Bug 1948546: Allow all networking interfaces to be defined as ports

[iamemilio]

Rather than require users to use the networks and subnets to define a
networking interface for an instance, users should be able to just
define them using the ports api if they choose to. This removes
validation checking that a user entered at least one network and subnet,
and insteand checks that a user entered at least one network, subnet, or
port.

Fixes Bug 1948546:
The correct way to configure the OpenStack provider spec in a machineset with interfaces on networks with port security disabled is now as follows in the example below. This is because it is impossible to attach networks with port security enabled when a security group is set on the instance. It will fail with: Network requires port_security_enabled and subnet associated in order to apply security groups.

      providerSpec:
        value:
          apiVersion: openstackproviderconfig.openshift.io/v1alpha1
          cloudName: openstack
          cloudsSecret:
            name: openstack-cloud-credentials
            namespace: openshift-machine-api
          flavor: ci.m1.xlarge
          image: rhcos-4.8
          kind: OpenstackProviderSpec
          metadata:
            creationTimestamp: null
          ports:
          - allowedAddressPairs:       # node port to communicate with cluster on machine subnet
            - ipAddress: 10.0.128.7    # ingress vip port
            - ipAddress: 10.0.128.5    # api vip port
            fixedIPs:
            - subnetID: eba0e7cc-b4df-426d-ba97-16fc770cd202
            nameSuffix: nodes
            networkID: ff5ac995-84b3-4494-ab2d-2eb3accf7f15
            securityGroups:            # attach the workers security group here
            - 1f8e583d-3f80-49f6-8628-de081e26d8fb
          - fixedIPs:                  # example port on network without port security
            - subnetID: 55028db4-8979-4f18-a38c-6074c2965c08
            nameSuffix: noPortSecurity
            networkID: bf01893c-2a9c-4695-b8c1-c43129e5efdd
          primarySubnet: eba0e7cc-b4df-426d-ba97-16fc770cd202  # must set this when attaching more than one port
          serverMetadata:
            Name: emilio-ggfm6-worker
            openshiftClusterID: emilio-ggfm6
          tags:
          - openshiftClusterID=emilio-ggfm6
          trunk: false
          userDataSecret:
            name: worker-user-data

[openshift-ci-robot]

@iamemilio: This pull request references Bugzilla bug 1948546, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.8.0) matches configured target release for branch (4.8.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (itbrown@redhat.com), skipping review request.

In response to this:

Bug 1948546: Allow all networking interfaces to be defined as ports

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[iamemilio]

/retest

[iamemilio]

/retest

[adduarte]

Looks good. But we should point out that the user should only define eithe rhet networkID or the subnetID, if they define both, they will have to make sure they match.

[iamemilio]

Neutron is already going to prevent them from doing this. I don't think we are responsible for explaining very basic port creation information to users. If they make this mistake, they will figure it out pretty quickly from reading the logs. We also dont keep documentation on the OpenStack provider config for the machine api.

W0428 10:14:44.715574  545770 controller.go:317] emilio-ggfm6-worker-test-1-27twn: failed to create machine: error creating Openstack instance: Bad request with: [POST https://rhos-d.infra.prod.upshift.rdu2.redhat.com:13696/v2.0/ports], error message: {"NeutronError": {"type": "InvalidInput", "message": "Invalid input for operation: Failed to create port on network ff5ac995-84b3-4494-ab2d-2eb3accf7f15, because fixed_ips included invalid subnet eba0e7cc-b4df-426d-ba97-16fc770cd202.", "detail": ""}}

[adduarte]

This installed and ran e2e succesfully. so it looks good to me.

[adduarte]

/lgtm

[iamemilio]

/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: iamemilio

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [iamemilio]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@iamemilio: All pull requests linked via external trackers have merged:

• openshift/cluster-api-provider-openstack#175
• openshift/cluster-api-provider-openstack#179

Bugzilla bug 1948546 has been moved to the MODIFIED state.

In response to this:

Bug 1948546: Allow all networking interfaces to be defined as ports

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.