octavia 13.0.0__py3-none-any.whl → 14.0.0__py3-none-any.whl

octavia/cmd/status.py

@@ -12,8 +12,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import sys
-
 from oslo_config import cfg
 from oslo_upgradecheck import common_checks
 from oslo_upgradecheck import upgradecheck
@@ -120,7 +118,3 @@ class Checks(upgradecheck.UpgradeCommands):
 def main():
     return upgradecheck.main(
         CONF, project='octavia', upgrade_command=Checks())
-
-
-if __name__ == '__main__':
-    sys.exit(main())

octavia/common/base_taskflow.py

@@ -71,7 +71,7 @@ def _details_filter(obj):
 
 class FilteredJob(Job):
     def __str__(self):
-        # Override the detault __str__ method from taskflow.job.base.Job,
+        # Override the default __str__ method from taskflow.job.base.Job,
         # filter out private information from details
         cls_name = type(self).__name__
         details = _details_filter(self.details)

octavia/common/clients.py

@@ -79,11 +79,22 @@ class NeutronAuth(object):
         ksession = keystone.KeystoneSession('neutron')
         if not cls.neutron_client:
             sess = ksession.get_session()
-
-            kwargs = {}
+            kwargs = {'region_name': CONF.neutron.region_name}
+            # TODO(ricolin) `interface` option don't take list as option yet.
+            # We can move away from this when openstacksdk no longer depends
+            # on `interface`.
+            try:
+                interface = CONF.neutron.valid_interfaces[0]
+            except (TypeError, LookupError):
+                interface = CONF.neutron.valid_interfaces
+            if interface:
+                kwargs['interface'] = interface
             if CONF.neutron.endpoint_override:
                 kwargs['network_endpoint_override'] = (
                     CONF.neutron.endpoint_override)
+                if CONF.neutron.endpoint_override.startswith("https"):
+                    kwargs['insecure'] = CONF.neutron.insecure
+                    kwargs['cacert'] = CONF.neutron.cafile
 
             conn = openstack.connection.Connection(
                 session=sess, **kwargs)
@@ -103,7 +114,8 @@ class NeutronAuth(object):
         neutron_endpoint = CONF.neutron.endpoint_override
         if neutron_endpoint is None:
             endpoint_data = sess.get_endpoint_data(
-                service_type='network', interface=CONF.neutron.endpoint_type,
+                service_type='network',
+                interface=CONF.neutron.valid_interfaces,
                 region_name=CONF.neutron.region_name)
             neutron_endpoint = endpoint_data.catalog_url
 

octavia/common/config.py

@@ -534,7 +534,18 @@ controller_worker_opts = [
     cfg.BoolOpt('event_notifications', default=True,
                 help=_('Enable octavia event notifications. See '
                        'oslo_messaging_notifications section for additional '
-                       'requirements.'))
+                       'requirements.')),
+    # 2000 attempts is around 2h45 with the default settings
+    cfg.IntOpt('db_commit_retry_attempts', default=2000,
+               help=_('The number of times the database action will be '
+                      'attempted.')),
+    cfg.IntOpt('db_commit_retry_initial_delay', default=1,
+               help=_('The initial delay before a retry attempt.')),
+    cfg.IntOpt('db_commit_retry_backoff', default=1,
+               help=_('The time to backoff retry attempts.')),
+    cfg.IntOpt('db_commit_retry_max', default=5,
+               help=_('The maximum amount of time to wait between retry '
+                      'attempts.')),
 ]
 
 task_flow_opts = [
@@ -568,7 +579,9 @@ task_flow_opts = [
                 help='Jobboard backend server host(s).'),
     cfg.PortOpt('jobboard_backend_port', default=6379,
                 help='Jobboard backend server port'),
-    cfg.StrOpt('jobboard_backend_password', default='', secret=True,
+    cfg.StrOpt('jobboard_backend_username',
+               help='Jobboard backend server user name'),
+    cfg.StrOpt('jobboard_backend_password', secret=True,
                help='Jobboard backend server password'),
     cfg.StrOpt('jobboard_backend_namespace', default='octavia_jobboard',
                help='Jobboard name that should be used to store taskflow '
@@ -924,24 +937,29 @@ def register_cli_opts():
 def handle_neutron_deprecations():
     # Apply neutron deprecated options to their new setting if needed
 
-    # Basicaly: if the value of the deprecated option is not the default:
+    # Basically: if the new option is not set and the value of the deprecated
+    # option is not the default, it means that the deprecated setting is still
+    # used in the config file:
     # * convert it to a valid "new" value if needed
     # * set it as the default for the new option
     # Thus [neutron].<new_option> has an higher precedence than
     # [neutron].<deprecated_option>
     loc = cfg.CONF.get_location('endpoint', 'neutron')
-    if loc and loc.location != cfg.Locations.opt_default:
+    new_loc = cfg.CONF.get_location('endpoint_override', 'neutron')
+    if not new_loc and loc and loc.location != cfg.Locations.opt_default:
         cfg.CONF.set_default('endpoint_override', cfg.CONF.neutron.endpoint,
                              'neutron')
 
     loc = cfg.CONF.get_location('endpoint_type', 'neutron')
-    if loc and loc.location != cfg.Locations.opt_default:
+    new_loc = cfg.CONF.get_location('valid_interfaces', 'neutron')
+    if not new_loc and loc and loc.location != cfg.Locations.opt_default:
         endpoint_type = cfg.CONF.neutron.endpoint_type.replace('URL', '')
         cfg.CONF.set_default('valid_interfaces', [endpoint_type],
                              'neutron')
 
     loc = cfg.CONF.get_location('ca_certificates_file', 'neutron')
-    if loc and loc.location != cfg.Locations.opt_default:
+    new_loc = cfg.CONF.get_location('cafile', 'neutron')
+    if not new_loc and loc and loc.location != cfg.Locations.opt_default:
         cfg.CONF.set_default('cafile', cfg.CONF.neutron.ca_certificates_file,
                              'neutron')
 

octavia/common/constants.py

@@ -308,15 +308,19 @@ AMP_DATA = 'amp_data'
 AMP_VRRP_INT = 'amp_vrrp_int'
 AMPHORA = 'amphora'
 AMPHORA_DICT = 'amphora_dict'
+AMPHORA_FIREWALL_RULES = 'amphora_firewall_rules'
 AMPHORA_ID = 'amphora_id'
 AMPHORA_INDEX = 'amphora_index'
 AMPHORA_NETWORK_CONFIG = 'amphora_network_config'
 AMPHORAE = 'amphorae'
 AMPHORAE_NETWORK_CONFIG = 'amphorae_network_config'
+AMPHORAE_STATUS = 'amphorae_status'
 AMPS_DATA = 'amps_data'
 ANTI_AFFINITY = 'anti-affinity'
 ATTEMPT_NUMBER = 'attempt_number'
 BASE_PORT = 'base_port'
+BINDING_VNIC_TYPE = 'binding_vnic_type'
+BUILD_AMP_DATA = 'build_amp_data'
 BYTES_IN = 'bytes_in'
 BYTES_OUT = 'bytes_out'
 CACHED_ZONE = 'cached_zone'
@@ -363,6 +367,7 @@ ID = 'id'
 IMAGE_ID = 'image_id'
 IP_ADDRESS = 'ip_address'
 IPV6_ICMP = 'ipv6-icmp'
+IS_SRIOV = 'is_sriov'
 LB_NETWORK_IP = 'lb_network_ip'
 L7POLICY = 'l7policy'
 L7POLICY_ID = 'l7policy_id'
@@ -387,6 +392,8 @@ MESSAGE = 'message'
 NAME = 'name'
 NETWORK = 'network'
 NETWORK_ID = 'network_id'
+NEW_AMPHORAE = 'new_amphorae'
+NEW_AMPHORA_ID = 'new_amphora_id'
 NEXTHOP = 'nexthop'
 NICS = 'nics'
 OBJECT = 'object'
@@ -404,6 +411,7 @@ POOL_CHILD_COUNT = 'pool_child_count'
 POOL_ID = 'pool_id'
 POOL_UPDATES = 'pool_updates'
 PORT = 'port'
+PORT_DATA = 'port_data'
 PORT_ID = 'port_id'
 PORTS = 'ports'
 PROJECT_ID = 'project_id'
@@ -435,6 +443,7 @@ TLS_CERTIFICATE_ID = 'tls_certificate_id'
 TLS_CONTAINER_ID = 'tls_container_id'
 TOPOLOGY = 'topology'
 TOTAL_CONNECTIONS = 'total_connections'
+UNREACHABLE = 'unreachable'
 UPDATED_AT = 'updated_at'
 UPDATE_DICT = 'update_dict'
 UPDATED_PORTS = 'updated_ports'
@@ -448,6 +457,11 @@ VIP_QOS_POLICY_ID = 'vip_qos_policy_id'
 VIP_SG_ID = 'vip_sg_id'
 VIP_SUBNET = 'vip_subnet'
 VIP_SUBNET_ID = 'vip_subnet_id'
+VIP_VNIC_TYPE = 'vip_vnic_type'
+VNIC_TYPE = 'vnic_type'
+VNIC_TYPE_DIRECT = 'direct'
+VNIC_TYPE_NORMAL = 'normal'
+VRRP = 'vrrp'
 VRRP_ID = 'vrrp_id'
 VRRP_IP = 'vrrp_ip'
 VRRP_GROUP = 'vrrp_group'
@@ -456,6 +470,7 @@ VRRP_PORT_ID = 'vrrp_port_id'
 VRRP_PRIORITY = 'vrrp_priority'
 
 # Taskflow flow and task names
+AMP_UPDATE_FW_SUBFLOW = 'amphora-update-firewall-subflow'
 CERT_ROTATE_AMPHORA_FLOW = 'octavia-cert-rotate-amphora-flow'
 CREATE_AMPHORA_FLOW = 'octavia-create-amphora-flow'
 CREATE_AMPHORA_RETRY_SUBFLOW = 'octavia-create-amphora-retry-subflow'
@@ -484,6 +499,7 @@ DELETE_L7RULE_FLOW = 'octavia-delete-l7policy-flow'
 FAILOVER_AMPHORA_FLOW = 'octavia-failover-amphora-flow'
 FAILOVER_LOADBALANCER_FLOW = 'octavia-failover-loadbalancer-flow'
 FINALIZE_AMPHORA_FLOW = 'octavia-finalize-amphora-flow'
+FIREWALL_RULES_SUBFLOW = 'firewall-rules-subflow'
 LOADBALANCER_NETWORKING_SUBFLOW = 'octavia-new-loadbalancer-net-subflow'
 UPDATE_HEALTH_MONITOR_FLOW = 'octavia-update-health-monitor-flow'
 UPDATE_LISTENER_FLOW = 'octavia-update-listener-flow'
@@ -561,7 +577,9 @@ DELETE_MEMBER_INDB = 'octavia-delete-member-indb'
 ADMIN_DOWN_PORT = 'admin-down-port'
 AMPHORA_POST_VIP_PLUG = 'amphora-post-vip-plug'
 AMPHORA_RELOAD_LISTENER = 'amphora-reload-listener'
+AMPHORA_TO_AMPHORAE_VRRP_IP = 'amphora-to-amphorae-vrrp-ip'
 AMPHORA_TO_ERROR_ON_REVERT = 'amphora-to-error-on-revert'
+AMPHORAE_GET_CONNECTIVITY_STATUS = 'amphorae-get-connectivity-status'
 AMPHORAE_POST_NETWORK_PLUG = 'amphorae-post-network-plug'
 ATTACH_PORT = 'attach-port'
 CALCULATE_AMPHORA_DELTA = 'calculate-amphora-delta'
@@ -569,8 +587,10 @@ CREATE_VIP_BASE_PORT = 'create-vip-base-port'
 DELETE_AMPHORA = 'delete-amphora'
 DELETE_PORT = 'delete-port'
 DISABLE_AMP_HEALTH_MONITORING = 'disable-amphora-health-monitoring'
+GET_AMPHORA_FIREWALL_RULES = 'get-amphora-firewall-rules'
 GET_AMPHORA_NETWORK_CONFIGS_BY_ID = 'get-amphora-network-configs-by-id'
 GET_AMPHORAE_FROM_LB = 'get-amphorae-from-lb'
+GET_SUBNET_FROM_VIP = 'get-subnet-from-vip'
 HANDLE_NETWORK_DELTA = 'handle-network-delta'
 MARK_AMPHORA_DELETED = 'mark-amphora-deleted'
 MARK_AMPHORA_PENDING_DELETE = 'mark-amphora-pending-delete'
@@ -580,6 +600,7 @@ RELOAD_LB_AFTER_AMP_ASSOC = 'reload-lb-after-amp-assoc'
 RELOAD_LB_AFTER_AMP_ASSOC_FULL_GRAPH = 'reload-lb-after-amp-assoc-full-graph'
 RELOAD_LB_AFTER_PLUG_VIP = 'reload-lb-after-plug-vip'
 RELOAD_LB_BEFOR_ALLOCATE_VIP = 'reload-lb-before-allocate-vip'
+SET_AMPHORA_FIREWALL_RULES = 'set-amphora-firewall-rules'
 UPDATE_AMP_FAILOVER_DETAILS = 'update-amp-failover-details'
 
 
@@ -896,6 +917,7 @@ VIP_SECURITY_GROUP_PREFIX = 'lb-'
 
 AMP_BASE_PORT_PREFIX = 'octavia-lb-vrrp-'
 OCTAVIA_OWNED = 'octavia_owned'
+OCTAVIA_OWNER = 'Octavia'
 
 # Sadly in the LBaaS v2 API, header insertions are on the listener objects
 # but they should be on the pool. Dealing with it until v3.
@@ -910,6 +932,8 @@ AMPHORA_SUPPORTED_ALPN_PROTOCOLS = [lib_consts.ALPN_PROTOCOL_HTTP_2,
                                     lib_consts.ALPN_PROTOCOL_HTTP_1_1,
                                     lib_consts.ALPN_PROTOCOL_HTTP_1_0]
 
+SRIOV_VIP = 'sriov_vip'
+
 # Amphora interface fields
 IF_TYPE = 'if_type'
 BACKEND = 'backend'
@@ -950,3 +974,13 @@ IFLA_IFNAME = 'IFLA_IFNAME'
 
 # Amphora network directory
 AMP_NET_DIR_TEMPLATE = '/etc/octavia/interfaces/'
+
+# Amphora nftables constants
+NFT_ADD = 'add'
+NFT_CMD = '/usr/sbin/nft'
+NFT_FAMILY = 'inet'
+NFT_VIP_RULES_FILE = '/var/lib/octavia/nftables-vip.rules'
+NFT_VIP_TABLE = 'amphora_vip'
+NFT_VIP_CHAIN = 'amphora_vip_chain'
+NFT_SRIOV_PRIORITY = '-310'
+PROTOCOL = 'protocol'

octavia/common/data_models.py

@@ -557,7 +557,8 @@ class Vip(BaseDataModel):
 
     def __init__(self, load_balancer_id=None, ip_address=None,
                  subnet_id=None, network_id=None, port_id=None,
-                 load_balancer=None, qos_policy_id=None, octavia_owned=None):
+                 load_balancer=None, qos_policy_id=None, octavia_owned=None,
+                 vnic_type=None):
         self.load_balancer_id = load_balancer_id
         self.ip_address = ip_address
         self.subnet_id = subnet_id
@@ -566,6 +567,7 @@ class Vip(BaseDataModel):
         self.load_balancer = load_balancer
         self.qos_policy_id = qos_policy_id
         self.octavia_owned = octavia_owned
+        self.vnic_type = vnic_type
 
 
 class AdditionalVip(BaseDataModel):

octavia/common/exceptions.py

@@ -133,6 +133,12 @@ class UnreadablePKCS12(APIException):
     code = 400
 
 
+class MissingCertSubject(APIException):
+    msg = _('No CN or DNSName(s) found in certificate. The certificate is '
+            'invalid.')
+    code = 400
+
+
 class MisMatchedKey(OctaviaException):
     message = _("Key and x509 certificate do not match")
 
@@ -248,6 +254,11 @@ class ComputePortInUseException(OctaviaException):
     message = _('Compute driver reports port %(port)s is already in use.')
 
 
+class ComputeNoResourcesException(OctaviaException):
+    message = _('The compute service does not have the resources available to '
+                'fulfill the request')
+
+
 class ComputeUnknownException(OctaviaException):
     message = _('Unknown exception from the compute driver: %(exc)s.')
 

octavia/common/jinja/haproxy/combined_listeners/templates/macros.j2

@@ -208,13 +208,18 @@ frontend {{ listener.id }}
         {% else %}
             {% set monitor_port_opt = "" %}
         {% endif %}
+        {% if pool.alpn_protocols is defined %}
+            {% set alpn_opt = " check-alpn %s"|format(pool.alpn_protocols) %}
+        {% else %}
+            {% set alpn_opt = "" %}
+        {% endif %}
         {% if pool.health_monitor.type == constants.HEALTH_MONITOR_HTTPS %}
             {% set monitor_ssl_opt = " check-ssl verify none" %}
         {% else %}
             {% set monitor_ssl_opt = "" %}
         {% endif %}
-        {% set hm_opt = " check%s inter %ds fall %d rise %d%s%s"|format(
-            monitor_ssl_opt, pool.health_monitor.delay,
+        {% set hm_opt = " check%s%s inter %ds fall %d rise %d%s%s"|format(
+            monitor_ssl_opt, alpn_opt, pool.health_monitor.delay,
             pool.health_monitor.fall_threshold,
             pool.health_monitor.rise_threshold, monitor_addr_opt,
             monitor_port_opt) %}
@@ -370,9 +375,6 @@ backend {{ pool.id }}:{{ listener.id }}
     option httpchk {{ pool.health_monitor.http_method }} {{ pool.health_monitor.url_path }}
             {% endif %}
     http-check expect rstatus {{ pool.health_monitor.expected_codes }}
-        {% endif %}
-        {% if pool.health_monitor.type == constants.HEALTH_MONITOR_TLS_HELLO %}
-    option ssl-hello-chk
         {% endif %}
         {% if pool.health_monitor.type == constants.HEALTH_MONITOR_PING %}
     option external-check

octavia/common/keystone.py

@@ -80,14 +80,14 @@ class KeystoneSession(object):
 
                 config = getattr(cfg.CONF, self.section)
                 for opt in config:
-                    # For each option in the [neutron] section, get its setting
-                    # location, if the location is 'opt_default' or
-                    # 'set_default', it means that the option is not configured
-                    # in the config file, it should be replaced with the one
-                    # from [service_auth]
+                    # For each option in the [section] section, get its setting
+                    # location, if the location is 'opt_default', it means that
+                    # the option is not configured in the config file.
+                    # if the option is also defined in [service_auth], the
+                    # option of the [section] can be replaced by the one from
+                    # [service_auth]
                     loc = cfg.CONF.get_location(opt, self.section)
-                    if not loc or loc.location in (cfg.Locations.opt_default,
-                                                   cfg.Locations.set_default):
+                    if not loc or loc.location == cfg.Locations.opt_default:
                         if hasattr(cfg.CONF.service_auth, opt):
                             cur_value = getattr(config, opt)
                             value = getattr(cfg.CONF.service_auth, opt)

octavia/common/tls_utils/cert_parser.py

@@ -132,7 +132,7 @@ def _prepare_x509_cert(cert=None):
 def _split_x509s(xstr):
     """Split the input string into individual x509 text blocks
 
-    :param xstr: A large multi x509 certificate blcok
+    :param xstr: A large multi x509 certificate block
     :returns: A list of strings where each string represents an
     X509 pem block surrounded by BEGIN CERTIFICATE,
     END CERTIFICATE block tags
@@ -164,16 +164,14 @@ def _parse_pkcs7_bundle(pkcs7):
     if PKCS7_BEG in pkcs7:
         try:
             for substrate in _read_pem_blocks(pkcs7):
-                for cert in _get_certs_from_pkcs7_substrate(substrate):
-                    yield cert
+                yield from _get_certs_from_pkcs7_substrate(substrate)
         except Exception as e:
             LOG.exception('Unreadable Certificate.')
             raise exceptions.UnreadableCert from e
 
     # If no PEM encoding, assume this is DER encoded and try to decode
     else:
-        for cert in _get_certs_from_pkcs7_substrate(pkcs7):
-            yield cert
+        yield from _get_certs_from_pkcs7_substrate(pkcs7)
 
 
 def _read_pem_blocks(data):
@@ -256,14 +254,16 @@ def get_host_names(certificate):
     """
     if isinstance(certificate, str):
         certificate = certificate.encode('utf-8')
+    host_names = {'cn': None, 'dns_names': []}
     try:
         cert = x509.load_pem_x509_certificate(certificate,
                                               backends.default_backend())
-        cn = cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME)[0]
-        host_names = {
-            'cn': cn.value.lower(),
-            'dns_names': []
-        }
+        try:
+            cn = cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME)[0]
+            host_names['cn'] = cn.value.lower()
+        except Exception as e:
+            LOG.debug(f'Unable to get CN from certificate due to: {e}. '
+                      f'Assuming subject alternative names are present.')
         try:
             ext = cert.extensions.get_extension_for_oid(
                 x509.OID_SUBJECT_ALTERNATIVE_NAME
@@ -274,7 +274,17 @@ def get_host_names(certificate):
             LOG.debug("%s extension not found",
                       x509.OID_SUBJECT_ALTERNATIVE_NAME)
 
+        # Certs with no subject are valid as long as a subject alternative
+        # name is present. If both are missing, it is an invalid cert per
+        # the x.509 standard.
+        if not host_names['cn'] and not host_names['dns_names']:
+            LOG.warning('No CN or DNSName(s) found in certificate. The '
+                        'certificate is invalid.')
+            raise exceptions.MissingCertSubject()
+
         return host_names
+    except exceptions.MissingCertSubject:
+        raise
     except Exception as e:
         LOG.exception('Unreadable Certificate.')
         raise exceptions.UnreadableCert from e
@@ -359,6 +369,10 @@ def load_certificates_data(cert_mngr, obj, context=None):
                 cert_mngr.get_cert(context,
                                    obj.tls_certificate_id,
                                    check_only=True))
+        except exceptions.MissingCertSubject:
+            # This was logged below, so raise as is to provide a clear
+            # user error
+            raise
         except Exception as e:
             LOG.warning('Unable to retrieve certificate: %s due to %s.',
                         obj.tls_certificate_id, str(e))

octavia/common/utils.py

@@ -191,3 +191,9 @@ class exception_logger(object):
                     self.logger(e)
             return None
         return call
+
+
+def map_protocol_to_nftable_protocol(rule_dict):
+    rule_dict[constants.PROTOCOL] = (
+        constants.L4_PROTOCOL_MAP[rule_dict[constants.PROTOCOL]])
+    return rule_dict

octavia/common/validate.py

@@ -229,7 +229,7 @@ def validate_l7rule_ssl_types(l7rule):
             # log or raise key and value must be specified.
             msg = 'L7rule type {0} needs to specify a key and a value.'.format(
                 rule_type)
-        # log or raise the key must be splited by '-'
+        # log or raise the key must be split by '-'
         elif not dn_regex.match(req_key):
             msg = 'Invalid L7rule distinguished name field.'
 
@@ -246,7 +246,7 @@ def sanitize_l7policy_api_args(l7policy, create=False):
     redirect_pool_id exists in the database, but will raise an
     error if a redirect_url doesn't look like a URL.
 
-    :param l7policy: The L7 Policy dictionary we are santizing / validating
+    :param l7policy: The L7 Policy dictionary we are sanitizing / validating
     """
     if 'action' in l7policy.keys():
         if l7policy['action'] == constants.L7POLICY_ACTION_REJECT:

octavia/compute/drivers/nova_driver.py

@@ -348,15 +348,33 @@ class VirtualMachineManager(compute_base.ComputeBase):
             if 'Port' in str(e):
                 raise exceptions.NotFound(resource='Port', id=port_id)
             raise exceptions.NotFound(resource=str(e), id=compute_id)
+        except nova_exceptions.BadRequest as e:
+            if 'Failed to claim PCI device' in str(e):
+                message = ('Nova failed to claim PCI devices during '
+                           f'interface attach for port {port_id} on '
+                           f'instance {compute_id}')
+                LOG.error(message)
+                raise exceptions.ComputeNoResourcesException(message,
+                                                             exc=str(e))
+            raise
+        except nova_exceptions.ClientException as e:
+            if 'PortBindingFailed' in str(e):
+                message = ('Nova failed to bind the port during '
+                           f'interface attach for port {port_id} on '
+                           f'instance {compute_id}')
+                LOG.error(message)
+                raise exceptions.ComputeNoResourcesException(message,
+                                                             exc=str(e))
+            raise
         except Exception as e:
             LOG.error('Error attaching network %(network_id)s with ip '
-                      '%(ip_address)s and port %(port)s to amphora '
+                      '%(ip_address)s and port %(port_id)s to amphora '
                       '(compute_id: %(compute_id)s) ',
                       {
-                          'compute_id': compute_id,
-                          'network_id': network_id,
-                          'ip_address': ip_address,
-                          'port': port_id
+                          constants.COMPUTE_ID: compute_id,
+                          constants.NETWORK_ID: network_id,
+                          constants.IP_ADDRESS: ip_address,
+                          constants.PORT_ID: port_id
                       })
             raise exceptions.ComputeUnknownException(exc=str(e))
         return interface

octavia/controller/worker/task_utils.py

@@ -14,18 +14,32 @@
 
 """ Methods common to the controller work tasks."""
 
+from oslo_config import cfg
 from oslo_log import log as logging
+from oslo_utils import excutils
+import tenacity
 
 from octavia.common import constants
 from octavia.db import api as db_apis
 from octavia.db import repositories as repo
 
+CONF = cfg.CONF
 LOG = logging.getLogger(__name__)
 
 
 class TaskUtils(object):
     """Class of helper/utility methods used by tasks."""
 
+    status_update_retry = tenacity.retry(
+        retry=tenacity.retry_if_exception_type(Exception),
+        wait=tenacity.wait_incrementing(
+            CONF.controller_worker.db_commit_retry_initial_delay,
+            CONF.controller_worker.db_commit_retry_backoff,
+            CONF.controller_worker.db_commit_retry_max),
+        stop=tenacity.stop_after_attempt(
+            CONF.controller_worker.db_commit_retry_attempts),
+        after=tenacity.after_log(LOG, logging.DEBUG))
+
     def __init__(self, **kwargs):
         self.amphora_repo = repo.AmphoraRepository()
         self.health_mon_repo = repo.HealthMonitorRepository()
@@ -160,6 +174,7 @@ class TaskUtils(object):
                       "provisioning status to ERROR due to: "
                       "%(except)s", {'list': listener_id, 'except': str(e)})
 
+    @status_update_retry
     def mark_loadbalancer_prov_status_error(self, loadbalancer_id):
         """Sets a load balancer provisioning status to ERROR.
 
@@ -175,9 +190,12 @@ class TaskUtils(object):
                     id=loadbalancer_id,
                     provisioning_status=constants.ERROR)
         except Exception as e:
-            LOG.error("Failed to update load balancer %(lb)s "
-                      "provisioning status to ERROR due to: "
-                      "%(except)s", {'lb': loadbalancer_id, 'except': str(e)})
+            # Reraise for tenacity
+            with excutils.save_and_reraise_exception():
+                LOG.error("Failed to update load balancer %(lb)s "
+                          "provisioning status to ERROR due to: "
+                          "%(except)s", {'lb': loadbalancer_id,
+                                         'except': str(e)})
 
     def mark_listener_prov_status_active(self, listener_id):
         """Sets a listener provisioning status to ACTIVE.
@@ -214,6 +232,7 @@ class TaskUtils(object):
                       "to ACTIVE due to: %(except)s", {'pool': pool_id,
                                                        'except': str(e)})
 
+    @status_update_retry
     def mark_loadbalancer_prov_status_active(self, loadbalancer_id):
         """Sets a load balancer provisioning status to ACTIVE.
 
@@ -229,9 +248,12 @@ class TaskUtils(object):
                     id=loadbalancer_id,
                     provisioning_status=constants.ACTIVE)
         except Exception as e:
-            LOG.error("Failed to update load balancer %(lb)s "
-                      "provisioning status to ACTIVE due to: "
-                      "%(except)s", {'lb': loadbalancer_id, 'except': str(e)})
+            # Reraise for tenacity
+            with excutils.save_and_reraise_exception():
+                LOG.error("Failed to update load balancer %(lb)s "
+                          "provisioning status to ACTIVE due to: "
+                          "%(except)s", {'lb': loadbalancer_id,
+                                         'except': str(e)})
 
     def mark_member_prov_status_error(self, member_id):
         """Sets a member provisioning status to ERROR.