Bug 1459960

Summary: ipfailover keepalived image lacks IP Address validation
Product: OpenShift Container Platform Reporter: Ricardo Medina <rmedina>
Component: RoutingAssignee: Ben Bennett <bbennett>
Status: CLOSED ERRATA QA Contact: zhaozhanqi <zzhao>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: aos-bugs, bmeng, bperkins, eparis, xtian
Target Milestone: ---Keywords: NeedsTestCase
Target Release: 3.7.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: No validation of IP addresses Consequence: Bad IP addresses could be specified and break the ipfailover container Fix: Validate the addresses Result: Less brittle config
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-28 21:56:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ricardo Medina 2017-06-08 16:48:54 UTC
Description of problem:

The current ipfailover keepalived image doesn't support IPv6 addresses or ranges nor IP address validation. For example, adding an IPv6 address to the `oadm ipfailover` command will result in a new vrrp section pertaining to an address that only contains the numeric components of the address (for example, if using 2001:DB8:1ABC::1F39, one would end up with 200181139 as an IP address).

Version-Release number of selected component (if applicable):

How reproducible:
Always. Just pass any IPv6 address (or an invalid IPv4 address) to the `oadm ipfailover` command

Steps to Reproduce:
1. oadm ipfailover --virtual-ips=",2001:DB8:1ABC::1F39"
2. PODNAME=$(oc get pods |grep -o "^ipfailover[0-9a-zA-Z-]*") && oc exec ${PODNAME} cat /etc/keepalived/keepalived.conf 
3. Verify that one of the virtual_ipaddress section contains "200181139"

Actual results:

Address 2001:DB8:1ABC::1F39 is represented as 200181139

Expected results:

Address 2001:DB8:1ABC::1F39 is represented as 2001:DB8:1ABC::1F39

Additional info:

I have a working patch for the image, for which I'll create a pull request referencing this bug.

Comment 1 Ricardo Medina 2017-06-09 19:57:51 UTC
Additional information: The github pull request for this BZ is:



Comment 3 zhaozhanqi 2017-07-05 06:41:55 UTC
Verified this bug on openshift v3.6.131

when input invalid ipv4/ipv6 address when creating ipfailover pod. it will return the error:

# oadm ipfailover ipf1 --virtual-ips=2001:DB8::39FB:2::2
error: Invalid IP address: 2001:DB8::39FB:2::2
[root@host-8-175-105 ~]# oadm ipfailover ipf1 --virtual-ips=
error: Invalid IP address:

Comment 7 errata-xmlrpc 2017-11-28 21:56:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.