security group rules need to be added or removed when listeners are added or removed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
octavia |
Fix Released
|
Critical
|
Brandon Logan |
Bug Description
This applies to the allowed address pairs driver, but really applies to any driver implementation.
When a listener is created, the security group created for a load balancer needs to be updated to allow tcp traffic to the port specified in the listener's protocol_port. Consequently, when a listener is removed that security group rule should be removed as well.
This would best be solved by having a vip_update (or just update) method defined in the network driver interface. It shouldn't need to be implemented so it wouldn't be an @abstractmethod. It however would always be called upon a listener create, update, and delete. I don't see a need for it being called in pool, member, or health monitor operations yet, but it should be done when its decided it is needed.
Changed in octavia: | |
importance: | Undecided → Critical |
assignee: | nobody → Brandon Logan (brandon-logan) |
Changed in octavia: | |
milestone: | none → 0.5 |
Changed in octavia: | |
status: | Fix Committed → Fix Released |
Reviewed: https:/ /review. openstack. org/182523 /git.openstack. org/cgit/ stackforge/ octavia/ commit/ ?id=913b6a8514b 6c01b2acd0b11ff 83c4e8b80e062e
Committed: https:/
Submitter: Jenkins
Branch: master
commit 913b6a8514b6c01 b2acd0b11ff83c4 e8b80e062e
Author: Brandon Logan <email address hidden>
Date: Tue May 12 20:46:42 2015 -0500
Added update_vip method to network driver
There needed to be a method to update the security group rules whenever
a listener is added or removed. The update_vip method will not update those
rules based on what listener's are present.
Also changed the allocate_vip method to take in a load_balancer instead of
port_id, network_id, and/or ip_address. The reason for this is some driver
implementations may just want the vip to be the IP directly on the amphora.
The previous signature did not allow this.
Closes-Bug: #1453609
Closes-Bug: #1453610
Change-Id: Ie5765c231c6f6b a45042db9b111e6 814cf50c465