[release-announce] octavia 3.1.0 (rocky)

no-reply at openstack.org no-reply at openstack.org
Sat Apr 13 00:10:35 UTC 2019 

We are excited to announce the release of:

octavia 3.1.0: OpenStack Octavia Scalable Load Balancer as a Service

This release is part of the rocky stable release series.

The source is available from:

    https://git.openstack.org/cgit/openstack/octavia

Download the package from:

    https://pypi.org/project/octavia

Please report issues through:

    https://storyboard.openstack.org/#!/project/908

For more details, please see below.

3.1.0
^^^^^


Upgrade Notes
*************

* To fix the issue with active/standby load balancers or single
  topology load balancers with members on the VIP subnet, you need to
  update the amphora image.


Critical Issues
***************

* Fixed a bug where active/standby load balancers and single
  topology load balancers with members on the VIP subnet may fail. An
  updated image is required to fix this bug.


Security Issues
***************

* As a followup to the fix that resolved CVE-2018-16856, Octavia
  will now encrypt certificates and keys used for secure communication
  with amphorae, in its internal workflows. Octavia used to exclude
  debug- level log prints for specific tasks and flows that were
  explicitly specified by name, a method that is susceptive to code
  changes.


Bug Fixes
*********

* Fixed an issue creating members on networks with IPv6 subnets.

* Fixes creating a fully populated load balancer with not
  REDIRECT_POOL type L7 policy and default_pool field.

* Fixed a performance issue where the Housekeeping service could
  significantly and incrementally utilize CPU as more amphorae and
  load balancers are created and/or marked as DELETED.

* Fix load balancers that could not be failed over when in ERROR
  provisioning status.

* Fixed a bug that caused an excessive number of RabbitMQ
  connections to be opened.

* Fixed an error when plugging the VIP on CentOS-based amphorae.

* Fixed an issue where trying to set a QoS policy on a VIP while the
  QoS extension is disabled would bring the load balancer to ERROR.
  Should the QoS extension be disabled, the API will now return HTTP
  400 to the user.

* Fixed an issue where setting a QoS policy on the VIP would bring
  the load balancer to ERROR when the QoS extension is enabled.

* Octavia will no longer automatically revoke access to secrets
  whenever load balancing resources no longer require access to them.
  This may be added in the future.


Other Notes
***********

* Added a new option named server_certs_key_passphrase under the
  certificates section. The default value gets copied from an
  environment variable named TLS_PASS_AMPS_DEFAULT. In a case where
  TLS_PASS_AMPS_DEFAULT is not set, and the operator did not fill any
  other value directly, 'insecure-key-do-not-use-this-key' will be
  used.

Changes in octavia 3.0.2..3.1.0
-------------------------------

44217817 Fix the amphora base port coming up
4d9b818b Fix setting of VIP QoS policy
2e3f82f5 Fix VIP plugging on CentOS-based amphorae
3f0d296a Fix the loss of access to barbican secrets
8b671a0f Fix initialization of Barbican client
42595a27 Fix ifup failures on member interfaces with IPv6
2362be68 Adds server_certs_key_passphrase to octavia.conf
95ad71ec Replace openstack.org git:// URLs with https://
43488771 Fix LB failover when in ERROR
6e8c5548 Resolve amphora agent read timeout issue
226763a6 Fix performance of housekeeping DB clean up
dc4c0b62 Encrypt certs and keys
3efff89d Enable debug for Octavia services in grenade job
0a6ef71c Fix oslo messaging connection leakage
ab1ef501 Simplify keepalived lvsquery parsing for UDP
fea74ee9 Fix possible state machine hole in failover
3d9cb83d Add missing import octavia/opts.py
1c35e7e8 Fix functional tests under Python >= 3.6
8e96f625 Fix check redirect pool for creating a fully populated load balancer.
f8fbc984 Fix missing print format error
34fcaee9 Fix prefix for vip_ipv6


Diffstat (except docs and test files)
-------------------------------------

devstack/plugin.sh                                 |   1 +
etc/octavia.conf                                   |   3 +-
.../amphorae/backends/agent/api_server/osutils.py  |  76 +++++++-----
.../amphorae/backends/utils/keepalivedlvs_query.py |  75 ++++--------
octavia/api/drivers/amphora_driver/driver.py       |   4 +-
.../api/handlers/controller_simulator/handler.py   |   2 +-
octavia/api/handlers/queue/producer.py             |  23 ++--
octavia/api/v2/controllers/amphora.py              |   4 +-
octavia/api/v2/controllers/listener.py             |  39 -------
octavia/api/v2/controllers/load_balancer.py        |  27 +++--
octavia/certificates/common/auth/barbican_acl.py   |   5 +-
octavia/certificates/common/local.py               |  13 ++-
octavia/common/config.py                           |   6 +-
octavia/common/exceptions.py                       |   2 +-
octavia/common/rpc.py                              |  66 +++++++++++
octavia/common/service.py                          |   2 +
octavia/common/utils.py                            |  14 +++
octavia/common/validate.py                         |   7 ++
octavia/controller/housekeeping/house_keeping.py   |  33 +++---
octavia/controller/queue/consumer.py               |  10 +-
octavia/controller/worker/controller_worker.py     |  36 ++----
.../worker/tasks/amphora_driver_tasks.py           |   6 +-
octavia/controller/worker/tasks/cert_task.py       |   6 +-
octavia/controller/worker/tasks/compute_tasks.py   |   7 +-
octavia/controller/worker/tasks/database_tasks.py  |   8 +-
octavia/db/repositories.py                         |  76 ++++--------
octavia/network/base.py                            |   7 ++
octavia/network/drivers/neutron/base.py            |   5 +
octavia/network/drivers/noop_driver/driver.py      |   7 ++
octavia/opts.py                                    |   1 +
.../backend/agent/api_server/test_keepalivedlvs.py |   8 +-
.../backend/agent/api_server/test_server.py        |  30 +++--
.../backends/agent/api_server/test_osutils.py      | 128 +++++++++++++++++++++
.../backends/agent/test_agent_jinja_cfg.py         |   6 +-
.../drivers/amphora_driver/test_amphora_driver.py  |  19 ++-
.../certificates/common/auth/test_barbican_acl.py  |   4 +-
.../controller/housekeeping/test_house_keeping.py  |  23 ++--
.../worker/tasks/test_amphora_driver_tasks.py      |   9 +-
.../unit/controller/worker/tasks/test_cert_task.py |  14 ++-
.../controller/worker/tasks/test_compute_tasks.py  |  14 ++-
.../controller/worker/tasks/test_database_tasks.py |  43 ++-----
.../controller/worker/test_controller_worker.py    |   4 +
playbooks/legacy/grenade-devstack-octavia/run.yaml |   3 +-
.../run.yaml                                       |   2 +-
.../legacy/octavia-v1-dsvm-py3x-scenario/run.yaml  |   2 +-
.../octavia-v1-dsvm-scenario-kvm-centos.7/run.yaml |   2 +-
.../legacy/octavia-v1-dsvm-scenario-lxd/run.yaml   |   2 +-
.../octavia-v1-dsvm-scenario-multinode/run.yaml    |   2 +-
playbooks/legacy/octavia-v1-dsvm-scenario/run.yaml |   2 +-
...Fix-ifup-on-member-create-5b405d98eb036718.yaml |   4 +
.../encrypt-certs-and-keys-5175d7704d8df3ce.yaml   |  15 +++
...y-populated-load-balancer-ae57ffae5c017ac3.yaml |   5 +
.../notes/fix-eth1-ip-flush-7fadda4bdca387b5.yaml  |  11 ++
...usekeeping-db-performance-b0d0fcfcce696314.yaml |   6 +
.../fix-lb-error-failover-2c17afaa20c0c97f.yaml    |   5 +
...saging-connection-leakage-aeb79474105ac116.yaml |   5 +
.../fix-vip-plug-centos-74c2fe7099964b08.yaml      |   3 +
...-policy-extension-enabled-3e16e1c23a7d7ae5.yaml |   7 ++
.../remove-bbq-unset-acl-e680020de6a9ad3d.yaml     |   6 +
tox.ini                                            |   4 +
zuul.d/projects.yaml                               |  14 +++
67 files changed, 728 insertions(+), 396 deletions(-)

More information about the Release-announce mailing list