Merge "devstack: Fix load balancing project membership"

2018-07-16 15:28:05 +00:00 · 2018-07-16 15:28:05 +00:00 · 18fb757092
parent 6aade4cbfb 889a0d969c
commit 18fb757092
2 changed files with 38 additions and 15 deletions
--- a/devstack/lib/kuryr_kubernetes
+++ b/devstack/lib/kuryr_kubernetes
@ -209,9 +209,14 @@ EOF
 function create_k8s_icmp_sg_rules {
    local sg_id=$1
    local direction="$2"
+    local project_id
+
+    project_id=$(get_or_create_project \
+        "$KURYR_NEUTRON_DEFAULT_PROJECT" default)
    icmp_sg_rules=$(openstack --os-cloud devstack-admin \
                              --os-region "$REGION_NAME" \
                              security group rule create \
+                              --project "$project_id" \
                              --protocol icmp \
                              --"$direction" "$sg_id")
    die_if_not_set $LINENO icmp_sg_rules \
@ -257,6 +262,7 @@ function create_k8s_subnet {
    subnet_id=$(openstack --os-cloud devstack-admin \
                          --os-region "$REGION_NAME" \
                          subnet create $subnet_params \
+                          --project "$project_id" \
                          -c id -f value)
    die_if_not_set $LINENO subnet_id \
        "Failure creating K8s ${subnet_name} IPv4 subnet for ${project_id}"
@ -866,27 +872,30 @@ function wait_for_lb {
 #       lb_name: Name to give to the load balancer.
 #       lb_vip_subnet: Id or name of the subnet where lb_vip should be
 #                      allocated.
+#       project_id: Id of the project where the load balancer should be
 #       lb_vip: Virtual IP to give to the load balancer - optional.
 function create_load_balancer {
    local lb_name
    local lb_vip_subnet
    local lb_params
+    local project_id

    lb_name="$1"
    lb_vip_subnet="$2"
+    project_id="$3"

    lb_params=" --name $lb_name "
-    if [ -z "$3" ]; then
+    if [ -z "$4" ]; then
        echo -n "create_load_balancer LB=$lb_name, lb_vip not provided."
    else
-        lb_params+=" --vip-address $3"
+        lb_params+=" --vip-address $4"
    fi

    if is_service_enabled octavia; then
-        lb_params+=" --vip-subnet-id $lb_vip_subnet"
+        lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet"
        openstack loadbalancer create $lb_params
    else
-        lb_params+=" $lb_vip_subnet"
+        lb_params+=" --tenant-id ${project_id} $lb_vip_subnet"
        neutron lbaas-loadbalancer-create $lb_params
    fi
 }
@ -899,17 +908,20 @@ function create_load_balancer {
 #       protocol: Whether it is HTTP, HTTPS, TCP, etc.
 #       port: The TCP port number to listen to.
 #       lb: Id or name of the Load Balancer we want to add the Listener to.
+#       project_id: Id of the the project where this listener belongs
 function create_load_balancer_listener {
    local name
    local protocol
    local port
    local lb
    local max_timeout
+    local project_id

    name="$1"
    protocol="$2"
    port="$3"
    lb="$4"
+    project_id="$5"

    max_timeout=1200
    # Octavia needs the LB to be active for the listener
@ -924,6 +936,7 @@ function create_load_balancer_listener {
        neutron lbaas-listener-create --name "$name" \
            --protocol "$protocol" \
            --protocol-port "$port" \
+            --tenant-id "$project_id" \
            --loadbalancer "$lb"
    fi
 }
@ -937,6 +950,7 @@ function create_load_balancer_listener {
 #       algorithm: Load Balancing algorithm to use.
 #       listener: Id or name of the Load Balancer Listener we want to add the
 #                 pool to.
+#       project_id: Id of the the project where this pool belongs
 #       lb: Id or name of the Load Balancer we want to add the pool to
 #           (optional).
 function create_load_balancer_pool {
@ -945,12 +959,14 @@ function create_load_balancer_pool {
    local algorithm
    local listener
    local lb
+    local project_id

    name="$1"
    protocol="$2"
    algorithm="$3"
    listener="$4"
-    lb="$5"
+    project_id="$5"
+    lb="$6"

    # We must wait for the LB to be active before we can put a Pool for it
    wait_for_lb $lb
@ -962,9 +978,10 @@ function create_load_balancer_pool {
            --lb-algorithm "$algorithm"
    else
        neutron lbaas-pool-create --name "$name" \
-            --loadbalancer "$lb_name" \
+            --loadbalancer "$lb" \
            --listener "$listener" \
            --protocol "$protocol" \
+            --tenant-id "$project_id" \
            --lb-algorithm "$algorithm"
    fi
 }
@ -978,6 +995,7 @@ function create_load_balancer_pool {
 #       pool: Id or name of the Load Balancer pool this member belongs to.
 #       subnet: Id or name of the subnet the member address belongs to.
 #       lb: Id or name of the load balancer the member belongs to.
+#       project_id: Id of the the project where this pool belongs
 function create_load_balancer_member {
    local name
    local address
@ -985,6 +1003,7 @@ function create_load_balancer_member {
    local pool
    local subnet
    local lb
+    local project_id

    name="$1"
    address="$2"
@ -992,6 +1011,7 @@ function create_load_balancer_member {
    pool="$4"
    subnet="$5"
    lb="$6"
+    project_id="$7"

    # We must wait for the pool creation update before we can add members
    wait_for_lb $lb
@ -1014,6 +1034,7 @@ function create_load_balancer_member {
            --subnet "$subnet" \
            --address "$address" \
            --protocol-port "$port" \
+            --tenant-id "$project_id" \
            "$pool"
    fi
 }
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -221,7 +221,10 @@ function create_k8s_api_service {
    local kubelet_iface_ip
    local lb_name
    local use_octavia
+    local project_id

+    project_id=$(get_or_create_project \
+        "$KURYR_NEUTRON_DEFAULT_PROJECT" default)
    lb_name='default/kubernetes'
    service_cidr=$(openstack --os-cloud devstack-admin \
                             --os-region "$REGION_NAME" \
@ -233,10 +236,10 @@ function create_k8s_api_service {
    k8s_api_clusterip=$(_cidr_range "$service_cidr" | cut -f1)

    create_load_balancer "$lb_name" "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET"\
-            "$k8s_api_clusterip"
-    create_load_balancer_listener default/kubernetes:443 HTTPS 443 "$lb_name"
+            "$project_id" "$k8s_api_clusterip"
+    create_load_balancer_listener default/kubernetes:443 HTTPS 443 "$lb_name" "$project_id"
    create_load_balancer_pool default/kubernetes:443 HTTPS ROUND_ROBIN \
-        default/kubernetes:443 "$lb_name"
+        default/kubernetes:443 "$project_id" "$lb_name"

    local api_port
    if is_service_enabled openshift-master; then
@ -257,10 +260,10 @@ function create_k8s_api_service {
    if [[ "$use_octavia" == "True" && \
          "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
        create_load_balancer_member "$(hostname)" "$address" "$api_port" \
-            default/kubernetes:443 $KURYR_NEUTRON_DEFAULT_POD_SUBNET "$lb_name"
+            default/kubernetes:443 $KURYR_NEUTRON_DEFAULT_POD_SUBNET "$lb_name" "$project_id"
    else
        create_load_balancer_member "$(hostname)" "$address" "$api_port" \
-            default/kubernetes:443 public-subnet "$lb_name"
+            default/kubernetes:443 public-subnet "$lb_name" "$project_id"
    fi
 }

@ -660,16 +663,15 @@ function create_ingress_l7_router {

    lb_name=${KURYR_L7_ROUTER_NAME}
    max_timeout=600
+    project_id=$(get_or_create_project \
+        "$KURYR_NEUTRON_DEFAULT_PROJECT" default)

-    create_load_balancer "$lb_name" "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET"
+    create_load_balancer "$lb_name" "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" "$project_id"

    wait_for_lb $lb_name $max_timeout

    lb_port_id="$(get_loadbalancer_attribute "$lb_name" "vip_port_id")"

-    project_id=$(get_or_create_project \
-        "$KURYR_NEUTRON_DEFAULT_PROJECT" default)
-
    #allocate FIP and bind it to lb vip
    l7_router_fip=$(openstack --os-cloud devstack-admin \
           --os-region "$REGION_NAME" \