Open Stack

We are happy to announce the release of:

octavia 3.2.1: OpenStack Octavia Scalable Load Balancer as a Service

This release is part of the rocky stable release series.

The source is available from:

    https://opendev.org/openstack/octavia

Download the package from:

    https://pypi.org/project/octavia

Please report issues through:

    https://storyboard.openstack.org/#!/project/908

For more details, please see below.

3.2.1
^^^^^


Upgrade Notes
*************

* A new amphora image is required to fix the potential certs-ramfs
  race condition.


Security Issues
***************

* A race condition between the certs-ramfs and the amphora agent may
  lead to tenant TLS content being stored on the amphora filesystem
  instead of in the encrypted RAM filesystem.


Bug Fixes
*********

* Fixed a potential race condition with the certs-ramfs and amphora
  agent services.

* Fixes an issue in the selection of vip-subnet-id on multi-subnet
  networks by checking the IP availability of the subnets, ensuring
  enough IPs are available for loadbalancer when creating loadbalancer
  specifying vip-network-id.

* Fix a bug that could interrupt resource creation when performing a
  graceful shutdown of the controller worker and leave resources in a
  PENDING_CREATE/PENDING_UPDATE/PENDING_DELETE provisioning status. If
  the duration of an Octavia flow is greater than the
  'graceful_shutdown_timeout' configuration value, stopping the
  Octavia worker can still interrupt the creation of resources.

Changes in octavia 3.2.0..3.2.1
-------------------------------

6fe5df6f Fix controller worker graceful shutdown
d4842728 Fix a potential race condition with certs-ramfs
d5aba906 ipvsadm '--exact' arg to ensure outputs are ints
f68460dd Fix issues with unavailable secrets
8faa4220 loadbalancer vip-network-id IP availability check
08916abd Improve the error message for bad pkcs12 bundles


Diffstat (except docs and test files)
-------------------------------------

devstack/plugin.sh                                 |  5 ++
.../amphora-agent.conf                             |  2 +-
.../amphora-agent.init                             |  2 +-
.../amphora-agent.service                          |  3 +-
.../init-scripts/systemd/certs-ramfs.service       |  1 +
etc/octavia.conf                                   |  3 +
.../amphorae/backends/utils/keepalivedlvs_query.py |  3 +-
octavia/api/drivers/utils.py                       | 35 +++++----
octavia/api/v2/controllers/listener.py             |  5 +-
octavia/api/v2/controllers/load_balancer.py        | 33 ++++++---
octavia/certificates/common/pkcs12.py              |  6 +-
octavia/certificates/manager/barbican.py           |  2 +
octavia/common/exceptions.py                       |  7 ++
octavia/common/tls_utils/cert_parser.py            | 43 ++++++++---
octavia/common/utils.py                            |  7 ++
octavia/controller/queue/consumer.py               | 10 +--
octavia/network/base.py                            |  9 +++
octavia/network/data_models.py                     | 14 ++++
octavia/network/drivers/neutron/base.py            |  3 +
octavia/network/drivers/neutron/utils.py           |  9 +++
octavia/network/drivers/noop_driver/driver.py      | 18 +++++
.../unit/certificates/manager/test_barbican.py     | 18 +++++
.../unit/common/tls_utils/test_cert_parser.py      | 34 +++++++++
.../unit/network/drivers/neutron/test_base.py      | 15 ++++
.../unit/network/drivers/neutron/test_utils.py     | 16 +++++
.../fix-certs-ramfs-race-561f355d13fc6d14.yaml     | 14 ++++
...p-network-ip-availability-2e924f32abf01052.yaml |  7 ++
...-worker-graceful-shutdown-c44b6797637aa1b3.yaml |  9 +++
tox.ini                                            |  3 +-
35 files changed, 453 insertions(+), 52 deletions(-)