We are chuffed to announce the release of: octavia 10.1.1: OpenStack Octavia Scalable Load Balancer as a Service This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/octavia Download the package from: https://pypi.org/project/octavia Please report issues through: https://storyboard.openstack.org/#!/project/908 For more details, please see below. 10.1.1 ^^^^^^ Upgrade Notes ************* * A patch that fixes an issue making the VIP port unreachable because of missing IP rules requires an update of the Amphora image. Bug Fixes ********* * Fixed the ability to use the 'text/plain' mime type with the healthcheck endpoint. * Fixed an issue when deleting the last listener from a load balancer may trigger a failover. * Fixed an issue when using certificates with a blank subject or missing CN. * Fix amphora haproxy_count to return the number of haproxy processes that are running. * Fixed a bug in amphorav1, the subnet of a member that was being deleted was not immediately unplugged from the amphora, but only during the next update of the members. * Fixed an issue when adding or deleting a member, Octavia might have reconfigured the management port of the amphora by adding or removing additional subnets. Octavia no longer updates the management port during those tasks. * Fixed a bug with HTTP/HTTPS health-monitors on pools with ALPN protocols in the amphora-driver. The healthchecks sent by haproxy were flagged as bad requests by the backend servers. Updated haproxy configuration to use ALPN for the heathchecks too. * Fixed a bug that could have made the VIP port unreachable because of the removal of some IP rules in the Amphora. It could have been triggered only when sending a request from a subnet that is not the VIP subnet but that is plugged as a member subnet. * Fixed an issue with load balancers stuck in a "PENDING_*" state during database outages. Now when a task fails in Octavia, it retries to update the "provisioning_status" of the load balancer until the database is back (or it gives up after a really long timeout - around 2h45) * Fixed a bug in octavia-status which reported an incorrect status for the *amphorav2* driver when using the default *amphora* alias. * Modified default Keepalived LVS persistence granularity configuration value so it would be ipv6 compatible. * Fixed a race condition in the members batch update API call, the data passed to the Octavia worker service may have been incorrect when quickly sending successive API calls. Then the load balancer was stuck in PENDING_UPDATE provisioning_status. * Fixed a too long timeout when attempting to start the VRRP service in an unreachable amphora during a failover. A specific shorter timeout should be used during the failovers. * Fixed TLS-HELLO health-monitors in the amphora-driver. * Usage of "castellan_cert_manager" as cert_manager has been significantly improved. Now you can define configuration options for castellan in octavia.conf and they will be passed properly to castellan beckend. This allows to use allowed castellan backends as for certificate storage. * Reduce the duration of the failovers of ACTIVE_STANDBY load balancers. Many updates of an unreachable amphora may have been attempted during a failover, now if an amphora is not reachable at the first update, the other updates are skipped. * Reduce the duration of the failovers of ACTIVE_STANDBY load balancers when both amphorae are unreachable. * Fixed SQLAlchemy warnings about the relationship between the Tags object and the other Octavia resources. Other Notes *********** * Noop certificate manager was added. Now any Octavia certificate operations using noop drivers will be faster (as they won't be validated). Changes in octavia 10.1.0..10.1.1 --------------------------------- 1ceac5af Don't update the management port when calculating delta [v1] 53a38d62 Don't update the management port when calculating delta 0398dd6e Fix issue with certificates with no subject or CN fd5185f8 Stable-only: Cap hacking to < 6.1.0 714ef1c8 Fix TLS-HELLO healthmonitors in the amphora-driver 937bb928 Fix health-monitors with ALPN members 5b388dbf Add Noop Certificate Manager 5715f837 Fix text/plain mime type with healthcheck endpoint c8bd99e3 Fix amphorav1 member deletion bug e7359036 Fix create_server_group in compute noop 488adb29 Fix amphorae in ERROR during the failover 68cb6e38 Reduce duration of failovers with amphora in ERROR 9e5a6340 Fix timeout duration in start_vrrp_service during failovers 5a411a68 Retry to set loadbalancer prov status on failures 231398ca Fix race condition in members batch update API call 676499f2 Fix incorrect removal of IP rules in the amphora 5bf40c89 Drop lower-constraints.txt and its testing 61bb22bb Fix persistence_granularity default value 1f224a9f Fix octavia-status with amphorav2 fc9a8f10 Fix upgrade check not working 16578229 Fix typo in lvs-masquerade.sh d410c510 Fix job book deletion issue in taskflow 09fb2529 fix haproxy_count to display the number of running processes 4e15e812 Fix failover when the last listener is deleted 64b8846e Fix SQLAlchemy warning about conflict relationship with Tags 11119484 Rename Context to RequestContext 8fbe035c Pass config to castellan Diffstat (except docs and test files) ------------------------------------- .../static/usr/local/bin/lvs-masquerade.sh | 8 +- lower-constraints.txt | 178 --------------- .../backends/agent/api_server/amphora_info.py | 3 +- .../amphorae/backends/agent/api_server/osutils.py | 1 + .../backends/health_daemon/health_daemon.py | 12 +- octavia/amphorae/backends/utils/interface.py | 16 +- octavia/amphorae/backends/utils/interface_file.py | 9 +- octavia/amphorae/drivers/driver_base.py | 16 ++ .../amphorae/drivers/haproxy/rest_api_driver.py | 23 +- .../drivers/keepalived/vrrp_rest_driver.py | 3 +- octavia/amphorae/drivers/noop_driver/driver.py | 3 + octavia/api/common/hooks.py | 3 +- octavia/api/root_controller.py | 2 +- octavia/api/v2/controllers/member.py | 6 +- octavia/certificates/manager/castellan_mgr.py | 5 +- octavia/certificates/manager/noop.py | 106 +++++++++ octavia/cmd/status.py | 5 +- octavia/common/base_taskflow.py | 13 +- octavia/common/config.py | 11 + octavia/common/constants.py | 7 + octavia/common/context.py | 2 +- octavia/common/exceptions.py | 6 + .../haproxy/combined_listeners/templates/macros.j2 | 12 +- octavia/common/jinja/lvs/templates/macros.j2 | 4 +- octavia/common/tls_utils/cert_parser.py | 26 ++- octavia/compute/drivers/noop_driver/driver.py | 6 + octavia/controller/worker/task_utils.py | 34 ++- .../controller/worker/v1/flows/amphora_flows.py | 51 ++++- .../worker/v1/flows/load_balancer_flows.py | 20 +- .../worker/v1/tasks/amphora_driver_tasks.py | 129 +++++++++-- .../controller/worker/v1/tasks/lifecycle_tasks.py | 109 ++++++--- .../controller/worker/v1/tasks/network_tasks.py | 27 ++- .../controller/worker/v2/flows/amphora_flows.py | 51 ++++- .../worker/v2/flows/load_balancer_flows.py | 20 +- .../worker/v2/tasks/amphora_driver_tasks.py | 125 ++++++++-- .../controller/worker/v2/tasks/lifecycle_tasks.py | 136 +++++++---- .../controller/worker/v2/tasks/network_tasks.py | 23 +- octavia/db/models.py | 21 +- .../api/v2/test_availability_zone_profiles.py | 15 +- .../functional/api/v2/test_availability_zones.py | 15 +- .../functional/api/v2/test_flavor_profiles.py | 15 +- .../backends/agent/api_server/test_amphora_info.py | 7 +- .../backends/agent/api_server/test_osutils.py | 2 +- .../backends/health_daemon/test_health_daemon.py | 8 + .../unit/amphorae/backends/utils/test_interface.py | 81 +++++++ .../amphorae/backends/utils/test_interface_file.py | 2 + .../drivers/haproxy/test_rest_api_driver.py | 6 +- .../drivers/keepalived/test_vrrp_rest_driver.py | 17 ++ .../haproxy/combined_listeners/test_jinja_cfg.py | 33 ++- .../sample_configs/sample_configs_combined.py | 8 +- .../unit/controller/worker/test_task_utils.py | 58 ++++- .../worker/v1/flows/test_amphora_flows.py | 33 ++- .../worker/v1/flows/test_load_balancer_flows.py | 26 ++- .../worker/v1/tasks/test_amphora_driver_tasks.py | 240 +++++++++++++++++++- .../worker/v1/tasks/test_network_tasks.py | 30 +-- .../worker/v2/flows/test_amphora_flows.py | 33 ++- .../worker/v2/flows/test_load_balancer_flows.py | 15 +- .../worker/v2/tasks/test_amphora_driver_tasks.py | 251 +++++++++++++++++++-- .../worker/v2/tasks/test_network_tasks.py | 11 - ...heck-text-plain-mime-type-134485abb8bcea0c.yaml | 5 + ...r-delete-causing-failover-251efdb79af24c0a.yaml | 5 + ...andle-blank-cert-subjects-b660d403ce56b0b8.yaml | 4 + .../add-noop-cert-manager-7018d3933a0ce9c6.yaml | 4 + ...fix-amphora-haproxy-count-b1b1df43a7150926.yaml | 5 + ...x-amphorav1-subnet-member-9921d1ba387ff975.yaml | 6 + ...ad-management-port-update-3fa157f74ee8c7b2.yaml | 7 + ...thmonitor-with-alpn-pools-82249b2b9a025068.yaml | 7 + .../fix-ip-rules-in-amphora-b74b7b616752c13b.yaml | 11 + ...-in-PENDING-on-DB-failure-1ffea71a86cd4ea9.yaml | 7 + ...-octavia-status-amphorav2-038fe77a2189b99f.yaml | 5 + ...granularity-default-value-540093bbf6518ed8.yaml | 5 + ...ition-member-batch-update-1aed0e06004c5dad.yaml | 7 + ...eout-dict-when-start-vrrp-278d4837702bd247.yaml | 6 + ...-tls-hello-healthmonitors-a4b98a80f6de8394.yaml | 4 + .../octavia_castellan_config-995e65f129e3e983.yaml | 7 + .../reduce-duration-failover-636032433984d911.yaml | 7 + ...-standby-amphora-in-error-3c1d75bc7d9b169f.yaml | 5 + ...ags-relationship-warnings-a3c0175135f6cd84.yaml | 5 + requirements.txt | 4 + setup.cfg | 1 + test-requirements.txt | 2 +- tox.ini | 10 - zuul.d/projects.yaml | 1 - 102 files changed, 2305 insertions(+), 669 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index e16be6f8..1e525595 100644 --- a/requirements.txt +++ b/requirements.txt @@ -0,0 +1,4 @@ +# Requirements lower bounds listed here are our best effort to keep them up to +# date but we do not test them so no guarantee of having them all correct. If +# you find any incorrect lower bounds, let us know or propose a fix. + diff --git a/test-requirements.txt b/test-requirements.txt index 555d738c..93f0cd23 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4 +4 @@ -hacking>=3.0 # Apache-2.0 +hacking<6.1.0 # Apache-2.0