Enable V2 Octavia API (Experimental)

For Pike Octavia gains a way to run independent of Neutron with the new V2 API. This adds an (experiemntal) switch to enable this which defaults to False. Change-Id: I009ea4feb7aecda861701af277122001c9bf4500
2017-07-17 14:04:51 -04:00 · 2017-07-17 14:04:51 -04:00 · 072bf2c64d
commit 072bf2c64d
parent b1fe866f42
5 changed files with 74 additions and 22 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -16,6 +16,15 @@
 ## Verbosity Options
 debug: False

+## Octavia stnadalone (v2) experimental
+octavia_v2: false
+
+## Activate Octavia V1 API
+octavia_v1: True
+
+## Allow TLS listener
+octavia_tls_listener_enabled: True
+
 # Set the package install state for distribution and pip packages
 # Options are 'present' and 'latest'
 octavia_package_state: "latest"
@ -37,9 +46,7 @@ octavia_fatal_deprecations: False

 octavia_clients_endpoint: internalURL

-# Workaround for https://bugs.launchpad.net/octavia/+bug/1704468
-# API haproxy needs "/" to return 200 for healthcheck
-octavia_auth_strategy: noauth
+octavia_auth_strategy: keystone

 ## DB
 octavia_galera_user: octavia
@ -121,11 +128,11 @@ octavia_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(o
 octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}"
 octavia_service_type: load-balancer
 octavia_service_publicuri: "{{ octavia_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_publicurl: "{{ octavia_service_publicuri }}/v1/%(tenant_id)s"
+octavia_service_publicurl_v2: "{{ octavia_service_publicuri }}/"
 octavia_service_adminuri: "{{ octavia_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_adminurl: "{{ octavia_service_adminuri }}/v1/%(tenant_id)s"
+octavia_service_adminurl_v2: "{{ octavia_service_adminuri }}"
 octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
-octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"
+octavia_service_internalurl_v2: "{{ octavia_service_internaluri }}"

 octavia_service_in_ldap: false

@ -154,17 +161,13 @@ octavia_pip_packages:
  - cryptography
  - keystonemiddleware
  - PyMySQL
-  - python-ceilometerclient
-  - python-cinderclient
  - python-glanceclient
-  - python-heatclient
  - python-keystoneclient
  - python-memcached
  - python-neutronclient
  - python-novaclient
  - python-openstackclient
-  - python-swiftclient
-  - python-troveclient
+  - python-octaviaclient
  - octavia
  - uwsgi

--- a/doc/source/configure-octavia.rst
+++ b/doc/source/configure-octavia.rst
@ -192,6 +192,32 @@ enable access.
   /etc/openstack-deploy


+Optional: Enable Octavia V2 API
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Beginning with the Pike release, Octavia can be deployed in a stand-alone
+version thus avoiding the Neutron integration. Currently, the following
+configuration should be added to ``openstack_user_config.yml``:
+
+.. code-block:: yaml
+
+  # Disable Octavia support in Neutron
+  neutron_lbaas_octavia: False
+  # Disable LBaaS V2
+  neutron_lbaasv2: False
+  # Enable Octavia V2 API/standalone
+  octavia_v2: True
+  # Disable Octavia V1 API
+  octavia_v1: False
+
+Please note that in some settings the LBaaS plugin is directly enabled in the
+``neutron_plugin_base`` so adjust this as necessary.
+
+Please be aware that if you enable only the Octavia endpoint, only
+Octavia load balancers can be created because the integration with 3rd party
+load balancer vendors nor with the haproxy namespace driver is available
+in the Pike release.
+
 Optional: Tuning Octavia for production use
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- a/releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml
+++ b/releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - Adds a new flag to enable Octavia V2 API (disabled by default) to facilitate to run Octavia
+    stand alone (without Neutron)
+  - Adds a new flag to toggle Octavia V1 API (the API needed to run in conjunction with Neutron)
+    and enables it by default.
+
--- a/tasks/octavia_service_add.yml
+++ b/tasks/octavia_service_add.yml
@ -66,7 +66,8 @@
  retries: 5
  delay: 10

-# Create an endpoint
+# Create an endpoint (v2 only)
+# V1 uses a direct URL in the neutron conf
 - name: Ensure octavia endpoint
  keystone:
    command: "ensure_endpoint"
@ -79,14 +80,14 @@
    service_type: "{{ octavia_service_type }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
    endpoint_list:
-# Versions pre Pike only have an internal endpoint
-#      - url: "{{ service_publicurl }}"
-#        interface: "public"
-      - url: "{{ octavia_service_internalurl }}"
+      - url: "{{ octavia_service_publicurl_v2 }}"
+        interface: "public"
+      - url: "{{ octavia_service_internalurl_v2 }}"
        interface: "internal"
-#      - url: "{{ service_adminurl }}"
-#        interface: "admin"
-  register: add_service
-  until: add_service|success
+      - url: "{{ octavia_service_adminurl_v2 }}"
+        interface: "admin"
+  register: add_service_v2
+  until: add_service_v2|success
  retries: 5
  delay: 10
+  when: octavia_v2 | bool
--- a/templates/octavia.conf.j2
+++ b/templates/octavia.conf.j2
@ -1,13 +1,16 @@
 [DEFAULT]
 # Print debugging output (set logging level to DEBUG instead of default WARNING level).
 debug = {{ debug }}
+
+{% if not octavia_v2|bool %}
 bind_host = 0.0.0.0
 bind_port = {{ octavia_service_port }}
 # api_handler = queue_producer
 #
 # How should authentication be handled (keystone, noauth)
-# auth_strategy = noauth
+auth_strategy = {{ octavia_auth_strategy }}
 #
+{% endif %}
 # Plugin options are hot_plug_plugin (Hot-pluggable controller plugin)
 #
 # octavia_plugins = hot_plug_plugin
@ -24,8 +27,20 @@ bind_port = {{ octavia_service_port }}

 transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %}

-# for pre Pike
+[api_settings]
+bind_host = 0.0.0.0
+bind_port = {{ octavia_service_port }}
+# api_handler = queue_producer
+#
+# How should authentication be handled (keystone, noauth)
+# Note: remove "noauth" once LP bug is fixed
 auth_strategy = {{ octavia_auth_strategy }}
+#
+api_v1_enabled = {{ octavia_v1 }}
+api_v2_enabled = {{ octavia_v2 }}
+# Allow users to create TLS Terminated listeners?
+allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }}
+
 # pre Ocata
 [oslo_messaging_rabbit]
 ssl = {{ octavia_rabbitmq_use_ssl }}