[release-announce] octavia 3.1.0 (rocky)
no-reply at openstack.org
no-reply at openstack.org
Sat Apr 13 00:10:35 UTC 2019
We are excited to announce the release of:
octavia 3.1.0: OpenStack Octavia Scalable Load Balancer as a Service
This release is part of the rocky stable release series.
The source is available from:
https://git.openstack.org/cgit/openstack/octavia
Download the package from:
https://pypi.org/project/octavia
Please report issues through:
https://storyboard.openstack.org/#!/project/908
For more details, please see below.
3.1.0
^^^^^
Upgrade Notes
*************
* To fix the issue with active/standby load balancers or single
topology load balancers with members on the VIP subnet, you need to
update the amphora image.
Critical Issues
***************
* Fixed a bug where active/standby load balancers and single
topology load balancers with members on the VIP subnet may fail. An
updated image is required to fix this bug.
Security Issues
***************
* As a followup to the fix that resolved CVE-2018-16856, Octavia
will now encrypt certificates and keys used for secure communication
with amphorae, in its internal workflows. Octavia used to exclude
debug- level log prints for specific tasks and flows that were
explicitly specified by name, a method that is susceptive to code
changes.
Bug Fixes
*********
* Fixed an issue creating members on networks with IPv6 subnets.
* Fixes creating a fully populated load balancer with not
REDIRECT_POOL type L7 policy and default_pool field.
* Fixed a performance issue where the Housekeeping service could
significantly and incrementally utilize CPU as more amphorae and
load balancers are created and/or marked as DELETED.
* Fix load balancers that could not be failed over when in ERROR
provisioning status.
* Fixed a bug that caused an excessive number of RabbitMQ
connections to be opened.
* Fixed an error when plugging the VIP on CentOS-based amphorae.
* Fixed an issue where trying to set a QoS policy on a VIP while the
QoS extension is disabled would bring the load balancer to ERROR.
Should the QoS extension be disabled, the API will now return HTTP
400 to the user.
* Fixed an issue where setting a QoS policy on the VIP would bring
the load balancer to ERROR when the QoS extension is enabled.
* Octavia will no longer automatically revoke access to secrets
whenever load balancing resources no longer require access to them.
This may be added in the future.
Other Notes
***********
* Added a new option named server_certs_key_passphrase under the
certificates section. The default value gets copied from an
environment variable named TLS_PASS_AMPS_DEFAULT. In a case where
TLS_PASS_AMPS_DEFAULT is not set, and the operator did not fill any
other value directly, 'insecure-key-do-not-use-this-key' will be
used.
Changes in octavia 3.0.2..3.1.0
-------------------------------
44217817 Fix the amphora base port coming up
4d9b818b Fix setting of VIP QoS policy
2e3f82f5 Fix VIP plugging on CentOS-based amphorae
3f0d296a Fix the loss of access to barbican secrets
8b671a0f Fix initialization of Barbican client
42595a27 Fix ifup failures on member interfaces with IPv6
2362be68 Adds server_certs_key_passphrase to octavia.conf
95ad71ec Replace openstack.org git:// URLs with https://
43488771 Fix LB failover when in ERROR
6e8c5548 Resolve amphora agent read timeout issue
226763a6 Fix performance of housekeeping DB clean up
dc4c0b62 Encrypt certs and keys
3efff89d Enable debug for Octavia services in grenade job
0a6ef71c Fix oslo messaging connection leakage
ab1ef501 Simplify keepalived lvsquery parsing for UDP
fea74ee9 Fix possible state machine hole in failover
3d9cb83d Add missing import octavia/opts.py
1c35e7e8 Fix functional tests under Python >= 3.6
8e96f625 Fix check redirect pool for creating a fully populated load balancer.
f8fbc984 Fix missing print format error
34fcaee9 Fix prefix for vip_ipv6
Diffstat (except docs and test files)
-------------------------------------
devstack/plugin.sh | 1 +
etc/octavia.conf | 3 +-
.../amphorae/backends/agent/api_server/osutils.py | 76 +++++++-----
.../amphorae/backends/utils/keepalivedlvs_query.py | 75 ++++--------
octavia/api/drivers/amphora_driver/driver.py | 4 +-
.../api/handlers/controller_simulator/handler.py | 2 +-
octavia/api/handlers/queue/producer.py | 23 ++--
octavia/api/v2/controllers/amphora.py | 4 +-
octavia/api/v2/controllers/listener.py | 39 -------
octavia/api/v2/controllers/load_balancer.py | 27 +++--
octavia/certificates/common/auth/barbican_acl.py | 5 +-
octavia/certificates/common/local.py | 13 ++-
octavia/common/config.py | 6 +-
octavia/common/exceptions.py | 2 +-
octavia/common/rpc.py | 66 +++++++++++
octavia/common/service.py | 2 +
octavia/common/utils.py | 14 +++
octavia/common/validate.py | 7 ++
octavia/controller/housekeeping/house_keeping.py | 33 +++---
octavia/controller/queue/consumer.py | 10 +-
octavia/controller/worker/controller_worker.py | 36 ++----
.../worker/tasks/amphora_driver_tasks.py | 6 +-
octavia/controller/worker/tasks/cert_task.py | 6 +-
octavia/controller/worker/tasks/compute_tasks.py | 7 +-
octavia/controller/worker/tasks/database_tasks.py | 8 +-
octavia/db/repositories.py | 76 ++++--------
octavia/network/base.py | 7 ++
octavia/network/drivers/neutron/base.py | 5 +
octavia/network/drivers/noop_driver/driver.py | 7 ++
octavia/opts.py | 1 +
.../backend/agent/api_server/test_keepalivedlvs.py | 8 +-
.../backend/agent/api_server/test_server.py | 30 +++--
.../backends/agent/api_server/test_osutils.py | 128 +++++++++++++++++++++
.../backends/agent/test_agent_jinja_cfg.py | 6 +-
.../drivers/amphora_driver/test_amphora_driver.py | 19 ++-
.../certificates/common/auth/test_barbican_acl.py | 4 +-
.../controller/housekeeping/test_house_keeping.py | 23 ++--
.../worker/tasks/test_amphora_driver_tasks.py | 9 +-
.../unit/controller/worker/tasks/test_cert_task.py | 14 ++-
.../controller/worker/tasks/test_compute_tasks.py | 14 ++-
.../controller/worker/tasks/test_database_tasks.py | 43 ++-----
.../controller/worker/test_controller_worker.py | 4 +
playbooks/legacy/grenade-devstack-octavia/run.yaml | 3 +-
.../run.yaml | 2 +-
.../legacy/octavia-v1-dsvm-py3x-scenario/run.yaml | 2 +-
.../octavia-v1-dsvm-scenario-kvm-centos.7/run.yaml | 2 +-
.../legacy/octavia-v1-dsvm-scenario-lxd/run.yaml | 2 +-
.../octavia-v1-dsvm-scenario-multinode/run.yaml | 2 +-
playbooks/legacy/octavia-v1-dsvm-scenario/run.yaml | 2 +-
...Fix-ifup-on-member-create-5b405d98eb036718.yaml | 4 +
.../encrypt-certs-and-keys-5175d7704d8df3ce.yaml | 15 +++
...y-populated-load-balancer-ae57ffae5c017ac3.yaml | 5 +
.../notes/fix-eth1-ip-flush-7fadda4bdca387b5.yaml | 11 ++
...usekeeping-db-performance-b0d0fcfcce696314.yaml | 6 +
.../fix-lb-error-failover-2c17afaa20c0c97f.yaml | 5 +
...saging-connection-leakage-aeb79474105ac116.yaml | 5 +
.../fix-vip-plug-centos-74c2fe7099964b08.yaml | 3 +
...-policy-extension-enabled-3e16e1c23a7d7ae5.yaml | 7 ++
.../remove-bbq-unset-acl-e680020de6a9ad3d.yaml | 6 +
tox.ini | 4 +
zuul.d/projects.yaml | 14 +++
67 files changed, 728 insertions(+), 396 deletions(-)
More information about the Release-announce
mailing list