Bug in devstack plugin caused network option to be corrupted
causing failures during amphora build.
Change-Id: I9585f22e3bb3a53ae70a5ddb8b76a3a930b10b73
Closes-Bug: #1574784
In the current Octavia there is the possibility of an address
space conflict between the Octavia load balancer management
network and a tenant network.
This patch puts the haproxy processes inside the amphora into
a network namespace to provide isolation from the load balancer
management network.
A new file /var/lib/octavia/plugged_interfaces is created and
interfaces are writted to it on every plugVIP or plugNetwork call.
Interfaces in this file are created under the network namespace.
Change-Id: I75472885fe45226a5315867369eaef9b001a112b
Co-Authored-By: Bharath M <bharath.stacker@gmail.com>
Closes-Bug: #1458920
Currently the amp_network is a stringOpt and in code it
translates that to a list for processing. It may
be required to deploy with multiple networks,
a listOpt for amp_network option allows this.
Change-Id: I4364c1d03d4c7b560f0d8030b7d66412583a31ae
During failover process, the new amphorae db info will be populated by
the old one, including 'role' and 'vrrp_priority', which both will be
updated again after plug_network. What's more, 'role' will be an
appropriate flag for failover monitoring tool to decide whether or not
the failover process is almost finished.
Change-Id: I9602b92b36ef265f8ae7c9171170cd86353b2944
Because the intermediate certificates are misplaced(they are not expected
to be at the top of the pem file), there is issue in haproxy config file
generation and hence the listener creation fails. This patch fixes the
ordering issue.
Change-Id: I1e7c3c1579d410ded77962e03b1ac8778b0e5d72
Closes-Bug: 1567031
Replace those unit tests using mock_open with builtins namespace with OpenFixture
Change-Id: Ie635928a6512c2fa647d4ed965fee5976d5e30d2
Closes-Bug: #1522981
Write files using a safer open for writing operations[1].
Modifided the file permission from 666 to 644 in base.j2 to make sure
consistenacy between docs and real file permission.
Edited unit tests based on the new method.
[1] https://security.openstack.org/guidelines/
dg_apply-restrictive-file-permissions.html
Closes-Bug: #1548552
Change-Id: If3f315005fcd22afc2f24da527da08175e230bb1
Remove anchor's default value for username and password
for the sake of a security perspective.
Closes-Bug: #1548555
Change-Id: I14f1b84f5161308fc23ef3776a796636ba61154d
A previous patch [1] mistakenly added a port detach call to the failover
flow. It didn't cause failures due to a type-o in the arguments to the
call, so it would passively fail with a log entry. However, if someone
fixed this it would cause failover to fail due to the port getting
deleted during the detach.
This patch removes that code.
[1] https://review.openstack.org/#/c/295475/
Change-Id: I1eb1ad551636d5cd9253690a59e0e88ca1d238b5
1. Fixes the mismatch between the tls_container_id lengths in neutron.lbaas_sni
and octavia.sni tables.
2. Fixes the syntax error in cert_parser.py field. (tls_container.id => tls_container_id)
3. Removes the certs['sni_certs'] parameter from the rest_api_driver.py as it gets wrongly
assigned to socket_path parameter in the jinja_cfg.py file.
4. Modifies the sample_configs to make the unit tests work with the above changes.
Change-Id: I8fe5854ef2dc508e37a368294c44eef63b5bccba
Closes-Bug: #1520990
The local.conf example includes setting up Horizon. It should include
setting up the lbaas-dashboard as well.
Change-Id: I44073aea3f1769dc1211967baa629bb6d2f1323d
The failover flow was not plugging the ports back into the
amphora if the failover used an amphora from the spares pool.
This patch adds a task to plug the ports back into the amphora
during failover
Change-Id: Id7f0e60650ca2b35afb2695181897674abb9d8cf
Closes-Bug: #1558934
Devstack allows configuration of the OVS bridge which will be used.
Octavia plugin has the default, br-int hardcoded.
Plugin should use OVS_BRIDGE when the value is set, or default to br-int.
Change-Id: I1a92667790c4e58691c3d946d6cecc6527211b9b
Fixing the keystone token issue due to the different
keystone version env variables
Change-Id: I6a60502f7b8369755f69a231a81032d04cf518ab
Closes-Bug: #1559223
This patch moves the Octavia configuration option documentation
into the Octavia repository. The OpenStack docs team deleted
this documentation from the Mitaka release[1]. The Octavia
team finds value in this documentation so we are moving it into
our repository.
[1] https://review.openstack.org/#/c/259889/
Change-Id: I4fcc2a7dc8fa3ef343456d98202ea7d4f9cd1289
The Octavia devstack plugin does not shutdown the dhclient
instance for the o-hm0 interface it creates. This leads to
many dhclients running on the same interface.
This patch removes the cleanup of haproxy services (octavia doesn't
run haproxy on the devstack host) and replaces it with cleanup of
the dhclient processes for the o-hm0 interface.
Change-Id: If8d73e7771177d9a446a85c5db8511c96ae06a1b
Closes-Bug: #1557242
While updating the admin-state-up of LB, Listener, Pool,
or member the update fails due to the wrong order of the
positional parameters.
This leads to SQL syntax error and eventually
Loadbalancer gets stuck in PENDING_UPDATE provisioning
status.
The haproxy jinja was not taking into account if objects
were enabled or not.
This patch fixes the above issue.
This patch also adds the OpenFixture class from neutron
to enable safer mocks of os.open. This was needed for the
test of this code.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Closes-Bug: #1547123
Closes-Bug: #1549036
Closes-Bug: #1549186
Closes-Bug: #1552098
Change-Id: Id5733cc8e26ec7092b821c2c18c41696d6789265
