From 176b8600832c54601dc50dd6853234267b42cf6e Mon Sep 17 00:00:00 2001 From: Luis Tomas Bolivar Date: Wed, 16 Jan 2019 16:40:03 +0100 Subject: [PATCH] Removing lbaasv2 related code LBaaSv2 was deprecated in favor of Octavia. This patch is removing the remaining gates for lbaasv2 and the specific code for handling the services when haproxy was used Implements: blueprint remove-lbaasv2 Change-Id: I601a62640838557697887aea1a778e67449f68a5 --- .zuul.d/lbaasv2.yaml | 39 ------- .zuul.d/project.yaml | 2 - devstack/lib/kuryr_kubernetes | 101 ++++-------------- devstack/local.conf.df.sample | 60 +++++------ devstack/local.conf.openshift.sample | 60 +++++------ devstack/local.conf.ovn.sample | 61 +++++------ .../local.conf.pod-in-vm.undercloud.df.sample | 37 ++++++- ...local.conf.pod-in-vm.undercloud.ovn.sample | 38 ++++++- .../local.conf.pod-in-vm.undercloud.sample | 38 ++++++- devstack/local.conf.sample | 76 ++++++------- devstack/plugin.sh | 42 +++----- devstack/settings | 1 - kuryr_kubernetes/config.py | 6 +- .../controller/drivers/lbaasv2.py | 65 +---------- 14 files changed, 238 insertions(+), 388 deletions(-) delete mode 100644 .zuul.d/lbaasv2.yaml diff --git a/.zuul.d/lbaasv2.yaml b/.zuul.d/lbaasv2.yaml deleted file mode 100644 index 02fc663c8..000000000 --- a/.zuul.d/lbaasv2.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- job: - name: kuryr-kubernetes-tempest-lbaasv2 - parent: kuryr-kubernetes-tempest-base - description: | - Kuryr-Kubernetes tempest job using lbaasv2 - host-vars: - controller: - devstack_plugins: - neutron-lbaas: https://git.openstack.org/openstack/neutron-lbaas - vars: - devstack_localrc: - NEUTRON_LBAAS_SERVICE_PROVIDERV2: 'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default' - KURYR_K8S_LBAAS_USE_OCTAVIA: False - devstack_services: - q-lbaasv2: true - kuryr-daemon: false - -- job: - name: kuryr-kubernetes-tempest-daemon-lbaasv2 - parent: kuryr-kubernetes-tempest-lbaasv2 - description: | - Kuryr-Kubernetes tempest job using lbaasv2 and CNI daemon - vars: - devstack_services: - kuryr-daemon: true diff --git a/.zuul.d/project.yaml b/.zuul.d/project.yaml index 902a98a9e..92da5af7c 100644 --- a/.zuul.d/project.yaml +++ b/.zuul.d/project.yaml @@ -19,7 +19,6 @@ - kuryr-kubernetes-tempest-octavia - kuryr-kubernetes-tempest-daemon-octavia - kuryr-kubernetes-tempest-daemon-openshift-octavia - - kuryr-kubernetes-tempest-daemon-lbaasv2 - kuryr-kubernetes-tempest-daemon-containerized-octavia - kuryr-kubernetes-tempest-daemon-containerized-ovn - kuryr-kubernetes-tempest-daemon-octavia-py36 @@ -30,7 +29,6 @@ jobs: - kuryr-kubernetes-tempest-octavia - kuryr-kubernetes-tempest-daemon-octavia - - kuryr-kubernetes-tempest-daemon-lbaasv2 - kuryr-kubernetes-tempest-daemon-containerized-octavia - kuryr-kubernetes-tempest-daemon-octavia-py36 - kuryr-kubernetes-tempest-daemon-containerized-octavia-py36 diff --git a/devstack/lib/kuryr_kubernetes b/devstack/lib/kuryr_kubernetes index d82891241..1202976bf 100644 --- a/devstack/lib/kuryr_kubernetes +++ b/devstack/lib/kuryr_kubernetes @@ -40,11 +40,7 @@ function ovs_bind_for_kubelet() { kubelet-"${HOSTNAME}") # Need to enable Amphorae subnet access to the kubelet iface for API # access - local use_octavia - use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA) - if [[ "$use_octavia" == "True" ]]; then - openstack port set "$port_id" --security-group service_pod_access - fi + openstack port set "$port_id" --security-group service_pod_access if [[ "$KURYR_SG_DRIVER" == "namespace" ]]; then openstack port set "$port_id" --security-group allow_from_namespace openstack port set "$port_id" --security-group allow_from_default @@ -293,22 +289,6 @@ function create_k8s_subnet { "Failed to enable routing for K8s ${subnet_name} subnet" } -# create_k8s_router_fake_service -# Description: Creates an endpoint-less kubernetes service to keep Kubernetes -# API server from allocating the service subnet router IP for -# another service -function create_k8s_router_fake_service { - local router_ip - local fake_svc_name - - fake_svc_name='kuryr-svc-router' - router_ip=$(openstack --os-cloud devstack-admin \ - --os-region "$REGION_NAME" \ - subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \ - -f value -c gateway_ip) - create_k8s_fake_service $fake_svc_name $router_ip -} - # create_k8s_fake_service # Description: Creates an endpoint-less kubernetes service to keep Kubernetes # API server from allocating this IP for another service @@ -875,14 +855,8 @@ function lb_state { local lb_id lb_id="$1" - # Checks Neutron lbaas for the Load balancer state - if is_service_enabled octavia; then - openstack loadbalancer show "$lb_id" | \ - awk '/provisioning_status/ {print $4}' - else - neutron lbaas-loadbalancer-show "$lb_id" | \ - awk '/provisioning_status/ {print $4}' - fi + openstack loadbalancer show "$lb_id" | \ + awk '/provisioning_status/ {print $4}' } function wait_for_lb { @@ -933,13 +907,8 @@ function create_load_balancer { lb_params+=" --vip-address $4" fi - if is_service_enabled octavia; then - lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet" - openstack loadbalancer create $lb_params - else - lb_params+=" --tenant-id ${project_id} $lb_vip_subnet" - neutron lbaas-loadbalancer-create $lb_params - fi + lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet" + openstack loadbalancer create $lb_params } # create_load_balancer_listener @@ -972,20 +941,12 @@ function create_load_balancer_listener { # Octavia needs the LB to be active for the listener wait_for_lb $lb $max_timeout - if is_service_enabled octavia; then - openstack loadbalancer listener create --name "$name" \ - --protocol "$protocol" \ - --protocol-port "$port" \ - --timeout-client-data "$data_timeouts" \ - --timeout-member-data "$data_timeouts" \ - "$lb" - else - neutron lbaas-listener-create --name "$name" \ - --protocol "$protocol" \ - --protocol-port "$port" \ - --tenant-id "$project_id" \ - --loadbalancer "$lb" - fi + openstack loadbalancer listener create --name "$name" \ + --protocol "$protocol" \ + --protocol-port "$port" \ + --timeout-client-data "$data_timeouts" \ + --timeout-member-data "$data_timeouts" \ + "$lb" } # create_load_balancer_pool @@ -1018,19 +979,10 @@ function create_load_balancer_pool { # We must wait for the LB to be active before we can put a Pool for it wait_for_lb $lb - if is_service_enabled octavia; then - openstack loadbalancer pool create --name "$name" \ - --listener "$listener" \ - --protocol "$protocol" \ - --lb-algorithm "$algorithm" - else - neutron lbaas-pool-create --name "$name" \ - --loadbalancer "$lb" \ - --listener "$listener" \ - --protocol "$protocol" \ - --tenant-id "$project_id" \ - --lb-algorithm "$algorithm" - fi + openstack loadbalancer pool create --name "$name" \ + --listener "$listener" \ + --protocol "$protocol" \ + --lb-algorithm "$algorithm" } # create_load_balancer_member @@ -1063,19 +1015,10 @@ function create_load_balancer_member { # We must wait for the pool creation update before we can add members wait_for_lb $lb - if is_service_enabled octavia; then - openstack loadbalancer member create --name "$name" \ - --address "$address" \ - --protocol-port "$port" \ - "$pool" - else - neutron lbaas-member-create --name "$name" \ - --subnet "$subnet" \ - --address "$address" \ - --protocol-port "$port" \ - --tenant-id "$project_id" \ - "$pool" - fi + openstack loadbalancer member create --name "$name" \ + --address "$address" \ + --protocol-port "$port" \ + "$pool" } # split_subnet @@ -1111,11 +1054,7 @@ function get_loadbalancer_attribute { lb_name="$1" lb_attr="$2" - if is_service_enabled octavia; then - openstack loadbalancer show "$lb_name" -c "$lb_attr" -f value - else - neutron lbaas-loadbalancer-show "$lb_name" -c "$lb_attr" -f value - fi + openstack loadbalancer show "$lb_name" -c "$lb_attr" -f value } # openshift_node_set_dns_config diff --git a/devstack/local.conf.df.sample b/devstack/local.conf.df.sample index 7481c8d25..a0382b3a7 100644 --- a/devstack/local.conf.df.sample +++ b/devstack/local.conf.df.sample @@ -53,40 +53,32 @@ TUNNEL_TYPE=vxlan DF_SELECTIVE_TOPO_DIST=False # OCTAVIA -KURYR_K8S_LBAAS_USE_OCTAVIA=False # Uncomment it to use L2 communication between loadbalancer and member pods # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2 -if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then - # Octavia LBaaSv2 - LIBS_FROM_GIT+=python-octaviaclient - enable_plugin octavia https://git.openstack.org/openstack/octavia - enable_service octavia - enable_service o-api - enable_service o-cw - enable_service o-hm - enable_service o-hk - ## Octavia Deps - ### Image - ### Barbican - enable_plugin barbican https://git.openstack.org/openstack/barbican - ### Nova - enable_service n-api - enable_service n-api-meta - enable_service n-cpu - enable_service n-cond - enable_service n-sch - enable_service placement-api - enable_service placement-client - ### Glance - enable_service g-api - enable_service g-reg -else - # LBaaSv2 service and Haproxy agent - enable_plugin neutron-lbaas \ - git://git.openstack.org/openstack/neutron-lbaas - enable_service q-lbaasv2 -fi +# Octavia LBaaSv2 +LIBS_FROM_GIT+=python-octaviaclient +enable_plugin octavia https://git.openstack.org/openstack/octavia +enable_service octavia +enable_service o-api +enable_service o-cw +enable_service o-hm +enable_service o-hk +## Octavia Deps +### Image +### Barbican +enable_plugin barbican https://git.openstack.org/openstack/barbican +### Nova +enable_service n-api +enable_service n-api-meta +enable_service n-cpu +enable_service n-cond +enable_service n-sch +enable_service placement-api +enable_service placement-client +### Glance +enable_service g-api +enable_service g-reg # By default use all the services from the kuryr-kubernetes plugin @@ -211,11 +203,7 @@ enable_service kuryr-daemon # Increase Octavia amphorae timeout so that the first LB amphora has time to # build and boot -if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then - IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" -else - NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default" -fi +IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" [[post-config|$OCTAVIA_CONF]] [controller_worker] diff --git a/devstack/local.conf.openshift.sample b/devstack/local.conf.openshift.sample index bf5182567..4f2ce0900 100644 --- a/devstack/local.conf.openshift.sample +++ b/devstack/local.conf.openshift.sample @@ -34,40 +34,32 @@ enable_service q-l3 enable_service q-svc # OCTAVIA -KURYR_K8S_LBAAS_USE_OCTAVIA=True # Uncomment it to use L2 communication between loadbalancer and member pods # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2 -if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then - # Octavia LBaaSv2 - LIBS_FROM_GIT+=python-octaviaclient - enable_plugin octavia https://git.openstack.org/openstack/octavia - enable_service octavia - enable_service o-api - enable_service o-cw - enable_service o-hm - enable_service o-hk - ## Octavia Deps - ### Image - ### Barbican - enable_plugin barbican https://git.openstack.org/openstack/barbican - ### Nova - enable_service n-api - enable_service n-api-meta - enable_service n-cpu - enable_service n-cond - enable_service n-sch - enable_service placement-api - enable_service placement-client - ### Glance - enable_service g-api - enable_service g-reg -else - # LBaaSv2 service and Haproxy agent - enable_plugin neutron-lbaas \ - git://git.openstack.org/openstack/neutron-lbaas - enable_service q-lbaasv2 -fi +# Octavia LBaaSv2 +LIBS_FROM_GIT+=python-octaviaclient +enable_plugin octavia https://git.openstack.org/openstack/octavia +enable_service octavia +enable_service o-api +enable_service o-cw +enable_service o-hm +enable_service o-hk +## Octavia Deps +### Image +### Barbican +enable_plugin barbican https://git.openstack.org/openstack/barbican +### Nova +enable_service n-api +enable_service n-api-meta +enable_service n-cpu +enable_service n-cond +enable_service n-sch +enable_service placement-api +enable_service placement-client +### Glance +enable_service g-api +enable_service g-reg # Keystone @@ -216,11 +208,7 @@ enable_service kuryr-daemon # Increase Octavia amphorae timeout so that the first LB amphora has time to # build and boot -if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then - IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" -else - NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default" -fi +IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" [[post-config|$OCTAVIA_CONF]] [controller_worker] diff --git a/devstack/local.conf.ovn.sample b/devstack/local.conf.ovn.sample index 1587786ca..1b555d084 100644 --- a/devstack/local.conf.ovn.sample +++ b/devstack/local.conf.ovn.sample @@ -42,8 +42,6 @@ enable_service q-svc VAR_RUN_PATH=/usr/local/var/run # OCTAVIA -KURYR_K8S_LBAAS_USE_OCTAVIA=True - # Uncomment it to use L2 communication between loadbalancer and member pods # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2 @@ -64,36 +62,29 @@ KURYR_K8S_LBAAS_USE_OCTAVIA=True -if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then - # Octavia LBaaSv2 - LIBS_FROM_GIT+=python-octaviaclient - enable_plugin octavia https://git.openstack.org/openstack/octavia - enable_service octavia - enable_service o-api - enable_service o-cw - enable_service o-hm - enable_service o-hk - ## Octavia Deps - ### Image - ### Barbican - enable_plugin barbican https://git.openstack.org/openstack/barbican - ### Nova - enable_service n-api - enable_service n-api-meta - enable_service n-cpu - enable_service n-cond - enable_service n-sch - enable_service placement-api - enable_service placement-client - ### Glance - enable_service g-api - enable_service g-reg -else - # LBaaSv2 service and Haproxy agent - enable_plugin neutron-lbaas \ - git://git.openstack.org/openstack/neutron-lbaas - enable_service q-lbaasv2 -fi +# Octavia LBaaSv2 +LIBS_FROM_GIT+=python-octaviaclient +enable_plugin octavia https://git.openstack.org/openstack/octavia +enable_service octavia +enable_service o-api +enable_service o-cw +enable_service o-hm +enable_service o-hk +## Octavia Deps +### Image +### Barbican +enable_plugin barbican https://git.openstack.org/openstack/barbican +### Nova +enable_service n-api +enable_service n-api-meta +enable_service n-cpu +enable_service n-cond +enable_service n-sch +enable_service placement-api +enable_service placement-client +### Glance +enable_service g-api +enable_service g-reg # Keystone @@ -248,11 +239,7 @@ KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True # Increase Octavia amphorae timeout so that the first LB amphora has time to # build and boot -if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then - IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" -else - NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default" -fi +IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" [[post-config|$OCTAVIA_CONF]] [controller_worker] diff --git a/devstack/local.conf.pod-in-vm.undercloud.df.sample b/devstack/local.conf.pod-in-vm.undercloud.df.sample index ecdfa396b..a6c008d51 100644 --- a/devstack/local.conf.pod-in-vm.undercloud.df.sample +++ b/devstack/local.conf.pod-in-vm.undercloud.df.sample @@ -30,10 +30,39 @@ disable_service q-agt # We have to disable the neutron dhcp agent. DF does not use the dhcp agent. disable_service q-dhcp -# LBaaSv2 service and Haproxy agent -enable_plugin neutron-lbaas git://git.openstack.org/openstack/neutron-lbaas -enable_service q-lbaasv2 -NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default" +# Octavia LBaaSv2 +LIBS_FROM_GIT+=python-octaviaclient +enable_plugin octavia https://git.openstack.org/openstack/octavia +enable_service octavia +enable_service o-api +enable_service o-cw +enable_service o-hm +enable_service o-hk +## Octavia Deps +# Current Octavia image generation using diskimage-builder is broken ATM +# You can fetch a precreated qcow image from here [1] and set up octavia to +# use it by uncommenting the following lines. +# [1] https://tarballs.openstack.org/octavia/test-images/ +# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 +# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 +# OCTAVIA_AMP_IMAGE_SIZE=3 +# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial +### Image +### Barbican +enable_plugin barbican https://git.openstack.org/openstack/barbican +### Nova +enable_service n-api +enable_service n-api-meta +enable_service n-cpu +enable_service n-cond +enable_service n-sch +enable_service placement-api +enable_service placement-client +### Glance +enable_service g-api +enable_service g-reg + +IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" # Enable heat services if you want to deploy overcloud using Heat stack enable_plugin heat https://git.openstack.org/openstack/heat diff --git a/devstack/local.conf.pod-in-vm.undercloud.ovn.sample b/devstack/local.conf.pod-in-vm.undercloud.ovn.sample index 7f967418c..a6a4bb136 100644 --- a/devstack/local.conf.pod-in-vm.undercloud.ovn.sample +++ b/devstack/local.conf.pod-in-vm.undercloud.ovn.sample @@ -39,9 +39,37 @@ disable_service q-meta enable_plugin neutron https://git.openstack.org/openstack/neutron enable_service q-trunk +# Octavia LBaaSv2 +LIBS_FROM_GIT+=python-octaviaclient +enable_plugin octavia https://git.openstack.org/openstack/octavia +enable_service octavia +enable_service o-api +enable_service o-cw +enable_service o-hm +enable_service o-hk +## Octavia Deps +# Current Octavia image generation using diskimage-builder is broken ATM +# You can fetch a precreated qcow image from here [1] and set up octavia to +# use it by uncommenting the following lines. +# [1] https://tarballs.openstack.org/octavia/test-images/ +# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 +# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 +# OCTAVIA_AMP_IMAGE_SIZE=3 +# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial +### Image +### Barbican +enable_plugin barbican https://git.openstack.org/openstack/barbican +### Nova +enable_service n-api +enable_service n-api-meta +enable_service n-cpu +enable_service n-cond +enable_service n-sch +enable_service placement-api +enable_service placement-client +### Glance +enable_service g-api +enable_service g-reg + +IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" -# LBaaSv2 service and Haproxy agent -enable_plugin neutron-lbaas \ - git://git.openstack.org/openstack/neutron-lbaas -enable_service q-lbaasv2 -NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default" diff --git a/devstack/local.conf.pod-in-vm.undercloud.sample b/devstack/local.conf.pod-in-vm.undercloud.sample index 5e3212140..19dea31a6 100644 --- a/devstack/local.conf.pod-in-vm.undercloud.sample +++ b/devstack/local.conf.pod-in-vm.undercloud.sample @@ -21,11 +21,39 @@ TUNNEL_TYPE=vxlan # Enable Keystone v3 IDENTITY_API_VERSION=3 -# LBaaSv2 service and Haproxy agent -enable_plugin neutron-lbaas \ - git://git.openstack.org/openstack/neutron-lbaas -enable_service q-lbaasv2 -NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default" +# Octavia LBaaSv2 +LIBS_FROM_GIT+=python-octaviaclient +enable_plugin octavia https://git.openstack.org/openstack/octavia +enable_service octavia +enable_service o-api +enable_service o-cw +enable_service o-hm +enable_service o-hk +## Octavia Deps +# Current Octavia image generation using diskimage-builder is broken ATM +# You can fetch a precreated qcow image from here [1] and set up octavia to +# use it by uncommenting the following lines. +# [1] https://tarballs.openstack.org/octavia/test-images/ +# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 +# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 +# OCTAVIA_AMP_IMAGE_SIZE=3 +# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial +### Image +### Barbican +enable_plugin barbican https://git.openstack.org/openstack/barbican +### Nova +enable_service n-api +enable_service n-api-meta +enable_service n-cpu +enable_service n-cond +enable_service n-sch +enable_service placement-api +enable_service placement-client +### Glance +enable_service g-api +enable_service g-reg + +IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" [[post-config|/$Q_PLUGIN_CONF_FILE]] [securitygroup] diff --git a/devstack/local.conf.sample b/devstack/local.conf.sample index 39d8ebb10..d5d40c53f 100644 --- a/devstack/local.conf.sample +++ b/devstack/local.conf.sample @@ -38,48 +38,40 @@ enable_service q-svc # VAR_RUN_PATH=/var/run # OCTAVIA -KURYR_K8S_LBAAS_USE_OCTAVIA=True # Uncomment it to use L2 communication between loadbalancer and member pods # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2 -if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then - # Octavia LBaaSv2 - LIBS_FROM_GIT+=python-octaviaclient - enable_plugin octavia https://git.openstack.org/openstack/octavia - enable_service octavia - enable_service o-api - enable_service o-cw - enable_service o-hm - enable_service o-hk - ## Octavia Deps - # Current Octavia image generation using diskimage-builder is broken ATM - # You can fetch a precreated qcow image from here [1] and set up octavia to - # use it by uncommenting the following lines. - # [1] https://tarballs.openstack.org/octavia/test-images/ - # test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 - # OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 - # OCTAVIA_AMP_IMAGE_SIZE=3 - # OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial - ### Image - ### Barbican - enable_plugin barbican https://git.openstack.org/openstack/barbican - ### Nova - enable_service n-api - enable_service n-api-meta - enable_service n-cpu - enable_service n-cond - enable_service n-sch - enable_service placement-api - enable_service placement-client - ### Glance - enable_service g-api - enable_service g-reg -else - # LBaaSv2 service and Haproxy agent - enable_plugin neutron-lbaas \ - git://git.openstack.org/openstack/neutron-lbaas - enable_service q-lbaasv2 -fi +# Octavia LBaaSv2 +LIBS_FROM_GIT+=python-octaviaclient +enable_plugin octavia https://git.openstack.org/openstack/octavia +enable_service octavia +enable_service o-api +enable_service o-cw +enable_service o-hm +enable_service o-hk +## Octavia Deps +# Current Octavia image generation using diskimage-builder is broken ATM +# You can fetch a precreated qcow image from here [1] and set up octavia to +# use it by uncommenting the following lines. +# [1] https://tarballs.openstack.org/octavia/test-images/ +# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 +# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 +# OCTAVIA_AMP_IMAGE_SIZE=3 +# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial +### Image +### Barbican +enable_plugin barbican https://git.openstack.org/openstack/barbican +### Nova +enable_service n-api +enable_service n-api-meta +enable_service n-cpu +enable_service n-cond +enable_service n-sch +enable_service placement-api +enable_service placement-client +### Glance +enable_service g-api +enable_service g-reg # Keystone @@ -238,11 +230,7 @@ enable_service kuryr-daemon # Increase Octavia amphorae timeout so that the first LB amphora has time to # build and boot -if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then - IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" -else - NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default" -fi +IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img" [[post-config|$OCTAVIA_CONF]] [controller_worker] diff --git a/devstack/plugin.sh b/devstack/plugin.sh index cad8cb5a3..95d3699d3 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -294,14 +294,12 @@ function configure_neutron_defaults { pod_subnet_id="$(openstack subnet show -c id -f value \ "${KURYR_NEUTRON_DEFAULT_POD_SUBNET}")" - local use_octavia - use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA) create_k8s_subnet "$project_id" \ "$KURYR_NEUTRON_DEFAULT_SERVICE_NET" \ "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \ "$subnetpool_id" \ "$router" \ - "$use_octavia" + "True" service_subnet_id="$(openstack subnet show -c id -f value \ "${KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET}")" @@ -343,15 +341,13 @@ function configure_neutron_defaults { --remote-ip "$service_cidr" --ethertype IPv4 --protocol udp \ "$service_pod_access_sg_id" - if [[ "$use_octavia" == "True" && \ - "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then + if [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then if [ -n "$sg_ids" ]; then sg_ids+=",${service_pod_access_sg_id}" else sg_ids="${service_pod_access_sg_id}" fi - elif [[ "$use_octavia" == "True" && \ - "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then + elif [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then # In case the member connectivity is L2, Octavia by default uses the # admin 'default' sg to create a port for the amphora load balancer # at the member ports subnet. Thus we need to allow L2 communication @@ -447,15 +443,13 @@ function configure_neutron_defaults { iniset "$KURYR_CONFIG" neutron_defaults external_svc_net "$ext_svc_net_id" iniset "$KURYR_CONFIG" octavia_defaults member_mode "$KURYR_K8S_OCTAVIA_MEMBER_MODE" iniset "$KURYR_CONFIG" octavia_defaults sg_mode "$KURYR_K8S_OCTAVIA_SG_MODE" - if [[ "$use_octavia" == "True" ]]; then - # Octavia takes a very long time to start the LB in the gate. We need - # to tweak the timeout for the LB creation. Let's be generous and give - # it up to 20 minutes. - # FIXME(dulek): This might be removed when bug 1753653 is fixed and - # Kuryr restarts waiting for LB on timeouts. - iniset "$KURYR_CONFIG" neutron_defaults lbaas_activation_timeout 1200 - iniset "$KURYR_CONFIG" kubernetes endpoints_driver_octavia_provider "$KURYR_EP_DRIVER_OCTAVIA_PROVIDER" - fi + # Octavia takes a very long time to start the LB in the gate. We need + # to tweak the timeout for the LB creation. Let's be generous and give + # it up to 20 minutes. + # FIXME(dulek): This might be removed when bug 1753653 is fixed and + # Kuryr restarts waiting for LB on timeouts. + iniset "$KURYR_CONFIG" neutron_defaults lbaas_activation_timeout 1200 + iniset "$KURYR_CONFIG" kubernetes endpoints_driver_octavia_provider "$KURYR_EP_DRIVER_OCTAVIA_PROVIDER" } function configure_k8s_pod_sg_rules { @@ -872,8 +866,6 @@ function configure_overcloud_vm_k8s_svc_sg { function update_tempest_conf_file { - local use_octavia="$1" - if [[ "$KURYR_USE_PORT_POOLS" == "True" ]]; then iniset $TEMPEST_CONFIG kuryr_kubernetes port_pool_enabled True fi @@ -896,10 +888,8 @@ function update_tempest_conf_file { iniset $TEMPEST_CONFIG kuryr_kubernetes kuryr_daemon_enabled False fi # NOTE(yboaron): Services with protocol UDP are supported in Kuryr - # starting from Stein release and only for Octavia - if [[ "$use_octavia" == "True" ]]; then - iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True - fi + # starting from Stein release + iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True if [[ "$KURYR_CONTROLLER_HA" == "True" ]]; then iniset $TEMPEST_CONFIG kuryr_kubernetes ap_ha True fi @@ -1062,12 +1052,6 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then if is_service_enabled kuryr-kubernetes; then - # NOTE(dulek): This is so late, because Devstack's Octavia is unable - # to create loadbalancers until test-config phase. - use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA) - if [[ "$use_octavia" == "False" ]]; then - create_k8s_router_fake_service - fi create_k8s_api_service #create Ingress L7 router if required enable_ingress=$(trueorfalse False KURYR_ENABLE_INGRESS) @@ -1095,7 +1079,7 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then fi fi if is_service_enabled tempest; then - update_tempest_conf_file "$use_octavia" + update_tempest_conf_file fi fi diff --git a/devstack/settings b/devstack/settings index 56ccce75f..b83e860de 100644 --- a/devstack/settings +++ b/devstack/settings @@ -55,7 +55,6 @@ OPENSHIFT_API_URL=${OPENSHIFT_API_URL:-https://${HOST_IP}:${OPENSHIFT_API_PORT}} OPENSHIFT_CNI_BINARY_URL=${OPENSHIFT_CNI_BINARY_URL:-https://github.com/containernetworking/cni/releases/download/v0.5.2/cni-v0.5.2.tgz} # Octavia -KURYR_K8S_LBAAS_USE_OCTAVIA=${KURYR_K8S_LBAAS_USE_OCTAVIA:-True} KURYR_K8S_OCTAVIA_MEMBER_MODE=${KURYR_K8S_OCTAVIA_MEMBER_MODE:-L3} KURYR_K8S_OCTAVIA_SG_MODE=${KURYR_K8S_OCTAVIA_SG_MODE:-update} diff --git a/kuryr_kubernetes/config.py b/kuryr_kubernetes/config.py index 1a4ba5735..fdba6c306 100644 --- a/kuryr_kubernetes/config.py +++ b/kuryr_kubernetes/config.py @@ -138,11 +138,7 @@ k8s_opts = [ cfg.StrOpt('endpoints_lbaas_driver', help=_("The driver that provides LoadBalancers for " "Kubernetes Endpoints"), - default='lbaasv2', - deprecated_for_removal=True, - deprecated_reason="Default and supported lbaas endpoint is " - "now Octavia", - deprecated_since="Rocky"), + default='lbaasv2'), cfg.StrOpt('endpoints_driver_octavia_provider', help=_("The Octavia load balancer provider that will be used " "to support Kubernetes Endpoints"), diff --git a/kuryr_kubernetes/controller/drivers/lbaasv2.py b/kuryr_kubernetes/controller/drivers/lbaasv2.py index 985527c2b..0d1f2ab46 100644 --- a/kuryr_kubernetes/controller/drivers/lbaasv2.py +++ b/kuryr_kubernetes/controller/drivers/lbaasv2.py @@ -27,7 +27,6 @@ from oslo_log import log as logging from oslo_utils import timeutils from kuryr_kubernetes import clients -from kuryr_kubernetes import constants as const from kuryr_kubernetes.controller.drivers import base from kuryr_kubernetes import exceptions as k_exc from kuryr_kubernetes.objects import lbaas as obj_lbaas @@ -76,13 +75,6 @@ class LBaaSv2Driver(base.LBaaSDriver): # deleted externally between 'create' and 'find' raise k_exc.ResourceNotReady(request) - try: - if security_groups_ids is not None: - self._ensure_security_groups(response, service_type) - except n_exc.NeutronClientException: - self.release_loadbalancer(response) - raise - return response def release_loadbalancer(self, loadbalancer): @@ -112,59 +104,6 @@ class LBaaSv2Driver(base.LBaaSDriver): except n_exc.NotFound: LOG.debug('Security group %s already deleted', sg_id) - def _ensure_security_groups(self, loadbalancer, service_type): - # We only handle SGs for legacy LBaaSv2, Octavia handles it dynamically - # according to listener ports. - if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER: - neutron = clients.get_neutron_client() - sg_id = None - try: - # NOTE(dulek): We're creating another security group to - # overcome LBaaS v2 limitations and handle SGs - # ourselves. - if service_type == 'LoadBalancer': - sg_id = self._find_listeners_sg(loadbalancer) - if not sg_id: - sg = neutron.create_security_group({ - 'security_group': { - 'name': loadbalancer.name, - 'project_id': loadbalancer.project_id, - }, - }) - sg_id = sg['security_group']['id'] - loadbalancer.security_groups.append(sg_id) - - neutron.update_port( - loadbalancer.port_id, - {'port': { - 'security_groups': loadbalancer.security_groups}}) - except n_exc.NeutronClientException: - LOG.exception('Failed to set SG for LBaaS v2 VIP port %s.', - loadbalancer.port_id) - if sg_id: - neutron.delete_security_group(sg_id) - raise - - def _ensure_lb_security_group_rule(self, loadbalancer, listener): - sg_id = self._find_listeners_sg(loadbalancer) - if sg_id: - try: - neutron = clients.get_neutron_client() - neutron.create_security_group_rule({ - 'security_group_rule': { - 'direction': 'ingress', - 'port_range_min': listener.port, - 'port_range_max': listener.port, - 'protocol': listener.protocol, - 'security_group_id': sg_id, - 'description': listener.name, - }, - }) - except n_exc.NeutronClientException as ex: - if ex.status_code != requests.codes.conflict: - LOG.exception('Failed when creating security group rule ' - 'for listener %s.', listener.name) - def _create_lb_security_group_rule(self, loadbalancer, listener): neutron = clients.get_neutron_client() sg_id = self._find_listeners_sg(loadbalancer) @@ -352,9 +291,7 @@ class LBaaSv2Driver(base.LBaaSDriver): CONF.kubernetes.service_security_groups_driver == 'namespace') create_sg = CONF.octavia_defaults.sg_mode == 'create' - if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER: - self._ensure_lb_security_group_rule(loadbalancer, listener) - elif namespace_isolation and service_type == 'ClusterIP': + if namespace_isolation and service_type == 'ClusterIP': self._extend_lb_security_group_rules(loadbalancer, listener) elif create_sg: self._create_lb_security_group_rule(loadbalancer, listener)