This patch adds the initial nftables support in the amphora for SR-IOV
VIPs. Followup patches will add rules to the nftables chain. As this
point in the patch chain, SR-IOV VIPs will not pass any traffic.
Change-Id: Ib2a1c3f49a26690d2e0e9c7330e047748c0b5105
The six library was removed from octavia by [1]. Also PyYAML is
required by diskimage-builder and we don't have to explicitly require
it.
[1] f6b957e8ee
Change-Id: I1c5e7058172b0c6d9b700cf83494fb4f5d244a12
* Added support for Rocky Linux in the amphora-agent
* Amphora images for Rocky can be built when setting
OCTAVIA_AMP_BASE_OS="rocky"
* Fixed the devstack plugin for Rocky Linux hosts
Change-Id: I41f7e2341332b9cb74b4a59fedb6eed1af3c8062
The new "cpu-pinning" element optimizes the amphora image for better
vertical scaling. When an amphora flavor with multiple vCPUs is
configured it will configure the kernel to isolate (isolcpus)
all vCPUs except the first one.
Furthermore, it uninstalls irqbalance and sets the IRQ affinity to the
first CPU. That way the other CPUs are free to be used by HAProxy
exclusively. A new customized TuneD profile applies some more tweaks
for improving network latency.
This new feature is disabled by default in diskimage-create.sh.
Story: 2010236
Task: 46042
Change-Id: I1a0591de79be867483a044705e866b2368b2a567
When enforcing SELinux, the commit enables the following SELinux
booleans:
- os_haproxy_enable_nsfs: it allows haproxy to run in a network
namespace.
- os_haproxy_ping: it allows calls to the ping command from haproxy (for
PING HMs)
- cluster_use_execmem
Change-Id: I4b5199d13d122b56619c4a2d21e86a06bd0dc3bf
The FIPS jobs use centos-8-stream controllers but the image is still
based on ubuntu, this commit updates the amphora images to
centos-8-stream and enable FIPS inside the amphora.
Change-Id: I8916796ed6727a103907a33d3c14e99e1d3734e6
The size of the amphora image was not shown at the end of the
diskimage-screate.sh script due to missing file extenstion.
The extension is set based on the AMP_IMAGETYPE variable.
story: 2009688
Change-Id: I1cbced187c054391039933d2ba5abeaf93d80754
Diskimage-builder has removed support to building i386 images, and major
Linux distributions have already end-of-lifed 32-bit host support.
Depends-On: https://review.opendev.org/c/openstack/diskimage-builder/+/790878
Change-Id: I258b9b49b4a876a2bf9772b19f2100187ea83007
The current PTI version for Ubuntu is focal. This patch updates
the diskimage-create.sh default to focal from bionic.
Change-Id: Ia380b712d9d40d702b99bb3b04e1f45dcb60b96c
The disk image create tool can now build aarch64/arm64 amphora images.
The devstack plugin will facilitate image builds and upload to Glance
for this CPU architecture.
Change-Id: I1cebd8a3da58dc56ebbfac22f7802ab7f52585e1
Ubuntu 20.04 is a "Tested Runtime" for the Victoria release[1].
This patch updated our diskimage-create script and elements to
support building a amphora image that uses Ubuntu 20.04 (focal).
[1] https://governance.openstack.org/tc/reference/runtimes/victoria.html
Change-Id: I6f53ea5d012ab64b985d981ecd1b1967e18e4e81
This patch adds support for nftables (an iptables replacement) to
the devstack plugin and the amphora agent.
Change-Id: I9e2c4d6e68da67d68c6dfeb3b47edd600d1ba397
This new diskimage-builder element installs octavia-lib from Git for
source install type image builds rather than from released versions.
To mention some advantages:
1. allow custom octavia-lib versions (useful for development)
2. test unreleased octavia-lib changes in CI
3. install latest changes from master and stable branches
(aligns with approach taken with amphora-agent)
Branch checkout to stable/* from master for octavia-lib DIB element will
be automated on branch create. See https://review.opendev.org/#/c/745877
Change-Id: I6d87b6bd25c536b2bed1994427cd933bdcc091d6
DIB reduced the size of CentOS minimal images to the point CentOS-based
amphora images fit back in the default 2 GB disk.
Change-Id: Icd3ff0162def1820940d49e36308fc976bfde364
This patch adds an output from the diskimage-create.sh script that
shows the generated image size.
This is handy for seeing the impact of a patch on the generated
amphora image size.
Change-Id: Id18783acefc5ba9acb1789a2fd3d52df603f292a
The default Grub timeout is 5 set by the bootloader element. Setting
timeout to zero helps reduce boot times.
Change-Id: I82d877a41d7339891a388e26d149fd65cb61c727
On base operating systems that use DNF there can be a systemd timer
that attempts to call out and update the dnf cache every hour.
This patch adds an diskimage-builder element that disables this
timer as most amphora will not be successful in updating this cache
because they do not have network access or DNS services avaialable.
Change-Id: I5dec631d3e66e1dfb6b8741caea89938ee18a7d8
Story: 2007408
Task: 39019
Use `-g` to select the current Git branch to use for the amphora
build. This has historically been confusing for people, and this should
make it a little easier.
Change-Id: Iab01faaa17507c7bea399db7ee8f27f88d8de183
The diskimage-create.sh tool will now default to CentOS 8 when building
CentOS-based amphora images.
This patch also removes leftover references to support for Ubuntu Trusty
and Xenial.
Change-Id: I3aba59c8dd86aeeee28cc6a67af93697912fb55b
As Ubuntu is debian-like platform, there is no reason
to not support building image on Debian platform. Currently diskimage-create.sh is
using head -n 1 to read /etc/os-release to fill platform bash variable.
Bash platform variable is filled with NAME="Ubuntu" string as it is first
line of Ubuntu's /etc/os-release. In debian the first line is for example
PRETTY_NAME="Debian GNU/Linux 10 (buster)".
This commit is fixing this behavior and fill platform bash variable
to exact NAME variable from /etc/os-release.
Change-Id: If7b507c30720516dc8dfd181170476f9ef003748
OpenStack is dropping support for xenial[1].
This patch removes references to support for xenial amphora images
and stops the nightly build of xenial amphora test images.
[1] https://review.opendev.org/#/c/695114/
Change-Id: I1bc0a37f35839a5f9a95650af7c82239f6544c50
The image building process adds some unnecessary network interface
configuration files to /etc/network/interfaces.d. This element cleans those
out as they are not needed because cloud-init will create the required
configuration file.
Change-Id: If5fbfc34ff0e91608f402811aa2b78c9cbcb00ec
This patch adds the Amphora image building guide from the
diskimage-create README.rst to the Administration documentation.
It also re-organizes the Adminstration guides to be broken down
by category as the old page was becoming a long list of guides.
(I like that kind of problem)
The diskimage-create README has a few formating corrections to make
it render better for the documentation.
Change-Id: Ice4071e1f872c8c0d0595427cff6f02ffbcf7968
The recently added tox "build" environment had a few problems:
1. It was not honoring the DIB_* environment variables which meant
in always built a master branch image.
2. It also failed to run repeatedly due to a cache directory path issue.
3. The built images were stored in a hidden folder ".amp_tox_test".
This patch fixes those issues, resolves a confusing
"dpkg Broken pipe" message, and adds a "Successfully built" message
at the end of the built that highlights which branch the image was
built against (master, stable/stein, etc.).
Change-Id: I826c5f753f159b2d5dee97d4e2922826444ea6da
There was a bug[1] in diskimage-builder when using pypi mirrors
if the host doesn't have "python" available DIB will fail.
So, I am going to bump the requirements minimum in Octavia for
diskimage-builder to be the minimum version with this fix.
[1] https://bugs.launchpad.net/diskimage-builder/+bug/1577105
Change-Id: If0ff2a855ad5b9d9ef3742ad0596c97a6dbf81ed
This patch adds the DIB_REPOLOCATION_amphora_agent and
DIB_REPOREF_amphora_agent optional environment variables to the
Octavia diskimage-create README.rst to clarify how to override the
amphora agent version in image builds.
Change-Id: Ic9beec74f84176d27fbefcc2fba281444ab02fa2
DIB automatically picks a Python version based on the distro and
version. For Ubuntu Bionic, that default is Python 3 which means the
amphora-agent does not run on Python 2 when it was expected to on -py2
jobs [1].
[1] http://logs.openstack.org/10/661310/8/check/ \
octavia-v2-dsvm-py2-scenario/664a91b/controller/logs/dib-build/ \
amphora-x64-haproxy.qcow2_log.txt.gz#_2019-07-27_15_51_58_393
Change-Id: I6fd12be06bc848b3e29828c091f61229703e3a57
This patch changes CentOS amphora images to be built using the
centos-minimal DIB element. The generated image size is reduce from
approximately 702 MB to 520 MB. Compatibility with 'centos' AMP_BASEOS
is kept.
Change-Id: Iffc4a9725bff41618edbf246dd5a167b4e0ef6d3
This patch updates the diskimage-create script to select Ubuntu
bionic as the default version of Ubuntu for the amphora image.
Change-Id: Ie8bbcbe073644137b8eb04c42d9457f507513007
The cloud-init-datasources DIB element configures cloud-init to only use
an explicit list of data sources. Until the switch from ubuntu element
to ubuntu-minimal, cloud-init was being configured to only use
ConfigDrive datasource because the ubuntu element had
cloud-init-datasources as element dependency. The ubuntu-minimal and
other OS elements (e.g. RHEL-based) do not have it, so the export
DIB_CLOUD_INIT_DATASOURCES was not being used.
Change-Id: I74ecc826596c5f739a49defe6588bcc741b03594
Michael Johnson