Bug 1459960
| Summary: | ipfailover keepalived image lacks IP Address validation | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Ricardo Medina <rmedina> |
| Component: | Networking | Assignee: | Ben Bennett <bbennett> |
| Networking sub component: | router | QA Contact: | zhaozhanqi <zzhao> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | unspecified | CC: | aos-bugs, bmeng, bperkins, eparis, xtian |
| Version: | 3.5.0 | Keywords: | NeedsTestCase |
| Target Milestone: | --- | ||
| Target Release: | 3.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: No validation of IP addresses
Consequence: Bad IP addresses could be specified and break the ipfailover container
Fix: Validate the addresses
Result: Less brittle config
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-28 21:56:55 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Additional information: The github pull request for this BZ is: https://github.com/openshift/origin/pull/14527 Thanks! Verified this bug on openshift v3.6.131 when input invalid ipv4/ipv6 address when creating ipfailover pod. it will return the error: # oadm ipfailover ipf1 --virtual-ips=2001:DB8::39FB:2::2 error: Invalid IP address: 2001:DB8::39FB:2::2 [root@host-8-175-105 ~]# oadm ipfailover ipf1 --virtual-ips=192.12.1.1.1 error: Invalid IP address: 192.12.1.1.1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188 |
Description of problem: The current ipfailover keepalived image doesn't support IPv6 addresses or ranges nor IP address validation. For example, adding an IPv6 address to the `oadm ipfailover` command will result in a new vrrp section pertaining to an address that only contains the numeric components of the address (for example, if using 2001:DB8:1ABC::1F39, one would end up with 200181139 as an IP address). Version-Release number of selected component (if applicable): v1.5.1 How reproducible: Always. Just pass any IPv6 address (or an invalid IPv4 address) to the `oadm ipfailover` command Steps to Reproduce: 1. oadm ipfailover --virtual-ips="192.0.2.100,2001:DB8:1ABC::1F39" 2. PODNAME=$(oc get pods |grep -o "^ipfailover[0-9a-zA-Z-]*") && oc exec ${PODNAME} cat /etc/keepalived/keepalived.conf 3. Verify that one of the virtual_ipaddress section contains "200181139" Actual results: Address 2001:DB8:1ABC::1F39 is represented as 200181139 Expected results: Address 2001:DB8:1ABC::1F39 is represented as 2001:DB8:1ABC::1F39 Additional info: I have a working patch for the image, for which I'll create a pull request referencing this bug.