Merge "Fixes too low security group rules quota"

defaults/main.yml

@@ -458,13 +458,13 @@ octavia_signing_digest: sha256
 
 # Quotas for the Octavia user - assuming active/passive topology
 octavia_num_instances: 10000 # 5000 LB in active/passive
-octavia_ram: "{{ octavia_num_instances*1024 }}"
-octavia_num_server_groups: "{{ (octavia_num_instances*0.5)|int|abs }}"
+octavia_ram: "{{ (octavia_num_instances|int)*1024 }}"
+octavia_num_server_groups: "{{ ((octavia_num_instances|int)*0.5)|int|abs }}"
 octavia_num_server_group_members: 50
 octavia_num_cores: "{{ octavia_num_instances }}"
-octavia_num_secgroups: "{{ octavia_num_instances*1.5|int|abs}}" # average 3 listener per lb
-octavia_num_ports: "{{ octavia_num_instances*10 }}" # at least instances * 10
-octavia_num_security_group_rules: 100
+octavia_num_secgroups: "{{ (octavia_num_instances|int)*1.5|int|abs }}" # average 3 listener per lb
+octavia_num_ports: "{{ (octavia_num_instances|int)*10 }}" # at least instances * 10
+octavia_num_security_group_rules: "{{ (octavia_num_secgroups|int)*100 }}"
 
 ## Tunable overrides
 octavia_octavia_conf_overrides: {}

releasenotes/notes/fixes_sec_grp_rule_quota-2755da6c2c2ab434.yaml

@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    The quota for security group rules was erroneously set
+    to 100 with the aim to have 100 security group rules
+    per security group instead of to 100*#security group rules.
+    This patch fixes this discrepancy.
+

tasks/octavia_security_group.yml

@@ -39,7 +39,7 @@
         --server-group-members {{ octavia_num_server_group_members }}
         --secgroups {{ octavia_num_secgroups }}
         --ports {{ octavia_num_ports }}
-        --secgroup-rules {{ octavia_num_secgroups }}
+        --secgroup-rules {{ octavia_num_security_group_rules }}
         {{ octavia_service_project_name }}
       tags:
         - skip_ansible_lint