[release-announce] octavia 2.1.0 (queens)
no-reply at openstack.org
no-reply at openstack.org
Sat Apr 13 00:04:02 UTC 2019
We are pumped to announce the release of:
octavia 2.1.0: OpenStack Octavia Scalable Load Balancer as a Service
This release is part of the queens stable release series.
The source is available from:
https://git.openstack.org/cgit/openstack/octavia
Download the package from:
https://pypi.org/project/octavia
Please report issues through:
https://storyboard.openstack.org/#!/project/908
For more details, please see below.
2.1.0
^^^^^
Upgrade Notes
*************
* To fix the issue with active/standby load balancers or single
topology load balancers with members on the VIP subnet, you need to
update the amphora image.
Critical Issues
***************
* Fixed a bug where active/standby load balancers and single
topology load balancers with members on the VIP subnet may fail. An
updated image is required to fix this bug.
Security Issues
***************
* As a followup to the fix that resolved CVE-2018-16856, Octavia
will now encrypt certificates and keys used for secure communication
with amphorae, in its internal workflows. Octavia used to exclude
debug- level log prints for specific tasks and flows that were
explicitly specified by name, a method that is susceptive to code
changes.
Bug Fixes
*********
* Fixed an issue creating members on networks with IPv6 subnets.
* Fixed a performance regression in the Octavia v2 API when using
the "list" APIs.
* Fixes creating a fully populated load balancer with not
REDIRECT_POOL type L7 policy and default_pool field.
* Fix load balancers that could not be failed over when in ERROR
provisioning status.
* Fixed a bug that caused an excessive number of RabbitMQ
connections to be opened.
* Fixed an error when plugging the VIP on CentOS-based amphorae.
* Fixed an issue where trying to set a QoS policy on a VIP while the
QoS extension is disabled would bring the load balancer to ERROR.
Should the QoS extension be disabled, the API will now return HTTP
400 to the user.
* Fixed an issue where setting a QoS policy on the VIP would bring
the load balancer to ERROR when the QoS extension is enabled.
Other Notes
***********
* Added a new option named server_certs_key_passphrase under the
certificates section. The default value gets copied from an
environment variable named TLS_PASS_AMPS_DEFAULT. In a case where
TLS_PASS_AMPS_DEFAULT is not set, and the operator did not fill any
other value directly, 'insecure-key-do-not-use-this-key' will be
used.
Changes in octavia 2.0.4..2.1.0
-------------------------------
0a7bfa21 Fix the API list performance regression
aa568997 Fix the amphora base port coming up
60f49eff Fix oslo messaging connection leakage
879380a3 Fix setting of VIP QoS policy
9808720b Fix VIP plugging on CentOS-based amphorae
e8792e80 Fix ifup failures on member interfaces with IPv6
49ed77ea Adds server_certs_key_passphrase to octavia.conf
911a7637 Slightly reorder member flows
b3ee9c96 Replace openstack.org git:// URLs with https://
e099415f Fix LB failover when in ERROR
f8e7a156 Encrypt certs and keys
247eb9e3 Add error logging for amphora agent exceptions
230f018b Ensure pool object contains the listener_id if passed
03bc01b0 Fix possible state machine hole in failover
faae5fd2 Add missing import octavia/opts.py
a50bb9ca Fix check redirect pool for creating a fully populated load balancer.
Diffstat (except docs and test files)
-------------------------------------
devstack/plugin.sh | 1 +
etc/octavia.conf | 1 +
.../amphorae/backends/agent/api_server/osutils.py | 22 ++-
octavia/amphorae/drivers/haproxy/exceptions.py | 11 ++
octavia/api/handlers/queue/producer.py | 23 +--
octavia/api/v2/controllers/amphora.py | 2 +-
octavia/api/v2/controllers/health_monitor.py | 2 +-
octavia/api/v2/controllers/l7policy.py | 2 +-
octavia/api/v2/controllers/l7rule.py | 2 +-
octavia/api/v2/controllers/listener.py | 2 +-
octavia/api/v2/controllers/load_balancer.py | 36 ++--
octavia/api/v2/controllers/member.py | 2 +-
octavia/api/v2/controllers/pool.py | 2 +-
octavia/certificates/common/local.py | 13 +-
octavia/common/config.py | 4 +
octavia/common/rpc.py | 64 ++++++
octavia/common/service.py | 2 +
octavia/common/utils.py | 14 ++
octavia/common/validate.py | 7 +
octavia/controller/queue/consumer.py | 10 +-
octavia/controller/worker/controller_worker.py | 36 +---
octavia/controller/worker/flows/member_flows.py | 8 +-
.../worker/tasks/amphora_driver_tasks.py | 6 +-
octavia/controller/worker/tasks/cert_task.py | 6 +-
octavia/controller/worker/tasks/compute_tasks.py | 7 +-
octavia/controller/worker/tasks/database_tasks.py | 8 +-
octavia/db/models.py | 81 ++++----
octavia/db/repositories.py | 217 ++++++++++++++++++++-
octavia/network/base.py | 7 +
octavia/network/drivers/neutron/base.py | 5 +
octavia/network/drivers/noop_driver/driver.py | 7 +
octavia/opts.py | 1 +
.../worker/tasks/test_amphora_driver_tasks.py | 9 +-
.../unit/controller/worker/tasks/test_cert_task.py | 14 +-
.../controller/worker/tasks/test_compute_tasks.py | 14 +-
.../controller/worker/tasks/test_database_tasks.py | 43 +---
.../controller/worker/test_controller_worker.py | 4 +
.../run.yaml | 2 +-
.../legacy/octavia-v1-dsvm-py3x-scenario/run.yaml | 2 +-
.../octavia-v1-dsvm-scenario-kvm-centos.7/run.yaml | 2 +-
.../legacy/octavia-v1-dsvm-scenario-lxd/run.yaml | 2 +-
.../octavia-v1-dsvm-scenario-multinode/run.yaml | 2 +-
playbooks/legacy/octavia-v1-dsvm-scenario/run.yaml | 2 +-
...Fix-ifup-on-member-create-5b405d98eb036718.yaml | 4 +
.../encrypt-certs-and-keys-5175d7704d8df3ce.yaml | 15 ++
.../fix-API-list-performance-3b121deffbc3ce4a.yaml | 5 +
...y-populated-load-balancer-ae57ffae5c017ac3.yaml | 5 +
.../notes/fix-eth1-ip-flush-7fadda4bdca387b5.yaml | 11 ++
.../fix-lb-error-failover-2c17afaa20c0c97f.yaml | 5 +
...saging-connection-leakage-aeb79474105ac116.yaml | 5 +
.../fix-vip-plug-centos-74c2fe7099964b08.yaml | 3 +
...-policy-extension-enabled-3e16e1c23a7d7ae5.yaml | 7 +
57 files changed, 689 insertions(+), 197 deletions(-)
More information about the Release-announce
mailing list