#, fuzzy msgid "" msgstr "" "Project-Id-Version: octavia\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-04-29 13:58+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../../:48 msgid "0.10.0" msgstr "" #: ../../:5 msgid "0.10.0-37" msgstr "" #: ../../:5 msgid "0.5.2-23" msgstr "" #: ../../:5 msgid "0.8.0" msgstr "" #: ../../:5 msgid "0.9.0" msgstr "" #: ../../:59 msgid "1.0.0" msgstr "" #: ../../:39 msgid "1.0.2" msgstr "" #: ../../:21 msgid "1.0.4" msgstr "" #: ../../:5 msgid "1.0.5-3" msgstr "" #: ../../:454 msgid "10.0.0" msgstr "" #: ../../:141 msgid "10.1.0" msgstr "" #: ../../:5 msgid "10.1.1" msgstr "" #: ../../:388 stable/zed>:281 msgid "11.0.0" msgstr "" #: ../../:167 msgid "11.0.1" msgstr "" #: ../../:47 msgid "11.0.2" msgstr "" #: ../../:5 msgid "11.0.2-8" msgstr "" #: ../../:174 msgid "12.0.0" msgstr "" #: ../../:5 msgid "12.0.0-33" msgstr "" #: ../../:85 msgid "13.0.0" msgstr "" #: ../../:5 msgid "13.0.0-19" msgstr "" #: ../../:33 msgid "14.0.0" msgstr "" #: ../../:5 current msgid "14.0.0-20" msgstr "" #: ../../:5 msgid "14.0.0-5" msgstr "" #: ../../:390 msgid "2.0.0" msgstr "" #: ../../:345 msgid "2.0.2" msgstr "" #: ../../:279 msgid "2.0.3" msgstr "" #: ../../:237 msgid "2.0.4" msgstr "" #: ../../:138 msgid "2.1.0" msgstr "" #: ../../:116 msgid "2.1.1" msgstr "" #: ../../:76 msgid "2.1.2" msgstr "" #: ../../:5 msgid "2.1.2-11" msgstr "" #: ../../:426 msgid "3.0.0" msgstr "" #: ../../:404 msgid "3.0.1" msgstr "" #: ../../:339 msgid "3.0.2" msgstr "" #: ../../:233 msgid "3.1.0" msgstr "" #: ../../:211 msgid "3.1.1" msgstr "" #: ../../:121 msgid "3.2.0" msgstr "" #: ../../:66 msgid "3.2.1" msgstr "" #: ../../:39 msgid "3.2.2" msgstr "" #: ../../:5 msgid "3.2.2-5" msgstr "" #: ../../:422 msgid "4.0.0" msgstr "" #: ../../:396 msgid "4.0.1" msgstr "" #: ../../:271 msgid "4.1.0" msgstr "" #: ../../:206 msgid "4.1.1" msgstr "" #: ../../:106 msgid "4.1.2" msgstr "" #: ../../:39 msgid "4.1.4" msgstr "" #: ../../:5 msgid "4.1.4-5" msgstr "" #: ../../:639 msgid "5.0.0" msgstr "" #: ../../:581 msgid "5.0.1" msgstr "" #: ../../:466 msgid "5.0.2" msgstr "" #: ../../:399 msgid "5.0.3" msgstr "" #: ../../:290 msgid "5.1.0" msgstr "" #: ../../:253 msgid "5.1.1" msgstr "" #: ../../:210 msgid "5.1.2" msgstr "" #: ../../:5 msgid "5.1.2-37" msgstr "" #: ../../:543 msgid "6.0.0" msgstr "" #: ../../:510 msgid "6.0.1" msgstr "" #: ../../:399 msgid "6.1.0" msgstr "" #: ../../:322 msgid "6.2.0" msgstr "" #: ../../:257 msgid "6.2.1" msgstr "" #: ../../:219 msgid "6.2.2" msgstr "" #: ../../:5 msgid "6.2.2-39" msgstr "" #: ../../:388 msgid "7.0.0" msgstr "" #: ../../:359 msgid "7.1.0" msgstr "" #: ../../:312 msgid "7.1.1" msgstr "" #: ../../:208 msgid "7.1.2" msgstr "" #: ../../:5 msgid "7.1.2-38" msgstr "" #: ../../:525 msgid "8.0.0" msgstr "" #: ../../:431 msgid "8.0.1" msgstr "" #: ../../:5 msgid "8.0.1-89" msgstr "" #: ../../:475 msgid "9.0.0" msgstr "" #: ../../:453 msgid "9.0.1" msgstr "" #: ../../:226 msgid "9.1.0" msgstr "" #: ../../:5 msgid "9.1.0-40" msgstr "" #: ../../:14 stable/rocky>:75 stable/stein>:215 #: stable/train>:590 stable/ussuri>:647 msgid "" "A new amphora image is required to fix the potential certs-ramfs race " "condition." msgstr "" #: ../../:308 stable/train>:769 msgid "" "A new amphora image is required to resolve the amphora memory issues when a " "load balancer has multiple listeners and the amphora image uses haproxy 1.8 " "or newer." msgstr "" #: ../../:301 msgid "" "A new configuration option ``failover_threshold`` can be set to limit the " "number of amphorae simultaneously pending failover before halting the " "automatic failover process. This should help prevent unwanted mass failover " "events that can happen in cases like network interruption to an AZ or the " "database becoming read-only. This feature is not enabled by default, and it " "should be configured carefully based on the size of the environment. For " "example, with 100 amphorae a good threshold might be 20 or 30, or a value " "greater than the typical number of amphorae that would be expected on a " "single host." msgstr "" #: ../../:345 msgid "" "A new option is provided in the oslo_messaging namespace to disable " "event_notifications." msgstr "" #: ../../:14 stable/2023.2>:109 stable/zed>:56 #: unmaintained/xena>:14 unmaintained/yoga>:14 msgid "" "A patch that fixes an issue making the VIP port unreachable because of " "missing IP rules requires an update of the Amphora image." msgstr "" #: ../../:667 msgid "" "A provider driver developer guide has been added to the documentation to aid " "driver providers." msgstr "" #: ../../:25 stable/rocky>:86 stable/stein>:226 #: stable/train>:601 stable/ussuri>:673 msgid "" "A race condition between the certs-ramfs and the amphora agent may lead to " "tenant TLS content being stored on the amphora filesystem instead of in the " "encrypted RAM filesystem." msgstr "" #: ../../:34 msgid "Active/Standby support for Octavia." msgstr "" #: ../../:82 msgid "Add a config variable to disable creation of TLS Terminated listeners." msgstr "" #: ../../:299 stable/ussuri>:408 #: unmaintained/victoria>:461 msgid "" "Add a new configuration option to define the default connection_limit for " "new listeners that use the Amphora provider. The option is [haproxy_amphora]." "default_connection_limit and its default value is 50,000. This value is used " "when creating or setting a listener with -1 as connection_limit parameter, " "or when unsetting connection_limit parameter." msgstr "" #: ../../:283 stable/ussuri>:392 #: unmaintained/victoria>:352 unmaintained/wallaby>:742 msgid "" "Add a validation step in the Octavia Amphora driver to ensure that the " "port_security_enabled parameter is set on the VIP network." msgstr "" #: ../../:586 msgid "" "Add an API for allowing administrators to manage Octavia Availability Zones " "and Availability Zone Profiles, which behave nearly identically to Flavors " "and Flavor Profiles." msgstr "" #: ../../:94 msgid "" "Add config variables to allow disabling either API version (v1 or v2.0)." msgstr "" #: ../../:196 msgid "" "Add fake Amphora stats for when Octavia runs in noop mode / using noop " "drivers." msgstr "" #: ../../:423 msgid "Add l7policy and l7rule to octavia quota." msgstr "" #: ../../:37 stable/rocky>:48 stable/stein>:160 #: stable/train>:520 stable/ussuri>:572 msgid "" "Add listener and pool protocol validation. The pool and listener can't be " "combined arbitrarily. We need some constraints on the protocol side." msgstr "" #: ../../:29 stable/train>:351 stable/ussuri>:363 #: unmaintained/victoria>:378 unmaintained/wallaby>:699 msgid "Add missing cloud-utils-growpart RPM to Red Hat based amphora images." msgstr "" #: ../../:33 stable/train>:355 stable/ussuri>:367 #: unmaintained/victoria>:382 unmaintained/wallaby>:703 msgid "Add missing cronie RPM to Red Hat based amphora images." msgstr "" #: ../../:90 msgid "Add monitor address and port to member" msgstr "" #: ../../:319 stable/rocky>:378 stable/stein>:832 msgid "" "Add new parameters to specify the number of threads for updating amphora " "health and stats." msgstr "" #: ../../:469 msgid "Add sos element to amphora images (Red Hat family only)." msgstr "" #: ../../:134 msgid "Add support PROXY protocol for lbaas pool in octavia" msgstr "" #: ../../:442 msgid "" "Add support for SCTP protocol. SCTP support has been added in the Octavia " "API for listener, pool, and health-monitor resources." msgstr "" #: ../../:98 msgid "Add support for Ubuntu Xenial amphora images." msgstr "" #: ../../:181 stable/stein>:360 stable/train>:905 msgid "" "Add support for monitor_address and monitor_port attributes in UDP members. " "Previously, monitor_address and monitor_port were ignored and address and " "protocol_port attributes were used as monitoring address and port." msgstr "" #: ../../:576 msgid "" "Add support for the SCTP protocol in the Amphora driver. Support for SCTP " "listeners and pools is implemented using keepalived in the amphora. Support " "for SCTP health monitors is provided by the amphora-health-checker script " "and relies on an INIT/INIT-ACK/ABORT sequence of packets." msgstr "" #: ../../:565 msgid "" "Added HTTP/2 over TLS support via ALPN protocol negotiation to the amphora " "provider driver for TLS-enabled pools." msgstr "" #: ../../:401 msgid "" "Added HTTP/2 over TLS support via ALPN protocol negotiation to the amphora " "provider driver. Feature available in amphora images with HAProxy 2.0 or " "newer." msgstr "" #: ../../:435 msgid "Added UDP protocol support to listeners and pools." msgstr "" #: ../../:455 msgid "" "Added ``minimum_tls_version`` to ``octavia.conf``. Listeners, pools, and " "the defaults for either will be blocked from using any lower TLS versions. " "By default, there is no minumum version." msgstr "" #: ../../:481 msgid "" "Added ``tls_cipher_prohibit_list`` to ``octavia.conf``. Listeners, pools, " "and the default values for either will be blocked from using any of these " "ciphers. By default, no ciphers are prohibited." msgstr "" #: ../../:98 msgid "" "Added a configuration option that specifies the availability zone amphora " "should be built in." msgstr "" #: ../../:293 stable/zed>:189 msgid "" "Added a filter to hide a bogus ComputeWaitTimeoutException exception when " "creating an amphora when jobboard is disabled. This exception is part of the " "flow when creating a load balancer or an amphora and should not be shown to " "the user." msgstr "" #: ../../:463 msgid "" "Added a new PROMETHEUS listener that exposes a prometheus exporter endpoint." msgstr "" #: ../../:447 msgid "" "Added a new configuration setting (``[task_flow]/jobboard_enabled``) to " "enable/disable jobboard functionality in the amphorav2 provider. When " "disabled, the amphorav2 provider behaves similarly to the amphora v1 " "provider and does not require extra dependencies. The default setting is " "jobboard disabled while jobboard remains an experimental feature." msgstr "" #: ../../:406 msgid "" "Added a new endpoint /v2.0/octavia/amphorae to expose internal details about " "amphorae. This endpoint is admin only." msgstr "" #: ../../:227 stable/rocky>:329 stable/stein>:863 msgid "" "Added a new option named server_certs_key_passphrase under the certificates " "section. The default value gets copied from an environment variable named " "TLS_PASS_AMPS_DEFAULT. In a case where TLS_PASS_AMPS_DEFAULT is not set, and " "the operator did not fill any other value directly, 'insecure-key-do-not-use-" "this-key' will be used." msgstr "" #: ../../:38 current msgid "" "Added a workaround that prevent the listener PUT API call from failing if " "haproxy crashes during a reload. The amphora-agent ensures that in case of " "crashes, haproxy is correctly restarted and ready to accept incoming " "requests (see https://bugs.launchpad.net/octavia/+bug/2054666)" msgstr "" #: ../../:538 msgid "" "Added aarch64/arm64 amphora image support to the disk image create tool and " "to the devstack plugin." msgstr "" #: ../../:461 msgid "" "Added ability for Octavia to automatically set Barbican ACLs on behalf of " "the user. Such enables users to create TLS-terminated listeners without " "having to add the Octavia keystone user id to the ACL list. Octavia will " "also automatically revoke access to secrets whenever load balancing " "resources no longer require access to them." msgstr "" #: ../../:597 msgid "" "Added an option to the diskimage-create.sh script to specify the Octavia Git " "branch to build the image from." msgstr "" #: ../../:399 msgid "" "Added hook to plugin.sh: `octavia_create_network_interface_device` and " "`octavia_delete_network_interface_device`. For each of these functions, if " "they are defined during stack (respectively unstack), they are called to " "create (respectively delete) the management network interface." msgstr "" #: ../../:537 msgid "" "Added new tool ``octavia-status upgrade check``. This framework allows " "adding various checks which can be run before a Octavia upgrade to ensure if " "the upgrade can be performed safely." msgstr "" #: ../../:14 stable/pike>:183 msgid "" "Added option 'sync_provisioning_status' to enable synchronizing provisioning " "status of loadbalancers with the neutron-lbaas database. Enabling this " "option will queue one additional message per amphora every heartbeat " "interval." msgstr "" #: ../../:577 msgid "Added support for CentOS 8 amphora images." msgstr "" #: ../../:94 msgid "" "Added support for HTTP Strict Transport Security (HSTS) for TLS-terminated " "listeners. The API for creating and updating listeners has been extended by " "the optional fields `hsts_max_age`, `hsts_include_subdomains` and " "`hsts_preload`. By default this feature is disabled. In order to activate " "this feature the `hsts_max_age` option needs to be set." msgstr "" #: ../../:52 msgid "" "Added support for Rocky Linux amphora images. To enable it, users have to " "build their amphora images with the ``OCTAVIA_AMP_BASE_OS=rocky`` and " "``OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID=9`` parameters." msgstr "" #: ../../:48 msgid "Added support for Rocky Linux controllers in devstack." msgstr "" #: ../../:554 msgid "" "Added support for TLS extension Application Layer Protocol Negotiation " "(ALPN) to TLS-enabled pools. A new parameter ``alpn_protocols`` was added to " "the Pool API." msgstr "" #: ../../:427 msgid "" "Added support for TLS extension Application Layer Protocol Negotiation " "(ALPN) to TLS-terminated HTTPS load balancers. A new parameter " "``alpn_protocols`` was added to the Listener API." msgstr "" #: ../../:534 msgid "Added support for keystone default roles and system token scopes." msgstr "" #: ../../:438 msgid "Added support for nftables to the devstack plugin and the amphora." msgstr "" #: ../../:397 msgid "Added support for proxy protocol version 2." msgstr "" #: ../../:685 msgid "" "Added support to VIP access control list. Users can now limit incoming " "traffic to a set of allowed CIDRs." msgstr "" #: ../../:681 msgid "Added support to create RHEL 8 amphora images." msgstr "" #: ../../:676 msgid "" "Added support to debug with the Python Visual Studio Debugger engine (ptvsd)." "" msgstr "" #: ../../:548 msgid "Added tags property for Octavia resources. It includes:" msgstr "" #: ../../:421 msgid "" "Added the 'failover' sub-resource for the Amphora API. Each amphora can be " "triggered to failover by sending a PUT (with an empty body) to the resource " "``/v2.0/octavia/amphorae//failover``. It will cause the amphora to be " "recycled and replaced, in the same way as the health-triggered failover." msgstr "" #: ../../:407 msgid "Added the ability to delete amphora that are not in use." msgstr "" #: ../../:559 msgid "" "Added the oslo-middleware healthcheck app to the Octavia API. Hitting /" "healthcheck will return a 200. This is enabled via the " "[api_settings]healthcheck_enabled setting and is disabled by default." msgstr "" #: ../../:160 msgid "" "Adding `ID` column to the health_monitor table in Octavia, whose value is " "same as the `pool_id` column. The database needs to be upgraded first, " "followed by upgrade and restart of the API servers." msgstr "" #: ../../:202 stable/stein>:387 stable/train>:960 msgid "" "Adding a member with different IP protocol version than the VIP IP protocol " "version in a UDP load balancer caused a crash in the amphora. A validation " "step in the amphora driver now prevents mixing IP protocol versions in UDP " "load balancers." msgstr "" #: ../../:473 msgid "Adding support for the listener X-Forwarded-Proto header insertion." msgstr "" #: ../../:354 stable/rocky>:594 stable/stein>:738 msgid "" "Adds a configuration option, \"reserved_ips\" that allows the operator to " "block addresses from being used in load balancer members. The default " "setting blocks the nova metadata service address." msgstr "" #: ../../:439 msgid "" "Adds a health monitor type of UDP-CONNECT that does a basic UDP port connect." "" msgstr "" #: ../../:86 msgid "Adds a new config parameter to specify the anti-affinity policy" msgstr "" #: ../../:577 msgid "Adds an administrator API to access per-amphora statistics." msgstr "" #: ../../:82 msgid "Adds quota support to the Octavia API." msgstr "" #: ../../:14 msgid "Adds support for IPv6" msgstr "" #: ../../:14 msgid "" "Adds support for Layer 7 switching and shared pools features to Octavia. " "This supports the equivalent feature added to Neutron LBaaS v2." msgstr "" #: ../../:110 msgid "" "Adds support for PKCS7 PEM or DER encoded intermediate certificate bundles " "for TERMINATED_HTTPS listeners." msgstr "" #: ../../:94 msgid "Adds support for amphora images that use systemd." msgstr "" #: ../../:22 msgid "Adds support for networks that do not have DHCP services enabled." msgstr "" #: ../../:648 msgid "Adds support for the driver agent to query for load balancer objects." msgstr "" #: ../../:70 msgid "Adds tables for active/standby." msgstr "" #: ../../:502 msgid "" "Adds the ability to define L7 rules based on TLS client authentication " "information. The new L7 rules are\\: \"L7RULE_TYPE_SSL_CONN_HAS_CERT\", " "\"L7RULE_TYPE_VERIFY_RESULT\", and \"L7RULE_TYPE_DN_FIELD\"." msgstr "" #: ../../:575 msgid "" "Admin documentation page has been added to explain the available events, the " "notification format, and how to disable event notifications." msgstr "" #: ../../:106 msgid "" "After setting \"auth_strategy = keystone\" all incoming requests to Octavia " "API will be verified using Keystone are they send by authenticated person. " "By default that option is disabled because Neutron LBaaS v2 is not " "supporting that functionality properly." msgstr "" #: ../../:14 stable/train>:475 stable/ussuri>:630 msgid "" "After this upgrade, users will no longer be able use network resources they " "cannot see or \"show\" on load balancers. Operators can revert this behavior " "by setting the \"allow_invisible_reourece_usage\" configuration file setting " "to ``True``." msgstr "" #: ../../:115 msgid "" "After this upgrade, users will no longer be able use network resources they " "cannot see or \"show\" on load balancers. Operators can revert this behavior " "by setting the \"allow_invisible_resource_usage\" configuration file setting " "to ``True``." msgstr "" #: ../../:751 msgid "" "All pools configured under OVN provider driver are automatically migrated to " "SOURCE_IP_PORT algorithm. Previously algorithm was named as ROUND_ROBIN, but " "in fact it was not working like ROUND_ROBIN. After investigating, it was " "observed that core OVN actually utilizes a 5 Tuple Hash/RSS Hash in DPDK/" "Kernel as a Load Balancing algorithm. The 5 Tuple Hash has Source IP, " "Destination IP, Protocol, Source Port, Destination Port. To reflect this the " "name was changed to SOURCE_IP_PORT." msgstr "" #: ../../:709 msgid "" "Allow creation of volume based amphora. Many deploy production use volume " "based instances because of more flexibility. Octavia will create volume and " "attach this to the amphora." msgstr "" #: ../../:257 msgid "" "Allow the loadbalancer's VIP to be created on the same network as the " "management interface." msgstr "" #: ../../:72 msgid "" "Allows the operator to optionally restrict the amphora glance image " "selection to a specific owner id. This is a recommended security setting for " "clouds that allow user uploadable images." msgstr "" #: ../../:520 msgid "" "Amphora API now can return the field `compute_flavor` which is the ID of the " "compute instance flavor used to boot the amphora." msgstr "" #: ../../:504 msgid "" "Amphora API now returns the field `image_id` which is the ID of the glance " "image used to boot the amphora." msgstr "" #: ../../:197 msgid "" "Amphora agent has been adjusted to complement the vertical scaling " "optimizations implemented in the new cpu-pinning element. If the flavor uses " "multiple vCPUs it will configure HAProxy automatically to pin each of its " "worker threads to an individual CPU that was isolated by the element (all " "vCPUs starting from the second one)." msgstr "" #: ../../:41 msgid "" "Amphora failover is supported when active/standby is enabled. Should the " "master or backup amphora fail, the health manager will rebuild it." msgstr "" #: ../../:57 msgid "Amphora image support for RH Linux flavors." msgstr "" #: ../../:192 msgid "Amphora images will now be built with nftables by default." msgstr "" #: ../../:477 msgid "" "Amphora images with HAProxy older than 1.6 (CentOS 7, etc.) will still use " "health monitor type TCP when PING is selected by the user." msgstr "" #: ../../:256 msgid "" "Amphora load balancers support single process mode only now. Split listener " "configuration, which was used up to API version 0.5, has been removed from " "the codebase." msgstr "" #: ../../:452 unmaintained/xena>:531 msgid "" "Amphora network configuration for the VIP interface and the pool member " "interfaces are now applied with the amphora-interface tool. amphora-" "interface uses pyroute2 low-level functions to configure the interfaces " "instead of distribution-specific tools such as \"network-scripts\" or \"/etc/" "network/interfaces\" files." msgstr "" #: ../../:226 msgid "" "Amphora vertical scaling optimizations require a new amphora image build " "with the optional CPU pinning feature enabled in order to become effective." msgstr "" #: ../../:488 msgid "" "Amphora will need to be updated to a new image with this version of the " "agent and ping-wrapper.sh script prior to updating the Octavia controllers. " "If a load balancer is using a health monitor of type PING with an amphora " "image that has not been updated, the next configuration change to the load " "balancer will cause it to go into an ERROR state until it is failed over to " "an updated image." msgstr "" #: ../../:58 msgid "" "Amphora with a terminated HTTPS load balancer can no longer be rebooted. If " "they reboot, they will trigger a failover of the amphora." msgstr "" #: ../../:484 msgid "" "AmphoraV2 provider that was intoduced in earier releases now is default " "Amphora provider for Octavia. Alias `amphorav1` is available for previous " "version of Amphora provider. Alias `amphorav2` is now the same as `amphora`. " "By default, jobboard (usage persistence storage) is not enabled, " "configurable via `jobboard_enabled` option in `task_flow` section." msgstr "" #: ../../:729 msgid "Amphorae are unable to provide tenant flow logs for UDP listeners." msgstr "" #: ../../:570 stable/ussuri>:752 msgid "" "Amphorae that are booting for a specific loadbalancer will now be linked to " "that loadbalancer immediately upon creation. Previously this would not " "happen until near the end of the process, leaving a gap during booting " "during which is was difficult to understand which booting amphora belonged " "to which loadbalancer. This was especially problematic when attempting to " "troubleshoot loadbalancers that entered ERROR status due to boot issues." msgstr "" #: ../../:127 stable/train>:487 stable/ussuri>:519 #: unmaintained/victoria>:506 msgid "" "An amphora image update is recommended to pick up a workaround to an HAProxy " "issue where it would fail to reload on configuration change should the local " "peer name start with \"-x\"." msgstr "" #: ../../:672 msgid "" "An operator documentation page has been added to list known Octavia provider " "drivers and provide links to those drivers. Non-reference drivers, drivers " "other than the \"amphora\" driver, will be outside of the octavia code " "repository but are dynamically loadable via a well defined interface " "described in the provider driver developers guide." msgstr "" #: ../../:122 stable/train>:482 stable/ussuri>:637 msgid "" "Any amphorae running a py3 based image must be recycled or else they will " "eventually fail on certificate rotation." msgstr "" #: ../../:171 stable/rocky>:266 stable/stein>:730 msgid "" "As a followup to the fix that resolved CVE-2018-16856, Octavia will now " "encrypt certificates and keys used for secure communication with amphorae, " "in its internal workflows. Octavia used to exclude debug-level log prints " "for specific tasks and flows that were explicitly specified by name, a " "method that is susceptive to code changes." msgstr "" #: ../../:686 msgid "" "As part of GDPR compliance, connection logs might be considered personal " "data and might need to follow specific data retention policies. Disabling " "connection logging might aid in making Octavia compliant by preventing the " "output of such data. As always, consult with an expert on compliance prior " "to making changes." msgstr "" #: ../../:114 msgid "" "Authentication settings for Neutron should be added directly to the " "[neutron] section of the configuration now. The exact settings depend on the " "`auth_type` used. Refer to https://docs.openstack.org/keystoneauth/latest/" "plugin-options.html for a list of possible options." msgstr "" #: ../../:592 msgid "" "Availability zone profiles can now override the ``valid_vip_networks`` " "configuration option." msgstr "" #: ../../:446 msgid "" "Backend re-encryption allows users to configure pools to initiate TLS " "connections to the backend member servers. This enables load balancers to " "authenticate and encrypt connections from the load balancer to the backend " "member server." msgstr "" #: ../../:10 current origin/stable/newton>:78 #: origin/stable/ocata>:38 origin/stable/ocata>:158 stable/2023.1>:21 #: stable/2023.1>:277 stable/2023.1>:393 stable/2023.2>:10 stable/2023.2>:152 #: stable/2024.1>:10 stable/2024.1>:98 stable/pike>:44 stable/pike>:238 #: stable/queens>:33 stable/queens>:92 stable/queens>:121 stable/queens>:181 #: stable/queens>:253 stable/queens>:309 stable/queens>:362 stable/queens>:539 #: stable/rocky>:44 stable/rocky>:94 stable/rocky>:163 stable/rocky>:216 #: stable/rocky>:276 stable/rocky>:368 stable/rocky>:409 stable/rocky>:602 #: stable/stein>:10 stable/stein>:56 stable/stein>:151 stable/stein>:234 #: stable/stein>:327 stable/stein>:401 stable/stein>:753 stable/train>:40 #: stable/train>:215 stable/train>:258 stable/train>:321 stable/train>:416 #: stable/train>:511 stable/train>:609 stable/train>:838 stable/ussuri>:53 #: stable/ussuri>:224 stable/ussuri>:262 stable/ussuri>:327 stable/ussuri>:442 #: stable/ussuri>:527 stable/ussuri>:681 stable/zed>:10 stable/zed>:63 #: stable/zed>:185 stable/zed>:391 unmaintained/victoria>:53 #: unmaintained/victoria>:213 unmaintained/victoria>:317 #: unmaintained/victoria>:364 unmaintained/victoria>:604 #: unmaintained/wallaby>:53 unmaintained/wallaby>:448 unmaintained/wallaby>:645 #: unmaintained/xena>:34 unmaintained/xena>:261 unmaintained/xena>:458 #: unmaintained/xena>:523 unmaintained/yoga>:21 unmaintained/yoga>:189 #: unmaintained/yoga>:497 msgid "Bug Fixes" msgstr "" #: ../../:122 msgid "" "Bug fix: The response body of the LB API, when creating a new load balancer, " "now correctly includes information about the health monitor. Previously, " "this information was consistently null, despite configuring a health monitor." "" msgstr "" #: ../../:548 msgid "" "CentOS-based amphora images will now install HAProxy version 2.2 maintained " "by CentOS NFV SIG. Other supported distributions (Ubuntu Bionic, RHEL 8) " "remain untouched." msgstr "" #: ../../:68 msgid "" "Certificate and key storage for terminated HTTPS load balancers is now in an " "encrypted ramfs path inside the amphora." msgstr "" #: ../../:439 msgid "" "Certificate bundles can now be stored in any backend Castellan supports, and " "can be retrieved via a Castellan driver, even if Barbican is not deployed." msgstr "" #: ../../:487 msgid "" "Cloud deployers can set `api_settings.allow_ping_health_monitors = False` in " "`octavia.conf` to disable the ability to create PING health monitors." msgstr "" #: ../../:825 msgid "" "Communication between the control-plane and the amphora-agent now uses " "minimum TLSv1.2 by default, and is configurable. The previous default of " "SSLv2/3 is widely considered insecure." msgstr "" #: ../../:503 msgid "" "Config option `amp_ssh_access_allowed` is deprecated, as it overlaps with " "`amp_ssh_key_name` in functionality and is not needed. Simply leave the " "variable `amp_ssh_key_name` blank and no ssh key will be installed. This is " "the same result as using `amp_ssh_access_allowed = False`." msgstr "" #: ../../:290 msgid "" "Configuration of the amphora's timezone is now possible using new " "configuration setting \"amp_timezone\" in the controller_worker options " "group." msgstr "" #: ../../:73 stable/ussuri>:97 #: unmaintained/victoria>:91 unmaintained/wallaby>:151 unmaintained/xena>:309 #: unmaintained/yoga>:531 msgid "" "Correctly detect the member operating status \"drain\" when querying status " "data from HAProxy." msgstr "" #: ../../:24 stable/pike>:14 #: stable/queens>:85 stable/rocky>:156 stable/stein>:320 stable/train>:820 #: stable/ussuri>:668 msgid "" "Correctly require two-way certificate authentication to connect to the " "amphora agent API (CVE-2019-17134)." msgstr "" #: ../../:263 stable/rocky>:635 msgid "" "Creating a member on a pool with no healthmonitor would sometimes briefly " "update their operating status from `NO_MONITOR` to `OFFLINE` and back to " "`NO_MONITOR` during the provisioning sequence. This flapping will no longer " "occur." msgstr "" #: ../../:155 stable/rocky>:250 stable/stein>:708 #: stable/train>:804 msgid "Critical Issues" msgstr "" #: ../../:199 stable/train>:559 stable/ussuri>:741 msgid "" "Delay between checks on UDP healthmonitors was using the incorrect config " "value ``timeout``, when it should have been ``delay``." msgstr "" #: ../../:523 msgid "" "Depending on how the other queue is set up additional passwords for the " "other queue will be in the Octavia config file. Operators should take care " "of setting up appropriate users with appropriate restrictions to the " "topic(s) needed." msgstr "" #: ../../:54 origin/stable/ocata>:148 #: stable/2023.1>:245 stable/2023.2>:130 stable/pike>:194 stable/queens>:499 #: stable/rocky>:556 stable/stein>:679 stable/train>:793 stable/zed>:380 #: unmaintained/victoria>:552 unmaintained/wallaby>:436 #: unmaintained/wallaby>:620 unmaintained/xena>:511 msgid "Deprecation Notes" msgstr "" #: ../../:62 stable/ussuri>:75 #: unmaintained/victoria>:222 unmaintained/wallaby>:460 unmaintained/xena>:539 msgid "" "Disable conntrack for TCP flows in the Amphora, it reduces memory usage for " "HAProxy-based listeners and prevents some kernel warnings about dropped " "packets." msgstr "" #: ../../:588 msgid "" "Disabling connection logging might make it more difficult to audit systems " "for unauthorized access, from which IPs it originated, and which assets were " "compromised." msgstr "" #: ../../:87 stable/ussuri>:102 stable/zed>:434 #: unmaintained/victoria>:96 unmaintained/wallaby>:163 unmaintained/xena>:321 #: unmaintained/yoga>:249 msgid "Enable required SELinux booleans for CentOS or RHEL amphora image." msgstr "" #: ../../:409 unmaintained/wallaby>:91 #: unmaintained/xena>:289 unmaintained/yoga>:201 msgid "" "Ensure that the provided rsyslog configuration file is used by rsyslog in " "the amphora by restarting the service when using the amphorav1 provider, it " "fixes the log offloading feature on distributions that start rsyslog before " "cloud-init." msgstr "" #: ../../:85 unmaintained/xena>:283 #: unmaintained/yoga>:511 msgid "" "Ensure that the provided rsyslog configuration file is used by the rsyslog " "by restarting the service, it fixes the log offloading feature on " "distributions that start rsyslog before cloud-init." msgstr "" #: ../../:581 msgid "" "Extend the Octavia Health Monitor API with two new fields ``http_version`` " "and ``domain_name`` for support HTTP health check, which will inject the " "domain name into HTTP host header." msgstr "" #: ../../:62 msgid "Extended support for Keystone API v3." msgstr "" #: ../../:268 stable/ussuri>:44 stable/zed>:176 #: unmaintained/victoria>:44 unmaintained/wallaby>:44 unmaintained/xena>:25 #: unmaintained/yoga>:180 msgid "" "Filter out private information from the taskflow logs when ''INFO'' level " "messages are enabled and when jobboard is enabled. Logs might have included " "TLS certificates and private_key. By default, in Octavia only WARNING and " "above messages are enabled in taskflow and jobboard is disabled." msgstr "" #: ../../:211 msgid "" "Finally completely remove tenant_id, as it was deprecated along with the " "keystone v2 API in Mitaka, which means we're free of it in Pike!" msgstr "" #: ../../:577 stable/stein>:695 msgid "" "Finally completely the remove user_group option, as it was deprecated in " "Pike." msgstr "" #: ../../:471 unmaintained/wallaby>:266 #: unmaintained/xena>:147 unmaintained/yoga>:328 msgid "" "Fix PING health-monitors with recent haproxy releases (>=2.2), haproxy now " "requires an additional \"insecure-fork-wanted\" option to authorize the " "Octavia PING healthcheck." msgstr "" #: ../../:246 stable/ussuri>:315 #: unmaintained/wallaby>:737 unmaintained/xena>:596 msgid "" "Fix a bug that allowed a user to create a load balancer on a " "``vip_subnet_id`` that belongs to another user using the subnet UUID." msgstr "" #: ../../:175 stable/ussuri>:184 #: unmaintained/victoria>:173 unmaintained/wallaby>:346 unmaintained/xena>:405 #: unmaintained/yoga>:565 msgid "" "Fix a bug that could have triggered a race condition when configuring a " "member interface in the amphora. Due to a race condition, a network " "interface might have been deleted from the amphora, leading to a loss of " "connectivity." msgstr "" #: ../../:65 stable/rocky>:110 stable/stein>:260 #: stable/train>:628 stable/ussuri>:732 msgid "" "Fix a bug that could interrupt resource creation when performing a graceful " "shutdown of the controller worker and leave resources in a PENDING_CREATE/" "PENDING_UPDATE/PENDING_DELETE provisioning status. If the duration of an " "Octavia flow is greater than the 'graceful_shutdown_timeout' configuration " "value, stopping the Octavia worker can still interrupt the creation of " "resources." msgstr "" #: ../../:52 stable/rocky>:58 stable/stein>:183 #: stable/train>:543 stable/ussuri>:709 msgid "" "Fix a bug that could interrupt resource creation when performing a graceful " "shutdown of the house keeping service and leave resources such as amphorae " "in a BOOTING status." msgstr "" #: ../../:193 stable/stein>:372 stable/train>:917 msgid "" "Fix a bug that prevented UDP servers to be restored as members of a pool " "after removing a health monitor resource." msgstr "" #: ../../:88 stable/2023.2>:204 stable/zed>:241 #: unmaintained/yoga>:281 msgid "" "Fix a bug that prevented the operating_status of a health-monitor to be set " "to ONLINE when ipv6 addresses were enclosed within square brackets in " "``controller_ip_port_list``." msgstr "" #: ../../:98 stable/ussuri>:113 stable/zed>:438 #: unmaintained/victoria>:107 unmaintained/wallaby>:184 unmaintained/xena>:332 #: unmaintained/yoga>:270 msgid "" "Fix a bug that prevented the provisioning_state of a health-monitor to be " "set to ERROR when an error occurred while creating, updating or deleting a " "health-monitor." msgstr "" #: ../../:477 unmaintained/wallaby>:272 #: unmaintained/xena>:367 unmaintained/yoga>:334 msgid "" "Fix a bug when adding a member on a subnet that belongs to a network with " "multiple subnets, an incorrect subnet may have been plugged in the amphora." msgstr "" #: ../../:482 unmaintained/wallaby>:277 #: unmaintained/xena>:372 unmaintained/yoga>:339 msgid "" "Fix a bug when deleting the last member plugged on a network, the port that " "was no longer used was not deleted." msgstr "" #: ../../:323 stable/zed>:219 #: unmaintained/wallaby>:167 unmaintained/xena>:83 unmaintained/yoga>:253 msgid "" "Fix a bug when full graph of load balancer is created without listeners if " "jobboard_enabled=False" msgstr "" #: ../../:160 stable/ussuri>:162 stable/zed>:487 #: unmaintained/victoria>:145 unmaintained/wallaby>:287 unmaintained/xena>:377 #: unmaintained/yoga>:349 msgid "" "Fix a bug when updating a load balancer with a QoS policy after a failover, " "Octavia attempted to update the VRRP ports of the deleted amphorae, moving " "the provisioning status of the load balancer to ERROR." msgstr "" #: ../../:81 stable/train>:359 msgid "" "Fix a potential AttributeError exception at init time in the housekeeping " "service when using python2 because of an issue with thread safety when " "calling strptime for the first time." msgstr "" #: ../../:374 stable/ussuri>:385 #: unmaintained/victoria>:688 msgid "" "Fix a potential invalid DOWN operating status for members of a UDP pool. A " "race condition could have occured when building the first heartbeat message " "after adding a new member in a pool, this recently added member could have " "been seen as DOWN." msgstr "" #: ../../:168 stable/zed>:493 #: unmaintained/victoria>:151 unmaintained/wallaby>:293 unmaintained/xena>:383 #: unmaintained/yoga>:355 msgid "" "Fix a potential race condition when updating a resource in the amphorav2 " "worker. The worker was not waiting for the resource to be set to " "PENDING_UPDATE, so the resource may have been updated with old data from the " "database, resulting in a no-op update." msgstr "" #: ../../:531 unmaintained/wallaby>:358 #: unmaintained/xena>:189 unmaintained/yoga>:400 msgid "" "Fix a python3 error that prevented to use the ``[controller_worker]/" "user_data_config_drive`` option when building amphorae." msgstr "" #: ../../:237 unmaintained/victoria>:252 #: unmaintained/wallaby>:480 unmaintained/xena>:564 msgid "" "Fix a serialization error when using host_routes in VIP subnets when " "persistence in the amphorav2 driver is enabled." msgstr "" #: ../../:520 unmaintained/wallaby>:340 #: unmaintained/xena>:183 unmaintained/yoga>:389 msgid "" "Fix a serialization issue when using TLSContainer with amphorav2 driver with " "persistence, a list of bytes type in the data model was not correctly " "converted to serializable data." msgstr "" #: ../../:306 stable/zed>:88 #: unmaintained/wallaby>:104 unmaintained/xena>:49 unmaintained/yoga>:39 msgid "" "Fix amphora haproxy_count to return the number of haproxy processes that are " "running." msgstr "" #: ../../:311 stable/ussuri>:87 stable/zed>:202 #: unmaintained/victoria>:81 unmaintained/wallaby>:123 unmaintained/xena>:304 #: unmaintained/yoga>:214 msgid "" "Fix an authentication error with Barbican when creating a TERMINATED_HTTPS " "listener with application credential tokens or trust IDs." msgstr "" #: ../../:24 stable/train>:346 stable/ussuri>:358 #: unmaintained/victoria>:373 unmaintained/wallaby>:689 msgid "" "Fix an incorrect ``operating_status`` with empty UDP pools. A UDP pool " "without any member is now ``ONLINE`` instead of ``OFFLINE``." msgstr "" #: ../../:155 stable/ussuri>:157 #: unmaintained/victoria>:289 unmaintained/wallaby>:512 unmaintained/xena>:468 #: unmaintained/yoga>:560 msgid "" "Fix an issue that could set the provisioning status of a load balancer to a " "PENDING_UPDATE state when an error occurred in the amphora failover flow." msgstr "" #: ../../:416 unmaintained/wallaby>:133 #: unmaintained/xena>:65 unmaintained/yoga>:224 msgid "" "Fix an issue that may have occurred when running the amphorav2 with " "persistence, the ComputeActiveWait was incorrectly executed twice on " "different controllers." msgstr "" #: ../../:355 stable/train>:885 msgid "" "Fix an issue that prevented the cleanup of load balancer entries in the " "database by the Octavia housekeeper service." msgstr "" #: ../../:166 stable/ussuri>:175 stable/zed>:511 #: unmaintained/victoria>:164 unmaintained/wallaby>:325 unmaintained/xena>:396 #: unmaintained/yoga>:380 msgid "" "Fix an issue when Octavia performs a failover of an ACTIVE-STANDBY load " "balancer that has both amphorae missing. Some tasks in the controller took " "too much time to timeout because the timeout value defined in " "``[haproxy_amphora].active_connection_max_retries`` and ``[haproxy_amphora]." "active_connection_rety_interval`` was not used." msgstr "" #: ../../:663 msgid "" "Fix an issue when load balancer creation was aborted due to en error on get " "of amphora VM." msgstr "" #: ../../:435 stable/ussuri>:466 #: unmaintained/victoria>:643 msgid "" "Fix an issue when the barbican service enable TLS, we create the listerner " "failed." msgstr "" #: ../../:346 unmaintained/wallaby>:726 msgid "" "Fix an issue when updating ``tls_versions`` and ``tls_ciphers`` in Pools " "with empty (None) values, unsetting theses parameters now resets their " "values to the default values." msgstr "" #: ../../:195 unmaintained/xena>:338 #: unmaintained/yoga>:536 msgid "" "Fix an issue with IPv6 members that could have been set in operating_status " "``ERROR`` just after being added." msgstr "" #: ../../:353 stable/zed>:255 #: unmaintained/wallaby>:260 unmaintained/xena>:141 unmaintained/yoga>:322 msgid "" "Fix an issue with PING health-monitors on Centos 8 Stream. Changes in Centos " "and systemd prevent an unprivileged user from sending ping requests from a " "network namespace." msgstr "" #: ../../:119 unmaintained/victoria>:113 #: unmaintained/wallaby>:217 unmaintained/xena>:343 unmaintained/yoga>:541 msgid "" "Fix an issue with amphorav2 and persistence, some long tasks executed by a " "controller might have been released in taskflow and rescheduled on another " "controller. Octavia now ensures that a task is never released early by using " "a keepalive mechanism to notify taskflow (and its redis backend) that a job " "is still running." msgstr "" #: ../../:466 unmaintained/xena>:545 msgid "" "Fix an issue with amphorav2 driver, a failover of an amphora created an " "amphora with an ERROR status." msgstr "" #: ../../:149 stable/ussuri>:151 #: unmaintained/victoria>:283 unmaintained/wallaby>:506 unmaintained/xena>:462 #: unmaintained/yoga>:554 msgid "" "Fix an issue with the provisioning status of a load balancer that was set to " "ERROR too early when an error occurred, making the load balancer mutable " "while the execution of the tasks for this resources haven't finished yet." msgstr "" #: ../../:230 stable/ussuri>:281 #: unmaintained/victoria>:247 unmaintained/xena>:559 msgid "" "Fix an issue with the rsyslog configuration file in the Amphora when the log " "offloading feature and the local log storage feature are both disabled." msgstr "" #: ../../:267 stable/ussuri>:341 #: unmaintained/victoria>:326 unmaintained/wallaby>:673 msgid "" "Fix default value override for timeout values for listeners. Changing the " "default timeouts in the configuration file wasn't correctly applied in the " "default listener parameters." msgstr "" #: ../../:68 stable/ussuri>:92 stable/zed>:422 #: unmaintained/victoria>:86 unmaintained/wallaby>:146 unmaintained/xena>:78 #: unmaintained/yoga>:237 msgid "" "Fix disabled UDP pools. Disabled UDP pools were marked as \"OFFLINE\" but " "the requests were still forwarded to the members of the pool." msgstr "" #: ../../:196 stable/ussuri>:205 stable/zed>:546 #: unmaintained/victoria>:194 unmaintained/wallaby>:373 unmaintained/xena>:426 #: unmaintained/yoga>:415 msgid "" "Fix load balancers stuck in PENDING_UPDATE issues for some API calls (POST /" "l7rule, PUT /pool) when a provider denied the call." msgstr "" #: ../../:199 stable/rocky>:295 stable/stein>:789 msgid "" "Fix load balancers that could not be failed over when in ERROR provisioning " "status." msgstr "" #: ../../:299 unmaintained/victoria>:294 #: unmaintained/wallaby>:721 msgid "" "Fix load balancers that use customized host_routes in the VIP or the member " "subnets in amphorav2." msgstr "" #: ../../:273 stable/ussuri>:371 #: unmaintained/victoria>:332 unmaintained/wallaby>:707 msgid "" "Fix nf_conntrack_buckets sysctl in the Amphora, its value was incorrectly " "set." msgstr "" #: ../../:187 stable/stein>:366 stable/train>:911 msgid "" "Fix operating_status for pools and members that use UDP protocol. " "operating_status values are now consistant with the values of non-UDP load " "balancers." msgstr "" #: ../../:70 stable/train>:335 stable/ussuri>:347 #: unmaintained/victoria>:648 msgid "" "Fix operational status for disabled UDP listeners. The operating status of " "disabled UDP listeners is now OFFLINE instead of ONLINE, the behavior is now " "similary to the behavior of HTTP/HTTPS/TCP/... listeners." msgstr "" #: ../../:139 stable/2023.2>:253 stable/zed>:35 msgid "" "Fix the issue where nf_conntrack* opts values are lost after rebooting the " "Amphora VM. more details `Story 2010795 `__" msgstr "" #: ../../:25 current stable/2023.1>:29 stable/2023.2>:18 #: stable/2024.1>:18 stable/zed>:18 msgid "" "Fix the issue, when \"limit\" parameter in request less or equal 0. Now it " "returns resources according pagination_max_limit as expected, instead of " "error." msgstr "" #: ../../:397 stable/zed>:500 #: unmaintained/wallaby>:307 unmaintained/xena>:165 unmaintained/yoga>:362 msgid "" "Fix the rescheduling of taskflow tasks that have been resumed after being " "interrupted." msgstr "" #: ../../:427 unmaintained/wallaby>:156 #: unmaintained/xena>:314 unmaintained/yoga>:242 msgid "" "Fix the shutdown of the driver-agent, the process might have been stuck " "while waiting for threads to finish. Systemd would have killed the process " "after a timeout, but some children processes might have leaked on the " "controllers." msgstr "" #: ../../:449 unmaintained/wallaby>:212 #: unmaintained/xena>:117 unmaintained/yoga>:292 msgid "" "Fix update listener certs failed. The fix ensures that an existing " "certificate gets overwritten properly." msgstr "" #: ../../:517 unmaintained/xena>:590 msgid "" "Fix weighted round-robin for UDP and SCTP listeners with keepalived and lvs. " "The algorithm must be specified as 'wrr' in order for weighted round-robin " "to work correctly, but was being set to 'rr'." msgstr "" #: ../../:240 stable/ussuri>:304 #: unmaintained/victoria>:299 msgid "" "Fix weighted round-robin for UDP listeners with keepalived and lvs. The " "algorithm must be specified as 'wrr' in order for weighted round-robin to " "work correctly, but was being set to 'rr'." msgstr "" #: ../../:182 stable/ussuri>:191 stable/zed>:526 #: unmaintained/victoria>:180 unmaintained/wallaby>:353 unmaintained/xena>:412 #: unmaintained/yoga>:395 msgid "" "Fixed \"Could not retrieve certificate\" error when updating/deleting the " "client_ca_tls_container_ref field of a listener after a CA/CRL was deleted." msgstr "" #: ../../:104 stable/ussuri>:242 #: unmaintained/victoria>:262 unmaintained/wallaby>:485 unmaintained/xena>:569 msgid "" "Fixed MAX_TIMEOUT for timeout_client_data, timeout_member_connect, " "timeout_member_data, timeout_tcp_inspect API listener. The value was reduced " "from 365 days to 24 days, which now does not exceed the value of the data " "type in DB." msgstr "" #: ../../:366 stable/zed>:40 #: unmaintained/xena>:219 unmaintained/yoga>:124 msgid "" "Fixed SQLAlchemy warnings about the relationship between the Tags object and " "the other Octavia resources." msgstr "" #: ../../:170 stable/zed>:31 #: unmaintained/yoga>:101 msgid "Fixed TLS-HELLO health-monitors in the amphora-driver." msgstr "" #: ../../:316 stable/zed>:212 #: unmaintained/wallaby>:139 unmaintained/xena>:71 unmaintained/yoga>:230 msgid "" "Fixed a \"corrupted global server state file\" error in Centos 9 Stream when " "reloading the state of the servers after restarting haproxy. It also fixed " "the recovering of the operational state of the servers in haproxy after its " "restart." msgstr "" #: ../../:51 stable/zed>:93 #: unmaintained/wallaby>:117 unmaintained/xena>:54 unmaintained/yoga>:44 msgid "" "Fixed a bug in amphorav1, the subnet of a member that was being deleted was " "not immediately unplugged from the amphora, but only during the next update " "of the members." msgstr "" #: ../../:109 stable/2023.2>:224 stable/zed>:120 #: unmaintained/xena>:136 unmaintained/yoga>:78 msgid "" "Fixed a bug in octavia-status which reported an incorrect status for the " "*amphorav2* driver when using the default *amphora* alias." msgstr "" #: ../../:180 msgid "" "Fixed a bug in the amphora-agent, an exception was triggered when a LB with " "both IPv4 and IPv6 VIPs and with a UDP pool had only IPv4 members or only " "IPv6 members." msgstr "" #: ../../:204 stable/rocky>:300 stable/stein>:794 msgid "" "Fixed a bug that caused an excessive number of RabbitMQ connections to be " "opened." msgstr "" #: ../../:81 stable/2023.2>:197 stable/zed>:106 #: unmaintained/xena>:98 unmaintained/yoga>:64 msgid "" "Fixed a bug that could have made the VIP port unreachable because of the " "removal of some IP rules in the Amphora. It could have been triggered only " "when sending a request from a subnet that is not the VIP subnet but that is " "plugged as a member subnet." msgstr "" #: ../../:76 stable/2023.2>:192 stable/zed>:236 #: unmaintained/wallaby>:190 unmaintained/xena>:93 unmaintained/yoga>:276 msgid "" "Fixed a bug that didn't set all the active load balancer Health Monitors " "ONLINE in populated LB single-create calls." msgstr "" #: ../../:114 stable/2023.2>:229 stable/zed>:261 #: unmaintained/wallaby>:282 unmaintained/xena>:153 unmaintained/yoga>:344 msgid "" "Fixed a bug that didn't set the correct provisioning_status for unattached " "pools when creating a fully-populated load balancer." msgstr "" #: ../../:328 stable/zed>:224 #: unmaintained/wallaby>:172 unmaintained/xena>:88 unmaintained/yoga>:258 msgid "" "Fixed a bug that prevented Octavia from creating listeners with the fully-" "populated load balancer API in SINGLE topology mode." msgstr "" #: ../../:28 stable/2024.1>:110 msgid "" "Fixed a bug that prevented the amphora from being updated by the Amphora " "Configure API call, the API call was succesfull but the internal flow for " "updating it failed." msgstr "" #: ../../:416 stable/train>:941 msgid "Fixed a bug that prevents spare amphora rotation." msgstr "" #: ../../:31 current stable/2023.1>:69 stable/2023.2>:34 #: stable/2024.1>:24 msgid "" "Fixed a bug when creating a load balancer and a listener with " "``allowed_cidrs`` with the fully-populated load balancer API, the call was " "rejected because Octavia could not validate that the IP addresses of the " "``allowed_cidrs`` have the same family as the VIP address." msgstr "" #: ../../:149 msgid "" "Fixed a bug when the deprecated settings (``endpoint``, ``endpoint_type``, " "``ca_certificates_file``) are used in the ``[neutron]`` section of the " "configuration file. The connection to the neutron service may have used some " "settings from the ``[service_auth]`` section or used undefined settings." msgstr "" #: ../../:159 stable/rocky>:254 stable/stein>:712 #: stable/train>:808 msgid "" "Fixed a bug where active/standby load balancers and single topology load " "balancers with members on the VIP subnet may fail. An updated image is " "required to fix this bug." msgstr "" #: ../../:342 unmaintained/wallaby>:717 msgid "Fixed a bug where pools with PROXYV2 will go into ERROR." msgstr "" #: ../../:129 stable/zed>:24 #: unmaintained/yoga>:57 msgid "" "Fixed a bug with HTTP/HTTPS health-monitors on pools with ALPN protocols in " "the amphora-driver. The healthchecks sent by haproxy were flagged as bad " "requests by the backend servers. Updated haproxy configuration to use ALPN " "for the heathchecks too." msgstr "" #: ../../:241 msgid "" "Fixed a bug with the status of the members of UDP pools in load balancer " "with IPv4 and IPv6 VIPs. Some members may have been incorrectly reported as " "DOWN by the Amphora." msgstr "" #: ../../:29 stable/pike>:30 #: stable/queens>:300 stable/rocky>:359 stable/stein>:744 msgid "" "Fixed a debug level logging of Amphora certificates for flows such as " "'octavia-create-amp-for-lb-subflow-octavia-generate-serverpem' (triggered " "with loadbalancer failover) and 'octavia-create-amp-for-lb-subflow-octavia-" "update-cert-expiration'." msgstr "" #: ../../:289 stable/stein>:783 msgid "" "Fixed a performance issue where the Housekeeping service could significantly " "and incrementally utilize CPU as more amphorae and load balancers are " "created and/or marked as DELETED." msgstr "" #: ../../:189 stable/rocky>:413 stable/stein>:761 msgid "" "Fixed a performance regression in the Octavia v2 API when using the \"list\" " "APIs." msgstr "" #: ../../:101 stable/2023.2>:216 #: stable/train>:124 stable/ussuri>:132 stable/zed>:247 #: unmaintained/victoria>:126 unmaintained/wallaby>:230 unmaintained/xena>:122 #: unmaintained/yoga>:297 msgid "" "Fixed a potential error when plugging a member from a new network after " "deleting another member and unplugging its network. Octavia may have tried " "to plug the new network to a new interface but with an already existing name." " This fix requires to update the Amphora image." msgstr "" #: ../../:116 msgid "" "Fixed a potential issue when deleting a load balancer with an amphora that " "was not fully created, the deletion may have failed when deallocating the " "VIP port, leaving the load balancer in ERROR state." msgstr "" #: ../../:64 stable/2023.2>:175 stable/zed>:207 #: unmaintained/wallaby>:128 unmaintained/xena>:60 unmaintained/yoga>:219 msgid "" "Fixed a potential race condition in the member batch update API call, the " "load balancers might not have been locked properly." msgstr "" #: ../../:47 stable/rocky>:98 stable/stein>:244 #: stable/train>:619 stable/ussuri>:698 msgid "" "Fixed a potential race condition with the certs-ramfs and amphora agent " "services." msgstr "" #: ../../:119 stable/2023.2>:48 #: stable/2024.1>:157 stable/zed>:130 unmaintained/wallaby>:300 #: unmaintained/xena>:158 unmaintained/yoga>:88 msgid "" "Fixed a race condition in the members batch update API call, the data passed " "to the Octavia worker service may have been incorrect when quickly sending " "successive API calls. Then the load balancer was stuck in PENDING_UPDATE " "provisioning_status." msgstr "" #: ../../:133 stable/2023.2>:55 #: stable/2024.1>:164 stable/zed>:137 unmaintained/wallaby>:334 #: unmaintained/xena>:177 unmaintained/yoga>:95 msgid "" "Fixed a too long timeout when attempting to start the VRRP service in an " "unreachable amphora during a failover. A specific shorter timeout should be " "used during the failovers." msgstr "" #: ../../:659 unmaintained/xena>:527 msgid "Fixed amphora driver pool ALPN compatibity with older amphora images." msgstr "" #: ../../:19 stable/train>:425 stable/ussuri>:456 #: unmaintained/victoria>:628 msgid "" "Fixed an Octavia API validation on listener update where SNI containers " "could be set on non-TERMINATED_HTTPS listeners." msgstr "" #: ../../:126 stable/2023.2>:234 stable/zed>:266 #: unmaintained/wallaby>:318 unmaintained/xena>:170 unmaintained/yoga>:373 msgid "" "Fixed an SELinux issues with TCP-based health-monitor on UDP pools, some " "specific monitoring ports were denied by SELinux. The Amphora image now " "enables the ``keepalived_connect_any`` SELinux boolean that allows " "connections to any ports." msgstr "" #: ../../:874 msgid "" "Fixed an error triggered when the deletion of the VIP security group fails." msgstr "" #: ../../:209 stable/rocky>:305 stable/stein>:803 #: stable/train>:929 msgid "Fixed an error when plugging the VIP on CentOS-based amphorae." msgstr "" #: ../../:185 stable/rocky>:280 stable/stein>:757 #: stable/train>:857 msgid "Fixed an issue creating members on networks with IPv6 subnets." msgstr "" #: ../../:638 msgid "" "Fixed an issue in the CADF audit map file for failover actions that could " "cause keystonemiddleware to raise an exception." msgstr "" #: ../../:271 unmaintained/victoria>:228 #: unmaintained/wallaby>:668 msgid "" "Fixed an issue that an amphorav2 LB cannot be reached after loadbalancer " "failover. The LB security group was not set in the amphora port." msgstr "" #: ../../:261 msgid "" "Fixed an issue that caused failover to unsuccessful if the vip network was " "not DHCP enabled." msgstr "" #: ../../:341 stable/ussuri>:353 #: unmaintained/victoria>:368 unmaintained/wallaby>:684 msgid "" "Fixed an issue that could cause load balancers, with multiple amphora in a " "failed state, to be unable to complete a failover." msgstr "" #: ../../:799 stable/train>:901 msgid "Fixed an issue that prevents spare amphorae to be created." msgstr "" #: ../../:278 stable/ussuri>:376 #: unmaintained/victoria>:337 unmaintained/wallaby>:712 msgid "" "Fixed an issue were updating a CRL or client certificate on a pool would " "cause the pool to go into ERROR." msgstr "" #: ../../:313 stable/rocky>:418 stable/stein>:777 msgid "" "Fixed an issue when Octavia cannot reach the database (all database " "instances are down) bringing down all running loadbalancers. The Health " "Manager is more resilient to DB outages now." msgstr "" #: ../../:18 current msgid "" "Fixed an issue when a failover reverts, a neutron port may get abandoned. " "The issue was logged with \"Failed to delete port\", \"Resources may still " "be in use for a port intended for amphora\", and \"Search for a port named " "octavia-lb-vrrp-\"." msgstr "" #: ../../:155 stable/train>:515 stable/ussuri>:531 #: unmaintained/victoria>:608 msgid "" "Fixed an issue when a loadbalancer is disabled, Octavia Health Manager keeps " "failovering the amphorae" msgstr "" #: ../../:57 stable/2023.2>:168 stable/zed>:99 #: unmaintained/yoga>:50 msgid "" "Fixed an issue when adding or deleting a member, Octavia might have " "reconfigured the management port of the amphora by adding or removing " "additional subnets. Octavia no longer updates the management port during " "those tasks." msgstr "" #: ../../:219 msgid "" "Fixed an issue when building the HAProxy configuration files, some DELETED " "members could have been included in the server list after adding new members." "" msgstr "" #: ../../:35 stable/2023.2>:156 stable/zed>:72 #: unmaintained/wallaby>:62 unmaintained/yoga>:30 msgid "" "Fixed an issue when deleting the last listener from a load balancer may " "trigger a failover." msgstr "" #: ../../:143 msgid "" "Fixed an issue when using UDP listeners in dual-stack (IPv4 and IPv6) load " "balancers, some masquerade rules needed by UDP were not correctly set on the " "member interfaces." msgstr "" #: ../../:40 stable/2023.2>:24 stable/2024.1>:102 #: stable/zed>:77 unmaintained/yoga>:35 msgid "" "Fixed an issue when using certificates with a blank subject or missing CN." msgstr "" #: ../../:890 msgid "" "Fixed an issue where /etc/resolv.conf on RHEl-based amphorae was being " "populated with DNS servers." msgstr "" #: ../../:95 stable/train>:365 stable/ussuri>:381 #: unmaintained/victoria>:679 msgid "Fixed an issue where TLS-enabled pools would fail to provision." msgstr "" #: ../../:369 stable/ussuri>:481 #: unmaintained/victoria>:683 msgid "" "Fixed an issue where UDP only load balancers would not bring up the VIP " "address." msgstr "" #: ../../:440 stable/ussuri>:471 #: unmaintained/victoria>:664 msgid "" "Fixed an issue where amphora load balancers fail to create when Nova anti-" "affinity is enabled and topology is SINGLE." msgstr "" #: ../../:654 msgid "" "Fixed an issue where clearing listener TLS versions resulted in a server-" "side error." msgstr "" #: ../../:543 msgid "" "Fixed an issue where health monitors of type PING were really doing a TCP " "health check." msgstr "" #: ../../:105 msgid "" "Fixed an issue where invalid certificates would trigger an amphora failover " "loop. Certificates are now validated at API level." msgstr "" #: ../../:76 stable/train>:445 stable/ussuri>:476 #: unmaintained/victoria>:674 msgid "" "Fixed an issue where listener \"insert_headers\" parameter was accepted for " "protocols that do not support header insertion." msgstr "" #: ../../:189 stable/train>:549 stable/ussuri>:715 msgid "" "Fixed an issue where load balancers would go into ERROR when setting data " "not visible to providers (e.g. tags)." msgstr "" #: ../../:60 stable/train>:325 stable/ussuri>:336 #: unmaintained/victoria>:613 msgid "" "Fixed an issue where members added to TLS-enabled pools would go to ERROR " "provisioning status." msgstr "" #: ../../:217 stable/rocky>:313 stable/stein>:811 #: stable/train>:937 msgid "" "Fixed an issue where setting a QoS policy on the VIP would bring the load " "balancer to ERROR when the QoS extension is enabled." msgstr "" #: ../../:14 stable/train>:420 stable/ussuri>:451 #: unmaintained/victoria>:623 msgid "" "Fixed an issue where setting of SNI containers were not being applied on " "listener update API calls." msgstr "" #: ../../:65 stable/train>:430 stable/ussuri>:461 #: unmaintained/victoria>:633 msgid "" "Fixed an issue where some columns could not be used for sort keys in API " "list calls." msgstr "" #: ../../:266 msgid "" "Fixed an issue where the amphora would fail to bring up the VIP if the VIP " "network did not have a gateway specified in neutron." msgstr "" #: ../../:351 stable/train>:870 msgid "Fixed an issue where the driver errors were not caught." msgstr "" #: ../../:129 stable/rocky>:224 stable/stein>:409 #: stable/train>:878 msgid "" "Fixed an issue where the listener API would accept null/None values for " "fields that must have a valid value, such as connection-limit. Now when a " "PUT call is made to one of these fields with null as the value the API will " "reset the field value to the field default value." msgstr "" #: ../../:42 stable/rocky>:53 stable/stein>:172 #: stable/train>:532 msgid "" "Fixed an issue where the the amphora image create tool would checkout the " "master amphora-agent code and master upper constraints." msgstr "" #: ../../:213 stable/rocky>:309 stable/stein>:807 #: stable/train>:933 msgid "" "Fixed an issue where trying to set a QoS policy on a VIP while the QoS " "extension is disabled would bring the load balancer to ERROR. Should the QoS " "extension be disabled, the API will now return HTTP 400 to the user." msgstr "" #: ../../:659 msgid "" "Fixed an issue where when clearing listener TLS versions and ciphers would " "not apply the default values per defined in the API configuration settings." msgstr "" #: ../../:266 unmaintained/victoria>:217 #: unmaintained/wallaby>:654 msgid "" "Fixed an issue with batch member updates, that don't have any changes, not " "properly rolling back the update." msgstr "" #: ../../:330 stable/ussuri>:446 #: unmaintained/victoria>:618 msgid "" "Fixed an issue with failing over an amphora if the pair amphora in an active/" "standby pair had a missing VRRP port in neutron." msgstr "" #: ../../:94 stable/2023.2>:41 stable/2024.1>:136 #: stable/zed>:113 unmaintained/wallaby>:200 unmaintained/xena>:105 #: unmaintained/yoga>:71 msgid "" "Fixed an issue with load balancers stuck in a ``PENDING_*`` state during " "database outages. Now when a task fails in Octavia, it retries to update the " "``provisioning_status`` of the load balancer until the database is back (or " "it gives up after a really long timeout - around 2h45)" msgstr "" #: ../../:377 stable/train>:945 msgid "" "Fixed an issue with load balancers that have multiple listeners when using " "an amphora image that contains HAProxy 1.8 or newer. An updated amphora " "image is required to apply this fix." msgstr "" #: ../../:119 stable/ussuri>:127 #: unmaintained/victoria>:121 unmaintained/wallaby>:225 unmaintained/xena>:351 #: unmaintained/yoga>:549 msgid "" "Fixed an issue with members in ERROR operating status that may have been " "updated briefly to ONLINE during a Load Balancer configuration change." msgstr "" #: ../../:111 stable/ussuri>:291 #: unmaintained/victoria>:269 unmaintained/wallaby>:492 unmaintained/xena>:576 msgid "" "Fixed an issue with the ``lo`` interface in the ``amphora-haproxy`` network " "namespace. The ``lo`` interface was down and prevented haproxy to " "communicate with other haproxy processes (for persistent stick tables) on " "configuration change. It delayed old haproxy worker cleanup and increased " "the memory consumption usage after reloading the configuration." msgstr "" #: ../../:96 stable/rocky>:167 stable/stein>:337 #: stable/train>:848 msgid "" "Fixed an issue with the health manager reporting an UnboundLocalError if it " "gets an exception attempting to get a database connection." msgstr "" #: ../../:333 msgid "" "Fixed backwards compatibility issue with the feature that preserves HAProxy " "server states between reloads. HAProxy version 1.5 or below do not support " "this feature, so Octavia will not to activate it on amphorae with those " "versions." msgstr "" #: ../../:91 stable/ussuri>:106 stable/zed>:229 #: unmaintained/victoria>:100 unmaintained/wallaby>:177 unmaintained/xena>:325 #: unmaintained/yoga>:263 msgid "" "Fixed backwards compatibility issue with the feature that preserves HAProxy " "server states between reloads. HAProxy version 1.5 or below do not support " "this feature, so Octavia will not to activate it on amphorae with those " "versions." msgstr "" #: ../../:955 msgid "" "Fixed bug which prevented the creation of listeners for different protocols " "on the same port (i.e: tcp port 53, and udp port 53)." msgstr "" #: ../../:87 stable/train>:450 stable/ussuri>:724 msgid "" "Fixed code that configured the CentOS/Red Hat amphora images to use the " "correct names for the network 'ifcfg' files for static routes and routing " "rules. It was using the wrong name for the routes file, and did not support " "IPv6 in either file. For more information, see https://storyboard.openstack." "org/#!/story/2007051" msgstr "" #: ../../:20 stable/ussuri>:20 stable/zed>:332 #: unmaintained/victoria>:20 unmaintained/wallaby>:20 unmaintained/xena>:241 #: unmaintained/yoga>:156 msgid "" "Fixed configuration issue which allowed authenticated and authorized users " "to inject code into HAProxy configuration using API requests. Octavia API no " "longer accepts unencoded whitespace characters in url_path values in update " "requests for healthmonitors." msgstr "" #: ../../:125 stable/rocky>:220 stable/stein>:405 #: stable/train>:866 msgid "" "Fixed duplicated IPv6 addresses in Active/Standby mode in CentOS amphorae." msgstr "" #: ../../:14 current stable/2023.1>:25 stable/2023.2>:14 #: stable/2024.1>:14 stable/zed>:14 msgid "Fixed error on update UDP Health Monitor with empty \"delay\" parameter" msgstr "" #: ../../:505 unmaintained/victoria>:158 #: unmaintained/wallaby>:312 unmaintained/xena>:390 unmaintained/yoga>:367 msgid "" "Fixed issue with SELinux and the lvs-masquerade.sh script on the amphora. " "The script already runs with root permissions, so the use of sudo inside the " "script is unneeded." msgstr "" #: ../../:109 unmaintained/xena>:296 #: unmaintained/yoga>:523 msgid "Fixed issues when building amphora image for Centos Stream 9." msgstr "" #: ../../:113 unmaintained/xena>:300 #: unmaintained/yoga>:527 msgid "Fixed issues when building amphora image for RHEL 9." msgstr "" #: ../../:331 stable/train>:842 msgid "" "Fixed the API handling of None (JSON null) on object update calls. The API " "will now either clear the value from the field or will reset the value of " "the field to the API default." msgstr "" #: ../../:288 stable/zed>:67 #: unmaintained/wallaby>:57 unmaintained/xena>:38 unmaintained/yoga>:25 msgid "" "Fixed the ability to use the 'text/plain' mime type with the healthcheck " "endpoint." msgstr "" #: ../../:247 msgid "" "Fixed the format of log messages related to quota decrement errors. They " "displayed unhelpful information, they now report the correct resource type " "for which the error occurs." msgstr "" #: ../../:186 msgid "" "Fixed the global number of concurrent connections in haproxy when disabling " "listeners. The connection-limit of disabled listeners was used to compute " "this value, disabled listeners are now skipped." msgstr "" #: ../../:310 unmaintained/victoria>:305 #: unmaintained/wallaby>:732 msgid "" "Fixed the healthcheck endpoint always querying the backends by caching " "results for a configurable time. The default is five seconds." msgstr "" #: ../../:210 msgid "" "Fixed the issue with session persistence based on source IP not working for " "IPv6 load balancers. Session persistence now functions properly for IPv4, " "IPv6 and dual-stack load balancers." msgstr "" #: ../../:340 msgid "" "Fixed the policy of the legacy `admin` role, it is still an admin with sRBAC." "" msgstr "" #: ../../:187 stable/ussuri>:196 stable/zed>:537 #: unmaintained/victoria>:185 unmaintained/wallaby>:364 unmaintained/xena>:417 #: unmaintained/yoga>:406 msgid "" "Fixed validations in L7 rule and session cookie APIs in order to prevent " "authenticated and authorized users to inject code into HAProxy configuration." " CR and LF (\\\\r and \\\\n) are no longer allowed in L7 rule keys and " "values. The session persistence cookie names must follow the rules described " "in https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie." msgstr "" #: ../../:106 msgid "Fixed wrong endpoint information in neutron client configuration." msgstr "" #: ../../:376 stable/rocky>:623 msgid "" "Fixes a bug where unspecified or unlimited listener connection limit " "settings would lead to a 2000 connection limit when using the amphora/" "octavia driver. This was the compiled in connection limit in some HAproxy " "packages." msgstr "" #: ../../:383 stable/rocky>:649 msgid "" "Fixes a neutron-lbaas LBaaS v2 API compatibility issue when requesting a " "load balancer status tree via '/statuses'." msgstr "" #: ../../:101 stable/rocky>:172 stable/stein>:342 #: stable/train>:853 msgid "" "Fixes a potential DB deadlock in allocate_and_associate found in testing." msgstr "" #: ../../:86 msgid "Fixes admin-state-up=False action for loadbalancer and listener." msgstr "" #: ../../:58 stable/rocky>:103 stable/stein>:253 #: stable/train>:922 msgid "" "Fixes an issue in the selection of vip-subnet-id on multi-subnet networks by " "checking the IP availability of the subnets, ensuring enough IPs are " "available for loadbalancer when creating loadbalancer specifying vip-network-" "id." msgstr "" #: ../../:99 stable/train>:381 stable/ussuri>:486 #: unmaintained/victoria>:695 msgid "" "Fixes an issue when using the admin_or_owner-policy.yaml policy override " "file and unscoped tokens." msgstr "" #: ../../:371 stable/rocky>:618 msgid "" "Fixes an issue where VIP return traffic was always routed, if a gateway was " "defined, through the gateway address even if it was local traffic." msgstr "" #: ../../:366 stable/rocky>:613 msgid "" "Fixes an issue where if more than one amphora fails at the same time, " "failover might not fully complete, leaving the load balancer in ERROR." msgstr "" #: ../../:238 stable/train>:613 stable/ussuri>:692 msgid "" "Fixes an issue where load balancers with more than one TLS enabled listener, " "one or more SNI enabled, may load certificates from other TLS enabled " "listeners for SNI use." msgstr "" #: ../../:177 stable/train>:537 stable/ussuri>:703 msgid "" "Fixes an issue where load balancers with more than one TLS enabled listener, " "using client authentication and/or backend re-encryption, may load incorrect " "certificates for the listener." msgstr "" #: ../../:225 stable/ussuri>:276 #: unmaintained/victoria>:233 unmaintained/wallaby>:679 msgid "" "Fixes an issue where provider drivers may not decrement the load balancer " "objects quota on delete." msgstr "" #: ../../:176 stable/stein>:346 stable/train>:861 msgid "" "Fixes an issue where, if we were unable to attach the base (VRRP) port to an " "amphora instance, the revert would not clean up the port in neutron." msgstr "" #: ../../:630 msgid "" "Fixes an issue with hmac.compare_digest on python3 that could cause health " "manager \"calculated hmac not equal to msg hmac\" errors." msgstr "" #: ../../:262 stable/ussuri>:331 #: unmaintained/victoria>:321 unmaintained/wallaby>:649 msgid "" "Fixes an issue with load balancer failover, when the VIP subnet is out of IP " "addresses, that could lead to the VIP being deallocated." msgstr "" #: ../../:194 stable/rocky>:284 stable/stein>:772 msgid "" "Fixes creating a fully populated load balancer with not REDIRECT_POOL type " "L7 policy and default_pool field." msgstr "" #: ../../:257 stable/rocky>:372 stable/stein>:815 msgid "" "Fixes issues using IPv6 VIP addresses with load balancers configured for " "active/standby topology. This fix requires a new amphora image to be built." msgstr "" #: ../../:444 unmaintained/wallaby>:207 #: unmaintained/xena>:112 unmaintained/yoga>:287 msgid "" "Fixes listener creation failure when protocol used is PROXY or PROXYV2 which " "are pool protocol and not listener protocol." msgstr "" #: ../../:78 stable/ussuri>:228 #: unmaintained/victoria>:238 unmaintained/wallaby>:471 unmaintained/xena>:550 msgid "" "Fixes loadbalancer creation failure when one of the listener port matches " "with the octavia generated peer ports and the allowed_cidr is explicitly set " "to 0.0.0.0/0 on the listener. This is due to creation of two security group " "rules with remote_ip_prefix as None and remote_ip_prefix as 0.0.0.0/0 which " "neutron rejects the second request with security group rule already exists." msgstr "" #: ../../:249 stable/train>:624 stable/ussuri>:720 msgid "Fixes the ability to filter on the provider flavor capabilities API." msgstr "" #: ../../:895 msgid "" "Fixes the provider driver utils conversion of flavor_id in load balancer " "conversion, sni_refs and L7 policies in listener conversion, and health " "monitor in pool conversions." msgstr "" #: ../../:606 msgid "" "Fixes the v2 API returning \"DELETED\" records until the amphora_expiry_age " "timeout expired. The API will now immediately return a 404 HTTP status code " "when deleted objects are requested. The API version has been raised to v2.1 " "to reflect this change." msgstr "" #: ../../:68 msgid "" "For the OpenStack Pike release, the Octavia team is excited to announce " "Octavia version 1.0.0 and introduce the Octavia v2 API. Octavia can now be " "deployed without neutron-lbaas as a standalone endpoint. The Octavia v2 API " "is fully backward compatible with the neutron-lbaas v2 API and is a superset " "of the neutron-lbaas v2 API." msgstr "" #: ../../:431 msgid "" "For the OpenStack Stein release, the Octavia team is excited to announce " "support for: Octavia flavors, TLS client authentication, backend re-" "encryption, and object tags." msgstr "" #: ../../:187 msgid "" "For the diskimage-create script, the BASE_OS_MIRROR environment variable was " "renamed to DIB_DISTRIBUTION_MIRROR" msgstr "" #: ../../:134 msgid "" "From configuration file section \"keystone_authtoken_v3\" was removed and " "all parameters are stored in \"keystone_authtoken\" section of configuration " "file." msgstr "" #: ../../:766 msgid "" "Fully expanded IPv6 VIP addresses would fail to store with \"Data too long " "for column 'ip_address' at row 1\". This patch includes a database migration " "to fix this column." msgstr "" #: ../../:30 msgid "" "Glance image containing the latest Amphora image can now be referenced using " "a Glance tag. To use the feature, set amp_image_tag in [controller_worker]. " "Note that amp_image_id should be unset for the new feature to take into " "effect." msgstr "" #: ../../:487 msgid "" "HTTPS-terminated listeners can now be configured to use only specified " "versions of TLS. Default TLS versions for new listeners can be set with " "``default_listener_tls_versions`` in ``octavia.conf``. Existing listeners " "will continue to use the old defaults." msgstr "" #: ../../:552 msgid "" "HTTPS-terminated listeners can now be individually configured with an " "OpenSSL cipher string. The default cipher string for new listeners can be " "specified with ``default_tls_ciphers`` in ``octavia.conf``. The built-in " "default is OWASP's \"Suite B\" recommendation. (https://cheatsheetseries." "owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html) Existing listeners " "will be unaffected." msgstr "" #: ../../:542 msgid "" "HTTPS-terminated listeners will now only allow TLS1.2 and TLS1.3 by default. " "If no TLS versions are specified at listener create time, the listener will " "only accept TLS1.2 and TLS1.3 connections. Previously TLS listeners would " "accept any TLS version. Existing listeners will not be changed." msgstr "" #: ../../:713 msgid "" "Have new settings: * `volume_driver`: Whether to use volume driver (cinder) " "to create volume backed amphorae. * `volume_size`: Size of root volume for " "Amphora Instance when using Cinder * `volume_type` : Type of volume for " "Amphorae volume root disk * `volume_create_retry_interval`: Interval time to " "wait volume is created in available state * `volume_create_timeout`: Timeout " "When volume is not create success * `volume_create_max_retries`: Maximum " "number of retries to create volume" msgstr "" #: ../../:556 msgid "Health Monitor" msgstr "" #: ../../:242 msgid "" "Health Monitor type \"HTTPS\" now correctly performs the configured check. " "This is done with all certificate validation disabled, so it will not work " "if backend members are performing client certificate validation." msgstr "" #: ../../:660 msgid "" "Health monitors of type UDP-CONNECT may not work correctly if ICMP " "unreachable is not enabled on the member server or is blocked by a security " "rule. A member server may be marked as operating status ONLINE when it is " "actually down." msgstr "" #: ../../:154 msgid "" "If users have configured Health Monitors of type \"HTTPS\" and are expecting " "a simple \"TLS-HELLO\" check, they will need to recreate their monitor with " "the new \"TLS-HELLO\" type." msgstr "" #: ../../:48 stable/train>:313 stable/ussuri>:434 #: unmaintained/victoria>:596 msgid "" "If you are using the admin_or_owner-policy.yaml policy override file you " "should upgrade your API processes to include the unscoped token fix. The " "default policies are not affected by this issue." msgstr "" #: ../../:271 msgid "" "Improvements to the keepalived system used in active/standby topologies. " "keepalived is now monitored for health by the amphora agent (previously just " "by the init system) and a systemd race condition between keepalived and " "haproxy have been resolved." msgstr "" #: ../../:548 msgid "" "Improves error messages returned to the user, such as errors for attempting " "to add a second health monitor to a pool." msgstr "" #: ../../:134 msgid "" "In a future release Octavia will no longer take the authentication settings " "for Neutron from the [service_auth] as a fallback. It will require them to " "be in the [neutron] section. The *endpoint* option is now deprecated and " "replaced by *endpoint_override*. Similarly, the new name of the " "*endpoint_type* option is now *valid_interfaces* and the new name of the " "*ca_certificates_file* option is now *cafile*. Note that [service_auth] " "settings will still be used for other services like Nova and Glance." msgstr "" #: ../../:237 msgid "" "In order for the full dynticks optimization to become effective a new " "amphora image needs to be built with the new optional CPU pinning feature " "enabled." msgstr "" #: ../../:54 stable/ussuri>:67 stable/zed>:395 #: unmaintained/victoria>:67 unmaintained/wallaby>:77 unmaintained/xena>:275 #: unmaintained/yoga>:193 msgid "" "In order to avoid hitting the Neutron API hard when batch update with " "creating many new members, we cache the subnet validation results in batch " "update members API call. We also change to validate new members only during " "batch update members since subnet ID is immutable." msgstr "" #: ../../:452 msgid "" "In some enviornments (e.g. OSA) Neutron and Octavia use different queues (at " "least different vhosts) and so if Octavia posts to the Octavia queue and " "Neutron listens on the Neutron queue the events will never make it over." msgstr "" #: ../../:143 stable/ussuri>:249 #: unmaintained/victoria>:277 unmaintained/wallaby>:500 unmaintained/xena>:584 msgid "" "Increase the limit value for nr_open and file-max in the amphora, the new " "value is based on what HAProxy 2.x is expecting from the system with the " "greatest maxconn value that Octavia can set." msgstr "" #: ../../:44 stable/ussuri>:57 #: unmaintained/victoria>:57 unmaintained/wallaby>:67 unmaintained/xena>:265 #: unmaintained/yoga>:501 msgid "" "Increased the TCP buffer memory maximum and enabled MTU ICMP black hole " "detection." msgstr "" #: ../../:681 msgid "" "Installed drivers need to be enabled for use in the Octavia configuration " "file once you are ready to expose the driver to users." msgstr "" #: ../../:418 msgid "" "Introduced an image driver interface. Supported drivers are noop and Glance." msgstr "" #: ../../:530 msgid "" "It is now possible to completely remove sshd from the amphora image, to " "further lock down access and increase security. If this is set, providing an " "`amp_ssh_key_name` in config will install the key, but ssh access will not " "be possible as sshd will not be running." msgstr "" #: ../../:445 msgid "" "It is now possible to completely update a pool's member list as a batch " "operation. Using a PUT request on the base member endpoint of a pool, you " "can specify a list of member objects and the service will perform any " "necessary creates/deletes/updates as a single operation." msgstr "" #: ../../:313 msgid "" "It is now possible to create a loadbalancer with more than one VIP. There is " "a new structure ``additional_vips`` in the create body, which allows a " "subnet, and optionally an IP, to be specified. All VIP subnets must be part " "of the same network." msgstr "" #: ../../:116 stable/queens>:284 #: stable/queens>:473 stable/rocky>:126 stable/rocky>:511 stable/stein>:290 #: stable/train>:10 stable/train>:725 stable/ussuri>:10 stable/zed>:322 #: unmaintained/victoria>:10 unmaintained/wallaby>:10 unmaintained/xena>:231 #: unmaintained/yoga>:146 unmaintained/yoga>:470 msgid "Known Issues" msgstr "" #: ../../:555 msgid "L7policy" msgstr "" #: ../../:554 msgid "L7rule" msgstr "" #: ../../:18 msgid "" "Layer 7 policies allow a tenant / user to define actions the load balancer " "may take other than routing requests to the default pool." msgstr "" #: ../../:21 msgid "" "Layer 7 rules control the logic behind whether a given Layer 7 policy is " "followed." msgstr "" #: ../../:589 msgid "" "Legacy Octavia Advanced RBAC policies will continue to function as before as " "long as the [oslo_policy] enforce_scope = False and enforce_new_defaults = " "False settings are present (this is the current oslo.policy default). " "However, we highly recommend you update your user roles to follow the new " "keystone default roles and start using scoped tokens as appropriate. See the " "`Octavia Policies `_ administration guide for more information." msgstr "" #: ../../:624 msgid "" "Legacy Octavia Advanced RBAC policies without the keystone default roles and/" "or token scoping are deprecated as of the Wallaby release. The oslo.policy " "project may change the default settings requiring the keystone default roles " "and scoped tokens in a future release. Please see the upgrade section in " "these release notes and the `Octavia Policies `_ administration guide for more " "information." msgstr "" #: ../../:551 msgid "Listener" msgstr "" #: ../../:560 msgid "" "Listeners default timeouts can be set by config in section haproxy_amphora:" msgstr "" #: ../../:443 msgid "Listeners have four new timeout settings:" msgstr "" #: ../../:550 msgid "Load balancer" msgstr "" #: ../../:476 msgid "" "Loadbalancer statistics can now be reported to multiple backend locations " "simply by specifying multiple statistics drivers in config." msgstr "" #: ../../:552 msgid "Member" msgstr "" #: ../../:454 msgid "" "Members have a new boolean option `backup`. When set to `true`, the member " "will not receive traffic until all non-backup members are offline. Once all " "non-backup members are offline, traffic will begin balancing between the " "backup members." msgstr "" #: ../../:270 stable/rocky>:642 msgid "" "Members that are disabled via `admin_state_up=False` are now rendered in the " "HAProxy configuration on the amphora as `disabled`. Previously they were not " "rendered at all. This means that disabled members will now appear in health " "messages, and will properly change status to OFFLINE." msgstr "" #: ../../:348 stable/zed>:125 #: unmaintained/wallaby>:255 unmaintained/yoga>:83 msgid "" "Modified default Keepalived LVS persistence granularity configuration value " "so it would be ipv6 compatible." msgstr "" #: ../../:132 stable/ussuri>:140 stable/zed>:454 #: unmaintained/victoria>:134 unmaintained/wallaby>:238 unmaintained/xena>:356 #: unmaintained/yoga>:305 msgid "" "Netfilter Conntrack Sysfs variables net.netfilter.nf_conntrack_max and " "nf_conntrack_expect_max get set to sensible values on the amphora now. " "Previously, kernel default values were used which were much too low for the " "configured net.netfilter.nf_conntrack_buckets value. As a result packets " "could get dropped because the conntrack table got filled too quickly. Note " "that this affects only UDP and SCTP protocol listeners. Connection tracking " "is disabled for TCP-based connections on the amphora including HTTP(S)." msgstr "" #: ../../:48 stable/queens>:553 msgid "" "Neutron LBaaS was assigning the VIP port it created the user's project-id, " "thus allowing the user to attach Floating-IPs to the VIP port. Octavia, on " "the other hand, was assigning the Octavia project-id to the port, making it " "impossible for the user to attach a Floating IP. This patch brings Octavia's " "behavior in line with Neutron LBaaS and assigns the user's project-id to the " "VIP port created by Octavia." msgstr "" #: ../../:10 origin/stable/newton>:10 #: origin/stable/ocata>:73 stable/2023.1>:179 stable/2023.2>:90 #: stable/2024.1>:38 stable/pike>:74 stable/queens>:395 stable/rocky>:431 #: stable/stein>:276 stable/stein>:457 stable/train>:295 stable/train>:644 #: stable/ussuri>:404 stable/ussuri>:548 stable/zed>:286 #: unmaintained/victoria>:393 unmaintained/wallaby>:530 unmaintained/xena>:480 #: unmaintained/yoga>:459 msgid "New Features" msgstr "" #: ../../:78 msgid "" "New Health Monitor type \"TLS-HELLO\" to perform a simple TLS connection." msgstr "" #: ../../:671 msgid "" "New Load Balancing algorithm SOURCE_IP_PORT has been added. It is supported " "only by OVN provider driver." msgstr "" #: ../../:44 msgid "" "New option `load_balancer_expiry_age` is added to the `house_keeping` config " "section. It defines load balancer expiry age in seconds, the default value " "is 604800." msgstr "" #: ../../:462 msgid "" "New option in diskimage-create.sh `-n` to completely disable sshd on the " "amphora." msgstr "" #: ../../:168 stable/2023.2>:79 #: stable/2024.1>:201 stable/zed>:161 unmaintained/yoga>:135 msgid "" "Noop certificate manager was added. Now any Octavia certificate operations " "using noop drivers will be faster (as they won't be validated)." msgstr "" #: ../../:617 msgid "" "Note (for the ``amphora`` driver): if it is possible for an amphora to " "change availability zone after initial creation (not typically possible " "without outside intervention) this may affect the ability of this feature to " "function properly." msgstr "" #: ../../:724 msgid "" "Note that the amphora provider currently only supports the crl-file provided " "to check for revocation. Remote revocation lists and/or OCSP will not be " "used by the amphora provider." msgstr "" #: ../../:227 msgid "" "Note that while the Octavia v2 API now supports Role Bassed Access Control " "(RBAC), the Octavia v1.0 API does not. The Octavia v1.0 API should not be " "exposed publicly and should only be used internally such as for the neutron-" "lbaas octavia driver. Publicly accessible instances of the Octavia API " "should have the v1.0 API disabled via the Octavia configuration file." msgstr "" #: ../../:467 msgid "" "Now Octavia API can accept the QoS Policy id from neutron to support the QoS " "requirements towards Load Balancer VIP port when create/update load balancer." "" msgstr "" #: ../../:585 msgid "" "Now Octavia L7Policy API can accept an new option `redirect_http_code` for " "L7Policy actions `REDIRECT_URL` or `REDIRECT_PREFIX`, then each HTTP " "requests to the associated Listener will return the configured HTTP response " "code." msgstr "" #: ../../:280 stable/train>:701 msgid "" "Now supports ``oslo_middleware http_proxy_to_wsgi``, which will set up the " "request URL correctly in the case that there is a proxy (for example, a " "loadbalancer such as HAProxy) in front of the Octavia API. It is off by " "default and can be enabled by setting ``enable_proxy_headers_parsing=True`` " "in the ``[oslo_middleware]`` section of ``octavia.conf``." msgstr "" #: ../../:69 msgid "" "Now the ``[database] connection_recycle_time`` option is also used by " "connections in MySQL persistence driver." msgstr "" #: ../../:465 unmaintained/wallaby>:249 #: unmaintained/xena>:130 unmaintained/yoga>:316 msgid "" "Now the ``[nova] service_name`` parameter is effectively used to find the " "nova endpoint in keystone catalog. The parameter had no effect before it was " "fixed." msgstr "" #: ../../:450 msgid "" "Object tags allow users to assign a list of strings to the load balancer " "objects that can then be used for advanced API list filtering." msgstr "" #: ../../:138 msgid "Octavia API now supports WSGI deplyment." msgstr "" #: ../../:42 msgid "" "Octavia Amphora based load balancers now support using SR-IOV virtual " "functions (VF) on the VIP port(s) of the load balancer. This is enabled by " "using an Octavia Flavor that includes the 'sriov_vip': True setting." msgstr "" #: ../../:288 msgid "" "Octavia Queens release was released with insufficient lower constraints for " "Jinja2 and pyOpenSSL requirements. Please make sure your environment can " "install Jinja2>=2.10 and pyOpenSSL>=17.1.0." msgstr "" #: ../../:435 msgid "" "Octavia flavors allow an operator to define \"flavors\" of load balancers, " "such as \"active-standby\" or \"single\" using the amphora driver, that " "configure the load balancer topology. The Amphora driver also supports " "specifying the nova compute flavor to use for the load balancer amphora." msgstr "" #: ../../:116 msgid "" "Octavia now has a v2 API that can be used as a standalone endpoint. The " "Octavia v2 API is fully backward compatible with the neutron-lbaas v2 API " "and is a superset of the neutron-lbaas v2 API. For more information see the " "Octavia API reference: https://developer.openstack.org/api-ref/load-balancer/" "v2/index.html" msgstr "" #: ../../:482 msgid "" "Octavia now has an administrative API that updates the amphora agent " "configuration on running amphora." msgstr "" #: ../../:288 msgid "" "Octavia now has an up to date API reference for the Octavia v2 API. It is " "available at: https://developer.openstack.org/api-ref/load-balancer/" msgstr "" #: ../../:508 msgid "" "Octavia now has flavors support which allows the operator to define, named, " "custom configurations that users can select from when creating a load " "balancer." msgstr "" #: ../../:107 msgid "" "Octavia now has options to limit the amphora concurrent build rate. This may " "be useful for deployments where nova can get overloaded. Amphora builds will " "be prioritized in the following order: failover, normal, spares pool builds. " "See the configuration guide for more information: https://docs.openstack.org/" "octavia/latest/configuration/configref.html#haproxy_amphora.build_rate_limit" msgstr "" #: ../../:652 msgid "" "Octavia now supports Amphora log offloading. Operators can define syslog " "targets for the Amphora administrative logs and for the tenant load balancer " "flow logs." msgstr "" #: ../../:296 msgid "" "Octavia now supports oslo.message notifications for loadbalancer create, " "delete, and update operations." msgstr "" #: ../../:477 msgid "" "Octavia now supports provider drivers. This allows third party load " "balancing drivers to be integrated with the Octavia v2 API. Users select the " "\"provider\" for a load balancer at creation time." msgstr "" #: ../../:84 msgid "" "Octavia now uses the oslo middleware sizelimit module. It allows to limit " "the size of the incoming requests in the API. Admins may need to ajust the " "``[oslo_middleware].max_request_body_size`` setting to their needs. The " "default value for ``max_request_body_size`` is 114688 bytes." msgstr "" #: ../../:560 msgid "" "Octavia provider drivers can now be extended to support HTTP/2 between TLS-" "enabled pools and members." msgstr "" #: ../../:433 msgid "" "Octavia provider drivers can now offer HTTP/2 over TLS (protocol negotiation " "via ALPN) to clients." msgstr "" #: ../../:102 msgid "" "Octavia supports different Keystone APIs and choose authentication mechanism " "based on configuration specified in \"keystone_authtoken\" section of " "octavia.conf file." msgstr "" #: ../../:775 msgid "" "Octavia v1 API (used for integration with Neutron-LBaaS) has been removed. " "If Neutron-LBaaS integration is still required, do not upgrade to this " "version." msgstr "" #: ../../:797 msgid "" "Octavia v1 API deprecation is complete. All relevant code, tests, and docs " "have been removed." msgstr "" #: ../../:317 stable/stein>:826 msgid "" "Octavia will no longer automatically revoke access to secrets whenever load " "balancing resources no longer require access to them. This may be added in " "the future." msgstr "" #: ../../:300 msgid "" "Octavia will use the OpenStack service type 'load-balancer'. For more " "information about service types, see the Octavia API reference: https://" "developer.openstack.org/api-ref/load-balancer/v2/index.html#service-" "endpoints" msgstr "" #: ../../:643 msgid "" "Operator can now use new CLI tool ``octavia-status upgrade check`` to check " "if Octavia deployment can be safely upgraded from N-1 to N release." msgstr "" #: ../../:411 msgid "" "Operators can now use the 'amp_image_tag' Octavia flavor capability when " "using the amphora provider driver. This allows custom amphora images to be " "used per-load balancer. If this is not defined in an Octavia flavor, the " "amp_image_tag Octavia configuration file setting will continue to be used." msgstr "" #: ../../:529 msgid "" "Operators can now use the 'compute_flavor' Octavia flavor capability when " "using the amphora provider driver. This allows custom compute driver flavors " "to be used per-load balancer. If this is not defined in an Octavia flavor, " "the amp_flavor_id Octavia configuration file setting will continue to be " "used." msgstr "" #: ../../:565 msgid "" "Operators can now use the amphorav2 provider which uses jobboard-based " "controller. A jobboard controller solves the issue with resources stuck in " "PENDING_* states by writing info about task states in persistent backend and " "monitoring job claims via jobboard." msgstr "" #: ../../:19 stable/2023.1>:164 #: stable/2023.1>:373 stable/2023.2>:75 stable/2023.2>:266 stable/2024.1>:188 #: stable/pike>:284 stable/queens>:223 stable/queens>:333 stable/rocky>:325 #: stable/rocky>:392 stable/rocky>:656 stable/stein>:846 stable/train>:566 #: stable/ussuri>:748 stable/zed>:157 stable/zed>:566 #: unmaintained/victoria>:719 unmaintained/wallaby>:418 #: unmaintained/wallaby>:749 unmaintained/xena>:440 unmaintained/xena>:603 #: unmaintained/yoga>:131 unmaintained/yoga>:441 msgid "Other Notes" msgstr "" #: ../../:484 msgid "" "PROMETHEUS listeners require an amphora image with HAProxy 2.0 or newer." msgstr "" #: ../../:474 msgid "" "PROMETHEUS listeners will not report information for UDP or SCTP listeners." msgstr "" #: ../../:77 msgid "" "Policy.json enforcement in Octavia. * Enables verification of privileges on " "specific API command for a specific user role and project_id." msgstr "" #: ../../:553 msgid "Pool" msgstr "" #: ../../:10 origin/stable/ocata>:53 #: stable/pike>:64 stable/stein>:427 msgid "Prelude" msgstr "" #: ../../:27 stable/stein>:139 stable/train>:499 #: stable/ussuri>:658 msgid "" "Previously, if a user knew or could guess the UUID for a network resource, " "they could use that UUID to create load balancer resources using that UUID. " "Now the user must have permission to see or \"show\" the resource before it " "can be used with a load balancer. This will be the new default, but " "operators can disable this behavior via the setting the configuration file " "setting \"allow_invisible_resource_usage\" to ``True``. This issue falls " "under the \"Class C1\" security issue as the user would require a valid UUID." "" msgstr "" #: ../../:63 msgid "" "Previously, redis jobboard driver used only the first host in ``[task_flow] " "jobboard_backend_hosts`` when connecting to Redis Sentinel. Now the driver " "attempts the other hosts as fallbacks." msgstr "" #: ../../:516 msgid "" "Private keys can no longer be password protected, as PKCS12 does not support " "storing a passphrase in an explicitly defined way. Note that this is not " "noticeably less secure than storing a passphrase protected private key in " "the same place as the passphrase, as was the case with Barbican." msgstr "" #: ../../:337 stable/rocky>:396 stable/stein>:871 msgid "" "Processing zombie amphora is already expensive and this adds another step " "which could increase the load on Octavia Health Manager, especially during " "Nova API slowness." msgstr "" #: ../../:572 msgid "" "Provider of \"octavia\" has been deprecated in favor of \"amphora\" to " "clarify the provider driver supporting the load balancer." msgstr "" #: ../../:642 msgid "" "Python 2.7 support has been dropped. The minimum version of Python now " "supported by Octavia is Python 3.6." msgstr "" #: ../../:157 stable/2023.2>:68 #: stable/2024.1>:181 stable/zed>:150 unmaintained/wallaby>:404 #: unmaintained/xena>:214 unmaintained/yoga>:119 msgid "" "Reduce the duration of the failovers of ACTIVE_STANDBY load balancers when " "both amphorae are unreachable." msgstr "" #: ../../:150 stable/2023.2>:61 #: stable/2024.1>:174 stable/zed>:143 unmaintained/wallaby>:397 #: unmaintained/xena>:207 unmaintained/yoga>:112 msgid "" "Reduce the duration of the failovers of ACTIVE_STANDBY load balancers. Many " "updates of an unreachable amphora may have been attempted during a failover, " "now if an amphora is not reachable at the first update, the other updates " "are skipped." msgstr "" #: ../../:142 msgid "" "Remove duplicated config option 'cert_generator' in [controller_worker]. " "Operators now should set it under [certificates]." msgstr "" #: ../../:344 msgid "" "Removed system scope policies, all the policies are now project scoped." msgstr "" #: ../../:821 msgid "" "Removes unnecessary listener delete from non-cascade delete load balancer " "flow thus speeding up the loadbalancer delete." msgstr "" #: ../../:270 msgid "" "Replaced code that uses the deprecated python-neutronclient library with " "code that uses openstacksdk and removed python-neutronclient as a dependency." "" msgstr "" #: ../../:42 stable/pike>:278 msgid "" "Resolved an issue that could cause provisioning status to become out of sync " "between neutron-lbaas and octavia during high load." msgstr "" #: ../../:165 stable/train>:525 stable/ussuri>:685 msgid "" "Resolved broken certificate upload on py3 based amphora images. On a " "housekeeping certificate rotation event, the amphora would clear out its " "server certificate and return a 500, putting the amphora in ERROR status and " "breaking further communication. See upgrade notes." msgstr "" #: ../../:82 msgid "Resolves an issue with subnets larger than /24" msgstr "" #: ../../:162 msgid "Resolves an issue with using encrypted TLS private keys." msgstr "" #: ../../:64 origin/stable/ocata>:20 #: stable/2023.1>:264 stable/pike>:10 stable/pike>:26 stable/pike>:223 #: stable/queens>:21 stable/queens>:81 stable/queens>:167 stable/queens>:296 #: stable/queens>:350 stable/queens>:512 stable/rocky>:23 stable/rocky>:82 #: stable/rocky>:152 stable/rocky>:262 stable/rocky>:355 stable/rocky>:584 #: stable/stein>:44 stable/stein>:135 stable/stein>:222 stable/stein>:316 #: stable/stein>:720 stable/train>:309 stable/train>:495 stable/train>:597 #: stable/train>:816 stable/ussuri>:40 stable/ussuri>:430 stable/ussuri>:654 #: stable/zed>:172 unmaintained/victoria>:40 unmaintained/victoria>:592 #: unmaintained/wallaby>:40 unmaintained/xena>:21 unmaintained/yoga>:176 msgid "Security Issues" msgstr "" #: ../../:39 msgid "" "Session persistence is maintained between the active and standby amphora." msgstr "" #: ../../:172 msgid "" "Several API related variables are moving to their own section `api_settings`." " bind_host bind_port api_handler allow_pagination allow_sorting " "pagination_max_limit api_base_uri" msgstr "" #: ../../:24 msgid "" "Shared pools allow listeners or Layer 7 REDIRECT_TO_POOL policies to share " "back-end pools." msgstr "" #: ../../:55 msgid "" "Shared-pools introduces a new ``load_balancer_id`` column into the ``pools`` " "table." msgstr "" #: ../../:458 stable/ussuri>:502 #: unmaintained/victoria>:711 msgid "" "Significantly improved the reliability and performance of amphora and load " "balancer failovers. This is especially true when the Nova service is " "experiencing failures." msgstr "" #: ../../:235 stable/ussuri>:286 #: unmaintained/victoria>:257 unmaintained/wallaby>:694 msgid "" "Some IPv6 UDP members were incorrectly marked in ERROR status, because of a " "formatting issue while generating the health message in the amphora." msgstr "" #: ../../:248 msgid "" "Some versions of HAProxy incorrectly reported nodes in DRAIN status as being " "UP, and Octavia code was written around this incorrect reporting. This has " "been fixed in some versions of HAProxy and is now handled properly in " "Octavia as well. Now it is possible for members to be in the status DRAINING." " Note that this is masked when statuses are forwarded to neutron-lbaas in " "the eventstream, so no compatibility change is necessary." msgstr "" #: ../../:556 msgid "" "Spares pool support is deprecated, pending removal in the X release. Use of " "the spares pool was originally recommended to increase provisioning speed, " "but since Nova's server groups do not support adding existing VMs, Octavia " "cannot support use of the spares pool with the Active-Standby topology. " "Since this is our recommended topology for production deployments, and speed " "is less essential in development/testing environments (the only place we " "could recommend the use of Single topology), the overhead of maintaining " "spares pool support exceeds its theoretical usefulness." msgstr "" #: ../../:18 msgid "" "Stale load balancer entries with DELETED provisioning_status are now cleaned-" "up by housekeeper after if they are older than `load_balancer_expiry_age`." msgstr "" #: ../../:23 msgid "Start using reno to manage release notes." msgstr "" #: ../../:589 msgid "Support REDIRECT_PREFIX action for L7Policy" msgstr "" #: ../../:67 msgid "Support for Keystone token authentication on frontend Octavia API." msgstr "" #: ../../:601 unmaintained/xena>:498 msgid "" "Support for new features, such as ALPN on pools, HTTP/2 on pools, gRPC, and " "SCTP require an updated amphora image." msgstr "" #: ../../:593 msgid "" "Support remote debugging with PyDev. Please refer to the Contributor " "documentation section to find more details." msgstr "" #: ../../:439 msgid "" "TLS client authentication allows the listener to request a client " "certificate from users connecting to the load balancer. This certificate can " "then be checked against a CA certificate and optionally a certificate " "revocation list. New HTTP header insertions allow passing client certificate " "information to the backend members, while new L7 rules allow you to take " "custom actions based on the content of the client certificate." msgstr "" #: ../../:469 msgid "" "TLS-enabled pools can now be configured to use only specified versions of " "TLS. Default TLS versions for new pools can be set with " "``default_pool_tls_versions`` in ``octavia.conf``. Existing pools will " "continue to use the old defaults." msgstr "" #: ../../:602 msgid "" "TLS-enabled pools can now be individually configured with an OpenSSL cipher " "string. The default cipher for new pools can be specified with " "``default_pools_ciphers`` in ``octavia.conf``. The built-in default is " "OWASP's \"Suite B\" recommendation. (https://cheatsheetseries.owasp.org/" "cheatsheets/TLS_Cipher_String_Cheat_Sheet.html) Existing pools will be " "unaffected." msgstr "" #: ../../:567 msgid "" "Terminology such as ``blacklist`` has been replaced with more inclusive " "words, such as ``prohibit list`` wherever possible." msgstr "" #: ../../:152 msgid "" "The \"use_upstart\" configuration option is now deprecated because the " "amphora agent can now automatically discover the init system in use in the " "amphora image." msgstr "" #: ../../:384 msgid "" "The 'amphorav1' provider is deprecated and will be removed in a future " "release. Use the 'amphora' provider (an alias for 'amphorav2') instead." msgstr "" #: ../../:122 msgid "" "The *amphorav1* provider was removed. It is recommended to the users who " "have kept using it to switch to the default *amphora* provider, which is an " "alias for the *amphorav2* provider." msgstr "" #: ../../:543 msgid "" "The HTTP/2 protocol is now added to the default ALPN protocol list for " "listener and pools." msgstr "" #: ../../:566 msgid "" "The Octavia API handlers are now deprecated and replaced by the new provider " "driver support. Octavia API handlers will remain in the code to support the " "Octavia v1 API (used for neutron-lbaas)." msgstr "" #: ../../:543 msgid "" "The Octavia API now supports Cloud Auditing Data Federation (CADF) auditing." msgstr "" #: ../../:551 unmaintained/wallaby>:378 #: unmaintained/xena>:195 unmaintained/yoga>:420 msgid "" "The Octavia API returned an unhelpful message when a constraint failed while " "creating an object in the DB. The error now contains the name and the value " "of the parameter that breaks the constraints." msgstr "" #: ../../:220 msgid "" "The Octavia API will now check that the HTTP Accept header, if present, is " "compatible with the application/json content type. If not the user will get " "a 406 status code response, Not Acceptable." msgstr "" #: ../../:281 msgid "" "The Octavia API will now check that the HTTP Accept header, if present, is " "compatible with the application/json content type. If not the user will get " "a 406 status code response, Not Acceptable. This change also ensures that " "the API responses have a content type of application/json." msgstr "" #: ../../:570 msgid "" "The Octavia amphora driver now supports gRPC protocol when HTTP/2 is enabled " "for TERMINATED_HTTPS listeners and TLS-enabled pools, and the amphora image " "is using HAProxy 2.0 or newer." msgstr "" #: ../../:658 msgid "" "The Octavia driver-agent now supports starting provider driver agents. " "Provider driver agents are long running agent processes supporting provider " "drivers." msgstr "" #: ../../:293 msgid "" "The Octavia project documentation has been reorganized as part of the " "OpenStack documentation migration project. The Octavia project documentation " "is now located at: https://docs.openstack.org/octavia/latest/" msgstr "" #: ../../:124 msgid "" "The Octavia v2 API now supports Role Based Access Control (RBAC). The " "default rules require users to have a load-balancer_* role to be able to " "access the Octavia v2 API. This can be overriden with the admin_or_owner-" "policy.json sample file provided. See the `Octavia Policies `_ document for more " "information." msgstr "" #: ../../:611 msgid "" "The Stein release of Octavia adds the driver-agent controller process. This " "process is deployed along with the Octavia API process and uses unix domain " "sockets for communication between the provider drivers using octavia-lib and " "the driver-agent. When upgrading to Stein, operators should make sure that " "the /var/run/octavia directry is available for the driver-agent with the " "appropriate ownership and permissions for the driver-agent and API processes " "to access it. The operator may need to make sure the driver-agent process " "starts after installation. For example, a systemd service may need to be " "created and enabled for it." msgstr "" #: ../../:514 msgid "" "The Stein release of Octavia introduces the octavia-lib python module. This " "library enables provider drivers to integrate easier with the Octavia API by " "providing a shared set of coding objects and interfaces." msgstr "" #: ../../:440 unmaintained/xena>:515 msgid "" "The ``[amphora_agent].agent_server_network_file`` configuration option is " "now deprecated, the new Amphora network configuration tool introduced in " "Xena does not support a single configuration file." msgstr "" #: ../../:517 msgid "" "The ``[haproxy_amphora].active_connection_rety_interval`` configuration " "option has been renamed to ``[haproxy_amphora]." "active_connection_retry_interval``." msgstr "" #: ../../:488 msgid "" "The ``[haproxy_amphora].active_connection_rety_interval`` configuration " "option has been renamed to ``[haproxy_amphora]." "active_connection_retry_interval``. An alias for the old name is in place to " "maintain compatibility with old configuration files." msgstr "" #: ../../:103 msgid "" "The amphora haproxy user_group setting is now automatically detected for " "Ubuntu, CentOS, Fedora, or RHEL based amphora." msgstr "" #: ../../:90 msgid "" "The amphora-agent is now able to distinguish between operating systems and " "choose the right course of action to manage files and networking on each " "Linux flavor." msgstr "" #: ../../:695 msgid "" "The batch member update resource can now be used additively by passing the " "query parameter ``additive_only=True``. Existing members can be updated and " "new members will be created, but missing members will not be deleted." msgstr "" #: ../../:411 msgid "" "The compute zone (if applicable) is now cached in the database and returned " "in the Amphora API as `cached_zone`. Please note that this is only set at " "the original time of provisioning, and could be stale for various reasons " "(for example, if live-migrations have taken place due to maintenances). We " "recommend it be used for reference only, unless you are absolutey certain it " "is current in your environment. The source of truth is still the system you " "use for compute." msgstr "" #: ../../:249 msgid "" "The configuration option *user_data_config_drive* is deprecated. The nova " "user_data option is too small to replace the normal file based config_drive " "provisioning for cloud-init. This option has never been functional in " "Octavia and will be removed to reduce confusion." msgstr "" #: ../../:570 msgid "" "The configuration option ``tls_cipher_blacklist`` has been deprecated and " "replaced with ``tls_cipher_prohibit_list``. It will be removed in a future " "release." msgstr "" #: ../../:164 msgid "" "The configuration setting auth_strategy is now set to keystone by default." msgstr "" #: ../../:206 msgid "" "The cpu-pinning element for the amphora image sets the kernel bootarg " "nohz_full=1-N to enable full dynticks on all CPUs except the first one (on " "single CPU images this will have no effect). This should reduce kernel noise " "on those CPUs to a minimum and reduce latency." msgstr "" #: ../../:781 msgid "" "The default TaskFlow engine is now set to 'parallel' instead of 'serial'. " "The parallel engine schedules tasks onto different threads to allow for " "running non-dependent tasks simultaneously. This has the benefit of " "accelerating the execution of some Octavia Amphora flows such as " "provisioning of active-standby amphora loadbalancers. Operators can revert " "to previously default 'serial' engine type by setting the configuration " "option [task_flow]/engine = serial" msgstr "" #: ../../:536 msgid "" "The default drivers have been switched to live from noop drivers for the " "most part. Volume and distributor remain set to noop drivers as those are " "experimental features. Operators do not need to make configuration changes." msgstr "" #: ../../:350 msgid "" "The default for the output file has been changed in diskimage-create.sh. It " "is now amphora-x64-haproxy.qcow2 instead of amphora-x64-haproxy." msgstr "" #: ../../:664 msgid "" "The default kernel for the amphora image has switched from linux-image-" "generic to linux-image-virtual, resulting in an image size reduction of " "about 150MB. The linux-image-virtual kernel works with kvm, qemu tcg, and " "Xen hypervisors among others." msgstr "" #: ../../:831 msgid "" "The default validity time for Amphora certificates has been reduced from two " "years to 30 days." msgstr "" #: ../../:606 msgid "" "The default value of ``[oslo_policy] policy_file`` config option has been " "changed from ``policy.json`` to ``policy.yaml``. Operators who are utilizing " "customized or previously generated static policy JSON files (which are not " "needed by default), should generate new policy files or convert them in YAML " "format. Use the `oslopolicy-convert-json-to-yaml `_ tool to " "convert a JSON to YAML formatted policy file in backward compatible way." msgstr "" #: ../../:145 msgid "" "The deprecated *amphorav1* provider was removed. The default provider " "*amphora* is still an alias for the *amphorav2* provider." msgstr "" #: ../../:576 msgid "" "The deprecated option ``status_update_threads`` has been removed, " "``health_update_threads`` and ``stats_update_threads`` should be used " "instead." msgstr "" #: ../../:91 msgid "" "The diskimage-builder elements for amphora image no longer supports Ubuntu " "Focal." msgstr "" #: ../../:142 msgid "" "The diskimage-create script now supports generic download mirrors via the " "DIB_DISTRIBUTION_MIRROR environment variable, replacing the existing " "distribution-specific elements" msgstr "" #: ../../:86 msgid "" "The diskimage-create script supports different operating system flavors such " "as Ubuntu (the default option), CentOS, Fedora and RHEL. Adaptations were " "made to several elements to ensure all images are operational." msgstr "" #: ../../:753 unmaintained/xena>:607 msgid "The diskimage-create.sh default for Ubuntu is now focal." msgstr "" #: ../../:408 stable/ussuri>:422 #: unmaintained/victoria>:512 msgid "" "The failover improvements do not require an updated amphora image, but " "updating existing amphora will minimize the failover outage time for " "standalone amphora on subsequent failovers." msgstr "" #: ../../:547 msgid "" "The fix for the hmac.compare_digest on python3 requires you to upgrade your " "health managers before updating the amphora image. The health manager is " "compatible with older amphora images, but older controllers will reject the " "health heartbeats from images with this fix." msgstr "" #: ../../:33 stable/ussuri>:33 stable/zed>:356 #: unmaintained/victoria>:33 unmaintained/wallaby>:33 unmaintained/xena>:254 #: unmaintained/yoga>:169 msgid "" "The fix that updates the Netfilter Conntrack Sysfs variables requires " "rebuilding the amphora image in order to be effective." msgstr "" #: ../../:665 stable/stein>:683 msgid "" "The following configuration settings have reached the end of their " "deprecation period and are now removed from the [default] section of the " "configuration. These will only be available in the [api_settings] section " "going forward." msgstr "" #: ../../:49 stable/ussuri>:62 #: unmaintained/victoria>:62 unmaintained/wallaby>:72 unmaintained/xena>:270 #: unmaintained/yoga>:506 msgid "" "The generated RSyslog configuration on the amphora supports now RSyslog " "failover with TCP if multiple RSyslog servers were specified." msgstr "" #: ../../:530 msgid "" "The internal interface for loadbalancer statistics collection has moved. " "When upgrading, see deprecation notes for the ``stats_update_driver`` config " "option, as it will need to be moved and renamed." msgstr "" #: ../../:168 msgid "The keepalived improvements require the amphora image to be upgraded." msgstr "" #: ../../:609 msgid "" "The load balancer create command now accepts an availability_zone argument. " "With the amphora driver this will create a load balancer in the targeted " "compute availability_zone in nova." msgstr "" #: ../../:570 msgid "" "The netaddr python module has been removed as an Octavia requirement. It has " "been replaced with the python standard library 'ipaddress' module." msgstr "" #: ../../:183 msgid "" "The new \"cpu-pinning\" element optimizes the amphora image for better " "vertical scaling. When an amphora flavor with multiple vCPUs is configured " "it will configure the kernel to isolate (isolcpus) all vCPUs except the " "first one. Furthermore, it uninstalls irqbalance and sets the IRQ affinity " "to the first CPU. That way the other CPUs are free to be used by HAProxy " "exclusively. A new customized TuneD profile applies some more tweaks for " "improving network latency. This new feature is disabled by default, but can " "be enabled by running `diskimage-create.sh` with the `-m` option or setting " "the `AMP_ENABLE_CPUPINNING` environment variable to 1 before running the " "script." msgstr "" #: ../../:58 msgid "" "The new ``[task_flow] jobboard_backend_username`` option has been added, to " "support Redis ACL feature." msgstr "" #: ../../:492 msgid "" "The new option `[haproxy_amphora]/connection_logging` will disable logging " "of connection data if set to False which can improve performance of the load " "balancer and might aid compliance." msgstr "" #: ../../:524 msgid "" "The option ``[controller_worker]/amp_image_id`` has been deprecated since " "Mitaka release and is now removed. This option was superseded by " "``[controller_worker]/amp_image_tag`` option." msgstr "" #: ../../:518 msgid "" "The option ``[controller_worker]/amp_ssh_access_allowed`` has been " "deprecated since Queens release and is now removed. This option was " "superseded by ``[controller_worker]/amp_ssh_key_name`` option." msgstr "" #: ../../:582 msgid "" "The option ``health_manager.health_update_driver`` has been deprecated as it " "was never really used, so the driver layer was removed. The option " "``health_manager.stats_update_driver`` was moved and renamed to " "``controller_worker.statistics_drivers`` (note it is now plural). It can now " "contain a list of multiple drivers for handling statistics." msgstr "" #: ../../:300 stable/ussuri>:81 stable/zed>:196 #: unmaintained/victoria>:75 unmaintained/wallaby>:98 unmaintained/xena>:43 #: unmaintained/yoga>:208 msgid "" "The parameters of a taskflow Flow were logged in ''INFO'' level messages by " "taskflow, it included TLS-enabled listeners and pools parameters, such as " "certificates and private_key." msgstr "" #: ../../:110 stable/rocky>:198 stable/stein>:383 #: stable/train>:951 msgid "" "The passphrase for config option 'server_certs_key_passphrase' is used as a " "Fernet key in Octavia and thus must be 32, base64(url) compatible, " "characters long. Octavia will now validate the passphrase length and format." msgstr "" #: ../../:198 msgid "" "The project_id attribute of the POST method on the following objects is now " "deprecated\\: listener, pool, health monitor, and member. These objects will " "use the parent load balancer's project_id. Values passed into the project_id " "on those objects will be ignored until the deprecation cycle has expired, at " "which point they will cause an error." msgstr "" #: ../../:539 msgid "" "The provider driver support requires a database migration and follows " "Octavia standard rolling upgrade procedures; database migration followed by " "rolling control plane upgrades. Existing load balancers with no provider " "specified will be assigned \"amphora\" as part of the database migration." msgstr "" #: ../../:560 msgid "" "The quota objects named `health_monitor` and `load_balancer` have been " "renamed to `healthmonitor` and `loadbalancer`, respectively. The old names " "are deprecated, and will be removed in the T cycle." msgstr "" #: ../../:503 msgid "" "The spare pool feature was removed after being deprecated in the Victoria " "release. After an upgrade of the controllers, spare amphorae will be " "automatically deleted by the Octavia health-manager service." msgstr "" #: ../../:580 unmaintained/wallaby>:422 #: unmaintained/xena>:444 unmaintained/yoga>:445 msgid "" "The string representation of data base model objects has been improved. " "Calling str() on them will return a certain subset of fields and calling " "repr() on them will return all fields. This is helpful for debugging, but it " "may also change some of the log messages that Octavia emits." msgstr "" #: ../../:44 stable/2023.2>:161 stable/zed>:81 msgid "" "The validation for the allowed_cidr parameter only took into account the IP " "version of the primary VIP. CIDRs which only matched the version of an " "additonal VIP were rejected. This if fixed and CIDRs are now matched against " "the IP version of all VIPs." msgstr "" #: ../../:690 msgid "" "The validity period for locally generated certificates used inside Amphora " "is now configurable. See ``[certificates] cert_validity_time``." msgstr "" #: ../../:450 msgid "The value for all of these fields is expected to be in milliseconds." msgstr "" #: ../../:567 msgid "The value for all of these options is expected to be in milliseconds." msgstr "" #: ../../:483 msgid "There is now an API available to list enabled provider drivers." msgstr "" #: ../../:216 msgid "" "These custom distribution mirror elements for the diskimage-script were " "removed: apt-mirror, centos-mirror, fedora-mirror" msgstr "" #: ../../:457 msgid "" "This adds a way to configure a custom queue for the event streamer thus " "allowing to post messages to the Neutron queue if needed." msgstr "" #: ../../:138 msgid "" "This feature add new configuration value \"auth_strategy\" which by default " "is set for \"noauth\"." msgstr "" #: ../../:324 stable/rocky>:383 stable/stein>:837 msgid "" "This will automatically nova delete zombie amphora when they are detected by " "Octavia. Zombie amphorae are amphorae which report health messages but " "appear DELETED in Octavia's database." msgstr "" #: ../../:571 msgid "" "This will speed up lb creation by allocating AAP ports in parallel for LBs " "with more than one amp. As a side effect the AAP driver will be simplified " "and thus easier to mainain." msgstr "" #: ../../:723 msgid "" "Though the current HAProxy version 1.8 used in some distributions support " "HTTP/2, we highly recommend using HAProxy version 2.0 or newer in the " "amphora image when using HTTP/2." msgstr "" #: ../../:144 stable/stein>:637 msgid "" "To enable UDP listener monitoring when no pool is attached, the amphora " "image needs to be updated and load balancers with UDP listeners need to be " "failed over to the new image." msgstr "" #: ../../:747 msgid "To enable log offloading, the amphora image needs to be updated." msgstr "" #: ../../:40 msgid "" "To enabled encrypted ramfs storage for certificates and keys, you must " "upgrade your amphora image." msgstr "" #: ../../:649 msgid "" "To fix IPv6 VIP addresses, you must run the \"octavia-db-manage upgrade " "head\" migration script." msgstr "" #: ../../:36 msgid "To fix the admin-state-up bug you must upgrade your amphora image." msgstr "" #: ../../:147 stable/rocky>:242 stable/stein>:654 #: stable/train>:763 msgid "" "To fix the issue with active/standby load balancers or single topology load " "balancers with members on the VIP subnet, you need to update the amphora " "image." msgstr "" #: ../../:246 stable/rocky>:348 stable/stein>:660 msgid "" "To resolve the IPv6 VIP issues on active/standby load balancers you need to " "build a new amphora image." msgstr "" #: ../../:32 msgid "" "To support IPv6 a databse migration and amphora image update are required." msgstr "" #: ../../:367 msgid "" "To support multi-VIP loadbalancers, a new amphora image must be built. It is " "safe to upload the new image before the upgrade, as it is fully backwards " "compatible." msgstr "" #: ../../:48 msgid "To support networks without DHCP you must upgrade your amphora image." msgstr "" #: ../../:120 msgid "" "To use CentOS, Fedora, or RHEL in your amphora image you must set the " "user_group option, located in the [haproxy_amphora] section of the octavia." "conf file to \"haproxy\". This will be made automatic in a future version." msgstr "" #: ../../:530 msgid "" "Two new options are included with provider driver support. The " "enabled_provider_drivers option defaults to \"amphora, octavia\" to support " "existing Octavia load balancers. The default_provider_driver option defaults " "to \"amphora\" for all new load balancers that do not specify a provider at " "creation time. These defaults should cover most existing deployments." msgstr "" #: ../../:59 msgid "" "Two new tables are created to handle Layer 7 switching. These are " "``l7policy`` and ``l7rule``." msgstr "" #: ../../:581 msgid "" "Two new types of healthmonitoring are now valid for UDP listeners. Both " "``HTTP`` and ``TCP`` check types can now be used." msgstr "" #: ../../:525 msgid "" "UDP protocol support requires an update to the amphora image to support UDP " "protocol statistics reporting and UDP-CONNECT health monitoring." msgstr "" #: ../../:361 msgid "" "Update Python base version from 3.6 to 3.8. As per Openstack Python runtime " "versions policy Python 3.8 will be the the minimum Python version in the Zed " "release cycle." msgstr "" #: ../../:71 msgid "Updates load balancer, listener, and amphora tables." msgstr "" #: ../../:49 origin/stable/newton>:28 #: origin/stable/ocata>:10 origin/stable/ocata>:126 stable/2023.1>:10 #: stable/2023.1>:216 stable/2023.2>:105 stable/2024.1>:76 stable/pike>:150 #: stable/queens>:10 stable/queens>:143 stable/queens>:242 stable/queens>:484 #: stable/rocky>:10 stable/rocky>:71 stable/rocky>:140 stable/rocky>:238 #: stable/rocky>:344 stable/rocky>:521 stable/stein>:111 stable/stein>:211 #: stable/stein>:304 stable/stein>:599 stable/train>:29 stable/train>:404 #: stable/train>:471 stable/train>:586 stable/train>:743 stable/ussuri>:29 #: stable/ussuri>:418 stable/ussuri>:515 stable/ussuri>:626 stable/zed>:52 #: stable/zed>:341 unmaintained/victoria>:29 unmaintained/victoria>:496 #: unmaintained/wallaby>:29 unmaintained/wallaby>:585 unmaintained/xena>:10 #: unmaintained/xena>:250 unmaintained/xena>:494 unmaintained/yoga>:10 #: unmaintained/yoga>:165 unmaintained/yoga>:480 msgid "Upgrade Notes" msgstr "" #: ../../:53 origin/stable/mitaka>:68 msgid "Upgrade requires a database migration." msgstr "" #: ../../:359 unmaintained/wallaby>:390 #: unmaintained/yoga>:105 msgid "" "Usage of ``castellan_cert_manager`` as cert_manager has been significantly " "improved. Now you can define configuration options for castellan in octavia." "conf and they will be passed properly to castellan beckend. This allows to " "use allowed castellan backends as for certificate storage." msgstr "" #: ../../:634 msgid "" "Use of JSON policy files was deprecated by the ``oslo.policy`` library " "during the Victoria development cycle. As a result, this deprecation is " "being noted in the Wallaby cycle with an anticipated future removal of " "support by ``oslo.policy``. As such operators will need to convert to YAML " "policy files. Please see the upgrade notes for details on migration of any " "custom policy files." msgstr "" #: ../../:428 msgid "" "Users can now use a reference to a single PKCS12 bundle as their " "`default_tls_container_ref` instead of a Barbican container with individual " "secret objects. PKCS12 supports bundling a private key, certificate, and " "intermediates. Private keys can no longer be passphrase protected when using " "PKCS12 bundles. No configuration change is necessary to enable this feature. " "Users may simply begin using this. Any use of the old style containers will " "be detected and automatically fall back to using the old Barbican driver." msgstr "" #: ../../:201 stable/ussuri>:210 stable/zed>:557 #: unmaintained/victoria>:199 unmaintained/wallaby>:409 unmaintained/xena>:431 #: unmaintained/yoga>:432 msgid "" "Validate that the creation of L7 policies is compatible with the protocol of " "the listener in the Amphora driver. L7 policies are allowed for Terminated " "HTTPS or HTTP protocol listeners, but not for HTTPS, TCP or UDP protocols " "listeners." msgstr "" #: ../../:624 stable/stein>:850 msgid "" "We have changed the [haproxy_amphora] connection_max_retries and " "build_active_retries default values from 300 to 120. This means load " "balancer builds will wait for ten minutes instead of twenty-five minutes for " "nova to boot the virtual machine. We feel these are more reasonable default " "values for most production deployments and provide a better user experience. " "If you are running nova in a nested virtualization environment, meaning nova " "is booting VMs inside another VM, and you do not have nested virtualization " "enabled in the bottom hypervisor, you may need to set these values back up " "to 300." msgstr "" #: ../../:377 msgid "" "When a HTTPS termination listener gets configured, Octavia will tweak the " "HAProxy `tune.ssl.cachesize` setting to use about half of the available " "memory (free + buffers + cached) on the amphora minus the memory needed for " "network sockets based on the global max connections setting. This allows to " "make better reuse of existing SSL sessions and helps to lower the number of " "computationally expensive SSL handshakes." msgstr "" #: ../../:130 stable/stein>:294 stable/train>:733 msgid "" "When a load balancer with a UDP listener is updated, the listener service is " "restarted, which causes an interruption of the flow of traffic during a " "short period of time. This issue is caused by a keepalived bug (https://" "github.com/acassen/keepalived/issues/1163) that was fixed in keepalived 2.0." "14, but this package is not yet provided by distributions." msgstr "" #: ../../:36 msgid "" "When enabled in the configuration file, Octavia will boot an active and " "standby amphora for each load balancer." msgstr "" #: ../../:144 stable/2023.2>:258 stable/zed>:273 #: unmaintained/wallaby>:384 unmaintained/xena>:201 unmaintained/yoga>:426 msgid "" "When plugging a new member subnet, the amphora sends an IP advertisement of " "the newly allocated IP. It allows the servers on the same L2 network to " "flush the ARP entries of a previously allocated IP address." msgstr "" #: ../../:603 msgid "" "When the amphora agent configuration update API is called on an amphora " "running a version of the amphora agent that does not support configuration " "updates, an ERROR log message will be posted to the controller log file " "indicating that the amphora does not support agent configuration updates. In " "this case, the amphora image should be updated to a newer version." msgstr "" #: ../../:500 msgid "" "When the amphora provider driver is enabled, operators need to set option " "``[controller_worker]/image_driver``. The default image driver is " "``image_glance_driver``. For testing could be used ``image_noop_driver``." msgstr "" #: ../../:471 msgid "" "When using TLS client authentication on TERMINATED_HTTPS listeners, you can " "now insert the following headers for backend members\\: 'X-SSL-Client-" "Verify', 'X-SSL-Client-Has-Cert', 'X-SSL-Client-DN', 'X-SSL-Client-CN', 'X-" "SSL-Issuer', 'X-SSL-Client-SHA1', 'X-SSL-Client-Not-Before', 'X-SSL-Client-" "Not-After'." msgstr "" #: ../../:14 stable/ussuri>:14 stable/zed>:326 #: unmaintained/victoria>:14 unmaintained/wallaby>:14 unmaintained/xena>:235 #: unmaintained/yoga>:150 msgid "" "When using a distribution with a recent SELinux release such as CentOS 8 " "Stream, PING health-monitor does not work as shell_exec_t calls are denied " "by SELinux." msgstr "" #: ../../:613 msgid "" "When using spare pools, it will create spares in each AZ. For the amphora " "driver, if no ``[nova] availability_zone`` is configured and availability " "zones are used, results may be slightly unpredictable." msgstr "" #: ../../:386 stable/ussuri>:491 #: unmaintained/victoria>:700 msgid "" "With haproxy 1.8.x releases, haproxy consumes much more memory in the " "amphorae because of pre-allocated data structures. This amount of memory " "depends on the maxconn parameters in its configuration file (which is " "related to the connection_limit parameter in the Octavia API). In the " "Amphora provider, the default connection_limit value -1 is now converted to " "a maxconn of 50,000. It was previously 1,000,000 but that value triggered " "some memory allocation issues when quickly performing multiple configuration " "updates in a load balancer." msgstr "" #: ../../:194 stable/train>:554 stable/ussuri>:536 #: unmaintained/victoria>:669 msgid "" "Workaround an HAProxy issue where it would fail to reload on configuration " "change should the local peer name start with \"-x\"." msgstr "" #: ../../:23 msgid "Works for HTTP and TERMINATED_HTTPS listeners." msgstr "" #: ../../:497 msgid "" "You can now enable TLS backend re-encryption for connections to member " "servers by enabling tls_enabled option on pools." msgstr "" #: ../../:478 msgid "You can now enable TLS client authentication on listeners." msgstr "" #: ../../:525 msgid "You can now filter API queries by the object tag." msgstr "" #: ../../:466 msgid "" "You can now provide a certificate revocation list reference for listeners " "using TLS client authentication." msgstr "" #: ../../:487 msgid "" "You can now specify a ca_tls_container_ref and crl_container_ref on pools " "for validating backend pool members using TLS." msgstr "" #: ../../:461 msgid "" "You can now specify a certificate authority certificate reference, on " "listeners, for use with TLS client authentication." msgstr "" #: ../../:492 msgid "" "You can now specify a tls_container_ref on pools for TLS client " "authentication to pool members." msgstr "" #: ../../:498 msgid "" "You can now update the running configuration of the Octavia control plane " "processes by sending the parent process a \"HUP\" signal. Note: The " "configuration item must support mutation." msgstr "" #: ../../:515 msgid "" "You cannot mix IPv4 UDP listeners with IPv6 members at this time. This is " "being tracked with this story https://storyboard.openstack.org/#!/story/" "2003329" msgstr "" #: ../../:80 msgid "You must update the amphora image to support the SR-IOV VIP feature." msgstr "" #: ../../:673 stable/stein>:691 msgid "[DEFAULT] api_handler" msgstr "" #: ../../:672 stable/stein>:690 msgid "[DEFAULT] auth_strategy" msgstr "" #: ../../:670 stable/stein>:688 msgid "[DEFAULT] bind_host" msgstr "" #: ../../:671 stable/stein>:689 msgid "[DEFAULT] bind_port" msgstr "" #: ../../:232 msgid "" "``diskimage-create.sh`` has been updated to build Ubuntu Jammy (22.04) " "amphora images per default." msgstr "" #: ../../:57 msgid "" "``pools.load_balancer_id`` column is populated from ``listeners`` data using " "ETL in the migration." msgstr "" #: ../../:700 msgid "" "`status_update_threads` config option for healthmanager is deprecated " "because it is replaced as `health_update_threads` and `stats_update_threads`." "" msgstr "" #: ../../:445 stable/stein>:562 msgid "`timeout_client_data`: Frontend client inactivity timeout" msgstr "" #: ../../:446 stable/stein>:563 msgid "`timeout_member_connect`: Backend member connection timeout" msgstr "" #: ../../:447 stable/stein>:564 msgid "`timeout_member_data`: Backend member inactivity timeout" msgstr "" #: ../../:448 stable/stein>:565 msgid "" "`timeout_tcp_inspect`: Time to wait for TCP packets for content inspection" msgstr "" #: ../../:130 msgid "" "agent_server_network_dir is now auto-detected for Ubuntu, CentOS, Fedora and " "RHEL if one is not specified in the configuration file." msgstr "" #: ../../:64 msgid "" "amp_image_id option is deprecated and will be removed in one of the next " "releases. Operators are adviced to migrate to the new amp_image_tag option." msgstr "" #: ../../:373 msgid "" "diskimage-create defaults now to distribution release 9 when selecting RHEL " "as base OS and to release 9-stream when selecting CentOS as base OS." msgstr "" #: ../../:403 msgid "" "diskimage-create.sh used $AMP_OUTPUTFILENAME.$AMP_IMAGETYPE for constructing " "the image file path when checking the file size, which was not correct and " "caused an \"No such file or directory\" error." msgstr "" #: ../../:207 msgid "" "haproxy user_group is no longer being used. it is now auto-detected for " "Ubuntu, CentOS, Fedora and RHEL based amphora images." msgstr "" #: ../source/2023.1.rst:3 msgid "2023.1 Series Release Notes" msgstr "" #: ../source/2023.2.rst:3 msgid "2023.2 Series Release Notes" msgstr "" #: ../source/2024.1.rst:3 msgid "2024.1 Series Release Notes" msgstr "" #: ../source/index.rst:16 msgid "Octavia Release Notes" msgstr "" #: ../source/liberty.rst:3 msgid "Liberty Series Release Notes" msgstr "" #: ../source/mitaka.rst:3 msgid "Mitaka Series Release Notes" msgstr "" #: ../source/newton.rst:3 msgid "Newton Series Release Notes" msgstr "" #: ../source/ocata.rst:3 msgid "Ocata Series Release Notes" msgstr "" #: ../source/pike.rst:3 msgid "Pike Series Release Notes" msgstr "" #: ../source/queens.rst:3 msgid "Queens Series Release Notes" msgstr "" #: ../source/rocky.rst:3 msgid "Rocky Series Release Notes" msgstr "" #: ../source/stein.rst:3 msgid "Stein Series Release Notes" msgstr "" #: ../source/train.rst:3 msgid "Train Series Release Notes" msgstr "" #: ../source/unreleased.rst:3 msgid "Current Series Release Notes" msgstr "" #: ../source/ussuri.rst:3 msgid "Ussuri Series Release Notes" msgstr "" #: ../source/victoria.rst:3 msgid "Victoria Series Release Notes" msgstr "" #: ../source/wallaby.rst:3 msgid "Wallaby Series Release Notes" msgstr "" #: ../source/xena.rst:3 msgid "Xena Series Release Notes" msgstr "" #: ../source/yoga.rst:3 msgid "Yoga Series Release Notes" msgstr "" #: ../source/zed.rst:3 msgid "Zed Series Release Notes" msgstr ""