We joyfully announce the release of:
octavia 2.0.2: OpenStack Octavia Scalable Load Balancer as a Service
This release is part of the queens stable release series.
Download the package from:
https://pypi.org/project/octavia
For more details, please see below.
2.0.2 ^^^^^
Security Issues ***************
* Adds a configuration option, "reserved_ips" that allows the operator to block addresses from being used in load balancer members. The default setting blocks the nova metadata service address.
Bug Fixes *********
* Fixes an issue where if more than one amphora fails at the same time, failover might not fully complete, leaving the load balancer in ERROR.
* Fixes an issue where VIP return traffic was always routed, if a gateway was defined, through the gateway address even if it was local traffic.
* Fixes a bug where unspecified or unlimited listener connection limit settings would lead to a 2000 connection limit when using the amphora/octavia driver. This was the compiled in connection limit in some HAproxy packages.
* Fixes a neutron-lbaas LBaaS v2 API compatibility issue when requesting a load balancer status tree via '/statuses'.
Changes in octavia 2.0.1..2.0.2 -------------------------------
d281a2a Fix stable/queens for bad backport. 3b944e8 Correct flavor to flavor_id in LB API 01a473c Fix neutron "tenat_id" compatibility 931be56 Delete amphora regardless of status 730037c Allow blocking IPs from member addresses 12bf440 "Resolve" bandit issue with sha1 hashes 127ce63 Fix DIB_REPOREF_amphora_agent not set on Git !=1.8.5 72715ba Fix failover when multiple amphora have failed f9c3456 Add exception handling for housekeeping service e2c5d4e Fixes unlimited listener connection limit 0cee3ce Fix package version querying on non-dpkg distros 24a4220 Ignore a port not found when deleting an LB d685af8 Fix RedHat family image building d8f4e71 Fix fields translation on filtering a99f70f [amphora-agent] add local net to routing table 1 59590d2 Mark LBs in failover PENDING_UPDATE f1f36be Fix health manager to be spare amphora aware 97b8423 Improve the error logging for zombie amphora aef4f78 Exclude amphora instances already DELETED when failover loadbalancer 14c7883 Add API alias for '/statuses' 2077d82 Add pool session persistence validation dd1f2fe Allow fields filter on single object GETs eac320d Update introduction documention page 9e53155 Fix configured haproxy restarts daa567b Allow using spaces for primary common name in SSL certificates 8a62c60 When SG delete fails on vip deallocate, try harder 337c0e1 Let healthmanager process shutdown cleanly (again) 7636fb3 Improve Health Manager error handling becb708 Use HMAC.hexdigest to avoid non-ascii characters for package data 917bebd Devstack plugin image build option quoting fix c747396 Fix kvm-centos.7 gate 05b57b4 Remove snapd from stable branch images d048948 Update auth_uri option to www_authenticate_uri 65755f7 Correct field filtering for member/l7rule/amphora 2dbf565 Move o-hm0 dhcp config under /etc/dhcp df34872 Pool PUT should validate name/description length 0bd3559 Health Monitor url_path requires leading slash aa46758 Fix CentOS gate for stable/queens ecceaaa Fix statistics update typo 9848433 Overhaul HealthManager update threading 9e1ced7 Pin pip < 10 in the amphora image f9b3e34 Defend against neutron error response missing keys 0457ea3 Make keepalived initialization more predictable
Diffstat (except docs and test files) -------------------------------------
api-ref/source/parameters.yaml | 2 +- .../source/v2/examples/loadbalancer-create-curl | 2 +- .../v2/examples/loadbalancer-create-response.json | 2 +- .../examples/loadbalancer-full-create-request.json | 2 +- .../loadbalancer-full-create-response.json | 2 +- .../v2/examples/loadbalancer-show-response.json | 2 +- .../v2/examples/loadbalancer-update-response.json | 2 +- .../v2/examples/loadbalancers-list-response.json | 2 +- api-ref/source/v2/loadbalancer.inc | 14 +- devstack/plugin.sh | 15 +- devstack/settings | 4 +- diskimage-create/diskimage-create.sh | 4 +- .../75-amphora-agent-install | 9 + .../amphora-agent-source-install/cap-pip.txt | 1 + elements/amphora-agent/package-installs.yaml | 6 + elements/amphora-agent/pkg-map | 4 +- .../post-install.d/20-haproxy-tune-kernel | 7 +- etc/octavia.conf | 22 +- .../backends/agent/api_server/amphora_info.py | 5 +- .../backends/agent/api_server/keepalived.py | 14 + .../amphorae/backends/agent/api_server/osutils.py | 16 +- .../api_server/templates/plug_vip_ethX.conf.j2 | 2 + .../api_server/templates/rh_route_ethX.conf.j2 | 1 + .../agent/api_server/templates/systemd.conf.j2 | 3 +- .../backends/health_daemon/status_message.py | 45 +- octavia/amphorae/drivers/driver_base.py | 21 +- .../amphorae/drivers/haproxy/rest_api_driver.py | 100 +- octavia/amphorae/drivers/health/heartbeat_udp.py | 53 +- .../drivers/keepalived/vrrp_rest_driver.py | 5 +- octavia/amphorae/drivers/noop_driver/driver.py | 13 + octavia/api/v2/controllers/amphora.py | 10 +- octavia/api/v2/controllers/health_monitor.py | 6 +- octavia/api/v2/controllers/l7policy.py | 11 +- octavia/api/v2/controllers/l7rule.py | 15 +- octavia/api/v2/controllers/listener.py | 7 +- octavia/api/v2/controllers/load_balancer.py | 22 +- octavia/api/v2/controllers/member.py | 18 +- octavia/api/v2/controllers/pool.py | 17 +- octavia/api/v2/types/load_balancer.py | 11 +- octavia/api/v2/types/pool.py | 16 +- octavia/cmd/health_manager.py | 17 +- octavia/cmd/house_keeping.py | 20 +- octavia/common/config.py | 25 +- octavia/common/constants.py | 27 + octavia/common/jinja/haproxy/jinja_cfg.py | 7 +- octavia/common/tls_utils/cert_parser.py | 5 + octavia/common/utils.py | 15 +- octavia/common/validate.py | 39 +- .../healthmanager/health_drivers/__init__.py | 0 .../healthmanager/health_drivers/update_base.py | 27 + .../healthmanager/health_drivers/update_db.py | 421 ++++++++ .../healthmanager/health_drivers/update_logging.py | 29 + octavia/controller/healthmanager/health_manager.py | 37 +- octavia/controller/healthmanager/update_db.py | 396 ------- octavia/controller/worker/controller_worker.py | 21 +- octavia/controller/worker/flows/amphora_flows.py | 83 +- .../worker/tasks/amphora_driver_tasks.py | 63 +- octavia/controller/worker/tasks/compute_tasks.py | 9 +- .../controller/worker/tasks/controller_tasks.py | 50 - octavia/controller/worker/tasks/database_tasks.py | 20 + octavia/controller/worker/tasks/network_tasks.py | 49 + octavia/db/base_models.py | 7 +- octavia/db/repositories.py | 57 +- .../drivers/neutron/allowed_address_pairs.py | 60 +- octavia/network/drivers/neutron/base.py | 10 + .../backend/agent/api_server/test_server.py | 42 +- .../agent/api_server/test_haproxy_compatibility.py | 18 +- .../backends/agent/api_server/test_listener.py | 6 +- .../backends/agent/api_server/test_osutils.py | 6 +- .../backends/health_daemon/test_envelope.py | 17 + .../backends/health_daemon/test_health_sender.py | 8 +- .../drivers/haproxy/test_rest_api_driver.py | 109 +- .../amphorae/drivers/health/test_heartbeat_udp.py | 84 +- .../test_noop_amphoraloadbalancer_driver.py | 15 + .../unit/api/v2/types/test_health_monitors.py | 9 + .../unit/common/jinja/haproxy/test_jinja_cfg.py | 184 +++- .../unit/common/sample_configs/sample_certs.py | 1 + .../unit/common/sample_configs/sample_configs.py | 33 +- .../unit/common/tls_utils/test_cert_parser.py | 4 + .../healthmanager/health_drivers/__init__.py | 0 .../health_drivers/test_update_base.py | 38 + .../healthmanager/health_drivers/test_update_db.py | 1104 ++++++++++++++++++++ .../health_drivers/test_update_logging.py | 44 + .../controller/healthmanager/test_update_db.py | 1094 ------------------- .../controller/worker/flows/test_amphora_flows.py | 25 +- .../worker/tasks/test_amphora_driver_tasks.py | 65 +- .../controller/worker/tasks/test_compute_tasks.py | 6 +- .../worker/tasks/test_controller_tasks.py | 80 -- .../controller/worker/tasks/test_database_tasks.py | 53 + .../controller/worker/tasks/test_network_tasks.py | 64 ++ .../controller/worker/test_controller_worker.py | 118 ++- .../drivers/neutron/test_allowed_address_pairs.py | 95 +- .../unit/network/drivers/neutron/test_base.py | 11 + .../octavia-v1-dsvm-scenario-kvm-centos.7/run.yaml | 2 +- ...x-multi-amp-down-failover-952618fb8d3d8ae6.yaml | 5 + .../notes/fix-route-table-b2ec0aa7b92d2abc.yaml | 5 + ...nlimited-connection-limit-48079688de033c1a.yaml | 7 + .../notes/reserved-ips-7ef3a63ab0b6b28a.yaml | 6 + .../notes/statuses_alias-27559e3d74b9eaf0.yaml | 5 + setup.cfg | 6 + tools/create_flow_docs.py | 5 +- 117 files changed, 3849 insertions(+), 2080 deletions(-)