openstack
/
neutron-lbaas
Code Issues Proposed changes

nlbaas2octavia: do not change SG owned by user 

When a user associated a VIP to his own security group, the migration
should not change its ownership.

Change-Id: I74648fc016f490c83890568fdd482ef0fdd8fa61
This commit is contained in:
Kobi Samoray 2018-08-16 16:52:37 +03:00
parent 10c5c2b940
commit aba049283e
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
tools/nlbaas2octavia/nlbaas2octavia.py
View File

@ -343,13 +343,20 @@ def migrate_lb(LOG, n_session_maker, o_session_maker, lb_id):
if result.rowcount != 1: if result.rowcount != 1:
raise Exception(_('Unable to update VIP port in the neutron ' raise Exception(_('Unable to update VIP port in the neutron '
'database.')) 'database.'))
result = n_session.execute( security_group = n_session.execute(
"UPDATE securitygroups SET project_id = :proj_id WHERE " "SELECT project_id FROM securitygroups WHERE id = :id",
"id = :id;", {'proj_id': CONF.migration.octavia_account_id, {'id': vip_port[2]}).fetchone()
'id': vip_port[2]})
if result.rowcount != 1: # Update security group project, only when its owner is not the
raise Exception(_('Unable to update VIP security group in the ' # user project, which means that Octavia should own it
'neutron database.')) if security_group[0] != n_lb[1]:
result = n_session.execute(
"UPDATE securitygroups SET project_id = :proj_id WHERE "
"id = :id;", {'proj_id': CONF.migration.octavia_account_id,
'id': vip_port[2]})
if result.rowcount != 1:
raise Exception(_('Unable to update VIP security group in '
'the neutron database.'))
# Octavia driver load balancers are now done, next process the other # Octavia driver load balancers are now done, next process the other
# provider driver load balancers # provider driver load balancers