Add file to the reno documentation build to show release notes for
stable/2024.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.
Sem-Ver: feature
Change-Id: I744c29c1a03aba952b98a9fa3b6772073fa3805c
When creating a LB + a listener with an allowed_cidr with the
fully-populated API, an issue happened when Octavia validated that the
allowed_cidrs and the VIP ip address have the same IP version. The
vip.ip_address value was not updated in the load balancer object,
forcing the expiration of the DB object before entering _graph_create
fixes this issue.
Note: there's no change in the tests, the test function for this feature
exists, looks correct, and passes successfully, the bug is only
reproducible in octavia-api.
Closes-Bug: 2057751
Change-Id: Ia106d81c1b2588e5d938d2238c8a2f6660bf5ef1
Ubuntu Focal is no longer part of the tested environments, because of
newer LTS available now (Jammy).
Change-Id: I7a6df974762abdd94784416609304618ce702b6e
As noted on an earlier patch[1], the "SetAmphoraFirewallRules" task was not
checking the Amphora status nor using an API timeout. This could cause failover
flows to take longer than necessary if one of the Amphora is missing.
This patch corrects that issue by honoring both the Amphora status and timeout.
[1] https://review.opendev.org/c/openstack/octavia/+/910101/13/octavia/controller/worker/v2/flows/amphora_flows.py
Change-Id: Ic5e8140b13164267236f0a5d9a48fbd84bcdd688
So far we did not mention the --wait argument when we created Octavia
resources in the cookbook.
This argument will save the user some (loadbalancer show) API calls,
so one won't have to make sure the Octavia resources are ready every
now and then.
Change-Id: If066e420a7ada869f67fbea29c50dc896f8a72ea
This adds a release note to explain updates made recently in redis
jobboard driver[1][2].
[1] 16f6b2e8f6
[2] bd3ef61a0c
Change-Id: I6c43a0a810f01632696f254a31e9a17c2f2cd73d
There was a mistake in the load balancer create flow where duplicate
tasks were added to the flow when an SRIOV VIP was used. This patch corrects
that by removing the duplicate tasks.
Change-Id: Id3dce30639cce6724d41fd2ccd53612384eba87f
Redis Sentinel client implementation support using multiple sentinel
servers for redundancy, but only a single server from the servers list
was passed down to it.
This uses the new taskflow interface to add fallback servers, and
register the remaining servers in the list as fallbacks.
Depends-on: https://review.opendev.org/c/openstack/taskflow/+/907674
Change-Id: I6b281d2520db0048329b12b33108273ba2f96534
Redis introduced ACL feature in 4.0.0, and this feature is supported by
redis-py since 3.4.0[1]. When ACL is enabled, authentication requires
username in addition to password.
Also this removes the default password string because it can confuse
underlying libraries in case a more strict check such as 'is None' is
implemented there.
[1] 8df8cd54d1
Depends-on: https://review.opendev.org/c/openstack/taskflow/+/907667
Change-Id: Ie85589ab4e02046f54864a10b9b8adce6996d82a
This patch adds the initial nftables support in the amphora for SR-IOV
VIPs. Followup patches will add rules to the nftables chain. As this
point in the patch chain, SR-IOV VIPs will not pass any traffic.
Change-Id: Ib2a1c3f49a26690d2e0e9c7330e047748c0b5105
pylint 3.1.0 introduced the new check (use-yield-from) and this detects
a few failures in current code. This fixes these failures.
Change-Id: Ia5396895b27e4b28a7d9d8d85a85a8449c21d493
So far we did not document h2 load balancing with both pool backend
re-encryption and alpn protocols.
This patch adds that missing h2 section to the Octavia cookbook.
Story 2010581
Task 47365
Change-Id: Iffaf4fa50ae6bf93a8e25e61f6776b1bed343f52
Include additional VIPs feature in the Amphora and OVN provider
matrix since it has already been integrated for both providers.
Change-Id: If43296d81bbaa10bd5e720d7c18920321ab8b743
Print actual error when we failed to load pkcs12 cert and
falling back to the default implemntation, as exception may
not be related to certificate or its format like an issue
with wrong methods during cryptography version mismatch
*** AttributeError: module 'OpenSSL.crypto' has no attribute 'load_pkcs12'
Related-Prod: PRODX-39931
Change-Id: I85c8a615c4f2e08e28939805ae0e9b2028dadaed
Using get_or_.*_role functions is useful when deploying 2 devstack
instances in 2 different regions with a unique keystone instance, the
functions ensure that the changes haven't already been applied
Change-Id: I95d75b1bc3a62bb2758a4c5985dcfb9e6cc12449
Since 2023.2, we deprecated some settings in the [neutron] section
('endpoint', 'endpoint_type' and 'ca_certificates_file'), they are
respectively replaced by 'endpoint_override', 'valid_interfaces' and
'cafile'. There's some code in Octavia that automatically sets the new
settings if the user still has the old settings (it is required because
keystoneauth uses the CONF objects to establish the sessions).
But some corner cases were not correctly addressed in that patch.
Now Octavia ensures that the override of the parameters is correctly
handled.
Change-Id: Ic37e9f699e32431ae1735ddc9642689967ddc696
Closes-Bug: 2051604