Fix issue with octavia security group rules creation

This patch fixing issue with octavia security group
rules creation when using IPv6 configuration for octavia
management network.

Closes-Bug: #2023502
Change-Id: I3f8fbb0632ec6ecdc9f3820ebbcf01480de59e1f
This commit is contained in:
Michal Arbet 2023-06-12 00:19:19 +02:00
parent e637978e26
commit f1bb97dd85
3 changed files with 30 additions and 1 deletions

View File

@ -305,7 +305,7 @@ octavia_amp_security_groups:
name: "lb-mgmt-sec-grp"
enabled: true
rules:
- protocol: icmp
- protocol: "{{ 'ipv6-icmp' if octavia_network_address_family == 'ipv6' else 'icmp' }}"
- protocol: tcp
src_port: 22
dst_port: 22
@ -353,6 +353,10 @@ octavia_amp_network:
# Octavia management network subnet CIDR.
octavia_amp_network_cidr: 10.1.0.0/24
octavia_amp_router:
name: lb-mgmt-router
subnet: "{{ octavia_amp_network['subnet']['name'] }}"
# Octavia provider drivers
octavia_provider_drivers: "amphora:Amphora provider{% if neutron_plugin_agent == 'ovn' %}, ovn:OVN provider{% endif %}"
octavia_provider_agents: "amphora_agent{% if neutron_plugin_agent == 'ovn' %}, ovn{% endif %}"

View File

@ -88,6 +88,7 @@
protocol: "{{ item.1.protocol }}"
port_range_min: "{{ item.1.src_port | default(omit) }}"
port_range_max: "{{ item.1.dst_port | default(omit) }}"
ethertype: "IPv{{ octavia_network_address_family[-1] }}"
with_subelements:
- "{{ octavia_amp_security_groups }}"
- rules
@ -141,3 +142,20 @@
ipv6_ra_mode: "{{ octavia_amp_network['subnet']['ipv6_ra_mode'] | default(omit) }}"
run_once: True
delegate_to: "{{ groups['octavia-api'][0] }}"
- name: Create loadbalancer management router for IPv6
become: true
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: openstack.cloud.router
module_args:
auth: "{{ octavia_user_auth }}"
cacert: "{{ openstack_cacert }}"
endpoint_type: "{{ openstack_interface }}"
region_name: "{{ openstack_region_name }}"
state: present
name: "{{ octavia_amp_router['name'] }}"
interfaces: "{{ octavia_amp_router['subnet'] }}"
run_once: True
when: octavia_network_address_family == "ipv6"
delegate_to: "{{ groups['octavia-api'][0] }}"

View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fix issue with octavia security group rules creation when using
IPv6 configuration for octavia management network.
See `LP#2023502 <https://bugs.launchpad.net/kolla-ansible/+bug/2023502>`__
for more details.