Update lbaasv2 driver to use OpenStackSDK.
Change-Id: I4d9f754e30e66825711d21d9e5f711f8dc870783 Implements: blueprint switch-to-openstacksdk
This commit is contained in:
parent
c7b8816c35
commit
687642eef5
|
@ -19,7 +19,6 @@ import time
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
from neutronclient.common import exceptions as n_exc
|
|
||||||
from openstack import exceptions as os_exc
|
from openstack import exceptions as os_exc
|
||||||
from openstack.load_balancer.v2 import l7_policy as o_l7p
|
from openstack.load_balancer.v2 import l7_policy as o_l7p
|
||||||
from openstack.load_balancer.v2 import l7_rule as o_l7r
|
from openstack.load_balancer.v2 import l7_rule as o_l7r
|
||||||
|
@ -155,7 +154,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
return response
|
return response
|
||||||
|
|
||||||
def release_loadbalancer(self, loadbalancer):
|
def release_loadbalancer(self, loadbalancer):
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
lbaas = clients.get_loadbalancer_client()
|
lbaas = clients.get_loadbalancer_client()
|
||||||
self._release(
|
self._release(
|
||||||
loadbalancer,
|
loadbalancer,
|
||||||
|
@ -169,54 +168,42 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
# Note: reusing activation timeout as deletion timeout
|
# Note: reusing activation timeout as deletion timeout
|
||||||
self._wait_for_deletion(loadbalancer, _ACTIVATION_TIMEOUT)
|
self._wait_for_deletion(loadbalancer, _ACTIVATION_TIMEOUT)
|
||||||
try:
|
try:
|
||||||
neutron.delete_security_group(sg_id)
|
os_net.delete_security_group(sg_id)
|
||||||
except n_exc.NotFound:
|
except os_exc.SDKException:
|
||||||
LOG.debug('Security group %s already deleted', sg_id)
|
|
||||||
except n_exc.NeutronClientException:
|
|
||||||
LOG.exception('Error when deleting loadbalancer security '
|
LOG.exception('Error when deleting loadbalancer security '
|
||||||
'group. Leaving it orphaned.')
|
'group. Leaving it orphaned.')
|
||||||
|
|
||||||
def _create_lb_security_group_rule(self, loadbalancer, listener):
|
def _create_lb_security_group_rule(self, loadbalancer, listener):
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
sg_id = self._find_listeners_sg(loadbalancer)
|
sg_id = self._find_listeners_sg(loadbalancer)
|
||||||
# if an SG for the loadbalancer has not being created, create one
|
# if an SG for the loadbalancer has not being created, create one
|
||||||
if not sg_id:
|
if not sg_id:
|
||||||
sg = neutron.create_security_group({
|
sg = os_net.create_security_group(
|
||||||
'security_group': {
|
name=loadbalancer.name, project_id=loadbalancer.project_id)
|
||||||
'name': loadbalancer.name,
|
c_utils.tag_neutron_resources('security-groups', [sg.id])
|
||||||
'project_id': loadbalancer.project_id,
|
loadbalancer.security_groups.append(sg.id)
|
||||||
},
|
|
||||||
})
|
|
||||||
sg_id = sg['security_group']['id']
|
|
||||||
c_utils.tag_neutron_resources('security-groups', [sg_id])
|
|
||||||
loadbalancer.security_groups.append(sg_id)
|
|
||||||
vip_port = self._get_vip_port(loadbalancer)
|
vip_port = self._get_vip_port(loadbalancer)
|
||||||
neutron.update_port(
|
os_net.update_port(vip_port.id, security_groups=[sg.id])
|
||||||
vip_port.get('id'),
|
sg_id = sg.id
|
||||||
{'port': {
|
|
||||||
'security_groups': [sg_id]}})
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
neutron.create_security_group_rule({
|
os_net.create_security_group_rule(direction='ingress',
|
||||||
'security_group_rule': {
|
port_range_min=listener.port,
|
||||||
'direction': 'ingress',
|
port_range_max=listener.port,
|
||||||
'port_range_min': listener.port,
|
protocol=listener.protocol,
|
||||||
'port_range_max': listener.port,
|
security_group_id=sg_id,
|
||||||
'protocol': listener.protocol,
|
description=listener.name)
|
||||||
'security_group_id': sg_id,
|
except os_exc.ConflictException:
|
||||||
'description': listener.name,
|
pass
|
||||||
},
|
except os_exc.SDKException:
|
||||||
})
|
LOG.exception('Failed when creating security group rule for '
|
||||||
except n_exc.NeutronClientException as ex:
|
'listener %s.', listener.name)
|
||||||
if ex.status_code != requests.codes.conflict:
|
|
||||||
LOG.exception('Failed when creating security group rule '
|
|
||||||
'for listener %s.', listener.name)
|
|
||||||
|
|
||||||
def _create_listeners_acls(self, loadbalancer, port, target_port,
|
def _create_listeners_acls(self, loadbalancer, port, target_port,
|
||||||
protocol, lb_sg, new_sgs, listener_id):
|
protocol, lb_sg, new_sgs, listener_id):
|
||||||
all_pod_rules = []
|
all_pod_rules = []
|
||||||
add_default_rules = False
|
add_default_rules = False
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
|
|
||||||
if new_sgs:
|
if new_sgs:
|
||||||
sgs = new_sgs
|
sgs = new_sgs
|
||||||
|
@ -232,25 +219,24 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
# default listener rules
|
# default listener rules
|
||||||
add_default_rules = True
|
add_default_rules = True
|
||||||
break
|
break
|
||||||
rules = neutron.list_security_group_rules(
|
rules = os_net.security_group_rules(security_group_id=sg)
|
||||||
security_group_id=sg)
|
for rule in rules:
|
||||||
for rule in rules['security_group_rules']:
|
|
||||||
# NOTE(ltomasbo): NP sg can only have rules with
|
# NOTE(ltomasbo): NP sg can only have rules with
|
||||||
# or without remote_ip_prefix. Rules with remote_group_id
|
# or without remote_ip_prefix. Rules with remote_group_id
|
||||||
# are not possible, therefore only applying the ones
|
# are not possible, therefore only applying the ones
|
||||||
# with or without remote_ip_prefix.
|
# with or without remote_ip_prefix.
|
||||||
if rule.get('remote_group_id'):
|
if rule.remote_group_id:
|
||||||
continue
|
continue
|
||||||
if (rule['protocol'] == protocol.lower() and
|
if (rule.protocol == protocol.lower() and
|
||||||
rule['direction'] == 'ingress'):
|
rule.direction == 'ingress'):
|
||||||
# If listener port not in allowed range, skip
|
# If listener port not in allowed range, skip
|
||||||
min_port = rule.get('port_range_min')
|
min_port = rule.port_range_min
|
||||||
max_port = rule.get('port_range_max')
|
max_port = rule.port_range_max
|
||||||
if (min_port and target_port not in range(min_port,
|
if (min_port and target_port not in range(min_port,
|
||||||
max_port+1)):
|
max_port+1)):
|
||||||
continue
|
continue
|
||||||
if rule.get('remote_ip_prefix'):
|
if rule.remote_ip_prefix:
|
||||||
all_pod_rules.append(rule['remote_ip_prefix'])
|
all_pod_rules.append(rule.remote_ip_prefix)
|
||||||
else:
|
else:
|
||||||
add_default_rules = True
|
add_default_rules = True
|
||||||
|
|
||||||
|
@ -265,7 +251,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
protocol, sg_rule_name, listener_id,
|
protocol, sg_rule_name, listener_id,
|
||||||
new_sgs=None):
|
new_sgs=None):
|
||||||
LOG.debug("Applying members security groups.")
|
LOG.debug("Applying members security groups.")
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
lb_sg = None
|
lb_sg = None
|
||||||
if CONF.octavia_defaults.sg_mode == 'create':
|
if CONF.octavia_defaults.sg_mode == 'create':
|
||||||
if new_sgs:
|
if new_sgs:
|
||||||
|
@ -276,7 +262,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
else:
|
else:
|
||||||
vip_port = self._get_vip_port(loadbalancer)
|
vip_port = self._get_vip_port(loadbalancer)
|
||||||
if vip_port:
|
if vip_port:
|
||||||
lb_sg = vip_port.get('security_groups')[0]
|
lb_sg = vip_port.security_group_ids[0]
|
||||||
|
|
||||||
# NOTE (maysams) It might happen that the update of LBaaS SG
|
# NOTE (maysams) It might happen that the update of LBaaS SG
|
||||||
# has been triggered and the LBaaS SG was not created yet.
|
# has been triggered and the LBaaS SG was not created yet.
|
||||||
|
@ -289,8 +275,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
protocol, lb_sg, new_sgs, listener_id)
|
protocol, lb_sg, new_sgs, listener_id)
|
||||||
return
|
return
|
||||||
|
|
||||||
lbaas_sg_rules = neutron.list_security_group_rules(
|
lbaas_sg_rules = os_net.security_group_rules(security_group_id=lb_sg)
|
||||||
security_group_id=lb_sg)
|
|
||||||
all_pod_rules = []
|
all_pod_rules = []
|
||||||
add_default_rules = False
|
add_default_rules = False
|
||||||
|
|
||||||
|
@ -308,20 +293,19 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
# default listener rules
|
# default listener rules
|
||||||
add_default_rules = True
|
add_default_rules = True
|
||||||
break
|
break
|
||||||
rules = neutron.list_security_group_rules(
|
rules = os_net.security_group_rules(security_group_id=sg)
|
||||||
security_group_id=sg)
|
for rule in rules:
|
||||||
for rule in rules['security_group_rules']:
|
|
||||||
# copying ingress rules with same protocol onto the
|
# copying ingress rules with same protocol onto the
|
||||||
# loadbalancer sg rules
|
# loadbalancer sg rules
|
||||||
# NOTE(ltomasbo): NP sg can only have rules with
|
# NOTE(ltomasbo): NP sg can only have rules with
|
||||||
# or without remote_ip_prefix. Rules with remote_group_id
|
# or without remote_ip_prefix. Rules with remote_group_id
|
||||||
# are not possible, therefore only applying the ones
|
# are not possible, therefore only applying the ones
|
||||||
# with or without remote_ip_prefix.
|
# with or without remote_ip_prefix.
|
||||||
if (rule['protocol'] == protocol.lower() and
|
if (rule.protocol == protocol.lower() and
|
||||||
rule['direction'] == 'ingress'):
|
rule.direction == 'ingress'):
|
||||||
# If listener port not in allowed range, skip
|
# If listener port not in allowed range, skip
|
||||||
min_port = rule.get('port_range_min')
|
min_port = rule.port_range_min
|
||||||
max_port = rule.get('port_range_max')
|
max_port = rule.port_range_max
|
||||||
if (min_port and target_port not in range(min_port,
|
if (min_port and target_port not in range(min_port,
|
||||||
max_port+1)):
|
max_port+1)):
|
||||||
continue
|
continue
|
||||||
|
@ -329,147 +313,126 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
try:
|
try:
|
||||||
LOG.debug("Creating LBaaS sg rule for sg: %r",
|
LOG.debug("Creating LBaaS sg rule for sg: %r",
|
||||||
lb_sg)
|
lb_sg)
|
||||||
neutron.create_security_group_rule({
|
os_net.create_security_group_rule(
|
||||||
'security_group_rule': {
|
direction='ingress',
|
||||||
'direction': 'ingress',
|
port_range_min=port,
|
||||||
'port_range_min': port,
|
port_range_max=port,
|
||||||
'port_range_max': port,
|
protocol=protocol,
|
||||||
'protocol': protocol,
|
remote_ip_prefix=rule.remote_ip_prefix,
|
||||||
'remote_ip_prefix': rule[
|
security_group_id=lb_sg,
|
||||||
'remote_ip_prefix'],
|
description=sg_rule_name)
|
||||||
'security_group_id': lb_sg,
|
except os_exc.ConflictException:
|
||||||
'description': sg_rule_name,
|
pass
|
||||||
},
|
except os_exc.SDKException:
|
||||||
})
|
LOG.exception('Failed when creating security '
|
||||||
except n_exc.NeutronClientException as ex:
|
'group rule for listener %s.',
|
||||||
if ex.status_code != requests.codes.conflict:
|
sg_rule_name)
|
||||||
LOG.exception('Failed when creating security '
|
|
||||||
'group rule for listener %s.',
|
|
||||||
sg_rule_name)
|
|
||||||
|
|
||||||
# Delete LBaaS sg rules that do not match NP
|
# Delete LBaaS sg rules that do not match NP
|
||||||
for rule in lbaas_sg_rules['security_group_rules']:
|
for rule in lbaas_sg_rules:
|
||||||
if (rule.get('protocol') != protocol.lower() or
|
if (rule.protocol != protocol.lower() or
|
||||||
rule.get('port_range_min') != port or
|
rule.port_range_min != port or
|
||||||
rule.get('direction') != 'ingress'):
|
rule.direction != 'ingress'):
|
||||||
if all_pod_rules and self._is_default_rule(rule):
|
if all_pod_rules and self._is_default_rule(rule):
|
||||||
LOG.debug("Removing default LBaaS sg rule for sg: %r",
|
LOG.debug("Removing default LBaaS sg rule for sg: %r",
|
||||||
lb_sg)
|
lb_sg)
|
||||||
neutron.delete_security_group_rule(rule['id'])
|
os_net.delete_security_group_rule(rule.id)
|
||||||
continue
|
continue
|
||||||
self._delete_rule_if_no_match(rule, all_pod_rules)
|
self._delete_rule_if_no_match(rule, all_pod_rules)
|
||||||
|
|
||||||
if add_default_rules:
|
if add_default_rules:
|
||||||
try:
|
try:
|
||||||
LOG.debug("Restoring default LBaaS sg rule for sg: %r", lb_sg)
|
LOG.debug("Restoring default LBaaS sg rule for sg: %r", lb_sg)
|
||||||
neutron.create_security_group_rule({
|
os_net.create_security_group_rule(direction='ingress',
|
||||||
'security_group_rule': {
|
port_range_min=port,
|
||||||
'direction': 'ingress',
|
port_range_max=port,
|
||||||
'port_range_min': port,
|
protocol=protocol,
|
||||||
'port_range_max': port,
|
security_group_id=lb_sg,
|
||||||
'protocol': protocol,
|
description=sg_rule_name)
|
||||||
'security_group_id': lb_sg,
|
except os_exc.ConflictException:
|
||||||
'description': sg_rule_name,
|
pass
|
||||||
},
|
except os_exc.SDKException:
|
||||||
})
|
LOG.exception('Failed when creating security group rule for '
|
||||||
except n_exc.NeutronClientException as ex:
|
'listener %s.', sg_rule_name)
|
||||||
if ex.status_code != requests.codes.conflict:
|
|
||||||
LOG.exception('Failed when creating security '
|
|
||||||
'group rule for listener %s.',
|
|
||||||
sg_rule_name)
|
|
||||||
|
|
||||||
def _delete_rule_if_no_match(self, rule, all_pod_rules):
|
def _delete_rule_if_no_match(self, rule, all_pod_rules):
|
||||||
for pod_rule in all_pod_rules:
|
for pod_rule in all_pod_rules:
|
||||||
if pod_rule['remote_ip_prefix'] == rule['remote_ip_prefix']:
|
if pod_rule['remote_ip_prefix'] == rule['remote_ip_prefix']:
|
||||||
return
|
return
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
LOG.debug("Deleting sg rule: %r", rule['id'])
|
LOG.debug("Deleting sg rule: %r", rule.id)
|
||||||
neutron.delete_security_group_rule(rule['id'])
|
os_net.delete_security_group_rule(rule.id)
|
||||||
|
|
||||||
def _is_default_rule(self, rule):
|
def _is_default_rule(self, rule):
|
||||||
if (rule.get('direction') == 'ingress' and
|
return (rule.get('direction') == 'ingress' and
|
||||||
not rule.get('remote_ip_prefix') and
|
not rule.get('remote_ip_prefix') and
|
||||||
'network-policy' not in rule.get('description')):
|
'network-policy' not in rule.get('description'))
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
def _remove_default_octavia_rules(self, sg_id, listener):
|
def _remove_default_octavia_rules(self, sg_id, listener):
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
for remaining in self._provisioning_timer(
|
for remaining in self._provisioning_timer(
|
||||||
_ACTIVATION_TIMEOUT, _LB_STS_POLL_SLOW_INTERVAL):
|
_ACTIVATION_TIMEOUT, _LB_STS_POLL_SLOW_INTERVAL):
|
||||||
listener_rules = neutron.list_security_group_rules(
|
listener_rules = os_net.security_group_rules(
|
||||||
security_group_id=sg_id,
|
security_group_id=sg_id,
|
||||||
protocol=listener.protocol,
|
protocol=listener.protocol,
|
||||||
port_range_min=listener.port,
|
port_range_min=listener.port,
|
||||||
port_range_max=listener.port,
|
port_range_max=listener.port,
|
||||||
direction='ingress')
|
direction='ingress')
|
||||||
for rule in listener_rules['security_group_rules']:
|
for rule in listener_rules:
|
||||||
if not (rule.get('remote_group_id') or
|
if not (rule.remote_group_id or rule.remote_ip_prefix):
|
||||||
rule.get('remote_ip_prefix')):
|
|
||||||
# remove default sg rules
|
# remove default sg rules
|
||||||
neutron.delete_security_group_rule(rule['id'])
|
os_net.delete_security_group_rule(rule.id)
|
||||||
return
|
return
|
||||||
|
|
||||||
def _extend_lb_security_group_rules(self, loadbalancer, listener):
|
def _extend_lb_security_group_rules(self, loadbalancer, listener):
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
|
|
||||||
if CONF.octavia_defaults.sg_mode == 'create':
|
if CONF.octavia_defaults.sg_mode == 'create':
|
||||||
sg_id = self._find_listeners_sg(loadbalancer)
|
sg_id = self._find_listeners_sg(loadbalancer)
|
||||||
# if an SG for the loadbalancer has not being created, create one
|
# if an SG for the loadbalancer has not being created, create one
|
||||||
if not sg_id:
|
if not sg_id:
|
||||||
sg = neutron.create_security_group({
|
sg = os_net.create_security_group(
|
||||||
'security_group': {
|
name=loadbalancer.name, project_id=loadbalancer.project_id)
|
||||||
'name': loadbalancer.name,
|
c_utils.tag_neutron_resources('security-groups', [sg.id])
|
||||||
'project_id': loadbalancer.project_id,
|
loadbalancer.security_groups.append(sg.id)
|
||||||
},
|
|
||||||
})
|
|
||||||
sg_id = sg['security_group']['id']
|
|
||||||
c_utils.tag_neutron_resources('security-groups', [sg_id])
|
|
||||||
loadbalancer.security_groups.append(sg_id)
|
|
||||||
vip_port = self._get_vip_port(loadbalancer)
|
vip_port = self._get_vip_port(loadbalancer)
|
||||||
neutron.update_port(
|
os_net.update_port(
|
||||||
vip_port.get('id'),
|
vip_port.id,
|
||||||
{'port': {
|
security_groups=loadbalancer.security_groups)
|
||||||
'security_groups': loadbalancer.security_groups}})
|
|
||||||
else:
|
else:
|
||||||
sg_id = self._get_vip_port(loadbalancer).get('security_groups')[0]
|
sg_id = self._get_vip_port(loadbalancer).security_group_ids[0]
|
||||||
# wait until octavia adds default sg rules
|
# wait until octavia adds default sg rules
|
||||||
self._remove_default_octavia_rules(sg_id, listener)
|
self._remove_default_octavia_rules(sg_id, listener)
|
||||||
|
|
||||||
for sg in loadbalancer.security_groups:
|
for sg in loadbalancer.security_groups:
|
||||||
if sg != sg_id:
|
if sg != sg_id:
|
||||||
try:
|
try:
|
||||||
neutron.create_security_group_rule({
|
os_net.create_security_group_rule(
|
||||||
'security_group_rule': {
|
direction='ingress',
|
||||||
'direction': 'ingress',
|
port_range_min=listener.port,
|
||||||
'port_range_min': listener.port,
|
port_range_max=listener.port,
|
||||||
'port_range_max': listener.port,
|
protocol=listener.protocol,
|
||||||
'protocol': listener.protocol,
|
security_group_id=sg_id,
|
||||||
'security_group_id': sg_id,
|
remote_group_id=sg,
|
||||||
'remote_group_id': sg,
|
description=listener.name)
|
||||||
'description': listener.name,
|
except os_exc.ConflictException:
|
||||||
},
|
pass
|
||||||
})
|
except os_exc.SDKException:
|
||||||
except n_exc.NeutronClientException as ex:
|
LOG.exception('Failed when creating security group '
|
||||||
if ex.status_code != requests.codes.conflict:
|
'rule for listener %s.', listener.name)
|
||||||
LOG.exception('Failed when creating security group '
|
|
||||||
'rule for listener %s.', listener.name)
|
|
||||||
|
|
||||||
# ensure routes have access to the services
|
# ensure routes have access to the services
|
||||||
service_subnet_cidr = utils.get_subnet_cidr(loadbalancer.subnet_id)
|
service_subnet_cidr = utils.get_subnet_cidr(loadbalancer.subnet_id)
|
||||||
try:
|
try:
|
||||||
# add access from service subnet
|
# add access from service subnet
|
||||||
neutron.create_security_group_rule({
|
os_net.create_security_group_rule(
|
||||||
'security_group_rule': {
|
direction='ingress',
|
||||||
'direction': 'ingress',
|
port_range_min=listener.port,
|
||||||
'port_range_min': listener.port,
|
port_range_max=listener.port,
|
||||||
'port_range_max': listener.port,
|
protocol=listener.protocol,
|
||||||
'protocol': listener.protocol,
|
security_group_id=sg_id,
|
||||||
'security_group_id': sg_id,
|
remote_ip_prefix=service_subnet_cidr,
|
||||||
'remote_ip_prefix': service_subnet_cidr,
|
description=listener.name)
|
||||||
'description': listener.name,
|
|
||||||
},
|
|
||||||
})
|
|
||||||
|
|
||||||
# add access from worker node VM subnet for non-native route
|
# add access from worker node VM subnet for non-native route
|
||||||
# support
|
# support
|
||||||
|
@ -478,26 +441,23 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
try:
|
try:
|
||||||
worker_subnet_cidr = utils.get_subnet_cidr(
|
worker_subnet_cidr = utils.get_subnet_cidr(
|
||||||
worker_subnet_id)
|
worker_subnet_id)
|
||||||
neutron.create_security_group_rule({
|
os_net.create_security_group_rule(
|
||||||
'security_group_rule': {
|
direction='ingress',
|
||||||
'direction': 'ingress',
|
port_range_min=listener.port,
|
||||||
'port_range_min': listener.port,
|
port_range_max=listener.port,
|
||||||
'port_range_max': listener.port,
|
protocol=listener.protocol,
|
||||||
'protocol': listener.protocol,
|
security_group_id=sg_id,
|
||||||
'security_group_id': sg_id,
|
remote_ip_prefix=worker_subnet_cidr,
|
||||||
'remote_ip_prefix': worker_subnet_cidr,
|
description=listener.name)
|
||||||
'description': listener.name,
|
|
||||||
},
|
|
||||||
})
|
|
||||||
except os_exc.ResourceNotFound:
|
except os_exc.ResourceNotFound:
|
||||||
LOG.exception('Failed when creating security group rule '
|
LOG.exception('Failed when creating security group rule '
|
||||||
'due to nonexistent worker_subnet_id: %s',
|
'due to nonexistent worker_subnet_id: %s',
|
||||||
worker_subnet_id)
|
worker_subnet_id)
|
||||||
except n_exc.NeutronClientException as ex:
|
except os_exc.ConflictException:
|
||||||
if ex.status_code != requests.codes.conflict:
|
pass
|
||||||
LOG.exception('Failed when creating security group rule '
|
except os_exc.SDKException:
|
||||||
'to enable routes for listener %s.',
|
LOG.exception('Failed when creating security group rule to '
|
||||||
listener.name)
|
'enable routes for listener %s.', listener.name)
|
||||||
|
|
||||||
def _ensure_security_group_rules(self, loadbalancer, listener,
|
def _ensure_security_group_rules(self, loadbalancer, listener,
|
||||||
service_type):
|
service_type):
|
||||||
|
@ -534,7 +494,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
return result
|
return result
|
||||||
|
|
||||||
def release_listener(self, loadbalancer, listener):
|
def release_listener(self, loadbalancer, listener):
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
lbaas = clients.get_loadbalancer_client()
|
lbaas = clients.get_loadbalancer_client()
|
||||||
self._release(loadbalancer, listener,
|
self._release(loadbalancer, listener,
|
||||||
lbaas.delete_listener,
|
lbaas.delete_listener,
|
||||||
|
@ -543,14 +503,13 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
if CONF.octavia_defaults.sg_mode == 'create':
|
if CONF.octavia_defaults.sg_mode == 'create':
|
||||||
sg_id = self._find_listeners_sg(loadbalancer)
|
sg_id = self._find_listeners_sg(loadbalancer)
|
||||||
else:
|
else:
|
||||||
sg_id = self._get_vip_port(loadbalancer).get('security_groups')[0]
|
sg_id = self._get_vip_port(loadbalancer).security_group_ids[0]
|
||||||
if sg_id:
|
if sg_id:
|
||||||
rules = neutron.list_security_group_rules(
|
rules = os_net.security_group_rules(security_group_id=sg_id,
|
||||||
security_group_id=sg_id, description=listener.name)
|
description=listener.name)
|
||||||
rules = rules['security_group_rules']
|
try:
|
||||||
if len(rules):
|
os_net.delete_security_group_rule(next(rules).id)
|
||||||
neutron.delete_security_group_rule(rules[0]['id'])
|
except StopIteration:
|
||||||
else:
|
|
||||||
LOG.warning('Cannot find SG rule for %s (%s) listener.',
|
LOG.warning('Cannot find SG rule for %s (%s) listener.',
|
||||||
listener.id, listener.name)
|
listener.id, listener.name)
|
||||||
|
|
||||||
|
@ -614,19 +573,19 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
member.pool_id)
|
member.pool_id)
|
||||||
|
|
||||||
def _get_vip_port(self, loadbalancer):
|
def _get_vip_port(self, loadbalancer):
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
try:
|
try:
|
||||||
fixed_ips = ['subnet_id=%s' % str(loadbalancer.subnet_id),
|
fixed_ips = ['subnet_id=%s' % str(loadbalancer.subnet_id),
|
||||||
'ip_address=%s' % str(loadbalancer.ip)]
|
'ip_address=%s' % str(loadbalancer.ip)]
|
||||||
ports = neutron.list_ports(fixed_ips=fixed_ips)
|
ports = os_net.ports(fixed_ips=fixed_ips)
|
||||||
except n_exc.NeutronClientException:
|
except os_exc.SDKException:
|
||||||
LOG.error("Port with fixed ips %s not found!", fixed_ips)
|
LOG.error("Port with fixed ips %s not found!", fixed_ips)
|
||||||
raise
|
raise
|
||||||
|
|
||||||
if ports['ports']:
|
try:
|
||||||
return ports['ports'][0]
|
return next(ports)
|
||||||
|
except StopIteration:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def _post_lb_resource(self, resource, request, **kwargs):
|
def _post_lb_resource(self, resource, request, **kwargs):
|
||||||
# FIXME(dulek): openstacksdk doesn't support Octavia tags until version
|
# FIXME(dulek): openstacksdk doesn't support Octavia tags until version
|
||||||
|
@ -664,7 +623,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
response = self._post_lb_resource(o_lb.LoadBalancer, request)
|
response = self._post_lb_resource(o_lb.LoadBalancer, request)
|
||||||
|
|
||||||
loadbalancer.id = response.id
|
loadbalancer.id = response.id
|
||||||
loadbalancer.port_id = self._get_vip_port(loadbalancer).get("id")
|
loadbalancer.port_id = self._get_vip_port(loadbalancer).id
|
||||||
if (loadbalancer.provider is not None and
|
if (loadbalancer.provider is not None and
|
||||||
loadbalancer.provider != response.provider):
|
loadbalancer.provider != response.provider):
|
||||||
LOG.error("Request provider(%s) != Response provider(%s)",
|
LOG.error("Request provider(%s) != Response provider(%s)",
|
||||||
|
@ -684,7 +643,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
try:
|
try:
|
||||||
os_lb = next(response) # openstacksdk returns a generator
|
os_lb = next(response) # openstacksdk returns a generator
|
||||||
loadbalancer.id = os_lb.id
|
loadbalancer.id = os_lb.id
|
||||||
loadbalancer.port_id = self._get_vip_port(loadbalancer).get("id")
|
loadbalancer.port_id = self._get_vip_port(loadbalancer).id
|
||||||
loadbalancer.provider = os_lb.provider
|
loadbalancer.provider = os_lb.provider
|
||||||
if os_lb.provisioning_status == 'ERROR':
|
if os_lb.provisioning_status == 'ERROR':
|
||||||
self.release_loadbalancer(loadbalancer)
|
self.release_loadbalancer(loadbalancer)
|
||||||
|
@ -909,27 +868,32 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
time.sleep(interval)
|
time.sleep(interval)
|
||||||
|
|
||||||
def _find_listeners_sg(self, loadbalancer, lb_name=None):
|
def _find_listeners_sg(self, loadbalancer, lb_name=None):
|
||||||
neutron = clients.get_neutron_client()
|
os_net = clients.get_network_client()
|
||||||
if lb_name:
|
if lb_name:
|
||||||
sgs = neutron.list_security_groups(
|
sgs = os_net.security_groups(name=lb_name,
|
||||||
name=lb_name, project_id=loadbalancer.project_id)
|
project_id=loadbalancer.project_id)
|
||||||
# NOTE(ltomasbo): lb_name parameter is only passed when sg_mode
|
# NOTE(ltomasbo): lb_name parameter is only passed when sg_mode
|
||||||
# is 'create' and in that case there is only one sg associated
|
# is 'create' and in that case there is only one sg associated
|
||||||
# to the loadbalancer
|
# to the loadbalancer
|
||||||
try:
|
try:
|
||||||
sg_id = sgs['security_groups'][0]['id']
|
sg_id = next(sgs).id
|
||||||
except IndexError:
|
except StopIteration:
|
||||||
sg_id = None
|
sg_id = None
|
||||||
LOG.debug("Security Group not created yet for LBaaS.")
|
LOG.debug("Security Group not created yet for LBaaS.")
|
||||||
return sg_id
|
return sg_id
|
||||||
try:
|
try:
|
||||||
sgs = neutron.list_security_groups(
|
sgs = os_net.security_groups(name=loadbalancer.name,
|
||||||
name=loadbalancer.name, project_id=loadbalancer.project_id)
|
project_id=loadbalancer.project_id)
|
||||||
for sg in sgs['security_groups']:
|
for sg in sgs:
|
||||||
sg_id = sg['id']
|
try:
|
||||||
if sg_id in loadbalancer.security_groups:
|
if sg.id in loadbalancer.security_groups:
|
||||||
return sg_id
|
return sg.id
|
||||||
except n_exc.NeutronClientException:
|
except TypeError:
|
||||||
|
LOG.exception('Loadbalancer %s does not have '
|
||||||
|
'security_groups defined.',
|
||||||
|
loadbalancer.name)
|
||||||
|
raise
|
||||||
|
except os_exc.SDKException:
|
||||||
LOG.exception('Cannot list security groups for loadbalancer %s.',
|
LOG.exception('Cannot list security groups for loadbalancer %s.',
|
||||||
loadbalancer.name)
|
loadbalancer.name)
|
||||||
|
|
||||||
|
|
|
@ -14,10 +14,10 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
import requests
|
import munch
|
||||||
|
|
||||||
from neutronclient.common import exceptions as n_exc
|
from neutronclient.common import exceptions as n_exc
|
||||||
from openstack import exceptions as o_exc
|
from openstack import exceptions as os_exc
|
||||||
from openstack.load_balancer.v2 import l7_policy as o_l7p
|
from openstack.load_balancer.v2 import l7_policy as o_l7p
|
||||||
from openstack.load_balancer.v2 import l7_rule as o_l7r
|
from openstack.load_balancer.v2 import l7_rule as o_l7r
|
||||||
from openstack.load_balancer.v2 import listener as o_lis
|
from openstack.load_balancer.v2 import listener as o_lis
|
||||||
|
@ -25,6 +25,7 @@ from openstack.load_balancer.v2 import load_balancer as o_lb
|
||||||
from openstack.load_balancer.v2 import member as o_mem
|
from openstack.load_balancer.v2 import member as o_mem
|
||||||
from openstack.load_balancer.v2 import pool as o_pool
|
from openstack.load_balancer.v2 import pool as o_pool
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
import requests
|
||||||
|
|
||||||
from kuryr_kubernetes.controller.drivers import lbaasv2 as d_lbaasv2
|
from kuryr_kubernetes.controller.drivers import lbaasv2 as d_lbaasv2
|
||||||
from kuryr_kubernetes import exceptions as k_exc
|
from kuryr_kubernetes import exceptions as k_exc
|
||||||
|
@ -155,7 +156,7 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
sg_ids, 'ClusterIP')
|
sg_ids, 'ClusterIP')
|
||||||
|
|
||||||
def test_cascade_release_loadbalancer(self):
|
def test_cascade_release_loadbalancer(self):
|
||||||
self.useFixture(k_fix.MockNeutronClient()).client
|
self.useFixture(k_fix.MockNetworkClient()).client
|
||||||
lbaas = self.useFixture(k_fix.MockLBaaSClient()).client
|
lbaas = self.useFixture(k_fix.MockLBaaSClient()).client
|
||||||
lbaas.lbaas_loadbalancer_path = "boo %s"
|
lbaas.lbaas_loadbalancer_path = "boo %s"
|
||||||
cls = d_lbaasv2.LBaaSv2Driver
|
cls = d_lbaasv2.LBaaSv2Driver
|
||||||
|
@ -216,21 +217,20 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
loadbalancer = obj_lbaas.LBaaSLoadBalancer(
|
loadbalancer = obj_lbaas.LBaaSLoadBalancer(
|
||||||
id=loadbalancer_id, name=name, project_id=project_id,
|
id=loadbalancer_id, name=name, project_id=project_id,
|
||||||
subnet_id=subnet_id, ip=ip, provider=provider)
|
subnet_id=subnet_id, ip=ip, provider=provider)
|
||||||
m_driver._ensure_provisioned.side_effect = o_exc.BadRequestException
|
m_driver._ensure_provisioned.side_effect = os_exc.BadRequestException
|
||||||
|
|
||||||
resp = cls.ensure_listener(m_driver, loadbalancer,
|
resp = cls.ensure_listener(m_driver, loadbalancer,
|
||||||
protocol, port)
|
protocol, port)
|
||||||
self.assertIsNone(resp)
|
self.assertIsNone(resp)
|
||||||
|
|
||||||
def test_release_listener(self):
|
def test_release_listener(self):
|
||||||
neutron = self.useFixture(k_fix.MockNeutronClient()).client
|
os_net = self.useFixture(k_fix.MockNetworkClient()).client
|
||||||
lbaas = self.useFixture(k_fix.MockLBaaSClient()).client
|
lbaas = self.useFixture(k_fix.MockLBaaSClient()).client
|
||||||
neutron.list_security_group_rules.return_value = {
|
os_net.security_group_rules.return_value = (x for x in [])
|
||||||
'security_group_rules': []}
|
|
||||||
cls = d_lbaasv2.LBaaSv2Driver
|
cls = d_lbaasv2.LBaaSv2Driver
|
||||||
m_driver = mock.Mock(spec=d_lbaasv2.LBaaSv2Driver)
|
m_driver = mock.Mock(spec=d_lbaasv2.LBaaSv2Driver)
|
||||||
m_driver._get_vip_port.return_value = {
|
m_driver._get_vip_port.return_value = munch.Munch({
|
||||||
'security_groups': [mock.sentinel.sg_id]}
|
'security_group_ids': [mock.sentinel.sg_id]})
|
||||||
loadbalancer = mock.Mock()
|
loadbalancer = mock.Mock()
|
||||||
listener = mock.Mock()
|
listener = mock.Mock()
|
||||||
|
|
||||||
|
@ -340,7 +340,8 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
}
|
}
|
||||||
resp = o_lb.LoadBalancer(id=loadbalancer_id, provider='haproxy')
|
resp = o_lb.LoadBalancer(id=loadbalancer_id, provider='haproxy')
|
||||||
m_driver._post_lb_resource.return_value = resp
|
m_driver._post_lb_resource.return_value = resp
|
||||||
m_driver._get_vip_port.return_value = {'id': mock.sentinel.port_id}
|
m_driver._get_vip_port.return_value = munch.Munch(
|
||||||
|
{'id': mock.sentinel.port_id})
|
||||||
|
|
||||||
ret = cls._create_loadbalancer(m_driver, loadbalancer)
|
ret = cls._create_loadbalancer(m_driver, loadbalancer)
|
||||||
m_driver._post_lb_resource.assert_called_once_with(o_lb.LoadBalancer,
|
m_driver._post_lb_resource.assert_called_once_with(o_lb.LoadBalancer,
|
||||||
|
@ -368,7 +369,8 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
}
|
}
|
||||||
resp = o_lb.LoadBalancer(id=loadbalancer_id, provider='amphora')
|
resp = o_lb.LoadBalancer(id=loadbalancer_id, provider='amphora')
|
||||||
m_driver._post_lb_resource.return_value = resp
|
m_driver._post_lb_resource.return_value = resp
|
||||||
m_driver._get_vip_port.return_value = {'id': mock.sentinel.port_id}
|
m_driver._get_vip_port.return_value = munch.Munch(
|
||||||
|
{'id': mock.sentinel.port_id})
|
||||||
|
|
||||||
ret = cls._create_loadbalancer(m_driver, loadbalancer)
|
ret = cls._create_loadbalancer(m_driver, loadbalancer)
|
||||||
m_driver._post_lb_resource.assert_called_once_with(o_lb.LoadBalancer,
|
m_driver._post_lb_resource.assert_called_once_with(o_lb.LoadBalancer,
|
||||||
|
@ -396,7 +398,8 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
}
|
}
|
||||||
resp = o_lb.LoadBalancer(id=loadbalancer_id, provider='haproxy')
|
resp = o_lb.LoadBalancer(id=loadbalancer_id, provider='haproxy')
|
||||||
m_driver._post_lb_resource.return_value = resp
|
m_driver._post_lb_resource.return_value = resp
|
||||||
m_driver._get_vip_port.return_value = {'id': mock.sentinel.port_id}
|
m_driver._get_vip_port.return_value = munch.Munch(
|
||||||
|
{'id': mock.sentinel.port_id})
|
||||||
|
|
||||||
ret = cls._create_loadbalancer(m_driver, loadbalancer)
|
ret = cls._create_loadbalancer(m_driver, loadbalancer)
|
||||||
m_driver._post_lb_resource.assert_called_once_with(o_lb.LoadBalancer,
|
m_driver._post_lb_resource.assert_called_once_with(o_lb.LoadBalancer,
|
||||||
|
@ -415,7 +418,8 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
resp = iter([o_lb.LoadBalancer(id=loadbalancer_id, provider='haproxy',
|
resp = iter([o_lb.LoadBalancer(id=loadbalancer_id, provider='haproxy',
|
||||||
provisioning_status='ACTIVE')])
|
provisioning_status='ACTIVE')])
|
||||||
lbaas.load_balancers.return_value = resp
|
lbaas.load_balancers.return_value = resp
|
||||||
m_driver._get_vip_port.return_value = {'id': mock.sentinel.port_id}
|
m_driver._get_vip_port.return_value = munch.Munch(
|
||||||
|
{'id': mock.sentinel.port_id})
|
||||||
|
|
||||||
ret = cls._find_loadbalancer(m_driver, loadbalancer)
|
ret = cls._find_loadbalancer(m_driver, loadbalancer)
|
||||||
lbaas.load_balancers.assert_called_once_with(
|
lbaas.load_balancers.assert_called_once_with(
|
||||||
|
@ -459,7 +463,8 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
resp = iter([o_lb.LoadBalancer(id=loadbalancer_id, provider='haproxy',
|
resp = iter([o_lb.LoadBalancer(id=loadbalancer_id, provider='haproxy',
|
||||||
provisioning_status='ERROR')])
|
provisioning_status='ERROR')])
|
||||||
lbaas.load_balancers.return_value = resp
|
lbaas.load_balancers.return_value = resp
|
||||||
m_driver._get_vip_port.return_value = {'id': mock.sentinel.port_id}
|
m_driver._get_vip_port.return_value = munch.Munch(
|
||||||
|
{'id': mock.sentinel.port_id})
|
||||||
|
|
||||||
ret = cls._find_loadbalancer(m_driver, loadbalancer)
|
ret = cls._find_loadbalancer(m_driver, loadbalancer)
|
||||||
lbaas.load_balancers.assert_called_once_with(
|
lbaas.load_balancers.assert_called_once_with(
|
||||||
|
@ -755,11 +760,11 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
|
|
||||||
def test_ensure_with_conflict(self):
|
def test_ensure_with_conflict(self):
|
||||||
self._verify_ensure_with_exception(
|
self._verify_ensure_with_exception(
|
||||||
o_exc.ConflictException(http_status=409))
|
os_exc.ConflictException(http_status=409))
|
||||||
|
|
||||||
def test_ensure_with_internalservererror(self):
|
def test_ensure_with_internalservererror(self):
|
||||||
self._verify_ensure_with_exception(
|
self._verify_ensure_with_exception(
|
||||||
o_exc.HttpException(http_status=500))
|
os_exc.HttpException(http_status=500))
|
||||||
|
|
||||||
def test_ensure_with_httperrors(self):
|
def test_ensure_with_httperrors(self):
|
||||||
resp = requests.Response()
|
resp = requests.Response()
|
||||||
|
@ -837,7 +842,7 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
m_delete = mock.Mock()
|
m_delete = mock.Mock()
|
||||||
timer = [mock.sentinel.t0, mock.sentinel.t1]
|
timer = [mock.sentinel.t0, mock.sentinel.t1]
|
||||||
m_driver._provisioning_timer.return_value = timer
|
m_driver._provisioning_timer.return_value = timer
|
||||||
m_delete.side_effect = [o_exc.BadRequestException, None]
|
m_delete.side_effect = [os_exc.BadRequestException, None]
|
||||||
|
|
||||||
cls._release(m_driver, loadbalancer, obj, m_delete)
|
cls._release(m_driver, loadbalancer, obj, m_delete)
|
||||||
|
|
||||||
|
@ -853,7 +858,7 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
m_delete = mock.Mock()
|
m_delete = mock.Mock()
|
||||||
timer = [mock.sentinel.t0, mock.sentinel.t1]
|
timer = [mock.sentinel.t0, mock.sentinel.t1]
|
||||||
m_driver._provisioning_timer.return_value = timer
|
m_driver._provisioning_timer.return_value = timer
|
||||||
m_delete.side_effect = o_exc.NotFoundException
|
m_delete.side_effect = os_exc.NotFoundException
|
||||||
|
|
||||||
cls._release(m_driver, loadbalancer, obj, m_delete)
|
cls._release(m_driver, loadbalancer, obj, m_delete)
|
||||||
|
|
||||||
|
@ -868,7 +873,7 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
m_delete = mock.Mock()
|
m_delete = mock.Mock()
|
||||||
timer = [mock.sentinel.t0, mock.sentinel.t1]
|
timer = [mock.sentinel.t0, mock.sentinel.t1]
|
||||||
m_driver._provisioning_timer.return_value = timer
|
m_driver._provisioning_timer.return_value = timer
|
||||||
m_delete.side_effect = o_exc.ConflictException
|
m_delete.side_effect = os_exc.ConflictException
|
||||||
|
|
||||||
self.assertRaises(k_exc.ResourceNotReady, cls._release, m_driver,
|
self.assertRaises(k_exc.ResourceNotReady, cls._release, m_driver,
|
||||||
loadbalancer, obj, m_delete)
|
loadbalancer, obj, m_delete)
|
||||||
|
@ -1032,7 +1037,7 @@ class TestLBaaSv2Driver(test_base.TestCase):
|
||||||
lbaas.get_load_balancer.return_value = resp
|
lbaas.get_load_balancer.return_value = resp
|
||||||
|
|
||||||
requested_uuid = '00EE9E11-91C2-41CF-8FD4-7970579EFFFF'
|
requested_uuid = '00EE9E11-91C2-41CF-8FD4-7970579EFFFF'
|
||||||
lbaas.get_load_balancer.side_effect = o_exc.ResourceNotFound
|
lbaas.get_load_balancer.side_effect = os_exc.ResourceNotFound
|
||||||
|
|
||||||
ret = cls.get_lb_by_uuid(m_driver, requested_uuid)
|
ret = cls.get_lb_by_uuid(m_driver, requested_uuid)
|
||||||
lbaas.get_load_balancer.assert_called_once()
|
lbaas.get_load_balancer.assert_called_once()
|
||||||
|
|
Loading…
Reference in New Issue