Enable V2 Octavia API (Experimental)

For Pike Octavia gains a way to run independent of Neutron with the
new V2 API. This adds an (experiemntal) switch to enable this which
defaults to False.

Change-Id: I009ea4feb7aecda861701af277122001c9bf4500

defaults/main.yml

@@ -16,6 +16,15 @@
 ## Verbosity Options
 debug: False
 
+## Octavia stnadalone (v2) experimental
+octavia_v2: false
+
+## Activate Octavia V1 API
+octavia_v1: True
+
+## Allow TLS listener
+octavia_tls_listener_enabled: True
+
 # Set the package install state for distribution and pip packages
 # Options are 'present' and 'latest'
 octavia_package_state: "latest"
@@ -37,9 +46,7 @@ octavia_fatal_deprecations: False
 
 octavia_clients_endpoint: internalURL
 
-# Workaround for https://bugs.launchpad.net/octavia/+bug/1704468
+octavia_auth_strategy: keystone
-# API haproxy needs "/" to return 200 for healthcheck
-octavia_auth_strategy: noauth
 
 ## DB
 octavia_galera_user: octavia
@@ -121,11 +128,11 @@ octavia_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(o
 octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}"
 octavia_service_type: load-balancer
 octavia_service_publicuri: "{{ octavia_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_publicurl: "{{ octavia_service_publicuri }}/v1/%(tenant_id)s"
+octavia_service_publicurl_v2: "{{ octavia_service_publicuri }}/"
 octavia_service_adminuri: "{{ octavia_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_adminurl: "{{ octavia_service_adminuri }}/v1/%(tenant_id)s"
+octavia_service_adminurl_v2: "{{ octavia_service_adminuri }}"
 octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"
+octavia_service_internalurl_v2: "{{ octavia_service_internaluri }}"
 
 octavia_service_in_ldap: false
 
@@ -154,17 +161,13 @@ octavia_pip_packages:
   - cryptography
   - keystonemiddleware
   - PyMySQL
-  - python-ceilometerclient
-  - python-cinderclient
   - python-glanceclient
-  - python-heatclient
   - python-keystoneclient
   - python-memcached
   - python-neutronclient
   - python-novaclient
   - python-openstackclient
-  - python-swiftclient
+  - python-octaviaclient
-  - python-troveclient
   - octavia
   - uwsgi
 

doc/source/configure-octavia.rst

@@ -192,6 +192,32 @@ enable access.
    /etc/openstack-deploy
 
 
+Optional: Enable Octavia V2 API
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Beginning with the Pike release, Octavia can be deployed in a stand-alone
+version thus avoiding the Neutron integration. Currently, the following
+configuration should be added to ``openstack_user_config.yml``:
+
+.. code-block:: yaml
+
+  # Disable Octavia support in Neutron
+  neutron_lbaas_octavia: False
+  # Disable LBaaS V2
+  neutron_lbaasv2: False
+  # Enable Octavia V2 API/standalone
+  octavia_v2: True
+  # Disable Octavia V1 API
+  octavia_v1: False
+
+Please note that in some settings the LBaaS plugin is directly enabled in the
+``neutron_plugin_base`` so adjust this as necessary.
+
+Please be aware that if you enable only the Octavia endpoint, only
+Octavia load balancers can be created because the integration with 3rd party
+load balancer vendors nor with the haproxy namespace driver is available
+in the Pike release.
+
 Optional: Tuning Octavia for production use
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml

@@ -0,0 +1,7 @@
+---
+features:
+  - Adds a new flag to enable Octavia V2 API (disabled by default) to facilitate to run Octavia
+    stand alone (without Neutron)
+  - Adds a new flag to toggle Octavia V1 API (the API needed to run in conjunction with Neutron)
+    and enables it by default.
+

tasks/octavia_service_add.yml

@@ -66,7 +66,8 @@
   retries: 5
   delay: 10
 
-# Create an endpoint
+# Create an endpoint (v2 only)
+# V1 uses a direct URL in the neutron conf
 - name: Ensure octavia endpoint
   keystone:
     command: "ensure_endpoint"
@@ -79,14 +80,14 @@
     service_type: "{{ octavia_service_type }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
     endpoint_list:
-# Versions pre Pike only have an internal endpoint
+      - url: "{{ octavia_service_publicurl_v2 }}"
-#      - url: "{{ service_publicurl }}"
+        interface: "public"
-#        interface: "public"
+      - url: "{{ octavia_service_internalurl_v2 }}"
-      - url: "{{ octavia_service_internalurl }}"
         interface: "internal"
-#      - url: "{{ service_adminurl }}"
+      - url: "{{ octavia_service_adminurl_v2 }}"
-#        interface: "admin"
+        interface: "admin"
-  register: add_service
+  register: add_service_v2
-  until: add_service|success
+  until: add_service_v2|success
   retries: 5
   delay: 10
+  when: octavia_v2 | bool

templates/octavia.conf.j2

@@ -1,13 +1,16 @@
 [DEFAULT]
 # Print debugging output (set logging level to DEBUG instead of default WARNING level).
 debug = {{ debug }}
+
+{% if not octavia_v2|bool %}
 bind_host = 0.0.0.0
 bind_port = {{ octavia_service_port }}
 # api_handler = queue_producer
 #
 # How should authentication be handled (keystone, noauth)
-# auth_strategy = noauth
+auth_strategy = {{ octavia_auth_strategy }}
 #
+{% endif %}
 # Plugin options are hot_plug_plugin (Hot-pluggable controller plugin)
 #
 # octavia_plugins = hot_plug_plugin
@@ -24,8 +27,20 @@ bind_port = {{ octavia_service_port }}
 
 transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %}
 
-# for pre Pike
+[api_settings]
+bind_host = 0.0.0.0
+bind_port = {{ octavia_service_port }}
+# api_handler = queue_producer
+#
+# How should authentication be handled (keystone, noauth)
+# Note: remove "noauth" once LP bug is fixed
 auth_strategy = {{ octavia_auth_strategy }}
+#
+api_v1_enabled = {{ octavia_v1 }}
+api_v2_enabled = {{ octavia_v2 }}
+# Allow users to create TLS Terminated listeners?
+allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }}
+
 # pre Ocata
 [oslo_messaging_rabbit]
 ssl = {{ octavia_rabbitmq_use_ssl }}