From 173280ed76434f0b025dbf47f7774c682d5836f0 Mon Sep 17 00:00:00 2001 From: Philipp Bucher Date: Thu, 12 Sep 2024 16:06:51 +0200 Subject: [PATCH] FIX: Use subnet cidr for member secgroup rules to support amphora VRRP_IP --- lib/charms/layer/openstack.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/charms/layer/openstack.py b/lib/charms/layer/openstack.py index 708c523..71281e0 100644 --- a/lib/charms/layer/openstack.py +++ b/lib/charms/layer/openstack.py @@ -478,6 +478,7 @@ def __init__(self, app_name, port, subnet, algorithm, fip_net, manage_secgrps): self.member_sg_id = None self.fip = None self.address = None + self.subnet_cidr = None self.members = set() self.is_created = False self._impl = self._get_impl() @@ -541,6 +542,7 @@ def create(self): log("Created load balancer {} ({})", self.name, lb_info["id"]) self._wait_lb_not_pending() self.address = lb_info["vip_address"] + self.subnet_cidr = self._impl.get_subnet_cidr(self.subnet) if self.manage_secgrps: sg_id = self._impl.find_secgrp(self.name) @@ -743,8 +745,8 @@ def _add_member_sg(self, member): not in _openstack("port", "show", port_id)["security_group_ids"] ): self._impl.set_port_secgrp(port_id, self.member_sg_id) - if not self._find_matching_sg_rule(self.member_sg_id, self.address, port): - self._impl.create_sg_rule(self.member_sg_id, self.address, port) + if not self._find_matching_sg_rule(self.member_sg_id, self.subnet_cidr, port): + self._impl.create_sg_rule(self.member_sg_id, self.subnet_cidr, port) def delete(self): """Delete this loadbalancer and all of its resources."""