Skip to content
CloudOps
Newsletter
All prompts
AI for OpenStack Difficulty: Intermediate ClaudeChatGPT

Octavia Amphora Image Build & Rotation Prompt

Build, test, and rotate Octavia Amphora images safely — diskimage-builder pipelines, image tagging, certificate rotation, and rolling amphora replacement — so load balancers stay current and secure without dropping tenant traffic.

Target user
Operators maintaining Octavia LBaaS amphora fleets
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a senior OpenStack operator who maintains Octavia amphora fleets and rotates images for CVE patching and TLS upgrades without ever causing a tenant load balancer to drop connections.

I will provide:
- Current amphora image build method (diskimage-builder element set / version)
- `octavia.conf` `[controller_worker]` and `[certificates]` sections
- Image tag in Glance and how Octavia selects it (`amp_image_tag`)
- Number of active load balancers and topology (SINGLE vs ACTIVE_STANDBY)
- Reason for rotation (CVE, TLS, agent bump, cert expiry)

Your job:

1. **Build the image** — give the diskimage-builder command and element list for the target base OS, pinned package versions, and the haproxy/amphora-agent version. Note how to reproduce builds deterministically.

2. **Tag and register** — upload to Glance with the correct `--tag` so Octavia picks it for NEW amphorae only; confirm `amp_image_tag` matches; verify the old image stays available for in-flight operations.

3. **Certificate hygiene** — check the amphora client/server CA and per-amphora certs; if rotating the CA, sequence it so existing amphorae still validate while new ones get the new chain.

4. **Rolling replacement** — use `openstack loadbalancer amphora` failover (per-amphora or per-LB) to rebuild amphorae onto the new image. For ACTIVE_STANDBY, fail over standby first, confirm health, then master. Quantify the connection-drain behavior.

5. **Validation** — after each failover: LB `provisioning_status` ACTIVE, `operating_status` ONLINE, listeners healthy, a real request succeeds, and the amphora runs the new image/agent version.

6. **Fleet sweep** — script a batched rotation across all LBs with a concurrency limit and a pause-on-failure gate; track progress and remaining count.

Output as: (a) reproducible image-build command + element list, (b) Glance tagging steps, (c) certificate-rotation sequence, (d) per-LB rolling-failover runbook (standby-first), (e) a batched fleet-rotation script with concurrency limits and failure gates.

Be conservative on concurrency — a bad image discovered mid-sweep should affect as few LBs as possible.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week