So far we did not mention the --wait argument when we created Octavia
resources in the cookbook.
This argument will save the user some (loadbalancer show) API calls,
so one won't have to make sure the Octavia resources are ready every
now and then.
Change-Id: If066e420a7ada869f67fbea29c50dc896f8a72ea
This patch adds the initial nftables support in the amphora for SR-IOV
VIPs. Followup patches will add rules to the nftables chain. As this
point in the patch chain, SR-IOV VIPs will not pass any traffic.
Change-Id: Ib2a1c3f49a26690d2e0e9c7330e047748c0b5105
So far we did not document h2 load balancing with both pool backend
re-encryption and alpn protocols.
This patch adds that missing h2 section to the Octavia cookbook.
Story 2010581
Task 47365
Change-Id: Iffaf4fa50ae6bf93a8e25e61f6776b1bed343f52
Include additional VIPs feature in the Amphora and OVN provider
matrix since it has already been integrated for both providers.
Change-Id: If43296d81bbaa10bd5e720d7c18920321ab8b743
This patch proposes a specification for adding SR-IOV VF port support to
Octavia Amphora load balancers.
Change-Id: I98961b162ae6811366bb036e6286f972908d785b
The tls-data-security specs use seqdiag to describe communication between
some components.
seqdiag is unmaintained and doesn't work with recent Pillow releases (10.0.1).
Disable the generation of those diagrams as they are part of old specs.
Also remove the dependency on seqdiag
Disable octavia-grenade-skip-level which will be fixed in another commit
Partial-Bug: #2026345
Change-Id: I6b5c5d6c651dac223a205409c49085faf78cff15
In case of DB outages when a flow is running, an exception is caught and
the flow is reverted. In most of the flows, the revert function of the
first task's (the last to be reverted) unlocks the load balancer by
setting its provisioning status (to ERROR or ACTIVE, depending on the
flow), but it fails if the DB is not reachable, leaving the LB in
a PENDING_* state.
This commit adds tenacity.retry to those functions, Octavia retries to
set the status during ~2h45 (2000 attempts, 1 sec initial delay, 5 sec
max delay).
Closes-Bug: #2036952
Change-Id: I458dd6d6f5383edc24116ea0fa27e3a593044146
The python blockdiag module is unmaintained and will likely be removed from distros.[1]
This patch removes mention of blockdiag from Octavia as it is unused.
[1] https://github.com/blockdiag/blockdiag/pull/171
Change-Id: I88371364b88bec5f1fd42d6ade8b316be3130f3f
Update doc according last improvements on HM for the OVN
provider. Also point to ovn-octavia-provider repo for doc,
instead to networking-ovn.
Change-Id: I8b83e06c89abcc9100085357c2dc265e3178d1c5
Removing the amphorav1 provider, it was deprecated in Zed and can now be
removed in Bobcat 2023.2.
Change-Id: I2ecfc0f40549d80b3058b76c619ff4ef35aadb97
Stop failovers if the count of simultaneously failed
amphora reaches the number configured in the new
failover_threshold option.
This may prevent large scale accidental failover events,
like in the case of network failures or read-only
database issues.
Story: 2005604
Task: 30837
Co-Authored-By: Tatsuma Matsuki <matsuki.tatsuma@jp.fujitsu.com>
Co-Authored-By: Tom Weininger <tweining@redhat.com>
Change-Id: I0d2c332fa72e47e70d594579ab819a6ece094cdd
This patch creates tasks for load balancer notifications and adds them to the amphora loadbalancer create/delete/update flows.
Change-Id: I287d89cd83e91473f1375788c969521aa58ca567
This patch moves the system scope configuration in the policy override example files out to a separate override file. This way the new default roles can be enabled independently of system scoped tokens. This helps us align to the changes in the secure-RBAC spec[1].
[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
Change-Id: I1b41780f3ca84ceca563d668ae8bb40011a60bf4
Copy/paste issue was present, so if following guide you would override
client CA key created on step 9 while generating
client key for certificate.
Change-Id: Icc06b48cfe57929030218555ab4b19b1db1ff68a
Parts of the documentation about log offloading repeated itself.
I added a new "Failover Considerations" section that focuses on that
topic specifically. Therefore, other sections no longer need to show
multi-server configurations.
The new section contains recommendations about
log_retry_count and log_retry_interval values for failover
configurations as well.
Story: 2009876
Task: 44599
Change-Id: If71fce80329fe772c8248bc2eb4445ea15680c5d
This patch adds a new protocol for listeners called "PROMETHEUS" that exposes
a Prometheus endpoint. This allows detailed metrics collection from Octavia
load balancers.
Change-Id: I3e27e4e57ad955bcd7728426c91f05171a46ef7f
Openssl genrsa is deprecated in favor of genpkey, and fails in FIPS mode.
Update the relevant calls to use genpkey instead.
Change-Id: I1aab9faa8afe845e445e620d1800785d2e19ad1e
Remove test-requirements.txt from docs dependencies, add hacking in
doc/requirements. It should reduce the duration of the docs job.
Removed some comments that disabled consider-using-with in pylint,
most of the flagged code is now considered as false positive.
Change-Id: Ib550542820163be2bbef97df7b090834a6b6dccd
Several edits from early January 2021.
Tech review edits from two devs incorporated. Thanks!
Additional comments from Brian added. Thanks!
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: Iddcbe83dc4b3fec796ac94339f2839818890ab2f
Spare pool feature was deprecated in Victoria, we decided to remove it
during the Xena release cycle.
Change-Id: I830c6a4c49fa47105f788cf99a0f775e5dbdcaea
The healthcheck endpoint should cache results to reduce the potential load on the backend systems being tested.
This patch adds the caching and a configuration setting for the interval
between cache refreshes.
Change-Id: Ic97a991437144f3a220d9b96839cec5b63565f8c
Story: 2008203
Task: 40987