Bug Fixes¶

• Fix an issue that prevents the Octavia API service to be correctlyinitialized when it fails to load a provider driver. It will nowfail gracefully and remove the driver from the enabled list.

Upgrade Notes¶

• UDP load balancers will require a failover to fix the UDP rebalance issueonce the control plane is updated.

Bug Fixes¶

• Fixed an issue where UDP listeners may not rebalance failed member serversin a timely fashion. It may have been up to five minutes for a failedmember server to be removed from existing flows.

• Reduce the value of tune.ssl.cachesize for HTTPS termination listeners toprevent OOM during haproxy reload (LP: #2119987).

• Fixed a bug when using a L7Rule with FILE_TYPE and EQUAL_TO comparison,it never matched due to an issue with the generated HAProxy configuration.

• Fixed missingport_id element when getting theadditional_vipsparameter of a load balancer.

• Fix a potential race condition during the cascade deletion of loadbalancers. When deleting a load balancer with multiple listeners, thesecurity groups of the VIP port may have been updated many timesconcurrently, creating a race condition.

Bug Fixes¶

• Ignore serialization loadbalancer class in GetAmphoraNetworkConfigs tasks.It allows to avoid storing full graph in jobboard details. It fixes caseswith enabled jobboard for huge LBs with ~2000+ resources in graph.

Other Notes¶

• Added a “octavia-wsgi” script for backward compatibility now that pbr’swsgi_scripts no longer functions with the latest setuptools.

Bug Fixes¶

• Fixed an issue updating listeners when using SR-IOV VIP ports.

• Fixed a bug in the VIP SR-IOV implementation that would cause load balancermemebers that use the SR-IOV VIP interface to not receive traffic.

• Fixed error on update UDP Health Monitor with empty “delay” parameter

• Fixed an issue when failing over load balancers using SR-IOV VIP ports.

• Fixed an issue when a failover reverts, a neutron port may get abandoned.The issue was logged with “Failed to delete port”,“Resources may still be in use for a port intended for amphora”, and“Search for a port named octavia-lb-vrrp-<uuid>”.

• Fix the issue, when “limit” parameter in request less or equal 0.Now it returns resources according pagination_max_limit as expected,instead of error.

• Remove record in amphora_health table on revert. It’s necessary, becauserecord in amphora table for corresponding amphora also deleted.It allows to avoid false positive react of failover threshold due toorphan records in amphora_health table.

• Fixed potential AttributeError during listener update when security grouprule had no protocol defined (ie. it was null).

• Added a validation step in the batch member API request that checks if amember is included multiple times in the list of updated members, thisadditional check prevents the load balancer from being stuck inPENDING_UPDATE. Duplicate members in the batch member flow triggered anexception in Taskflow.The API now returns 400 (ValidationException) if a member is alreadypresent in the body of the request.

• Fixed an issue when filtering resources with a boolean attribute in the GETcalls in the Octavia API.

• Fixed a bug when creating a load balancer and a listener withallowed_cidrs with the fully-populated load balancer API, the call wasrejected because Octavia could not validate that the IP addresses of theallowed_cidrs have the same family as the VIP address.

• Fixed an issue with SINGLE topology load balancer with UDP listeners, theAmphora now sends a Gratuitous ARP packet when a UDP pool is added, itmakes the VIP address more quickly reachable after a failover or whenreusing a previously allocated IP address.

• Fix load balancer stuck in PENDING_DELETE if TLS storage unavailable orreturns error

• Fix verification of certificates signed by a private CA when using Neutronendpoints.

• Fix error on revert PlugVIPAmphora task, when db_lb is not definedand get_subnet raises NotFound error. It could happen when Amphoracreation failed by timeout and before it VIP network was removed.As result revert failed with exception.

• Fixed a bug with thenopreempt option in keepalived. The option didn’twork properly because the default role of theMASTER amphora was set.Removing the default roles from the configuration files fixed that issue.Now after a failover, the newly created amphora doesn’t preempt theMASTER role from the other amphora.

New Features¶

• Octavia Amphora based load balancers now support using SR-IOV virtualfunctions (VF) on the VIP port(s) of the load balancer. This is enabledby using an Octavia Flavor that includes the ‘sriov_vip’: True setting.

• Added support for Rocky Linux controllers in devstack.

• Added support for Rocky Linux amphora images. To enable it, users have tobuild their amphora images with theOCTAVIA_AMP_BASE_OS=rocky andOCTAVIA_AMP_DISTRIBUTION_RELEASE_ID=9 parameters.

• The new[task_flow]jobboard_backend_username option has been added, tosupport Redis ACL feature.

• Previously, redis jobboard driver used only the first host in[task_flow]jobboard_backend_hosts when connecting to Redis Sentinel.Now the driver attempts the other hosts as fallbacks.

• Now the[database]connection_recycle_time option is also used byconnections in MySQL persistence driver.

Upgrade Notes¶

• You must update the amphora image to support the SR-IOV VIP feature.

• Octavia now uses the oslo middleware sizelimit module. It allows to limitthe size of the incoming requests in the API. Admins may need to ajust the[oslo_middleware].max_request_body_size setting to their needs. Thedefault value formax_request_body_size is 114688 bytes.

• The diskimage-builder elements for amphora image no longer supports UbuntuFocal.

Bug Fixes¶

• Fixed an issue when using certificates with a blank subject or missing CN.

• Fixed wrong endpoint information in neutron client configuration.

• Fixed a bug that prevented the amphora from being updated by the AmphoraConfigure API call, the API call was succesfull but the internal flow forupdating it failed.

• Fixed a potential issue when deleting a load balancer with an amphora thatwas not fully created, the deletion may have failed when deallocating theVIP port, leaving the load balancer in ERROR state.

• Bug fix: The response body of the LB API, when creating a new loadbalancer, now correctly includes information about the health monitor.Previously, this information was consistently null, despite configuringa health monitor.

• Fixed a bug with HTTP/HTTPS health-monitors on pools with ALPN protocols inthe amphora-driver. The healthchecks sent by haproxy were flagged as badrequests by the backend servers. Updated haproxy configuration to use ALPNfor the heathchecks too.

• Fixed an issue with load balancers stuck in aPENDING_* state duringdatabase outages. Now when a task fails in Octavia, it retries to updatetheprovisioning_status of the load balancer until the database is back(or it gives up after a really long timeout - around 2h45)

• Fixed an issue when using UDP listeners in dual-stack (IPv4 and IPv6) loadbalancers, some masquerade rules needed by UDP were not correctly set on themember interfaces.

• Fixed a bug when the deprecated settings (endpoint,endpoint_type,ca_certificates_file) are used in the[neutron] section of theconfiguration file. The connection to the neutron service may have usedsome settings from the[service_auth] section or used undefinedsettings.

• Fixed a race condition in the members batch update API call, the datapassed to the Octavia worker service may have been incorrect when quicklysending successive API calls. Then the load balancer was stuck inPENDING_UPDATE provisioning_status.

• Fixed a too long timeout when attempting to start the VRRP service in anunreachable amphora during a failover. A specific shorter timeout should beused during the failovers.

• Fixed TLS-HELLO health-monitors in the amphora-driver.

• Reduce the duration of the failovers of ACTIVE_STANDBY load balancers. Manyupdates of an unreachable amphora may have been attempted during afailover, now if an amphora is not reachable at the first update, the otherupdates are skipped.

• Reduce the duration of the failovers of ACTIVE_STANDBY load balancers whenboth amphorae are unreachable.

Other Notes¶

• Amphora images will now be built with nftables by default.

• Add fake Amphora stats for when Octavia runs in noop mode / usingnoop drivers.

• Noop certificate manager was added. Now any Octavia certificate operations using noop drivers will be faster (as they won’t be validated).