The introduction of shared_pools broke one of the flows for
assigning the listener peer_port. This went unnoticed for a little
while since this is presently only used in active-standby
topologies, and we don't have any scenario tests right now which
exercise active-standby regularly.
In looking to fix this flow, I realized that there's no reason we
can't assign the listener peer_port when the listener object is
created in the database. By doing this, we eliminate the need for
a couple controller worker database tasks and simplify the
listener creation flow.
This patch, therefore, updates the repository code to assign the
peer_port on listener creation, and eliminates the now redundant
controller worker database tasks and simplifies the create listener
flow.
Change-Id: I0c15dfa154c7cd57f1626945bb76c0ac0b9de071
Closes-Bug: 1547233
The controller worker flow to update the data model was simplistically
setting new attribute values to whatever made it through the API's
verification / syntax check. While this works well for simple
attributes, if the attribute happens to be a reference to another
object, or if updating that attribute were to affect some other
attribute or linked object, this would case the data model update to fail.
The root of the issue here is that the data model code does not
currently duplicate all the functionality that is handled by SQLAlchemy
for the database models. This was complicated by the fact that we have
at the present time, essentially no tests for pure data model updates
(ie. which don't hit the underlying repository / database).
In particular, this update corrects update problems for
pool.session_persistence attributes, as well as listener.default_pool_id
attribute updates.
Closes-Bug: 1544851
Change-Id: I8617dcb38013456d5ba5e10a92e25be0c07e3e8d
Basic clean up work.
In some files, oslo_config.cfg and oslo_log.log has been imported
but not used. So remove them.
I noticed that there are a lot of unused conf variables in nova and
there is a patch to clean them up:
https://review.openstack.org/#/c/280068/
So I wondered if this was a thing in octavia as well.
Turns out it is. :- )
If have to say why not keeping them, I think it should be making
code clean and avoiding redundant compilation.
Change-Id: I59b3dcef9143db2dbaae0c9c51f4e098ddcc16e3
If we enable VRRP, which uses unique IP protocols 51 and 112,
the egress security group rules get mistakenly removed from
the neutron ports.
This patch fixes that issue by excluding non-TCP security rules
from the delta calculation.
Change-Id: I5c5c65224349a8f3c68a7c5a07582dcfc69f4eaa
Closes-Bug: #1547760
Currently UUIDType is being validted for project_id.
In most cases this will cause issues. Update to more
appropriate StringType
Change-Id: I54fa78e7140f57084fffb68528d4a4252b9a5d28
Closes-Bug: #1547717
There is no method called_once_with() in Mock object.
Use assert_called_once_with() instead.
Change-Id: Ib41a3fb4d7b4333cb56f69244fed0bf13366453d
Closes-Bug: #1544522
Prior to this patch, the conversion from database model to
data model tried various recursive strategies based on object
class tracking, aimed at avoiding too many recursive back-references
to other models in the object tree in order to avoid an infinite
recursion. While this worked reasonably well, it resulted in
data model trees that would become increasingly inaccurate if
too many links were traversed away from the original object from
which the tree was generated (ie. the defacto root of the tree
that had been generated).
This problem became worse when the tree became a graph with the
introduction of the shared pools code, and the work-around for
the graph inaccuracy problem greatly increased the inefficiency
of generating the graph. (It's an O(n^2) or worse algorithm.)
This patch introduces a new strategy for generating the data model
graph based on tracking unique ID of the objects in the graph, and
making all back-references complete. By generating the graph this
way, not only do we have a complete and accurate data model graph
which should remain accurate no matter how many object links are
traversed (ie. this is a true graph and not an approximation of
a graph using a tree), but we have increased the efficiency of the
graph generation algorithm to O(n).
Partial-Bug: 1544851
Change-Id: I68c2ff0e293e3a1ea4e7b0fd38cf6d0d5cd4ec12
This commit updates the health monitor to update the load balancer
status even if the given load balancer (and associated amphorae) do not
have any listeners.
Change-Id: Iedfd9ebcf8e2e948c89cbc584c8fdea921b0cfbd
Closes-Bug: 1544290
"handle = m()" is in code but we are not using it for any test.
add "handle.write.assert_called_once_with()" to complete this case.
Change-Id: I93d93f9013b93f326924edd0104b1e09349d5ba5
The health monitor consists of two daemons: One receives heartbeats
from amphorae and updates the database, the other scans the database
for amphorae that haven't checked in in a while. If the health
monitor is down for a while, all the amphorae will seem stale in
the database once it's started again.
This patch changes the behavior of the health_check such that amphorae
have time to check in after the health monitor start before the
health monitor daemon decides they need to be failed over.
Change-Id: I0599d214c645547b3248f73f6bb3380653de0585
Closes-Bug: 1532623
During a normal failover, the housekeeping manager will attempt
to clean up database records having to do with the dead amphora based
on the last health check of said amphora. However, at least some of
the time, the amphora health manager would have already cleaned up
the health record, meaning that the housekeeping manager gets a
None response when it attempts to check the deleted amphora health.
This could lead to a failure in the dead amp cleanup process, possibly
gumming up failover or other tasks along the way.
This commit fixes this check such that if no health record exists
for the deleted amphora, it is assumed the amphora is expired and
all record of it can be deleted from the database.
Change-Id: Icded7127d7817d8c71a5fcb90c95775a2bf5f58c
Closes-Bug: 1544427
The old SSH amphora driver is not being used by anyone
anymore, nor is it being maintained. This patch removes it from
the Octavia code tree.
Closes-Bug: 1534218
Change-Id: I006f1c794e1ab0483886d06495ca6649f0afe479
The rule is not robust enough result in error code existing.
Fix the code and the rule.
Change-Id: I68934d4931a6e7857a824d0af5ed571a9c3e6480
Closes-bug: #1280522
The octavia-generate-serverpem task returns the generated
certificate information for the amphora. The default taskflow
DynamicLoggingListener would log the result of the task when
running in debug mode.
This patch tells the DynamicLoggingListener to not log the results
of the octavia-generate-serverpem task.
Change-Id: Ib846d72976dfc9cadaf6c7f0062ede764ad8a6bc
Closes-Bug: #1544785
Intermittently deleting a load balancer would lead to an
PortNotFoundClient exception that would make DeallocateVip
revert. This patch fixes an except statement that was catching
the wrong exception.
Change-Id: Ia752ee7a1be339533e478d1646ad215e1c7507d4
Closes-Bug: #1544375
Currently, Amphora configuration data is being sent as personality
files as considered by Nova and some providers have limitations
and must use cloud-init user-data.
This patch introduces a new config option to enable user-data.
If enabled the files that were built, such as the amphora config
and certificates for the agent, will be templated into a cloud-init
user-data script that loads the files as expected. After this we
need to restart the agent as cloud-init happens at a higher level
than service scripts. This does increase the boot time.
This is configurable so there is no impact if it's not needed.
Change-Id: I60fa87722302eee9d3d1fd6ff1b5b5b697a2406e
Closes-Bug: #1541231
This patch removes a workaround database call that causes old
data to be pushed to the amphora haproxy configuration.
Change-Id: I7199a744700e446c1481b1b46d274b8a763730d6
Closes-Bug: #1542120
When requesting for a barbican client, this change lets you filter based on
region and endpoint_type.
Conflicts:
etc/octavia.conf
Change-Id: Ib4b9b75027443177c039f60f99822b9b3d021b8a
When getting a service catalog from keystone there might be
multiple endpoint types. Adds new parameters to specify
the endpoint type to use in each of the new neutron/nova
groups.
Nova config attributes are removed as the endpoint would be retrieved
from the service catalog with respective endpoint_type and corresponding
roles would define nova access.
CONFIG is added as needed and cfg being removed.
Change-Id: Ie01bd6967eb2003dbe4f7a11ffe8e20a16aa83f5
An update in the past added @staticmethod decorators to everything that didn't
use self in the function body. Thise broke the way pecan calls the API
methods because pecan calls each method independent of the instance. Pecan
instead passes the instance as the first argument. With staticmethod not
having this first argument, it broke.
Change-Id: I19e30ecae3c1d49e569950b2675a73b2fbc1f942
LocalCertManager is unusable because there's no way to get cert data
into the system (the API doesn't accept it) so there's no way we could
store it, which makes it unusable for its original purpose which was to
be a dev tool (it is not suitable for production use in any case).
Barbican does not support certificate generation in a way that makes
sense for us (they do async only) and Anchor will be the way forward.
This driver will never be completed and therefore should be removed.
Change-Id: I78019bc7ad7dffc745055216ed2aace725c58de2
Original fix merged before global-requirements were updated, because
requirements weren't being checked accurately. It now looks like
ndg-httpsclient will not be added to global-requirements, and the
warning in question doesn't affect us, so roll back the original fix and
simply squelch the warning.
Global-requirements checks are temporarily disabled on our project until
we fix our requirements to match, so we should get this done ASAP.
This reverts commit 2c2be96a10d94ba4fcc48a96e04589d3ec273b97.
Change-Id: I8e77624fa9558f0596938c16fe4c5a880d56316c
Some of the revert methods on tasks inside Octavia are missing
required parameters. This causes the revert to fail.
This patch corrects those revert methods.
Closes-Bug: #1527428
Change-Id: I2accbe55db710a312d31be5f3da8e06b7ab79025
This README was created at the inception of Octavia when it was thought we
may have to import neutron directly. This is not the case and I believe we
shouldn't accept it even is needed. We should add to neutron's API if we need
a functionality exposed.
Change-Id: I5bc708247021f291f43f2c127806927ff99f4774
