Rocky Series Release Notes¶
Added build_active_retries and port_detach_timeout parameters.
Added the “connection_logging” parameter.
Adds connection_max_retries and connection_retry_interval to control retry behavior when the contacting the amphora.
Added octavia::controller::controller_ip_port_list which can be used to configure the [health_manager]/controller_ip_port_list configuration option.
Add new parameter, “workers” to health_manager which defaults to $::os_workers
Added Keepalived VRRP parameters.
The passphrase for config option ‘server_certs_key_passphrase’, that was recently added to Octavia, will now be auto-generated.
When certificate data or file paths change in octavia::certificates it will not cause a restart of the Octavia services so that for example the octavia-worker service can use the new certificates.
Octavia option [haproxy_amphora]/key_path will no longer be set. None of the maintained Octavia releases support it (removed in Mitaka).
If you want to use the new octavia::controller class you must define it before the octavia::worker class.
octavia::housekeeping::spare_amphorae_pool_size is deprecated and will be removed in the future release. Please use octavia::housekeeping::spare_amphora_pool_size instead.
The following octavia::worker parameters are deprecated and have been moved to octavia::controller class. When you start using octavia::controller make sure it’s defined before octavia::worker.
Certificate changes no longer shows diffs in output.
Fixed a bug where certificate folders that depended on paths provided by packages failed.
Fixed a bug where certificate changes would show the diffs. Certificate are now considered secrets and not displayed.
The passphrase for config option ‘server_certs_key_passphrase’, is used as a Fernet key in Octavia and thus must be 32 chars long.
There are a couple of configuration options that need to be set not only for the worker but also for other Octavia services. For example, on a composable node deployment where the API runs on a separate node than the rest of the Octavia services, the network driver was not being set (hence defaulting to noop driver) while for the worker the driver was allowed_address_pairs_driver. Another example is the database that was only being set for the API service. Such configuration misalignment and omissions lead to operate Octavia services and its resources.
Added new parameter octavia::api::allow_tls_terminated_listeners which can be used to set the allow_tls_terminated_listeners config option.
Added new parameters octavia::api::api_v1_enabled and api_v2_enabled that can be used for enable/disable the API versions.
Added new parameter cert_generator, cert_manager, region_name and endpoint_type to the octavia::certificates class that configures the certificates section in the octavia.conf file.
Added new parameter client_ca and client_data_data to octavia::certificates. These can be used to separate the ca_certificate/server_ca and client_ca used which is something you want to do in production environment to avoid a compromised Amphora being able to connect to the other running amphoras.
Added new parameter octavia::worker::workers that can be used to set the number of worker processes.
Added new class octavia::wsgi::apache, you can now run the API under Apache with mod_wsgi.
Added new octavia::glance class that can be used to configure the glance section in octavia.conf
Added new octavia::neutron class that can be used to configure the neutron section in octavia.conf
Added new octavia::nova class that can be used to configure the nova section in octavia.conf
Add a new class octavia::quota to manage the quota settings in Octavia.
The deprecated octavia::rpc_backend is now removed. Please use octavia::default_transport_url instead.
Adds the pool_timeout option for configuring oslo.db. This will configure this value for pool_timeout with SQLAlchemy.
Added octavia::roles::role_names parameter to enable creation of the keystone roles supported by the Octavia API.
Add openstack-db tag to Exec that run db-sync.
Deprecated ensure_package option has been removed.
Deprecated keystone::authtoken::revocation_cache_time option has been removed.
auth_uri is deprecated and will be removed in a future release. Please use www_authenticate_uri instead.