From 50f5c47870682225c2b4e6d416f10e0bae732541 Mon Sep 17 00:00:00 2001
From: Tim Kreuzer <t.kreuzer@fz-juelich.de>
Date: Tue, 24 Oct 2023 16:46:36 +0200
Subject: [PATCH] do not use internal router, since new projects do not have
 their own router with internet access

---
 .gitignore                 |  1 +
 managed_clusters/create.sh | 23 ++++++++++-------------
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/.gitignore b/.gitignore
index 88d3f11..5c965fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
+managed_clusters/**/*
 managed_clusters/*_credentials.sh
 **/keypair.key
diff --git a/managed_clusters/create.sh b/managed_clusters/create.sh
index e76d463..62d04c9 100644
--- a/managed_clusters/create.sh
+++ b/managed_clusters/create.sh
@@ -2,9 +2,9 @@
 
 ### Customization
 
-NAME="jupyterjsc-production" # Enter a (ideally) unique name for the cluster
-PROJECT_ID="800dd44618eb4fe08f874109d6a54417" # project id from the users project, where the k8s cluster should be created
-SUBNET_CIDR="10.0.101.0/24" # Unique CIDR (10.0.x.0/24) , each cluster needs a different subnet CIDR.
+NAME="loki-1" # Enter a (ideally) unique name for the cluster
+PROJECT_ID="da90a49b04a54afca1298491a5e23ba5" # project id from the users project, where the k8s cluster should be created
+SUBNET_CIDR="10.0.180.0/24" # Unique CIDR (10.0.x.0/24) , each cluster needs a different subnet CIDR.
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 
@@ -22,7 +22,7 @@ mkdir -p ${DIR}/${NAME}
 # Some variables for our `jsc-cloud-team` management project
 MANAGEMENT_PROJECT_ID=2092d29f72ca4f32ac416cc545986007
 MANAGEMENT_ROUTER_ID=90d2a94c-3bff-4a79-88d2-00dc6626e278
-MANAGEMENT_ROUTER_INTERNAL_ID=5e048465-53ed-4f24-8eec-871cf7d668d5
+#MANAGEMENT_ROUTER_INTERNAL_ID=5e048465-53ed-4f24-8eec-871cf7d668d5
 MANAGEMENT_NETWORK_CIDR="10.0.1.0/24"
 MANAGEMENT_GATEWAY_INTERNAL="10.0.1.253"
 MANAGEMENT_SECGROUP_ID=7b7de2f9-a561-4f3c-929a-fd8bc26a0d2c
@@ -30,13 +30,10 @@ MANAGEMENT_SECGROUP_ID=7b7de2f9-a561-4f3c-929a-fd8bc26a0d2c
 # activate `<user>` project credentials
 source ${DIR}/${NAME}_credentials.sh
 
-USER_ROUTER_ID=$(openstack router show router -f value -c id)
-
 if [[ $CREATE == "true" ]]; then
     # Create network and share it with `jsc-cloud-team`
     USER_NETWORK_ID=$(openstack network create $NAME -c id -f value)
     USER_SUBNET_ID=$(openstack subnet create --subnet-range $SUBNET_CIDR --dns-nameserver 134.94.32.3 --dns-nameserver 134.94.32.4 --dns-nameserver 134.94.32.5 --network $USER_NETWORK_ID $NAME -c id -f value)
-    openstack router add subnet $USER_ROUTER_ID $USER_SUBNET_ID
     openstack network rbac create --target-project $MANAGEMENT_PROJECT_ID --action access_as_shared --type network $USER_NETWORK_ID
 else
     # Get IDs
@@ -49,11 +46,12 @@ source ${DIR}/management_credentials.sh
 
 if [[ $CREATE == "true" ]]; then
     # Add port from shared network to jsc-cloud-team's internal router
-    INTERNAL_ROUTER_PORT_ID=$(openstack port create --network $USER_NETWORK_ID -f value -c id ${NAME})
-    INTERNAL_ROUTER_PORT_IP=$(openstack port show $INTERNAL_ROUTER_PORT_ID -f json -c fixed_ips | jq -r '.fixed_ips[0].ip_address')
-    openstack router add port $MANAGEMENT_ROUTER_INTERNAL_ID $INTERNAL_ROUTER_PORT_ID
+    #INTERNAL_ROUTER_PORT_ID=$(openstack port create --network $USER_NETWORK_ID -f value -c id ${NAME})
+    #INTERNAL_ROUTER_PORT_IP=$(openstack port show $INTERNAL_ROUTER_PORT_ID -f json -c fixed_ips | jq -r '.fixed_ips[0].ip_address')
+    #openstack router add port $MANAGEMENT_ROUTER_INTERNAL_ID $INTERNAL_ROUTER_PORT_ID
+    openstack router add subnet $MANAGEMENT_ROUTER_ID $USER_SUBNET_ID
     # Set static route for external (default) router
-    openstack router set --route destination=$SUBNET_CIDR,gateway=$MANAGEMENT_GATEWAY_INTERNAL $MANAGEMENT_ROUTER_ID
+    #openstack router set --route destination=$SUBNET_CIDR,gateway=$MANAGEMENT_GATEWAY_INTERNAL $MANAGEMENT_ROUTER_ID
     # Add security group rules to allow new cluster to reach Rancher VMs
     openstack security group rule create --dst-port 443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Rancher access for ${NAME} cluster" $MANAGEMENT_SECGROUP_ID -f value -c id
     openstack security group rule create --dst-port 111 --remote-ip=$SUBNET_CIDR --protocol tcp --description "NFS access for ${NAME} cluster" $MANAGEMENT_SECGROUP_ID -f value -c id
@@ -67,7 +65,7 @@ source ${DIR}/${NAME}_credentials.sh
 
 if [[ $CREATE == "true" ]]; then
     # Set static route for <user> project router
-    openstack router set --route destination=$MANAGEMENT_NETWORK_CIDR,gateway=$INTERNAL_ROUTER_PORT_IP $USER_ROUTER_ID
+    # openstack router set --route destination=$MANAGEMENT_NETWORK_CIDR,gateway=$INTERNAL_ROUTER_PORT_IP $USER_ROUTER_ID
 
     # Create security group
     # More details: https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-requirements/port-requirements
@@ -135,4 +133,3 @@ echo "--------------------------------"
 echo "---- Logs for the cluster creation (on Rancher-1 VM)----"
 echo "kubectl -n cattle-system logs -f -l app=rancher"
 echo "----------------------------------"
-
-- 
GitLab