openstack/kolla-ansible
Code Issues Proposed changes

Fix issue with octavia security group rules creation

Browse Source 
This patch fixing issue with octavia security group
rules creation when using IPv6 configuration for octavia
management network.

Closes-Bug: #2023502
Change-Id: I3f8fbb0632ec6ecdc9f3820ebbcf01480de59e1f
This commit is contained in:
Michal Arbet 2023-06-12 00:19:19 +02:00
parent e637978e26
commit f1bb97dd85
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/roles/octavia/defaults/main.yml
View File

@ -305,7 +305,7 @@ octavia_amp_security_groups:
name: "lb-mgmt-sec-grp" name: "lb-mgmt-sec-grp"
enabled: true enabled: true
rules: rules:
- protocol: icmp - protocol: "{{ 'ipv6-icmp' if octavia_network_address_family == 'ipv6' else 'icmp' }}"
- protocol: tcp - protocol: tcp
src_port: 22 src_port: 22
dst_port: 22 dst_port: 22
@ -353,6 +353,10 @@ octavia_amp_network:
# Octavia management network subnet CIDR. # Octavia management network subnet CIDR.
octavia_amp_network_cidr: 10.1.0.0/24 octavia_amp_network_cidr: 10.1.0.0/24
octavia_amp_router:
name: lb-mgmt-router
subnet: "{{ octavia_amp_network['subnet']['name'] }}"
# Octavia provider drivers # Octavia provider drivers
octavia_provider_drivers: "amphora:Amphora provider{% if neutron_plugin_agent == 'ovn' %}, ovn:OVN provider{% endif %}" octavia_provider_drivers: "amphora:Amphora provider{% if neutron_plugin_agent == 'ovn' %}, ovn:OVN provider{% endif %}"
octavia_provider_agents: "amphora_agent{% if neutron_plugin_agent == 'ovn' %}, ovn{% endif %}" octavia_provider_agents: "amphora_agent{% if neutron_plugin_agent == 'ovn' %}, ovn{% endif %}"

18
ansible/roles/octavia/tasks/prepare.yml
View File

@ -88,6 +88,7 @@
protocol: "{{ item.1.protocol }}" protocol: "{{ item.1.protocol }}"
port_range_min: "{{ item.1.src_port | default(omit) }}" port_range_min: "{{ item.1.src_port | default(omit) }}"
port_range_max: "{{ item.1.dst_port | default(omit) }}" port_range_max: "{{ item.1.dst_port | default(omit) }}"
ethertype: "IPv{{ octavia_network_address_family[-1] }}"
with_subelements: with_subelements:
- "{{ octavia_amp_security_groups }}" - "{{ octavia_amp_security_groups }}"
- rules - rules
@ -141,3 +142,20 @@
ipv6_ra_mode: "{{ octavia_amp_network['subnet']['ipv6_ra_mode'] | default(omit) }}" ipv6_ra_mode: "{{ octavia_amp_network['subnet']['ipv6_ra_mode'] | default(omit) }}"
run_once: True run_once: True
delegate_to: "{{ groups['octavia-api'][0] }}" delegate_to: "{{ groups['octavia-api'][0] }}"
- name: Create loadbalancer management router for IPv6
become: true
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: openstack.cloud.router
module_args:
auth: "{{ octavia_user_auth }}"
cacert: "{{ openstack_cacert }}"
endpoint_type: "{{ openstack_interface }}"
region_name: "{{ openstack_region_name }}"
state: present
name: "{{ octavia_amp_router['name'] }}"
interfaces: "{{ octavia_amp_router['subnet'] }}"
run_once: True
when: octavia_network_address_family == "ipv6"
delegate_to: "{{ groups['octavia-api'][0] }}"

7
releasenotes/notes/bug-2023502-68acc8637510cb22.yaml Normal file
View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fix issue with octavia security group rules creation when using
IPv6 configuration for octavia management network.
See `LP#2023502 <https://bugs.launchpad.net/kolla-ansible/+bug/2023502>`__
for more details.