
fbbc5f9024 Validate listener protocol in amphora driver
Validate that the amphora driver supports the listener protocol when
receving a listener_create request.

It returns an UnsupportedOptionError exception to the user if the
amphora driver doesn't support a protocol that is defined in the API
(ex: SCTP is supported in the API in the Victoria release, but not in
the amphora driver).

Story: 2008545
Task: 41647

Change-Id: I1c5cb987945a7a465bfecfda399dfe93fc1b76bb
2021-01-21 10:00:47 +01:00
Brian Haley
a4aa03d3bc Fix the unit test tree structure
There were a few unit test files that didn't match their
code counterparts, so were a little hard to find. Moved
things around to line-up better, leaving only a handful
of exceptions to ignore. Added a test script to check
things so it won't happen again, copied from Neutron.

No actual code was changed, files were just moved around.

Change-Id: I6d84047b3481a2bf6bf9bd17d482fb504dbc752b
2021-01-14 15:55:35 -05:00
Zuul
b62d9f0214 Merge "Fix operating status for empty UDP pools" 2021-01-11 08:06:52 +00:00
Zuul
4704e458a8 Merge "Fix periodic image builder jobs" 2021-01-04 11:28:30 +00:00
fudunwei
57f5666f71 Correct spell error
Corret spell 'seperated' to 'separated'

Change-Id: I18fb80e803e21c01c51d49df9bcb0aae11b91a92
2020-12-25 14:29:18 +08:00
Lingxian Kong
1a86e454e7 Use 'bash' in the keepalived check script
Use bash instead of sh to avoid the error "shopt: not found"

Change-Id: Ib089affa229531cd72f6853105d74b446687ae86
Story: 2008437
Task: 41399
2020-12-17 12:52:01 +00:00
Gregory Thiemonge
d81a0556f5 Fix periodic image builder jobs
publish-openstack-octavia-amphora-image* jobs started failing because
ubuntu no longer provides yum-utils package.
Now dependencies have been cleaned up for the ubuntu job, and the centos
job uses a centos node. The zuul playbook now works on Ubuntu and
RedHat/Centos nodes.

Change-Id: Ifca01d91d8eb92115d56744f4963e91ac537dd8e
2020-12-17 13:50:40 +01:00
Brian Haley
dc876eed9d Fix gate failure
Bumped a bunch of constraints and requirements to fix
a gate failure with recent pip update.

Change-Id: I7af382a993bd16ce4e32a9052337f006d9aa58aa
2020-12-15 14:33:09 -05:00
Zuul
773e41f2d8 Merge "Remove re-import of octavia-lib constants" 2020-12-03 20:54:31 +00:00
Zuul
9d38db9065 Merge "Add amphora_id in store params for failover_amphora" 2020-12-03 06:45:11 +00:00
Zuul
8258992c01 Merge "Fix nf_conntrack_buckets sysctl in Amphora" 2020-12-02 15:39:31 +00:00
Zuul
e9e8f5229d Merge "Fix missing cronie package in RHEL-based image builds" 2020-11-27 11:25:52 +00:00
Zuul
8ef137ff1b Merge "Map cloud-guest-utils to cloud-utils-growpart for Red Hat distros." 2020-11-27 11:25:27 +00:00
Ann Taraday
1a154839c2 Add amphora_id in store params for failover_amphora
Several tasks require amphora_id parameter to be passed in
get_amphora_for_lb_failover_subflow.
Execution passed results in error:

taskflow.exceptions.NotFound: Mapped argument 'amphora_id' <=
'amphora_id' was not produced by any accessible provider
(1 possible providers were scanned).

Also fix getting ID parameter from amphora dict in
AmphoraIndexListenersReload and add missing retries for create_*
resources in v2 worker.

Change-Id: I5ed6288b2776bd7f1c9b67e9cfd9a8f05b1196be
2020-11-25 19:07:08 +04:00
Gregory Thiemonge
2954370e38 Fix operating status for empty UDP pools
Fix empty UDP pools status: a UDP pool without members went OFFLINE
instead of ONLINE.

This commit changes the keepalived configuration with empty pools:
the configuration now contains a virtual_server and a comment about the
existing pool. This comment is used by the get_udp_listener_pool_status
to detect that the pool exists and is not offline.

Story 2007984
Task 40610

Change-Id: I30e23ca13d033d77c8ebdabbfdc7b54556a9466b
2020-11-20 14:14:56 +01:00
Gregory Thiemonge
9653920a04 Remove useless proto parameter from sample functions
Some functions in unit tests are creating namedtuples that represent
loadbalancers, these sample loadbalancer objects contain a 'protocol'
field that doesn't exist in real objects and isn't used.

Change-Id: I8f191a720a3d38a7f579ed5f587563bfd40cce15
2020-11-20 10:13:11 +01:00
Martin Chlumsky
6aa23358eb Fix missing cronie package in RHEL-based image builds
In RHEL-based distros, cron is provided by the cronie package. This package is
missing from the amphora built images.

This patch maps the cron package to cronie for distros in the Red Hat family.

Change-Id: I6fb7889de90e8e5354c1e6ce2c95ec0199ce90e3
Story: 2008351
Task: 41253
2020-11-19 17:48:50 -05:00
Brian Haley
15a68fd426 Remove re-import of octavia-lib constants
W0404: Reimport 'constants' (imported line 17) (reimported)

constants was already imported, just use the first one.

Change-Id: I5d999d72cfe55600238c0daaa22766b7fe716e41
2020-11-19 16:05:05 -05:00
Martin Chlumsky
6d59fec8a0 Map cloud-guest-utils to cloud-utils-growpart for Red Hat distros.
The package cloud-utils-growpart is missing from Red Hat based image
builds which means the root filesystems are not grown on instance
startup which means not much space for things like logs.

This patch maps the cloud-guest-utils package to cloud-utils-growpart.

Change-Id: I3c830a9f0fd21ca10238946721c0f75d01d3ddff
Story: 2008350
Task: 41252
2020-11-19 11:49:52 -05:00
Zuul
58bf439bda Merge "Fix setting None in tls_versions and tls_ciphers in pools" 2020-11-19 12:20:35 +00:00
Zuul
5160efef2d Merge "Add experimental amphorav2 jobs" 2020-11-19 11:25:03 +00:00
Zuul
30bbcdd3b2 Merge "Fix amphorav2 bytes error" 2020-11-19 11:24:57 +00:00