Bug 1871145

Summary: [OCP 4.4] multus configuration in the documentation leads to error
Product: OpenShift Container Platform Reporter: Mario Abajo <mabajodu>
Component: DocumentationAssignee: Jason Boxman <jboxman>
Status: CLOSED CURRENTRELEASE QA Contact: zhaozhanqi <zzhao>
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 4.4CC: aos-bugs, dahernan, jboxman, jokerman
Target Milestone: ---   
Target Release: 4.4.z   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-23 20:47:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mario Abajo 2020-08-21 12:24:42 UTC 
Document URL:
https://docs.openshift.com/container-platform/4.4/networking/multiple_networks/configuring-bridge.html#nw-multus-create-network_configuring-bridge

Section Number and Name: 
Procedure, step 2

Describe the issue: 
In a customer case, he creates the exact configuration as described in the doc's example:
~~~
  additionalNetworks:
  - name: test-network-1
    namespace: default
    rawCNIConfig: '{ "cniVersion": "0.3.1", "name": "test-network-1", "type": "bridge",
      "ipam": { "type": "static", "addresses": [ { "address": "191.168.1.7" } ] }
      }'
    type: Raw
~~~

but it fails with error:
~~~
  message: 'Failed to create pod sandbox: rpc error: code = Unknown desc = failed
    to create pod network sandbox k8s_bridge-pod-1_default_f7912f37-249e-4cae-865e-5c3e4f29b322_0(f579e0734e405142e1d3c28e190ef36794dc03bf713e1fe6fe8ac1497e80e5b4):
    Multus: [default/bridge-pod-1]: error adding container to network "test-network-1":
    delegateAdd: error invoking DelegateAdd - "bridge": error in getting result from
    AddNetwork: invalid CIDR 191.168.1.7: invalid CIDR address: 191.168.1.7'
~~~

witch makes sense as "191.168.1.7" lacks netmask prefix and doesn't qualify as a CIDR.


Suggestions for improvement: 
- Correct this error by adding the CIDR
- Not sure if this applies to openshift but in upstream multus it looks like there are more options and parameters (like ranges) that can be defined and that are not present in openshift documentation:
  https://github.com/intel/multus-cni/blob/master/doc/configuration.md
  e.g.:
  config: '{
      "cniVersion": "0.3.0",
      "type": "macvlan",
      "master": "eth0",
      "mode": "bridge",
      "ipam": {
        "type": "host-local",
        "subnet": "192.168.1.0/24",
        "rangeStart": "192.168.1.200",
        "rangeEnd": "192.168.1.216",
        "routes": [
          { "dst": "0.0.0.0/0" }
        ],
        "gateway": "192.168.1.1"
      }
    }'


Additional information:
Comment 1 Jason Boxman 2020-11-02 18:10:18 UTC 
Hi,

Where does the log message originate from? What command produces that output?

Thanks!
Comment 2 David Hernández Fernández 2020-11-04 11:07:58 UTC 
It's a message from the kubelet (Failed to create pod sandbox..) because on Cluster network operator the static address is missing a netmask prefix
Comment 3 Mario Abajo 2020-11-04 11:20:59 UTC 
Hi,
  Customer followed this link [1] to add an additional network and failed with this message:

Error message: Warning  FailedCreatePodSandBox  <invalid>  kubelet, cluster-X-worker-Y  Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_example-pod_default_352084f8-5774-41c6-ae2c-e73e65fb1e9a_0(91ae091936157fe280fdf022bf257ce9c851e05388d402cbc5885e64ab26e45f): Multus: [default/example-pod]: error adding container to network "test-network-1": delegateAdd: error invoking DelegateAdd - "bridge": error in getting result from AddNetwork: invalid CIDR 191.168.1.7: invalid CIDR address: 191.168.1.7

Then, i suggested the customer to modify "oc edit networks.operator.openshift.io cluster" the way described in this BZ and it has reported to be working that way.

[1] https://access.redhat.com/documentation/en-us/openshift_container_platform/4.4/html-single/networking/index#nw-multus-create-network_configuring-bridge
Comment 4 Jason Boxman 2020-11-06 02:58:10 UTC 
Great, thanks!

So I'm digging around on this, and in this context the CIDR is the IP address for the additional network and the subnet mask for the network. So you should be able to specify a network prefix other than /24, but as you've discovered, you must specify some (correct) prefix.

How the prefix is put to use depends on the CNI plug-in, so the complete update for this is probably much more expansive.

I'll fix the immediate issue, and then work on resolving the larger gap here.
Comment 5 Jason Boxman 2020-11-06 03:30:17 UTC 
I've created the following PR to address this:

https://github.com/openshift/openshift-docs/pull/27134