[release-announce] octavia 4.1.1 (stein)

no-reply at openstack.org no-reply at openstack.org
Mon Dec 16 10:57:44 UTC 2019 

We are ecstatic to announce the release of:

octavia 4.1.1: OpenStack Octavia Scalable Load Balancer as a Service

This release is part of the stein stable release series.

The source is available from:

    https://opendev.org/openstack/octavia

Download the package from:

    https://pypi.org/project/octavia

Please report issues through:

    https://storyboard.openstack.org/#!/project/908

For more details, please see below.

4.1.1
^^^^^


Upgrade Notes
*************

* A new amphora image is required to fix the potential certs-ramfs
  race condition.


Security Issues
***************

* A race condition between the certs-ramfs and the amphora agent may
  lead to tenant TLS content being stored on the amphora filesystem
  instead of in the encrypted RAM filesystem.


Bug Fixes
*********

* Fixes an issue where load balancers with more than one TLS enabled
  listener, one or more SNI enabled, may load certificates from other
  TLS enabled listeners for SNI use.

* Fixed a potential race condition with the certs-ramfs and amphora
  agent services.

* Fixes the ability to filter on the provider flavor capabilities
  API.

* Fixes an issue in the selection of vip-subnet-id on multi-subnet
  networks by checking the IP availability of the subnets, ensuring
  enough IPs are available for loadbalancer when creating loadbalancer
  specifying vip-network-id.

* Fix a bug that could interrupt resource creation when performing a
  graceful shutdown of the controller worker and leave resources in a
  PENDING_CREATE/PENDING_UPDATE/PENDING_DELETE provisioning status. If
  the duration of an Octavia flow is greater than the
  'graceful_shutdown_timeout' configuration value, stopping the
  Octavia worker can still interrupt the creation of resources.

Changes in octavia 4.1.0..4.1.1
-------------------------------

567a388b Fix filtering with API tags
0f4b5ca2 Fix controller worker graceful shutdown
7c1e1a6d Fix filtering for provider capabilities list API
c3f95915 Fix a potential race condition with certs-ramfs
91bcbc84 Fix listeners with SNI certificates
f652a7d1 ipvsadm '--exact' arg to ensure outputs are ints
bfa55392 Fix issues with unavailable secrets
9f05c2f9 loadbalancer vip-network-id IP availability check
a501714a Improve the error message for bad pkcs12 bundles


Diffstat (except docs and test files)
-------------------------------------

devstack/plugin.sh                                 |   5 +
.../amphora-agent.conf                             |   2 +-
.../amphora-agent.init                             |   2 +-
.../amphora-agent.service                          |   3 +-
.../init-scripts/systemd/certs-ramfs.service       |   1 +
etc/octavia.conf                                   |   3 +
octavia/amphorae/backends/agent/api_server/util.py |   2 +-
.../amphorae/backends/utils/keepalivedlvs_query.py |   3 +-
.../amphorae/drivers/haproxy/rest_api_driver.py    |  21 ++-
octavia/api/common/pagination.py                   |  53 ++++---
octavia/api/drivers/utils.py                       |  81 +++++++----
octavia/api/v2/controllers/base.py                 |   2 +
octavia/api/v2/controllers/listener.py             |   3 +-
octavia/api/v2/controllers/load_balancer.py        |  33 +++--
octavia/api/v2/controllers/pool.py                 |   3 +-
octavia/api/v2/controllers/provider.py             |  19 +++
octavia/certificates/common/pkcs12.py              |   6 +-
octavia/certificates/manager/barbican.py           |   2 +
octavia/common/constants.py                        |   2 +
octavia/common/exceptions.py                       |   7 +
.../jinja/haproxy/combined_listeners/jinja_cfg.py  |  39 ++---
.../haproxy/combined_listeners/templates/macros.j2 |  13 +-
.../jinja/haproxy/split_listeners/jinja_cfg.py     |  49 +++----
.../haproxy/split_listeners/templates/macros.j2    |  13 +-
octavia/common/tls_utils/cert_parser.py            |  31 ++--
octavia/common/utils.py                            |   7 +
octavia/controller/queue/consumer.py               |  10 +-
octavia/network/base.py                            |   9 ++
octavia/network/data_models.py                     |  14 ++
octavia/network/drivers/neutron/base.py            |   3 +
octavia/network/drivers/neutron/utils.py           |   9 ++
octavia/network/drivers/noop_driver/driver.py      |  18 +++
.../backends/agent/api_server/test_util.py         |  35 ++---
.../drivers/haproxy/test_rest_api_driver_0_5.py    |   4 +-
.../drivers/haproxy/test_rest_api_driver_1_0.py    |   4 +-
.../unit/certificates/manager/test_barbican.py     |  17 +++
.../haproxy/combined_listeners/test_jinja_cfg.py   |  56 ++++----
.../haproxy/split_listeners/test_jinja_cfg.py      |  54 +++----
.../unit/common/tls_utils/test_cert_parser.py      |  23 +++
.../unit/network/drivers/neutron/test_base.py      |  15 ++
.../unit/network/drivers/neutron/test_utils.py     |  16 +++
.../fix-SNI-single-process-879ffce5eaa6c1c3.yaml   |   6 +
.../fix-certs-ramfs-race-561f355d13fc6d14.yaml     |  14 ++
...er-capabilities-filtering-8bd12b2cf7b37a84.yaml |   4 +
...p-network-ip-availability-2e924f32abf01052.yaml |   7 +
...-worker-graceful-shutdown-c44b6797637aa1b3.yaml |   9 ++
tox.ini                                            |   3 +-
55 files changed, 861 insertions(+), 246 deletions(-)

More information about the Release-announce mailing list