nlbaas2octavia: do not change SG owned by user
When a user associated a VIP to his own security group, the migration should not change its ownership. Change-Id: I74648fc016f490c83890568fdd482ef0fdd8fa61
This commit is contained in:
parent
10c5c2b940
commit
aba049283e
|
@ -343,13 +343,20 @@ def migrate_lb(LOG, n_session_maker, o_session_maker, lb_id):
|
||||||
if result.rowcount != 1:
|
if result.rowcount != 1:
|
||||||
raise Exception(_('Unable to update VIP port in the neutron '
|
raise Exception(_('Unable to update VIP port in the neutron '
|
||||||
'database.'))
|
'database.'))
|
||||||
result = n_session.execute(
|
security_group = n_session.execute(
|
||||||
"UPDATE securitygroups SET project_id = :proj_id WHERE "
|
"SELECT project_id FROM securitygroups WHERE id = :id",
|
||||||
"id = :id;", {'proj_id': CONF.migration.octavia_account_id,
|
{'id': vip_port[2]}).fetchone()
|
||||||
'id': vip_port[2]})
|
|
||||||
if result.rowcount != 1:
|
# Update security group project, only when its owner is not the
|
||||||
raise Exception(_('Unable to update VIP security group in the '
|
# user project, which means that Octavia should own it
|
||||||
'neutron database.'))
|
if security_group[0] != n_lb[1]:
|
||||||
|
result = n_session.execute(
|
||||||
|
"UPDATE securitygroups SET project_id = :proj_id WHERE "
|
||||||
|
"id = :id;", {'proj_id': CONF.migration.octavia_account_id,
|
||||||
|
'id': vip_port[2]})
|
||||||
|
if result.rowcount != 1:
|
||||||
|
raise Exception(_('Unable to update VIP security group in '
|
||||||
|
'the neutron database.'))
|
||||||
|
|
||||||
# Octavia driver load balancers are now done, next process the other
|
# Octavia driver load balancers are now done, next process the other
|
||||||
# provider driver load balancers
|
# provider driver load balancers
|
||||||
|
|
Loading…
Reference in New Issue