Merge pull request #32663 from anguslees/extraroutes

Automatic merge from submit-queue

openstack: Implement the `Routes` provider API

``` release-note

Implement the Routes provider API for OpenStack using Neutron extraroute extension.  This removes the need for flannel/etc where supported.  To use, ensure all your nodes are on the same Neutron (private) network and specify the router ID in new `[Route]` section of provider config:

    [Route]
    router-id = <router UUID>
```

Godeps/Godeps.json

@@ -1974,6 +1974,11 @@
 			"Comment": "v1.0.0-1012-ge00690e",
 			"Rev": "e00690e87603abe613e9f02c816c7c4bef82e063"
 		},
+		{
+			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers",
+			"Comment": "v1.0.0-1012-ge00690e",
+			"Rev": "e00690e87603abe613e9f02c816c7c4bef82e063"
+		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/members",
 			"Comment": "v1.0.0-1012-ge00690e",

Godeps/LICENSES

@@ -61897,6 +61897,205 @@ specific language governing permissions and limitations under the License.
 ================================================================================
 
 
+================================================================================
+= vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers licensed under: =
+
+Copyright 2012-2013 Rackspace, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License.  You may obtain a copy of the
+License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations under the License.                                
+
+------
+ 
+				Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+= vendor/github.com/rackspace/gophercloud/LICENSE dd19699707373c2ca31531a659130416  -
+================================================================================
+
+
 ================================================================================
 = vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/members licensed under: =
 

cluster/openstack-heat/config-default.sh

@@ -38,6 +38,8 @@ EXTERNAL_NETWORK=${EXTERNAL_NETWORK:-public}
 LBAAS_VERSION=${LBAAS_VERSION:-}
 
 FIXED_NETWORK_CIDR=${FIXED_NETWORK_CIDR:-10.0.0.0/24}
+SERVICE_CLUSTER_IP_RANGE=${SERVICE_CLUSTER_IP_RANGE:-10.0.0.0/16}
+CLUSTER_IP_RANGE=${CLUSTER_IP_RANGE:-10.244.0.0/16}
 
 SWIFT_SERVER_URL=${SWIFT_SERVER_URL:-}
 

cluster/openstack-heat/kubernetes-heat/fragments/configure-salt.yaml

@@ -12,6 +12,7 @@ write_files:
     content: |
       grains:
         node_ip: $MASTER_IP
+        cbr-cidr: $MASTER_IP_RANGE
         publicAddressOverride: $MASTER_IP
         network_mode: openvswitch
         networkInterfaceName: eth0
@@ -21,7 +22,7 @@ write_files:
         roles:
           - $role
         runtime_config: ""
-        docker_opts: ""
+        docker_opts: "--bridge=cbr0 --iptables=false --ip-masq=false"
         master_extra_sans: "DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local,DNS:kubernetes-master"
         keep_host_etcd: true
         kube_user: $KUBE_USER
@@ -37,8 +38,11 @@ write_files:
       lb-version=$LBAAS_VERSION
       subnet-id=$SUBNET_ID
       floating-network-id=$FLOATING_NETWORK_ID
+      [Route]
+      router-id=$router_id
   - path: /srv/salt-overlay/pillar/cluster-params.sls
     content: |
+      allocate_node_cidrs: "true"
       service_cluster_ip_range: 10.246.0.0/16
       cert_ip: 10.246.0.1
       enable_cluster_monitoring: influxdb
@@ -56,6 +60,7 @@ write_files:
       admission_control: NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,ResourceQuota
       enable_cpu_cfs_quota: "true"
       network_provider: none
+      cluster_cidr: "$cluster_cidr"
       opencontrail_tag: R2.20
       opencontrail_kubernetes_tag: master
       opencontrail_public_subnet: 10.1.0.0/16

cluster/openstack-heat/kubernetes-heat/fragments/provision-network-master.sh

@@ -20,47 +20,4 @@ set -o pipefail
 
 . /etc/sysconfig/heat-params
 
-FLANNEL_ETCD_URL="http://${MASTER_IP}:4379"
+# nothing to do
-
-# Install etcd for flannel data
-if ! which etcd > /dev/null 2>&1; then
-  yum install -y etcd
-fi
-
-cat <<EOF > /etc/etcd/etcd.conf
-ETCD_NAME=flannel
-ETCD_DATA_DIR="/var/lib/etcd/flannel.etcd"
-ETCD_LISTEN_PEER_URLS="http://${MASTER_IP}:4380"
-ETCD_LISTEN_CLIENT_URLS="http://${MASTER_IP}:4379"
-ETCD_INITIAL_ADVERTISE_PEER_URLS="http://${MASTER_IP}:4380"
-ETCD_INITIAL_CLUSTER="flannel=http://${MASTER_IP}:4380"
-ETCD_ADVERTISE_CLIENT_URLS="${FLANNEL_ETCD_URL}"
-EOF
-systemctl enable etcd
-systemctl restart etcd
-
-# Install flannel for overlay
-if ! which flanneld > /dev/null 2>&1; then
-  yum install -y flannel
-fi
-
-cat <<EOF > /etc/flannel-config.json
-{
-  "Network": "${CONTAINER_SUBNET}",
-  "SubnetLen": 24,
-  "Backend": {
-    "Type": "host-gw"
-  }
-}
-EOF
-
-etcdctl -C ${FLANNEL_ETCD_URL} set /coreos.com/network/config < /etc/flannel-config.json
-
-cat <<EOF > /etc/sysconfig/flanneld
-FLANNEL_ETCD="${FLANNEL_ETCD_URL}"
-FLANNEL_ETCD_KEY="/coreos.com/network"
-FLANNEL_OPTIONS="-iface=eth0 --ip-masq"
-EOF
-
-systemctl enable flanneld
-systemctl restart flanneld

cluster/openstack-heat/kubernetes-heat/fragments/provision-network-node.sh

@@ -18,24 +18,6 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-. /etc/sysconfig/heat-params
-
-FLANNEL_ETCD_URL="http://${MASTER_IP}:4379"
-
-# Install flannel for overlay
-if ! which flanneld >/dev/null 2>&1; then
-  yum install -y flannel
-fi
-
-cat <<EOF >/etc/sysconfig/flanneld
-FLANNEL_ETCD="${FLANNEL_ETCD_URL}"
-FLANNEL_ETCD_KEY="/coreos.com/network"
-FLANNEL_OPTIONS="-iface=eth0 --ip-masq"
-EOF
-
-systemctl enable flanneld
-systemctl restart flanneld
-
 # Kubernetes node shoud be able to resolve its hostname.
 # In some cloud providers, myhostname is not enabled by default.
 grep '^hosts:.*myhostname' /etc/nsswitch.conf || (

cluster/openstack-heat/kubernetes-heat/kubecluster.yaml

@@ -52,6 +52,23 @@ parameters:
     description: network range for fixed ip network
     default: 10.0.0.0/24
 
+  cluster_cidr:
+    type: string
+    description: network range for pod IPs
+    default: 10.244.0.0/16
+
+  service_cluster_cidr:
+    type: string
+    description: network range for service IPs
+    default: 10.10.0.0/16
+
+  master_pod_cidr:
+    type: string
+    description: >-
+      network range for master pod IPs (ignored, but must not conflict
+      with other subnets)
+    default: 10.245.1.0/24
+
   kubernetes_server_url:
     type: string
     description: URL of kubernetes server binary. Must be tar.gz.
@@ -301,6 +318,9 @@ resources:
             "$SUBNET_ID": {get_resource: fixed_subnet}
             "$FLOATING_NETWORK_ID": {get_attr: [kube_master_floating, floating_network_id]}
             "$role": "kubernetes-master"
+            "$router_id": {get_resource: extrouter}
+            "$cluster_cidr": {get_param: cluster_cidr}
+            "$MASTER_IP_RANGE": {get_param: master_pod_cidr}
 
   run_salt:
     type: OS::Heat::SoftwareConfig
@@ -390,6 +410,7 @@ resources:
           token_kube_proxy: {get_param: token_kube_proxy}
           fixed_network: {get_resource: fixed_network}
           fixed_subnet: {get_resource: fixed_subnet}
+          cluster_cidr: {get_param: cluster_cidr}
           kube_master_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
           external_network: {get_param: external_network}
           wait_condition_timeout: {get_param: wait_condition_timeout}

cluster/openstack-heat/kubernetes-heat/kubeminion.yaml

@@ -106,6 +106,9 @@ parameters:
   fixed_subnet:
     type: string
     description: Subnet from which to allocate fixed addresses.
+  cluster_cidr:
+    type: string
+    description: Subnet from which to allocate pod subnets.
   wait_condition_timeout:
     type: number
     description : >
@@ -215,6 +218,7 @@ resources:
             "$OS_REGION_NAME": {get_param: os_region_name}
             "$OS_TENANT_ID": {get_param: os_tenant_id}
             "$role": "kubernetes-pool"
+            "$cluster_cidr": {get_param: cluster_cidr}
 
   run_salt:
     type: OS::Heat::SoftwareConfig

cluster/saltbase/salt/docker/init.sls

@@ -18,6 +18,27 @@ bridge-utils:
     - mode: 644
     - makedirs: true
 
+{% if grains.cloud is defined and grains.cloud == 'openstack' %}
+
+cbr0:
+  # workaround https://github.com/saltstack/salt/issues/20570
+  kmod.present:
+    - name: bridge
+
+  network.managed:
+    - enabled: True
+    - type: bridge
+    - proto: none
+    - ports: none
+    - bridge: cbr0
+    - delay: 0
+    - bypassfirewall: True
+    - require_in:
+      - service: docker
+    - require:
+      - kmod: cbr0
+{% endif %}
+
 {% if (grains.os == 'Fedora' and grains.osrelease_info[0] >= 22) or (grains.os == 'CentOS' and grains.osrelease_info[0] >= 7) %}
 
 docker:
@@ -512,4 +533,3 @@ docker:
       - cmd: fix-service-docker
 {% endif %}
 {% endif %} # end grains.os_family != 'RedHat'
-

pkg/cloudprovider/providers/openstack/BUILD

@@ -17,6 +17,7 @@ go_library(
         "openstack.go",
         "openstack_instances.go",
         "openstack_loadbalancer.go",
+        "openstack_routes.go",
         "openstack_volumes.go",
     ],
     tags = ["automanaged"],
@@ -30,6 +31,7 @@ go_library(
         "//pkg/util/mount:go_default_library",
         "//pkg/volume:go_default_library",
         "//vendor:github.com/golang/glog",
+        "//vendor:github.com/mitchellh/mapstructure",
         "//vendor:github.com/rackspace/gophercloud",
         "//vendor:github.com/rackspace/gophercloud/openstack",
         "//vendor:github.com/rackspace/gophercloud/openstack/blockstorage/v1/volumes",
@@ -40,6 +42,7 @@ go_library(
         "//vendor:github.com/rackspace/gophercloud/openstack/identity/v3/tokens",
         "//vendor:github.com/rackspace/gophercloud/openstack/networking/v2/extensions",
         "//vendor:github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/floatingips",
+        "//vendor:github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers",
         "//vendor:github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/members",
         "//vendor:github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/monitors",
         "//vendor:github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/pools",
@@ -60,13 +63,17 @@ go_test(
     name = "go_default_test",
     srcs = [
         "metadata_test.go",
+        "openstack_routes_test.go",
         "openstack_test.go",
     ],
     library = "go_default_library",
     tags = ["automanaged"],
     deps = [
         "//pkg/api/v1:go_default_library",
+        "//pkg/cloudprovider:go_default_library",
+        "//pkg/types:go_default_library",
         "//pkg/util/rand:go_default_library",
         "//vendor:github.com/rackspace/gophercloud",
+        "//vendor:github.com/rackspace/gophercloud/openstack/compute/v2/servers",
     ],
 )

pkg/cloudprovider/providers/openstack/openstack.go

@@ -26,14 +26,14 @@ import (
 	"strings"
 	"time"
 
-	"gopkg.in/gcfg.v1"
+	"github.com/mitchellh/mapstructure"
-
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/openstack"
 	"github.com/rackspace/gophercloud/openstack/compute/v2/servers"
 	"github.com/rackspace/gophercloud/openstack/identity/v3/extensions/trust"
 	token3 "github.com/rackspace/gophercloud/openstack/identity/v3/tokens"
 	"github.com/rackspace/gophercloud/pagination"
+	"gopkg.in/gcfg.v1"
 
 	"github.com/golang/glog"
 	"k8s.io/kubernetes/pkg/api/v1"
@@ -90,12 +90,17 @@ type BlockStorageOpts struct {
 	TrustDevicePath bool `gcfg:"trust-device-path"` // See Issue #33128
 }
 
+type RouterOpts struct {
+	RouterId string `gcfg:"router-id"` // required
+}
+
 // OpenStack is an implementation of cloud provider Interface for OpenStack.
 type OpenStack struct {
 	provider  *gophercloud.ProviderClient
 	region    string
 	lbOpts    LoadBalancerOpts
 	bsOpts    BlockStorageOpts
+	routeOpts RouterOpts
 	// InstanceID of the server where this OpenStack object is instantiated.
 	localInstanceID string
 }
@@ -116,6 +121,7 @@ type Config struct {
 	}
 	LoadBalancer LoadBalancerOpts
 	BlockStorage BlockStorageOpts
+	Route        RouterOpts
 }
 
 func init() {
@@ -160,6 +166,18 @@ func readConfig(config io.Reader) (Config, error) {
 	return cfg, err
 }
 
+// Tiny helper for conditional unwind logic
+type Caller bool
+
+func NewCaller() Caller   { return Caller(true) }
+func (c *Caller) Disarm() { *c = false }
+
+func (c *Caller) Call(f func()) {
+	if *c {
+		f()
+	}
+}
+
 func readInstanceID() (string, error) {
 	// Try to find instance ID on the local filesystem (created by cloud-init)
 	const instanceIDFile = "/var/lib/cloud/data/instance-id"
@@ -211,6 +229,7 @@ func newOpenStack(cfg Config) (*OpenStack, error) {
 		region:          cfg.Global.Region,
 		lbOpts:          cfg.LoadBalancer,
 		bsOpts:          cfg.BlockStorage,
+		routeOpts:       cfg.Route,
 		localInstanceID: id,
 	}
 
@@ -225,7 +244,29 @@ func mapNodeNameToServerName(nodeName types.NodeName) string {
 
 // mapServerToNodeName maps an OpenStack Server to a k8s NodeName
 func mapServerToNodeName(server *servers.Server) types.NodeName {
-	return types.NodeName(server.Name)
+	// Node names are always lowercase, and (at least)
+	// routecontroller does case-sensitive string comparisons
+	// assuming this
+	return types.NodeName(strings.ToLower(server.Name))
+}
+
+func foreachServer(client *gophercloud.ServiceClient, opts servers.ListOptsBuilder, handler func(*servers.Server) (bool, error)) error {
+	pager := servers.List(client, opts)
+
+	err := pager.EachPage(func(page pagination.Page) (bool, error) {
+		s, err := servers.ExtractServers(page)
+		if err != nil {
+			return false, err
+		}
+		for _, server := range s {
+			ok, err := handler(&server)
+			if !ok || err != nil {
+				return false, err
+			}
+		}
+		return true, nil
+	})
+	return err
 }
 
 func getServerByName(client *gophercloud.ServiceClient, name types.NodeName) (*servers.Server, error) {
@@ -261,48 +302,33 @@ func getServerByName(client *gophercloud.ServiceClient, name types.NodeName) (*s
 	return &serverList[0], nil
 }
 
-func getAddressesByName(client *gophercloud.ServiceClient, name types.NodeName) ([]v1.NodeAddress, error) {
+func nodeAddresses(srv *servers.Server) ([]v1.NodeAddress, error) {
-	srv, err := getServerByName(client, name)
+	addrs := []v1.NodeAddress{}
+
+	type Address struct {
+		IpType string `mapstructure:"OS-EXT-IPS:type"`
+		Addr   string
+	}
+
+	var addresses map[string][]Address
+	err := mapstructure.Decode(srv.Addresses, &addresses)
 	if err != nil {
 		return nil, err
 	}
 
-	addrs := []v1.NodeAddress{}
+	for network, addrlist := range addresses {
-
+		for _, props := range addrlist {
-	for network, netblob := range srv.Addresses {
-		list, ok := netblob.([]interface{})
-		if !ok {
-			continue
-		}
-
-		for _, item := range list {
 			var addressType v1.NodeAddressType
-
+			if props.IpType == "floating" || network == "public" {
-			props, ok := item.(map[string]interface{})
-			if !ok {
-				continue
-			}
-
-			extIPType, ok := props["OS-EXT-IPS:type"]
-			if (ok && extIPType == "floating") || (!ok && network == "public") {
 				addressType = v1.NodeExternalIP
 			} else {
 				addressType = v1.NodeInternalIP
 			}
 
-			tmp, ok := props["addr"]
-			if !ok {
-				continue
-			}
-			addr, ok := tmp.(string)
-			if !ok {
-				continue
-			}
-
 			v1.AddToNodeAddresses(&addrs,
 				v1.NodeAddress{
 					Type:    addressType,
-					Address: addr,
+					Address: props.Addr,
 				},
 			)
 		}
@@ -330,6 +356,15 @@ func getAddressesByName(client *gophercloud.ServiceClient, name types.NodeName)
 	return addrs, nil
 }
 
+func getAddressesByName(client *gophercloud.ServiceClient, name types.NodeName) ([]v1.NodeAddress, error) {
+	srv, err := getServerByName(client, name)
+	if err != nil {
+		return nil, err
+	}
+
+	return nodeAddresses(srv)
+}
+
 func getAddressByName(client *gophercloud.ServiceClient, name types.NodeName) (string, error) {
 	addrs, err := getAddressesByName(client, name)
 	if err != nil {
@@ -369,7 +404,7 @@ func (os *OpenStack) LoadBalancer() (cloudprovider.LoadBalancer, bool) {
 		Region: os.region,
 	})
 	if err != nil {
-		glog.Warningf("Failed to find neutron endpoint: %v", err)
+		glog.Warningf("Failed to find network endpoint: %v", err)
 		return nil, false
 	}
 
@@ -439,5 +474,42 @@ func (os *OpenStack) GetZone() (cloudprovider.Zone, error) {
 }
 
 func (os *OpenStack) Routes() (cloudprovider.Routes, bool) {
+	glog.V(4).Info("openstack.Routes() called")
+
+	network, err := openstack.NewNetworkV2(os.provider, gophercloud.EndpointOpts{
+		Region: os.region,
+	})
+	if err != nil {
+		glog.Warningf("Failed to find network endpoint: %v", err)
 		return nil, false
+	}
+
+	netExts, err := networkExtensions(network)
+	if err != nil {
+		glog.Warningf("Failed to list neutron extensions: %v", err)
+		return nil, false
+	}
+
+	if !netExts["extraroute"] {
+		glog.V(3).Infof("Neutron extraroute extension not found, required for Routes support")
+		return nil, false
+	}
+
+	compute, err := openstack.NewComputeV2(os.provider, gophercloud.EndpointOpts{
+		Region: os.region,
+	})
+	if err != nil {
+		glog.Warningf("Failed to find compute endpoint: %v", err)
+		return nil, false
+	}
+
+	r, err := NewRoutes(compute, network, os.routeOpts)
+	if err != nil {
+		glog.Warningf("Error initialising Routes support: %v", err)
+		return nil, false
+	}
+
+	glog.V(1).Info("Claiming to support Routes")
+
+	return r, true
 }

pkg/cloudprovider/providers/openstack/openstack_loadbalancer.go

@@ -107,14 +107,6 @@ func getPortByIP(client *gophercloud.ServiceClient, ipAddress string) (neutronpo
 	return targetPort, err
 }
 
-func getPortIDByIP(client *gophercloud.ServiceClient, ipAddress string) (string, error) {
-	targetPort, err := getPortByIP(client, ipAddress)
-	if err != nil {
-		return targetPort.ID, err
-	}
-	return targetPort.ID, nil
-}
-
 func getFloatingIPByPortID(client *gophercloud.ServiceClient, portID string) (*floatingips.FloatingIP, error) {
 	opts := floatingips.ListOpts{
 		PortID: portID,
@@ -1117,12 +1109,12 @@ func (lbaas *LbaasV2) EnsureLoadBalancerDeleted(clusterName string, service *v1.
 	}
 
 	if lbaas.opts.FloatingNetworkId != "" && loadbalancer != nil {
-		portID, err := getPortIDByIP(lbaas.network, loadbalancer.VipAddress)
+		port, err := getPortByIP(lbaas.network, loadbalancer.VipAddress)
 		if err != nil {
 			return err
 		}
 
-		floatingIP, err := getFloatingIPByPortID(lbaas.network, portID)
+		floatingIP, err := getFloatingIPByPortID(lbaas.network, port.ID)
 		if err != nil && err != ErrNotFound {
 			return err
 		}

pkg/cloudprovider/providers/openstack/openstack_routes.go

@@ -0,0 +1,278 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package openstack
+
+import (
+	"errors"
+
+	"github.com/rackspace/gophercloud"
+	"github.com/rackspace/gophercloud/openstack/compute/v2/servers"
+	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers"
+	neutronports "github.com/rackspace/gophercloud/openstack/networking/v2/ports"
+
+	"github.com/golang/glog"
+	"k8s.io/kubernetes/pkg/cloudprovider"
+	"k8s.io/kubernetes/pkg/types"
+)
+
+var ErrNoRouterId = errors.New("router-id not set in cloud provider config")
+
+type Routes struct {
+	compute *gophercloud.ServiceClient
+	network *gophercloud.ServiceClient
+	opts    RouterOpts
+}
+
+func NewRoutes(compute *gophercloud.ServiceClient, network *gophercloud.ServiceClient, opts RouterOpts) (cloudprovider.Routes, error) {
+	if opts.RouterId == "" {
+		return nil, ErrNoRouterId
+	}
+
+	return &Routes{
+		compute: compute,
+		network: network,
+		opts:    opts,
+	}, nil
+}
+
+func (r *Routes) ListRoutes(clusterName string) ([]*cloudprovider.Route, error) {
+	glog.V(4).Infof("ListRoutes(%v)", clusterName)
+
+	nodeNamesByAddr := make(map[string]types.NodeName)
+	err := foreachServer(r.compute, servers.ListOpts{Status: "ACTIVE"}, func(srv *servers.Server) (bool, error) {
+		addrs, err := nodeAddresses(srv)
+		if err != nil {
+			return false, err
+		}
+
+		name := mapServerToNodeName(srv)
+		for _, addr := range addrs {
+			nodeNamesByAddr[addr.Address] = name
+		}
+
+		return true, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	router, err := routers.Get(r.network, r.opts.RouterId).Extract()
+	if err != nil {
+		return nil, err
+	}
+
+	var routes []*cloudprovider.Route
+	for _, item := range router.Routes {
+		nodeName, ok := nodeNamesByAddr[item.NextHop]
+		if !ok {
+			// Not one of our routes?
+			glog.V(4).Infof("Skipping route with unknown nexthop %v", item.NextHop)
+			continue
+		}
+		route := cloudprovider.Route{
+			Name:            item.DestinationCIDR,
+			TargetNode:      nodeName,
+			DestinationCIDR: item.DestinationCIDR,
+		}
+		routes = append(routes, &route)
+	}
+
+	return routes, nil
+}
+
+func updateRoutes(network *gophercloud.ServiceClient, router *routers.Router, newRoutes []routers.Route) (func(), error) {
+	origRoutes := router.Routes // shallow copy
+
+	_, err := routers.Update(network, router.ID, routers.UpdateOpts{
+		Routes: newRoutes,
+	}).Extract()
+	if err != nil {
+		return nil, err
+	}
+
+	unwinder := func() {
+		glog.V(4).Info("Reverting routes change to router ", router.ID)
+		_, err := routers.Update(network, router.ID, routers.UpdateOpts{
+			Routes: origRoutes,
+		}).Extract()
+		if err != nil {
+			glog.Warning("Unable to reset routes during error unwind: ", err)
+		}
+	}
+
+	return unwinder, nil
+}
+
+func updateAllowedAddressPairs(network *gophercloud.ServiceClient, port *neutronports.Port, newPairs []neutronports.AddressPair) (func(), error) {
+	origPairs := port.AllowedAddressPairs // shallow copy
+
+	_, err := neutronports.Update(network, port.ID, neutronports.UpdateOpts{
+		AllowedAddressPairs: newPairs,
+	}).Extract()
+	if err != nil {
+		return nil, err
+	}
+
+	unwinder := func() {
+		glog.V(4).Info("Reverting allowed-address-pairs change to port ", port.ID)
+		_, err := neutronports.Update(network, port.ID, neutronports.UpdateOpts{
+			AllowedAddressPairs: origPairs,
+		}).Extract()
+		if err != nil {
+			glog.Warning("Unable to reset allowed-address-pairs during error unwind: ", err)
+		}
+	}
+
+	return unwinder, nil
+}
+
+func (r *Routes) CreateRoute(clusterName string, nameHint string, route *cloudprovider.Route) error {
+	glog.V(4).Infof("CreateRoute(%v, %v, %v)", clusterName, nameHint, route)
+
+	onFailure := NewCaller()
+
+	addr, err := getAddressByName(r.compute, route.TargetNode)
+	if err != nil {
+		return err
+	}
+
+	glog.V(4).Infof("Using nexthop %v for node %v", addr, route.TargetNode)
+
+	router, err := routers.Get(r.network, r.opts.RouterId).Extract()
+	if err != nil {
+		return err
+	}
+
+	routes := router.Routes
+
+	for _, item := range routes {
+		if item.DestinationCIDR == route.DestinationCIDR && item.NextHop == addr {
+			glog.V(4).Infof("Skipping existing route: %v", route)
+			return nil
+		}
+	}
+
+	routes = append(routes, routers.Route{
+		DestinationCIDR: route.DestinationCIDR,
+		NextHop:         addr,
+	})
+
+	unwind, err := updateRoutes(r.network, router, routes)
+	if err != nil {
+		return err
+	}
+	defer onFailure.Call(unwind)
+
+	port, err := getPortByIP(r.network, addr)
+	if err != nil {
+		return err
+	}
+
+	found := false
+	for _, item := range port.AllowedAddressPairs {
+		if item.IPAddress == route.DestinationCIDR {
+			glog.V(4).Info("Found existing allowed-address-pair: ", item)
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		newPairs := append(port.AllowedAddressPairs, neutronports.AddressPair{
+			IPAddress: route.DestinationCIDR,
+		})
+		unwind, err := updateAllowedAddressPairs(r.network, &port, newPairs)
+		if err != nil {
+			return err
+		}
+		defer onFailure.Call(unwind)
+	}
+
+	glog.V(4).Infof("Route created: %v", route)
+	onFailure.Disarm()
+	return nil
+}
+
+func (r *Routes) DeleteRoute(clusterName string, route *cloudprovider.Route) error {
+	glog.V(4).Infof("DeleteRoute(%v, %v)", clusterName, route)
+
+	onFailure := NewCaller()
+
+	addr, err := getAddressByName(r.compute, route.TargetNode)
+	if err != nil {
+		return err
+	}
+
+	router, err := routers.Get(r.network, r.opts.RouterId).Extract()
+	if err != nil {
+		return err
+	}
+
+	routes := router.Routes
+	index := -1
+	for i, item := range routes {
+		if item.DestinationCIDR == route.DestinationCIDR && item.NextHop == addr {
+			index = i
+			break
+		}
+	}
+
+	if index == -1 {
+		glog.V(4).Infof("Skipping non-existent route: %v", route)
+		return nil
+	}
+
+	// Delete element `index`
+	routes[index] = routes[len(routes)-1]
+	routes = routes[:len(routes)-1]
+
+	unwind, err := updateRoutes(r.network, router, routes)
+	if err != nil {
+		return err
+	}
+	defer onFailure.Call(unwind)
+
+	port, err := getPortByIP(r.network, addr)
+	if err != nil {
+		return err
+	}
+
+	addr_pairs := port.AllowedAddressPairs
+	index = -1
+	for i, item := range addr_pairs {
+		if item.IPAddress == route.DestinationCIDR {
+			index = i
+			break
+		}
+	}
+
+	if index != -1 {
+		// Delete element `index`
+		addr_pairs[index] = addr_pairs[len(routes)-1]
+		addr_pairs = addr_pairs[:len(routes)-1]
+
+		unwind, err := updateAllowedAddressPairs(r.network, &port, addr_pairs)
+		if err != nil {
+			return err
+		}
+		defer onFailure.Call(unwind)
+	}
+
+	glog.V(4).Infof("Route deleted: %v", route)
+	onFailure.Disarm()
+	return nil
+}

pkg/cloudprovider/providers/openstack/openstack_routes_test.go

@@ -0,0 +1,71 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package openstack
+
+import (
+	"net"
+	"testing"
+
+	"k8s.io/kubernetes/pkg/cloudprovider"
+	"k8s.io/kubernetes/pkg/types"
+)
+
+func TestRoutes(t *testing.T) {
+	const clusterName = "ignored"
+
+	cfg, ok := configFromEnv()
+	if !ok {
+		t.Skipf("No config found in environment")
+	}
+
+	os, err := newOpenStack(cfg)
+	if err != nil {
+		t.Fatalf("Failed to construct/authenticate OpenStack: %s", err)
+	}
+
+	r, ok := os.Routes()
+	if !ok {
+		t.Fatalf("Routes() returned false - perhaps your stack doens't support Neutron?")
+	}
+
+	newroute := cloudprovider.Route{
+		DestinationCIDR: "10.164.2.0/24",
+		TargetNode:      types.NodeName("testinstance"),
+	}
+	err = r.CreateRoute(clusterName, "myhint", &newroute)
+	if err != nil {
+		t.Fatalf("CreateRoute error: %v", err)
+	}
+
+	routelist, err := r.ListRoutes(clusterName)
+	if err != nil {
+		t.Fatalf("ListRoutes() error: %v", err)
+	}
+	for _, route := range routelist {
+		_, cidr, err := net.ParseCIDR(route.DestinationCIDR)
+		if err != nil {
+			t.Logf("Ignoring route %s, unparsable CIDR: %v", route.Name, err)
+			continue
+		}
+		t.Logf("%s via %s", cidr, route.TargetNode)
+	}
+
+	err = r.DeleteRoute(clusterName, &newroute)
+	if err != nil {
+		t.Fatalf("DeleteRoute error: %v", err)
+	}
+}

pkg/cloudprovider/providers/openstack/openstack_test.go

@@ -18,14 +18,17 @@ package openstack
 
 import (
 	"os"
+	"reflect"
+	"sort"
 	"strings"
 	"testing"
 	"time"
 
-	"k8s.io/kubernetes/pkg/util/rand"
-
 	"github.com/rackspace/gophercloud"
+	"github.com/rackspace/gophercloud/openstack/compute/v2/servers"
+
 	"k8s.io/kubernetes/pkg/api/v1"
+	"k8s.io/kubernetes/pkg/util/rand"
 )
 
 const volumeAvailableStatus = "available"
@@ -118,6 +121,115 @@ func TestToAuthOptions(t *testing.T) {
 	}
 }
 
+func TestCaller(t *testing.T) {
+	called := false
+	myFunc := func() { called = true }
+
+	c := NewCaller()
+	c.Call(myFunc)
+
+	if !called {
+		t.Errorf("Caller failed to call function in default case")
+	}
+
+	c.Disarm()
+	called = false
+	c.Call(myFunc)
+
+	if called {
+		t.Error("Caller still called function when disarmed")
+	}
+
+	// Confirm the "usual" deferred Caller pattern works as expected
+
+	called = false
+	success_case := func() {
+		c := NewCaller()
+		defer c.Call(func() { called = true })
+		c.Disarm()
+	}
+	if success_case(); called {
+		t.Error("Deferred success case still invoked unwind")
+	}
+
+	called = false
+	failure_case := func() {
+		c := NewCaller()
+		defer c.Call(func() { called = true })
+	}
+	if failure_case(); !called {
+		t.Error("Deferred failure case failed to invoke unwind")
+	}
+}
+
+// An arbitrary sort.Interface, just for easier comparison
+type AddressSlice []v1.NodeAddress
+
+func (a AddressSlice) Len() int           { return len(a) }
+func (a AddressSlice) Less(i, j int) bool { return a[i].Address < a[j].Address }
+func (a AddressSlice) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+
+func TestNodeAddresses(t *testing.T) {
+	srv := servers.Server{
+		Status:     "ACTIVE",
+		HostID:     "29d3c8c896a45aa4c34e52247875d7fefc3d94bbcc9f622b5d204362",
+		AccessIPv4: "50.56.176.99",
+		AccessIPv6: "2001:4800:790e:510:be76:4eff:fe04:82a8",
+		Addresses: map[string]interface{}{
+			"private": []interface{}{
+				map[string]interface{}{
+					"OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:7c:1b:2b",
+					"version":                 float64(4),
+					"addr":                    "10.0.0.32",
+					"OS-EXT-IPS:type":         "fixed",
+				},
+				map[string]interface{}{
+					"version":         float64(4),
+					"addr":            "50.56.176.36",
+					"OS-EXT-IPS:type": "floating",
+				},
+				map[string]interface{}{
+					"version": float64(4),
+					"addr":    "10.0.0.31",
+					// No OS-EXT-IPS:type
+				},
+			},
+			"public": []interface{}{
+				map[string]interface{}{
+					"version": float64(4),
+					"addr":    "50.56.176.35",
+				},
+				map[string]interface{}{
+					"version": float64(6),
+					"addr":    "2001:4800:780e:510:be76:4eff:fe04:84a8",
+				},
+			},
+		},
+	}
+
+	addrs, err := nodeAddresses(&srv)
+	if err != nil {
+		t.Fatalf("nodeAddresses returned error: %v", err)
+	}
+
+	sort.Sort(AddressSlice(addrs))
+	t.Logf("addresses is %v", addrs)
+
+	want := []v1.NodeAddress{
+		{Type: v1.NodeInternalIP, Address: "10.0.0.31"},
+		{Type: v1.NodeInternalIP, Address: "10.0.0.32"},
+		{Type: v1.NodeExternalIP, Address: "2001:4800:780e:510:be76:4eff:fe04:84a8"},
+		{Type: v1.NodeExternalIP, Address: "2001:4800:790e:510:be76:4eff:fe04:82a8"},
+		{Type: v1.NodeExternalIP, Address: "50.56.176.35"},
+		{Type: v1.NodeExternalIP, Address: "50.56.176.36"},
+		{Type: v1.NodeExternalIP, Address: "50.56.176.99"},
+	}
+
+	if !reflect.DeepEqual(want, addrs) {
+		t.Errorf("nodeAddresses returned incorrect value %v", addrs)
+	}
+}
+
 // This allows acceptance testing against an existing OpenStack
 // install, using the standard OS_* OpenStack client environment
 // variables.

vendor/BUILD

@@ -11765,6 +11765,21 @@ go_library(
     deps = ["//vendor:github.com/gogo/protobuf/proto"],
 )
 
+go_library(
+    name = "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers",
+    srcs = [
+        "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers/requests.go",
+        "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers/results.go",
+        "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers/urls.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//vendor:github.com/mitchellh/mapstructure",
+        "//vendor:github.com/rackspace/gophercloud",
+        "//vendor:github.com/rackspace/gophercloud/pagination",
+    ],
+)
+
 go_library(
     name = "k8s.io/client-go/pkg/apis/meta/v1",
     srcs = [

vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers/requests.go

@@ -0,0 +1,256 @@
+package routers
+
+import (
+	"errors"
+
+	"github.com/rackspace/gophercloud"
+	"github.com/rackspace/gophercloud/pagination"
+)
+
+// ListOpts allows the filtering and sorting of paginated collections through
+// the API. Filtering is achieved by passing in struct field values that map to
+// the floating IP attributes you want to see returned. SortKey allows you to
+// sort by a particular network attribute. SortDir sets the direction, and is
+// either `asc' or `desc'. Marker and Limit are used for pagination.
+type ListOpts struct {
+	ID           string `q:"id"`
+	Name         string `q:"name"`
+	AdminStateUp *bool  `q:"admin_state_up"`
+	Distributed  *bool  `q:"distributed"`
+	Status       string `q:"status"`
+	TenantID     string `q:"tenant_id"`
+	Limit        int    `q:"limit"`
+	Marker       string `q:"marker"`
+	SortKey      string `q:"sort_key"`
+	SortDir      string `q:"sort_dir"`
+}
+
+// List returns a Pager which allows you to iterate over a collection of
+// routers. It accepts a ListOpts struct, which allows you to filter and sort
+// the returned collection for greater efficiency.
+//
+// Default policy settings return only those routers that are owned by the
+// tenant who submits the request, unless an admin user submits the request.
+func List(c *gophercloud.ServiceClient, opts ListOpts) pagination.Pager {
+	q, err := gophercloud.BuildQueryString(&opts)
+	if err != nil {
+		return pagination.Pager{Err: err}
+	}
+	u := rootURL(c) + q.String()
+	return pagination.NewPager(c, u, func(r pagination.PageResult) pagination.Page {
+		return RouterPage{pagination.LinkedPageBase{PageResult: r}}
+	})
+}
+
+// CreateOptsBuilder is the interface options structs have to satisfy in order
+// to be used in the main Create operation in this package. Since many
+// extensions decorate or modify the common logic, it is useful for them to
+// satisfy a basic interface in order for them to be used.
+type CreateOptsBuilder interface {
+	ToRouterCreateMap() (map[string]interface{}, error)
+}
+
+// CreateOpts contains all the values needed to create a new router. There are
+// no required values.
+type CreateOpts struct {
+	Name         string
+	AdminStateUp *bool
+	Distributed  *bool
+	TenantID     string
+	GatewayInfo  *GatewayInfo
+}
+
+// ToRouterCreateMap casts a CreateOpts struct to a map.
+func (opts CreateOpts) ToRouterCreateMap() (map[string]interface{}, error) {
+	r := make(map[string]interface{})
+
+	if gophercloud.MaybeString(opts.Name) != nil {
+		r["name"] = opts.Name
+	}
+
+	if opts.AdminStateUp != nil {
+		r["admin_state_up"] = opts.AdminStateUp
+	}
+
+	if opts.Distributed != nil {
+		r["distributed"] = opts.Distributed
+	}
+
+	if gophercloud.MaybeString(opts.TenantID) != nil {
+		r["tenant_id"] = opts.TenantID
+	}
+
+	if opts.GatewayInfo != nil {
+		r["external_gateway_info"] = opts.GatewayInfo
+	}
+
+	return map[string]interface{}{"router": r}, nil
+}
+
+// Create accepts a CreateOpts struct and uses the values to create a new
+// logical router. When it is created, the router does not have an internal
+// interface - it is not associated to any subnet.
+//
+// You can optionally specify an external gateway for a router using the
+// GatewayInfo struct. The external gateway for the router must be plugged into
+// an external network (it is external if its `router:external' field is set to
+// true).
+func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) CreateResult {
+	var res CreateResult
+
+	reqBody, err := opts.ToRouterCreateMap()
+	if err != nil {
+		res.Err = err
+		return res
+	}
+
+	_, res.Err = c.Post(rootURL(c), reqBody, &res.Body, nil)
+	return res
+}
+
+// Get retrieves a particular router based on its unique ID.
+func Get(c *gophercloud.ServiceClient, id string) GetResult {
+	var res GetResult
+	_, res.Err = c.Get(resourceURL(c, id), &res.Body, nil)
+	return res
+}
+
+// UpdateOpts contains the values used when updating a router.
+type UpdateOpts struct {
+	Name         string
+	AdminStateUp *bool
+	Distributed  *bool
+	GatewayInfo  *GatewayInfo
+	Routes       []Route
+}
+
+// Update allows routers to be updated. You can update the name, administrative
+// state, and the external gateway. For more information about how to set the
+// external gateway for a router, see Create. This operation does not enable
+// the update of router interfaces. To do this, use the AddInterface and
+// RemoveInterface functions.
+func Update(c *gophercloud.ServiceClient, id string, opts UpdateOpts) UpdateResult {
+	type router struct {
+		Name         *string      `json:"name,omitempty"`
+		AdminStateUp *bool        `json:"admin_state_up,omitempty"`
+		Distributed  *bool        `json:"distributed,omitempty"`
+		GatewayInfo  *GatewayInfo `json:"external_gateway_info,omitempty"`
+		Routes       []Route      `json:"routes"`
+	}
+
+	type request struct {
+		Router router `json:"router"`
+	}
+
+	reqBody := request{Router: router{
+		Name:         gophercloud.MaybeString(opts.Name),
+		AdminStateUp: opts.AdminStateUp,
+		Distributed:  opts.Distributed,
+	}}
+
+	if opts.GatewayInfo != nil {
+		reqBody.Router.GatewayInfo = opts.GatewayInfo
+	}
+
+	if opts.Routes != nil {
+		reqBody.Router.Routes = opts.Routes
+	}
+
+	// Send request to API
+	var res UpdateResult
+	_, res.Err = c.Put(resourceURL(c, id), reqBody, &res.Body, &gophercloud.RequestOpts{
+		OkCodes: []int{200},
+	})
+
+	return res
+}
+
+// Delete will permanently delete a particular router based on its unique ID.
+func Delete(c *gophercloud.ServiceClient, id string) DeleteResult {
+	var res DeleteResult
+	_, res.Err = c.Delete(resourceURL(c, id), nil)
+	return res
+}
+
+var errInvalidInterfaceOpts = errors.New("When adding a router interface you must provide either a subnet ID or a port ID")
+
+// InterfaceOpts allow you to work with operations that either add or remote
+// an internal interface from a router.
+type InterfaceOpts struct {
+	SubnetID string
+	PortID   string
+}
+
+// AddInterface attaches a subnet to an internal router interface. You must
+// specify either a SubnetID or PortID in the request body. If you specify both,
+// the operation will fail and an error will be returned.
+//
+// If you specify a SubnetID, the gateway IP address for that particular subnet
+// is used to create the router interface. Alternatively, if you specify a
+// PortID, the IP address associated with the port is used to create the router
+// interface.
+//
+// If you reference a port that is associated with multiple IP addresses, or
+// if the port is associated with zero IP addresses, the operation will fail and
+// a 400 Bad Request error will be returned.
+//
+// If you reference a port already in use, the operation will fail and a 409
+// Conflict error will be returned.
+//
+// The PortID that is returned after using Extract() on the result of this
+// operation can either be the same PortID passed in or, on the other hand, the
+// identifier of a new port created by this operation. After the operation
+// completes, the device ID of the port is set to the router ID, and the
+// device owner attribute is set to `network:router_interface'.
+func AddInterface(c *gophercloud.ServiceClient, id string, opts InterfaceOpts) InterfaceResult {
+	var res InterfaceResult
+
+	// Validate
+	if (opts.SubnetID == "" && opts.PortID == "") || (opts.SubnetID != "" && opts.PortID != "") {
+		res.Err = errInvalidInterfaceOpts
+		return res
+	}
+
+	type request struct {
+		SubnetID string `json:"subnet_id,omitempty"`
+		PortID   string `json:"port_id,omitempty"`
+	}
+
+	body := request{SubnetID: opts.SubnetID, PortID: opts.PortID}
+
+	_, res.Err = c.Put(addInterfaceURL(c, id), body, &res.Body, &gophercloud.RequestOpts{
+		OkCodes: []int{200},
+	})
+
+	return res
+}
+
+// RemoveInterface removes an internal router interface, which detaches a
+// subnet from the router. You must specify either a SubnetID or PortID, since
+// these values are used to identify the router interface to remove.
+//
+// Unlike AddInterface, you can also specify both a SubnetID and PortID. If you
+// choose to specify both, the subnet ID must correspond to the subnet ID of
+// the first IP address on the port specified by the port ID. Otherwise, the
+// operation will fail and return a 409 Conflict error.
+//
+// If the router, subnet or port which are referenced do not exist or are not
+// visible to you, the operation will fail and a 404 Not Found error will be
+// returned. After this operation completes, the port connecting the router
+// with the subnet is removed from the subnet for the network.
+func RemoveInterface(c *gophercloud.ServiceClient, id string, opts InterfaceOpts) InterfaceResult {
+	var res InterfaceResult
+
+	type request struct {
+		SubnetID string `json:"subnet_id,omitempty"`
+		PortID   string `json:"port_id,omitempty"`
+	}
+
+	body := request{SubnetID: opts.SubnetID, PortID: opts.PortID}
+
+	_, res.Err = c.Put(removeInterfaceURL(c, id), body, &res.Body, &gophercloud.RequestOpts{
+		OkCodes: []int{200},
+	})
+
+	return res
+}

vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers/results.go

@@ -0,0 +1,171 @@
+package routers
+
+import (
+	"github.com/mitchellh/mapstructure"
+	"github.com/rackspace/gophercloud"
+	"github.com/rackspace/gophercloud/pagination"
+)
+
+// GatewayInfo represents the information of an external gateway for any
+// particular network router.
+type GatewayInfo struct {
+	NetworkID string `json:"network_id" mapstructure:"network_id"`
+}
+
+type Route struct {
+	NextHop         string `mapstructure:"nexthop" json:"nexthop"`
+	DestinationCIDR string `mapstructure:"destination" json:"destination"`
+}
+
+// Router represents a Neutron router. A router is a logical entity that
+// forwards packets across internal subnets and NATs (network address
+// translation) them on external networks through an appropriate gateway.
+//
+// A router has an interface for each subnet with which it is associated. By
+// default, the IP address of such interface is the subnet's gateway IP. Also,
+// whenever a router is associated with a subnet, a port for that router
+// interface is added to the subnet's network.
+type Router struct {
+	// Indicates whether or not a router is currently operational.
+	Status string `json:"status" mapstructure:"status"`
+
+	// Information on external gateway for the router.
+	GatewayInfo GatewayInfo `json:"external_gateway_info" mapstructure:"external_gateway_info"`
+
+	// Administrative state of the router.
+	AdminStateUp bool `json:"admin_state_up" mapstructure:"admin_state_up"`
+
+	// Whether router is disitrubted or not..
+	Distributed bool `json:"distributed" mapstructure:"distributed"`
+
+	// Human readable name for the router. Does not have to be unique.
+	Name string `json:"name" mapstructure:"name"`
+
+	// Unique identifier for the router.
+	ID string `json:"id" mapstructure:"id"`
+
+	// Owner of the router. Only admin users can specify a tenant identifier
+	// other than its own.
+	TenantID string `json:"tenant_id" mapstructure:"tenant_id"`
+
+	Routes []Route `json:"routes" mapstructure:"routes"`
+}
+
+// RouterPage is the page returned by a pager when traversing over a
+// collection of routers.
+type RouterPage struct {
+	pagination.LinkedPageBase
+}
+
+// NextPageURL is invoked when a paginated collection of routers has reached
+// the end of a page and the pager seeks to traverse over a new one. In order
+// to do this, it needs to construct the next page's URL.
+func (p RouterPage) NextPageURL() (string, error) {
+	type resp struct {
+		Links []gophercloud.Link `mapstructure:"routers_links"`
+	}
+
+	var r resp
+	err := mapstructure.Decode(p.Body, &r)
+	if err != nil {
+		return "", err
+	}
+
+	return gophercloud.ExtractNextURL(r.Links)
+}
+
+// IsEmpty checks whether a RouterPage struct is empty.
+func (p RouterPage) IsEmpty() (bool, error) {
+	is, err := ExtractRouters(p)
+	if err != nil {
+		return true, nil
+	}
+	return len(is) == 0, nil
+}
+
+// ExtractRouters accepts a Page struct, specifically a RouterPage struct,
+// and extracts the elements into a slice of Router structs. In other words,
+// a generic collection is mapped into a relevant slice.
+func ExtractRouters(page pagination.Page) ([]Router, error) {
+	var resp struct {
+		Routers []Router `mapstructure:"routers" json:"routers"`
+	}
+
+	err := mapstructure.Decode(page.(RouterPage).Body, &resp)
+
+	return resp.Routers, err
+}
+
+type commonResult struct {
+	gophercloud.Result
+}
+
+// Extract is a function that accepts a result and extracts a router.
+func (r commonResult) Extract() (*Router, error) {
+	if r.Err != nil {
+		return nil, r.Err
+	}
+
+	var res struct {
+		Router *Router `json:"router"`
+	}
+
+	err := mapstructure.Decode(r.Body, &res)
+
+	return res.Router, err
+}
+
+// CreateResult represents the result of a create operation.
+type CreateResult struct {
+	commonResult
+}
+
+// GetResult represents the result of a get operation.
+type GetResult struct {
+	commonResult
+}
+
+// UpdateResult represents the result of an update operation.
+type UpdateResult struct {
+	commonResult
+}
+
+// DeleteResult represents the result of a delete operation.
+type DeleteResult struct {
+	gophercloud.ErrResult
+}
+
+// InterfaceInfo represents information about a particular router interface. As
+// mentioned above, in order for a router to forward to a subnet, it needs an
+// interface.
+type InterfaceInfo struct {
+	// The ID of the subnet which this interface is associated with.
+	SubnetID string `json:"subnet_id" mapstructure:"subnet_id"`
+
+	// The ID of the port that is a part of the subnet.
+	PortID string `json:"port_id" mapstructure:"port_id"`
+
+	// The UUID of the interface.
+	ID string `json:"id" mapstructure:"id"`
+
+	// Owner of the interface.
+	TenantID string `json:"tenant_id" mapstructure:"tenant_id"`
+}
+
+// InterfaceResult represents the result of interface operations, such as
+// AddInterface() and RemoveInterface().
+type InterfaceResult struct {
+	gophercloud.Result
+}
+
+// Extract is a function that accepts a result and extracts an information struct.
+func (r InterfaceResult) Extract() (*InterfaceInfo, error) {
+	if r.Err != nil {
+		return nil, r.Err
+	}
+
+	var res *InterfaceInfo
+	err := mapstructure.Decode(r.Body, &res)
+
+	return res, err
+}

vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers/urls.go

@@ -0,0 +1,21 @@
+package routers
+
+import "github.com/rackspace/gophercloud"
+
+const resourcePath = "routers"
+
+func rootURL(c *gophercloud.ServiceClient) string {
+	return c.ServiceURL(resourcePath)
+}
+
+func resourceURL(c *gophercloud.ServiceClient, id string) string {
+	return c.ServiceURL(resourcePath, id)
+}
+
+func addInterfaceURL(c *gophercloud.ServiceClient, id string) string {
+	return c.ServiceURL(resourcePath, id, "add_router_interface")
+}
+
+func removeInterfaceURL(c *gophercloud.ServiceClient, id string) string {
+	return c.ServiceURL(resourcePath, id, "remove_router_interface")
+}