[release-announce] octavia 4.1.0 (stein)
no-reply at openstack.org
no-reply at openstack.org
Mon Oct 7 12:05:50 UTC 2019
We are happy to announce the release of:
octavia 4.1.0: OpenStack Octavia Scalable Load Balancer as a Service
This release is part of the stein stable release series.
The source is available from:
https://opendev.org/openstack/octavia
Download the package from:
https://pypi.org/project/octavia
Please report issues through:
https://storyboard.openstack.org/#!/project/908
For more details, please see below.
4.1.0
^^^^^
New Features
************
* Now supports "oslo_middleware http_proxy_to_wsgi", which will set
up the request URL correctly in the case that there is a proxy (for
example, a loadbalancer such as HAProxy) in front of the Octavia
API. It is off by default and can be enabled by setting
"enable_proxy_headers_parsing=True" in the "[oslo_middleware]"
section of "octavia.conf".
Known Issues
************
* When a load balancer with a UDP listener is updated, the listener
service is restarted, which causes an interruption of the flow of
traffic during a short period of time. This issue is caused by a
keepalived bug (https://github.com/acassen/keepalived/issues/1163)
that was fixed in keepalived 2.0.14, but this package is not yet
provided by distributions.
Upgrade Notes
*************
* A new amphora image is required to resolve the amphora memory
issues when a load balancer has multiple listeners and the amphora
image uses haproxy 1.8 or newer.
Security Issues
***************
* Correctly require two-way certificate authentication to connect to
the amphora agent API (CVE-2019-17134).
Bug Fixes
*********
* Fixed the API handling of None (JSON null) on object update calls.
The API will now either clear the value from the field or will reset
the value of the field to the API default.
* Fixed an issue with the health manager reporting an
UnboundLocalError if it gets an exception attempting to get a
database connection.
* Fixes a potential DB deadlock in allocate_and_associate found in
testing.
* Fixes an issue where, if we were unable to attach the base (VRRP)
port to an amphora instance, the revert would not clean up the port
in neutron.
* Fixed an issue where the driver errors were not caught.
* Fix an issue that prevented the cleanup of load balancer entries
in the database by the Octavia housekeeper service.
* Add support for monitor_address and monitor_port attributes in UDP
members. Previously, monitor_address and monitor_port were ignored
and address and protocol_port attributes were used as monitoring
address and port.
* Fix operating_status for pools and members that use UDP protocol.
operating_status values are now consistant with the values of non-
UDP load balancers.
* Fix a bug that prevented UDP servers to be restored as members of
a pool after removing a health monitor resource.
* Fixed an issue with load balancers that have multiple listeners
when using an amphora image that contains HAProxy 1.8 or newer. An
updated amphora image is required to apply this fix.
* The passphrase for config option 'server_certs_key_passphrase' is
used as a Fernet key in Octavia and thus must be 32, base64(url)
compatible, characters long. Octavia will now validate the
passphrase length and format.
* Adding a member with different IP protocol version than the VIP IP
protocol version in a UDP load balancer caused a crash in the
amphora. A validation step in the amphora driver now prevents mixing
IP protocol versions in UDP load balancers.
Changes in octavia 4.0.1..4.1.0
-------------------------------
1725517d Fix urgent amphora two-way auth security bug
5ecfa0a5 Fix healthmonitor message v2 for UDP listeners
2fb2aeec Fix building configs for multiple listeners
48db7b9c Fix pool API handling of None/null updates
f5f6cc15 Fix member API handling of None/null updates
b82589cb Fix health monitor API handling of None updates
1b9881dc Validate server_certs_key_passphrase is 32 chars
220c1b25 Work around strptime threading issue
8cb64148 Fix cleanup of expired load balancer entries
701a9001 Fix base (VRRP) port abandoned on revert
55b04f27 Fix l7rule API handling of None updates
3e587428 Fix catching driver exceptions
46ccfc66 Prevent UDP LBs to use different IP protocol versions in amphora driver
cf53bc65 Fixed down server issue after reloading keepalived
bf50e3a1 Fixed pool and members status with UDP loadbalancers
7f683dc2 Add support for monitor_{address,port} in UDP members
5d36bb6b Re-enable grenade as voting
99489e35 Revert "Use the infra pypi mirror for DIB"
f412d852 Add failover logging to show the amphora details.
896b1cfd Fix template that generates vrrp check script
40462b2b only rollback DB when we have a connection to the DB
bdd0d44e Fix L7 repository create methods
1e43a307 Use the infra pypi mirror for DIB
3f1b3890 Fix flavor profile API handling of None updates
b88f1041 Add warning log if auth_strategy is not keystone
0571e0e4 elements: add arch property for ``open-vm-tools``
4b7fe7f8 worker: Re-add FailoverPreparationForAmphora
0efee7ef Fix listener deletion in ACTIVE/STANDBY topology
6f8932e9 Add support for oslo_middleware http_proxy_to_wsgi
646071d8 Fix multi-listener load balancers
3053676f Fix cryptsetup --pbkdf-memory failures
f41cd0a2 Update tox.ini for new upper constraints strategy
d53010dc Add bindep.txt for Octavia
d31b47fd Fix a python3 issue in the amphora-agent
32afefd6 Fix allocate_and_associate DB deadlock
8d3e0518 Add Stein octavia-v2-dsvm-scenario-ubuntu-xenial
4b912e48 Limit cryptsetup key RAM usage
Diffstat (except docs and test files)
-------------------------------------
bindep.txt | 2 +
elements/amphora-agent/package-installs.yaml | 1 +
elements/certs-ramfs/element-deps | 1 +
.../init-scripts/systemd/certs-ramfs.service | 2 +-
elements/certs-ramfs/init-scripts/sysv/certs-ramfs | 9 +-
.../init-scripts/upstart/certs-ramfs.conf | 9 +-
.../certs-ramfs/static/usr/local/bin/certfs-ramfs | 19 +
etc/octavia.conf | 4 +
lower-constraints.txt | 2 +-
.../amphorae/backends/agent/api_server/__init__.py | 2 +-
.../backends/agent/api_server/amphora_info.py | 12 +-
.../backends/agent/api_server/keepalived.py | 4 +-
.../backends/agent/api_server/keepalivedlvs.py | 51 +-
.../api_server/{listener.py => loadbalancer.py} | 249 ++--
.../amphorae/backends/agent/api_server/server.py | 74 +-
.../templates/keepalived_check_script.conf.j2 | 2 +-
.../backends/agent/api_server/udp_listener_base.py | 12 -
octavia/amphorae/backends/agent/api_server/util.py | 113 +-
.../backends/health_daemon/health_daemon.py | 87 +-
octavia/amphorae/backends/utils/haproxy_query.py | 4 +-
.../amphorae/backends/utils/keepalivedlvs_query.py | 46 +-
octavia/amphorae/drivers/driver_base.py | 73 +-
.../amphorae/drivers/haproxy/rest_api_driver.py | 580 +++++---
.../drivers/keepalived/vrrp_rest_driver.py | 15 +-
octavia/amphorae/drivers/noop_driver/driver.py | 74 +-
octavia/api/app.py | 3 +
octavia/api/drivers/amphora_driver/driver.py | 26 +
octavia/api/drivers/utils.py | 22 +-
octavia/api/v2/controllers/flavor_profiles.py | 26 +-
octavia/api/v2/controllers/health_monitor.py | 41 +-
octavia/api/v2/controllers/l7rule.py | 5 +
octavia/api/v2/controllers/load_balancer.py | 4 +-
octavia/api/v2/controllers/member.py | 18 +
octavia/api/v2/controllers/pool.py | 9 +-
octavia/api/v2/types/health_monitor.py | 6 +-
octavia/api/v2/types/member.py | 6 +-
octavia/certificates/common/local.py | 6 +-
octavia/cmd/agent.py | 3 +-
octavia/cmd/api.py | 6 +
octavia/cmd/health_manager.py | 3 +
octavia/cmd/octavia_worker.py | 3 +
octavia/common/base_taskflow.py | 3 +
octavia/common/constants.py | 8 +
.../jinja/haproxy/combined_listeners/__init__.py | 0
.../jinja/haproxy/combined_listeners/jinja_cfg.py | 475 +++++++
.../haproxy/combined_listeners/templates/base.j2 | 52 +
.../combined_listeners/templates/haproxy.cfg.j2 | 40 +
.../haproxy/combined_listeners/templates/macros.j2 | 377 ++++++
.../jinja/haproxy/split_listeners/__init__.py | 0
.../haproxy/{ => split_listeners}/jinja_cfg.py | 0
.../{ => split_listeners}/templates/base.j2 | 0
.../{ => split_listeners}/templates/haproxy.cfg.j2 | 0
.../{ => split_listeners}/templates/macros.j2 | 0
octavia/common/jinja/lvs/jinja_cfg.py | 4 +-
octavia/common/jinja/lvs/templates/macros.j2 | 10 +-
octavia/common/validate.py | 2 +
.../healthmanager/health_drivers/update_db.py | 98 +-
octavia/controller/healthmanager/health_manager.py | 4 +-
octavia/controller/worker/controller_worker.py | 29 +-
octavia/controller/worker/flows/amphora_flows.py | 9 +-
.../worker/flows/health_monitor_flows.py | 6 +-
octavia/controller/worker/flows/l7policy_flows.py | 6 +-
octavia/controller/worker/flows/l7rule_flows.py | 6 +-
octavia/controller/worker/flows/listener_flows.py | 8 +-
.../controller/worker/flows/load_balancer_flows.py | 2 +-
octavia/controller/worker/flows/member_flows.py | 8 +-
octavia/controller/worker/flows/pool_flows.py | 6 +-
.../worker/tasks/amphora_driver_tasks.py | 63 +-
octavia/db/repositories.py | 15 +-
.../drivers/neutron/allowed_address_pairs.py | 17 +
.../backend/agent/api_server/test_keepalivedlvs.py | 62 -
.../backend/agent/api_server/test_server.py | 310 ++---
.../functional/api/v2/test_flavor_profiles.py | 21 +-
.../backends/agent/api_server/test_amphora_info.py | 44 +-
.../agent/api_server/test_haproxy_compatibility.py | 14 +-
.../agent/api_server/test_keepalivedlvs.py | 8 -
.../backends/agent/api_server/test_listener.py | 192 ---
.../backends/agent/api_server/test_loadbalancer.py | 279 ++++
.../backends/agent/api_server/test_util.py | 106 +-
.../backends/health_daemon/test_health_daemon.py | 68 +-
.../amphorae/backends/utils/test_haproxy_query.py | 49 +-
.../backends/utils/test_keepalivedlvs_query.py | 87 +-
...t_api_driver.py => test_rest_api_driver_0_5.py} | 649 ++++-----
.../drivers/haproxy/test_rest_api_driver_1_0.py | 1379 ++++++++++++++++++++
.../drivers/keepalived/test_vrrp_rest_driver.py | 22 +-
.../test_noop_amphoraloadbalancer_driver.py | 29 +-
.../drivers/amphora_driver/test_amphora_driver.py | 125 +-
.../unit/certificates/manager/test_barbican.py | 3 +-
.../jinja/haproxy/combined_listeners/__init__.py | 0
.../haproxy/combined_listeners/test_jinja_cfg.py | 1171 +++++++++++++++++
.../jinja/haproxy/split_listeners/__init__.py | 0
.../{ => split_listeners}/test_jinja_cfg.py | 298 ++---
.../unit/common/jinja/lvs/test_lvs_jinja_cfg.py | 111 +-
.../sample_configs/sample_configs_combined.py | 1083 +++++++++++++++
.../{sample_configs.py => sample_configs_split.py} | 83 +-
.../unit/common/tls_utils/test_cert_parser.py | 12 +-
.../healthmanager/health_drivers/test_update_db.py | 127 +-
.../healthmanager/test_health_manager.py | 18 +
.../worker/flows/test_load_balancer_flows.py | 3 +-
.../worker/tasks/test_amphora_driver_tasks.py | 115 +-
.../controller/worker/test_controller_worker.py | 3 +-
.../drivers/neutron/test_allowed_address_pairs.py | 37 +
.../Fix-API-update-null-None-1b400962017a3d56.yaml | 6 +
...DB-Rollback-no-connection-2664c4f7823ecaec.yaml | 5 +
...te_and_associate-deadlock-3ff1464421c1d464.yaml | 4 +
...evert-abandoned-vrrp-port-efff14edce62ad75.yaml | 5 +
...client-auth-vulnerability-6803f4bac2508e4c.yaml | 5 +
.../notes/fix-driver-errors-81d33948288bf8cf.yaml | 4 +
...x-loadbalancer-db-cleanup-61ee81a4fd597067.yaml | 5 +
...s-and-port-in-udp-members-ff83395544f228cf.yaml | 6 +
.../fix-udp-members-status-ef3202849bfda29b.yaml | 6 +
...fix-udp-server-status-bug-db4d3e38bcdf0554.yaml | 12 +
.../haproxy-single-process-b17a3af3a97accea.yaml | 11 +
...rver_certs_key_passphrase-6a9dfc190c9deba8.yaml | 6 +
...leware-http_proxy_to_wsgi-928c6fc5ec3d421c.yaml | 8 +
...ame-ip-protocol-in-udp-lb-2813b545131097ec.yaml | 7 +
requirements.txt | 2 +-
test-requirements.txt | 3 +-
tox.ini | 5 +-
zuul.d/projects.yaml | 2 +
130 files changed, 7883 insertions(+), 2172 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index fb25bd33..c08fbdb9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -24 +24 @@ oslo.log>=3.36.0 # Apache-2.0
-oslo.messaging>=5.29.0 # Apache-2.0
+oslo.messaging>=6.3.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index bc3205fa..8e0b2e39 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -20 +20,2 @@ tempest>=17.1.0 # Apache-2.0
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
More information about the Release-announce
mailing list