def _delete_vip_security_group(self, sec_grp):
"""Deletes a security group in neutron.
Retries upon an exception because removing a security group from
a neutron port does not happen immediately.
"""
attempts = 0
while attempts <= CONF.networking.max_retries:
try:
self.neutron_client.delete_security_group(sec_grp)
LOG.info("Deleted security group %s", sec_grp)
return
except neutron_client_exceptions.NotFound:
LOG.info(
"Security group %s not found, will assume it is "
"already deleted", sec_grp)
return
except Exception:
LOG.warning(
"Attempt %(attempt)s to remove security group "
"%(sg)s failed.", {
'attempt': attempts + 1,
'sg': sec_grp
})
attempts += 1
time.sleep(CONF.networking.retry_interval)
message = _("All attempts to remove security group {0} have "
"failed.").format(sec_grp)
LOG.exception(message)
raise base.DeallocateVIPException(message)
def deallocate_vip(self, vip):
try:
port = self.get_port(vip.port_id)
except base.PortNotFound:
LOG.warning("Can't deallocate VIP because the vip port {0} "
"cannot be found in neutron. "
"Continuing cleanup.".format(vip.port_id))
port = None
if port and port.device_owner == constants.DEVICE_OWNER_LISTENER:
try:
self.neutron_client.delete_port(vip.port_id)
except (neutron_client_exceptions.NotFound,
neutron_client_exceptions.PortNotFoundClient):
LOG.debug('VIP port %s already deleted. Skipping.',
vip.port_id)
except Exception:
message = _('Error deleting VIP port_id {port_id} from '
'neutron').format(port_id=vip.port_id)
LOG.exception(message)
raise base.DeallocateVIPException(message)
elif port:
LOG.info(
"Port %s will not be deleted by Octavia as it was "
"not created by Octavia.", vip.port_id)
def deallocate_vip(self, vip):
"""Delete the vrrp_port (instance port) in case nova didn't
This can happen if a failover has occurred.
"""
for amphora in six.moves.filter(self._filter_amphora,
vip.load_balancer.amphorae):
try:
self.neutron_client.delete_port(amphora.vrrp_port_id)
except (neutron_client_exceptions.NotFound,
neutron_client_exceptions.PortNotFoundClient):
LOG.debug('VIP instance port %s already deleted. Skipping.',
amphora.vrrp_port_id)
try:
port = self.get_port(vip.port_id)
except base.PortNotFound:
msg = ("Can't deallocate VIP because the vip port {0} cannot be "
"found in neutron".format(vip.port_id))
raise base.VIPConfigurationNotFound(msg)
self._delete_security_group(vip, port)
if port.device_owner == OCTAVIA_OWNER:
try:
self.neutron_client.delete_port(vip.port_id)
except Exception:
message = _('Error deleting VIP port_id {port_id} from '
'neutron').format(port_id=vip.port_id)
LOG.exception(message)
raise base.DeallocateVIPException(message)
else:
LOG.info(
"Port %s will not be deleted by Octavia as it was "
"not created by Octavia.", vip.port_id)
def deallocate_vip(self, vip):
# Delete the vrrp_port (instance port) in case nova didn't
# This can happen if a failover has occurred.
try:
for amphora in six.moves.filter(
lambda amp: amp.status == constants.AMPHORA_ALLOCATED,
vip.load_balancer.amphorae):
self.neutron_client.delete_port(amphora.vrrp_port_id)
except (neutron_client_exceptions.NotFound,
neutron_client_exceptions.PortNotFoundClient):
LOG.debug('VIP instance port {0} already deleted. '
'Skipping.'.format(amphora.vrrp_port_id))
try:
port = self.get_port(vip.port_id)
except base.PortNotFound:
msg = ("Can't deallocate VIP because the vip port {0} cannot be "
"found in neutron".format(vip.port_id))
raise base.VIPConfigurationNotFound(msg)
if port.device_owner != OCTAVIA_OWNER:
LOG.info(
_LI("Port %s will not be deleted by Octavia as it was "
"not created by Octavia."), vip.port_id)
if self.sec_grp_enabled:
sec_grp = self._get_lb_security_group(vip.load_balancer.id)
sec_grp = sec_grp.get('id')
LOG.info(
_LI("Removing security group %(sg)s from port %(port)s"), {
'sg': sec_grp,
'port': vip.port_id
})
raw_port = self.neutron_client.show_port(port.id)
sec_grps = raw_port.get('port', {}).get('security_groups', [])
if sec_grp in sec_grps:
sec_grps.remove(sec_grp)
port_update = {'port': {'security_groups': sec_grps}}
self.neutron_client.update_port(port.id, port_update)
self._delete_vip_security_group(sec_grp)
return
try:
self.neutron_client.delete_port(vip.port_id)
except Exception:
message = _LE('Error deleting VIP port_id {port_id} from '
'neutron').format(port_id=vip.port_id)
LOG.exception(message)
raise base.DeallocateVIPException(message)
if self.sec_grp_enabled:
sec_grp = self._get_lb_security_group(vip.load_balancer.id)
sec_grp = sec_grp.get('id')
self._delete_vip_security_group(sec_grp)
def _cleanup_port(self, vip_port_id, port):
try:
self.neutron_client.delete_port(port['id'])
except (neutron_client_exceptions.NotFound,
neutron_client_exceptions.PortNotFoundClient):
if port['id'] == vip_port_id:
LOG.debug('VIP port %s already deleted. Skipping.', port['id'])
else:
LOG.warning("Can't deallocate instance port {0} because it "
"cannot be found in neutron. "
"Continuing cleanup.".format(port['id']))
except Exception:
message = _('Error deleting VIP port_id {port_id} from '
'neutron').format(port_id=port['id'])
LOG.exception(message)
raise base.DeallocateVIPException(message)
def deallocate_vip(self, vip):
"""Delete the vrrp_port (instance port) in case nova didn't
This can happen if a failover has occurred.
"""
for amphora in vip.load_balancer.amphorae:
try:
auxiliary_port_id = (amphora.vrrp_port_id if
amphora.vrrp_port_id else
amphora.frontend_port_id)
self.neutron_client.delete_port(auxiliary_port_id)
except (neutron_client_exceptions.NotFound,
neutron_client_exceptions.PortNotFoundClient):
LOG.debug('VIP instance port %s already deleted. Skipping.',
amphora.vrrp_port_id)
try:
port = self.get_port(vip.port_id)
except base.PortNotFound:
LOG.warning("Can't deallocate VIP because the vip port {0} "
"cannot be found in neutron. "
"Continuing cleanup.".format(vip.port_id))
port = None
self._delete_security_group(vip, port)
if port and port.device_owner == OCTAVIA_OWNER:
try:
self.neutron_client.delete_port(vip.port_id)
except (neutron_client_exceptions.NotFound,
neutron_client_exceptions.PortNotFoundClient):
LOG.debug('VIP port %s already deleted. Skipping.',
vip.port_id)
except Exception:
message = _('Error deleting VIP port_id {port_id} from '
'neutron').format(port_id=vip.port_id)
LOG.exception(message)
raise base.DeallocateVIPException(message)
elif port:
LOG.info("Port %s will not be deleted by Octavia as it was "
"not created by Octavia.", vip.port_id)
def deallocate_vip(self, vip):
try:
port = self.get_port(vip.port_id)
except base.PortNotFound:
msg = ("Can't deallocate VIP because the vip port {0} cannot be "
"found in neutron".format(vip.port_id))
raise base.VIPConfigurationNotFound(msg)
if port.device_owner != OCTAVIA_OWNER:
LOG.info(
_LI("Port %s will not be deleted by Octavia as it was "
"not created by Octavia."), vip.port_id)
if self.sec_grp_enabled:
sec_grp = self._get_lb_security_group(vip.load_balancer.id)
sec_grp = sec_grp.get('id')
LOG.info(
_LI("Removing security group %(sg)s from port %(port)s"), {
'sg': sec_grp,
'port': vip.port_id
})
raw_port = self.neutron_client.show_port(port.id)
sec_grps = raw_port.get('port', {}).get('security_groups', [])
if sec_grp in sec_grps:
sec_grps.remove(sec_grp)
port_update = {'port': {'security_groups': sec_grps}}
self.neutron_client.update_port(port.id, port_update)
self._delete_vip_security_group(sec_grp)
return
try:
self.neutron_client.delete_port(vip.port_id)
except Exception:
message = _LE('Error deleting VIP port_id {port_id} from '
'neutron').format(port_id=vip.port_id)
LOG.exception(message)
raise base.DeallocateVIPException(message)
if self.sec_grp_enabled:
sec_grp = self._get_lb_security_group(vip.load_balancer.id)
sec_grp = sec_grp.get('id')
self._delete_vip_security_group(sec_grp)
