[release-announce] octavia 3.2.1 (rocky)
no-reply at openstack.org
no-reply at openstack.org
Mon Dec 16 10:56:44 UTC 2019
We are happy to announce the release of:
octavia 3.2.1: OpenStack Octavia Scalable Load Balancer as a Service
This release is part of the rocky stable release series.
The source is available from:
https://opendev.org/openstack/octavia
Download the package from:
https://pypi.org/project/octavia
Please report issues through:
https://storyboard.openstack.org/#!/project/908
For more details, please see below.
3.2.1
^^^^^
Upgrade Notes
*************
* A new amphora image is required to fix the potential certs-ramfs
race condition.
Security Issues
***************
* A race condition between the certs-ramfs and the amphora agent may
lead to tenant TLS content being stored on the amphora filesystem
instead of in the encrypted RAM filesystem.
Bug Fixes
*********
* Fixed a potential race condition with the certs-ramfs and amphora
agent services.
* Fixes an issue in the selection of vip-subnet-id on multi-subnet
networks by checking the IP availability of the subnets, ensuring
enough IPs are available for loadbalancer when creating loadbalancer
specifying vip-network-id.
* Fix a bug that could interrupt resource creation when performing a
graceful shutdown of the controller worker and leave resources in a
PENDING_CREATE/PENDING_UPDATE/PENDING_DELETE provisioning status. If
the duration of an Octavia flow is greater than the
'graceful_shutdown_timeout' configuration value, stopping the
Octavia worker can still interrupt the creation of resources.
Changes in octavia 3.2.0..3.2.1
-------------------------------
6fe5df6f Fix controller worker graceful shutdown
d4842728 Fix a potential race condition with certs-ramfs
d5aba906 ipvsadm '--exact' arg to ensure outputs are ints
f68460dd Fix issues with unavailable secrets
8faa4220 loadbalancer vip-network-id IP availability check
08916abd Improve the error message for bad pkcs12 bundles
Diffstat (except docs and test files)
-------------------------------------
devstack/plugin.sh | 5 ++
.../amphora-agent.conf | 2 +-
.../amphora-agent.init | 2 +-
.../amphora-agent.service | 3 +-
.../init-scripts/systemd/certs-ramfs.service | 1 +
etc/octavia.conf | 3 +
.../amphorae/backends/utils/keepalivedlvs_query.py | 3 +-
octavia/api/drivers/utils.py | 35 +++++----
octavia/api/v2/controllers/listener.py | 5 +-
octavia/api/v2/controllers/load_balancer.py | 33 ++++++---
octavia/certificates/common/pkcs12.py | 6 +-
octavia/certificates/manager/barbican.py | 2 +
octavia/common/exceptions.py | 7 ++
octavia/common/tls_utils/cert_parser.py | 43 ++++++++---
octavia/common/utils.py | 7 ++
octavia/controller/queue/consumer.py | 10 +--
octavia/network/base.py | 9 +++
octavia/network/data_models.py | 14 ++++
octavia/network/drivers/neutron/base.py | 3 +
octavia/network/drivers/neutron/utils.py | 9 +++
octavia/network/drivers/noop_driver/driver.py | 18 +++++
.../unit/certificates/manager/test_barbican.py | 18 +++++
.../unit/common/tls_utils/test_cert_parser.py | 34 +++++++++
.../unit/network/drivers/neutron/test_base.py | 15 ++++
.../unit/network/drivers/neutron/test_utils.py | 16 +++++
.../fix-certs-ramfs-race-561f355d13fc6d14.yaml | 14 ++++
...p-network-ip-availability-2e924f32abf01052.yaml | 7 ++
...-worker-graceful-shutdown-c44b6797637aa1b3.yaml | 9 +++
tox.ini | 3 +-
35 files changed, 453 insertions(+), 52 deletions(-)
More information about the Release-announce
mailing list