From b2d820d3fc19514b2827599a563066b9ec276702 Mon Sep 17 00:00:00 2001
From: German Eichberger <german.eichberger@rackspace.com>
Date: Fri, 7 Sep 2018 10:50:02 -0700
Subject: [PATCH] Fixes too low security group rules quota

The quota for security group rules was erroneously set
to 100 with the aim to have 100 security group rules
per security group instead of to 100*#security group rules.
This patch fixes this discrepancy.

It also uses the int filter to avoid string mis-
interpretation.

Change-Id: Iafd15276524988e7240a26a1f362593c05529931
---
 defaults/main.yml                                      | 10 +++++-----
 .../fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml     |  8 ++++++++
 tasks/octavia_security_group.yml                       |  2 +-
 3 files changed, 14 insertions(+), 6 deletions(-)
 create mode 100644 releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index bea471e2..29c287b4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -458,13 +458,13 @@ octavia_signing_digest: sha256
 
 # Quotas for the Octavia user - assuming active/passive topology
 octavia_num_instances: 10000 # 5000 LB in active/passive
-octavia_ram: "{{ octavia_num_instances*1024 }}"
-octavia_num_server_groups: "{{ (octavia_num_instances*0.5)|int|abs }}"
+octavia_ram: "{{ (octavia_num_instances|int)*1024 }}"
+octavia_num_server_groups: "{{ ((octavia_num_instances|int)*0.5)|int|abs }}"
 octavia_num_server_group_members: 50
 octavia_num_cores: "{{ octavia_num_instances }}"
-octavia_num_secgroups: "{{ octavia_num_instances*1.5|int|abs}}" # average 3 listener per lb
-octavia_num_ports: "{{ octavia_num_instances*10 }}" # at least instances * 10
-octavia_num_security_group_rules: 100
+octavia_num_secgroups: "{{ (octavia_num_instances|int)*1.5|int|abs }}" # average 3 listener per lb
+octavia_num_ports: "{{ (octavia_num_instances|int)*10 }}" # at least instances * 10
+octavia_num_security_group_rules: "{{ (octavia_num_secgroups|int)*100 }}"
 
 ## Tunable overrides
 octavia_octavia_conf_overrides: {}
diff --git a/releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml b/releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml
new file mode 100644
index 00000000..3493e9be
--- /dev/null
+++ b/releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml
@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    The quota for security group rules was erroneously set
+    to 100 with the aim to have 100 security group rules
+    per security group instead of to 100*#security group rules.
+    This patch fixes this discrepancy.
+
diff --git a/tasks/octavia_security_group.yml b/tasks/octavia_security_group.yml
index 5e13588a..a7c6675c 100644
--- a/tasks/octavia_security_group.yml
+++ b/tasks/octavia_security_group.yml
@@ -39,7 +39,7 @@
         --server-group-members {{ octavia_num_server_group_members }}
         --secgroups {{ octavia_num_secgroups }}
         --ports {{ octavia_num_ports }}
-        --secgroup-rules {{ octavia_num_secgroups }}
+        --secgroup-rules {{ octavia_num_security_group_rules }}
         {{ octavia_service_project_name }}
       tags:
         - skip_ansible_lint