We are happy to announce the release of:
octavia 3.2.1: OpenStack Octavia Scalable Load Balancer as a Service
This release is part of the rocky stable release series.
The source is available from:
https://opendev.org/openstack/octavia
Download the package from:
https://pypi.org/project/octavia
Please report issues through:
https://storyboard.openstack.org/#!/project/908
For more details, please see below.
3.2.1 ^^^^^
Upgrade Notes *************
* A new amphora image is required to fix the potential certs-ramfs race condition.
Security Issues ***************
* A race condition between the certs-ramfs and the amphora agent may lead to tenant TLS content being stored on the amphora filesystem instead of in the encrypted RAM filesystem.
Bug Fixes *********
* Fixed a potential race condition with the certs-ramfs and amphora agent services.
* Fixes an issue in the selection of vip-subnet-id on multi-subnet networks by checking the IP availability of the subnets, ensuring enough IPs are available for loadbalancer when creating loadbalancer specifying vip-network-id.
* Fix a bug that could interrupt resource creation when performing a graceful shutdown of the controller worker and leave resources in a PENDING_CREATE/PENDING_UPDATE/PENDING_DELETE provisioning status. If the duration of an Octavia flow is greater than the 'graceful_shutdown_timeout' configuration value, stopping the Octavia worker can still interrupt the creation of resources.
Changes in octavia 3.2.0..3.2.1 -------------------------------
6fe5df6f Fix controller worker graceful shutdown d4842728 Fix a potential race condition with certs-ramfs d5aba906 ipvsadm '--exact' arg to ensure outputs are ints f68460dd Fix issues with unavailable secrets 8faa4220 loadbalancer vip-network-id IP availability check 08916abd Improve the error message for bad pkcs12 bundles
Diffstat (except docs and test files) -------------------------------------
devstack/plugin.sh | 5 ++ .../amphora-agent.conf | 2 +- .../amphora-agent.init | 2 +- .../amphora-agent.service | 3 +- .../init-scripts/systemd/certs-ramfs.service | 1 + etc/octavia.conf | 3 + .../amphorae/backends/utils/keepalivedlvs_query.py | 3 +- octavia/api/drivers/utils.py | 35 +++++---- octavia/api/v2/controllers/listener.py | 5 +- octavia/api/v2/controllers/load_balancer.py | 33 ++++++--- octavia/certificates/common/pkcs12.py | 6 +- octavia/certificates/manager/barbican.py | 2 + octavia/common/exceptions.py | 7 ++ octavia/common/tls_utils/cert_parser.py | 43 ++++++++--- octavia/common/utils.py | 7 ++ octavia/controller/queue/consumer.py | 10 +-- octavia/network/base.py | 9 +++ octavia/network/data_models.py | 14 ++++ octavia/network/drivers/neutron/base.py | 3 + octavia/network/drivers/neutron/utils.py | 9 +++ octavia/network/drivers/noop_driver/driver.py | 18 +++++ .../unit/certificates/manager/test_barbican.py | 18 +++++ .../unit/common/tls_utils/test_cert_parser.py | 34 +++++++++ .../unit/network/drivers/neutron/test_base.py | 15 ++++ .../unit/network/drivers/neutron/test_utils.py | 16 +++++ .../fix-certs-ramfs-race-561f355d13fc6d14.yaml | 14 ++++ ...p-network-ip-availability-2e924f32abf01052.yaml | 7 ++ ...-worker-graceful-shutdown-c44b6797637aa1b3.yaml | 9 +++ tox.ini | 3 +- 35 files changed, 453 insertions(+), 52 deletions(-)
participants (1)
-
no-reply@openstack.org