We are tickled pink to announce the release of: octavia 5.1.0: OpenStack Octavia Scalable Load Balancer as a Service This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/octavia Download the package from: https://pypi.org/project/octavia Please report issues through: https://storyboard.openstack.org/#!/project/908 For more details, please see below. 5.1.0 ^^^^^ New Features ************ * Add a new configuration option to define the default connection_limit for new listeners that use the Amphora provider. The option is [haproxy_amphora].default_connection_limit and its default value is 50,000. This value is used when creating or setting a listener with -1 as connection_limit parameter, or when unsetting connection_limit parameter. Security Issues *************** * If you are using the admin_or_owner-policy.yaml policy override file you should upgrade your API processes to include the unscoped token fix. The default policies are not affected by this issue. Bug Fixes ********* * Fixed an issue where members added to TLS-enabled pools would go to ERROR provisioning status. * Fixed an issue with failing over an amphora if the pair amphora in an active/standby pair had a missing VRRP port in neutron. * Fix operational status for disabled UDP listeners. The operating status of disabled UDP listeners is now OFFLINE instead of ONLINE, the behavior is now similary to the behavior of HTTP/HTTPS/TCP/... listeners. * Fixed an issue that could cause load balancers, with multiple amphora in a failed state, to be unable to complete a failover. * Fix an incorrect "operating_status" with empty UDP pools. A UDP pool without any member is now "ONLINE" instead of "OFFLINE". * Add missing cloud-utils-growpart RPM to Red Hat based amphora images. * Add missing cronie RPM to Red Hat based amphora images. * Fix a potential AttributeError exception at init time in the housekeeping service when using python2 because of an issue with thread safety when calling strptime for the first time. * Fixed an issue where TLS-enabled pools would fail to provision. * Fixed an issue where UDP only load balancers would not bring up the VIP address. * Fix a potential invalid DOWN operating status for members of a UDP pool. A race condition could have occured when building the first heartbeat message after adding a new member in a pool, this recently added member could have been seen as DOWN. * Fixes an issue when using the admin_or_owner-policy.yaml policy override file and unscoped tokens. * With haproxy 1.8.x releases, haproxy consumes much more memory in the amphorae because of pre-allocated data structures. This amount of memory depends on the maxconn parameters in its configuration file (which is related to the connection_limit parameter in the Octavia API). In the Amphora provider, the default connection_limit value -1 is now converted to a maxconn of 50,000. It was previously 1,000,000 but that value triggered some memory allocation issues when quickly performing multiple configuration updates in a load balancer. Changes in octavia 5.0.3..5.1.0 ------------------------------- 564eec76 Fix invalid DOWN status when updating a UDP pool ea7351ef Fix amphora failover when VRRP port is missing a69562e4 Fix operating status for empty UDP pools 293ffe0f Fix lower-constraints & requirements a455eacf Fix load balancers with failed amphora failover 1c8adf80 Fix operational status for disabled UDP listeners 9c03dcf7 Fixes API list handling of unscoped tokens 6ba8dc62 Fix memory consumption issues with default connection_limit 011f1b05 Map cloud-guest-utils to cloud-utils-growpart for Red Hat distros. c8a999fe Fix missing cronie package in RHEL-based image builds a957fbc2 Fix load balancers with failed amphora failover 3ce6d3b3 Ignore DELETED amphorae when performing certificate rotation 811a6c83 Enable octavia-tempest-plugin for grenade job 11f96944 Fix pool delete race on load balancer cascade delete f0dab4ce Temporarily set octavia-v2-dsvm-py2-scenario non-voting 533de249 Remove unnecessary joinedload 0499e0c5 Followup Remove haproxy_check_script for UDP-only 5a69da39 Fix python2 AttributeError with strptime 539d14c5 Fix backend certificate file paths 06fb4412 Fix AttributeError on TLS-enabled pool provisioning 2cad144e Add some details on enable_anti_affinity option 4aa56332 Add missing log line for finishing amp operations e21028d6 Update devstack plugin 4ccbeadc Set Grub timeout to 0 for fast boot times 53b64b66 Remove haproxy_check_script for UDP-only LBs Diffstat (except docs and test files) ------------------------------------- api-ref/source/parameters.yaml | 6 +- devstack/README.md | 2 +- devstack/plugin.sh | 6 - devstack/settings | 2 +- diskimage-create/diskimage-create.sh | 3 + elements/amphora-agent/pkg-map | 4 +- etc/octavia.conf | 4 + lower-constraints.txt | 16 +-- .../backends/agent/api_server/keepalivedlvs.py | 1 + octavia/amphorae/backends/agent/api_server/util.py | 7 ++ .../amphorae/backends/utils/keepalivedlvs_query.py | 45 +++++++- .../amphorae/drivers/haproxy/rest_api_driver.py | 22 ++-- octavia/api/v2/controllers/base.py | 4 + octavia/common/base_taskflow.py | 3 + octavia/common/config.py | 8 +- octavia/common/constants.py | 5 + octavia/common/data_models.py | 9 +- .../jinja/haproxy/combined_listeners/jinja_cfg.py | 7 +- octavia/common/jinja/lvs/templates/base.j2 | 4 + octavia/common/jinja/lvs/templates/macros.j2 | 12 +- .../healthmanager/health_drivers/update_db.py | 8 ++ octavia/controller/worker/v1/controller_worker.py | 7 +- .../worker/v1/tasks/amphora_driver_tasks.py | 44 ++++--- octavia/controller/worker/v2/controller_worker.py | 7 +- octavia/db/repositories.py | 16 +-- .../drivers/neutron/allowed_address_pairs.py | 9 +- .../backend/agent/api_server/test_keepalivedlvs.py | 10 +- .../agent/api_server/test_haproxy_compatibility.py | 6 +- .../backends/utils/test_keepalivedlvs_query.py | 78 ++++++++++++- .../drivers/haproxy/test_rest_api_driver_0_5.py | 40 ++++--- .../drivers/haproxy/test_rest_api_driver_1_0.py | 25 ++-- .../haproxy/combined_listeners/test_jinja_cfg.py | 127 ++++++++++++++------- .../unit/common/jinja/lvs/test_lvs_jinja_cfg.py | 59 ++++++++++ .../sample_configs/sample_configs_combined.py | 51 ++++++--- .../worker/v1/tasks/test_amphora_driver_tasks.py | 54 ++++++--- .../drivers/neutron/test_allowed_address_pairs.py | 39 ++++++- playbooks/legacy/grenade-devstack-octavia/run.yaml | 1 + ...d-member-tls-enabled-pool-cc77bfa320aaf659.yaml | 5 + ...ailover-missing-vrrp-port-9b5f13b9951b7edb.yaml | 5 + ...sable-udp-listener-status-3d34a5596e62da1c.yaml | 6 + ...x-dual-error-amp-failover-69e323892bad8254.yaml | 5 + ...fix-empty-udp-pool-status-3171950628898468.yaml | 5 + ...sing-cloud-guest-utils-rh-eb39a53502dc1e91.yaml | 4 + .../fix-missing-cronie-rh-bd31001338ddbb1e.yaml | 4 + ...2-attributeerror-strptime-89a7350c55ac8818.yaml | 6 + ...enabled-pool-provisioning-e3adb987244a025a.yaml | 4 + .../notes/fix-udp-only-lbs-c4ca42106fc1e2bb.yaml | 5 + ...nstable-UDP-health-status-ba32690b83a9641b.yaml | 7 ++ .../get-all-unscoped-token-61da95856bc662e0.yaml | 10 ++ ...ction_limit-config-option-3ed9f0ed6ec2b514.yaml | 18 +++ requirements.txt | 4 +- test-requirements.txt | 2 +- tox.ini | 4 +- zuul.d/projects.yaml | 4 +- 63 files changed, 965 insertions(+), 199 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 6f803550..4de3dd41 100644 --- a/requirements.txt +++ b/requirements.txt @@ -28 +28 @@ oslo.reports>=1.18.0 # Apache-2.0 -oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 +oslo.serialization>=2.28.1 # Apache-2.0 @@ -43 +43 @@ diskimage-builder>=1.1.2,!=1.6.0,!=1.7.0,!=1.7.1,<3.0.0;python_version=='2.7' # -diskimage-builder>=1.26.0;python_version>='3.0' # Apache-2.0 +diskimage-builder>=2.27.0;python_version>='3.0' # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index de3ebd66..de4a2ee5 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -19 +19 @@ doc8>=0.6.0 # Apache-2.0 -bandit>=1.1.0 # Apache-2.0 +bandit>=1.1.0,<1.6.0 # Apache-2.0