This change introduces the config file for the oslo-config-generator
command, so that users can easily generate octavia.conf.example without
tox.
Note this change adds parameters of oslo.policy and oslo.middleware
which were missing previously.
Change-Id: I5ea921cf8d63b28c5143f95dbb47802d5018d7a4
The FIPS jobs use centos-8-stream controllers but the image is still
based on ubuntu, this commit updates the amphora images to
centos-8-stream and enable FIPS inside the amphora.
Change-Id: I8916796ed6727a103907a33d3c14e99e1d3734e6
debootstrap doesn't exist on centos-9-stream, disable it for
rhel9-based distribution.
Also remove a previous unsuccessful attempt to remove it.
Change-Id: I8fac328cdda6e1015a145a1f8a497e007ac6ac02
A recent commit [0] sets log_opt_values to INFO in order to display
config options even if DEBUG is not enabled, but it makes our functional
tests 3 times slower because each api test dumps the configuration.
Mock log_opt_values in our API functional tests to speed up the
execution of the tests.
$OS_AUTH_URL was previously used to configure the service_auth.auth_url
setting in octavia.conf but this env var was removed from devstack in
[1]. Switch to $KEYSTONE_SERVICE_URI which was used to set OS_AUTH_URL.
[0] https://review.opendev.org/c/openstack/octavia/+/792697
[1] I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
Change-Id: Ib9123365079502093b355db3430a98928a3a16d1
Spare pool feature was deprecated in Victoria, we decided to remove it
during the Xena release cycle.
Change-Id: I830c6a4c49fa47105f788cf99a0f775e5dbdcaea
When cleaning up a devstack environment with amphorav2 enabled,
./clean.sh might fail because redis has already been stopped and
uninstalled.
This commit move the stop_redis step to the octavia_stop step and
ensures that stopping redis doesn't fail.
Change-Id: I987535e90cbf13917c50c5905c64b614188928ec
The disk image create tool can now build aarch64/arm64 amphora images.
The devstack plugin will facilitate image builds and upload to Glance
for this CPU architecture.
Change-Id: I1cebd8a3da58dc56ebbfac22f7802ab7f52585e1
The grenade job resource.sh script is waiting for the created object
status but not the overall load balancer status to go ACTIVE.
This can lead to the script failing with a 409 error.
This patch adds a check for the load balancer to be unlocked before
advancing to the next create call.
Change-Id: I6505243ddbf1eab7d110e9bfa03bffda840f07ae
{admin,tenant}_log_targets options are configured with
MGMT_PORT_IP in devstack, which contains the IP address
of the local management interface. In multinode setup,
it means that the second node should run a rsyslog
service to receive logs from amphorae that have been
spawned by its worker.
Change-Id: If2841720009c2e402127e2e0080efdd56b68f6c9
The following jobs with default amphorav2 added as experimental:
* octavia-v2-dsvm-noop-api
* octavia-v2-dsvm-tls-barbican
* octavia-v2-dsvm-spare-pool
* octavia-v2-act-stdby-dsvm-scenario
* octavia-grenade
* octavia-v2-dsvm-cinder-amphora
* octavia-v2-dsvm-scenario-two-node
Note: octavia-grenade-amphorav2 will show valid result
with renamed alias amphorav2 -> amphora.
Change-Id: I03385d93575db4e44a72335c0af4fde490a93b0f
Change I612ea1c583090897bd44453b867d75929a01b7fc [1] removed
diskimage-builder from the root requirements.txt file. Devstack
deployments not setting LIBS_FROM_GIT+=diskimage-builder will not
install diskimage-builder. This means our diskimage-create.sh tool will
fail to build amphora images and abort the deployment.
[1] https://review.opendev.org/#/c/741960/
Change-Id: Id535d2d5ea6c23c9646c568a17d7695f82c0c1a9
This patch adds support for nftables (an iptables replacement) to
the devstack plugin and the amphora agent.
Change-Id: I9e2c4d6e68da67d68c6dfeb3b47edd600d1ba397
With this image driver interface, we align our codebase with other
existing driver interfaces like compute, network and volume.
This interface also allows the amphora provider driver to check for
existence of tagged images at API level (e.g. amphora image tag
capability in Octavia flavors).
Change-Id: Id808c082808fafe1a1e004957ff47eca57f97ee8
As Octavia allows to use RedisTaskFlowDriver or
ZookeeperTaskFlowDriver we should install python clients that
allows to work with redis and zookeeper backends.
Story: 2007892
Change-Id: I7312c8c1057618e909339aa7a4dfeb836f4b8f33
This new diskimage-builder element installs octavia-lib from Git for
source install type image builds rather than from released versions.
To mention some advantages:
1. allow custom octavia-lib versions (useful for development)
2. test unreleased octavia-lib changes in CI
3. install latest changes from master and stable branches
(aligns with approach taken with amphora-agent)
Branch checkout to stable/* from master for octavia-lib DIB element will
be automated on branch create. See https://review.opendev.org/#/c/745877
Change-Id: I6d87b6bd25c536b2bed1994427cd933bdcc091d6
Recent changes to the Octavia tempest tests has caused our test
runs to exceed the default neutron security group rule quota.
This patch increases that quota for the Octavia project in devstack.
Change-Id: I49e92f81b23e0b306c62c406a45029b96dce20df
Currently some phases of the devstack plugin do not have xtrace
enabled, which can make it hard to debug issues in the devstack
plugin.
This patch makes sure that xtrace is enabled while the Octavia
devstack plugin is running so that we can see the commands being
executed. It will restore the previous setting after our plugin
is done running.
Change-Id: Id6828b86779f1daca6a00a03f43c78fe26828f4f
This patch adds a new configuration setting to enable/disable jobboard
functionality in the amphorav2 provider. When disabled, the amphorav2
provider behaves similarly to the amphora v1 provider.
The default setting is jobboard disabled while jobboard remains an
experimental feature.
Change-Id: I063d832f5a049d7ae38378766200c7f82a35996d
There is no reason to create internal and admin endpoints in DevStack,
most other services have stopped doing so a long time ago.
Also use the global SERVICE_PROTOCOL variable as default for
OCTAVIA_PROTOCOL instead of "http", this will make us automatically
use the secure API access when the tls-proxy service is enabled.
Fix the instructions for using the devstack plugin, too.
Change-Id: I0154b83cb64952844a28895721694d3e2ff82be2
Neutron now needs to have a router attached to the subnet to provide
the router advertisement messages needed for slaac address
configuration.
This patch adds this router to the lb-mgmt-network, allowing
the amphora instances to configure an IPv6 address.
Change-Id: I638c5c8baf1d76365fff2c99ded9c6b310348710
In-line with devstack patch [1], switch invocations to find uwsgi in the
path.
[1] https://review.opendev.org/#/c/577779/
Change-Id: I5e6aee49f434820881051874c9ad2628b4fcada7
Change I7ebf4137feb04827490dffc0dac3d6e4c8888075 added 'set -e' in
devstack/plugin.sh, but on devstack cleanup, some commands may fail
because of non-working services (i.e after a reboot).
This commit allows 'openstack keypair delete' to fail on clean up.
Change-Id: Ic782faba3eb907d29b6735ac0a6d6a8a2e104e00
Oslo.policy is moving away from using json format policy files[1].
This patch updates the Octavia documentation, policy configuration file, and
legacy admin-or-owner policy file to be in yaml format.
Octavia will continue to honor and support the json format file as long
as oslo.policy does, but this patch will encourage new deployments
to use the yaml format.
[1] https://docs.openstack.org/oslo.policy/latest/admin/policy-json-file.html
Change-Id: I925cc05981e677c0552b18f845fdbc512d2af22c
There are cases where DIB can fail to create an image but devstack
does not abort. This leads the gate job to run all the way down to
starting the tempest test before the job will fail out.
This adds a simple check for the image file and will abort early
if the image is not present.
Change-Id: I7ebf4137feb04827490dffc0dac3d6e4c8888075
Run taskflow jobboard conductor only if amphorav2 provider is
enabled.
Fixes devstack plugin.sh conditions for amphorav2 provider.
Change-Id: I49b587cf748996658859667485400307205d209b
Introduce TaskFlowServiceController which uses taskflow
jobboard feature and saves jobs info into persistence backend.
Jobboard could be operated via RedisTaskFlowDriver or
ZookeeperTaskFlowDriver, that could be set via the config.
RedisTaskFlowDriver is intoduced as default backend for jobboard.
Usage of jobboard allows to resume jobs in case of restart/stop
of Octavia controller services.
Persistence backend saves state of flow tasks that required in
case of resuming job. SQLAlchemy backend is used here.
Bump taskflow version to 3.7.1 and add dependency to
SQLAlchemy-Utils (required for taskflow sqlalchemy
backend support).
Story: 2005072
Task: 30806
Task: 30816
Task: 30817
Change-Id: I92ee4e879e98e4718d2e9aba56486341223a9157
Change example string and depend on devstack change to
make sure we won't break.
Depends-on: https://review.opendev.org/#/c/711492
Change-Id: I5ca700b27c3c5be26dc5132fafd9b6cffade2b6b
The diskimage-create.sh tool will now default to CentOS 8 when building
CentOS-based amphora images.
This patch also removes leftover references to support for Ubuntu Trusty
and Xenial.
Change-Id: I3aba59c8dd86aeeee28cc6a67af93697912fb55b
Fix an issue that prevents graceful shutdown of controller workers.
cotyledon.Service.terminate function is by definition the graceful
termination function and doesn't have any 'graceful' optional boolean
argument (https://cotyledon.readthedocs.io/en/latest/api.html).
Because of this error, message_listener.wait() was never called in the
consumers' termination functions, so flows could be interrupted before
completion and could leave resources such as load balancer in a
PENDING_* provisioning state.
By default cotyledon.Service terminates the server after a timeout if
the worker could not shutdown itself gracefully. The default value
for the timeout is 300 seconds (set in devstack plugin) and can be
overriden using the graceful_shutdown_timeout setting in octavia.conf
The default value will be updated to a lower value when work on
persistant taskflow will be merged.
Story: 2006603
Task: 36770
Change-Id: I3f776bd018246897c9a889699a2d0ecbbfbb7098
This allows the Octavia devstack plugin to use IPv6 for the service
endpoint as well as for the lb-mgmt-net.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I87917440565ea953ec0d762a7e219d912c56c418
