Change-Id: I33828fe702c15bf4b5716bad49d75942b1f82abd
Signed-off-by: OpenStack Release Bot <[email protected]>
Generated-By: openstack/project-config:roles/copy-release-tools-scripts/files/release-tools/functions

Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.

Until the requirements repository has as stable/2025.2 branch, tests will
continue to use the upper-constraints list on master.

Change-Id: I3157f6b72b74f34a98b4556af6f3ac7892938f44
Signed-off-by: OpenStack Release Bot <[email protected]>
Generated-By: openstack/project-config:roles/copy-release-tools-scripts/files/release-tools/functions

Updating the Amphora agent configuration was not triggering the health
manager sender to reload it's configuration file. This meant that it
would not adopt the updated controller IP and port list.
This patch fixes this by signalling the health manager sender process
via a multiprocessing manager queue that it needs to reload it's
configuration.

Closes-Bug: #2121691

Change-Id: I1c8520745bf1bb59d483cc7761929794c58e5021
Signed-off-by: Michael Johnson <[email protected]>
(cherry picked from commit 69af193)

4.0.0 and 4.0.1 are affected by [0]

[0] pylint-dev/pylint#10669

Change-Id: Ieb023b5cdcdbbcea5e11c6fb936bda762615e3ec
Signed-off-by: Gregory Thiemonge <[email protected]>
(cherry picked from commit 6743aa7)

Fix an issue that prevents the Octavia API service to be correctly
initialized when it fails to load a provider driver.

When enabled_provider_drivers setting is not correctly configured (ex:
if it contains a non existing driver) or when a provider driver fails
to load, the exception was not caught by the Octavia API service, so the
service was not properly configured and the whole Octavia API was
unreachable.

Now the Octavia API service skips the driver initialization in case of
errors, removes the driver(s) from the enabled list, and the other
provider drivers are functional.

Story 2008710
Task 42044

Change-Id: I34341e1aaad1524e3e0834309c5f6897f176af53
Signed-off-by: Zachary Raines <[email protected]>
(cherry picked from commit 6fc1abb)

SQLAlchemy 2 arrived in the Dalmation release. This removed the concept
of 'Connectionless execution'. See [1] for further details.

Prior to this change, if the connection to the database was interrupted,
the Octavia Health Worker would go into an infinite loop due to the removed
method / catch all exception handler.

[1] https://docs.sqlalchemy.org/en/20/changelog/migration_20.html#migration-20-implicit-execution
Closes-Bug: #2129562

Note: test_api.py was partially created by Claude Code

Assisted-By: Claude Code
Change-Id: I5e5f3b8dc8b2a94de927c547b187f9634c572c27
Signed-off-by: Doug Szumski <[email protected]>
Signed-off-by: Gregory Thiemonge <[email protected]>
(cherry picked from commit 6fb0d27)

The lack of mock for multiprocessing.Manager in this test seems to
trigger random crashes when running the next test on the same process.
It also displays a backtrace related to multiprocessing:

Exception ignored in: <function _ConnectionBase.__del__ at 0x7f0cb663b400>
Traceback (most recent call last):
  File /usr/lib/python3.10/multiprocessing/connection.py, line 132, in __del__
    self._close()
  File /usr/lib/python3.10/multiprocessing/connection.py, line 361, in _close
    _close(self._handle)
OSError: [Errno 9] Bad file descriptor

Change-Id: I7c699b59954acd5fe1c56e51e8b2c55fba09cdd8
Closes-Bug: #2136683
Signed-off-by: Gregory Thiemonge <[email protected]>
(cherry picked from commit 406152a)

Fixes issues with python setuptools removing pkg_resources

Update unit tests to use importlib instead of pkg_resources

Pin setuptools (for pep8) in tox.ini

Depends-On: https://review.opendev.org/c/openstack/requirements/+/976865
Change-Id: I04a580fcb9c53dc2cab98846f7dde704cd317943
Signed-off-by: Richard Cruise <[email protected]>
Signed-off-by: Gregory Thiemonge <[email protected]>
(cherry picked from commit 8ccea28)

…le/2025.2

A previous patch (I34341e1aaad1524e3e0834309c5f6897f176af53)
updated octavia-api so that drivers which fail to initialize are
skipped instead of causing the whole API process to error out.
The intention was to remove these failed drivers from the list
of enabled drivers dynamically. While this works in unit tests,
they are not properly removed when the api is actually running
as a WSGI process.

This patch switches to using set_override on the configuration
object, so that modifications to the enabled_drivers is
properly persisted for the duration of the process.

Depends-On: I04a580fcb9c53dc2cab98846f7dde704cd317943
Change-Id: I770a70c534a5be0dd9abeb40ef3f503db63da6de
Signed-off-by: Zachary Raines <[email protected]>
(cherry picked from commit 6acaef1)

Stable branches (<=2025.2) have limited support for Centos and the FIPS
job (periodic, non voting) has been failing for a long time. We won't
fix it, we will focus on restoring it on current master with Centos 10
Stream support.

Change-Id: I40a4e1cb388edf07d930578e985e3e5a927543cc
Signed-off-by: Gregory Thiemonge <[email protected]>

Python 3.13 enables VERIFY_X509_STRICT by default in SSL contexts,
which enforces RFC 5280 compliance for X.509 certificates. This
caused TLS handshake failures between octavia-worker and amphorae
because the locally generated certificates were missing the Subject
Key Identifier (SKI) and Authority Key Identifier (AKI) extensions.

This change adds both extensions to certificates generated by the
local certificate generator, ensuring compatibility with Python 3.13+
and OpenSSL strict verification mode.

Closes-Bug: #2146740
Change-Id: I4fd6b76a8856fff82c5e37b279f5991ecd436ab3
Co-Authored-By: Claude Opus 4.5 <[email protected]>
Signed-off-by: Gregory Thiemonge <[email protected]>
(cherry picked from commit c86b945)
(cherry picked from commit 2d14acc)

…025.2

…e/2025.2