The secure RBAC work requires the of oslo.policy's scope_types argument,
which was made available in 1.32.0. This commit updates to version 2.1.0
so that we're using something more relevant.
Required oslo.context bump.
Change-Id: I48e8882f629886d1b8abadff6e60aad91d1169c7
This allows us to use the Wallaby release marker in versionutils for
deprecations.
Required some other bumps to satisfy lower-constraints.
Change-Id: I3c2be8a5189dcda24c42ed7ab4d8fa33a03c5d3e
ALPN is a TLS extension for application-layer protocol negotiation
within the TLS handshake [1].
This patch extends the Pool API to include a new 'alpn_protocols'
parameter. With this parameter, users can set an ALPN preference list
(descending order of preference) to be advertised by load balancer to
members.
This patch also adds HTTP/2 over TLS support to TLS-enabled pools to the
Amphora provider driver, although default the pool ALPN protocol list
configuration setting has HTTP/2 disabled similarly to the default
listener ALPN protocol list value added in Victoria release.
[1] https://tools.ietf.org/html/rfc7301
Change-Id: I91924486bab22601c15c538c8a5282ad8bc54700
There are a couple of extra requirements no longer used and one
that was missing. This patch corrects that.
Change-Id: I5f45e6f0f15bca201c3ef63f2e42a183510f5977
diskimage-builder is already listed in diskimage-create/requirements.txt,
and it isn't really a run-time dependency for octavia so it tends to be
confusing downstream as we generally add run-time dependencies based on
the root requirements.txt.
Change-Id: I612ea1c583090897bd44453b867d75929a01b7fc
Story: 2007934
Task: 40389
The pyroute2 module had a regression in 0.5.13, but neutron needed a fix
that was included in 0.5.13. It was easier for us to work around it than
for neutron to revert the update to 0.5.13, so we hacked a workaround[1].
A new pyroute2 release, 0.5.14, has been published, so this patch reverts
the hack and bumps our minimum version of pyroute2 to 0.5.14.
[1] https://review.opendev.org/#/c/744045
Change-Id: Ia4357a4f5db07e1a6b0beb11b58ce125215eeef1
Taskflow 4.4.0 contains essential fix for jobboard behaviour on
Storage failure [1].
Also add jobboard_redis_sentinel parameter to allow usage sentinel
for Redis jobboard. Support of this also appear in 4.4.0 version.
[1] - https://docs.openstack.org/releasenotes/taskflow/unreleased.html#bug-fixes
Change-Id: I48245b3322b0f2e5f2c11594a15632501a7e4086
The move to focal for the tox jobs has raised issues with package
versions supporting python 3.8.
This patch bumps the version for the following packages:
PyMySQL==0.8.0
pyroute2==0.5.13
SQLAlchemy==1.2.19
cffi==1.14.0
cryptography==3.0
pyOpenSSL==19.1.0
oslo.db==8.30
oslo.messaging==12.4.0
This patch makes the grenade job non-voting as there is a chain
of gate fix patches required to fully fix all of the issues.
Change-Id: I95cc182a2dbcb2ea872e822ce9372bf5d7df63bd
ALPN is a TLS extension for application-layer protocol negotiation
within the TLS handshake [1].
This patch extends the Listener API to include a new 'alpn_protocols'
parameter. With this parameter, users can set an ALPN preference list
(descending order of preference).
Presently, the amphora provider driver is limited to http/1.0 and
http/1.1 ALPN protocol IDs. Support for "h2" (HTTP/2 over TLS) depends
on HAProxy 2.0 or newer.
[1] https://tools.ietf.org/html/rfc7301
Change-Id: If08a8169498cdfaa75440e8971ba0caff45ac4c4
In https://review.opendev.org/#/c/613709/ octavia was
changed to use octavia-lib for a lot of API driver-related
code and deprecation warnings put in place. Now that
we're in Victoria remove all the deprecation shims and
use octavia-lib exclusively.
Change-Id: If92988150479a7daf465af5f8df22818664a0fce
Introduce TaskFlowServiceController which uses taskflow
jobboard feature and saves jobs info into persistence backend.
Jobboard could be operated via RedisTaskFlowDriver or
ZookeeperTaskFlowDriver, that could be set via the config.
RedisTaskFlowDriver is intoduced as default backend for jobboard.
Usage of jobboard allows to resume jobs in case of restart/stop
of Octavia controller services.
Persistence backend saves state of flow tasks that required in
case of resuming job. SQLAlchemy backend is used here.
Bump taskflow version to 3.7.1 and add dependency to
SQLAlchemy-Utils (required for taskflow sqlalchemy
backend support).
Story: 2005072
Task: 30806
Task: 30816
Task: 30817
Change-Id: I92ee4e879e98e4718d2e9aba56486341223a9157
Listeners will now be able to each be assigned their own OpenSSL
cipher string with a new field: tls_ciphers. There is also a new
configuration option, default_listener_ciphers, which specifies the
cipher string to assign to new listeners when one is not explicitly
specified.
Change-Id: I77da6f14063877af0077f2c12df1aab5d5ead187
Depends-On: Id5f4c20abd40dd092558a711987953012d4ae67f
Story: 2006627
Task: 36839
healthcheck middleware adds a /healthcheck url that allows
unauthenticated access to provide a simple check when running
octavia-api behind a load balancer
https://docs.openstack.org/oslo.middleware/latest/reference/healthcheck_plugins.html
Co-authored-by: Michael Johnson <johnsomor@gmail.com>
Change-Id: I10db6226750f7b7c703067d2ab82eea3a9875112
Convert all code to not require six library and instead
use python 3.x logic.
Created one helper method in common.utils for binary
representation to limit code changes.
Change-Id: I2716ce93691d11100ee951a3a3f491329a4073f0
This takes care of the last details for dropping py27
support by adding a proper min version of python in setup.cfg.
Change-Id: I693db277d802b2a54084cc1be11d8ce04ad9be2e
This patch adds support for long-running provider driver agents to
the Octavia driver-agent.
It will fork a process for all of the enabled provider driver
agents at startup.
Change-Id: Ib7042bcc48b1dd5b37b671dd5e64728b71ab9542
Story: 2006250
Task: 35863
In some deploy production, using volume based instead of localdisk
to protect data and live migrate can perform.
This patch adds:
- creation a cinder volume for amphora
- boot amphora with cinder volume
- config options for cinder client
- unit tests for cinder functionality
Story: 2001594
Co-authored-by: Vadim Ponomarev <velizarx@gmail.com>
Co-authored-by: Margarita Shakhova <shakhova.margarita@gmail.com>
Change-Id: I8181ed696b9ab556e7741c08839d79167aff8350
There was a bug[1] in diskimage-builder when using pypi mirrors
if the host doesn't have "python" available DIB will fail.
So, I am going to bump the requirements minimum in Octavia for
diskimage-builder to be the minimum version with this fix.
[1] https://bugs.launchpad.net/diskimage-builder/+bug/1577105
Change-Id: If0ff2a855ad5b9d9ef3742ad0596c97a6dbf81ed
In some environments running older versions of gunicorn in the
amphora image, gunicorn can fail to start do to /dev/log socket
issues (timing, configuration, etc.).
This patch sets up a dedicated rsyslog socket /run/rsyslog/octavia/log
for gunicorn and haproxy to use. This should resolve any issues with
systemd overriding the /dev/log socket.
This also bumps the gunicorn minimum verison to 19.9.0.
Change-Id: I1e1ad8fde2ad8c1ffba95b1867afb130503b0a5b
Some Python libraries were missing in requirements.txt. This patch adds
them to the list of dependencies.
Change-Id: I6dc4a7626cd5244b445893b96a7d7351ca528dc1
A patch[1] introduced a startup check for the socket paths that
impacted a unit test checking debtcollector is finding the new
octavia-lib location of the DriverLibrary.
This patch correctly mocks out this check for this unit test.
[1] https://review.opendev.org/#/c/665027/
Change-Id: Ife93834654385430d6a333d3d6ee67b719b6c37e
This patch adds a project_id field to all of the provider driver data
model objects.
This is useful for drivers to track/associate objects on the backend.
Change-Id: I8f509677da463bc5d0a7649f2f609045cf9b2dd7
The requirements team has defined a new strategy for handling
upper constraints[1]. This patch applies those strategies to
Octavia.
This also corrects a lower constraint for oslo.messaging.
[1] http://lists.openstack.org/pipermail/openstack-discuss/ \
2019-May/006478.html
Change-Id: I4cf0ad5d14c4378e33423a4d639ec4d0fcc2a614
This is the base patch that updates octavia to use the new octavia-lib.
It is backwards compatible by using debtcollector moves.
It adds a new controller process called the "driver-agent".
This patch also adds unit test coverage for a few additional modules.
Depends-On: https://review.openstack.org/#/c/641180/
Change-Id: I438e1548ec0fb6111d1ab85b05015007d9d0a006
This patch adds support for flavor metadata validation by the amphora driver
and support for setting the load balancer topology via a flavor.
It also adds "flavor_id" to the load balancer table in the database.
Change-Id: I8eae870abdb20dc32917957e32606deef387ec88
This commit adds the functionality of octavia-status CLI for performing
upgrade checks as part of the Stein cycle upgrade-checkers goal.
It only includes a sample check which must be replaced by real checks in
future.
Change-Id: I8b6d134b0bf5b5c82a19177fed6145ef8aaf7507
Story: 2003657
Task: 26146
The builtin platform.linux_distribution[1] is deprecated and will be
removed in 3.8 and the recommended replacement is distro.
This also raises a "deprecated method" error in pylint.
This patch moves us over to the future by following the recommendation
in the python docs and switching to use the "distro" module.
[1] https://docs.python.org/2/library/platform.html \
#platform.linux_distribution
Depends-On: https://review.openstack.org/578983
Change-Id: I29e2673572eab75b553da6b01143b007701808fd
We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
This patch also updates pylint to 1.5.6 which is compatible with
python3.
In updating pylint we have some issues to correct, this patch addresses
those issues so the Octavia code passes pylint 1.5.6.
Change-Id: Iec21f4c803a427059d595612336d67a35ebf9585
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
Temporary workaround for commit ordering issues with the amphora driver,
until the driver can be rewritten against the real driver interface.
Story: 2002127
Task: 19809
Change-Id: Idfaca392b278a6efad36e51adaedc6c80372a006
*NOT* deprecating the old way of storing these, as I believe that would
create a huge mess for anyone already using it.
Change-Id: I1fee174d8b8956f3d2053781a7f18c2940b21765