Description of problem: Octavia API does not check the listener's (and pools) protocol when alpn protocol is one of the parameters for the listener/pool creation. Example: We can create UDP listeners with --alpn-protocol h2 --alpn-protocol http/1.1: (overcloud) [stack@undercloud-0 ~]$ openstack loadbalancer listener create --wait --protocol-port 12345 --protocol UDP --name UDP_listener --alpn-protocol h2 --alpn-protocol http/1.1 lb1 +-----------------------------+--------------------------------------+ | Field | Value | +-----------------------------+--------------------------------------+ | admin_state_up | True | | connection_limit | -1 | | created_at | 2022-09-14T12:37:01 | | default_pool_id | None | | default_tls_container_ref | None | | description | | | id | 4a2b73f5-5676-4f35-b083-0c5a9a4de105 | | insert_headers | None | | l7policies | | | loadbalancers | d6de4751-afd0-4a43-9d20-d176d07ad55c | | name | UDP_listener | | operating_status | OFFLINE | | project_id | ab5d0044dfe848fbbc3063ec8942826e | | protocol | UDP | | protocol_port | 12345 | | provisioning_status | ACTIVE | | sni_container_refs | [] | | timeout_client_data | 50000 | | timeout_member_connect | 5000 | | timeout_member_data | 50000 | | timeout_tcp_inspect | 0 | | updated_at | 2022-09-14T12:37:07 | | client_ca_tls_container_ref | None | | client_authentication | NONE | | client_crl_container_ref | None | | allowed_cidrs | None | | tls_ciphers | None | | tls_versions | None | | alpn_protocols | ['h2', 'http/1.1'] | | tags | | +-----------------------------+--------------------------------------+ We can create UDP pools which will be attached to those listeners, also with --alpn-protocol h2 --alpn-protocol http/1.1 parameters: (overcloud) [stack@undercloud-0 ~]$ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener UDP_listener --protocol UDP --alpn-protocol h2 --alpn-protocol http/1.1 +----------------------+--------------------------------------+ | Field | Value | +----------------------+--------------------------------------+ | admin_state_up | True | | created_at | 2022-09-14T12:37:43 | | description | | | healthmonitor_id | | | id | 268e6daa-183f-422d-be7d-28714da66ece | | lb_algorithm | ROUND_ROBIN | | listeners | 4a2b73f5-5676-4f35-b083-0c5a9a4de105 | | loadbalancers | d6de4751-afd0-4a43-9d20-d176d07ad55c | | members | | | name | pool1 | | operating_status | OFFLINE | | project_id | ab5d0044dfe848fbbc3063ec8942826e | | protocol | UDP | | provisioning_status | PENDING_CREATE | | session_persistence | None | | updated_at | None | | tls_container_ref | None | | ca_tls_container_ref | None | | crl_container_ref | None | | tls_enabled | False | | tls_ciphers | None | | tls_versions | None | | tags | | | alpn_protocols | ['h2', 'http/1.1'] | +----------------------+--------------------------------------+ We can also create that pool without a listener (providing directly the lb as a parameter): (overcloud) [stack@undercloud-0 ~]$ openstack loadbalancer pool create --name pool2 --lb-algorithm ROUND_ROBIN --loadbalancer lb1 --protocol UDP --alpn-protocol h2 --alpn-protocol http/1.1 +----------------------+--------------------------------------+ | Field | Value | +----------------------+--------------------------------------+ | admin_state_up | True | | created_at | 2022-09-14T12:38:33 | | description | | | healthmonitor_id | | | id | eb87cb61-b03e-424d-92c7-389e75989aad | | lb_algorithm | ROUND_ROBIN | | listeners | | | loadbalancers | d6de4751-afd0-4a43-9d20-d176d07ad55c | | members | | | name | pool2 | | operating_status | OFFLINE | | project_id | ab5d0044dfe848fbbc3063ec8942826e | | protocol | UDP | | provisioning_status | PENDING_CREATE | | session_persistence | None | | updated_at | None | | tls_container_ref | None | | ca_tls_container_ref | None | | crl_container_ref | None | | tls_enabled | False | | tls_ciphers | None | | tls_versions | None | | tags | | | alpn_protocols | ['h2', 'http/1.1'] | +----------------------+--------------------------------------+ Version-Release number of selected component (if applicable): (overcloud) [stack@undercloud-0 ~]$ cat core_puddle_version RHOS-17.1-RHEL-9-20220830.n.1 How reproducible: 100% Steps to Reproduce: 1. Deploy Octavia 2. Create a LB 3. Create either a listener with any protocol or a pool with any protocol and provide the --alpn-protocol h2 --alpn-protocol http/1.1 parameters. Actual results: The listener and the pool are being created. Expected results: The Octavia API should deny the creation of both the listener and the pool.
Bulk moving target milestone to GA after the release of Beta on 14th June '23.