Bug 1916692: OpenStack: Delete leftover LBs when destroying cluster

[mandre]

If the user destroyed a cluster without removing all the associated
service LBs, the destroy command would fail to remove the network
and loop until it hits the timeout.

The destroy command now looks if there are any leftover LBs where its
VipNetworkID matches the network ID and deprovisions it. We filter on
services LBs created by the openstack cloud provider, matching the
Kubernetes external service string in the description [1], to ensure
we're not destroying a user-created resource by mistake.

[1] https://github.com/openshift/kubernetes/blob/442a69c/staging/src/k8s.io/legacy-cloud-providers/openstack/openstack_loadbalancer.go#L446

[openshift-ci-robot]

@mandre: This pull request references Bugzilla bug 1916692, which is invalid:

• expected the bug to target the "4.7.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Bug 1916692: OpenStack: Delete leftover LBs when destroying cluster

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mandre]

/bugzilla refresh

[openshift-ci-robot]

@mandre: This pull request references Bugzilla bug 1916692, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mandre]

/bugzilla refresh

[openshift-ci-robot]

@mandre: This pull request references Bugzilla bug 1916692, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mandre]

/label platform/openstack

[luis5tb]

perhaps this should rely on Loadbalancer tags rather than text on the description

[mandre]

We can't. The in-tree cloud provider doesn't tag the LB resources.

[Fedosin]

deleteLeftoverLoadBalancers returns bool and error. are you going to handle it?

[mandre]

I wasn't planning to. I don't want to change the return value of deleteNetworks() based on the return of deleteLeftoverLoadBalancers(), since this would only be triggered when deleteNetworks() has failed already.

IMO, the destroy module needs a good refactoring that I don't want to commit to right now.

[Fedosin]

I mean you created a new function deleteLeftoverLoadBalancers and it returns two values that you ignore later. I think we need to either change the signature of the function, or handle the returned values properly.

[mandre]

OK, I changed the signature. PTAL.

[Fedosin]

I suggest to handle ErrDefault403 errors separately to prevent situations when a user doesn't have permissions to list load balancers

[mandre]

Hmm, this is a pattern we're using all over the place in this file, and if we wanted to treat 403 differently I think we should do it in a separate change.
How do you suggest we should handle a ErrDefault403 ?

[Fedosin]

if err != nil {
    var gerr gophercloud.ErrDefault403
    if !errors.As(err, &gerr) {
        logger.Debugf("It's forbidden to list load balancers")
        return true, nil
    }
    logger.Error(err)
    return false, nil
}

[bogdando]

here you use it as a pointer type, and below in the similar clause, as a refular type. This doesn't look consistent?

[bogdando]

please compare to the line #660

[Fedosin]

Actually this is correct... This is how errors in gophercloud are organized

[mandre]

/retest

[openshift-ci]

@mandre: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-workers-rhel7	003baff	link	/test e2e-aws-workers-rhel7

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[Fedosin]

/approve
/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Fedosin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• pkg/destroy/openstack/OWNERS [Fedosin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@mandre: All pull requests linked via external trackers have merged:

• openshift/installer#4563

Bugzilla bug 1916692 has been moved to the MODIFIED state.

Details

In response to this:

Bug 1916692: OpenStack: Delete leftover LBs when destroying cluster

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.