From 072bf2c64d5cecc840e03e4dc1618c5d2adfe7e4 Mon Sep 17 00:00:00 2001
From: German Eichberger <German.eichberger@rackspace.com>
Date: Mon, 17 Jul 2017 14:04:51 -0400
Subject: [PATCH] Enable V2 Octavia API (Experimental)
For Pike Octavia gains a way to run independent of Neutron with the
new V2 API. This adds an (experiemntal) switch to enable this which
defaults to False.
Change-Id: I009ea4feb7aecda861701af277122001c9bf4500
---
defaults/main.yml | 25 ++++++++++--------
doc/source/configure-octavia.rst | 26 +++++++++++++++++++
...-V2-(standalone)-API-d644b92ad374f2cf.yaml | 7 +++++
tasks/octavia_service_add.yml | 19 +++++++-------
templates/octavia.conf.j2 | 19 ++++++++++++--
5 files changed, 74 insertions(+), 22 deletions(-)
create mode 100644 releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml
diff --git a/defaults/main.yml b/defaults/main.yml
index 18b26898..5c5c6b66 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -16,6 +16,15 @@
## Verbosity Options
debug: False
+## Octavia stnadalone (v2) experimental
+octavia_v2: false
+
+## Activate Octavia V1 API
+octavia_v1: True
+
+## Allow TLS listener
+octavia_tls_listener_enabled: True
+
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
octavia_package_state: "latest"
@@ -37,9 +46,7 @@ octavia_fatal_deprecations: False
octavia_clients_endpoint: internalURL
-# Workaround for https://bugs.launchpad.net/octavia/+bug/1704468
-# API haproxy needs "/" to return 200 for healthcheck
-octavia_auth_strategy: noauth
+octavia_auth_strategy: keystone
## DB
octavia_galera_user: octavia
@@ -121,11 +128,11 @@ octavia_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(o
octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}"
octavia_service_type: load-balancer
octavia_service_publicuri: "{{ octavia_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_publicurl: "{{ octavia_service_publicuri }}/v1/%(tenant_id)s"
+octavia_service_publicurl_v2: "{{ octavia_service_publicuri }}/"
octavia_service_adminuri: "{{ octavia_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_adminurl: "{{ octavia_service_adminuri }}/v1/%(tenant_id)s"
+octavia_service_adminurl_v2: "{{ octavia_service_adminuri }}"
octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"
+octavia_service_internalurl_v2: "{{ octavia_service_internaluri }}"
octavia_service_in_ldap: false
@@ -154,17 +161,13 @@ octavia_pip_packages:
- cryptography
- keystonemiddleware
- PyMySQL
- - python-ceilometerclient
- - python-cinderclient
- python-glanceclient
- - python-heatclient
- python-keystoneclient
- python-memcached
- python-neutronclient
- python-novaclient
- python-openstackclient
- - python-swiftclient
- - python-troveclient
+ - python-octaviaclient
- octavia
- uwsgi
diff --git a/doc/source/configure-octavia.rst b/doc/source/configure-octavia.rst
index 4653399a..a315d188 100644
--- a/doc/source/configure-octavia.rst
+++ b/doc/source/configure-octavia.rst
@@ -192,6 +192,32 @@ enable access.
/etc/openstack-deploy
+Optional: Enable Octavia V2 API
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Beginning with the Pike release, Octavia can be deployed in a stand-alone
+version thus avoiding the Neutron integration. Currently, the following
+configuration should be added to ``openstack_user_config.yml``:
+
+.. code-block:: yaml
+
+ # Disable Octavia support in Neutron
+ neutron_lbaas_octavia: False
+ # Disable LBaaS V2
+ neutron_lbaasv2: False
+ # Enable Octavia V2 API/standalone
+ octavia_v2: True
+ # Disable Octavia V1 API
+ octavia_v1: False
+
+Please note that in some settings the LBaaS plugin is directly enabled in the
+``neutron_plugin_base`` so adjust this as necessary.
+
+Please be aware that if you enable only the Octavia endpoint, only
+Octavia load balancers can be created because the integration with 3rd party
+load balancer vendors nor with the haproxy namespace driver is available
+in the Pike release.
+
Optional: Tuning Octavia for production use
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml b/releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml
new file mode 100644
index 00000000..a3575513
--- /dev/null
+++ b/releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - Adds a new flag to enable Octavia V2 API (disabled by default) to facilitate to run Octavia
+ stand alone (without Neutron)
+ - Adds a new flag to toggle Octavia V1 API (the API needed to run in conjunction with Neutron)
+ and enables it by default.
+
diff --git a/tasks/octavia_service_add.yml b/tasks/octavia_service_add.yml
index 6eac6924..2eaf16c9 100644
--- a/tasks/octavia_service_add.yml
+++ b/tasks/octavia_service_add.yml
@@ -66,7 +66,8 @@
retries: 5
delay: 10
-# Create an endpoint
+# Create an endpoint (v2 only)
+# V1 uses a direct URL in the neutron conf
- name: Ensure octavia endpoint
keystone:
command: "ensure_endpoint"
@@ -79,14 +80,14 @@
service_type: "{{ octavia_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
-# Versions pre Pike only have an internal endpoint
-# - url: "{{ service_publicurl }}"
-# interface: "public"
- - url: "{{ octavia_service_internalurl }}"
+ - url: "{{ octavia_service_publicurl_v2 }}"
+ interface: "public"
+ - url: "{{ octavia_service_internalurl_v2 }}"
interface: "internal"
-# - url: "{{ service_adminurl }}"
-# interface: "admin"
- register: add_service
- until: add_service|success
+ - url: "{{ octavia_service_adminurl_v2 }}"
+ interface: "admin"
+ register: add_service_v2
+ until: add_service_v2|success
retries: 5
delay: 10
+ when: octavia_v2 | bool
diff --git a/templates/octavia.conf.j2 b/templates/octavia.conf.j2
index a8b203b9..da84fa6c 100644
--- a/templates/octavia.conf.j2
+++ b/templates/octavia.conf.j2
@@ -1,13 +1,16 @@
[DEFAULT]
# Print debugging output (set logging level to DEBUG instead of default WARNING level).
debug = {{ debug }}
+
+{% if not octavia_v2|bool %}
bind_host = 0.0.0.0
bind_port = {{ octavia_service_port }}
# api_handler = queue_producer
#
# How should authentication be handled (keystone, noauth)
-# auth_strategy = noauth
+auth_strategy = {{ octavia_auth_strategy }}
#
+{% endif %}
# Plugin options are hot_plug_plugin (Hot-pluggable controller plugin)
#
# octavia_plugins = hot_plug_plugin
@@ -24,8 +27,20 @@ bind_port = {{ octavia_service_port }}
transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %}
-# for pre Pike
+[api_settings]
+bind_host = 0.0.0.0
+bind_port = {{ octavia_service_port }}
+# api_handler = queue_producer
+#
+# How should authentication be handled (keystone, noauth)
+# Note: remove "noauth" once LP bug is fixed
auth_strategy = {{ octavia_auth_strategy }}
+#
+api_v1_enabled = {{ octavia_v1 }}
+api_v2_enabled = {{ octavia_v2 }}
+# Allow users to create TLS Terminated listeners?
+allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }}
+
# pre Ocata
[oslo_messaging_rabbit]
ssl = {{ octavia_rabbitmq_use_ssl }}