Commit Graph

4139 Commits

Author SHA1 Message Date
Zuul fa7cc01787 Merge "Fix fully-populated API with allowed_cidrs" 2024-03-20 20:29:29 +00:00
OpenStack Release Bot e4d7186776 Update master for stable/2024.1
Add file to the reno documentation build to show release notes for
stable/2024.1.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.

Sem-Ver: feature
Change-Id: I744c29c1a03aba952b98a9fa3b6772073fa3805c
2024-03-14 19:54:08 +00:00
Zuul 9f1a6e47d7 Merge "dib: Remove Ubuntu Forcal support" 2024-03-14 06:54:53 +00:00
Zuul 6b4975f5b2 Merge "dib: Remove remaining logic for CentOS/RHEL 8" 2024-03-14 06:28:05 +00:00
Gregory Thiemonge 5d9b23c602 Fix fully-populated API with allowed_cidrs
When creating a LB + a listener with an allowed_cidr with the
fully-populated API, an issue happened when Octavia validated that the
allowed_cidrs and the VIP ip address have the same IP version. The
vip.ip_address value was not updated in the load balancer object,
forcing the expiration of the DB object before entering _graph_create
fixes this issue.

Note: there's no change in the tests, the test function for this feature
exists, looks correct, and passes successfully, the bug is only
reproducible in octavia-api.

Closes-Bug: 2057751
Change-Id: Ia106d81c1b2588e5d938d2238c8a2f6660bf5ef1
2024-03-13 04:36:49 -04:00
Takashi Kajinami 4342c31ae2 dib: Remove Ubuntu Forcal support
Ubuntu Focal is no longer part of the tested environments, because of
newer LTS available now (Jammy).

Change-Id: I7a6df974762abdd94784416609304618ce702b6e
2024-03-13 12:16:59 +09:00
Takashi Kajinami 02a2195e54 dib: Remove remaining logic for CentOS/RHEL 8
... because CentOS 8 and RHEL 8 is no longer supported.

Change-Id: I90e5b85827a324c0a258fd30cf94b3e8ac8c841f
2024-03-13 12:14:36 +09:00
Michael Johnson 411e7c6dbc Check Amphora status on SR-IOV failover flows
As noted on an earlier patch[1], the "SetAmphoraFirewallRules" task was not
checking the Amphora status nor using an API timeout. This could cause failover
flows to take longer than necessary if one of the Amphora is missing.

This patch corrects that issue by honoring both the Amphora status and timeout.

[1] https://review.opendev.org/c/openstack/octavia/+/910101/13/octavia/controller/worker/v2/flows/amphora_flows.py

Change-Id: Ic5e8140b13164267236f0a5d9a48fbd84bcdd688
2024-03-12 17:12:25 +00:00
Zuul ffc6f83f07 Merge "Add --wait to Octavia cookbook" 2024-03-11 16:54:36 +00:00
Zuul 2abab95fa0 Merge "Fix neutron setting overrides" 2024-03-11 16:47:28 +00:00
Omer 6cc3e50a74 Add --wait to Octavia cookbook
So far we did not mention the --wait argument when we created Octavia
resources in the cookbook.

This argument will save the user some (loadbalancer show) API calls,
so one won't have to make sure the Octavia resources are ready every
now and then.

Change-Id: If066e420a7ada869f67fbea29c50dc896f8a72ea
2024-03-11 16:20:51 +00:00
Zuul 00e9eac7eb Merge "Use devstack helper functions in the plugin" 2024-03-08 20:05:08 +00:00
Zuul ef28b2e629 Merge "Drop direct execution of octavia/cmd/*.py" 2024-03-08 19:37:35 +00:00
Zuul 2b8af0dc62 Merge "When we failed to load pkcs12 cert print warning" 2024-03-08 14:11:17 +00:00
Zuul 46ce3ef2d0 Merge "Add release note about redis jobboard driver updates" 2024-03-08 14:11:15 +00:00
Zuul 91ee3d7c86 Merge "redis: Support multiple sentinel servers" 2024-03-08 14:11:14 +00:00
Zuul a26c452f6f Merge "fix: specify endpoint info. for neutron client" 2024-03-08 09:14:52 +00:00
Zuul c85bdad24d Merge "redis: Add username" 2024-03-08 08:13:44 +00:00
Takashi Kajinami b7c293656b Add release note about redis jobboard driver updates
This adds a release note to explain updates made recently in redis
jobboard driver[1][2].

[1] 16f6b2e8f6
[2] bd3ef61a0c

Change-Id: I6c43a0a810f01632696f254a31e9a17c2f2cd73d
2024-03-07 16:45:07 +00:00
Zuul 188ed9c46b Merge "Fix duplicate tasks in SRIOV LB Create flow" 2024-03-07 16:21:44 +00:00
Zuul 6b0ca25696 Merge "Add additional-vips to the feature matrix" 2024-03-07 11:30:47 +00:00
Zuul edfc9803f5 Merge "reno: Update master for unmaintained/victoria" 2024-03-06 09:09:49 +00:00
Zuul dc168aee83 Merge "reno: Update master for unmaintained/xena" 2024-03-06 08:47:57 +00:00
OpenStack Release Bot 5179cc3a2e reno: Update master for unmaintained/xena
Update the xena release notes configuration to build from
unmaintained/xena.

Change-Id: I611b21c6a03b01c8dff364b223da324d6e2fb1ac
2024-03-05 18:59:44 +00:00
OpenStack Release Bot 1d411539bb reno: Update master for unmaintained/wallaby
Update the wallaby release notes configuration to build from
unmaintained/wallaby.

Change-Id: If0336f59e8aa68298cd3efb9b8ee2dd391b90387
2024-03-05 18:58:35 +00:00
OpenStack Release Bot 959297dba0 reno: Update master for unmaintained/victoria
Update the victoria release notes configuration to build from
unmaintained/victoria.

Change-Id: I1e830e9c06f87125835afe2115d6b32a84fc2b80
2024-03-05 18:57:25 +00:00
Michael Johnson c88922315e Fix duplicate tasks in SRIOV LB Create flow
There was a mistake in the load balancer create flow where duplicate
tasks were added to the flow when an SRIOV VIP was used. This patch corrects
that by removing the duplicate tasks.

Change-Id: Id3dce30639cce6724d41fd2ccd53612384eba87f
2024-02-29 18:54:49 +00:00
Takashi Kajinami bd3ef61a0c redis: Support multiple sentinel servers
Redis Sentinel client implementation support using multiple sentinel
servers for redundancy, but only a single server from the servers list
was passed down to it.

This uses the new taskflow interface to add fallback servers, and
register the remaining servers in the list as fallbacks.

Depends-on: https://review.opendev.org/c/openstack/taskflow/+/907674
Change-Id: I6b281d2520db0048329b12b33108273ba2f96534
2024-02-29 16:57:57 +00:00
Takashi Kajinami 16f6b2e8f6 redis: Add username
Redis introduced ACL feature in 4.0.0, and this feature is supported by
redis-py since 3.4.0[1]. When ACL is enabled, authentication requires
username in addition to password.

Also this removes the default password string because it can confuse
underlying libraries in case a more strict check such as 'is None' is
implemented there.

[1] 8df8cd54d1

Depends-on: https://review.opendev.org/c/openstack/taskflow/+/907667
Change-Id: Ie85589ab4e02046f54864a10b9b8adce6996d82a
2024-03-01 01:57:35 +09:00
Zuul 115b18effd Merge "Enable nftables rules for SR-IOV VIPs" 2024-02-29 09:45:29 +00:00
Zuul 346e65cfee Merge "Add nftables support for SR-IOV VIPs" 2024-02-29 09:28:17 +00:00
Zuul 9973874afb Merge "Add support for SR-IOV ports in Octavia" 2024-02-29 09:01:03 +00:00
Michael Johnson fc37d8303d Enable nftables rules for SR-IOV VIPs
This patch enables setting the nftables rules in Amphora using SR-IOV VIPs.

Change-Id: I554aac422371abafb4bb04e2d0df3fce3fa169d4
2024-02-28 17:07:05 +00:00
Michael Johnson d83999f4ed Add nftables support for SR-IOV VIPs
This patch adds the initial nftables support in the amphora for SR-IOV
VIPs. Followup patches will add rules to the nftables chain. As this
point in the patch chain, SR-IOV VIPs will not pass any traffic.

Change-Id: Ib2a1c3f49a26690d2e0e9c7330e047748c0b5105
2024-02-28 16:00:12 +00:00
Michael Johnson 75c1bdd104 Add support for SR-IOV ports in Octavia
Change-Id: I16622add64076370dad85620043f71077bc9acbb
2024-02-28 15:56:35 +00:00
Zuul 3acb24ee9a Merge "Cap hacking" 2024-02-28 06:00:41 +00:00
Zuul b2f3f77d9e Merge "Honor connection_recycle_timeout in MysqlPersistenceDriver" 2024-02-28 05:27:01 +00:00
Zuul 3f4eddc5cc Merge "Add h2 section to Octavia cookbook" 2024-02-27 16:12:23 +00:00
Michael Johnson ffc9d83197 Remove some unused code
These methods and tasks are no longer used in the code, so this patch proposes
to remove them.

Change-Id: Ic7813d3a9073e4b3c1bc6a7839242df34a16d348
2024-02-27 03:50:47 +00:00
Zuul 30ce858564 Merge "Fix pylint error" 2024-02-27 03:27:54 +00:00
Takashi Kajinami 6d352dd3a6 Fix pylint error
pylint 3.1.0 introduced the new check (use-yield-from) and this detects
a few failures in current code. This fixes these failures.

Change-Id: Ia5396895b27e4b28a7d9d8d85a85a8449c21d493
2024-02-26 16:58:39 +09:00
Zuul 46f4020e70 Merge "Bump hacking in pre commit config" 2024-02-23 02:30:50 +00:00
Zuul b51cd8beb6 Merge "git : Ignore generated octavia.conf" 2024-02-23 02:30:47 +00:00
Omer bb53212d5c Add h2 section to Octavia cookbook
So far we did not document h2 load balancing with both pool backend
re-encryption and alpn protocols.

This patch adds that missing h2 section to the Octavia cookbook.

Story 2010581
Task 47365

Change-Id: Iffaf4fa50ae6bf93a8e25e61f6776b1bed343f52
2024-02-23 00:04:45 +00:00
Fernando Royo d5d8c6bf52 Add additional-vips to the feature matrix
Include additional VIPs feature in the Amphora and OVN provider
matrix since it has already been integrated for both providers.

Change-Id: If43296d81bbaa10bd5e720d7c18920321ab8b743
2024-02-22 23:18:28 +00:00
Vasyl Saienko 96846e7b66 When we failed to load pkcs12 cert print warning
Print actual error when we failed to load pkcs12 cert and
falling back to the default implemntation, as exception may
not be related to certificate or its format like an issue
with wrong methods during cryptography version mismatch

*** AttributeError: module 'OpenSSL.crypto' has no attribute 'load_pkcs12'

Related-Prod: PRODX-39931
Change-Id: I85c8a615c4f2e08e28939805ae0e9b2028dadaed
2024-02-19 18:52:06 +02:00
OpenStack Release Bot c8e5e46e47 reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.

Change-Id: I8ce1ff627a7d50583f6d2dbca123eb7a88c857f5
2024-02-19 06:36:44 +00:00
Mohammed Naser 7352dc8f1e fix: specify endpoint info. for neutron client
Closes bug: #2049551

Change-Id: I80a266e500958415a70d462ddfe57e9e03e6ef13
2024-02-15 14:28:47 +08:00
Gregory Thiemonge 380540a779 Use devstack helper functions in the plugin
Using get_or_.*_role functions is useful when deploying 2 devstack
instances in 2 different regions with a unique keystone instance, the
functions ensure that the changes haven't already been applied

Change-Id: I95d75b1bc3a62bb2758a4c5985dcfb9e6cc12449
2024-02-01 15:08:39 +01:00
Gregory Thiemonge 7bb6096ecc Fix neutron setting overrides
Since 2023.2, we deprecated some settings in the [neutron] section
('endpoint', 'endpoint_type' and 'ca_certificates_file'), they are
respectively replaced by 'endpoint_override', 'valid_interfaces' and
'cafile'. There's some code in Octavia that automatically sets the new
settings if the user still has the old settings (it is required because
keystoneauth uses the CONF objects to establish the sessions).
But some corner cases were not correctly addressed in that patch.

Now Octavia ensures that the override of the parameters is correctly
handled.

Change-Id: Ic37e9f699e32431ae1735ddc9642689967ddc696
Closes-Bug: 2051604
2024-02-01 14:32:11 +01:00