Current Series Release Notes

Current Series Release Notes

4.0.0.0rc1-64

New Features

  • Octavia now supports Amphora log offloading. Operators can define syslog targets for the Amphora administrative logs and for the tenant load balancer flow logs.

  • Added support to debug with the Python Visual Studio Debugger engine (ptvsd).

  • Added support to create RHEL 8 amphora images.

  • The validity period for locally generated certificates used inside Amphora is now configurable. See [certificates] cert_validity_time.

Known Issues

  • Amphorae are unable to provide tenant flow logs for UDP listeners.

Upgrade Notes

  • To enable log offloading, the amphora image needs to be updated.

  • To fix the issue with active/standby load balancers or single topology load balancers with members on the VIP subnet, you need to update the amphora image.

  • Octavia v1 API (used for integration with Neutron-LBaaS) has been removed. If Neutron-LBaaS integration is still required, do not upgrade to this version.

Deprecation Notes

  • Octavia v1 API deprecation is complete. All relevant code, tests, and docs have been removed.

Critical Issues

  • Fixed a bug where active/standby load balancers and single topology load balancers with members on the VIP subnet may fail. An updated image is required to fix this bug.

Security Issues

  • Communication between the control-plane and the amphora-agent now uses minimum TLSv1.2 by default, and is configurable. The previous default of SSLv2/3 is widely considered insecure.

  • The default validity time for Amphora certificates has been reduced from two years to 30 days.

Bug Fixes

  • Fixes a potential DB deadlock in allocate_and_associate found in testing.

  • Fixed an issue creating members on networks with IPv6 subnets.

  • Fixed duplicated IPv6 addresses in Active/Standby mode in CentOS amphorae.

  • Fixed an issue where the driver errors were not caught.

  • Fixed an error triggered when the deletion of the VIP security group fails.

  • Fixed an issue where the listener API would accept null/None values for fields that must have a valid value, such as connection-limit. Now when a PUT call is made to one of these fields with null as the value the API will reset the field value to the field default value.

  • Fixed an issue that prevents spare amphorae to be created.

  • Fixed an error when plugging the VIP on CentOS-based amphorae.

  • Fixed an issue where trying to set a QoS policy on a VIP while the QoS extension is disabled would bring the load balancer to ERROR. Should the QoS extension be disabled, the API will now return HTTP 400 to the user.

  • Fixed an issue where setting a QoS policy on the VIP would bring the load balancer to ERROR when the QoS extension is enabled.

  • Fixed a bug that prevents spare amphora rotation.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.