From 889a0d969c07a71ae1135ab1ae8803542a0ca6f4 Mon Sep 17 00:00:00 2001 From: Antoni Segura Puimedon Date: Wed, 4 Jul 2018 17:32:23 +0200 Subject: [PATCH] devstack: Fix load balancing project membership We had several LB resources not belonging to the k8s project. Change-Id: I406d0291b17e82dace5a6e707fd538210cb25627 Signed-off-by: Antoni Segura Puimedon --- devstack/lib/kuryr_kubernetes | 33 +++++++++++++++++++++++++++------ devstack/plugin.sh | 20 +++++++++++--------- 2 files changed, 38 insertions(+), 15 deletions(-) diff --git a/devstack/lib/kuryr_kubernetes b/devstack/lib/kuryr_kubernetes index 3d4eec965..8f4c3c57d 100644 --- a/devstack/lib/kuryr_kubernetes +++ b/devstack/lib/kuryr_kubernetes @@ -209,9 +209,14 @@ EOF function create_k8s_icmp_sg_rules { local sg_id=$1 local direction="$2" + local project_id + + project_id=$(get_or_create_project \ + "$KURYR_NEUTRON_DEFAULT_PROJECT" default) icmp_sg_rules=$(openstack --os-cloud devstack-admin \ --os-region "$REGION_NAME" \ security group rule create \ + --project "$project_id" \ --protocol icmp \ --"$direction" "$sg_id") die_if_not_set $LINENO icmp_sg_rules \ @@ -257,6 +262,7 @@ function create_k8s_subnet { subnet_id=$(openstack --os-cloud devstack-admin \ --os-region "$REGION_NAME" \ subnet create $subnet_params \ + --project "$project_id" \ -c id -f value) die_if_not_set $LINENO subnet_id \ "Failure creating K8s ${subnet_name} IPv4 subnet for ${project_id}" @@ -866,27 +872,30 @@ function wait_for_lb { # lb_name: Name to give to the load balancer. # lb_vip_subnet: Id or name of the subnet where lb_vip should be # allocated. +# project_id: Id of the project where the load balancer should be # lb_vip: Virtual IP to give to the load balancer - optional. function create_load_balancer { local lb_name local lb_vip_subnet local lb_params + local project_id lb_name="$1" lb_vip_subnet="$2" + project_id="$3" lb_params=" --name $lb_name " - if [ -z "$3" ]; then + if [ -z "$4" ]; then echo -n "create_load_balancer LB=$lb_name, lb_vip not provided." else - lb_params+=" --vip-address $3" + lb_params+=" --vip-address $4" fi if is_service_enabled octavia; then - lb_params+=" --vip-subnet-id $lb_vip_subnet" + lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet" openstack loadbalancer create $lb_params else - lb_params+=" $lb_vip_subnet" + lb_params+=" --tenant-id ${project_id} $lb_vip_subnet" neutron lbaas-loadbalancer-create $lb_params fi } @@ -899,17 +908,20 @@ function create_load_balancer { # protocol: Whether it is HTTP, HTTPS, TCP, etc. # port: The TCP port number to listen to. # lb: Id or name of the Load Balancer we want to add the Listener to. +# project_id: Id of the the project where this listener belongs function create_load_balancer_listener { local name local protocol local port local lb local max_timeout + local project_id name="$1" protocol="$2" port="$3" lb="$4" + project_id="$5" max_timeout=1200 # Octavia needs the LB to be active for the listener @@ -924,6 +936,7 @@ function create_load_balancer_listener { neutron lbaas-listener-create --name "$name" \ --protocol "$protocol" \ --protocol-port "$port" \ + --tenant-id "$project_id" \ --loadbalancer "$lb" fi } @@ -937,6 +950,7 @@ function create_load_balancer_listener { # algorithm: Load Balancing algorithm to use. # listener: Id or name of the Load Balancer Listener we want to add the # pool to. +# project_id: Id of the the project where this pool belongs # lb: Id or name of the Load Balancer we want to add the pool to # (optional). function create_load_balancer_pool { @@ -945,12 +959,14 @@ function create_load_balancer_pool { local algorithm local listener local lb + local project_id name="$1" protocol="$2" algorithm="$3" listener="$4" - lb="$5" + project_id="$5" + lb="$6" # We must wait for the LB to be active before we can put a Pool for it wait_for_lb $lb @@ -962,9 +978,10 @@ function create_load_balancer_pool { --lb-algorithm "$algorithm" else neutron lbaas-pool-create --name "$name" \ - --loadbalancer "$lb_name" \ + --loadbalancer "$lb" \ --listener "$listener" \ --protocol "$protocol" \ + --tenant-id "$project_id" \ --lb-algorithm "$algorithm" fi } @@ -978,6 +995,7 @@ function create_load_balancer_pool { # pool: Id or name of the Load Balancer pool this member belongs to. # subnet: Id or name of the subnet the member address belongs to. # lb: Id or name of the load balancer the member belongs to. +# project_id: Id of the the project where this pool belongs function create_load_balancer_member { local name local address @@ -985,6 +1003,7 @@ function create_load_balancer_member { local pool local subnet local lb + local project_id name="$1" address="$2" @@ -992,6 +1011,7 @@ function create_load_balancer_member { pool="$4" subnet="$5" lb="$6" + project_id="$7" # We must wait for the pool creation update before we can add members wait_for_lb $lb @@ -1014,6 +1034,7 @@ function create_load_balancer_member { --subnet "$subnet" \ --address "$address" \ --protocol-port "$port" \ + --tenant-id "$project_id" \ "$pool" fi } diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 3ae8cdda0..61f4d6e26 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -221,7 +221,10 @@ function create_k8s_api_service { local kubelet_iface_ip local lb_name local use_octavia + local project_id + project_id=$(get_or_create_project \ + "$KURYR_NEUTRON_DEFAULT_PROJECT" default) lb_name='default/kubernetes' service_cidr=$(openstack --os-cloud devstack-admin \ --os-region "$REGION_NAME" \ @@ -233,10 +236,10 @@ function create_k8s_api_service { k8s_api_clusterip=$(_cidr_range "$service_cidr" | cut -f1) create_load_balancer "$lb_name" "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET"\ - "$k8s_api_clusterip" - create_load_balancer_listener default/kubernetes:443 HTTPS 443 "$lb_name" + "$project_id" "$k8s_api_clusterip" + create_load_balancer_listener default/kubernetes:443 HTTPS 443 "$lb_name" "$project_id" create_load_balancer_pool default/kubernetes:443 HTTPS ROUND_ROBIN \ - default/kubernetes:443 "$lb_name" + default/kubernetes:443 "$project_id" "$lb_name" local api_port if is_service_enabled openshift-master; then @@ -257,10 +260,10 @@ function create_k8s_api_service { if [[ "$use_octavia" == "True" && \ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then create_load_balancer_member "$(hostname)" "$address" "$api_port" \ - default/kubernetes:443 $KURYR_NEUTRON_DEFAULT_POD_SUBNET "$lb_name" + default/kubernetes:443 $KURYR_NEUTRON_DEFAULT_POD_SUBNET "$lb_name" "$project_id" else create_load_balancer_member "$(hostname)" "$address" "$api_port" \ - default/kubernetes:443 public-subnet "$lb_name" + default/kubernetes:443 public-subnet "$lb_name" "$project_id" fi } @@ -660,16 +663,15 @@ function create_ingress_l7_router { lb_name=${KURYR_L7_ROUTER_NAME} max_timeout=600 + project_id=$(get_or_create_project \ + "$KURYR_NEUTRON_DEFAULT_PROJECT" default) - create_load_balancer "$lb_name" "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" + create_load_balancer "$lb_name" "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" "$project_id" wait_for_lb $lb_name $max_timeout lb_port_id="$(get_loadbalancer_attribute "$lb_name" "vip_port_id")" - project_id=$(get_or_create_project \ - "$KURYR_NEUTRON_DEFAULT_PROJECT" default) - #allocate FIP and bind it to lb vip l7_router_fip=$(openstack --os-cloud devstack-admin \ --os-region "$REGION_NAME" \