Bug 1717558

Summary: Setting cidr to an improper value (192.168.225.1/24) in undercloud.conf deploys successfully but breaks minor updates of undercloud.
Product: Red Hat OpenStack Reporter: Darin Sorrentino <dsorrent>
Component: openstack-neutronAssignee: Harald Jensås <hjensas>
Status: CLOSED CURRENTRELEASE QA Contact: Eran Kuris <ekuris>
Severity: high Docs Contact:
Priority: high    
Version: 14.0 (Rocky)CC: amuller, bfournie, chrisw, hjensas, mburns, scohen, slinaber
Target Milestone: z4Keywords: TestOnly, Triaged, ZStream
Target Release: 14.0 (Rocky)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-neutron-13.0.4-0.20190508213452.de95bc6.el7ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1718197 1755086 (view as bug list) Environment:
Last Closed: 2019-11-13 13:51:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1718197, 1755086    

Description Darin Sorrentino 2019-06-05 18:50:41 UTC 
Description of problem:

When deploying the undercloud, if you specify a non-normalized cidr in undercloud.conf for the control plane, such as 192.168.225.1/24, the deployment succeeds and the subnet is created correctly with 192.168.225.0/24.  If you attempt to perform a minor update to the undercloud, it fails because it looks for a network with the value in undercloud.conf (192.168.225.1/24), doesn't find it (because it's really 192.168.225.0/24) and then attempts to create the network for 192.168.225.1/24 which fails due to overlapping IP addresses.

Version-Release number of selected component (if applicable):

AFAIK, this issue exists in both OSP13 and OSP14.

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Harald Jensås 2019-06-06 02:01:01 UTC 
Neutron converts/normalizes the value provided as CIDR in a pre-commit method:
  https://opendev.org/openstack/neutron/src/branch/master/neutron/db/db_base_plugin_v2.py#L820

818            # turn the CIDR into a proper subnet
819            net = netaddr.IPNetwork(s['cidr'])
820            subnet['subnet']['cidr'] = '%s/%s' % (net.network, net.prefixlen)


This explain why we can create a subnet without the actual network address in the CIDR.


However when listing subnets and querying with a CIDR that does not use the actual network address, the result is empty:

$ curl -s -H "X-Auth-Token: $(openstack token issue -c id -f value)" -H "Content-Type: application/json" http://192.168.122.103:9696/v2.0/subnets?cidr=192.168.100.1/24 | json_reformat 
{
    "subnets": [

    ]
}


Looks like this patch would fix it neutron side:

--- a/neutron/db/db_base_plugin_common.py
+++ b/neutron/db/db_base_plugin_common.py
@@ -300,6 +300,12 @@ class DbBasePluginCommon(object):
                      page_reverse=False):
         pager = base_obj.Pager(sorts, limit, page_reverse, marker)
         filters = filters or {}
+        if filters.get('cidr'):
+            cidr_list = []
+            for cidr in filters['cidr']:
+                net = netaddr.IPNetwork(cidr)
+                cidr_list.append('%s/%s' % (net.network, net.prefixlen))
+            filters.update({'cidr': cidr_list})
         # TODO(ihrachys) remove explicit reader usage when subnet OVO switches
         # to engine facade by default
         with db_api.CONTEXT_READER.using(context):