Stein Series Release Notes¶
Added build_active_retries and port_detach_timeout parameters.
Added the “connection_logging” parameter.
Adds connection_max_retries and connection_retry_interval to control retry behavior when the contacting the amphora.
Adds octavia::api::ovn_nb_connection to configure ovn nb connection string for OVN Provider driver.
Added Keepalived VRRP parameters.
The passphrase for config option ‘server_certs_key_passphrase’, that was recently added to Octavia, will now be auto-generated.
octavia::housekeeping::spare_amphorae_pool_size is deprecated and will be removed in the future release. Please use octavia::housekeeping::spare_amphora_pool_size instead.
The passphrase for config option ‘server_certs_key_passphrase’, is used as a Fernet key in Octavia and thus must be 32 chars long.
In this release Ubuntu has moved all projects that supported it to python3 which means that there will be a lot of changes. The Puppet OpenStack project does not test the upgrade path from python2 to python3 packages so there might be manual steps required when moving to the python3 packages.
Add new parameter, “workers” to health_manager which defaults to $::os_workers
Added octavia::api::provider_drivers and octavia::api::default_provider_driver configuration to support configuring different load balancer drivers in octavia.
Service_token_roles_required missing in the server config file which allows backwards compatibility to ensure that the service tokens are compared against a list of possible roles for validity.
This module now requires a puppetlabs-mysql version >= 6.0.0
Ubuntu packages are now using python3, the upgrade path is not tested by Puppet OpenStack. Manual steps may be required when upgrading.
Added octavia::controller::controller_ip_port_list which can be used to configure the [health_manager]/controller_ip_port_list configuration option.
Adds the service_description option to config description of the service.
octavia::logging is now not included in init class by default.
The deprecated parameter auth_uri is now removed, please use www_authenticate_uri.
check_revocations_for_cached option is now deprecated for removal, the parameter has no effect.
hash_algorithms option is now deprecated for removal, the parameter has no effect.
Certificate changes no longer shows diffs in output.
Fixed a bug where certificate folders that depended on paths provided by packages failed.
Fixed a bug where certificate changes would show the diffs. Certificate are now considered secrets and not displayed.
Added new parameter octavia::api::allow_tls_terminated_listeners which can be used to set the allow_tls_terminated_listeners config option.
Added new parameters octavia::api::api_v1_enabled and api_v2_enabled that can be used for enable/disable the API versions.
Listeners default timeouts can be set by config in section haproxy_amphora:
timeout_client_data: Frontend client inactivity timeout
timeout_member_connect: Backend member connection timeout
timeout_member_data: Backend member inactivity timeout
timeout_tcp_inspect: Time to wait for TCP packets for content inspection
The value for all of these options is expected to be in milliseconds.
Added new parameter cert_generator, cert_manager, region_name and endpoint_type to the octavia::certificates class that configures the certificates section in the octavia.conf file.
Added new parameter client_ca and client_data_data to octavia::certificates. These can be used to separate the ca_certificate/server_ca and client_ca used which is something you want to do in production environment to avoid a compromised Amphora being able to connect to the other running amphoras.
Added new parameter octavia::worker::workers that can be used to set the number of worker processes.
Added all databases parameters in octavia::db in octavia::init.
Added new class octavia::wsgi::apache, you can now run the API under Apache with mod_wsgi.
Added new octavia::glance class that can be used to configure the glance section in octavia.conf
Added new octavia::neutron class that can be used to configure the neutron section in octavia.conf
Added new octavia::nova class that can be used to configure the nova section in octavia.conf
When certificate data or file paths change in octavia::certificates it will not cause a restart of the Octavia services so that for example the octavia-worker service can use the new certificates.
The octavia::db class should now be considered a private class. You should set all your database parameters in the init class.
Octavia option [haproxy_amphora]/key_path will no longer be set. None of the maintained Octavia releases support it (removed in Mitaka).
If you want to use the new octavia::controller class you must define it before the octavia::worker class.
The following octavia::worker parameters are deprecated and have been moved to octavia::controller class. When you start using octavia::controller make sure it’s defined before octavia::worker.
There are a couple of configuration options that need to be set not only for the worker but also for other Octavia services. For example, on a composable node deployment where the API runs on a separate node than the rest of the Octavia services, the network driver was not being set (hence defaulting to noop driver) while for the worker the driver was allowed_address_pairs_driver. Another example is the database that was only being set for the API service. Such configuration misalignment and omissions lead to operate Octavia services and its resources.