27 Commits

Author SHA1 Message Date
Michael Johnson
ee09fd19a7 Fix a typo in the release notes
Change-Id: Idd94e6f76d91618dd7a3202381edbdfe958270e2
2017-01-31 16:12:06 -08:00
He Qing
7468a2a6a4 Remove dumplicated config option 'cert_generator'
There are two 'cert_generator' options in config file. Remove one
of them.

Change-Id: I2daec1baf7832b14e6fe38ee73588bd86d55e060
Closes-Bug: #1629162
2017-01-18 19:21:35 +00:00
Jenkins
ae3204986e Merge "Add quota support to Octavia" 2017-01-13 18:11:08 +00:00
Trevor Vardeman
7d933da31e Add quota support to Octavia
Octavia has no quota definitions, but needs them for parity with Neutron LBaaS.
This will provide an endpoint and support for retrieving, updating, and deleting
quotas for projects, as well as adding enforcement of those those quotas.

Adds scenario test that simply validates quotas in a lb graph.

Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Co-Authored-By: Phillip Toohill <phillip.toohill@rackspace.com>
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>

Change-Id: Ia1d85dcd931a57a2fa3f6276d3fe6dabfeadd15e
Closes-Bug: #1596652
2017-01-13 02:45:14 +00:00
Lubosz "diltram" Kosnik
c7cebf77ae Add support for policy.json
Support for base policy.json with in code standard values with possibility to
override them using policy.json file.

Change-Id: I0bd6e9c56d9fa439bd0e5400b2a28e30115a03f0
Closes-Bug: #1616580
2017-01-06 23:37:20 +00:00
Brandon Logan
1ace351fd8 Add keystone authentication of token
Closes-Bug: #1532075
Change-Id: Id45a0babc8e128d02bf648fedb7b66099bc3c7ae
Co-Authored-By: Lubosz "diltram" Kosnik <lubosz.kosnik@intel.com>
Depends-On: Id0deee2714040d271f43a537c27f410e2f4e3ef2
2016-11-22 12:57:07 -06:00
Jenkins
7f13dbc917 Merge "Backend Keystone authentication" 2016-11-18 13:57:44 +00:00
Lubosz "diltram" Kosnik
076e016bb2 Backend Keystone authentication
Change methods used in backend to authenticate with keystone.
Use autodetection mechanizm for API version and refactor config
options specified in Octavia.

Change-Id: Id0deee2714040d271f43a537c27f410e2f4e3ef2
Closes-Bug: #1620668
Closes-Bug: #1618691
2016-11-17 11:03:40 -06:00
Michael Johnson
c4408c4c78 Adds support for systemd amphora images
This patch enables auto-detection of the init system used in the
amphora image and adds support for systemd amphora.
This patch allows Ubuntu xenial amphora images to work.
It also merges two functional test files into one file to reduce
code duplication.

This is a scenario gate fix.

Change-Id: I5fec1680bd47719ae9f2fcb6abaaba8a78e2ae8b
Closes-Bug: #1640866
2016-11-16 00:42:37 +00:00
Jenkins
d8617ba76c Merge "Enable release notes translation" 2016-10-11 19:24:27 +00:00
Andreas Jaeger
e5aae53a6f Enable release notes translation
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in conf.py to generate translated version of the
release notes.

Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.

Change-Id: Idce1386c53d287f33a1050d2f2e175ca1a7c40df
2016-10-06 20:33:52 +02:00
Stephen Balukoff
a27b5c418a Add support for PKCS7 bundles and encrypted keys
This commit adds the ability for Octavia to make use of PKCS7
intermediate certificate bundles. These PKCS7 bundles may be in PEM or
DER format. This feature is being added since barbican specifies that
this is the preferred format for intermediate bundles in secret
containers.

This commit also re-arranges and/or strengthens several of our existing
tests of TLS / SNI functionality and in the process also fixes a bug
where encrypted private keys were not uploaded to amphorae in a format
that haproxy can readily parse. I have also added several sample or
dummy certificates which can be used for an up-coming scenario test
which exercises TLS-termination capabilities of Octavia.

Change-Id: I14e394bbf48456d2e2a7bbefcc777a1b6f4b83e4
Closes-Bug: #1627356
Closes-Bug: #1627367
2016-10-05 19:51:51 -07:00
Doug Hellmann
95ae6d667c Update reno for stable/newton
Change-Id: Ieaa3198ff6dd78583d9356b677f9aa0f5457147c
2016-09-27 20:29:49 +00:00
Michael Johnson
f85e617a84 Terminated HTTPS certs and keys in encrypted ramfs
This patch adds an element that causes the terminated HTTPS
certificates and keys to be stored in an encrypted ramfs path
so they are encrypted at rest.

Change-Id: Id0f80f311d37d5691087e855fb1291011451c851
Closes-Bug: #1627370
2016-09-25 01:42:49 +00:00
Michael Johnson
d7d062a47a Option to restrict amp glance image owner
This patch adds an optional configuration setting that allows an
operator to restrict the amphora glance image selection to a specific
owner id.  This is a recommended security setting for clouds that
allow user uploadable images.

Change-Id: I73347b5b3e868d13974cd6ca6bada9cdf75773fe
Closes-Bug: #1620629
2016-09-15 19:46:46 +00:00
Michael Johnson
83731fd9a4 Fix admin_state_up for loadbalancer and listener
The admin-state-up=False action for loadbalancer and listener
failed to affect the appropriate change.  This patch corrects that
as well as removes an un-necessary call to the amphora-agent.

Change-Id: I698f964f584d150f162f6c8cb41c65f5c5556b52
Closes-Bug: #1619449
2016-09-12 23:59:40 +00:00
Adam Harwell
8c50a35850 Allow IPv6 VIPs
Removes hardcoded IPv4 logic from the controller and agent.
Updates the VIP address field size in the DB.

Closes-Bug: #1585803
Closes-Bug: #1585804

Change-Id: Ib5aeef4563e20cc8ffdc607139f28aad9787aaeb
2016-08-11 22:30:00 +00:00
Michael Johnson
53ac6823fa Fixes Octavia handling of subnets without DHCP
Currently Octavia assumes that DHCP service is available on
the VIP and member subnets.  This is not the case at all operators.
This patch makes Octavia use the IP information provided when
the ports are created, if available.  If the IP information is
not available on the ports it will fall back to relying on DHCP.

Change-Id: I08a93d4318bbce48128019376320782d1a334369
Closes-Bug: #1607900
2016-08-01 15:13:48 +00:00
Elena Ezhova
9de6d8d925 Fix Octavia release notes header
Change-Id: I228ba7d06a13116422ddec0a3b97259ecdbd1b4a
2016-07-08 16:18:35 +03:00
Elena Ezhova
d73df70d85 Cleanup deleted load balancers in housekeeper's db_cleanup
When load balancer is deleted the corresponding DB entry is marked
as DELETED and is never actually removed along with a VIP
associated whit this load balancer.

This adds a new method to db_cleanup routine that scans the DB for
load balancers with DELETED provisioning_status and deletes them
from db if they are older than load_balancer_expiry_age. Corresponding
VIP entries are deleted in cascade.

Added new config option `load_balancer_expiry_age` to the `house_keeping`
config section.

Also changed the default value of exp_age argument to
CONF.house_keeping.amphora_expiry_age in check_amphora_expiry_age
method.

DocImpact
Closes-Bug #1573725

Change-Id: I4f99d38f44f218ac55a76ef062ed9ea401c0a02d
2016-07-07 03:03:03 +00:00
Michael Johnson
e40b69168a Update release notes for Mitaka release
Updating the release notes for the Mitaka release.

Change-Id: I878ef9a2cb197d6eff3e189e43fd78f7982e5f5b
2016-03-15 20:09:20 +00:00
Jenkins
6a97904590 Merge "Adds release notes for Active/Standby" 2016-03-09 21:19:12 +00:00
Michael Johnson
c3bd87a8ee Adds release notes for Active/Standby
This patch adds release notes for a feature added early in Mitaka.

Change-Id: If85d90ff30175011365da77776276a837a9fb252
Implements: blueprint activepassiveamphora
2016-03-07 02:31:18 +00:00
Jenkins
5430c46c4c Merge "Add release notes for L7 and shared pools" 2016-03-05 19:39:39 +00:00
Ihar Hrachyshka
fb53fe2340 glance: support relying on tags to extract image id
Deprecated amp_image_id option with the new amp_image_tag option.

Also switched devstack plugin to rely on the tag to update the image
used for new load balancers.

Implements: blueprint use-glance-tags-to-manage-image
Change-Id: Ibc28b2220565667e15ca2b2674e55074d6126ec3
2016-03-01 20:43:33 +01:00
Stephen Balukoff
feb7a375fc Add release notes for L7 and shared pools
The previously-merged patches for L7 and shared pools did not include
release notes. This commit adds the missing release notes.

Change-Id: I0c216addf9e85d512fd2fe689db1e819d183b36c
Partially-Implements: blueprint lbaas-l7-rules
2016-02-29 22:48:56 -08:00
Kyle Mestery
8c741ba383 Add reno for release notes management
Change-Id: I963992cc0278d38ecae506d597072e8eb8b45e13
Signed-off-by: Kyle Mestery <mestery@mestery.com>
2015-12-04 14:42:32 -06:00