Bug 1961850
| Summary: | Tripleo is not configuring the lb-health-mgr-sec-grp security group to allow IPv6 lb-mgmt-net | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Michael Johnson <michjohn> |
| Component: | tripleo-ansible | Assignee: | Tom Weininger <tweining> |
| Status: | CLOSED ERRATA | QA Contact: | Omer Schwartz <oschwart> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 16.2 (Train) | CC: | gthiemon, ihrachys, lpeer, majopela, oschwart, scohen, tweining |
| Target Milestone: | zstream | Keywords: | Triaged |
| Target Release: | 17.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | tripleo-ansible-3.3.1-1.20230322222820.b65b485.el9ost | Doc Type: | Enhancement |
| Doc Text: |
This enhancement adds director support for IPv6 load balancer management networks.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-16 01:10:52 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Michael Johnson
2021-05-18 20:14:13 UTC
tripleo-ansible creates only an ipv4 subnet for the Octavia management network, so this BZ should be part of a wider RFE to enable ipv6 support in the management network Manual test with https://review.opendev.org/845729 showed that it already covers this issue and it works. After running the following steps on puddle RHOS-17.1-RHEL-9-20230607.n.0:
# Making sure TripleO include rules for both the UDP/5555 & UDP/514 port
~ > openstack security group show lb-health-mgr-sec-grp | grep IPv6
| rules | created_at='2023-06-07T17:09:33Z', direction='ingress', ethertype='IPv6', id='898d179b-5398-4ca2-a86e-53f83b1e16bf', normalized_cidr='::/0', port_range_max='514', port_range_min='514', protocol='udp', remote_ip_prefix='::/0', standard_attr_id='77', updated_at='2023-06-07T17:09:33Z' |
| | created_at='2023-06-07T17:09:27Z', direction='egress', ethertype='IPv6', id='8c858026-39ab-4cef-8b53-e3cce8271522', standard_attr_id='71', updated_at='2023-06-07T17:09:27Z' |
| | created_at='2023-06-07T17:09:31Z', direction='ingress', ethertype='IPv6', id='9a5aa313-f2ec-4fd6-9b92-29695dfcd61a', normalized_cidr='::/0', port_range_max='5555', port_range_min='5555', protocol='udp', remote_ip_prefix='::/0', standard_attr_id='74', updated_at='2023-06-07T17:09:31Z' |
~ > openstack security group show lb-health-mgr-sec-grp | grep IPv6 | grep port stack@undercloud-0 16:41:26
| rules | created_at='2023-06-07T17:09:33Z', direction='ingress', ethertype='IPv6', id='898d179b-5398-4ca2-a86e-53f83b1e16bf', normalized_cidr='::/0', port_range_max='514', port_range_min='514', protocol='udp', remote_ip_prefix='::/0', standard_attr_id='77', updated_at='2023-06-07T17:09:33Z' |
| | created_at='2023-06-07T17:09:31Z', direction='ingress', ethertype='IPv6', id='9a5aa313-f2ec-4fd6-9b92-29695dfcd61a', normalized_cidr='::/0', port_range_max='5555', port_range_min='5555', protocol='udp', remote_ip_prefix='::/0', standard_attr_id='74', updated_at='2023-06-07T17:09:31Z' |
# Making sure the o-hm0 iface is configured for IPv6 on the controllers
~ > for controller in controller-0 controller-1 controller-2; do ssh -A ${controller}.ctlplane sudo ip a | grep hm -A5; done
Warning: Permanently added 'controller-0.ctlplane' (ED25519) to the list of known hosts.
14: o-hm0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:57:28:19 brd ff:ff:ff:ff:ff:ff
inet6 fda0:a908:2dc1:ff02:f816:3eff:fe57:2819/64 scope global <----------
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe57:2819/64 scope link
valid_lft forever preferred_lft forever
Warning: Permanently added 'controller-1.ctlplane' (ED25519) to the list of known hosts.
14: o-hm0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:fd:00:69 brd ff:ff:ff:ff:ff:ff
inet6 fda0:a908:2dc1:ff02:f816:3eff:fefd:69/64 scope global <----------
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fefd:69/64 scope link
valid_lft forever preferred_lft forever
Warning: Permanently added 'controller-2.ctlplane' (ED25519) to the list of known hosts.
14: o-hm0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:2e:f0:08 brd ff:ff:ff:ff:ff:ff
inet6 fda0:a908:2dc1:ff02:f816:3eff:fe2e:f008/64 scope global <----------
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe2e:f008/64 scope link
valid_lft forever preferred_lft forever
Looks good to me. I am moving this BZ status to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:4577 |