ESDs should dynamically update without requiring access to the container or host the f5-openstack-agent is running

[jgruber]

Title

Providers should be able to alter ESDs dynamically without requiring administrative access to or redeployment of the f5-openstack-agent process.

OpenStack Release

Newton+

Description

Currently ESDs are statically loaded when the f5-openstack-agent process starts and when communication is established with icontrol endpoints the statically loaded ESDs are validated for use on the connected BIG-IPs.

Agent Version

10.x+

Operating System

All

Deployment

Today the f5-openstack-agent looks for a prescribed file directory (relative to the configuration file) for JSON text files containing ESDs.

1. There is no need to support multiple text documents as a single document model to contain all valid ESDs can be loaded.
2. Instead of a static file directory, which requires access to the local file system to update, the new single document ESD should be referenced with a URL. The URL protocol types should include: file://, http://, and https://.
3. The agent should process a periodic task (thread) which will check the ESD URL and download the ESD policy from the ESD document URL and update the tags (including validation against connected BIG-IPs).
4. Any existing L7 policy deployments can continue to use the ESD as it was authored at the time they were deployed, but get any updated tags, and associated BIG-IP configuration, whenever the deployed service with the L7 policy applied is updated. Alternatively the service MAY be updated on service reassurance.