Using get_or_.*_role functions is useful when deploying 2 devstack
instances in 2 different regions with a unique keystone instance, the
functions ensure that the changes haven't already been applied
Change-Id: I95d75b1bc3a62bb2758a4c5985dcfb9e6cc12449
* Added support for Rocky Linux in the amphora-agent
* Amphora images for Rocky can be built when setting
OCTAVIA_AMP_BASE_OS="rocky"
* Fixed the devstack plugin for Rocky Linux hosts
Change-Id: I41f7e2341332b9cb74b4a59fedb6eed1af3c8062
This patch replaces the deprecated library with openstacksdk. It also
deprecates the use of the [service_auth] section of the configuration
for authentication with Neutron. In a future release these settings
need to be part of the [neutron] configuration section.
Update needed on OVN provider side:
https://review.opendev.org/c/openstack/ovn-octavia-provider/+/870514
Story: 2010509
Task: 47104
Change-Id: I686cfdef78de927fa4bc1921c15e8d5853fd2ef9
grenade now updates from an ML2/OVN deployment. Octavia needs to source
the devstack/lib/octavia file from neutron, which provides the functions
that manage the octavia management interfaces.
The commit also removes false-positive pylint warnings, an issue was
reported to the pylint project:
https://github.com/PyCQA/pylint/issues/8497
Change-Id: Ie26a154c320d8527e54b871a3b99bbbc3c2ee811
This patch fixes the OCTAVIA_USE_LEGACY_RBAC devstack plugin setting to
apply the policy file setting in the octavia.conf.
It also creates a OCTAVIA_USE_KEYSTONE_DEFAULT_ROLES setting to enable
the keystone default roles ONLY policy override if the setting is True.
Change-Id: If10638bd9da463d6bb6932a5598156d56a9fcd97
This change introduces the config file for the oslo-config-generator
command, so that users can easily generate octavia.conf.example without
tox.
Note this change adds parameters of oslo.policy and oslo.middleware
which were missing previously.
Change-Id: I5ea921cf8d63b28c5143f95dbb47802d5018d7a4
The FIPS jobs use centos-8-stream controllers but the image is still
based on ubuntu, this commit updates the amphora images to
centos-8-stream and enable FIPS inside the amphora.
Change-Id: I8916796ed6727a103907a33d3c14e99e1d3734e6
debootstrap doesn't exist on centos-9-stream, disable it for
rhel9-based distribution.
Also remove a previous unsuccessful attempt to remove it.
Change-Id: I8fac328cdda6e1015a145a1f8a497e007ac6ac02
A recent commit [0] sets log_opt_values to INFO in order to display
config options even if DEBUG is not enabled, but it makes our functional
tests 3 times slower because each api test dumps the configuration.
Mock log_opt_values in our API functional tests to speed up the
execution of the tests.
$OS_AUTH_URL was previously used to configure the service_auth.auth_url
setting in octavia.conf but this env var was removed from devstack in
[1]. Switch to $KEYSTONE_SERVICE_URI which was used to set OS_AUTH_URL.
[0] https://review.opendev.org/c/openstack/octavia/+/792697
[1] I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
Change-Id: Ib9123365079502093b355db3430a98928a3a16d1
Spare pool feature was deprecated in Victoria, we decided to remove it
during the Xena release cycle.
Change-Id: I830c6a4c49fa47105f788cf99a0f775e5dbdcaea
When cleaning up a devstack environment with amphorav2 enabled,
./clean.sh might fail because redis has already been stopped and
uninstalled.
This commit move the stop_redis step to the octavia_stop step and
ensures that stopping redis doesn't fail.
Change-Id: I987535e90cbf13917c50c5905c64b614188928ec
The disk image create tool can now build aarch64/arm64 amphora images.
The devstack plugin will facilitate image builds and upload to Glance
for this CPU architecture.
Change-Id: I1cebd8a3da58dc56ebbfac22f7802ab7f52585e1
The grenade job resource.sh script is waiting for the created object
status but not the overall load balancer status to go ACTIVE.
This can lead to the script failing with a 409 error.
This patch adds a check for the load balancer to be unlocked before
advancing to the next create call.
Change-Id: I6505243ddbf1eab7d110e9bfa03bffda840f07ae
{admin,tenant}_log_targets options are configured with
MGMT_PORT_IP in devstack, which contains the IP address
of the local management interface. In multinode setup,
it means that the second node should run a rsyslog
service to receive logs from amphorae that have been
spawned by its worker.
Change-Id: If2841720009c2e402127e2e0080efdd56b68f6c9
The following jobs with default amphorav2 added as experimental:
* octavia-v2-dsvm-noop-api
* octavia-v2-dsvm-tls-barbican
* octavia-v2-dsvm-spare-pool
* octavia-v2-act-stdby-dsvm-scenario
* octavia-grenade
* octavia-v2-dsvm-cinder-amphora
* octavia-v2-dsvm-scenario-two-node
Note: octavia-grenade-amphorav2 will show valid result
with renamed alias amphorav2 -> amphora.
Change-Id: I03385d93575db4e44a72335c0af4fde490a93b0f
Change I612ea1c583090897bd44453b867d75929a01b7fc [1] removed
diskimage-builder from the root requirements.txt file. Devstack
deployments not setting LIBS_FROM_GIT+=diskimage-builder will not
install diskimage-builder. This means our diskimage-create.sh tool will
fail to build amphora images and abort the deployment.
[1] https://review.opendev.org/#/c/741960/
Change-Id: Id535d2d5ea6c23c9646c568a17d7695f82c0c1a9
This patch adds support for nftables (an iptables replacement) to
the devstack plugin and the amphora agent.
Change-Id: I9e2c4d6e68da67d68c6dfeb3b47edd600d1ba397
With this image driver interface, we align our codebase with other
existing driver interfaces like compute, network and volume.
This interface also allows the amphora provider driver to check for
existence of tagged images at API level (e.g. amphora image tag
capability in Octavia flavors).
Change-Id: Id808c082808fafe1a1e004957ff47eca57f97ee8
As Octavia allows to use RedisTaskFlowDriver or
ZookeeperTaskFlowDriver we should install python clients that
allows to work with redis and zookeeper backends.
Story: 2007892
Change-Id: I7312c8c1057618e909339aa7a4dfeb836f4b8f33
This new diskimage-builder element installs octavia-lib from Git for
source install type image builds rather than from released versions.
To mention some advantages:
1. allow custom octavia-lib versions (useful for development)
2. test unreleased octavia-lib changes in CI
3. install latest changes from master and stable branches
(aligns with approach taken with amphora-agent)
Branch checkout to stable/* from master for octavia-lib DIB element will
be automated on branch create. See https://review.opendev.org/#/c/745877
Change-Id: I6d87b6bd25c536b2bed1994427cd933bdcc091d6
Recent changes to the Octavia tempest tests has caused our test
runs to exceed the default neutron security group rule quota.
This patch increases that quota for the Octavia project in devstack.
Change-Id: I49e92f81b23e0b306c62c406a45029b96dce20df
Currently some phases of the devstack plugin do not have xtrace
enabled, which can make it hard to debug issues in the devstack
plugin.
This patch makes sure that xtrace is enabled while the Octavia
devstack plugin is running so that we can see the commands being
executed. It will restore the previous setting after our plugin
is done running.
Change-Id: Id6828b86779f1daca6a00a03f43c78fe26828f4f
This patch adds a new configuration setting to enable/disable jobboard
functionality in the amphorav2 provider. When disabled, the amphorav2
provider behaves similarly to the amphora v1 provider.
The default setting is jobboard disabled while jobboard remains an
experimental feature.
Change-Id: I063d832f5a049d7ae38378766200c7f82a35996d
There is no reason to create internal and admin endpoints in DevStack,
most other services have stopped doing so a long time ago.
Also use the global SERVICE_PROTOCOL variable as default for
OCTAVIA_PROTOCOL instead of "http", this will make us automatically
use the secure API access when the tls-proxy service is enabled.
Fix the instructions for using the devstack plugin, too.
Change-Id: I0154b83cb64952844a28895721694d3e2ff82be2
Neutron now needs to have a router attached to the subnet to provide
the router advertisement messages needed for slaac address
configuration.
This patch adds this router to the lb-mgmt-network, allowing
the amphora instances to configure an IPv6 address.
Change-Id: I638c5c8baf1d76365fff2c99ded9c6b310348710
In-line with devstack patch [1], switch invocations to find uwsgi in the
path.
[1] https://review.opendev.org/#/c/577779/
Change-Id: I5e6aee49f434820881051874c9ad2628b4fcada7
Change I7ebf4137feb04827490dffc0dac3d6e4c8888075 added 'set -e' in
devstack/plugin.sh, but on devstack cleanup, some commands may fail
because of non-working services (i.e after a reboot).
This commit allows 'openstack keypair delete' to fail on clean up.
Change-Id: Ic782faba3eb907d29b6735ac0a6d6a8a2e104e00
Oslo.policy is moving away from using json format policy files[1].
This patch updates the Octavia documentation, policy configuration file, and
legacy admin-or-owner policy file to be in yaml format.
Octavia will continue to honor and support the json format file as long
as oslo.policy does, but this patch will encourage new deployments
to use the yaml format.
[1] https://docs.openstack.org/oslo.policy/latest/admin/policy-json-file.html
Change-Id: I925cc05981e677c0552b18f845fdbc512d2af22c
There are cases where DIB can fail to create an image but devstack
does not abort. This leads the gate job to run all the way down to
starting the tempest test before the job will fail out.
This adds a simple check for the image file and will abort early
if the image is not present.
Change-Id: I7ebf4137feb04827490dffc0dac3d6e4c8888075