Octavia has no quota definitions, but needs them for parity with Neutron LBaaS.
This will provide an endpoint and support for retrieving, updating, and deleting
quotas for projects, as well as adding enforcement of those those quotas.
Adds scenario test that simply validates quotas in a lb graph.
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Co-Authored-By: Phillip Toohill <phillip.toohill@rackspace.com>
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Change-Id: Ia1d85dcd931a57a2fa3f6276d3fe6dabfeadd15e
Closes-Bug: #1596652
Support for base policy.json with in code standard values with possibility to
override them using policy.json file.
Change-Id: I0bd6e9c56d9fa439bd0e5400b2a28e30115a03f0
Closes-Bug: #1616580
Change methods used in backend to authenticate with keystone.
Use autodetection mechanizm for API version and refactor config
options specified in Octavia.
Change-Id: Id0deee2714040d271f43a537c27f410e2f4e3ef2
Closes-Bug: #1620668
Closes-Bug: #1618691
This patch enables auto-detection of the init system used in the
amphora image and adds support for systemd amphora.
This patch allows Ubuntu xenial amphora images to work.
It also merges two functional test files into one file to reduce
code duplication.
This is a scenario gate fix.
Change-Id: I5fec1680bd47719ae9f2fcb6abaaba8a78e2ae8b
Closes-Bug: #1640866
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in conf.py to generate translated version of the
release notes.
Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.
Change-Id: Idce1386c53d287f33a1050d2f2e175ca1a7c40df
This commit adds the ability for Octavia to make use of PKCS7
intermediate certificate bundles. These PKCS7 bundles may be in PEM or
DER format. This feature is being added since barbican specifies that
this is the preferred format for intermediate bundles in secret
containers.
This commit also re-arranges and/or strengthens several of our existing
tests of TLS / SNI functionality and in the process also fixes a bug
where encrypted private keys were not uploaded to amphorae in a format
that haproxy can readily parse. I have also added several sample or
dummy certificates which can be used for an up-coming scenario test
which exercises TLS-termination capabilities of Octavia.
Change-Id: I14e394bbf48456d2e2a7bbefcc777a1b6f4b83e4
Closes-Bug: #1627356
Closes-Bug: #1627367
This patch adds an element that causes the terminated HTTPS
certificates and keys to be stored in an encrypted ramfs path
so they are encrypted at rest.
Change-Id: Id0f80f311d37d5691087e855fb1291011451c851
Closes-Bug: #1627370
This patch adds an optional configuration setting that allows an
operator to restrict the amphora glance image selection to a specific
owner id. This is a recommended security setting for clouds that
allow user uploadable images.
Change-Id: I73347b5b3e868d13974cd6ca6bada9cdf75773fe
Closes-Bug: #1620629
The admin-state-up=False action for loadbalancer and listener
failed to affect the appropriate change. This patch corrects that
as well as removes an un-necessary call to the amphora-agent.
Change-Id: I698f964f584d150f162f6c8cb41c65f5c5556b52
Closes-Bug: #1619449
Removes hardcoded IPv4 logic from the controller and agent.
Updates the VIP address field size in the DB.
Closes-Bug: #1585803
Closes-Bug: #1585804
Change-Id: Ib5aeef4563e20cc8ffdc607139f28aad9787aaeb
Currently Octavia assumes that DHCP service is available on
the VIP and member subnets. This is not the case at all operators.
This patch makes Octavia use the IP information provided when
the ports are created, if available. If the IP information is
not available on the ports it will fall back to relying on DHCP.
Change-Id: I08a93d4318bbce48128019376320782d1a334369
Closes-Bug: #1607900
When load balancer is deleted the corresponding DB entry is marked
as DELETED and is never actually removed along with a VIP
associated whit this load balancer.
This adds a new method to db_cleanup routine that scans the DB for
load balancers with DELETED provisioning_status and deletes them
from db if they are older than load_balancer_expiry_age. Corresponding
VIP entries are deleted in cascade.
Added new config option `load_balancer_expiry_age` to the `house_keeping`
config section.
Also changed the default value of exp_age argument to
CONF.house_keeping.amphora_expiry_age in check_amphora_expiry_age
method.
DocImpact
Closes-Bug #1573725
Change-Id: I4f99d38f44f218ac55a76ef062ed9ea401c0a02d
This patch adds release notes for a feature added early in Mitaka.
Change-Id: If85d90ff30175011365da77776276a837a9fb252
Implements: blueprint activepassiveamphora
Deprecated amp_image_id option with the new amp_image_tag option.
Also switched devstack plugin to rely on the tag to update the image
used for new load balancers.
Implements: blueprint use-glance-tags-to-manage-image
Change-Id: Ibc28b2220565667e15ca2b2674e55074d6126ec3
The previously-merged patches for L7 and shared pools did not include
release notes. This commit adds the missing release notes.
Change-Id: I0c216addf9e85d512fd2fe689db1e819d183b36c
Partially-Implements: blueprint lbaas-l7-rules