Commits (13)
  • OpenStack Release Bot's avatar
    Update .gitreview for stable/stein · 52257903
    OpenStack Release Bot authored
    Change-Id: I7e981588afaf0857100f1c50da62d1bd3551eede
  • OpenStack Release Bot's avatar
    Update UPPER_CONSTRAINTS_FILE for stable/stein · 1b83d56a
    OpenStack Release Bot authored
    Update the URL to the upper-constraints file to point to the redirect
    rule on releases.openstack.org so that anyone working on this branch
    will switch to the correct upper-constraints list automatically when
    the requirements repository branches.
    Until the requirements repository has as stable/stein branch, tests will
    continue to use the upper-constraints list on master.
    Change-Id: I9a7235c5662a83974531b439345e081316b2d3a1
  • Ian Wienand's avatar
    Replace openstack.org git:// URLs with https:// · 80bfa259
    Ian Wienand authored
    This is a mechanically generated change to replace openstack.org
    git:// URLs with https:// equivalents.
    This is in aid of a planned future move of the git hosting
    infrastructure to a self-hosted instance of gitea (https://gitea.io),
    which does not support the git wire protocol at this stage.
    This update should result in no functional change.
    For more information see the thread at
    Change-Id: I1fc6fefacfb048ef5ad3accb41f9060ae23b3ac3
  • Michael Johnson's avatar
    Fix ifup failures on member interfaces with IPv6 · dd70fec0
    Michael Johnson authored
    When an older version of ifup is used, there are cases where bringing
    up an IPv6 address on an interface will fail with "RTNETLINK answers:
    File exists"
    This patch corrects this issue by bringing the interface up and
    flushing the existing addresses prior to the ifup.
    This returns a previous behavior of the ifdown/ifup commands.
    Change-Id: I0dbb145ab9a0bb8f831c1db28cabd262f9394e7e
    Story: 2005320
    Task: 30248
    (cherry picked from commit 23a411413fbad6e96ed6b3c3ec3876cba3d8f4fd)
  • Pavel Abalikhin's avatar
    Fix initialization of Barbican client · c2afddfd
    Pavel Abalikhin authored
    Region and endpoint_type parameters should be used when initializing
    Barbican client.
    Change-Id: Id5a0c6f061e36b93e82d2eea8a5bac9ede66b159
    Story: 2005233
    Task: 30015
    (cherry picked from commit dc5a708d9a9d8b29de3c97a685c83872e0f10531)
  • Carlos Goncalves's avatar
    Fix VIP plugging on CentOS-based amphorae · 4ca1b681
    Carlos Goncalves authored
    ifup does not provide option -v in CentOS-based amphorae.
    This option was added in I0dbb145ab9a0bb8f831c1db28cabd262f9394e7e.
    Story: 2005341
    Task: 30288
    Change-Id: I56947e0d2bb207b59b0b3928efc96546d6410f43
    (cherry picked from commit 95a872fcd905c0f7c4f2b4cf63e93fa9770d13c1)
  • Gregory Thiemonge's avatar
    Fix spare amphora check and creation · aa06d8d1
    Gregory Thiemonge authored
    This patch fixes an issue when the SparesPool table is empty that blocks
    spare amphorae creation. It creates a new spares pool entry if the table
    is empty.
    Story 2005352
    Task 30306
    Change-Id: I0ce2778277640ee9e509c709bf8621b8b025d6d3
  • Carlos Goncalves's avatar
    Fix setting of VIP QoS policy · 86e3eb4c
    Carlos Goncalves authored
    Load balancers were going in to ERROR when updating vip_qos_policy_id in
    two different cases:
    - QoS extension enabled: the VIP DB data model was incorrectly
      constructed ('vip_qos_policy_id' where it should have been
    - QoS extension disabled: setting an UUID or None would fail in the LB
      update flow as the extension is disabled, and the API would return
      HTTP 202 to the user.
    Story: 2004602
    Task: 28512
    Change-Id: Ie974afa52fe70cbab72b7e7f75bf7ee1015e148c
    (cherry picked from commit e0c45ce4d288aa0a8c855754245cd3949e54fa3d)
  • Zuul's avatar
  • Zuul's avatar
  • Michael Johnson's avatar
    Fix the amphora base port coming up · feb640d9
    Michael Johnson authored
    A recent change[1] broke the base port IP address coming up in the
    amphora. This would cause active/standby and single topology amphora
    with members on the VIP subnet to fail.
    This patch resolves this issue by not flushing the eth1:0 address.
    Story: 2005383
    Task: 30368
    [1] https://review.openstack.org/#/c/648504/
    Change-Id: I52e7e9f172b7783bae09be76cc137f4e7198165f
    (cherry picked from commit 41ff43131f030d7a01f6d09a1c12f16cf0d400dd)
  • Thomas Goirand's avatar
    Merge tag '4.0.0' into debian/stein · 16247f9b
    Thomas Goirand authored
    octavia 4.0.0 release
    meta:version: 4.0.0
    meta:series: stein
    meta:release-type: release
    meta:pypi: yes
    meta:first: yes
    meta:release:Author: Sean McGinnis <sean.mcginnis@gmail.com>
    meta:release:Commit: Thierry Carrez <thierry@openstack.org>
    meta:release:Change-Id: I2717755ff6e525a4075cf5f6397c0c1d1d45e170
    meta:release:Code-Review+1: Tom Barron <tpb@dyncloud.net>
    meta:release:Code-Review+1: dharmendra kushwaha <dharmendra.kushwaha@india.nec.com>
    meta:release:Code-Review+1: Ivan Kolodyazhny <e0ne@e0ne.info>
    meta:release:Code-Review+1: Akihiro Motoki <amotoki@gmail.com>
    meta:release:Code-Review+1: zhurong <aaronzhu1121@gmail.com>
    meta:release:Code-Review+1: Chris Dent <cdent@anticdent.org>
    meta:release:Code-Review+1: Graham Hayes <gr@ham.ie>
    meta:release:Code-Review+1: Luka Peschke <luka.peschke@objectif-libre.com>
    meta:release:Code-Review+1: Pierre Riteau <pierre@stackhpc.com>
    meta:release:Code-Review+1: Li Liu <liliueecg@gmail.com>
    meta:release:Code-Review+1: Ghanshyam Mann <gmann@ghanshyammann.com>
    meta:release:Code-Review+1: Eric Fried <openstack@fried.cc>
    meta:release:Code-Review+1: melanie witt <melwittt@gmail.com>
    meta:release:Code-Review+1: licanwei <li.canwei2@zte.com.cn>
    meta:release:Code-Review+1: XueFeng Liu <liu.xuefeng1@zte.com.cn>
    meta:release:Code-Review+1: Renat Akhmerov <renat.akhmerov@gmail.com>
    meta:release:Code-Review+1: Colleen Murphy <colleen@gazlene.net>
    meta:release:Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com>
    meta:release:Code-Review+2: Doug Hellmann <doug@doughellmann.com>
    meta:release:Code-Review+2: Kendall Nelson <kennelson11@gmail.com>
    meta:release:Code-Review+2: Jean-Philippe Evrard <jean-philippe@evrard.me>
    meta:release:Code-Review+2: Tony Breeds <tony@bakeyournoodle.com>
    meta:release:Code-Review+1: Erno Kuvaja <jokke@usr.fi>
    meta:release:Code-Review+2: Thierry Carrez <thierry@openstack.org>
    meta:release:Workflow+1: Sean McGinnis <sean.mcginnis@gmail.com>
  • Thomas Goirand's avatar
    Now packaging 4.0.0 (stein). · 36001f65
    Thomas Goirand authored
......@@ -2,4 +2,4 @@
octavia (4.0.0-1) experimental; urgency=medium
* New upstream release.
-- Thomas Goirand <zigo@debian.org> Thu, 11 Apr 2019 10:43:07 +0200
octavia (4.0.0~rc1-1) experimental; urgency=medium
* New upstream release.
......@@ -199,13 +199,29 @@ class BaseOS(object):
return host_routes
def _bring_if_up(cls, interface, what):
def _bring_if_up(cls, interface, what, flush=True):
# Note, we are not using pyroute2 for this as it is not /etc/netns
# aware.
# Work around for bug:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845121
int_up = "ip netns exec {ns} ip link set {int} up".format(
ns=consts.AMPHORA_NAMESPACE, int=interface)
addr_flush = "ip netns exec {ns} ip addr flush {int}".format(
ns=consts.AMPHORA_NAMESPACE, int=interface)
cmd = ("ip netns exec {ns} ifup {params}".format(
ns=consts.AMPHORA_NAMESPACE, params=interface))
subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT)
out = subprocess.check_output(int_up.split(),
if flush:
out = subprocess.check_output(addr_flush.split(),
out = subprocess.check_output(cmd.split(),
except subprocess.CalledProcessError as e:
LOG.error('Failed to ifup %s due to error: %s %s', interface, e,
......@@ -233,7 +249,7 @@ class BaseOS(object):
cls._bring_if_up(primary_interface, 'VIP')
if secondary_interface:
cls._bring_if_up(secondary_interface, 'VIP')
cls._bring_if_up(secondary_interface, 'VIP', flush=False)
def has_ifup_all(self):
return True
......@@ -95,7 +95,7 @@ class AmphoraProviderDriver(driver_base.ProviderDriver):
# expects
vip_qos_policy_id = lb_dict.pop('vip_qos_policy_id', None)
if vip_qos_policy_id:
vip_dict = {"vip_qos_policy_id": vip_qos_policy_id}
vip_dict = {"qos_policy_id": vip_qos_policy_id}
lb_dict["vip"] = vip_dict
payload = {consts.LOAD_BALANCER_ID: lb_id,
......@@ -547,11 +547,12 @@ class LoadBalancersController(base.BaseController):
self._auth_validate_action(context, db_lb.project_id,
if (load_balancer.vip_qos_policy_id and
not isinstance(load_balancer.vip_qos_policy_id,
wtypes.UnsetType) and
db_lb.vip.qos_policy_id != load_balancer.vip_qos_policy_id):
if not isinstance(load_balancer.vip_qos_policy_id, wtypes.UnsetType):
network_driver = utils.get_network_driver()
if load_balancer.vip_qos_policy_id is not None:
if db_lb.vip.qos_policy_id != load_balancer.vip_qos_policy_id:
# Load the driver early as it also provides validation
driver = driver_factory.get_driver(db_lb.provider)
......@@ -90,4 +90,7 @@ class BarbicanACLAuth(barbican_common.BarbicanAuth):
user_session = session.Session(auth=user_auth)
# create a special barbican client with our user's session
return barbican_client.Client(session=user_session)
return barbican_client.Client(
......@@ -342,6 +342,7 @@ def subnet_exists(subnet_id):
def qos_policy_exists(qos_policy_id):
network_driver = utils.get_network_driver()
qos_policy = network_driver.get_qos_policy(qos_policy_id)
except Exception:
......@@ -350,6 +351,12 @@ def qos_policy_exists(qos_policy_id):
return qos_policy
def qos_extension_enabled(network_driver):
if not network_driver.qos_enabled():
raise exceptions.ValidationException(detail=_(
"VIP QoS policy is not allowed in this deployment."))
def network_exists_optionally_contains_subnet(network_id, subnet_id=None):
"""Raises an exception when a network does not exist.
# Copyright 2019 Michael Johnson
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Seed the spares_pool table
Revision ID: 46d914b2a5e5
Revises: 6ffc710674ef
Create Date: 2019-04-03 14:03:25.596157
import datetime
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = '46d914b2a5e5'
down_revision = '6ffc710674ef'
def upgrade():
# Create temporary table for table data seeding
insert_table = sa.table(
sa.column(u'updated_at', sa.DateTime),
# Note: The date/time doesn't matter, we just need to seed the table.
{'updated_at': datetime.datetime.now()}
......@@ -349,3 +349,10 @@ class AbstractNetworkDriver(object):
:param subnet: The subnet to plug the aap into
def qos_enabled(self):
"""Whether QoS is enabled
:return: Boolean
......@@ -27,6 +27,7 @@ from octavia.network.drivers.neutron import utils
LOG = logging.getLogger(__name__)
DNS_INT_EXT_ALIAS = 'dns-integration'
SEC_GRP_EXT_ALIAS = 'security-group'
......@@ -46,6 +47,7 @@ class BaseNeutronDriver(base.AbstractNetworkDriver):
self.sec_grp_enabled = self._check_extension_enabled(SEC_GRP_EXT_ALIAS)
self.dns_integration_enabled = self._check_extension_enabled(
self._qos_enabled = self._check_extension_enabled(QOS_EXT_ALIAS)
self.project_id = self.neutron_client.get_auth_info().get(
......@@ -248,3 +250,6 @@ class BaseNeutronDriver(base.AbstractNetworkDriver):
def get_qos_policy(self, qos_policy_id):
return self._get_resource('qos_policy', qos_policy_id)
def qos_enabled(self):
return self._qos_enabled
......@@ -26,6 +26,7 @@ class NoopManager(object):
def __init__(self):
super(NoopManager, self).__init__()
self.networkconfigconfig = {}
self._qos_extension_enabled = True
def allocate_vip(self, loadbalancer):
LOG.debug("Network %s no-op, allocate_vip loadbalancer %s",
......@@ -260,6 +261,9 @@ class NoopManager(object):
self.networkconfigconfig[(qos_id, port_id)] = (
qos_id, port_id, 'apply_qos_on_port')
def qos_enabled(self):
return self._qos_extension_enabled
class NoopNetworkDriver(driver_base.AbstractNetworkDriver):
def __init__(self):
......@@ -338,3 +342,6 @@ class NoopNetworkDriver(driver_base.AbstractNetworkDriver):
def unplug_aap_port(self, vip, amphora, subnet):
self.driver.unplug_aap_port(vip, amphora, subnet)
def qos_enabled(self):
return self.driver.qos_enabled()
......@@ -1590,6 +1590,20 @@ class TestLoadBalancer(base.BaseAPITest):
lb_json, status=400)
def test_update_with_qos_ext_disabled(self):
project_id = uuidutils.generate_uuid()
lb = self.create_load_balancer(uuidutils.generate_uuid(),
lb_dict = lb.get(self.root_tag)
vip_qos_policy_id = uuidutils.generate_uuid()
lb_json = self._build_body({'vip_qos_policy_id': vip_qos_policy_id})
with mock.patch("octavia.network.drivers.noop_driver.driver"
".NoopManager.qos_enabled", return_value=False):
lb_json, status=400)
def test_update_bad_lb_id(self):
path = self.LB_PATH.format(lb_id='SEAN-CONNERY')
self.put(path, body={}, status=404)
......@@ -112,7 +112,7 @@ class TestAmphoraDriver(base.TestRpc):
provider_lb = driver_dm.LoadBalancer(
lb_dict = {'vip': {'vip_qos_policy_id': qos_policy_id}}
lb_dict = {'vip': {'qos_policy_id': qos_policy_id}}
self.amp_driver.loadbalancer_update(old_provider_lb, provider_lb)
payload = {consts.LOAD_BALANCER_ID: self.sample_data.lb_id,
consts.LOAD_BALANCER_UPDATES: lb_dict}
......@@ -33,7 +33,7 @@ class TestBarbicanACLAuth(base.TestCase):
# Reset the client
keystone._SESSION = None
self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
self.conf.config(group="certificates", region_name=None)
self.conf.config(group="certificates", region_name='RegionOne')
self.conf.config(group="certificates", endpoint_type='publicURL')
@mock.patch('keystoneauth1.session.Session', mock.Mock())
......@@ -91,3 +91,5 @@ class TestBarbicanACLAuth(base.TestCase):
bc = acl_auth_object.get_barbican_client_user_auth(mock.Mock())
self.assertTrue(hasattr(bc, 'containers') and
hasattr(bc.containers, 'register_consumer'))
self.assertEqual('publicURL', bc.client.interface)
self.assertEqual('RegionOne', bc.client.region_name)
......@@ -374,6 +374,18 @@ class TestValidations(base.TestCase):
def test_qos_extension_enabled(self):
network_driver = mock.Mock()
network_driver.qos_enabled.return_value = True
def test_qos_extension_disabled(self):
network_driver = mock.Mock()
network_driver.qos_enabled.return_value = False
def test_check_session_persistence(self):
valid_cookie_name_dict = {'type': 'APP_COOKIE',
'cookie_name': 'chocolate_chip'}
......@@ -17,7 +17,7 @@
dest: devstack-gate
/usr/zuul-env/bin/zuul-cloner -m clonemap.yaml --cache-dir /opt/git \
git://git.openstack.org \
https://git.openstack.org \
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
......@@ -17,7 +17,7 @@
dest: devstack-gate
/usr/zuul-env/bin/zuul-cloner -m clonemap.yaml --cache-dir /opt/git \
git://git.openstack.org \
https://git.openstack.org \
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
......@@ -17,7 +17,7 @@
dest: devstack-gate
/usr/zuul-env/bin/zuul-cloner -m clonemap.yaml --cache-dir /opt/git \
git://git.openstack.org \
https://git.openstack.org \
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
- |
Fixed an issue creating members on networks with IPv6 subnets.
- |
To fix the issue with active/standby load balancers or single topology
load balancers with members on the VIP subnet, you need to update the
amphora image.
- |
Fixed a bug where active/standby load balancers and single topology
load balancers with members on the VIP subnet may fail. An updated
image is required to fix this bug.
- |
Fixed an issue that prevents spare amphorae to be created.
- Fixed an error when plugging the VIP on CentOS-based amphorae.
- Fixed an issue where trying to set a QoS policy on a VIP while the QoS
extension is disabled would bring the load balancer to ERROR. Should the
QoS extension be disabled, the API will now return HTTP 400 to the user.
- Fixed an issue where setting a QoS policy on the VIP would bring the load
balancer to ERROR when the QoS extension is enabled.
......@@ -8,7 +8,7 @@ usedevelop = True
setenv = VIRTUAL_ENV={envdir}
install_command =
pip install -U -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
pip install -U -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/stein} {opts} {packages}
whitelist_externals = find
deps = -r{toxinidir}/requirements.txt
......@@ -21,7 +21,7 @@ basepython = python3
# This environment is called from CI scripts to test and publish
# the API Ref to developer.openstack.org.
deps =
whitelist_externals = rm
......@@ -90,7 +90,7 @@ whitelist_externals =
basepython = python3
deps =
whitelist_externals = rm
......@@ -160,7 +160,7 @@ max-line-length = 79
basepython = python3
deps =
whitelist_externals = rm