Release Openstack Floating IP on deletion if it was newly allocated (#439)

* Add finalizer to machine when associating a new floating ip

* Release floating ip on Cleanup

* Store floating ip id for cleanup in annotation

* Improve error wording

* Fix linting

* Simplify cleanup

* Simplify floating ip id reading

* PR feedback

* Error out if cloud provider env creation failed

Author: alvaroaleman

hack/ci-e2e-test.sh

@@ -51,7 +51,12 @@ for try in {1..20}; do
   echo "Creating environment at cloud provider."
   terraform import hcloud_ssh_key.default 265119
   terraform apply -auto-approve
-  if [[ $? == 0 ]]; then break; fi
+  TF_RC=$?
+  if [[ $TF_RC == 0 ]]; then break; fi
+  if [[ $TF_RC != 0 ]] && [[ $try -eq 20 ]]; then
+    echo "Creating cloud provider env failed!"
+    exit 1
+  fi
   echo "Sleeping for $try seconds"
   sleep ${try}s
 done

pkg/cloudprovider/provider/openstack/helper.go

@@ -6,8 +6,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/golang/glog"
-
 	"github.com/gophercloud/gophercloud"
 	goopenstack "github.com/gophercloud/gophercloud/openstack"
 	osavailabilityzones "github.com/gophercloud/gophercloud/openstack/compute/v2/extensions/availabilityzones"
@@ -328,66 +326,6 @@ func getFreeFloatingIPs(client *gophercloud.ProviderClient, region string, float
 	return freeFIPs, nil
 }
 
-func assignFloatingIPToInstance(client *gophercloud.ProviderClient, instanceID, floatingIPPoolName, region string, network *osnetworks.Network) error {
-	port, err := getInstancePort(client, region, instanceID, network.ID)
-	if err != nil {
-		return fmt.Errorf("failed to get instance port for network %s in region %s: %v", network.ID, region, err)
-	}
-
-	netClient, err := goopenstack.NewNetworkV2(client, gophercloud.EndpointOpts{Region: region})
-	if err != nil {
-		return fmt.Errorf("failed to create the networkv2 client for region %s: %v", region, err)
-	}
-
-	floatingIPPool, err := getNetwork(client, region, floatingIPPoolName)
-	if err != nil {
-		return osErrorToTerminalError(err, fmt.Sprintf("failed to get floating ip pool %q", floatingIPPoolName))
-	}
-
-	// We're only interested in the part which is vulnerable to concurrent access
-	started := time.Now()
-	glog.V(2).Infof("Assigning a floating IP to instance %s", instanceID)
-
-	floatingIPAssignLock.Lock()
-	defer floatingIPAssignLock.Unlock()
-
-	freeFloatingIps, err := getFreeFloatingIPs(client, region, floatingIPPool)
-	if err != nil {
-		return osErrorToTerminalError(err, "failed to get free floating ips")
-	}
-
-	var ip *osfloatingips.FloatingIP
-	if len(freeFloatingIps) < 1 {
-		if ip, err = createFloatingIP(client, region, port.ID, floatingIPPool); err != nil {
-			return osErrorToTerminalError(err, "failed to allocate a floating ip")
-		}
-	} else {
-		freeIP := freeFloatingIps[0]
-		ip, err = osfloatingips.Update(netClient, freeIP.ID, osfloatingips.UpdateOpts{
-			PortID: &port.ID,
-		}).Extract()
-		if err != nil {
-			return fmt.Errorf("failed to update FloatingIP %s(%s): %v", freeIP.ID, freeIP.FloatingIP, err)
-		}
-
-		// We're now going to wait 3 seconds and check if the IP is still ours. If not, we're going to fail
-		// On our reference system it took ~3 seconds for a full FloatingIP allocation (Including creating a new one). It took ~600ms just for assigning one.
-		time.Sleep(floatingReassignIPCheckPeriod)
-		currentIP, err := osfloatingips.Get(netClient, ip.ID).Extract()
-		if err != nil {
-			return fmt.Errorf("failed to load FloatingIP %s after assignment has been done: %v", ip.FloatingIP, err)
-		}
-		// Verify if the port is still the one we set it to
-		if currentIP.PortID != port.ID {
-			return fmt.Errorf("floatingIP %s got reassigned", currentIP.FloatingIP)
-		}
-	}
-	secondsTook := time.Since(started).Seconds()
-
-	glog.V(2).Infof("Successfully assigned the FloatingIP %s to instance %s. Took %f seconds(without the recheck wait period %f seconds). ", ip.FloatingIP, instanceID, secondsTook, floatingReassignIPCheckPeriod.Seconds())
-	return nil
-}
-
 func createFloatingIP(client *gophercloud.ProviderClient, region, portID string, floatingIPPool *osnetworks.Network) (*osfloatingips.FloatingIP, error) {
 	netClient, err := goopenstack.NewNetworkV2(client, gophercloud.EndpointOpts{Region: region})
 	if err != nil {

pkg/cloudprovider/provider/openstack/provider.go

@@ -14,6 +14,8 @@ import (
 	osextendedstatus "github.com/gophercloud/gophercloud/openstack/compute/v2/extensions/extendedstatus"
 	"github.com/gophercloud/gophercloud/openstack/compute/v2/extensions/keypairs"
 	osservers "github.com/gophercloud/gophercloud/openstack/compute/v2/servers"
+	osfloatingips "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/layer3/floatingips"
+	osnetworks "github.com/gophercloud/gophercloud/openstack/networking/v2/networks"
 	"github.com/gophercloud/gophercloud/pagination"
 
 	"github.com/kubermatic/machine-controller/pkg/cloudprovider/cloud"
@@ -24,12 +26,18 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
 
 	"sigs.k8s.io/cluster-api/pkg/apis/cluster/common"
 	"sigs.k8s.io/cluster-api/pkg/apis/cluster/v1alpha1"
 )
 
+const (
+	floatingIPReleaseFinalizer = "kubermatic.io/release-openstack-floating-ip"
+	floatingIPIDAnnotationKey  = "kubermatic.io/release-openstack-floating-ip"
+)
+
 type provider struct {
 	configVarResolver *providerconfig.ConfigVarResolver
 }
@@ -349,7 +357,7 @@ func (p *provider) Validate(spec v1alpha1.MachineSpec) error {
 	return nil
 }
 
-func (p *provider) Create(machine *v1alpha1.Machine, _ *cloud.MachineCreateDeleteData, userdata string) (instance.Instance, error) {
+func (p *provider) Create(machine *v1alpha1.Machine, machineCreateDeleteData *cloud.MachineCreateDeleteData, userdata string) (instance.Instance, error) {
 	c, _, _, err := p.getConfig(machine.Spec.ProviderConfig)
 	if err != nil {
 		return nil, cloudprovidererrors.TerminalError{
@@ -423,7 +431,7 @@ func (p *provider) Create(machine *v1alpha1.Machine, _ *cloud.MachineCreateDelet
 
 	// Find a free FloatingIP or allocate a new one
 	if c.FloatingIPPool != "" {
-		if err := assignFloatingIPToInstance(client, server.ID, c.FloatingIPPool, c.Region, network); err != nil {
+		if err := assignFloatingIPToInstance(machineCreateDeleteData.Updater, machine, client, server.ID, c.FloatingIPPool, c.Region, network); err != nil {
 			defer deleteInstanceDueToFatalLogged(computeClient, server.ID)
 			return nil, fmt.Errorf("failed to assign a floating ip to instance %s: %v", server.ID, err)
 		}
@@ -475,10 +483,20 @@ func deleteInstanceDueToFatalLogged(computeClient *gophercloud.ServiceClient, se
 	glog.V(0).Infof("Instance %s got deleted", serverID)
 }
 
-func (p *provider) Cleanup(machine *v1alpha1.Machine, _ *cloud.MachineCreateDeleteData) (bool, error) {
+func (p *provider) Cleanup(machine *v1alpha1.Machine, machineCreateDeleteData *cloud.MachineCreateDeleteData) (bool, error) {
+	var hasFloatingIPReleaseFinalizer bool
+	if finalizers := sets.NewString(machine.Finalizers...); finalizers.Has(floatingIPReleaseFinalizer) {
+		hasFloatingIPReleaseFinalizer = true
+	}
+
 	instance, err := p.Get(machine)
 	if err != nil {
 		if err == cloudprovidererrors.ErrInstanceNotFound {
+			if hasFloatingIPReleaseFinalizer {
+				if err := p.cleanupFloatingIP(machine, machineCreateDeleteData.Updater); err != nil {
+					return false, fmt.Errorf("failed to clean up floating ip: %v", err)
+				}
+			}
 			return true, nil
 		}
 		return false, err
@@ -502,10 +520,14 @@ func (p *provider) Cleanup(machine *v1alpha1.Machine, _ *cloud.MachineCreateDele
 		return false, osErrorToTerminalError(err, "failed to get compute client")
 	}
 
-	if err := osservers.Delete(computeClient, instance.ID()).ExtractErr(); err != nil {
+	if err := osservers.Delete(computeClient, instance.ID()).ExtractErr(); err != nil && err.Error() != "Resource not found" {
 		return false, osErrorToTerminalError(err, "failed to delete instance")
 	}
 
+	if hasFloatingIPReleaseFinalizer {
+		return false, p.cleanupFloatingIP(machine, machineCreateDeleteData.Updater)
+	}
+
 	return false, nil
 }
 
@@ -733,3 +755,109 @@ type forbiddenResponse struct {
 		Code    int    `json:"code"`
 	} `json:"forbidden"`
 }
+
+func (p *provider) cleanupFloatingIP(machine *v1alpha1.Machine, updater cloud.MachineUpdater) error {
+	floatingIPID, exists := machine.Annotations[floatingIPIDAnnotationKey]
+	if !exists {
+		return osErrorToTerminalError(fmt.Errorf("failed to release floating ip"),
+			fmt.Sprintf("%s finalizer exists but %s annotation does not", floatingIPReleaseFinalizer, floatingIPIDAnnotationKey))
+	}
+
+	c, _, _, err := p.getConfig(machine.Spec.ProviderConfig)
+	if err != nil {
+		return cloudprovidererrors.TerminalError{
+			Reason:  common.InvalidConfigurationMachineError,
+			Message: fmt.Sprintf("Failed to parse MachineSpec, due to %v", err),
+		}
+	}
+
+	client, err := getClient(c)
+	if err != nil {
+		return osErrorToTerminalError(err, "failed to get a openstack client")
+	}
+	netClient, err := goopenstack.NewNetworkV2(client, gophercloud.EndpointOpts{Region: c.Region})
+	if err != nil {
+		return fmt.Errorf("failed to create the networkv2 client for region %s: %v", c.Region, err)
+	}
+	if err := osfloatingips.Delete(netClient, floatingIPID).ExtractErr(); err != nil && err.Error() != "Resource not found" {
+		return fmt.Errorf("failed to delete floating ip %s: %v", floatingIPID, err)
+	}
+	if _, err := updater(machine, func(m *v1alpha1.Machine) {
+		finalizers := sets.NewString(m.Finalizers...)
+		finalizers.Delete(floatingIPReleaseFinalizer)
+		m.Finalizers = finalizers.List()
+	}); err != nil {
+		return fmt.Errorf("failed to delete %s finalizer from Machine: %v", floatingIPReleaseFinalizer, err)
+	}
+
+	return nil
+}
+
+func assignFloatingIPToInstance(machineUpdater cloud.MachineUpdater, machine *v1alpha1.Machine, client *gophercloud.ProviderClient, instanceID, floatingIPPoolName, region string, network *osnetworks.Network) error {
+	port, err := getInstancePort(client, region, instanceID, network.ID)
+	if err != nil {
+		return fmt.Errorf("failed to get instance port for network %s in region %s: %v", network.ID, region, err)
+	}
+
+	netClient, err := goopenstack.NewNetworkV2(client, gophercloud.EndpointOpts{Region: region})
+	if err != nil {
+		return fmt.Errorf("failed to create the networkv2 client for region %s: %v", region, err)
+	}
+
+	floatingIPPool, err := getNetwork(client, region, floatingIPPoolName)
+	if err != nil {
+		return osErrorToTerminalError(err, fmt.Sprintf("failed to get floating ip pool %q", floatingIPPoolName))
+	}
+
+	// We're only interested in the part which is vulnerable to concurrent access
+	started := time.Now()
+	glog.V(2).Infof("Assigning a floating IP to instance %s", instanceID)
+
+	floatingIPAssignLock.Lock()
+	defer floatingIPAssignLock.Unlock()
+
+	freeFloatingIps, err := getFreeFloatingIPs(client, region, floatingIPPool)
+	if err != nil {
+		return osErrorToTerminalError(err, "failed to get free floating ips")
+	}
+
+	var ip *osfloatingips.FloatingIP
+	if len(freeFloatingIps) < 1 {
+		if ip, err = createFloatingIP(client, region, port.ID, floatingIPPool); err != nil {
+			return osErrorToTerminalError(err, "failed to allocate a floating ip")
+		}
+		if _, err = machineUpdater(machine, func(m *v1alpha1.Machine) {
+			m.Finalizers = append(m.Finalizers, floatingIPReleaseFinalizer)
+			if m.Annotations == nil {
+				m.Annotations = map[string]string{}
+			}
+			m.Annotations[floatingIPIDAnnotationKey] = ip.ID
+		}); err != nil {
+			return fmt.Errorf("failed to add floating ip release finalizer after allocating floating ip: %v", err)
+		}
+	} else {
+		freeIP := freeFloatingIps[0]
+		ip, err = osfloatingips.Update(netClient, freeIP.ID, osfloatingips.UpdateOpts{
+			PortID: &port.ID,
+		}).Extract()
+		if err != nil {
+			return fmt.Errorf("failed to update FloatingIP %s(%s): %v", freeIP.ID, freeIP.FloatingIP, err)
+		}
+
+		// We're now going to wait 3 seconds and check if the IP is still ours. If not, we're going to fail
+		// On our reference system it took ~3 seconds for a full FloatingIP allocation (Including creating a new one). It took ~600ms just for assigning one.
+		time.Sleep(floatingReassignIPCheckPeriod)
+		currentIP, err := osfloatingips.Get(netClient, ip.ID).Extract()
+		if err != nil {
+			return fmt.Errorf("failed to load FloatingIP %s after assignment has been done: %v", ip.FloatingIP, err)
+		}
+		// Verify if the port is still the one we set it to
+		if currentIP.PortID != port.ID {
+			return fmt.Errorf("floatingIP %s got reassigned", currentIP.FloatingIP)
+		}
+	}
+	secondsTook := time.Since(started).Seconds()
+
+	glog.V(2).Infof("Successfully assigned the FloatingIP %s to instance %s. Took %f seconds(without the recheck wait period %f seconds). ", ip.FloatingIP, instanceID, secondsTook, floatingReassignIPCheckPeriod.Seconds())
+	return nil
+}