Currently the title for the octavia docs page is "Main".
This updates the title to be more descriptive.
This patch also updates the index for Anchor documentation and
our version 1.0 specs.
Change-Id: I1258503b7a778789b77c7ec6c4db1fbd310b6133
Octavia has no quota definitions, but needs them for parity with Neutron LBaaS.
This will provide an endpoint and support for retrieving, updating, and deleting
quotas for projects, as well as adding enforcement of those those quotas.
Adds scenario test that simply validates quotas in a lb graph.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Co-Authored-By: Phillip Toohill <phillip.toohill@rackspace.com>
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Change-Id: Ia1d85dcd931a57a2fa3f6276d3fe6dabfeadd15e
Closes-Bug: #1596652
1. Add request error count
2. Add root element 'listener' in the API response body
Change-Id: I8beb918c176ed848affa264cb036763240d07dcd
Implements: blueprint stats-support
This commit adds the ability for Octavia to make use of PKCS7
intermediate certificate bundles. These PKCS7 bundles may be in PEM or
DER format. This feature is being added since barbican specifies that
this is the preferred format for intermediate bundles in secret
containers.
This commit also re-arranges and/or strengthens several of our existing
tests of TLS / SNI functionality and in the process also fixes a bug
where encrypted private keys were not uploaded to amphorae in a format
that haproxy can readily parse. I have also added several sample or
dummy certificates which can be used for an up-coming scenario test
which exercises TLS-termination capabilities of Octavia.
Change-Id: I14e394bbf48456d2e2a7bbefcc777a1b6f4b83e4
Closes-Bug: #1627356
Closes-Bug: #1627367
While Octavia is capable of doing many things, we presently lack a
simple, straight-forward guide for doing some of the simpler end-user
tasks with load balancing. This commit adds just such a guide.
Change-Id: I30628484893ae9c043e5833f480b99d185e4d362
Closes-Bug: #1558372
Octavia is currently missing any documentation designed to help
new developers and operators understand what we're doing with the project
or how to get started using and contributing to it. This patch set aims
to correct this problem.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Co-Authored-By: Leslie Lundquist <llundquist@us.ibm.com>
Closes-Bug: #1558368
Change-Id: Idaa37277bd342b644a463d4a0884ea40c2e8d4f5
This includes both an overall description of L7 load balancing as
implemented in Octavia, as well as a cookbook for common L7 usage.
Both of these documents are aimed at end-users.
Change-Id: I01c4484e2276257c97cfb6ba02d6224a25cdbc80
Closes-Bug: 1558377
This patch updates Octavia docs to use the oslo_config.sphinxext
integration to generate the configuration reference.
This patch also links in the "guru meditation report" document.
This document has been present, but was not linked.
I also reorganized the specs to reflect the correct release versions.
Change-Id: Icaf710c1c61277f3ca51efac45a3a80a0d3cce8f
This patch updates the haproxy service scripts to handle the case
where the network interfaces have not yet been plugged. This can
occur in a failover situation.
This patch also makes sure we don't move the management lan interface
into the network namespace.
Closes-Bug: #1509706
Closes-Bug: #1577963
Change-Id: I04d267bd3cdedca11f0350c5255086233cba14ec
Octavia extensively uses TaskFlow flows for orchestration.
To make it easier for developers to understand these flows,
this patch adds a mechanism for generating graphviz representations
of the key Octavia TaskFlow flows.
It also updates our tox docs task to generate this documentation.
This patch depends on a fix to the TaskFlow export_to_dot method.
Added into conf.py as first step of configuration
Closes-Bug: #1561063
Change-Id: I914e1c062b400148565def37ccf618b3d2ea2573
Depends-On: I99f87af0b2bed959fcb43ef611b3186e23bd9549
When load balancer is deleted the corresponding DB entry is marked
as DELETED and is never actually removed along with a VIP
associated whit this load balancer.
This adds a new method to db_cleanup routine that scans the DB for
load balancers with DELETED provisioning_status and deletes them
from db if they are older than load_balancer_expiry_age. Corresponding
VIP entries are deleted in cascade.
Added new config option `load_balancer_expiry_age` to the `house_keeping`
config section.
Also changed the default value of exp_age argument to
CONF.house_keeping.amphora_expiry_age in check_amphora_expiry_age
method.
DocImpact
Closes-Bug #1573725
Change-Id: I4f99d38f44f218ac55a76ef062ed9ea401c0a02d
Implements support for custom header insertion in Octavia.
A listener may be configured to insert custom headers which are
supported by Octavia. Currently implemented support for
X-Forwarded-For header, and X-Forwarded-Port
Change-Id: I784f4939225c3acef362fcb5df57e77dbfb0f774
This patch moves the Octavia configuration option documentation
into the Octavia repository. The OpenStack docs team deleted
this documentation from the Mitaka release[1]. The Octavia
team finds value in this documentation so we are moving it into
our repository.
[1] https://review.openstack.org/#/c/259889/
Change-Id: I4fcc2a7dc8fa3ef343456d98202ea7d4f9cd1289
Since single-create utilizes the existing objects already documented, I added an
example for the request and response, and indicated to look for more details
in the appropriate object's section.
Change-Id: Icdf7f21867457e22086f9c44ab657f95617bee1a
Closes-Bug: #1551428
After looking into bug reports of health monitor URLs not
working after the shared pools patch, I was able to verify that
they do in fact work, but that the legacy documentation was wrong.
(This is after checking both the state of Octavia's documentation
and API code prior to the shared pools patch, and checking the
neutron-lbaas octavia driver in master right now.)
This patch updates the octavia API documentation to list the
correct new and legacy URLs for doing health monitor CRUD operations.
Change-Id: I632a0a50de0320ed316ef0bf180b8d7e788f746a
Closes-Bug: 1543364
Closes-Bug: 1543366
This commit adds documentation for the API changes involved in
adding L7 polcy and rule functionality to Octavia. It is the last in
a chain of commits designed to keep the size of each individual commit
manageable / reviewable.
Change-Id: I1f01a2b546dabc8dc8ad3cf512f7be9276243e74
Partially-Implements: blueprint lbaas-l7-rules
Partially-Implements: blueprint layer-7-switching
This patch introduces shared pools functionality to
Octavia. This means that with this patch, listeners and
pools will have the ability to have a N:M relationship
instead of a simple 1:1 relationship, although they must
still be associated with the same loadbalancer object.
This patch includes a schema change to the database: pools
are now associated directly to loadbalancers instead of
listeners. The migration in this patch includes ETL which
should populate this new field in the pool table correctly.
Extensive API changes were necessary to facilitate this
change. However, all the changes to the API should be
backward compatible.
This patch is a necessary precursor to adding L7 switching
functionality to Octavia.
Partially-Implements: blueprint lbaas-l7-rules
Partially-Implements: blueprint layer-7-switching
Change-Id: I797c718412e756be067dd4c304c989a4d43bb8ef
os.popen() is deprecated since version 2.6. Resolved with use of
subprocess module.
Closes-bug: #1529836
Change-Id: Ibdb8f13462e8416097006e19eb2214425364910e
Since openstack is going through renaming tenants to projects
it is best that we do this now while its easier before it becomes
bigger and harder to do.
This also adds project_id to the health_monitor table and models
since this seemed like an oversight.
Change-Id: Icc8034dcb517a3f8d218d83c94e4a2dcc977cc29
This patch implements the Active/Standby blueprint in
https://blueprints.launchpad.net/octavia/+spec/activepassiveamphora
The following points describe the main changes:
1. The patch introduces new flows and subflows to create M amphorae. The
controller worker parses the loadbalancer_topology configuration. If the
loadbalancer_topology value is ACTIVE_STANDBY, the controller invokes a new flow
independent from the SINGLE topology case, which is left untouched. The new
flow uses conditional taskflows to check for spare amphorae at runtime. This
removes the need for the exception workaround we earlier had. The controller
creates the amphorae in parallel using an unordered flow. A new database task
alter an amphora role as either MASTER or BACKUP and assigns a VRRP priority to
each amphora. After the amphorae are created, the controller invokes a separate
flow for post amphora configuration including plug_vip methods, vrrp
configuration upload, and keepalived service start.
2. The patch introduces new data models that include a new table for VRRP group
configuration per loadbalancer, and update the amphora, loadbalancer, and
listener tables to support the new active/standby capability. The VRRPGroup
table hides authentication data, and makes future extensions of VRRP
capabilities easy.
3. This patch updates the existing Haproxy configuration templates to include
peer synchronization. In case of ACTIVE_STANDBY configuration, the jinja
configuration renders the peer section in the Haproxy configuration and assigns
short names to the amphorae as listener peers. As listeners implies different
Haproxy process, each listener synchronizes on a different port evaluated as
BASE_PORT (1024) + NUMBER_OF_LISTENERS accounting for ports in use.
4. This patch introduces a new Jinja configuration templater and a REST driver
for Keepalived (developed as a Mixin). By default, Keepalived runs "all" check
scripts found in a predefined directory. The keepalived driver is a Mixin that
can be plugged in other services' drivers. It is the responsibility of these
services drivers to introduce their own check scripts. In this patch a
lightweight check script for Haproxy was introduced along with changes in the
amphora agent installation script.
5. The VRRP requires enabling protocol 112 for Master/Backup advertisements,
and enabling protocol 51 for authentication header. This patch enables these
protocols as needed in the loadbalancer security group.
Note: Updates to the failover flow to support active/standby will come in
a dependent patch.
Note: The amphora-agent is pinned to this patch in this patch set. This
is required so the scenario tests will pass. It will be removed in a
follow up patch.
Co-Authored-By: Sherif Abdelwahab <sherif.abdelwahab@hp.com>
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Implements: blueprint activepassiveamphora
Depends-On: Ifdf20378b26cdd13e0a3ff87cec8990fe89c0661
Change-Id: Ic4e04594e114ba682088d68d5f1af3f8f376db83
Use Anchor for certificate signing to make the octavia communication
more secure. Anchor Ref url: https://github.com/openstack/anchor
Co-Authored-By: bharath <bharath.stacker@gmail.com>
Co-Authored-By: German Eichberger <german.eichberger@hp.com>
Change-Id: Id77b2b1540377db661f15d4eeafc4922f446d987
Oslo_reports enables OpenStack projects to dump Guru Meditation
Reports with useful debugging information to files or stderr.
Closes-Bug: #1514504
Change-Id: Id35fb7dc8c31f304cbf1d9cca0d21b9d5e97865a
This patch is to update the octavia operator api doc
(http://docs.openstack.org/developer/octavia/main/octaviaapi.html),
in this patch we updated the requests and responses content
for each section, such as lb, listener and etc.
Change-Id: Id0f734cb900b3f5e812849ff73e6ca97a8add8eb
This restructuring should hopefully make better sense of the
documentation currently available. This is in preparation for
bringing the version 0.5 component documentation up to date and
adding a getting started and installation guide.
Change-Id: Ie1e27bab4d2b8d7d033f75750fda842dd9dd3de7
Adds the functionality to reload the REST agent when
the certificat to communicate with the controller
changes.
Change-Id: Ifda7ddce5979237b8c00a22a24f73d3c6f993f07
1. Creates a new element for pyroute2
2. Adds this element to the amphora image
3. Updates the amphora REST interface to pass additional network information
4. Creates the policy based routes and rules on the amp during plug vip
5. Updates the REST API spec
Change-Id: Ibd622ec302cf78c12ae2bd5d76d012ab619939a6
In case the certificate for communicating between controller
and amphora expires we need to fail over to a new amphora
right now. This will add a way to change it in place.
Change-Id: I411eafa462976fb4878797fb4812351229feb81e
* Fixes inconsistent 404 error messages
* Made status more precise
* Added 404 to upload cert
* Changed start/stop/reload to 202
Change-Id: Ic6c56deea8dcb599e4768aecb5ad8a04e0e69022
Contains the specification of the initial version of
the haproxy amphora RESTful API. Note that this is likely
to be expanded upon later as amphora lifecycle concerns and
network integration strategy become more concrete.
Implements: bp/appliance-api
Change-Id: Iecc2149c5c89fbdc98a3657f32940b30c8169fdb
Definition of network driver interface. Also removed
the floating_ip attributes of VIP because they are not
needed at this point. Also renamed net_port_id to just
port_id and subnet_id to network_id just to be a little
bit more generically clear.
Change-Id: Ic82cb2ab25fbba7dc8caa875552f4caeafb0e4af
Implements: bp/network-driver-interface