Merge "Removing lbaasv2 related code"

.zuul.d/lbaasv2.yaml

@@ -1,39 +0,0 @@
-# Copyright 2018 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- job:
-    name: kuryr-kubernetes-tempest-lbaasv2
-    parent: kuryr-kubernetes-tempest-base
-    description: |
-      Kuryr-Kubernetes tempest job using lbaasv2
-    host-vars:
-      controller:
-        devstack_plugins:
-          neutron-lbaas: https://git.openstack.org/openstack/neutron-lbaas
-    vars:
-      devstack_localrc:
-          NEUTRON_LBAAS_SERVICE_PROVIDERV2: 'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default'
-          KURYR_K8S_LBAAS_USE_OCTAVIA: False
-      devstack_services:
-        q-lbaasv2: true
-        kuryr-daemon: false
-
-- job:
-    name: kuryr-kubernetes-tempest-daemon-lbaasv2
-    parent: kuryr-kubernetes-tempest-lbaasv2
-    description: |
-      Kuryr-Kubernetes tempest job using lbaasv2 and CNI daemon
-    vars:
-      devstack_services:
-        kuryr-daemon: true

.zuul.d/project.yaml

@@ -19,7 +19,6 @@
         - kuryr-kubernetes-tempest-octavia
         - kuryr-kubernetes-tempest-daemon-octavia
         - kuryr-kubernetes-tempest-daemon-openshift-octavia
-        - kuryr-kubernetes-tempest-daemon-lbaasv2
         - kuryr-kubernetes-tempest-daemon-containerized-octavia
         - kuryr-kubernetes-tempest-daemon-containerized-ovn
         - kuryr-kubernetes-tempest-daemon-octavia-py36
@@ -30,7 +29,6 @@
       jobs:
         - kuryr-kubernetes-tempest-octavia
         - kuryr-kubernetes-tempest-daemon-octavia
-        - kuryr-kubernetes-tempest-daemon-lbaasv2
         - kuryr-kubernetes-tempest-daemon-containerized-octavia
         - kuryr-kubernetes-tempest-daemon-octavia-py36
         - kuryr-kubernetes-tempest-daemon-containerized-octavia-py36

devstack/lib/kuryr_kubernetes

@@ -40,11 +40,7 @@ function ovs_bind_for_kubelet() {
         kubelet-"${HOSTNAME}")
     # Need to enable Amphorae subnet access to the kubelet iface for API
     # access
-    local use_octavia
-    use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
-    if [[ "$use_octavia" == "True" ]]; then
-        openstack port set "$port_id" --security-group service_pod_access
-    fi
+    openstack port set "$port_id" --security-group service_pod_access
     if [[ "$KURYR_SG_DRIVER" == "namespace" ]]; then
         openstack port set "$port_id" --security-group allow_from_namespace
         openstack port set "$port_id" --security-group allow_from_default
@@ -293,22 +289,6 @@ function create_k8s_subnet {
               "Failed to enable routing for K8s ${subnet_name} subnet"
 }
 
-# create_k8s_router_fake_service
-#   Description: Creates an endpoint-less kubernetes service to keep Kubernetes
-#                API server from allocating the service subnet router IP for
-#                another service
-function create_k8s_router_fake_service {
-    local router_ip
-    local fake_svc_name
-
-    fake_svc_name='kuryr-svc-router'
-    router_ip=$(openstack --os-cloud devstack-admin \
-        --os-region "$REGION_NAME" \
-        subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \
-        -f value -c gateway_ip)
-    create_k8s_fake_service $fake_svc_name $router_ip
-}
-
 # create_k8s_fake_service
 #   Description: Creates an endpoint-less kubernetes service to keep Kubernetes
 #                API server from allocating this IP for another service
@@ -875,14 +855,8 @@ function lb_state {
     local lb_id
 
     lb_id="$1"
-    # Checks Neutron lbaas for the Load balancer state
-    if is_service_enabled octavia; then
-        openstack loadbalancer show "$lb_id" | \
-            awk '/provisioning_status/ {print $4}'
-    else
-        neutron lbaas-loadbalancer-show "$lb_id" | \
-            awk '/provisioning_status/ {print $4}'
-    fi
+    openstack loadbalancer show "$lb_id" | \
+        awk '/provisioning_status/ {print $4}'
 }
 
 function wait_for_lb {
@@ -933,13 +907,8 @@ function create_load_balancer {
         lb_params+=" --vip-address $4"
     fi
 
-    if is_service_enabled octavia; then
-        lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet"
-        openstack loadbalancer create $lb_params
-    else
-        lb_params+=" --tenant-id ${project_id} $lb_vip_subnet"
-        neutron lbaas-loadbalancer-create $lb_params
-    fi
+    lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet"
+    openstack loadbalancer create $lb_params
 }
 
 # create_load_balancer_listener
@@ -972,20 +941,12 @@ function create_load_balancer_listener {
     # Octavia needs the LB to be active for the listener
     wait_for_lb $lb $max_timeout
 
-    if is_service_enabled octavia; then
-        openstack loadbalancer listener create --name "$name" \
-            --protocol "$protocol" \
-            --protocol-port "$port" \
-            --timeout-client-data "$data_timeouts" \
-            --timeout-member-data "$data_timeouts" \
-            "$lb"
-    else
-        neutron lbaas-listener-create --name "$name" \
-            --protocol "$protocol" \
-            --protocol-port "$port" \
-            --tenant-id "$project_id" \
-            --loadbalancer "$lb"
-    fi
+    openstack loadbalancer listener create --name "$name" \
+        --protocol "$protocol" \
+        --protocol-port "$port" \
+        --timeout-client-data "$data_timeouts" \
+        --timeout-member-data "$data_timeouts" \
+        "$lb"
 }
 
 # create_load_balancer_pool
@@ -1018,19 +979,10 @@ function create_load_balancer_pool {
     # We must wait for the LB to be active before we can put a Pool for it
     wait_for_lb $lb
 
-    if is_service_enabled octavia; then
-        openstack loadbalancer pool create --name "$name" \
-            --listener "$listener" \
-            --protocol "$protocol" \
-            --lb-algorithm "$algorithm"
-    else
-        neutron lbaas-pool-create --name "$name" \
-            --loadbalancer "$lb" \
-            --listener "$listener" \
-            --protocol "$protocol" \
-            --tenant-id "$project_id" \
-            --lb-algorithm "$algorithm"
-    fi
+    openstack loadbalancer pool create --name "$name" \
+        --listener "$listener" \
+        --protocol "$protocol" \
+        --lb-algorithm "$algorithm"
 }
 
 # create_load_balancer_member
@@ -1063,19 +1015,10 @@ function create_load_balancer_member {
     # We must wait for the pool creation update before we can add members
     wait_for_lb $lb
 
-    if is_service_enabled octavia; then
-        openstack loadbalancer member create --name "$name" \
-            --address "$address" \
-            --protocol-port "$port" \
-            "$pool"
-    else
-        neutron lbaas-member-create --name "$name" \
-            --subnet "$subnet" \
-            --address "$address" \
-            --protocol-port "$port" \
-            --tenant-id "$project_id" \
-            "$pool"
-    fi
+    openstack loadbalancer member create --name "$name" \
+        --address "$address" \
+        --protocol-port "$port" \
+        "$pool"
 }
 
 # split_subnet
@@ -1111,11 +1054,7 @@ function get_loadbalancer_attribute {
     lb_name="$1"
     lb_attr="$2"
 
-    if is_service_enabled octavia; then
-        openstack loadbalancer show "$lb_name" -c "$lb_attr" -f value
-    else
-        neutron lbaas-loadbalancer-show "$lb_name" -c "$lb_attr" -f value
-    fi
+    openstack loadbalancer show "$lb_name" -c "$lb_attr" -f value
 }
 
 # openshift_node_set_dns_config

devstack/local.conf.df.sample

@@ -53,40 +53,32 @@ TUNNEL_TYPE=vxlan
 DF_SELECTIVE_TOPO_DIST=False
 
 # OCTAVIA
-KURYR_K8S_LBAAS_USE_OCTAVIA=False
 # Uncomment it to use L2 communication between loadbalancer and member pods
 # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
 
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    # Octavia LBaaSv2
-    LIBS_FROM_GIT+=python-octaviaclient
-    enable_plugin octavia https://git.openstack.org/openstack/octavia
-    enable_service octavia
-    enable_service o-api
-    enable_service o-cw
-    enable_service o-hm
-    enable_service o-hk
-    ## Octavia Deps
-    ### Image
-    ### Barbican
-    enable_plugin barbican https://git.openstack.org/openstack/barbican
-    ### Nova
-    enable_service n-api
-    enable_service n-api-meta
-    enable_service n-cpu
-    enable_service n-cond
-    enable_service n-sch
-    enable_service placement-api
-    enable_service placement-client
-    ### Glance
-    enable_service g-api
-    enable_service g-reg
-else
-    # LBaaSv2 service and Haproxy agent
-    enable_plugin neutron-lbaas \
-        git://git.openstack.org/openstack/neutron-lbaas
-    enable_service q-lbaasv2
-fi
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
 
 # By default use all the services from the kuryr-kubernetes plugin
 
@@ -211,11 +203,7 @@ enable_service kuryr-daemon
 
 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
-else
-    NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
-fi
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
 
 [[post-config|$OCTAVIA_CONF]]
 [controller_worker]

devstack/local.conf.openshift.sample

@@ -34,40 +34,32 @@ enable_service q-l3
 enable_service q-svc
 
 # OCTAVIA
-KURYR_K8S_LBAAS_USE_OCTAVIA=True
 # Uncomment it to use L2 communication between loadbalancer and member pods
 # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
 
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    # Octavia LBaaSv2
-    LIBS_FROM_GIT+=python-octaviaclient
-    enable_plugin octavia https://git.openstack.org/openstack/octavia
-    enable_service octavia
-    enable_service o-api
-    enable_service o-cw
-    enable_service o-hm
-    enable_service o-hk
-    ## Octavia Deps
-    ### Image
-    ### Barbican
-    enable_plugin barbican https://git.openstack.org/openstack/barbican
-    ### Nova
-    enable_service n-api
-    enable_service n-api-meta
-    enable_service n-cpu
-    enable_service n-cond
-    enable_service n-sch
-    enable_service placement-api
-    enable_service placement-client
-    ### Glance
-    enable_service g-api
-    enable_service g-reg
-else
-    # LBaaSv2 service and Haproxy agent
-    enable_plugin neutron-lbaas \
-        git://git.openstack.org/openstack/neutron-lbaas
-    enable_service q-lbaasv2
-fi
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
 
 
 # Keystone
@@ -216,11 +208,7 @@ enable_service kuryr-daemon
 
 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
-else
-    NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
-fi
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
 
 [[post-config|$OCTAVIA_CONF]]
 [controller_worker]

devstack/local.conf.ovn.sample

@@ -42,8 +42,6 @@ enable_service q-svc
 VAR_RUN_PATH=/usr/local/var/run
 
 # OCTAVIA
-KURYR_K8S_LBAAS_USE_OCTAVIA=True
-
 # Uncomment it to use L2 communication between loadbalancer and member pods
 # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
 
@@ -64,36 +62,29 @@ KURYR_K8S_LBAAS_USE_OCTAVIA=True
 
 
 
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    # Octavia LBaaSv2
-    LIBS_FROM_GIT+=python-octaviaclient
-    enable_plugin octavia https://git.openstack.org/openstack/octavia
-    enable_service octavia
-    enable_service o-api
-    enable_service o-cw
-    enable_service o-hm
-    enable_service o-hk
-    ## Octavia Deps
-    ### Image
-    ### Barbican
-    enable_plugin barbican https://git.openstack.org/openstack/barbican
-    ### Nova
-    enable_service n-api
-    enable_service n-api-meta
-    enable_service n-cpu
-    enable_service n-cond
-    enable_service n-sch
-    enable_service placement-api
-    enable_service placement-client
-    ### Glance
-    enable_service g-api
-    enable_service g-reg
-else
-    # LBaaSv2 service and Haproxy agent
-    enable_plugin neutron-lbaas \
-        git://git.openstack.org/openstack/neutron-lbaas
-    enable_service q-lbaasv2
-fi
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
 
 
 # Keystone
@@ -248,11 +239,7 @@ KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True
 
 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
-else
-    NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
-fi
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
 
 [[post-config|$OCTAVIA_CONF]]
 [controller_worker]

devstack/local.conf.pod-in-vm.undercloud.df.sample

@@ -30,10 +30,39 @@ disable_service q-agt
 # We have to disable the neutron dhcp agent. DF does not use the dhcp agent.
 disable_service q-dhcp
 
-# LBaaSv2 service and Haproxy agent
-enable_plugin neutron-lbaas git://git.openstack.org/openstack/neutron-lbaas
-enable_service q-lbaasv2
-NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+# Current Octavia image generation using diskimage-builder is broken ATM
+# You can fetch a precreated qcow image from here [1] and set up octavia to
+# use it by uncommenting the following lines.
+# [1] https://tarballs.openstack.org/octavia/test-images/
+#             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_SIZE=3
+# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
+
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
 
 # Enable heat services if you want to deploy overcloud using Heat stack
 enable_plugin heat https://git.openstack.org/openstack/heat

devstack/local.conf.pod-in-vm.undercloud.ovn.sample

@@ -39,9 +39,37 @@ disable_service q-meta
 enable_plugin neutron https://git.openstack.org/openstack/neutron
 enable_service q-trunk
 
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+# Current Octavia image generation using diskimage-builder is broken ATM
+# You can fetch a precreated qcow image from here [1] and set up octavia to
+# use it by uncommenting the following lines.
+# [1] https://tarballs.openstack.org/octavia/test-images/
+#             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_SIZE=3
+# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
+
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
 
-# LBaaSv2 service and Haproxy agent
-enable_plugin neutron-lbaas \
-    git://git.openstack.org/openstack/neutron-lbaas
-enable_service q-lbaasv2
-NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"

devstack/local.conf.pod-in-vm.undercloud.sample

@@ -21,11 +21,39 @@ TUNNEL_TYPE=vxlan
 # Enable Keystone v3
 IDENTITY_API_VERSION=3
 
-# LBaaSv2 service and Haproxy agent
-enable_plugin neutron-lbaas \
-    git://git.openstack.org/openstack/neutron-lbaas
-enable_service q-lbaasv2
-NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+# Current Octavia image generation using diskimage-builder is broken ATM
+# You can fetch a precreated qcow image from here [1] and set up octavia to
+# use it by uncommenting the following lines.
+# [1] https://tarballs.openstack.org/octavia/test-images/
+#             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_SIZE=3
+# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
+
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
 
 [[post-config|/$Q_PLUGIN_CONF_FILE]]
 [securitygroup]

devstack/local.conf.sample

@@ -38,48 +38,40 @@ enable_service q-svc
 # VAR_RUN_PATH=/var/run
 
 # OCTAVIA
-KURYR_K8S_LBAAS_USE_OCTAVIA=True
 # Uncomment it to use L2 communication between loadbalancer and member pods
 # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
 
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    # Octavia LBaaSv2
-    LIBS_FROM_GIT+=python-octaviaclient
-    enable_plugin octavia https://git.openstack.org/openstack/octavia
-    enable_service octavia
-    enable_service o-api
-    enable_service o-cw
-    enable_service o-hm
-    enable_service o-hk
-    ## Octavia Deps
-    # Current Octavia image generation using diskimage-builder is broken ATM
-    # You can fetch a precreated qcow image from here [1] and set up octavia to
-    # use it by uncommenting the following lines.
-    # [1] https://tarballs.openstack.org/octavia/test-images/
-    #             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
-    # OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
-    # OCTAVIA_AMP_IMAGE_SIZE=3
-    # OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
-    ### Image
-    ### Barbican
-    enable_plugin barbican https://git.openstack.org/openstack/barbican
-    ### Nova
-    enable_service n-api
-    enable_service n-api-meta
-    enable_service n-cpu
-    enable_service n-cond
-    enable_service n-sch
-    enable_service placement-api
-    enable_service placement-client
-    ### Glance
-    enable_service g-api
-    enable_service g-reg
-else
-    # LBaaSv2 service and Haproxy agent
-    enable_plugin neutron-lbaas \
-        git://git.openstack.org/openstack/neutron-lbaas
-    enable_service q-lbaasv2
-fi
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+# Current Octavia image generation using diskimage-builder is broken ATM
+# You can fetch a precreated qcow image from here [1] and set up octavia to
+# use it by uncommenting the following lines.
+# [1] https://tarballs.openstack.org/octavia/test-images/
+#             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_SIZE=3
+# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
 
 
 # Keystone
@@ -238,11 +230,7 @@ enable_service kuryr-daemon
 
 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
-else
-    NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
-fi
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
 
 [[post-config|$OCTAVIA_CONF]]
 [controller_worker]

devstack/plugin.sh

@@ -294,14 +294,12 @@ function configure_neutron_defaults {
     pod_subnet_id="$(openstack subnet show -c id -f value \
         "${KURYR_NEUTRON_DEFAULT_POD_SUBNET}")"
 
-    local use_octavia
-    use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
     create_k8s_subnet "$project_id" \
                       "$KURYR_NEUTRON_DEFAULT_SERVICE_NET" \
                       "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \
                       "$subnetpool_id" \
                       "$router" \
-                      "$use_octavia"
+                      "True"
     service_subnet_id="$(openstack subnet show -c id -f value \
         "${KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET}")"
 
@@ -343,15 +341,13 @@ function configure_neutron_defaults {
         --remote-ip "$service_cidr" --ethertype IPv4 --protocol udp \
         "$service_pod_access_sg_id"
 
-    if [[ "$use_octavia" == "True" && \
-          "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then
+    if [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then
         if [ -n "$sg_ids" ]; then
             sg_ids+=",${service_pod_access_sg_id}"
         else
             sg_ids="${service_pod_access_sg_id}"
         fi
-    elif [[ "$use_octavia" == "True" && \
-            "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
+    elif [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
         # In case the member connectivity is L2, Octavia by default uses the
         # admin 'default' sg to create a port for the amphora load balancer
         # at the member ports subnet. Thus we need to allow L2 communication
@@ -447,15 +443,13 @@ function configure_neutron_defaults {
     iniset "$KURYR_CONFIG" neutron_defaults external_svc_net "$ext_svc_net_id"
     iniset "$KURYR_CONFIG" octavia_defaults member_mode "$KURYR_K8S_OCTAVIA_MEMBER_MODE"
     iniset "$KURYR_CONFIG" octavia_defaults sg_mode "$KURYR_K8S_OCTAVIA_SG_MODE"
-    if [[ "$use_octavia" == "True" ]]; then
-        # Octavia takes a very long time to start the LB in the gate. We need
-        # to tweak the timeout for the LB creation. Let's be generous and give
-        # it up to 20 minutes.
-        # FIXME(dulek): This might be removed when bug 1753653 is fixed and
-        #               Kuryr restarts waiting for LB on timeouts.
-        iniset "$KURYR_CONFIG" neutron_defaults lbaas_activation_timeout 1200
-        iniset "$KURYR_CONFIG" kubernetes endpoints_driver_octavia_provider "$KURYR_EP_DRIVER_OCTAVIA_PROVIDER"
-    fi
+    # Octavia takes a very long time to start the LB in the gate. We need
+    # to tweak the timeout for the LB creation. Let's be generous and give
+    # it up to 20 minutes.
+    # FIXME(dulek): This might be removed when bug 1753653 is fixed and
+    #               Kuryr restarts waiting for LB on timeouts.
+    iniset "$KURYR_CONFIG" neutron_defaults lbaas_activation_timeout 1200
+    iniset "$KURYR_CONFIG" kubernetes endpoints_driver_octavia_provider "$KURYR_EP_DRIVER_OCTAVIA_PROVIDER"
 }
 
 function configure_k8s_pod_sg_rules {
@@ -872,8 +866,6 @@ function configure_overcloud_vm_k8s_svc_sg {
 
 function update_tempest_conf_file {
 
-    local use_octavia="$1"
-
     if [[ "$KURYR_USE_PORT_POOLS" == "True" ]]; then
         iniset $TEMPEST_CONFIG kuryr_kubernetes port_pool_enabled True
     fi
@@ -896,10 +888,8 @@ function update_tempest_conf_file {
         iniset $TEMPEST_CONFIG kuryr_kubernetes kuryr_daemon_enabled False
     fi
     # NOTE(yboaron): Services with protocol UDP are supported in Kuryr
-    # starting from Stein release and only for Octavia
-    if [[ "$use_octavia" == "True" ]]; then
-        iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True
-    fi
+    # starting from Stein release
+    iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True
     if [[ "$KURYR_CONTROLLER_HA" == "True" ]]; then
         iniset $TEMPEST_CONFIG kuryr_kubernetes ap_ha True
     fi
@@ -1062,12 +1052,6 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then
 
 elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
     if is_service_enabled kuryr-kubernetes; then
-        # NOTE(dulek): This is so late, because Devstack's Octavia is unable
-        #              to create loadbalancers until test-config phase.
-        use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
-        if [[ "$use_octavia" == "False" ]]; then
-            create_k8s_router_fake_service
-        fi
         create_k8s_api_service
         #create Ingress L7 router if required
         enable_ingress=$(trueorfalse False KURYR_ENABLE_INGRESS)
@@ -1095,7 +1079,7 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
         fi
     fi
     if is_service_enabled tempest; then
-        update_tempest_conf_file "$use_octavia"
+        update_tempest_conf_file
     fi
 fi
 

devstack/settings

@@ -55,7 +55,6 @@ OPENSHIFT_API_URL=${OPENSHIFT_API_URL:-https://${HOST_IP}:${OPENSHIFT_API_PORT}}
 OPENSHIFT_CNI_BINARY_URL=${OPENSHIFT_CNI_BINARY_URL:-https://github.com/containernetworking/cni/releases/download/v0.5.2/cni-v0.5.2.tgz}
 
 # Octavia
-KURYR_K8S_LBAAS_USE_OCTAVIA=${KURYR_K8S_LBAAS_USE_OCTAVIA:-True}
 KURYR_K8S_OCTAVIA_MEMBER_MODE=${KURYR_K8S_OCTAVIA_MEMBER_MODE:-L3}
 KURYR_K8S_OCTAVIA_SG_MODE=${KURYR_K8S_OCTAVIA_SG_MODE:-update}
 

kuryr_kubernetes/config.py

@@ -138,11 +138,7 @@ k8s_opts = [
     cfg.StrOpt('endpoints_lbaas_driver',
                help=_("The driver that provides LoadBalancers for "
                       "Kubernetes Endpoints"),
-               default='lbaasv2',
-               deprecated_for_removal=True,
-               deprecated_reason="Default and supported lbaas endpoint is "
-                                 "now Octavia",
-               deprecated_since="Rocky"),
+               default='lbaasv2'),
     cfg.StrOpt('endpoints_driver_octavia_provider',
                help=_("The Octavia load balancer provider that will be used "
                       "to support Kubernetes Endpoints"),

kuryr_kubernetes/controller/drivers/lbaasv2.py

@@ -27,7 +27,6 @@ from oslo_log import log as logging
 from oslo_utils import timeutils
 
 from kuryr_kubernetes import clients
-from kuryr_kubernetes import constants as const
 from kuryr_kubernetes.controller.drivers import base
 from kuryr_kubernetes import exceptions as k_exc
 from kuryr_kubernetes.objects import lbaas as obj_lbaas
@@ -76,13 +75,6 @@ class LBaaSv2Driver(base.LBaaSDriver):
             # deleted externally between 'create' and 'find'
             raise k_exc.ResourceNotReady(request)
 
-        try:
-            if security_groups_ids is not None:
-                self._ensure_security_groups(response, service_type)
-        except n_exc.NeutronClientException:
-            self.release_loadbalancer(response)
-            raise
-
         return response
 
     def release_loadbalancer(self, loadbalancer):
@@ -112,59 +104,6 @@ class LBaaSv2Driver(base.LBaaSDriver):
             except n_exc.NotFound:
                 LOG.debug('Security group %s already deleted', sg_id)
 
-    def _ensure_security_groups(self, loadbalancer, service_type):
-        # We only handle SGs for legacy LBaaSv2, Octavia handles it dynamically
-        # according to listener ports.
-        if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER:
-            neutron = clients.get_neutron_client()
-            sg_id = None
-            try:
-                # NOTE(dulek): We're creating another security group to
-                #              overcome LBaaS v2 limitations and handle SGs
-                #              ourselves.
-                if service_type == 'LoadBalancer':
-                    sg_id = self._find_listeners_sg(loadbalancer)
-                    if not sg_id:
-                        sg = neutron.create_security_group({
-                            'security_group': {
-                                'name': loadbalancer.name,
-                                'project_id': loadbalancer.project_id,
-                            },
-                        })
-                        sg_id = sg['security_group']['id']
-                    loadbalancer.security_groups.append(sg_id)
-
-                neutron.update_port(
-                    loadbalancer.port_id,
-                    {'port': {
-                        'security_groups': loadbalancer.security_groups}})
-            except n_exc.NeutronClientException:
-                LOG.exception('Failed to set SG for LBaaS v2 VIP port %s.',
-                              loadbalancer.port_id)
-                if sg_id:
-                    neutron.delete_security_group(sg_id)
-                raise
-
-    def _ensure_lb_security_group_rule(self, loadbalancer, listener):
-        sg_id = self._find_listeners_sg(loadbalancer)
-        if sg_id:
-            try:
-                neutron = clients.get_neutron_client()
-                neutron.create_security_group_rule({
-                    'security_group_rule': {
-                        'direction': 'ingress',
-                        'port_range_min': listener.port,
-                        'port_range_max': listener.port,
-                        'protocol': listener.protocol,
-                        'security_group_id': sg_id,
-                        'description': listener.name,
-                    },
-                })
-            except n_exc.NeutronClientException as ex:
-                if ex.status_code != requests.codes.conflict:
-                    LOG.exception('Failed when creating security group rule '
-                                  'for listener %s.', listener.name)
-
     def _create_lb_security_group_rule(self, loadbalancer, listener):
         neutron = clients.get_neutron_client()
         sg_id = self._find_listeners_sg(loadbalancer)
@@ -371,9 +310,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
             CONF.kubernetes.service_security_groups_driver == 'namespace')
         create_sg = CONF.octavia_defaults.sg_mode == 'create'
 
-        if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER:
-            self._ensure_lb_security_group_rule(loadbalancer, listener)
-        elif namespace_isolation and service_type == 'ClusterIP':
+        if namespace_isolation and service_type == 'ClusterIP':
             self._extend_lb_security_group_rules(loadbalancer, listener)
         elif create_sg:
             self._create_lb_security_group_rule(loadbalancer, listener)