Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Generate loadbalancer config in json format
Currently the agent generates loadbalancer configuration in haproxy specific format. Going forward agent will generate a generic json based loadbalancer config. This config will be handled by driver specific configuration parser. Currently only haproxy parsing is supported. Closes-Bug: #1452928 Change-Id: I2d198aff0a569615ac5c331e4b6c582b93d9d3a3 Conflicts: src/vnsw/agent/oper/loadbalancer_haproxy.cc LBAAS haproxy process manager Manage haproxy daemon for lbaas. Two options avaialable: - Manage through supervisor. This will run on non-daemon mode as the process cannot be managed by supervisord if it runs in background. Process monitoring provided by supervisor. - Start/stop the daemon as we do today. Need additional changes to ensure monitoring/restarting of the process. Additional commit needed to enable this code from vrouter_netns. Change-Id: I05c13d7c96c86bee2fcddc73342ba28c6010c8e6 Partial-Bug: #1452928 Enable haproxy config translation Enable haproxy config translation from json format Also enable haproxy daemon handling by supervisord Change-Id: If3489ea66430ec0ac50bb6198093a0689fa16219 Closes-Bug: #1452928 Conflicts: src/nodemgr/haproxy_stats.py Generate mac from instance ip for service VMs Generate the same mac-address for all interfaces sharing the same IP. In addition a change to daemonize the haproxy process instead of managing through supervisor. Change-Id: I2394f29c4a11bffeee4b0184ce6cd6867b01e0e9 Closes-Bug: #1461882 Haproxy config generation fixes for HTTPS protocol Change-Id: I140361ad4785be2a87d23a04181e73ca999e8e2b Closes-bug: #1466318 Fix for poodle vulnerability; ChangeId: I9432d035eb59b1ff53cb5d33350cd5f8063e077c; Closes-Bug: #1475392 Change-Id: I390a77261bc0d3257108c06951c79f1d2c3dadaa Fix for FREAK SSL vulnerability This fix pushes selected set of secure ciphers into haproxy config file Change-Id: Idfc11ce0411024e7154d3b2c46a095fb4f80337d Closes-Bug: #1477400 HAProxy Performance Tuning HAProxy's default config is non-performant. This fix updates following config in HAProxy: 1) Increase TCP client/server timeouts. 2) Increase ulimit globally per HAProxy process. 3) Increase maxconn globally per HAProxy process. Change-Id: I28be29d5ab3dcb2a35fcbe9168300edf18b2c23c Closes-Bug: #1477781 Allow custom configs with LBaaS This fix takes care of haproxy parsing and validation changes on vrouter agent. Removing extra white spaces Closes-Bug: #1475393 Change-Id: I822e27792f78168a178d555db5703fa1e73d0cc9 Allow custom configs with LBaaS This fix enables a new field "custom-attr" in loadbalancer_pool properties in the schema. Change-Id: I17eecc2fedea4d1d3889b7e114e99732ac2eecc9 Closes-Bug: #1475393 Allow custom configs with LBaaS This fix commits the vrouter agent code to read the custom_attributes from ifmap node and copy it to config.json file which the haproxy parser would read. Added missing '}'. Incorporating the comments Closes-Bug: #1475393 Change-Id: I6f22f4f537c97c48b2283971b2959c9be5931361 Conflicts: src/vnsw/agent/oper/loadbalancer.cc src/vnsw/agent/oper/loadbalancer_config.cc src/vnsw/agent/oper/loadbalancer_config.h Change-Id: Iea0aff5589a21e3c802e4e63633a1d74f22cdeaf Conflicts: src/vnsw/agent/oper/loadbalancer.cc WIP: Tenant SSL Cert Support This fix adds tenant SSL support to existing custom attributes. User can provide barbican container ref in custom attributes and haproxy parser then downloads the container/secrets and populates the certificate. Also, the keystone auth credentials need to specified in a separate auth file whose path should be provided in contrail-vrouter-agent.conf file. Renaming to file as keystone_auth_cfg_file Change-Id: I2b85733820031033a05dfc27cbfa4fa3a3485611 Partial-Bug: #1499903 Conflicts: src/nodemgr/haproxy_stats.py src/vnsw/agent/oper/instance_manager.cc src/vnsw/agent/oper/netns_instance_adapter.cc src/vnsw/agent/oper/test/instance_manager_test.cc src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/vrouter_netns.py Change-Id: I31535a590867263588d00e889db5e41eec711545
- Loading branch information
Showing
25 changed files
with
1,045 additions
and
437 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.