Bug 1577612

Summary:	The global amount of Octavia loadbalancers is constrained by the size of lb-mgmt-subnet
Product:	Red Hat OpenStack	Reporter:	Nir Magnezi <nmagnezi>
Component:	openstack-tripleo-common	Assignee:	Nir Magnezi <nmagnezi>
Status:	CLOSED ERRATA	QA Contact:	Alexander Stafeyev <astafeye>
Severity:	urgent	Docs Contact:
Priority:	urgent
Version:	13.0 (Queens)	CC:	amuller, beagles, cgoncalves, jschluet, mburns, nbarcet, nyechiel, slinaber
Target Milestone:	rc	Keywords:	Triaged
Target Release:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	openstack-tripleo-common-8.6.1-17.el7ost openstack-tripleo-heat-templates-8.0.2-26.el7ost	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-06-27 13:56:23 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1433523

Description Nir Magnezi 2018-05-13 13:26:08 UTC

Description of problem:
=======================
Octavia creates Amphorae (service VMs) under an operator configured project (tenant). In TripleO, we currently use 'service' project by default.
Each Amphora instance has its own tap device in a shared management subnet named lb-mgmt-subnet. That subnet is concealed under the 'service' project and cannot be accessed by non-privileged users.

TripleO creates that subnet during the Octavia deployment process. Currently, it is created as a class B subnet with allocation_pools that essentially limit the number of address in that subnet to 150.
Which means, globally for a given OpenStack deployment:
- 150 Amphorae ==> 150 Loadbalancers if the Amphora topology is SINGLE
- 150 Amphorae ==> 75 Loadbalancers if the Amphora topology is ACTIVE_STANDBY

Here's how it currently looks (snipped):


+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 192.168.199.50-192.168.199.200       |
| cidr              | 192.168.199.0/24                     |
| created_at        | 2018-05-07T09:14:36Z                 |
| enable_dhcp       | True                                 |
| gateway_ip        | 192.168.199.1                        |
| ip_version        | 4                                    |
| name              | lb-mgmt-subnet                       |
+-------------------+--------------------------------------+



Version-Release number of selected component (if applicable):
=============================================================
OSP13 2018-05-10.3 openstack-tripleo-common-8.6.1-9 

How reproducible:
=================
100%

Steps to Reproduce:
1. Deploy OpenStack with Octavia via TripleO
2.
3.

Actual results:
===============
As mentioned above.

Expected results:
=================
We should have a much larger subnet such as class B, so the global amount of Octavia loadbalancers won't constrained to a very low number.

Comment 2 Nir Magnezi 2018-05-13 13:32:39 UTC

Current config:
https://github.com/openstack/tripleo-common/blob/53513666974657f120def7811c95b36a30782b89/playbooks/roles/common/defaults/main.yml#L11-L14

Comment 3 Nir Magnezi 2018-05-13 13:39:54 UTC

Minor correction to the 'Description of problem': class C instead of class B.

Comment 5 Carlos Goncalves 2018-05-15 18:14:13 UTC

Manually patched undercloud with Nir's patches. It works.


(overcloud) [stack@undercloud-0 ~]$ openstack subnet show lb-mgmt-subnet
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 172.20.0.2-172.20.255.254            |
| cidr              | 172.20.0.0/16                        |
| created_at        | 2018-05-15T16:46:19Z                 |
| description       |                                      |
| dns_nameservers   |                                      |
| enable_dhcp       | True                                 |
| gateway_ip        | 172.20.0.1                           |
| host_routes       |                                      |
| id                | 8b1dbae1-1cbd-4b65-b651-049d6fbd3751 |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              | lb-mgmt-subnet                       |
| network_id        | 1306567e-c415-4eb7-9274-78fea5acb8f3 |
| project_id        | 18cae82661624a12bd4c5b908044fcea     |
| revision_number   | 0                                    |
| segment_id        | None                                 |
| service_types     |                                      |
| subnetpool_id     | None                                 |
| tags              |                                      |
| updated_at        | 2018-05-15T16:46:19Z                 |
+-------------------+--------------------------------------+


[heat-admin@controller-0 ~]$ ip a show dev o-hm0
55: o-hm0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether fa:16:3e:c7:b7:6f brd ff:ff:ff:ff:ff:ff
    inet 172.20.0.9/16 brd 172.20.255.255 scope global o-hm0
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fec7:b76f/64 scope link 
       valid_lft forever preferred_lft forever

Comment 6 Bernard Cafarelli 2018-05-16 13:48:07 UTC

*** Bug 1577611 has been marked as a duplicate of this bug. ***

Comment 15 errata-xmlrpc 2018-06-27 13:56:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086