Introduce TaskFlowServiceController which uses taskflow
jobboard feature and saves jobs info into persistence backend.
Jobboard could be operated via RedisTaskFlowDriver or
ZookeeperTaskFlowDriver, that could be set via the config.
RedisTaskFlowDriver is intoduced as default backend for jobboard.
Usage of jobboard allows to resume jobs in case of restart/stop
of Octavia controller services.
Persistence backend saves state of flow tasks that required in
case of resuming job. SQLAlchemy backend is used here.
Bump taskflow version to 3.7.1 and add dependency to
SQLAlchemy-Utils (required for taskflow sqlalchemy
backend support).
Story: 2005072
Task: 30806
Task: 30816
Task: 30817
Change-Id: I92ee4e879e98e4718d2e9aba56486341223a9157
Pools can now be each be assigned an OpenSSL cipher string with the
field tls_ciphers. A new configuration option, default_pool_ciphers,
specifies what cipher string to use for new tls-enabled pools
if one is not explicitly specified at time of creation.
Change-Id: Iedb7774bfb8d70ea307d6a513248e1fe2389fa34
Depends-On: I77da6f14063877af0077f2c12df1aab5d5ead187
Story: 2006627
Task: 37172
A recent change in oslo.policy has made it register its cli opts on
the global config object. This was done to fix a bug where the opts
passed to the oslo.policy cli tools would get lost once it called
into project code because it was previously using a private config
object.
Octavia had already fixed this bug in a different way by filtering
the args in the enforcer code, which should no longer be necessary
now that the oslo.policy fix has merged.
However, the use of the global config object by the policy cli has
introduced a new problem, which is that after the config object is
initialized you can't register more cli opts. Because Octavia was
registering cli opts on import, this means that when the policy
tools call the Octavia policy entrypoint those opts get registered
and cause a failure.
To fix that, this change moves the cli opt registration into a
function that gets called from config.init so they will only get
registered when running an actual Octavia service. A separate
function was needed because they also need to be registered in
unit tests, and we don't want to actually initialize the entire
config object there. This way they can be initialized properly
in both scenarios.
Change-Id: I48ae260335f67e8ab1a188a94e44a7f1968e6fe9
Listeners will now be able to each be assigned their own OpenSSL
cipher string with a new field: tls_ciphers. There is also a new
configuration option, default_listener_ciphers, which specifies the
cipher string to assign to new listeners when one is not explicitly
specified.
Change-Id: I77da6f14063877af0077f2c12df1aab5d5ead187
Depends-On: Id5f4c20abd40dd092558a711987953012d4ae67f
Story: 2006627
Task: 36839
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Add test-requirements.txt to doc building, hacking is now imported and
needed for autodoc.
Change-Id: I06211ef20131c64deba135123e53d87f3b5356a2
Red Hat/centos do not ship acpid for ppc64le, but others do.
This patch sets up a package map for DIB to exclude the acpid
package on Red Hat family image builds, while allowing it for the
other distros.
Change-Id: Iaef520e5f2a66833228e824ec4fb41f5915169af
Should have done "pad to 8 characters" on the hex conversion, but it was
instead hardcoded to pad a single `0`, which is right in a lot of cases
but not all.
For example:
>>> ip1 = ipaddress.ip_address('98.136.140.23')
>>> ip2 = ipaddress.ip_address('10.1.1.1')
>>> "%X" % ip1._ip
'62888C17'
>>> "%X" % ip2._ip
'A010101'
Change-Id: Ia9fec4e72c00f7086489b245d9dc50ed9c27f12a
healthcheck middleware adds a /healthcheck url that allows
unauthenticated access to provide a simple check when running
octavia-api behind a load balancer
https://docs.openstack.org/oslo.middleware/latest/reference/healthcheck_plugins.html
Co-authored-by: Michael Johnson <johnsomor@gmail.com>
Change-Id: I10db6226750f7b7c703067d2ab82eea3a9875112
Convert all code to not require six library and instead
use python 3.x logic.
Created one helper method in common.utils for binary
representation to limit code changes.
Change-Id: I2716ce93691d11100ee951a3a3f491329a4073f0
We missed a line when removing the requirement to grant Octavia
access to the secret in barbican.
This patch corrects that oversight.
Change-Id: I3c6459becc415d6dc0792c44ca75e717b239cd92
On base operating systems that use DNF there can be a systemd timer
that attempts to call out and update the dnf cache every hour.
This patch adds an diskimage-builder element that disables this
timer as most amphora will not be successful in updating this cache
because they do not have network access or DNS services avaialable.
Change-Id: I5dec631d3e66e1dfb6b8741caea89938ee18a7d8
Story: 2007408
Task: 39019
Eventually hacking will move to 2.0.0 (diskimage-builder
is holding it back), and when it does there will be a few
errors to fix. We can get ahead of it so it doesn't
break us with some small changes for these items:
F601 dictionary key $item repeated with different values
F632 use ==/!= to compare str, bytes, and int literals
E501 line too long
While doing this noticed the lower-constraints.txt for
hacking was set at 0.12.0, when test-requirements.txt
had it at 1.1.0, so fixed that as well.
Change-Id: I80d2a5f97e7a4896a8fa765c1971c8bb7e72d211
Avoid getting the same amphora all the time if its loadbalancer
stuck in PENDING state and could not be failovered.
Story: 2007340
Task: 38877
Change-Id: I2f680a00be695c3828166e6803882765af79b79e
When only setting tags to an existing load balancer, the amphora driver
would try to apply QoS policy on VRRP ports even if no policy is
defined. This raised an NetworkException that led load balancers to go
into ERROR.
Task: 37589
Story: 2006922
Change-Id: I48315f8f293811e1d99584ea36da05c4211cf275
The network delta calculations were all based on the static configured
amp_boot_network_list which is not correct if it's overridden by the AZ.
Change-Id: Ia930e17c76cd601ac005de10fb03231a19f1a776
If the AZ system is being used and there is also a default boot network
set in the main config, the nova driver would not pick the right
interface when translating the amphora info for amps in custom AZs.
This affects the step that fetches the lb_network_ip (the management
address) from nova, immediately before the step that updates the
database with the correct IP. That IP is then used in the rest of the
amphora creation flow, which pulls in that address and uses it to
connect to the amp.
Change-Id: Ie4869035a557ebcddea2fce693067c82fbd2d2a9
Adam Harwell
OpenStack Proposal Bot
Zuul
Ann Taraday
Dawson Coleman
Ben Nemec
Carlos Goncalves
Andreas Jaeger
Michael Johnson
Sam Morrison
Brian Haley