PyPI - octavia - Versions diffs - 14.0.0.0rc1__py3-none-any.whl → 14.0.1__py3-none-any.whl - Mend

octavia 14.0.0.0rc1py3-none-any.whl → 14.0.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

octavia/amphorae/backends/agent/api_server/keepalivedlvs.py CHANGED Viewed

@@ -230,6 +230,15 @@ class KeepalivedLvs(lvs_listener_base.LvsListenerApiServerBase):
                             .format(action, listener_id)),
                 'details': e.output}, status=500)
+        is_vrrp = (CONF.controller_worker.loadbalancer_topology ==
+                   consts.TOPOLOGY_ACTIVE_STANDBY)
+        # TODO(gthiemonge) remove RESTART from the list (same as previous todo
+        # in this function)
+        if not is_vrrp and action in [consts.AMP_ACTION_START,
+                                      consts.AMP_ACTION_RESTART,
+                                      consts.AMP_ACTION_RELOAD]:
+            util.send_vip_advertisements(listener_id=listener_id)
         return webob.Response(
             json={'message': 'OK',
                   'details': 'keepalivedlvs listener {listener_id} '

octavia/amphorae/backends/agent/api_server/osutils.py CHANGED Viewed

@@ -75,11 +75,13 @@ class BaseOS(object):
             is_sriov=is_sriov)
         vip_interface.write()
-    def write_port_interface_file(self, interface, fixed_ips, mtu):
+    def write_port_interface_file(self, interface, fixed_ips, mtu,
+                                  is_sriov=False):
         port_interface = interface_file.PortInterfaceFile(
             name=interface,
             mtu=mtu,
-            fixed_ips=fixed_ips)
+            fixed_ips=fixed_ips,
+            is_sriov=is_sriov)
         port_interface.write()
     @classmethod

octavia/amphorae/backends/agent/api_server/plug.py CHANGED Viewed

@@ -152,7 +152,7 @@ class Plug(object):
                     socket.inet_pton(socket.AF_INET6, ip.get('ip_address'))
     def plug_network(self, mac_address, fixed_ips, mtu=None,
-                     vip_net_info=None):
+                     vip_net_info=None, is_sriov=False):
         try:
             self._check_ip_addresses(fixed_ips=fixed_ips)
         except socket.error:
@@ -189,7 +189,8 @@ class Plug(object):
                     vips=rendered_vips,
                     mtu=mtu,
                     vrrp_info=vrrp_info,
-                    fixed_ips=fixed_ips)
+                    fixed_ips=fixed_ips,
+                    is_sriov=is_sriov)
                 self._osutils.bring_interface_up(existing_interface, 'vip')
             # Otherwise, we are just plugging a run-of-the-mill network
             else:
@@ -197,7 +198,7 @@ class Plug(object):
                 self._osutils.write_port_interface_file(
                     interface=existing_interface,
                     fixed_ips=fixed_ips,
-                    mtu=mtu)
+                    mtu=mtu, is_sriov=is_sriov)
                 self._osutils.bring_interface_up(existing_interface, 'network')
             util.send_member_advertisements(fixed_ips)
@@ -222,7 +223,7 @@ class Plug(object):
         self._osutils.write_port_interface_file(
             interface=netns_interface,
             fixed_ips=fixed_ips,
-            mtu=mtu)
+            mtu=mtu, is_sriov=is_sriov)
         # Update the list of interfaces to add to the namespace
         self._update_plugged_interfaces_file(netns_interface, mac_address)

octavia/amphorae/backends/agent/api_server/server.py CHANGED Viewed

@@ -223,7 +223,8 @@ class Server(object):
         return self._plug.plug_network(port_info['mac_address'],
                                        port_info.get('fixed_ips'),
                                        port_info.get('mtu'),
-                                       port_info.get('vip_net_info'))
+                                       port_info.get('vip_net_info'),
+                                       port_info.get('is_sriov'))
     def upload_cert(self):
         return certificate_update.upload_server_cert()
@@ -278,7 +279,7 @@ class Server(object):
             raise exceptions.BadRequest(
                 description='Invalid rules information') from e
-        nftable_utils.write_nftable_vip_rules_file(interface, rules_info)
+        nftable_utils.write_nftable_rules_file(interface, rules_info)
         nftable_utils.load_nftables_file()

octavia/amphorae/backends/agent/api_server/util.py CHANGED Viewed

@@ -392,7 +392,37 @@ def get_haproxy_vip_addresses(lb_id):
     return vips
-def send_vip_advertisements(lb_id):
+def get_lvs_vip_addresses(listener_id: str) -> tp.List[str]:
+    """Get the VIP addresses for a LVS load balancer.
+    :param listener_id: The listener ID to get VIP addresses from.
+    :returns: List of VIP addresses (IPv4 and IPv6)
+    """
+    vips = []
+    # Extract the VIP addresses from keepalived configuration
+    # Format is
+    # virtual_server_group ipv<n>-group {
+    #     vip_address1 port1
+    #     vip_address2 port2
+    # }
+    # it can be repeated in case of dual-stack LBs
+    with open(keepalived_lvs_cfg_path(listener_id), encoding='utf-8') as file:
+        vsg_section = False
+        for line in file:
+            current_line = line.strip()
+            if vsg_section:
+                if current_line.startswith('}'):
+                    vsg_section = False
+                else:
+                    vip_address = current_line.split(' ')[0]
+                    vips.append(vip_address)
+            elif line.startswith('virtual_server_group '):
+                vsg_section = True
+    return vips
+def send_vip_advertisements(lb_id: tp.Optional[str] = None,
+                            listener_id: tp.Optional[str] = None):
     """Sends address advertisements for each load balancer VIP.
     This method will send either GARP (IPv4) or neighbor advertisements (IPv6)
@@ -402,7 +432,10 @@ def send_vip_advertisements(lb_id):
     :returns: None
     """
     try:
-        vips = get_haproxy_vip_addresses(lb_id)
+        if lb_id:
+            vips = get_haproxy_vip_addresses(lb_id)
+        else:
+            vips = get_lvs_vip_addresses(listener_id)
         for vip in vips:
             interface = network_utils.get_interface_name(

octavia/amphorae/backends/utils/interface.py CHANGED Viewed

@@ -176,47 +176,12 @@ class InterfaceController(object):
         ip_network = ipaddress.ip_network(address, strict=False)
         return ip_network.compressed
-    def _setup_nftables_chain(self, interface):
-        # TODO(johnsom) Move this to pyroute2 when the nftables library
-        #               improves.
-        # Create the nftable
-        cmd = [consts.NFT_CMD, consts.NFT_ADD, 'table', consts.NFT_FAMILY,
-               consts.NFT_VIP_TABLE]
-        try:
-            subprocess.check_output(cmd, stderr=subprocess.STDOUT)
-        except Exception as e:
-            if hasattr(e, 'output'):
-                LOG.error(e.output)
-            else:
-                LOG.error(e)
-            raise
-        # Create the chain with -310 priority to put it in front of the
-        # lvs-masquerade configured chain
-        cmd = [consts.NFT_CMD, consts.NFT_ADD, 'chain', consts.NFT_FAMILY,
-               consts.NFT_VIP_TABLE, consts.NFT_VIP_CHAIN,
-               '{', 'type', 'filter', 'hook', 'ingress', 'device',
-               interface.name, 'priority', consts.NFT_SRIOV_PRIORITY, ';',
-               'policy', 'drop', ';', '}']
-        try:
-            subprocess.check_output(cmd, stderr=subprocess.STDOUT)
-        except Exception as e:
-            if hasattr(e, 'output'):
-                LOG.error(e.output)
-            else:
-                LOG.error(e)
-            raise
-        nftable_utils.write_nftable_vip_rules_file(interface.name, [])
-        nftable_utils.load_nftables_file()
     def up(self, interface):
         LOG.info("Setting interface %s up", interface.name)
         if interface.is_sriov:
-            self._setup_nftables_chain(interface)
+            nftable_utils.write_nftable_rules_file(interface.name, [])
+            nftable_utils.load_nftables_file()
         with pyroute2.IPRoute() as ipr:
             idx = ipr.link_lookup(ifname=interface.name)[0]

octavia/amphorae/backends/utils/interface_file.py CHANGED Viewed

@@ -227,22 +227,28 @@ class VIPInterfaceFile(InterfaceFile):
                 fixed_ip.get('host_routes', []))
             self.routes.extend(host_routes)
+        if is_sriov:
+            sriov_param = ' sriov'
+        else:
+            sriov_param = ''
         for ip_v in ip_versions:
             self.scripts[consts.IFACE_UP].append({
                 consts.COMMAND: (
-                    "/usr/local/bin/lvs-masquerade.sh add {} {}".format(
-                        'ipv6' if ip_v == 6 else 'ipv4', name))
+                    "/usr/local/bin/lvs-masquerade.sh add {} {}{}".format(
+                        'ipv6' if ip_v == 6 else 'ipv4', name, sriov_param))
             })
             self.scripts[consts.IFACE_DOWN].append({
                 consts.COMMAND: (
-                    "/usr/local/bin/lvs-masquerade.sh delete {} {}".format(
-                        'ipv6' if ip_v == 6 else 'ipv4', name))
+                    "/usr/local/bin/lvs-masquerade.sh delete {} {}{}".format(
+                        'ipv6' if ip_v == 6 else 'ipv4', name, sriov_param))
             })
 class PortInterfaceFile(InterfaceFile):
-    def __init__(self, name, mtu, fixed_ips):
-        super().__init__(name, if_type=consts.BACKEND, mtu=mtu)
+    def __init__(self, name, mtu, fixed_ips, is_sriov=False):
+        super().__init__(name, if_type=consts.BACKEND, mtu=mtu,
+                         is_sriov=is_sriov)
         if fixed_ips:
             ip_versions = set()
@@ -271,14 +277,21 @@ class PortInterfaceFile(InterfaceFile):
                 consts.IPV6AUTO: True
             })
+        if is_sriov:
+            sriov_param = ' sriov'
+        else:
+            sriov_param = ''
         for ip_version in ip_versions:
             self.scripts[consts.IFACE_UP].append({
                 consts.COMMAND: (
-                    "/usr/local/bin/lvs-masquerade.sh add {} {}".format(
-                        'ipv6' if ip_version == 6 else 'ipv4', name))
+                    "/usr/local/bin/lvs-masquerade.sh add {} {}{}".format(
+                        'ipv6' if ip_version == 6 else 'ipv4', name,
+                        sriov_param))
             })
             self.scripts[consts.IFACE_DOWN].append({
                 consts.COMMAND: (
-                    "/usr/local/bin/lvs-masquerade.sh delete {} {}".format(
-                        'ipv6' if ip_version == 6 else 'ipv4', name))
+                    "/usr/local/bin/lvs-masquerade.sh delete {} {}{}".format(
+                        'ipv6' if ip_version == 6 else 'ipv4', name,
+                        sriov_param))
             })

octavia/amphorae/backends/utils/nftable_utils.py CHANGED Viewed

@@ -26,16 +26,26 @@ from octavia.common import utils
 LOG = logging.getLogger(__name__)
-def write_nftable_vip_rules_file(interface_name, rules):
+def write_nftable_rules_file(interface_name, rules):
     flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC
     # mode 00600
     mode = stat.S_IRUSR | stat.S_IWUSR
     # Create some strings shared on both code paths
-    table_string = f'table {consts.NFT_FAMILY} {consts.NFT_VIP_TABLE} {{\n'
-    chain_string = f'  chain {consts.NFT_VIP_CHAIN} {{\n'
-    hook_string = (f'    type filter hook ingress device {interface_name} '
-                   f'priority {consts.NFT_SRIOV_PRIORITY}; policy drop;\n')
+    table_string = f'table {consts.NFT_FAMILY} {consts.NFT_TABLE} {{\n'
+    chain_string = f'  chain {consts.NFT_CHAIN} {{\n'
+    vip_chain_string = f'  chain {consts.NFT_VIP_CHAIN} {{\n'
+    hook_string = ('    type filter hook input priority filter; '
+                   'policy drop;\n')
+    # Conntrack is used to allow flow return traffic
+    conntrack_string = ('      ct state vmap { established : accept, '
+                        'related : accept, invalid : drop }\n')
+    # Allow loopback traffic on the loopback interface, no where else
+    loopback_string = '      iif lo accept\n'
+    loopback_addr_string = '      ip saddr 127.0.0.0/8 drop\n'
+    loopback_ipv6_addr_string = '      ip6 saddr ::1 drop\n'
     # Allow ICMP destination unreachable for PMTUD
     icmp_string = '      icmp type destination-unreachable accept\n'
@@ -47,38 +57,50 @@ def write_nftable_vip_rules_file(interface_name, rules):
     dhcp_string = '      udp sport 67 udp dport 68 accept\n'
     dhcpv6_string = '      udp sport 547 udp dport 546 accept\n'
+    # If the packet came in on the VIP interface, goto the VIP rules chain
+    vip_interface_goto_string = (
+        f'      iifname {consts.NETNS_PRIMARY_INTERFACE} '
+        f'goto {consts.NFT_VIP_CHAIN}\n')
     # Check if an existing rules file exists or we be need to create an
     # "drop all" file with no rules except for VRRP. If it exists, we should
     # not overwrite it here as it could be a reboot unless we were passed new
     # rules.
-    if os.path.isfile(consts.NFT_VIP_RULES_FILE):
+    if os.path.isfile(consts.NFT_RULES_FILE):
         if not rules:
             return
         with os.fdopen(
-                os.open(consts.NFT_VIP_RULES_FILE, flags, mode), 'w') as file:
+                os.open(consts.NFT_RULES_FILE, flags, mode), 'w') as file:
             # Clear the existing rules in the kernel
             # Note: The "nft -f" method is atomic, so clearing the rules will
             #       not leave the amphora exposed.
             # Create and delete the table to not get errors if the table does
             # not exist yet.
-            file.write(f'table {consts.NFT_FAMILY} {consts.NFT_VIP_TABLE} '
+            file.write(f'table {consts.NFT_FAMILY} {consts.NFT_TABLE} '
                        '{}\n')
             file.write(f'delete table {consts.NFT_FAMILY} '
-                       f'{consts.NFT_VIP_TABLE}\n')
+                       f'{consts.NFT_TABLE}\n')
             file.write(table_string)
             file.write(chain_string)
             file.write(hook_string)
+            file.write(conntrack_string)
+            file.write(loopback_string)
+            file.write(loopback_addr_string)
+            file.write(loopback_ipv6_addr_string)
             file.write(icmp_string)
             file.write(icmpv6_string)
             file.write(dhcp_string)
             file.write(dhcpv6_string)
+            file.write(vip_interface_goto_string)
+            file.write('  }\n')  # close the chain
+            file.write(vip_chain_string)
             for rule in rules:
                 file.write(f'      {_build_rule_cmd(rule)}\n')
             file.write('  }\n')  # close the chain
             file.write('}\n')  # close the table
     else:  # No existing rules, create the "drop all" base rules
         with os.fdopen(
-                os.open(consts.NFT_VIP_RULES_FILE, flags, mode), 'w') as file:
+                os.open(consts.NFT_RULES_FILE, flags, mode), 'w') as file:
             file.write(table_string)
             file.write(chain_string)
             file.write(hook_string)
@@ -113,7 +135,7 @@ def _build_rule_cmd(rule):
 def load_nftables_file():
-    cmd = [consts.NFT_CMD, '-o', '-f', consts.NFT_VIP_RULES_FILE]
+    cmd = [consts.NFT_CMD, '-o', '-f', consts.NFT_RULES_FILE]
     try:
         with network_namespace.NetworkNamespace(consts.AMPHORA_NAMESPACE):
             subprocess.check_output(cmd, stderr=subprocess.STDOUT)

octavia/amphorae/drivers/keepalived/jinja/jinja_cfg.py CHANGED Viewed

@@ -123,7 +123,6 @@ class KeepalivedJinjaTemplater(object):
                 peers_ips.append(amp.vrrp_ip)
         return self.get_template(self.keepalived_template).render(
             {'vrrp_group_name': loadbalancer.vrrp_group.vrrp_group_name,
-             'amp_role': amphora.role,
              'amp_intf': amphora.vrrp_interface,
              'amp_vrrp_id': amphora.vrrp_id,
              'amp_priority': amphora.vrrp_priority,

octavia/amphorae/drivers/keepalived/jinja/templates/keepalived_base.template CHANGED Viewed

@@ -21,7 +21,6 @@ vrrp_script check_script {
 }
 vrrp_instance {{ vrrp_group_name }} {
-    state {{ amp_role }}
     interface {{ amp_intf }}
     virtual_router_id {{ amp_vrrp_id }}
     priority {{ amp_priority }}

octavia/api/common/pagination.py CHANGED Viewed

@@ -169,7 +169,7 @@ class PaginationHelper(object):
             # TODO(rm_work) Do we need to know when there are more vs exact?
             # We safely know if we have a full page, but it might include the
             # last element or it might not, it is unclear
-            if len(model_list) >= self.limit:
+            if self.limit is None or len(model_list) >= self.limit:
                 next_attr.append("marker={}".format(model_list[-1].get('id')))
                 next_link = {
                     "rel": "next",

octavia/api/v2/controllers/health_monitor.py CHANGED Viewed

@@ -188,7 +188,9 @@ class HealthMonitorController(base.BaseController):
             request.type == consts.HEALTH_MONITOR_UDP_CONNECT)
         conf_min_delay = (
             CONF.api_settings.udp_connect_min_interval_health_monitor)
-        if hm_is_type_udp and request.delay < conf_min_delay:
+        if (hm_is_type_udp and
+                not isinstance(request.delay, wtypes.UnsetType) and
+                request.delay < conf_min_delay):
             raise exceptions.ValidationException(detail=_(
                 "The request delay value %(delay)s should be larger than "
                 "%(conf_min_delay)s for %(type)s health monitor type.") % {

octavia/api/v2/controllers/load_balancer.py CHANGED Viewed

@@ -558,6 +558,13 @@ class LoadBalancersController(base.BaseController):
                     subnet_id=add_vip.subnet_id)
             if listeners or pools:
+                # expire_all is required here, it ensures that the loadbalancer
+                # will be re-fetched with its associated vip in _graph_create.
+                # without expire_all the vip attributes that have been updated
+                # just before this call may not be set correctly in the
+                # loadbalancer object.
+                lock_session.expire_all()
                 db_pools, db_lists = self._graph_create(
                     lock_session, db_lb, listeners, pools)

octavia/api/v2/controllers/member.py CHANGED Viewed

@@ -31,6 +31,7 @@ from octavia.common import data_models
 from octavia.common import exceptions
 from octavia.common import validate
 from octavia.db import prepare as db_prepare
+from octavia.i18n import _
 LOG = logging.getLogger(__name__)
@@ -365,12 +366,21 @@ class MembersController(MemberController):
             # Find members that are brand new or updated
             new_members = []
             updated_members = []
+            updated_member_uniques = set()
             for m in members:
-                if (m.address, m.protocol_port) not in old_member_uniques:
+                key = (m.address, m.protocol_port)
+                if key not in old_member_uniques:
                     validate.ip_not_reserved(m.address)
                     new_members.append(m)
                 else:
-                    m.id = old_member_uniques[(m.address, m.protocol_port)]
+                    m.id = old_member_uniques[key]
+                    if key in updated_member_uniques:
+                        LOG.error("Member %s is updated multiple times in "
+                                  "the same batch request.", m.id)
+                        raise exceptions.ValidationException(
+                            detail=_("Member must be updated only once in the "
+                                     "same request."))
+                    updated_member_uniques.add(key)
                     updated_members.append(m)
             # Find members that are deleted

octavia/common/clients.py CHANGED Viewed

@@ -111,6 +111,7 @@ class NeutronAuth(object):
         client.
         """
         sess = keystone.KeystoneSession('neutron').get_session()
+        kwargs = {}
         neutron_endpoint = CONF.neutron.endpoint_override
         if neutron_endpoint is None:
             endpoint_data = sess.get_endpoint_data(
@@ -119,8 +120,13 @@ class NeutronAuth(object):
                 region_name=CONF.neutron.region_name)
             neutron_endpoint = endpoint_data.catalog_url
+        neutron_cafile = getattr(CONF.neutron, "cafile", None)
+        insecure = getattr(CONF.neutron, "insecure", False)
+        kwargs['verify'] = not insecure
+        if neutron_cafile is not None and not insecure:
+            kwargs['verify'] = neutron_cafile
         user_auth = token_endpoint.Token(neutron_endpoint, context.auth_token)
-        user_sess = session.Session(auth=user_auth)
+        user_sess = session.Session(auth=user_auth, **kwargs)
         conn = openstack.connection.Connection(
             session=user_sess, oslo_conf=CONF)

octavia/common/constants.py CHANGED Viewed

@@ -979,8 +979,8 @@ AMP_NET_DIR_TEMPLATE = '/etc/octavia/interfaces/'
 NFT_ADD = 'add'
 NFT_CMD = '/usr/sbin/nft'
 NFT_FAMILY = 'inet'
-NFT_VIP_RULES_FILE = '/var/lib/octavia/nftables-vip.rules'
-NFT_VIP_TABLE = 'amphora_vip'
+NFT_RULES_FILE = '/var/lib/octavia/nftables-vip.rules'
+NFT_TABLE = 'amphora_table'
+NFT_CHAIN = 'amphora_chain'
 NFT_VIP_CHAIN = 'amphora_vip_chain'
-NFT_SRIOV_PRIORITY = '-310'
 PROTOCOL = 'protocol'

octavia/controller/worker/v2/controller_worker.py CHANGED Viewed

@@ -431,8 +431,8 @@ class ControllerWorker(object):
                  constants.SERVER_GROUP_ID: db_lb.server_group_id,
                  constants.PROJECT_ID: db_lb.project_id}
         if cascade:
-            listeners = flow_utils.get_listeners_on_lb(db_lb)
-            pools = flow_utils.get_pools_on_lb(db_lb)
+            listeners = flow_utils.get_listeners_on_lb(db_lb, True)
+            pools = flow_utils.get_pools_on_lb(db_lb, True)
             self.run_flow(
                 flow_utils.get_cascade_delete_load_balancer_flow,

octavia/controller/worker/v2/flows/amphora_flows.py CHANGED Viewed

@@ -404,7 +404,7 @@ class AmphoraFlows(object):
     def get_amphora_for_lb_failover_subflow(
             self, prefix, role=constants.ROLE_STANDALONE,
             failed_amp_vrrp_port_id=None, is_vrrp_ipv6=False,
-            flavor_dict=None):
+            flavor_dict=None, timeout_dict=None):
         """Creates a new amphora that will be used in a failover flow.
         :requires: loadbalancer_id, flavor, vip, vip_sg_id, loadbalancer
@@ -488,13 +488,24 @@ class AmphoraFlows(object):
                 rebind={constants.AMPHORAE: constants.NEW_AMPHORAE},
                 provides=constants.AMPHORA_FIREWALL_RULES,
                 inject={constants.AMPHORA_INDEX: 0}))
+            amp_for_failover_flow.add(
+                amphora_driver_tasks.AmphoraeGetConnectivityStatus(
+                    name=(prefix + '-' +
+                          constants.AMPHORAE_GET_CONNECTIVITY_STATUS),
+                    requires=constants.AMPHORAE,
+                    rebind={constants.AMPHORAE: constants.NEW_AMPHORAE},
+                    inject={constants.TIMEOUT_DICT: timeout_dict,
+                            constants.NEW_AMPHORA_ID: constants.NIL_UUID},
+                    provides=constants.AMPHORAE_STATUS))
             amp_for_failover_flow.add(
                 amphora_driver_tasks.SetAmphoraFirewallRules(
                     name=prefix + '-' + constants.SET_AMPHORA_FIREWALL_RULES,
                     requires=(constants.AMPHORAE,
-                              constants.AMPHORA_FIREWALL_RULES),
+                              constants.AMPHORA_FIREWALL_RULES,
+                              constants.AMPHORAE_STATUS),
                     rebind={constants.AMPHORAE: constants.NEW_AMPHORAE},
-                    inject={constants.AMPHORA_INDEX: 0}))
+                    inject={constants.AMPHORA_INDEX: 0,
+                            constants.TIMEOUT_DICT: timeout_dict}))
         # Plug member ports
         amp_for_failover_flow.add(network_tasks.CalculateAmphoraDelta(

octavia/controller/worker/v2/flows/flow_utils.py CHANGED Viewed

@@ -41,29 +41,31 @@ def get_delete_load_balancer_flow(lb):
     return LB_FLOWS.get_delete_load_balancer_flow(lb)
-def get_listeners_on_lb(db_lb):
+def get_listeners_on_lb(db_lb, for_delete=False):
     """Get a list of the listeners on a load balancer.
     :param db_lb: A load balancer database model object.
+    :param for_delete: Skip errors on tls certs loading.
     :returns: A list of provider dict format listeners.
     """
     listener_dicts = []
     for listener in db_lb.listeners:
         prov_listener = provider_utils.db_listener_to_provider_listener(
-            listener)
+            listener, for_delete)
         listener_dicts.append(prov_listener.to_dict())
     return listener_dicts
-def get_pools_on_lb(db_lb):
+def get_pools_on_lb(db_lb, for_delete=False):
     """Get a list of the pools on a load balancer.
     :param db_lb: A load balancer database model object.
+    :param for_delete: Skip errors on tls certs loading.
     :returns: A list of provider dict format pools.
     """
     pool_dicts = []
     for pool in db_lb.pools:
-        prov_pool = provider_utils.db_pool_to_provider_pool(pool)
+        prov_pool = provider_utils.db_pool_to_provider_pool(pool, for_delete)
         pool_dicts.append(prov_pool.to_dict())
     return pool_dicts

octavia/controller/worker/v2/flows/listener_flows.py CHANGED Viewed

@@ -161,7 +161,7 @@ class ListenerFlows(object):
         return update_listener_flow
-    def _get_firewall_rules_subflow(self, flavor_dict):
+    def _get_firewall_rules_subflow(self, flavor_dict, timeout_dict=None):
         """Creates a subflow that updates the firewall rules in the amphorae.
         :returns: The subflow for updating firewall rules in the amphorae.
@@ -174,6 +174,14 @@ class ListenerFlows(object):
             requires=constants.LOADBALANCER_ID,
             provides=constants.AMPHORAE))
+        fw_rules_subflow.add(
+            amphora_driver_tasks.AmphoraeGetConnectivityStatus(
+                name=constants.AMPHORAE_GET_CONNECTIVITY_STATUS,
+                requires=constants.AMPHORAE,
+                inject={constants.TIMEOUT_DICT: timeout_dict,
+                        constants.NEW_AMPHORA_ID: constants.NIL_UUID},
+                provides=constants.AMPHORAE_STATUS))
         fw_rules_subflow.add(network_tasks.GetAmphoraeNetworkConfigs(
             name=sf_name + '-' + constants.GET_AMP_NETWORK_CONFIG,
             requires=constants.LOADBALANCER_ID,
@@ -192,8 +200,10 @@ class ListenerFlows(object):
         amp_0_subflow.add(amphora_driver_tasks.SetAmphoraFirewallRules(
             name=sf_name + '-0-' + constants.SET_AMPHORA_FIREWALL_RULES,
-            requires=(constants.AMPHORAE, constants.AMPHORA_FIREWALL_RULES),
-            inject={constants.AMPHORA_INDEX: 0}))
+            requires=(constants.AMPHORAE, constants.AMPHORA_FIREWALL_RULES,
+                      constants.AMPHORAE_STATUS),
+            inject={constants.AMPHORA_INDEX: 0,
+                    constants.TIMEOUT_DICT: timeout_dict}))
         update_amps_subflow.add(amp_0_subflow)
@@ -212,8 +222,10 @@ class ListenerFlows(object):
             amp_1_subflow.add(amphora_driver_tasks.SetAmphoraFirewallRules(
                 name=sf_name + '-1-' + constants.SET_AMPHORA_FIREWALL_RULES,
                 requires=(constants.AMPHORAE,
-                          constants.AMPHORA_FIREWALL_RULES),
-                inject={constants.AMPHORA_INDEX: 1}))
+                          constants.AMPHORA_FIREWALL_RULES,
+                          constants.AMPHORAE_STATUS),
+                inject={constants.AMPHORA_INDEX: 1,
+                        constants.TIMEOUT_DICT: timeout_dict}))
             update_amps_subflow.add(amp_1_subflow)

octavia/controller/worker/v2/tasks/database_tasks.py CHANGED Viewed

@@ -132,13 +132,17 @@ class CreateAmphoraInDB(BaseDatabaseTask):
         LOG.warning("Reverting create amphora in DB for amp id %s ", result)
         # Delete the amphora for now. May want to just update status later
-        try:
-            with db_apis.session().begin() as session:
+        with db_apis.session().begin() as session:
+            try:
                 self.amphora_repo.delete(session, id=result)
-        except Exception as e:
-            LOG.error("Failed to delete amphora %(amp)s "
-                      "in the database due to: "
-                      "%(except)s", {'amp': result, 'except': str(e)})
+            except Exception as e:
+                LOG.error("Failed to delete amphora %(amp)s "
+                          "in the database due to: "
+                          "%(except)s", {'amp': result, 'except': str(e)})
+            try:
+                self.amp_health_repo.delete(session, amphora_id=result)
+            except Exception:
+                pass
 class MarkLBAmphoraeDeletedInDB(BaseDatabaseTask):

octavia 14.0.0.0rc1__py3-none-any.whl → 14.0.1__py3-none-any.whl

octavia 14.0.0.0rc1py3-none-any.whl → 14.0.1py3-none-any.whl