Allow AZ to override valid_vip_networks config
Different AZs may have access to different vip networks. Change-Id: I7169b34d93bc8a265fc74fedcbba67e980285a7e
This commit is contained in:
parent
741397f1a9
commit
4a360bfda7
|
@ -22,14 +22,14 @@ balancing capabilities to their users. An Octavia flavor is a predefined
|
|||
set of provider configuration options that are created by the operator.
|
||||
When an user requests a load balancer they can request the load balancer
|
||||
be built with one of the defined flavors. Flavors are defined per provider
|
||||
driver and expose the unique capabilites of each provider.
|
||||
driver and expose the unique capabilities of each provider.
|
||||
|
||||
This document is intended to explain the flavors capability for operators
|
||||
that wish to create flavors for their users.
|
||||
|
||||
There are three steps to creating a new Octavia flavor:
|
||||
|
||||
#. Decide on the provider flavor capabilites that will be configured in the
|
||||
#. Decide on the provider flavor capabilities that will be configured in the
|
||||
flavor.
|
||||
#. Create the flavor profile with the flavor capabilities.
|
||||
#. Create the user facing flavor.
|
||||
|
@ -132,8 +132,8 @@ The output of the command above is::
|
|||
| name | standalone-lb |
|
||||
| flavor_profile_id | 72b53ac2-b191-48eb-8f73-ed012caca23a |
|
||||
| enabled | True |
|
||||
| description | A non-high availability load b |
|
||||
| | alancer for testing. |
|
||||
| description | A non-high availability load |
|
||||
| | balancer for testing. |
|
||||
+-------------------+--------------------------------------+
|
||||
|
||||
At this point, the flavor is available for use by users creating new load
|
||||
|
|
|
@ -1770,7 +1770,8 @@ description. For example:
|
|||
.. code-block:: python
|
||||
|
||||
{"compute_zone": "The compute availability zone to use for this loadbalancer.",
|
||||
"management_network": "The management network ID for the loadbalancer."}
|
||||
"management_network": "The management network ID for the loadbalancer.",
|
||||
"valid_vip_networks": "List of network IDs that are allowed for VIP use. This overrides/replaces the list of allowed networks configured in `octavia.conf`."}
|
||||
|
||||
validate_availability_zone
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
|
|
@ -42,6 +42,12 @@ SUPPORTED_AVAILABILITY_ZONE_SCHEMA = {
|
|||
consts.MANAGEMENT_NETWORK: {
|
||||
"type": "string",
|
||||
"description": "The management network ID for the amphora."
|
||||
},
|
||||
consts.VALID_VIP_NETWORKS: {
|
||||
"type": "array",
|
||||
"description": "List of network IDs that are allowed for VIP use. "
|
||||
"This overrides/replaces the list of allowed "
|
||||
"networks configured in `octavia.conf`."
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -464,3 +464,16 @@ class AmphoraProviderDriver(driver_base.ProviderDriver):
|
|||
# TODO(johnsom) Fix this to raise a NotFound error
|
||||
# when the octavia-lib supports it.
|
||||
compute_driver.validate_availability_zone(compute_zone)
|
||||
|
||||
check_nets = availability_zone_dict.get(
|
||||
consts.VALID_VIP_NETWORKS, [])
|
||||
management_net = availability_zone_dict.get(
|
||||
consts.MANAGEMENT_NETWORK, None)
|
||||
if management_net:
|
||||
check_nets.append(management_net)
|
||||
for check_net in check_nets:
|
||||
network_driver = utils.get_network_driver()
|
||||
|
||||
# TODO(johnsom) Fix this to raise a NotFound error
|
||||
# when the octavia-lib supports it.
|
||||
network_driver.get_network(check_net)
|
||||
|
|
|
@ -246,7 +246,6 @@ class LoadBalancersController(base.BaseController):
|
|||
if load_balancer.vip_qos_policy_id:
|
||||
validate.qos_policy_exists(
|
||||
qos_policy_id=load_balancer.vip_qos_policy_id)
|
||||
validate.network_allowed_by_config(load_balancer.vip_network_id)
|
||||
|
||||
def _create_vip_port_if_not_exist(self, load_balancer_db):
|
||||
"""Create vip port."""
|
||||
|
@ -427,6 +426,10 @@ class LoadBalancersController(base.BaseController):
|
|||
|
||||
az_dict = self._validate_and_return_az_dict(lock_session, driver,
|
||||
lb_dict)
|
||||
# Validate the network as soon as we have the AZ data
|
||||
validate.network_allowed_by_config(
|
||||
load_balancer.vip_network_id,
|
||||
valid_networks=az_dict.get(constants.VALID_VIP_NETWORKS))
|
||||
|
||||
db_lb = self.repositories.create_load_balancer_and_vip(
|
||||
lock_session, lb_dict, vip_dict)
|
||||
|
|
|
@ -404,6 +404,7 @@ TOPOLOGY = 'topology'
|
|||
TOTAL_CONNECTIONS = 'total_connections'
|
||||
UPDATED_AT = 'updated_at'
|
||||
UPDATE_DICT = 'update_dict'
|
||||
VALID_VIP_NETWORKS = 'valid_vip_networks'
|
||||
VIP = 'vip'
|
||||
VIP_ADDRESS = 'vip_address'
|
||||
VIP_NETWORK = 'vip_network'
|
||||
|
|
|
@ -376,10 +376,12 @@ def network_exists_optionally_contains_subnet(network_id, subnet_id=None):
|
|||
return network
|
||||
|
||||
|
||||
def network_allowed_by_config(network_id):
|
||||
if CONF.networking.valid_vip_networks:
|
||||
valid_networks = map(str.lower, CONF.networking.valid_vip_networks)
|
||||
if network_id not in valid_networks:
|
||||
def network_allowed_by_config(network_id, valid_networks=None):
|
||||
if CONF.networking.valid_vip_networks and not valid_networks:
|
||||
valid_networks = CONF.networking.valid_vip_networks
|
||||
if valid_networks:
|
||||
valid_networks = map(str.lower, valid_networks)
|
||||
if network_id.lower() not in valid_networks:
|
||||
raise exceptions.ValidationException(detail=_(
|
||||
'Supplied VIP network_id is not allowed by the configuration '
|
||||
'of this deployment.'))
|
||||
|
|
|
@ -685,9 +685,18 @@ class TestAmphoraDriver(base.TestRpc):
|
|||
self.amp_driver.get_supported_availability_zone_metadata)
|
||||
|
||||
def test_validate_availability_zone(self):
|
||||
# Test compute zone
|
||||
ref_dict = {consts.COMPUTE_ZONE: 'my_compute_zone'}
|
||||
self.amp_driver.validate_availability_zone(ref_dict)
|
||||
|
||||
# Test vip networks
|
||||
ref_dict = {consts.VALID_VIP_NETWORKS: ['my_vip_net']}
|
||||
self.amp_driver.validate_availability_zone(ref_dict)
|
||||
|
||||
# Test management network
|
||||
ref_dict = {consts.MANAGEMENT_NETWORK: 'my_management_net'}
|
||||
self.amp_driver.validate_availability_zone(ref_dict)
|
||||
|
||||
# Test bad availability zone metadata key
|
||||
ref_dict = {'bogus': 'bogus'}
|
||||
self.assertRaises(exceptions.UnsupportedOptionError,
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Availability zone profiles can now override the ``valid_vip_networks``
|
||||
configuration option.
|
Loading…
Reference in New Issue