From 7ded0e47c5134e634cde50624c47c03d77e00a56 Mon Sep 17 00:00:00 2001 From: Bodo Petermann Date: Mon, 22 Mar 2021 14:23:00 +0100 Subject: [PATCH] Fix LB failover for amphorav2: set security group Fix for the issue that an amphorav2 LB cannot be reached after loadbalancer failover. The LB security group was not set in the amphora port. Fixed the v2 variant of UpdateVIPSecurityGroup to actually return the security group id (v1 already did). The flow created in get_failover_LB_flow uses UpdateVIPSecurityGroup which is supposed to provide VIP_SG_ID, which is later needed in get_amphora_for_lb_failover_subflow as a requirement for CreateVIPBasePort. Story: 2008735 Task: 42087 Change-Id: I1bb334ef0c11a79038b21a873a6675d76b0fbefc (cherry picked from commit 0513319f3d6e0d8ddbb6b386cbfe01829a68aa4e) (cherry picked from commit e3b68219dd9f1ed6ed55779bc03f018f6c74e433) --- octavia/controller/worker/v2/tasks/network_tasks.py | 2 +- .../unit/controller/worker/v1/tasks/test_network_tasks.py | 5 ++++- .../unit/controller/worker/v2/tasks/test_network_tasks.py | 5 ++++- .../fix-amphorav2-failover-secgroup-c793de5e00b32653.yaml | 5 +++++ 4 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/fix-amphorav2-failover-secgroup-c793de5e00b32653.yaml diff --git a/octavia/controller/worker/v2/tasks/network_tasks.py b/octavia/controller/worker/v2/tasks/network_tasks.py index 0784adc867..ead930bbd6 100644 --- a/octavia/controller/worker/v2/tasks/network_tasks.py +++ b/octavia/controller/worker/v2/tasks/network_tasks.py @@ -405,7 +405,7 @@ class UpdateVIPSecurityGroup(BaseNetworkTask): LOG.debug("Setup SG for loadbalancer id: %s", loadbalancer_id) db_lb = self.loadbalancer_repo.get( db_apis.get_session(), id=loadbalancer_id) - self.network_driver.update_vip_sg(db_lb, db_lb.vip) + return self.network_driver.update_vip_sg(db_lb, db_lb.vip) class GetSubnetFromVIP(BaseNetworkTask): diff --git a/octavia/tests/unit/controller/worker/v1/tasks/test_network_tasks.py b/octavia/tests/unit/controller/worker/v1/tasks/test_network_tasks.py index f9c1715f7f..2c55737f09 100644 --- a/octavia/tests/unit/controller/worker/v1/tasks/test_network_tasks.py +++ b/octavia/tests/unit/controller/worker/v1/tasks/test_network_tasks.py @@ -34,6 +34,7 @@ COMPUTE_ID = uuidutils.generate_uuid() PORT_ID = uuidutils.generate_uuid() SUBNET_ID = uuidutils.generate_uuid() NETWORK_ID = uuidutils.generate_uuid() +SG_ID = uuidutils.generate_uuid() IP_ADDRESS = "172.24.41.1" VIP = o_data_models.Vip(port_id=t_constants.MOCK_PORT_ID, subnet_id=t_constants.MOCK_SUBNET_ID, @@ -868,15 +869,17 @@ class TestNetworkTasks(base.TestCase): def test_update_vip_sg(self, mock_lb_get, mock_get_session, mock_get_net_driver): mock_driver = mock.MagicMock() + mock_driver.update_vip_sg.return_value = SG_ID mock_get_net_driver.return_value = mock_driver mock_lb_get.return_value = self.load_balancer_mock net = network_tasks.UpdateVIPSecurityGroup() - net.execute(self.load_balancer_mock.id) + sg_id = net.execute(self.load_balancer_mock.id) mock_lb_get.assert_called_once_with('TEST', id=self.load_balancer_mock.id) mock_driver.update_vip_sg.assert_called_once_with( self.load_balancer_mock, self.load_balancer_mock.vip) + self.assertEqual(sg_id, SG_ID) def test_get_subnet_from_vip(self, mock_get_net_driver): mock_driver = mock.MagicMock() diff --git a/octavia/tests/unit/controller/worker/v2/tasks/test_network_tasks.py b/octavia/tests/unit/controller/worker/v2/tasks/test_network_tasks.py index fcf0c16665..a3bd8ffc32 100644 --- a/octavia/tests/unit/controller/worker/v2/tasks/test_network_tasks.py +++ b/octavia/tests/unit/controller/worker/v2/tasks/test_network_tasks.py @@ -36,6 +36,7 @@ COMPUTE_ID = uuidutils.generate_uuid() PORT_ID = uuidutils.generate_uuid() SUBNET_ID = uuidutils.generate_uuid() NETWORK_ID = uuidutils.generate_uuid() +SG_ID = uuidutils.generate_uuid() IP_ADDRESS = "172.24.41.1" VIP = o_data_models.Vip(port_id=t_constants.MOCK_PORT_ID, subnet_id=t_constants.MOCK_SUBNET_ID, @@ -985,12 +986,14 @@ class TestNetworkTasks(base.TestCase): def test_update_vip_sg(self, mock_session, mock_lb_get, mock_get_net_driver): mock_driver = mock.MagicMock() + mock_driver.update_vip_sg.return_value = SG_ID mock_lb_get.return_value = LB mock_get_net_driver.return_value = mock_driver net = network_tasks.UpdateVIPSecurityGroup() - net.execute(self.load_balancer_mock) + sg_id = net.execute(self.load_balancer_mock) mock_driver.update_vip_sg.assert_called_once_with(LB, LB.vip) + self.assertEqual(sg_id, SG_ID) def test_get_subnet_from_vip(self, mock_get_net_driver): mock_driver = mock.MagicMock() diff --git a/releasenotes/notes/fix-amphorav2-failover-secgroup-c793de5e00b32653.yaml b/releasenotes/notes/fix-amphorav2-failover-secgroup-c793de5e00b32653.yaml new file mode 100644 index 0000000000..1e95f98539 --- /dev/null +++ b/releasenotes/notes/fix-amphorav2-failover-secgroup-c793de5e00b32653.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixed an issue that an amphorav2 LB cannot be reached after loadbalancer + failover. The LB security group was not set in the amphora port.