Bug 1281610

Summary: IPv6 URLs Incorrect in Puppet Hieradata
Product: Red Hat OpenStack Reporter: Dan Sneddon <dsneddon>
Component: openstack-tripleo-heat-templatesAssignee: Miles Gould <mgould>
Status: CLOSED ERRATA QA Contact: Amit Ugol <augol>
Severity: unspecified Docs Contact:
Priority: urgent    
Version: 8.0 (Liberty)CC: achernet, dsneddon, gdubreui, hbrock, jcoufal, mburns, mcornea, mgould, rhel-osp-director-maint
Target Milestone: ga   
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-0.8.7-10.el7ost Doc Type: Bug Fix
Doc Text:
IPv6 requires that IP addresses used in URLs be surrounded by square brackets, to distinguish them from a port declaration. However, this requirement was not met in the case of certain TripleO Heat Templates, and as a consequence, IPv6 deployments were failing, with services unable to reach other services. A number of fixes were applied to the TripleO Heat Templates and the OpenStack Puppet Modules in order to properly wrap IPv6 IP addresses in brackets for use in URLs. As a result, this problem has been fixed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-15 14:30:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1319265    
Bug Blocks:    

Description Dan Sneddon 2015-11-12 22:35:11 UTC 
Description of problem:
While testing the IPv6 versions of the isolated network TripleO heat templates from this patch (https://review.openstack.org/#/c/235423/), I found that the URLs generated by the Heat templates are not correctly formatted for IPv6 addresses. For instance, if IPv6 addresses are used for the VIP addresses, you end up with URLs like this in the Puppet Hieradata on the controller:

controller.yaml:ceilometer::agent::auth::auth_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0

For IPv6 addresses in URLs, the IP should be enclosed in square brackets, like this:
controller.yaml:ceilometer::agent::auth::auth_url: http://[fd00:fd00:fd00:2000:f816:3eff:feea:2430]:5000/v2.0

Version-Release number of selected component (if applicable):
OSP 8.0 beta 1

How reproducible:
100%

Steps to Reproduce:
1. Deploy with IPv6 isolated networks
2. 
3.

Actual results:
Deployment will fail with a Puppet error currently, but looking at the Hieradata on the controllers, I can see a lot of URLs that are formatted incorrectly:

[root@overcloud-controller-0 hieradata]# grep fd00 * | grep "://"
controller.yaml:ceilometer::agent::auth::auth_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0
controller.yaml:ceilometer::agent::central::coordination_url: redis://fd00:fd00:fd00:2000:f816:3eff:fef6:3820:6379
controller.yaml:ceilometer::api::keystone_auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:ceilometer_mysql_conn_string: mysql://ceilometer:unset@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ceilometer
controller.yaml:cinder::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:cinder::database_connection: mysql://cinder:3b5c45836f5fcae1538630721d976b1070012b7f@fd00:fd00:fd00:2000:f816:3eff:feea:2430/cinder
controller.yaml:cinder::glance::glance_api_servers: http://fd00:fd00:fd00:3000:f816:3eff:fe6c:bdcd:9292
controller.yaml:glance::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:glance::api::database_connection: mysql://glance:bad73578501498d1930d5523f87409e0240acc72@fd00:fd00:fd00:2000:f816:3eff:feea:2430/glance
controller.yaml:glance::backend::swift::swift_store_auth_address: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0
controller.yaml:glance::registry::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:glance::registry::database_connection: mysql://glance:bad73578501498d1930d5523f87409e0240acc72@fd00:fd00:fd00:2000:f816:3eff:feea:2430/glance
controller.yaml:heat::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:heat::database_connection: mysql://heat:933fe07227d9f91d2fc6cc08c4ba4d186f6b7eae@fd00:fd00:fd00:2000:f816:3eff:feea:2430/heat
controller.yaml:heat::engine::heat_metadata_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8000
controller.yaml:heat::engine::heat_waitcondition_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8000/v1/waitcondition
controller.yaml:heat::engine::heat_watch_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8003
controller.yaml:heat::keystone_ec2_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/ec2tokens
controller.yaml:horizon::keystone_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:keystone::database_connection: mysql://keystone:54cb5591cd7bff13ff96818678a15d70f18a81d9@fd00:fd00:fd00:2000:f816:3eff:feea:2430/keystone
controller.yaml:neutron::server::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:neutron::server::database_connection: mysql://neutron:6f2bd4548e3cc64ae5da05a26ee8a8c91081c8bf@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ovs_neutron?charset=utf8
controller.yaml:neutron_dsn: mysql://neutron:6f2bd4548e3cc64ae5da05a26ee8a8c91081c8bf@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ovs_neutron?charset=utf8
controller.yaml:nova::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:nova::database_connection: mysql://nova:9f94295091a6be6309ce0dd19d29c9c5dac72fea@fd00:fd00:fd00:2000:f816:3eff:feea:2430/nova
controller.yaml:nova::glance_api_servers: http://fd00:fd00:fd00:3000:f816:3eff:fe6c:bdcd:9292
controller.yaml:nova::network::neutron::neutron_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:9696
controller.yaml:swift::proxy::authtoken::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/


Expected results:
The URLs will need to have square brackets around the URLs in order to be correct. We either need to develop a way to produce the URLs correctly in Heat (conditional parameters?), or we need to address this in the Puppet modules and rewrite the URLs before they get committed to a configuration file.

Additional info:
RFC 2732 - Format for Literal IPv6 Addresses in URL's - https://www.ietf.org/rfc/rfc2732.txt
Comment 2 Gilles Dubreuil 2015-11-25 06:45:05 UTC 
Could you please indicate which component is involved in generating the faulty Hiera data?

The component in question which is generating the url, effectively needs to detect when an ipv6 is involved (instead of an ipv6 or a simply a hostname) to add the brackets.
Comment 3 Gilles Dubreuil 2015-11-25 06:46:26 UTC 
Sorry in comment 2, I meant
(instead of an ipv4 or simply a hostname)
Comment 4 Dan Sneddon 2015-12-03 16:33:04 UTC 
Here is the current plan for addressing this bug:

I am going to modify the TripleO Heat Templates such that the port objects return not only an IP address, but also an IP address suitable for use in URLs. The IPv4 version of the ports will return a raw IPv4 address, but the IPv6 version of the ports will return a bracketed IPv6 address for the same property.

I will then modify the parameters that construct a URL to use the new property, so URLs will contain brackets when using IPv6.
Comment 5 Dan Sneddon 2016-01-05 00:46:09 UTC 
This bug is fixed upstream. The changes were mostly in the EndpointMap nested stack. We now populate both the raw IP and the bracketed IP in the VipMap for IPv6 endpoints. The VipMap feeds the EndpointMap, but the bracketed IPs are used in the case of IPv6. With these changes, the URLs output by the EndpointMap have the brackets, while the values with raw IPs do not have brackets.

Example of Puppet hieradata after the change:

ceph.yaml:ceph::profile::params::public_network: fd00:fd00:fd00:3000:f816:3eff:fe48:6ecd/64
controller.yaml:apache::ip: fd00:fd00:fd00:2000:f816:3eff:fe80:f5bf
controller.yaml:ceilometer::agent::auth::auth_url: http://[fd00:fd00:fd00:2000:f816:3eff:fe68:10b5]:5000/v2.0
controller.yaml:ceilometer::agent::central::coordination_url: redis://[fd00:fd00:fd00:2000:f816:3eff:fe06:a3a8]:6379
controller.yaml:ceilometer::api::host: fd00:fd00:fd00:2000:f816:3eff:fe80:f5bf
controller.yaml:ceilometer::api::keystone_auth_uri: http://[fd00:fd00:fd00:2000:f816:3eff:fe68:10b5]:5000/v2.0

Since the URLs now contain brackets, this bug has been fixed upstream. Once the IPv6 Heat templates are merged downstream, this bug can be closed.
Comment 6 Dan Sneddon 2016-02-05 15:58:55 UTC 
This bug was fixed in a variety of places. A change to the main IPv6 TripleO Heat templates (modifying EndpointMap) fixed some of the URLs, but there were patches to several different OpenStack Puppet Modules that fixed the rest. This bug was more of a general issue than a specific code problem.
Comment 10 Miles Gould 2016-04-13 15:04:29 UTC 
I tried to deploy an overcloud with IPv6 isolated networks; deployment failed, but all the URLs containing IPv6 addresses in the hieradata on overcloud-controller-0 have square brackets around the IPv6 addresses.
Comment 12 errata-xmlrpc 2016-04-15 14:30:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0637.html