octavia 13.0.0__py3-none-any.whl → 14.0.0__py3-none-any.whl

octavia/amphorae/backends/agent/api_server/lvs_listener_base.py

@@ -85,6 +85,6 @@ class LvsListenerApiServerBase(object, metaclass=abc.ABCMeta):
         :param listener_id: The id of the listener
 
         :returns: HTTP response with status code.
-        :raises Exception: If unsupport initial system of amphora.
+        :raises Exception: If unsupported initial system of amphora.
 
         """

octavia/amphorae/backends/agent/api_server/osutils.py

@@ -38,8 +38,7 @@ class BaseOS(object):
     @classmethod
     def _get_subclasses(cls):
         for subclass in cls.__subclasses__():
-            for sc in subclass._get_subclasses():
-                yield sc
+            yield from subclass._get_subclasses()
             yield subclass
 
     @classmethod
@@ -65,14 +64,15 @@ class BaseOS(object):
         interface.write()
 
     def write_vip_interface_file(self, interface, vips, mtu, vrrp_info,
-                                 fixed_ips=None):
+                                 fixed_ips=None, is_sriov=False):
         vip_interface = interface_file.VIPInterfaceFile(
             name=interface,
             mtu=mtu,
             vips=vips,
             vrrp_info=vrrp_info,
             fixed_ips=fixed_ips,
-            topology=CONF.controller_worker.loadbalancer_topology)
+            topology=CONF.controller_worker.loadbalancer_topology,
+            is_sriov=is_sriov)
         vip_interface.write()
 
     def write_port_interface_file(self, interface, fixed_ips, mtu):
@@ -116,7 +116,7 @@ class RH(BaseOS):
 
     @classmethod
     def is_os_name(cls, os_name):
-        return os_name in ['fedora', 'rhel']
+        return os_name in ['fedora', 'rhel', 'rocky']
 
     def cmd_get_version_of_installed_package(self, package_name):
         name = self._map_package_name(package_name)

octavia/amphorae/backends/agent/api_server/plug.py

@@ -78,7 +78,7 @@ class Plug(object):
 
     def plug_vip(self, vip, subnet_cidr, gateway,
                  mac_address, mtu=None, vrrp_ip=None, host_routes=(),
-                 additional_vips=()):
+                 additional_vips=(), is_sriov=False):
         vips = [{
             'ip_address': vip,
             'subnet_cidr': subnet_cidr,
@@ -118,7 +118,8 @@ class Plug(object):
             interface=primary_interface,
             vips=rendered_vips,
             mtu=mtu,
-            vrrp_info=vrrp_info)
+            vrrp_info=vrrp_info,
+            is_sriov=is_sriov)
 
         # Update the list of interfaces to add to the namespace
         # This is used in the amphora reboot case to re-establish the namespace

octavia/amphorae/backends/agent/api_server/rules_schema.py

@@ -0,0 +1,52 @@
+# Copyright 2024 Red Hat, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+from octavia_lib.common import constants as lib_consts
+
+from octavia.common import constants as consts
+
+# This is a JSON schema validation dictionary
+# https://json-schema.org/latest/json-schema-validation.html
+
+SUPPORTED_RULES_SCHEMA = {
+    '$schema': 'http://json-schema.org/draft-07/schema#',
+    'title': 'Octavia Amphora NFTables Rules Schema',
+    'description': 'This schema is used to validate an nftables rules JSON '
+                   'document sent from a controller.',
+    'type': 'array',
+    'items': {
+        'additionalProperties': False,
+        'properties': {
+            consts.PROTOCOL: {
+                'type': 'string',
+                'description': 'The protocol for the rule. One of: '
+                               'TCP, UDP, VRRP, SCTP',
+                'enum': list((lib_consts.PROTOCOL_SCTP,
+                              lib_consts.PROTOCOL_TCP,
+                              lib_consts.PROTOCOL_UDP,
+                              consts.VRRP))
+            },
+            consts.CIDR: {
+                'type': ['string', 'null'],
+                'description': 'The allowed source CIDR.'
+            },
+            consts.PORT: {
+                'type': 'number',
+                'description': 'The protocol port number.',
+                'minimum': 1,
+                'maximum': 65535
+            }
+        },
+        'required': [consts.PROTOCOL, consts.CIDR, consts.PORT]
+    }
+}

octavia/amphorae/backends/agent/api_server/server.py

@@ -16,6 +16,7 @@ import os
 import stat
 
 import flask
+from jsonschema import validate
 from oslo_config import cfg
 from oslo_log import log as logging
 import webob
@@ -29,7 +30,9 @@ from octavia.amphorae.backends.agent.api_server import keepalivedlvs
 from octavia.amphorae.backends.agent.api_server import loadbalancer
 from octavia.amphorae.backends.agent.api_server import osutils
 from octavia.amphorae.backends.agent.api_server import plug
+from octavia.amphorae.backends.agent.api_server import rules_schema
 from octavia.amphorae.backends.agent.api_server import util
+from octavia.amphorae.backends.utils import nftable_utils
 from octavia.common import constants as consts
 
 
@@ -137,6 +140,9 @@ class Server(object):
         self.app.add_url_rule(rule=PATH_PREFIX + '/interface/<ip_addr>',
                               view_func=self.get_interface,
                               methods=['GET'])
+        self.app.add_url_rule(rule=PATH_PREFIX + '/interface/<ip_addr>/rules',
+                              view_func=self.set_interface_rules,
+                              methods=['PUT'])
 
     def upload_haproxy_config(self, amphora_id, lb_id):
         return self._loadbalancer.upload_haproxy_config(amphora_id, lb_id)
@@ -203,7 +209,8 @@ class Server(object):
                                    net_info.get('mtu'),
                                    net_info.get('vrrp_ip'),
                                    net_info.get('host_routes', ()),
-                                   net_info.get('additional_vips', ()))
+                                   net_info.get('additional_vips', ()),
+                                   net_info.get('is_sriov', False))
 
     def plug_network(self):
         try:
@@ -256,3 +263,23 @@ class Server(object):
 
     def version_discovery(self):
         return webob.Response(json={'api_version': api_server.VERSION})
+
+    def set_interface_rules(self, ip_addr):
+        interface_webob = self._amphora_info.get_interface(ip_addr)
+
+        if interface_webob.status_code != 200:
+            return interface_webob
+        interface = interface_webob.json['interface']
+
+        try:
+            rules_info = flask.request.get_json()
+            validate(rules_info, rules_schema.SUPPORTED_RULES_SCHEMA)
+        except Exception as e:
+            raise exceptions.BadRequest(
+                description='Invalid rules information') from e
+
+        nftable_utils.write_nftable_vip_rules_file(interface, rules_info)
+
+        nftable_utils.load_nftables_file()
+
+        return webob.Response(json={'message': 'OK'}, status=200)

octavia/amphorae/backends/utils/interface.py

@@ -28,6 +28,7 @@ from pyroute2.netlink.rtnl import ifaddrmsg
 from pyroute2.netlink.rtnl import rt_proto
 
 from octavia.amphorae.backends.utils import interface_file
+from octavia.amphorae.backends.utils import nftable_utils
 from octavia.common import constants as consts
 from octavia.common import exceptions
 
@@ -175,9 +176,48 @@ class InterfaceController(object):
         ip_network = ipaddress.ip_network(address, strict=False)
         return ip_network.compressed
 
+    def _setup_nftables_chain(self, interface):
+        # TODO(johnsom) Move this to pyroute2 when the nftables library
+        #               improves.
+
+        # Create the nftable
+        cmd = [consts.NFT_CMD, consts.NFT_ADD, 'table', consts.NFT_FAMILY,
+               consts.NFT_VIP_TABLE]
+        try:
+            subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+        except Exception as e:
+            if hasattr(e, 'output'):
+                LOG.error(e.output)
+            else:
+                LOG.error(e)
+            raise
+
+        # Create the chain with -310 priority to put it in front of the
+        # lvs-masquerade configured chain
+        cmd = [consts.NFT_CMD, consts.NFT_ADD, 'chain', consts.NFT_FAMILY,
+               consts.NFT_VIP_TABLE, consts.NFT_VIP_CHAIN,
+               '{', 'type', 'filter', 'hook', 'ingress', 'device',
+               interface.name, 'priority', consts.NFT_SRIOV_PRIORITY, ';',
+               'policy', 'drop', ';', '}']
+        try:
+            subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+        except Exception as e:
+            if hasattr(e, 'output'):
+                LOG.error(e.output)
+            else:
+                LOG.error(e)
+            raise
+
+        nftable_utils.write_nftable_vip_rules_file(interface.name, [])
+
+        nftable_utils.load_nftables_file()
+
     def up(self, interface):
         LOG.info("Setting interface %s up", interface.name)
 
+        if interface.is_sriov:
+            self._setup_nftables_chain(interface)
+
         with pyroute2.IPRoute() as ipr:
             idx = ipr.link_lookup(ifname=interface.name)[0]
 
@@ -227,7 +267,7 @@ class InterfaceController(object):
             if key in current_addresses:
                 current_addresses.remove(key)
             elif address.get(consts.OCTAVIA_OWNED, True):
-                # By default all adresses are managed/owned by Octavia
+                # By default all addresses are managed/owned by Octavia
                 address[consts.FAMILY] = self._family(
                     address[consts.ADDRESS])
                 LOG.debug("%s: Adding address %s", interface.name,
@@ -356,11 +396,10 @@ class InterfaceController(object):
                               **rule)
 
     def _scripts_up(self, interface, current_state):
-        if current_state == consts.IFACE_DOWN:
-            for script in interface.scripts[consts.IFACE_UP]:
-                LOG.debug("%s: Running command '%s'",
-                          interface.name, script[consts.COMMAND])
-                subprocess.check_output(script[consts.COMMAND].split())
+        for script in interface.scripts[consts.IFACE_UP]:
+            LOG.debug("%s: Running command '%s'",
+                      interface.name, script[consts.COMMAND])
+            subprocess.check_output(script[consts.COMMAND].split())
 
     def down(self, interface):
         LOG.info("Setting interface %s down", interface.name)

octavia/amphorae/backends/utils/interface_file.py

@@ -25,9 +25,8 @@ CONF = cfg.CONF
 
 
 class InterfaceFile(object):
-    def __init__(self, name, if_type,
-                 mtu=None, addresses=None,
-                 routes=None, rules=None, scripts=None):
+    def __init__(self, name, if_type, mtu=None, addresses=None,
+                 routes=None, rules=None, scripts=None, is_sriov=False):
         self.name = name
         self.if_type = if_type
         self.mtu = mtu
@@ -38,6 +37,7 @@ class InterfaceFile(object):
             consts.IFACE_UP: [],
             consts.IFACE_DOWN: []
         }
+        self.is_sriov = is_sriov
 
     @classmethod
     def get_extensions(cls):
@@ -98,7 +98,8 @@ class InterfaceFile(object):
                 consts.ADDRESSES: self.addresses,
                 consts.ROUTES: self.routes,
                 consts.RULES: self.rules,
-                consts.SCRIPTS: self.scripts
+                consts.SCRIPTS: self.scripts,
+                consts.IS_SRIOV: self.is_sriov
             }
             if self.mtu:
                 interface[consts.MTU] = self.mtu
@@ -106,12 +107,14 @@ class InterfaceFile(object):
 
 
 class VIPInterfaceFile(InterfaceFile):
-    def __init__(self, name, mtu, vips, vrrp_info, fixed_ips, topology):
+    def __init__(self, name, mtu, vips, vrrp_info, fixed_ips, topology,
+                 is_sriov=False):
 
-        super().__init__(name, if_type=consts.VIP, mtu=mtu)
+        super().__init__(name, if_type=consts.VIP, mtu=mtu, is_sriov=is_sriov)
 
         has_ipv4 = any(vip['ip_version'] == 4 for vip in vips)
         has_ipv6 = any(vip['ip_version'] == 6 for vip in vips)
+
         if vrrp_info:
             self.addresses.append({
                 consts.ADDRESS: vrrp_info['ip'],

octavia/amphorae/backends/utils/nftable_utils.py

@@ -0,0 +1,125 @@
+# Copyright 2024 Red Hat, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+import os
+import stat
+import subprocess
+
+from octavia_lib.common import constants as lib_consts
+from oslo_log import log as logging
+from webob import exc
+
+from octavia.amphorae.backends.utils import network_namespace
+from octavia.common import constants as consts
+from octavia.common import utils
+
+LOG = logging.getLogger(__name__)
+
+
+def write_nftable_vip_rules_file(interface_name, rules):
+    flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC
+    # mode 00600
+    mode = stat.S_IRUSR | stat.S_IWUSR
+
+    # Create some strings shared on both code paths
+    table_string = f'table {consts.NFT_FAMILY} {consts.NFT_VIP_TABLE} {{\n'
+    chain_string = f'  chain {consts.NFT_VIP_CHAIN} {{\n'
+    hook_string = (f'    type filter hook ingress device {interface_name} '
+                   f'priority {consts.NFT_SRIOV_PRIORITY}; policy drop;\n')
+
+    # Allow ICMP destination unreachable for PMTUD
+    icmp_string = '      icmp type destination-unreachable accept\n'
+    # Allow the required neighbor solicitation/discovery PMTUD ICMPV6
+    icmpv6_string = ('      icmpv6 type { nd-neighbor-solicit, '
+                     'nd-router-advert, nd-neighbor-advert, packet-too-big, '
+                     'destination-unreachable } accept\n')
+    # Allow DHCP responses
+    dhcp_string = '      udp sport 67 udp dport 68 accept\n'
+    dhcpv6_string = '      udp sport 547 udp dport 546 accept\n'
+
+    # Check if an existing rules file exists or we be need to create an
+    # "drop all" file with no rules except for VRRP. If it exists, we should
+    # not overwrite it here as it could be a reboot unless we were passed new
+    # rules.
+    if os.path.isfile(consts.NFT_VIP_RULES_FILE):
+        if not rules:
+            return
+        with os.fdopen(
+                os.open(consts.NFT_VIP_RULES_FILE, flags, mode), 'w') as file:
+            # Clear the existing rules in the kernel
+            # Note: The "nft -f" method is atomic, so clearing the rules will
+            #       not leave the amphora exposed.
+            # Create and delete the table to not get errors if the table does
+            # not exist yet.
+            file.write(f'table {consts.NFT_FAMILY} {consts.NFT_VIP_TABLE} '
+                       '{}\n')
+            file.write(f'delete table {consts.NFT_FAMILY} '
+                       f'{consts.NFT_VIP_TABLE}\n')
+            file.write(table_string)
+            file.write(chain_string)
+            file.write(hook_string)
+            file.write(icmp_string)
+            file.write(icmpv6_string)
+            file.write(dhcp_string)
+            file.write(dhcpv6_string)
+            for rule in rules:
+                file.write(f'      {_build_rule_cmd(rule)}\n')
+            file.write('  }\n')  # close the chain
+            file.write('}\n')  # close the table
+    else:  # No existing rules, create the "drop all" base rules
+        with os.fdopen(
+                os.open(consts.NFT_VIP_RULES_FILE, flags, mode), 'w') as file:
+            file.write(table_string)
+            file.write(chain_string)
+            file.write(hook_string)
+            file.write(icmp_string)
+            file.write(icmpv6_string)
+            file.write(dhcp_string)
+            file.write(dhcpv6_string)
+            file.write('  }\n')  # close the chain
+            file.write('}\n')  # close the table
+
+
+def _build_rule_cmd(rule):
+    prefix_saddr = ''
+    if rule[consts.CIDR] and rule[consts.CIDR] != '0.0.0.0/0':
+        cidr_ip_version = utils.ip_version(rule[consts.CIDR].split('/')[0])
+        if cidr_ip_version == 4:
+            prefix_saddr = f'ip saddr {rule[consts.CIDR]} '
+        elif cidr_ip_version == 6:
+            prefix_saddr = f'ip6 saddr {rule[consts.CIDR]} '
+        else:
+            raise exc.HTTPBadRequest(explanation='Unknown ip version')
+
+    if rule[consts.PROTOCOL] == lib_consts.PROTOCOL_SCTP:
+        return f'{prefix_saddr}sctp dport {rule[consts.PORT]} accept'
+    if rule[consts.PROTOCOL] == lib_consts.PROTOCOL_TCP:
+        return f'{prefix_saddr}tcp dport {rule[consts.PORT]} accept'
+    if rule[consts.PROTOCOL] == lib_consts.PROTOCOL_UDP:
+        return f'{prefix_saddr}udp dport {rule[consts.PORT]} accept'
+    if rule[consts.PROTOCOL] == consts.VRRP:
+        return f'{prefix_saddr}ip protocol 112 accept'
+    raise exc.HTTPBadRequest(explanation='Unknown protocol used in rules')
+
+
+def load_nftables_file():
+    cmd = [consts.NFT_CMD, '-o', '-f', consts.NFT_VIP_RULES_FILE]
+    try:
+        with network_namespace.NetworkNamespace(consts.AMPHORA_NAMESPACE):
+            subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+    except Exception as e:
+        if hasattr(e, 'output'):
+            LOG.error(e.output)
+        else:
+            LOG.error(e)
+        raise

octavia/amphorae/drivers/driver_base.py

@@ -14,6 +14,9 @@
 # under the License.
 
 import abc
+from typing import Optional
+
+from octavia.db import models as db_models
 
 
 class AmphoraLoadBalancerDriver(object, metaclass=abc.ABCMeta):
@@ -236,6 +239,30 @@ class AmphoraLoadBalancerDriver(object, metaclass=abc.ABCMeta):
         :type timeout_dict: dict
         """
 
+    @abc.abstractmethod
+    def check(self, amphora: db_models.Amphora,
+              timeout_dict: Optional[dict] = None):
+        """Check connectivity to the amphora.
+
+        :param amphora: The amphora to query.
+        :param timeout_dict: Dictionary of timeout values for calls to the
+                             amphora. May contain: req_conn_timeout,
+                             req_read_timeout, conn_max_retries,
+                             conn_retry_interval
+        :raises TimeOutException: The amphora didn't reply
+        """
+
+    @abc.abstractmethod
+    def set_interface_rules(self, amphora: db_models.Amphora, ip_address,
+                            rules):
+        """Sets interface firewall rules in the amphora
+
+        :param amphora: The amphora to query.
+        :param ip_address: The IP address assigned to the interface the rules
+                           will be applied on.
+        :param rules: The l1st of allow rules to apply.
+        """
+
 
 class VRRPDriverMixin(object, metaclass=abc.ABCMeta):
     """Abstract mixin class for VRRP support in loadbalancer amphorae

octavia/amphorae/drivers/haproxy/rest_api_driver.py

@@ -111,6 +111,11 @@ class HaproxyAmphoraLoadBalancerDriver(
 
         return api_version
 
+    def check(self, amphora: db_models.Amphora,
+              timeout_dict: Optional[dict] = None):
+        """Check connectivity to the amphora."""
+        self._populate_amphora_api_version(amphora, timeout_dict)
+
     def update_amphora_listeners(self, loadbalancer, amphora,
                                  timeout_dict=None):
         """Update the amphora with a new configuration.
@@ -313,7 +318,7 @@ class HaproxyAmphoraLoadBalancerDriver(
             # We have other listeners, so just update is fine.
             # TODO(rm_work): This is a little inefficient since this duplicates
             # a lot of the detection logic that has already been done, but it
-            # is probably safer to re-use the existing code-path.
+            # is probably safer to reuse the existing code-path.
             self.update_amphora_listeners(listener.load_balancer, amphora)
         else:
             # Deleting the last listener, so really do the delete
@@ -335,7 +340,7 @@ class HaproxyAmphoraLoadBalancerDriver(
     def finalize_amphora(self, amphora):
         pass
 
-    def _build_net_info(self, port, amphora, subnet, mtu=None):
+    def _build_net_info(self, port, amphora, subnet, mtu=None, sriov=False):
         # NOTE(blogan): using the vrrp port here because that
         # is what the allowed address pairs network driver sets
         # this particular port to.  This does expose a bit of
@@ -354,7 +359,8 @@ class HaproxyAmphoraLoadBalancerDriver(
                     'vrrp_ip': amphora[consts.VRRP_IP],
                     'mtu': mtu or port[consts.NETWORK][consts.MTU],
                     'host_routes': host_routes,
-                    'additional_vips': []}
+                    'additional_vips': [],
+                    'is_sriov': sriov}
         return net_info
 
     def post_vip_plug(self, amphora, load_balancer, amphorae_network_config,
@@ -365,9 +371,12 @@ class HaproxyAmphoraLoadBalancerDriver(
             mtu = port[consts.NETWORK][consts.MTU]
             LOG.debug("Post-VIP-Plugging with vrrp_ip %s vrrp_port %s",
                       amphora.vrrp_ip, port[consts.ID])
+            sriov = False
+            if load_balancer.vip.vnic_type == consts.VNIC_TYPE_DIRECT:
+                sriov = True
             net_info = self._build_net_info(
                 port, amphora.to_dict(),
-                vip_subnet.to_dict(recurse=True), mtu)
+                vip_subnet.to_dict(recurse=True), mtu, sriov)
             for add_vip in additional_vip_data:
                 add_host_routes = [{'nexthop': hr.nexthop,
                                     'destination': hr.destination}
@@ -579,15 +588,33 @@ class HaproxyAmphoraLoadBalancerDriver(
                              req_read_timeout, conn_max_retries,
                              conn_retry_interval
         :type timeout_dict: dict
-        :returns: None if not found, the interface name string if found.
+        :returns: the interface name string if found.
+        :raises octavia.amphorae.drivers.haproxy.exceptions.NotFound:
+                No interface found on the amphora
+        :raises TimeOutException: The amphora didn't reply
+        """
+        self._populate_amphora_api_version(amphora, timeout_dict)
+        response_json = self.clients[amphora.api_version].get_interface(
+            amphora, ip_address, timeout_dict, log_error=False)
+        return response_json.get('interface', None)
+
+    def set_interface_rules(self, amphora: db_models.Amphora,
+                            ip_address, rules, timeout_dict=None):
+        """Sets interface firewall rules in the amphora
+
+        :param amphora: The amphora to query.
+        :param ip_address: The IP address assigned to the interface the rules
+                           will be applied on.
+        :param rules: The l1st of allow rules to apply.
         """
         try:
             self._populate_amphora_api_version(amphora, timeout_dict)
-            response_json = self.clients[amphora.api_version].get_interface(
-                amphora, ip_address, timeout_dict, log_error=False)
-            return response_json.get('interface', None)
-        except (exc.NotFound, driver_except.TimeOutException):
-            return None
+            self.clients[amphora.api_version].set_interface_rules(
+                amphora, ip_address, rules, timeout_dict=timeout_dict)
+        except exc.NotFound as e:
+            LOG.debug('Amphora %s does not support the set_interface_rules '
+                      'API.', amphora.id)
+            raise driver_except.AmpDriverNotImplementedError() from e
 
 
 # Check a custom hostname
@@ -858,3 +885,8 @@ class AmphoraAPIClient1_0(AmphoraAPIClientBase):
     def update_agent_config(self, amp, agent_config, timeout_dict=None):
         r = self.put(amp, 'config', timeout_dict, data=agent_config)
         return exc.check_exception(r)
+
+    def set_interface_rules(self, amp, ip_address, rules, timeout_dict=None):
+        r = self.put(amp, f'interface/{ip_address}/rules', timeout_dict,
+                     json=rules)
+        return exc.check_exception(r)

octavia/amphorae/drivers/health/heartbeat_udp.py

@@ -490,7 +490,7 @@ class UpdateHealthDb:
                 raw_pools = listener['pools']
 
                 # normalize the pool IDs. Single process listener pools
-                # have the listener id appended with an ':' seperator.
+                # have the listener id appended with an ':' separator.
                 # Old multi-process listener pools only have a pool ID.
                 # This makes sure the keys are only pool IDs.
                 pools = {(k + ' ')[:k.rfind(':')]: v for k, v in
@@ -511,7 +511,7 @@ class UpdateHealthDb:
             raw_pools = health['pools']
 
             # normalize the pool IDs. Single process listener pools
-            # have the listener id appended with an ':' seperator.
+            # have the listener id appended with an ':' separator.
             # Old multi-process listener pools only have a pool ID.
             # This makes sure the keys are only pool IDs.
             pools = {(k + ' ')[:k.rfind(':')]: v for k, v in raw_pools.items()}

octavia/amphorae/drivers/keepalived/vrrp_rest_driver.py

@@ -88,7 +88,8 @@ class KeepalivedAmphoraDriverMixin(driver_base.VRRPDriverMixin):
 
         LOG.info("Start amphora %s VRRP Service.", amphora.id)
 
-        self._populate_amphora_api_version(amphora)
+        self._populate_amphora_api_version(amphora,
+                                           timeout_dict=timeout_dict)
         self.clients[amphora.api_version].start_vrrp(amphora,
                                                      timeout_dict=timeout_dict)
 

octavia/amphorae/drivers/noop_driver/driver.py

@@ -11,10 +11,14 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
+import random
 
 from oslo_log import log as logging
 
 from octavia.amphorae.drivers import driver_base
+from octavia.common import data_models
+from octavia.db import api as db_apis
+from octavia.db import repositories
 
 LOG = logging.getLogger(__name__)
 
@@ -34,6 +38,21 @@ class NoopManager(object):
             self.amphoraconfig[(listener.id, amphora_id)] = (
                 listener, amphora_id, timeout_dict, "update_amp")
 
+            # Add some dummy stats to the DB when using noop driver
+            listener_stats_repo = repositories.ListenerStatisticsRepository()
+            stats_obj = data_models.ListenerStatistics(
+                listener_id=listener.id,
+                amphora_id=amphora.id,
+                bytes_in=random.randrange(1000000000),
+                bytes_out=random.randrange(1000000000),
+                active_connections=random.randrange(1000000000),
+                total_connections=random.randrange(1000000000),
+                request_errors=random.randrange(1000000000),
+                received_time=float(random.randrange(1000000000)),
+            )
+            listener_stats_repo.replace(session=db_apis.get_session(),
+                                        stats_obj=stats_obj)
+
     def update(self, loadbalancer):
         LOG.debug("Amphora %s no-op, update listener %s, vip %s",
                   self.__class__.__name__,
@@ -196,3 +215,9 @@ class NoopAmphoraLoadBalancerDriver(
 
     def reload_vrrp_service(self, loadbalancer):
         pass
+
+    def check(self, amphora, timeout_dict=None):
+        pass
+
+    def set_interface_rules(self, amphora, ip_address, rules):
+        pass

octavia/api/app.py

@@ -20,6 +20,7 @@ from oslo_log import log as logging
 from oslo_middleware import cors
 from oslo_middleware import http_proxy_to_wsgi
 from oslo_middleware import request_id
+from oslo_middleware import sizelimit
 from pecan import configuration as pecan_configuration
 from pecan import make_app as pecan_make_app
 
@@ -103,4 +104,6 @@ def _wrap_app(app):
         expose_headers=['X-Auth-Token', 'X-Openstack-Request-Id']
     )
 
+    app = sizelimit.RequestBodySizeLimiter(app, cfg.CONF)
+
     return app