Bug 1718197

Summary: Setting cidr to an improper value (192.168.225.1/24) in undercloud.conf deploys successfully but breaks minor updates of undercloud.
Product: Red Hat OpenStack Reporter: Harald Jensås <hjensas>
Component: openstack-neutronAssignee: Harald Jensås <hjensas>
Status: CLOSED ERRATA QA Contact: Alex Katz <akatz>
Severity: high Docs Contact:
Priority: high    
Version: 15.0 (Stein)CC: amuller, bfournie, chrisw, dsorrent, ekuris, hjensas, mburns, scohen
Target Milestone: z2Keywords: Triaged, ZStream
Target Release: 15.0 (Stein)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-neutron-14.0.4-0.20191209140459.57edfee.el8ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1717558 Environment:
Last Closed: 2020-03-05 11:53:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1717558, 1755086    
Bug Blocks:    

Description Harald Jensås 2019-06-07 08:37:20 UTC 
+++ This bug was initially created as a clone of Bug #1717558 +++

Description of problem:

When deploying the undercloud, if you specify a non-normalized cidr in undercloud.conf for the control plane, such as 192.168.225.1/24, the deployment succeeds and the subnet is created correctly with 192.168.225.0/24.  If you attempt to perform a minor update to the undercloud, it fails because it looks for a network with the value in undercloud.conf (192.168.225.1/24), doesn't find it (because it's really 192.168.225.0/24) and then attempts to create the network for 192.168.225.1/24 which fails due to overlapping IP addresses.

Version-Release number of selected component (if applicable):

AFAIK, this issue exists in both OSP13 and OSP14.

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Harald Jensås on 2019-06-06 02:01:01 UTC ---

Neutron converts/normalizes the value provided as CIDR in a pre-commit method:
  https://opendev.org/openstack/neutron/src/branch/master/neutron/db/db_base_plugin_v2.py#L820

818            # turn the CIDR into a proper subnet
819            net = netaddr.IPNetwork(s['cidr'])
820            subnet['subnet']['cidr'] = '%s/%s' % (net.network, net.prefixlen)


This explain why we can create a subnet without the actual network address in the CIDR.


However when listing subnets and querying with a CIDR that does not use the actual network address, the result is empty:

$ curl -s -H "X-Auth-Token: $(openstack token issue -c id -f value)" -H "Content-Type: application/json" http://192.168.122.103:9696/v2.0/subnets?cidr=192.168.100.1/24 | json_reformat 
{
    "subnets": [

    ]
}


Looks like this patch would fix it neutron side:

--- a/neutron/db/db_base_plugin_common.py
+++ b/neutron/db/db_base_plugin_common.py
@@ -300,6 +300,12 @@ class DbBasePluginCommon(object):
                      page_reverse=False):
         pager = base_obj.Pager(sorts, limit, page_reverse, marker)
         filters = filters or {}
+        if filters.get('cidr'):
+            cidr_list = []
+            for cidr in filters['cidr']:
+                net = netaddr.IPNetwork(cidr)
+                cidr_list.append('%s/%s' % (net.network, net.prefixlen))
+            filters.update({'cidr': cidr_list})
         # TODO(ihrachys) remove explicit reader usage when subnet OVO switches
         # to engine facade by default
         with db_api.CONTEXT_READER.using(context):
Comment 9 Alex Katz 2020-01-28 12:44:09 UTC 
Verified with the following packages:
 - openstack-neutron-14.0.3
 - openstack-neutron-14.0.4

Update scenarios:
GA -> Z1
GA -> Z2
Z1 -> Z2
Comment 10 Alex McLeod 2020-02-19 12:48:27 UTC 
If this bug requires doc text for errata release, please set the 'Doc Type' and provide draft text according to the template in the 'Doc Text' field. The documentation team will review, edit, and approve the text.

If this bug does not require doc text, please set the 'requires_doc_text' flag to '-'.
Comment 12 errata-xmlrpc 2020-03-05 11:53:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0709