octavia 12.0.0.0rc2__py3-none-any.whl → 13.0.0.0rc1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- octavia/amphorae/backends/agent/api_server/osutils.py +1 -0
- octavia/amphorae/backends/agent/api_server/plug.py +21 -7
- octavia/amphorae/backends/agent/api_server/templates/amphora-netns.systemd.j2 +2 -2
- octavia/amphorae/backends/agent/api_server/util.py +21 -0
- octavia/amphorae/backends/health_daemon/health_daemon.py +9 -3
- octavia/amphorae/backends/health_daemon/health_sender.py +2 -0
- octavia/amphorae/backends/utils/interface.py +14 -6
- octavia/amphorae/backends/utils/interface_file.py +6 -3
- octavia/amphorae/backends/utils/keepalivedlvs_query.py +8 -9
- octavia/amphorae/drivers/driver_base.py +1 -2
- octavia/amphorae/drivers/haproxy/rest_api_driver.py +11 -25
- octavia/amphorae/drivers/health/heartbeat_udp.py +34 -24
- octavia/amphorae/drivers/keepalived/jinja/jinja_cfg.py +3 -12
- octavia/amphorae/drivers/noop_driver/driver.py +3 -5
- octavia/api/common/pagination.py +4 -4
- octavia/api/drivers/amphora_driver/v2/driver.py +11 -5
- octavia/api/drivers/driver_agent/driver_get.py +22 -14
- octavia/api/drivers/driver_agent/driver_updater.py +8 -4
- octavia/api/drivers/utils.py +4 -2
- octavia/api/healthcheck/healthcheck_plugins.py +4 -2
- octavia/api/root_controller.py +4 -1
- octavia/api/v2/controllers/amphora.py +35 -38
- octavia/api/v2/controllers/availability_zone_profiles.py +43 -33
- octavia/api/v2/controllers/availability_zones.py +22 -18
- octavia/api/v2/controllers/flavor_profiles.py +37 -28
- octavia/api/v2/controllers/flavors.py +19 -15
- octavia/api/v2/controllers/health_monitor.py +44 -33
- octavia/api/v2/controllers/l7policy.py +52 -40
- octavia/api/v2/controllers/l7rule.py +68 -55
- octavia/api/v2/controllers/listener.py +88 -61
- octavia/api/v2/controllers/load_balancer.py +52 -34
- octavia/api/v2/controllers/member.py +63 -52
- octavia/api/v2/controllers/pool.py +55 -42
- octavia/api/v2/controllers/quotas.py +5 -3
- octavia/api/v2/types/listener.py +15 -0
- octavia/cmd/octavia_worker.py +0 -3
- octavia/cmd/status.py +1 -4
- octavia/common/clients.py +25 -45
- octavia/common/config.py +64 -22
- octavia/common/constants.py +3 -2
- octavia/common/data_models.py +7 -1
- octavia/common/jinja/haproxy/combined_listeners/jinja_cfg.py +12 -1
- octavia/common/jinja/haproxy/combined_listeners/templates/macros.j2 +5 -2
- octavia/common/jinja/lvs/jinja_cfg.py +4 -2
- octavia/common/keystone.py +58 -5
- octavia/common/validate.py +35 -0
- octavia/compute/drivers/noop_driver/driver.py +6 -0
- octavia/controller/healthmanager/health_manager.py +3 -6
- octavia/controller/housekeeping/house_keeping.py +36 -37
- octavia/controller/worker/amphora_rate_limit.py +5 -4
- octavia/controller/worker/task_utils.py +57 -41
- octavia/controller/worker/v2/controller_worker.py +160 -103
- octavia/controller/worker/v2/flows/listener_flows.py +3 -0
- octavia/controller/worker/v2/flows/load_balancer_flows.py +9 -14
- octavia/controller/worker/v2/tasks/amphora_driver_tasks.py +152 -91
- octavia/controller/worker/v2/tasks/compute_tasks.py +4 -2
- octavia/controller/worker/v2/tasks/database_tasks.py +542 -400
- octavia/controller/worker/v2/tasks/network_tasks.py +119 -79
- octavia/db/api.py +26 -23
- octavia/db/base_models.py +2 -2
- octavia/db/healthcheck.py +2 -1
- octavia/db/migration/alembic_migrations/versions/632152d2d32e_add_http_strict_transport_security_.py +42 -0
- octavia/db/models.py +12 -2
- octavia/db/prepare.py +2 -0
- octavia/db/repositories.py +462 -482
- octavia/hacking/checks.py +1 -1
- octavia/network/base.py +0 -14
- octavia/network/drivers/neutron/allowed_address_pairs.py +92 -135
- octavia/network/drivers/neutron/base.py +65 -77
- octavia/network/drivers/neutron/utils.py +69 -85
- octavia/network/drivers/noop_driver/driver.py +0 -7
- octavia/statistics/drivers/update_db.py +10 -10
- octavia/tests/common/constants.py +91 -84
- octavia/tests/common/sample_data_models.py +13 -1
- octavia/tests/fixtures.py +32 -0
- octavia/tests/functional/amphorae/backend/agent/api_server/test_server.py +9 -10
- octavia/tests/functional/api/drivers/driver_agent/test_driver_agent.py +260 -15
- octavia/tests/functional/api/test_root_controller.py +3 -28
- octavia/tests/functional/api/v2/base.py +5 -3
- octavia/tests/functional/api/v2/test_amphora.py +18 -5
- octavia/tests/functional/api/v2/test_availability_zone_profiles.py +1 -0
- octavia/tests/functional/api/v2/test_listener.py +51 -19
- octavia/tests/functional/api/v2/test_load_balancer.py +10 -1
- octavia/tests/functional/db/base.py +31 -16
- octavia/tests/functional/db/test_models.py +27 -28
- octavia/tests/functional/db/test_repositories.py +407 -50
- octavia/tests/unit/amphorae/backends/agent/api_server/test_amphora_info.py +2 -0
- octavia/tests/unit/amphorae/backends/agent/api_server/test_osutils.py +1 -1
- octavia/tests/unit/amphorae/backends/agent/api_server/test_plug.py +54 -6
- octavia/tests/unit/amphorae/backends/agent/api_server/test_util.py +35 -0
- octavia/tests/unit/amphorae/backends/health_daemon/test_health_daemon.py +8 -0
- octavia/tests/unit/amphorae/backends/health_daemon/test_health_sender.py +18 -0
- octavia/tests/unit/amphorae/backends/utils/test_interface.py +81 -0
- octavia/tests/unit/amphorae/backends/utils/test_interface_file.py +2 -0
- octavia/tests/unit/amphorae/backends/utils/test_keepalivedlvs_query.py +129 -5
- octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_1_0.py +42 -20
- octavia/tests/unit/amphorae/drivers/health/test_heartbeat_udp.py +18 -20
- octavia/tests/unit/amphorae/drivers/keepalived/jinja/test_jinja_cfg.py +4 -4
- octavia/tests/unit/amphorae/drivers/noop_driver/test_driver.py +4 -1
- octavia/tests/unit/api/drivers/driver_agent/test_driver_get.py +3 -3
- octavia/tests/unit/api/drivers/driver_agent/test_driver_updater.py +11 -13
- octavia/tests/unit/base.py +6 -0
- octavia/tests/unit/cmd/test_interface.py +2 -2
- octavia/tests/unit/cmd/test_status.py +2 -2
- octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py +152 -1
- octavia/tests/unit/common/sample_configs/sample_configs_combined.py +10 -3
- octavia/tests/unit/common/test_clients.py +0 -39
- octavia/tests/unit/common/test_keystone.py +54 -0
- octavia/tests/unit/common/test_validate.py +67 -0
- octavia/tests/unit/controller/healthmanager/test_health_manager.py +8 -22
- octavia/tests/unit/controller/housekeeping/test_house_keeping.py +3 -64
- octavia/tests/unit/controller/worker/test_amphora_rate_limit.py +1 -1
- octavia/tests/unit/controller/worker/test_task_utils.py +44 -24
- octavia/tests/unit/controller/worker/v2/flows/test_load_balancer_flows.py +0 -1
- octavia/tests/unit/controller/worker/v2/tasks/test_amphora_driver_tasks.py +49 -26
- octavia/tests/unit/controller/worker/v2/tasks/test_database_tasks.py +399 -196
- octavia/tests/unit/controller/worker/v2/tasks/test_database_tasks_quota.py +37 -64
- octavia/tests/unit/controller/worker/v2/tasks/test_network_tasks.py +3 -14
- octavia/tests/unit/controller/worker/v2/test_controller_worker.py +2 -2
- octavia/tests/unit/network/drivers/neutron/test_allowed_address_pairs.py +456 -561
- octavia/tests/unit/network/drivers/neutron/test_base.py +181 -194
- octavia/tests/unit/network/drivers/neutron/test_utils.py +14 -30
- octavia/tests/unit/statistics/drivers/test_update_db.py +7 -5
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/README.rst +1 -1
- {octavia-12.0.0.0rc2.dist-info → octavia-13.0.0.0rc1.dist-info}/AUTHORS +4 -0
- {octavia-12.0.0.0rc2.dist-info → octavia-13.0.0.0rc1.dist-info}/METADATA +4 -4
- {octavia-12.0.0.0rc2.dist-info → octavia-13.0.0.0rc1.dist-info}/RECORD +141 -189
- {octavia-12.0.0.0rc2.dist-info → octavia-13.0.0.0rc1.dist-info}/entry_points.txt +1 -2
- octavia-13.0.0.0rc1.dist-info/pbr.json +1 -0
- octavia/api/drivers/amphora_driver/v1/__init__.py +0 -11
- octavia/api/drivers/amphora_driver/v1/driver.py +0 -547
- octavia/controller/queue/v1/__init__.py +0 -11
- octavia/controller/queue/v1/consumer.py +0 -64
- octavia/controller/queue/v1/endpoints.py +0 -160
- octavia/controller/worker/v1/__init__.py +0 -11
- octavia/controller/worker/v1/controller_worker.py +0 -1157
- octavia/controller/worker/v1/flows/__init__.py +0 -11
- octavia/controller/worker/v1/flows/amphora_flows.py +0 -610
- octavia/controller/worker/v1/flows/health_monitor_flows.py +0 -105
- octavia/controller/worker/v1/flows/l7policy_flows.py +0 -94
- octavia/controller/worker/v1/flows/l7rule_flows.py +0 -100
- octavia/controller/worker/v1/flows/listener_flows.py +0 -128
- octavia/controller/worker/v1/flows/load_balancer_flows.py +0 -692
- octavia/controller/worker/v1/flows/member_flows.py +0 -230
- octavia/controller/worker/v1/flows/pool_flows.py +0 -127
- octavia/controller/worker/v1/tasks/__init__.py +0 -11
- octavia/controller/worker/v1/tasks/amphora_driver_tasks.py +0 -453
- octavia/controller/worker/v1/tasks/cert_task.py +0 -51
- octavia/controller/worker/v1/tasks/compute_tasks.py +0 -335
- octavia/controller/worker/v1/tasks/database_tasks.py +0 -2756
- octavia/controller/worker/v1/tasks/lifecycle_tasks.py +0 -173
- octavia/controller/worker/v1/tasks/model_tasks.py +0 -41
- octavia/controller/worker/v1/tasks/network_tasks.py +0 -970
- octavia/controller/worker/v1/tasks/retry_tasks.py +0 -74
- octavia/tests/unit/api/drivers/amphora_driver/v1/__init__.py +0 -11
- octavia/tests/unit/api/drivers/amphora_driver/v1/test_driver.py +0 -824
- octavia/tests/unit/controller/queue/v1/__init__.py +0 -11
- octavia/tests/unit/controller/queue/v1/test_consumer.py +0 -61
- octavia/tests/unit/controller/queue/v1/test_endpoints.py +0 -189
- octavia/tests/unit/controller/worker/v1/__init__.py +0 -11
- octavia/tests/unit/controller/worker/v1/flows/__init__.py +0 -11
- octavia/tests/unit/controller/worker/v1/flows/test_amphora_flows.py +0 -474
- octavia/tests/unit/controller/worker/v1/flows/test_health_monitor_flows.py +0 -72
- octavia/tests/unit/controller/worker/v1/flows/test_l7policy_flows.py +0 -67
- octavia/tests/unit/controller/worker/v1/flows/test_l7rule_flows.py +0 -67
- octavia/tests/unit/controller/worker/v1/flows/test_listener_flows.py +0 -91
- octavia/tests/unit/controller/worker/v1/flows/test_load_balancer_flows.py +0 -431
- octavia/tests/unit/controller/worker/v1/flows/test_member_flows.py +0 -106
- octavia/tests/unit/controller/worker/v1/flows/test_pool_flows.py +0 -77
- octavia/tests/unit/controller/worker/v1/tasks/__init__.py +0 -11
- octavia/tests/unit/controller/worker/v1/tasks/test_amphora_driver_tasks.py +0 -792
- octavia/tests/unit/controller/worker/v1/tasks/test_cert_task.py +0 -46
- octavia/tests/unit/controller/worker/v1/tasks/test_compute_tasks.py +0 -634
- octavia/tests/unit/controller/worker/v1/tasks/test_database_tasks.py +0 -2615
- octavia/tests/unit/controller/worker/v1/tasks/test_database_tasks_quota.py +0 -415
- octavia/tests/unit/controller/worker/v1/tasks/test_lifecycle_tasks.py +0 -401
- octavia/tests/unit/controller/worker/v1/tasks/test_model_tasks.py +0 -44
- octavia/tests/unit/controller/worker/v1/tasks/test_network_tasks.py +0 -1788
- octavia/tests/unit/controller/worker/v1/tasks/test_retry_tasks.py +0 -47
- octavia/tests/unit/controller/worker/v1/test_controller_worker.py +0 -2096
- octavia-12.0.0.0rc2.dist-info/pbr.json +0 -1
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/LICENSE +0 -0
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/diskimage-create/README.rst +0 -0
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/diskimage-create/diskimage-create.sh +0 -0
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/diskimage-create/image-tests.sh +0 -0
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/diskimage-create/requirements.txt +0 -0
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/diskimage-create/test-requirements.txt +0 -0
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/diskimage-create/tox.ini +0 -0
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/data/share/octavia/diskimage-create/version.txt +0 -0
- {octavia-12.0.0.0rc2.data → octavia-13.0.0.0rc1.data}/scripts/octavia-wsgi +0 -0
- {octavia-12.0.0.0rc2.dist-info → octavia-13.0.0.0rc1.dist-info}/LICENSE +0 -0
- {octavia-12.0.0.0rc2.dist-info → octavia-13.0.0.0rc1.dist-info}/WHEEL +0 -0
- {octavia-12.0.0.0rc2.dist-info → octavia-13.0.0.0rc1.dist-info}/top_level.txt +0 -0
octavia/hacking/checks.py
CHANGED
octavia/network/base.py
CHANGED
|
@@ -354,20 +354,6 @@ class AbstractNetworkDriver(object, metaclass=abc.ABCMeta):
|
|
|
354
354
|
:raises: NotFound, NetworkNotFound, SubnetNotFound, PortNotFound
|
|
355
355
|
"""
|
|
356
356
|
|
|
357
|
-
@abc.abstractmethod
|
|
358
|
-
def wait_for_port_detach(self, amphora):
|
|
359
|
-
"""Waits for the amphora ports device_id to be unset.
|
|
360
|
-
|
|
361
|
-
This method waits for the ports on an amphora device_id
|
|
362
|
-
parameter to be '' or None which signifies that nova has
|
|
363
|
-
finished detaching the port from the instance.
|
|
364
|
-
|
|
365
|
-
:param amphora: Amphora to wait for ports to detach.
|
|
366
|
-
:returns: None
|
|
367
|
-
:raises TimeoutException: Port did not detach in interval.
|
|
368
|
-
:raises PortNotFound: Port was not found by neutron.
|
|
369
|
-
"""
|
|
370
|
-
|
|
371
357
|
@abc.abstractmethod
|
|
372
358
|
def update_vip_sg(self, load_balancer, vip):
|
|
373
359
|
"""Updates the security group for a VIP
|
|
@@ -14,9 +14,9 @@
|
|
|
14
14
|
import ipaddress
|
|
15
15
|
import time
|
|
16
16
|
|
|
17
|
-
from neutronclient.common import exceptions as neutron_client_exceptions
|
|
18
17
|
from novaclient import exceptions as nova_client_exceptions
|
|
19
18
|
from octavia_lib.common import constants as lib_consts
|
|
19
|
+
import openstack.exceptions as os_exceptions
|
|
20
20
|
from oslo_config import cfg
|
|
21
21
|
from oslo_log import log as logging
|
|
22
22
|
from stevedore import driver as stevedore_driver
|
|
@@ -84,14 +84,15 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
84
84
|
def _plug_amphora_vip(self, amphora, subnet):
|
|
85
85
|
# We need a vip port owned by Octavia for Act/Stby and failover
|
|
86
86
|
try:
|
|
87
|
-
port = {
|
|
87
|
+
port = {
|
|
88
88
|
constants.NAME: 'octavia-lb-vrrp-' + amphora.id,
|
|
89
89
|
constants.NETWORK_ID: subnet.network_id,
|
|
90
90
|
constants.FIXED_IPS: [{'subnet_id': subnet.id}],
|
|
91
91
|
constants.ADMIN_STATE_UP: True,
|
|
92
|
-
constants.DEVICE_OWNER: OCTAVIA_OWNER
|
|
93
|
-
|
|
94
|
-
new_port =
|
|
92
|
+
constants.DEVICE_OWNER: OCTAVIA_OWNER,
|
|
93
|
+
}
|
|
94
|
+
new_port = self.network_proxy.create_port(**port)
|
|
95
|
+
new_port = utils.convert_port_to_model(new_port)
|
|
95
96
|
|
|
96
97
|
LOG.debug('Created vip port: %(port_id)s for amphora: %(amp)s',
|
|
97
98
|
{'port_id': new_port.id, 'amp': amphora.id})
|
|
@@ -112,7 +113,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
112
113
|
LOG.exception(message)
|
|
113
114
|
try:
|
|
114
115
|
if new_port:
|
|
115
|
-
self.
|
|
116
|
+
self.network_proxy.delete_port(new_port.id)
|
|
116
117
|
LOG.debug('Deleted base (VRRP) port %s due to plug_port '
|
|
117
118
|
'failure.', new_port.id)
|
|
118
119
|
except Exception:
|
|
@@ -126,7 +127,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
126
127
|
def _add_vip_address_pairs(self, port_id, vip_address_list):
|
|
127
128
|
try:
|
|
128
129
|
self._add_allowed_address_pairs_to_port(port_id, vip_address_list)
|
|
129
|
-
except
|
|
130
|
+
except os_exceptions.ResourceNotFound as e:
|
|
130
131
|
raise base.PortNotFound(str(e))
|
|
131
132
|
except Exception as e:
|
|
132
133
|
message = _('Error adding allowed address pair(s) {ips} '
|
|
@@ -138,18 +139,20 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
138
139
|
def _get_lb_security_group(self, load_balancer_id):
|
|
139
140
|
sec_grp_name = common_utils.get_vip_security_group_name(
|
|
140
141
|
load_balancer_id)
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
return sec_grps.get(constants.SECURITY_GROUPS)[0]
|
|
144
|
-
return None
|
|
142
|
+
sec_grp = self.network_proxy.find_security_group(sec_grp_name)
|
|
143
|
+
return sec_grp
|
|
145
144
|
|
|
146
145
|
def _get_ethertype_for_ip(self, ip):
|
|
147
146
|
address = ipaddress.ip_address(ip)
|
|
148
147
|
return 'IPv6' if address.version == 6 else 'IPv4'
|
|
149
148
|
|
|
149
|
+
def _get_ethertype_for_cidr(self, cidr):
|
|
150
|
+
net = ipaddress.ip_network(cidr)
|
|
151
|
+
return 'IPv6' if net.version == 6 else 'IPv4'
|
|
152
|
+
|
|
150
153
|
def _update_security_group_rules(self, load_balancer, sec_grp_id):
|
|
151
|
-
rules = self.
|
|
152
|
-
security_group_id=sec_grp_id)
|
|
154
|
+
rules = tuple(self.network_proxy.security_group_rules(
|
|
155
|
+
security_group_id=sec_grp_id))
|
|
153
156
|
|
|
154
157
|
updated_ports = []
|
|
155
158
|
listener_peer_ports = []
|
|
@@ -188,11 +191,11 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
188
191
|
# port_range_max and min will be the same since this driver is
|
|
189
192
|
# responsible for creating these rules
|
|
190
193
|
old_ports = []
|
|
191
|
-
for rule in rules
|
|
194
|
+
for rule in rules:
|
|
192
195
|
# Don't remove egress rules and don't confuse other protocols with
|
|
193
196
|
# None ports with the egress rules. VRRP uses protocol 51 and 112
|
|
194
197
|
if (rule.get('direction') == 'egress' or
|
|
195
|
-
|
|
198
|
+
rule.get('protocol').upper() not in
|
|
196
199
|
[constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
|
|
197
200
|
lib_consts.PROTOCOL_SCTP]):
|
|
198
201
|
continue
|
|
@@ -202,7 +205,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
202
205
|
|
|
203
206
|
add_ports = set(updated_ports) - set(old_ports)
|
|
204
207
|
del_ports = set(old_ports) - set(updated_ports)
|
|
205
|
-
for rule in rules
|
|
208
|
+
for rule in rules:
|
|
206
209
|
if (rule.get('protocol', '') and
|
|
207
210
|
rule.get('protocol', '').upper() in
|
|
208
211
|
[constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
|
|
@@ -211,8 +214,8 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
211
214
|
rule.get('remote_ip_prefix')) in del_ports):
|
|
212
215
|
rule_id = rule.get(constants.ID)
|
|
213
216
|
try:
|
|
214
|
-
self.
|
|
215
|
-
except
|
|
217
|
+
self.network_proxy.delete_security_group_rule(rule_id)
|
|
218
|
+
except os_exceptions.ResourceNotFound:
|
|
216
219
|
LOG.info("Security group rule %s not found, will assume "
|
|
217
220
|
"it is already deleted.", rule_id)
|
|
218
221
|
|
|
@@ -224,11 +227,15 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
224
227
|
ethertypes.add(self._get_ethertype_for_ip(add_vip.ip_address))
|
|
225
228
|
for port_protocol in add_ports:
|
|
226
229
|
for ethertype in ethertypes:
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
230
|
+
cidr = port_protocol[2]
|
|
231
|
+
if not cidr or self._get_ethertype_for_cidr(cidr) == ethertype:
|
|
232
|
+
self._create_security_group_rule(
|
|
233
|
+
sec_grp_id, port_protocol[1],
|
|
234
|
+
port_min=port_protocol[0],
|
|
235
|
+
port_max=port_protocol[0],
|
|
236
|
+
ethertype=ethertype,
|
|
237
|
+
cidr=cidr,
|
|
238
|
+
)
|
|
232
239
|
|
|
233
240
|
# Currently we are using the VIP network for VRRP
|
|
234
241
|
# so we need to open up the protocols for it
|
|
@@ -239,7 +246,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
239
246
|
constants.VRRP_PROTOCOL_NUM,
|
|
240
247
|
direction='ingress',
|
|
241
248
|
ethertype=primary_ethertype)
|
|
242
|
-
except
|
|
249
|
+
except os_exceptions.ConflictException:
|
|
243
250
|
# It's ok if this rule already exists
|
|
244
251
|
pass
|
|
245
252
|
except Exception as e:
|
|
@@ -249,7 +256,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
249
256
|
self._create_security_group_rule(
|
|
250
257
|
sec_grp_id, constants.AUTH_HEADER_PROTOCOL_NUMBER,
|
|
251
258
|
direction='ingress', ethertype=primary_ethertype)
|
|
252
|
-
except
|
|
259
|
+
except os_exceptions.ConflictException:
|
|
253
260
|
# It's ok if this rule already exists
|
|
254
261
|
pass
|
|
255
262
|
except Exception as e:
|
|
@@ -276,10 +283,10 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
276
283
|
attempts = 0
|
|
277
284
|
while attempts <= CONF.networking.max_retries:
|
|
278
285
|
try:
|
|
279
|
-
self.
|
|
286
|
+
self.network_proxy.delete_security_group(sec_grp)
|
|
280
287
|
LOG.info("Deleted security group %s", sec_grp)
|
|
281
288
|
return
|
|
282
|
-
except
|
|
289
|
+
except os_exceptions.ResourceNotFound:
|
|
283
290
|
LOG.info("Security group %s not found, will assume it is "
|
|
284
291
|
"already deleted", sec_grp)
|
|
285
292
|
return
|
|
@@ -296,31 +303,33 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
296
303
|
|
|
297
304
|
def _delete_security_group(self, vip, port):
|
|
298
305
|
if self.sec_grp_enabled:
|
|
299
|
-
|
|
306
|
+
try:
|
|
307
|
+
lb_id = vip.load_balancer.id
|
|
308
|
+
except AttributeError:
|
|
309
|
+
sec_grp = None
|
|
310
|
+
else:
|
|
311
|
+
sec_grp = self._get_lb_security_group(lb_id)
|
|
300
312
|
if sec_grp:
|
|
301
|
-
sec_grp_id = sec_grp.
|
|
313
|
+
sec_grp_id = sec_grp.id
|
|
302
314
|
LOG.info(
|
|
303
315
|
"Removing security group %(sg)s from port %(port)s",
|
|
304
316
|
{'sg': sec_grp_id, constants.PORT: vip.port_id})
|
|
305
317
|
raw_port = None
|
|
306
318
|
try:
|
|
307
319
|
if port:
|
|
308
|
-
raw_port = self.
|
|
320
|
+
raw_port = self.network_proxy.get_port(port.id)
|
|
309
321
|
except Exception:
|
|
310
322
|
LOG.warning('Unable to get port information for port '
|
|
311
323
|
'%s. Continuing to delete the security '
|
|
312
324
|
'group.', port.id)
|
|
313
325
|
if raw_port:
|
|
314
|
-
sec_grps = raw_port.
|
|
315
|
-
|
|
316
|
-
if sec_grp_id in sec_grps:
|
|
326
|
+
sec_grps = raw_port.security_group_ids
|
|
327
|
+
if sec_grps and sec_grp_id in sec_grps:
|
|
317
328
|
sec_grps.remove(sec_grp_id)
|
|
318
|
-
port_update = {constants.PORT: {
|
|
319
|
-
constants.SECURITY_GROUPS: sec_grps}}
|
|
320
329
|
try:
|
|
321
|
-
self.
|
|
322
|
-
|
|
323
|
-
except
|
|
330
|
+
self.network_proxy.update_port(
|
|
331
|
+
port.id, security_group_ids=sec_grps)
|
|
332
|
+
except os_exceptions.ResourceNotFound:
|
|
324
333
|
LOG.warning('Unable to update port information '
|
|
325
334
|
'for port %s. Continuing to delete '
|
|
326
335
|
'the security group since port not '
|
|
@@ -340,7 +349,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
340
349
|
try:
|
|
341
350
|
LOG.warning('Deleting extra port %s on security '
|
|
342
351
|
'group %s...', port_id, sec_grp_id)
|
|
343
|
-
self.
|
|
352
|
+
self.network_proxy.delete_port(port_id)
|
|
344
353
|
except Exception:
|
|
345
354
|
LOG.warning('Failed to delete extra port %s on '
|
|
346
355
|
'security group %s.',
|
|
@@ -353,13 +362,17 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
353
362
|
|
|
354
363
|
This can happen if a failover has occurred.
|
|
355
364
|
"""
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
365
|
+
try:
|
|
366
|
+
for amphora in vip.load_balancer.amphorae:
|
|
367
|
+
try:
|
|
368
|
+
self.network_proxy.delete_port(amphora.vrrp_port_id)
|
|
369
|
+
except os_exceptions.ResourceNotFound:
|
|
370
|
+
LOG.debug(
|
|
371
|
+
'VIP instance port %s already deleted. Skipping.',
|
|
372
|
+
amphora.vrrp_port_id)
|
|
373
|
+
except AttributeError as ex:
|
|
374
|
+
LOG.warning(f"Cannot delete port from amphorae. Object does not "
|
|
375
|
+
f"exist ({ex!r})")
|
|
363
376
|
|
|
364
377
|
try:
|
|
365
378
|
port = self.get_port(vip.port_id)
|
|
@@ -373,9 +386,8 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
373
386
|
|
|
374
387
|
if port and port.device_owner == OCTAVIA_OWNER:
|
|
375
388
|
try:
|
|
376
|
-
self.
|
|
377
|
-
except
|
|
378
|
-
neutron_client_exceptions.PortNotFoundClient):
|
|
389
|
+
self.network_proxy.delete_port(vip.port_id)
|
|
390
|
+
except os_exceptions.ResourceNotFound:
|
|
379
391
|
LOG.debug('VIP port %s already deleted. Skipping.',
|
|
380
392
|
vip.port_id)
|
|
381
393
|
except Exception as e:
|
|
@@ -538,29 +550,29 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
538
550
|
project_id_key = 'tenant_id'
|
|
539
551
|
|
|
540
552
|
# It can be assumed that network_id exists
|
|
541
|
-
port = {
|
|
553
|
+
port = {
|
|
542
554
|
constants.NAME: 'octavia-lb-' + load_balancer.id,
|
|
543
555
|
constants.NETWORK_ID: load_balancer.vip.network_id,
|
|
544
556
|
constants.ADMIN_STATE_UP: False,
|
|
545
557
|
'device_id': 'lb-{0}'.format(load_balancer.id),
|
|
546
558
|
constants.DEVICE_OWNER: OCTAVIA_OWNER,
|
|
547
|
-
project_id_key: load_balancer.project_id}
|
|
559
|
+
project_id_key: load_balancer.project_id}
|
|
548
560
|
|
|
549
561
|
if fixed_ips:
|
|
550
|
-
port[constants.
|
|
562
|
+
port[constants.FIXED_IPS] = fixed_ips
|
|
551
563
|
try:
|
|
552
|
-
new_port = self.
|
|
564
|
+
new_port = self.network_proxy.create_port(**port)
|
|
553
565
|
except Exception as e:
|
|
554
566
|
message = _('Error creating neutron port on network '
|
|
555
567
|
'{network_id} due to {e}.').format(
|
|
556
|
-
network_id=load_balancer.vip.network_id, e=
|
|
568
|
+
network_id=load_balancer.vip.network_id, e=repr(e))
|
|
557
569
|
LOG.exception(message)
|
|
558
570
|
raise base.AllocateVIPException(
|
|
559
571
|
message,
|
|
560
572
|
orig_msg=getattr(e, constants.MESSAGE, None),
|
|
561
573
|
orig_code=getattr(e, constants.STATUS_CODE, None),
|
|
562
574
|
)
|
|
563
|
-
new_port = utils.
|
|
575
|
+
new_port = utils.convert_port_to_model(new_port)
|
|
564
576
|
return self._port_to_vip(new_port, load_balancer, octavia_owned=True)
|
|
565
577
|
|
|
566
578
|
def unplug_aap_port(self, vip, amphora, subnet):
|
|
@@ -577,11 +589,11 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
577
589
|
except Exception:
|
|
578
590
|
pass
|
|
579
591
|
try:
|
|
580
|
-
aap_update = {
|
|
592
|
+
aap_update = {
|
|
581
593
|
constants.ALLOWED_ADDRESS_PAIRS: []
|
|
582
|
-
}
|
|
583
|
-
self.
|
|
584
|
-
|
|
594
|
+
}
|
|
595
|
+
self.network_proxy.update_port(interface.port_id,
|
|
596
|
+
**aap_update)
|
|
585
597
|
except Exception as e:
|
|
586
598
|
message = _('Error unplugging VIP. Could not clear '
|
|
587
599
|
'allowed address pairs from port '
|
|
@@ -593,9 +605,8 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
593
605
|
try:
|
|
594
606
|
port = self.get_port(amphora.vrrp_port_id)
|
|
595
607
|
if port.name.startswith('octavia-lb-vrrp-'):
|
|
596
|
-
self.
|
|
597
|
-
except
|
|
598
|
-
neutron_client_exceptions.PortNotFoundClient):
|
|
608
|
+
self.network_proxy.delete_port(amphora.vrrp_port_id)
|
|
609
|
+
except base.PortNotFound:
|
|
599
610
|
pass
|
|
600
611
|
except Exception as e:
|
|
601
612
|
LOG.error('Failed to delete port. Resources may still be in '
|
|
@@ -696,11 +707,10 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
696
707
|
|
|
697
708
|
for port in ports:
|
|
698
709
|
try:
|
|
699
|
-
self.
|
|
700
|
-
port.id,
|
|
710
|
+
self.network_proxy.update_port(
|
|
711
|
+
port.id, dns_name='')
|
|
701
712
|
|
|
702
|
-
except
|
|
703
|
-
neutron_client_exceptions.PortNotFoundClient) as e:
|
|
713
|
+
except os_exceptions.ResourceNotFound as e:
|
|
704
714
|
raise base.PortNotFound() from e
|
|
705
715
|
|
|
706
716
|
def plug_port(self, amphora, port):
|
|
@@ -787,58 +797,6 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
787
797
|
{'amp': amp.id, 'err': str(e)})
|
|
788
798
|
return amp_configs
|
|
789
799
|
|
|
790
|
-
# TODO(johnsom) This may be dead code now. Remove in failover for v2 patch
|
|
791
|
-
def wait_for_port_detach(self, amphora):
|
|
792
|
-
"""Waits for the amphora ports device_id to be unset.
|
|
793
|
-
|
|
794
|
-
This method waits for the ports on an amphora device_id
|
|
795
|
-
parameter to be '' or None which signifies that nova has
|
|
796
|
-
finished detaching the port from the instance.
|
|
797
|
-
|
|
798
|
-
:param amphora: Amphora to wait for ports to detach.
|
|
799
|
-
:returns: None
|
|
800
|
-
:raises TimeoutException: Port did not detach in interval.
|
|
801
|
-
:raises PortNotFound: Port was not found by neutron.
|
|
802
|
-
"""
|
|
803
|
-
interfaces = self.get_plugged_networks(compute_id=amphora.compute_id)
|
|
804
|
-
|
|
805
|
-
ports = []
|
|
806
|
-
port_detach_timeout = CONF.networking.port_detach_timeout
|
|
807
|
-
for interface_ in interfaces:
|
|
808
|
-
port = self.get_port(port_id=interface_.port_id)
|
|
809
|
-
ips = port.fixed_ips
|
|
810
|
-
lb_network = False
|
|
811
|
-
for ip in ips:
|
|
812
|
-
if ip.ip_address == amphora.lb_network_ip:
|
|
813
|
-
lb_network = True
|
|
814
|
-
if not lb_network:
|
|
815
|
-
ports.append(port)
|
|
816
|
-
|
|
817
|
-
for port in ports:
|
|
818
|
-
try:
|
|
819
|
-
neutron_port = self.neutron_client.show_port(
|
|
820
|
-
port.id).get(constants.PORT)
|
|
821
|
-
device_id = neutron_port['device_id']
|
|
822
|
-
start = int(time.time())
|
|
823
|
-
|
|
824
|
-
while device_id:
|
|
825
|
-
time.sleep(CONF.networking.retry_interval)
|
|
826
|
-
neutron_port = self.neutron_client.show_port(
|
|
827
|
-
port.id).get(constants.PORT)
|
|
828
|
-
device_id = neutron_port['device_id']
|
|
829
|
-
|
|
830
|
-
timed_out = int(time.time()) - start >= port_detach_timeout
|
|
831
|
-
|
|
832
|
-
if device_id and timed_out:
|
|
833
|
-
message = ('Port %s failed to detach (device_id %s) '
|
|
834
|
-
'within the required time (%s s).' %
|
|
835
|
-
(port.id, device_id, port_detach_timeout))
|
|
836
|
-
raise base.TimeoutException(message)
|
|
837
|
-
|
|
838
|
-
except (neutron_client_exceptions.NotFound,
|
|
839
|
-
neutron_client_exceptions.PortNotFoundClient):
|
|
840
|
-
pass
|
|
841
|
-
|
|
842
800
|
def delete_port(self, port_id):
|
|
843
801
|
"""delete a neutron port.
|
|
844
802
|
|
|
@@ -846,9 +804,8 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
846
804
|
:returns: None
|
|
847
805
|
"""
|
|
848
806
|
try:
|
|
849
|
-
self.
|
|
850
|
-
except
|
|
851
|
-
neutron_client_exceptions.PortNotFoundClient):
|
|
807
|
+
self.network_proxy.delete_port(port_id)
|
|
808
|
+
except os_exceptions.ResourceNotFound:
|
|
852
809
|
LOG.debug('VIP instance port %s already deleted. Skipping.',
|
|
853
810
|
port_id)
|
|
854
811
|
except Exception as e:
|
|
@@ -862,10 +819,9 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
862
819
|
:returns: None
|
|
863
820
|
"""
|
|
864
821
|
try:
|
|
865
|
-
self.
|
|
866
|
-
port_id,
|
|
867
|
-
except
|
|
868
|
-
neutron_client_exceptions.PortNotFoundClient) as e:
|
|
822
|
+
self.network_proxy.update_port(
|
|
823
|
+
port_id, admin_state_up=state)
|
|
824
|
+
except os_exceptions.ResourceNotFound as e:
|
|
869
825
|
raise base.PortNotFound(str(e))
|
|
870
826
|
except Exception as e:
|
|
871
827
|
raise exceptions.NetworkServiceError(net_error=str(e))
|
|
@@ -904,11 +860,11 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
904
860
|
if security_group_ids:
|
|
905
861
|
port[constants.SECURITY_GROUPS] = security_group_ids
|
|
906
862
|
|
|
907
|
-
new_port = self.
|
|
863
|
+
new_port = self.network_proxy.create_port(**port)
|
|
908
864
|
|
|
909
865
|
LOG.debug('Created port: %(port)s', {constants.PORT: new_port})
|
|
910
866
|
|
|
911
|
-
return utils.
|
|
867
|
+
return utils.convert_port_to_model(new_port)
|
|
912
868
|
except Exception as e:
|
|
913
869
|
message = _('Error creating a port on network '
|
|
914
870
|
'{network_id} due to {error}.').format(
|
|
@@ -925,14 +881,15 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|
|
925
881
|
"""
|
|
926
882
|
try:
|
|
927
883
|
if self.sec_grp_enabled and sg_name:
|
|
928
|
-
sec_grps = self.
|
|
929
|
-
|
|
930
|
-
|
|
931
|
-
|
|
932
|
-
|
|
933
|
-
|
|
934
|
-
name
|
|
935
|
-
|
|
884
|
+
sec_grps = self.network_proxy.security_groups(name=sg_name)
|
|
885
|
+
try:
|
|
886
|
+
sg = next(sec_grps)
|
|
887
|
+
return utils.convert_security_group_to_model(sg)
|
|
888
|
+
except StopIteration:
|
|
889
|
+
# pylint: disable=raise-missing-from
|
|
890
|
+
message = _('Security group {name} not found.').format(
|
|
891
|
+
name=sg_name)
|
|
892
|
+
raise base.SecurityGroupNotFound(message)
|
|
936
893
|
return None
|
|
937
894
|
except base.SecurityGroupNotFound:
|
|
938
895
|
raise
|