Cloud is easy. It is networking that is hard.
Red Hat supports installing OpenShift on OpenStack. As a Cloud SA, I need to be able to demonstrate this, and make it work for customers. As I was playing around with it, I found I could not tear down clusters due to a dependency issue with ports.
When building and tearing down network structures with Ansible, I had learned the hard way that there were dependencies. Routers came down before subnets, and so one. But the latest round had me scratching my head. I could not get ports to delete, and the error message was not a help.
I was able to figure out that the ports linked to security groups. In fact, I could unset almost all of the dependencies using the port set command line. For example:
openstack port set openshift-q5nqj-master-port-1 --no-security-group --no-allowed-address --no-tag --no-fixed-ip |
However, I still could not delete the ports. I did notice that there was a trunk_+details section at the bottom of the port show output:
trunk_details | {'trunk_id': 'dd1609af-4a90-4a9e-9ea4-5f89c63fb9ce', 'sub_ports': []} |
But there is no way to “unset” that. It turns out I had it backwards. You need to delete the port first. A message from Kristi Nikolla:
the port is set as the parent for a “trunk” so you need to delete the trunk firs
Kristi In IRC
<pre lang="bash">curl -H "x-auth-token: $TOKEN" https://kaizen.massopen.cloud:13696/v2.0/trunks/</pre>
It turns out that you can do this with the CLI…at least I could.
$ openstack network trunk show 01a19e41-49c6-467c-a726-404ffedccfbb |
| Field | Value |
| admin_state_up | UP |
| created_at | 2019-11-04T02:58:08Z |
| description | |
| id | 01a19e41-49c6-467c-a726-404ffedccfbb |
| name | openshift-zq7wj-master-trunk-1 |
| port_id | 6f4d1ecc-934b-4d29-9fdd-077ffd48b7d8 |
| project_id | b9f1401936314975974153d78b78b933 |
| revision_number | 3 |
| status | DOWN |
| sub_ports | |
| tags | [‘openshiftClusterID=openshift-zq7wj’] |
| tenant_id | b9f1401936314975974153d78b78b933 |
| updated_at | 2019-11-04T03:09:49Z |
Here is the script I used to delete them. Notice that the status was DOWN for all of the ports I wanted gone.
for PORT in $( openstack port list | awk '/DOWN/ {print $2}' ); do TRUNK_ID=$( openstack port show $PORT -f json | jq -r '.trunk_details | .trunk_id ') ; echo port $PORT has trunk $TRUNK_ID; openstack network trunk delete $TRUNK_ID ; done |
Kristi had used the curl command because he did not have the network trunk option in his CLI. Turns out he needed to install python-neutronclient first.