Bug 2103144

Summary: [IPv6] apiVIP and ingressVIP non-equality validation doesn't account for synonyms
Product: OpenShift Container Platform Reporter: Pierre Prinetti <pprinett>
Component: InstallerAssignee: Pierre Prinetti <pprinett>
Installer sub component: OpenShift on OpenStack QA Contact: Itay Matza <imatza>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: low CC: bscott, pprinett
Version: 4.11Keywords: Triaged
Target Milestone: ---   
Target Release: 4.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
* Previously, the installation program would incorrectly allow the `apiVIP` and `ingressVIP` parameters to use the same IPv6 address if they represented the address differently, such as listing the address in an abbreviated format. In this update, the installer validates these two parameters correctly regardless of their formatting, requiring separate IP addresses for each parameter. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2103144[*BZ#2103144*])
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-17 19:51:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pierre Prinetti 2022-07-01 14:22:05 UTC 
Version:

$ openshift-install version
openshift-install-linux-4.11.0-0.nightly-2022-06-22-015220 4.11.0-0.nightly-2022-06-22-015220
built from commit f912534f12491721e3874e2bf64f7fa8d44aa7f5
release image quay.io/openshift-release-dev/ocp-release-nightly@sha256:9c2e9cafaaf48464a0d27652088d8fb3b2336008a615868aadf8223202bdc082
release architecture amd64

Platform: OpenStack

Please specify:
* IPI

What happened?

openshift-install validates that the IPs in install-config's properties platform.openstack.apiVIP and platform.openstack.ingressVIP are different.

However, passing two different representations of the same IP trumps the check. The installer successfully validates this install-config.yaml:

apiVersion: v1
baseDomain: <base_domain>
compute:
- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform:
    openstack:
      type: m1.s2.xlarge
  replicas: 3
controlPlane:
  architecture: amd64
  hyperthreading: Enabled
  name: master
  platform:
    openstack:
      type: m1.s2.xlarge
  replicas: 3
metadata:
  creationTimestamp: null
  name: ocp1
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  machineNetwork:
  - cidr: 10::/17
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16
platform:
  openstack:
    apiFloatingIP: <omitted>
    apiVIP: 10::5
    cloud: <cloud>
    externalDNS: null
    externalNetwork: external
    ingressFloatingIP: <omitted>
    ingressVIP: 10::0:5
publish: External
pullSecret: <omitted>
Comment 3 Itay Matza 2022-08-11 15:00:18 UTC 
Verified with openshift-install 4.12.0-0.nightly-2022-08-10-034842 -


1. Set equivalent representations of the same ipv6 address, and the validation raises an appropriate error:
	1.1.
	```
		$ grep -A 1 "machineNetwork" install-config.yaml && grep "VIP" install-config.yaml                                                                                             
		  machineNetwork:
			- cidr: "2001:cb0::/64"
			apiVIP: "2001:0cb0:0000:0000:0fc0:0000:0000:0abc"
			ingressVIP: "2001:cb0::fc0:0:0:abc"
		$ cp install-config.yaml install-config.yaml.bck
		$ openshift-install create manifests
		ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: platform.openstack.ingressVIP: Invalid value: "2001:cb0::fc0:0:0:abc": ingressVIP can not be the same as apiVIP
	```

	1.2.
	```
		$ grep -A 1 "machineNetwork" install-config.yaml && grep "VIP" install-config.yaml                                                                                             
		  machineNetwork:
			- cidr: "2001:cb0::/64"
			apiVIP: "2001:0cb0:0000:0000:0fc0:0000:0000:0abc"
			ingressVIP: "2001:cb0:0:0:fc0::abc"
		$ openshift-install create manifests                                                                                                                                           
		ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: platform.openstack.ingressVIP: Invalid value: "2001:cb0:0:0:fc0::abc": ingressVIP can not be the same as apiVIP
	```

	1.3.
	```
		$ grep -A 1 "machineNetwork" install-config.yaml && grep "VIP" install-config.yaml                                                                                             
		  machineNetwork:
			- cidr: "2001:cb0::/64"
			apiVIP: "2001:0cb0:0000:0000:0fc0:0000:0000:0abc"
			ingressVIP: "2001:cb0:0:0:0fc0::abc"
		$ openshift-install create manifests
		ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: platform.openstack.ingressVIP: Invalid value: "2001:cb0:0:0:0fc0::abc": ingressVIP can not be the same as apiVIP
	```

	1.4.
	```
		$ grep -A 1 "machineNetwork" install-config.yaml && grep "VIP" install-config.yaml
		  machineNetwork:
			- cidr: "2001:cb0::/64"
			apiVIP: "2001:cb0::fc0:0:0:abc"
			ingressVIP: "2001:cb0:0:0:0fc0::abc"
		$ openshift-install create manifests
		ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: platform.openstack.ingressVIP: Invalid value: "2001:cb0:0:0:0fc0::abc": ingressVIP can not be the same as apiVIP 
	```

2. Set an invalid IPv6 address, and a validation raises an appropriate error:
```
	$ grep -A 1 "machineNetwork" install-config.yaml && grep "VIP" install-config.yaml
	  machineNetwork:
		- cidr: "2001:cb0::/64"
		apiVIP: "2001:0cb0:0000:0000:0fc0:0000:0000:0abc"
		ingressVIP: "2001:cb0::fc0::abc"
	$ openshift-install create manifests
	ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: invalid "install-config.yaml" file: platform.openstack.ingressVIP: Invalid value: "2001:cb0::fc0::abc": "2001:cb0::fc0::abc" is not a valid IP 
```


3. Set an IP that is not in the machineNetwork, and a validation raises an appropriate error:
```
	$ grep -A 1 "machineNetwork" install-config.yaml && grep "VIP" install-config.yaml
	  machineNetwork:
		- cidr: "2001:cb0::/64"
		apiVIP: "2001:0cb0:0000:0000:0fc0:0000:0000:0abc"
		ingressVIP: "2001:cb::fc:0:0:abc"
	$ openshift-install create manifests
	ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: invalid "install-config.yaml" file: platform.openstack.ingressVIP: Invalid value: "2001:cb::fc:0:0:abc": IP is not in the machineNetwork 
```


4. Set different VIPs and the Manifests created: 
```
	$ grep -A 1 "machineNetwork" install-config.yaml && grep "VIP" install-config.yaml
	  machineNetwork:
		- cidr: "2001:cb0::/64"
		apiVIP: "2001:0cb0:0000:0000:0fc0:0000:0000:0abc"
		ingressVIP: "2001:cb0::fc:0:0:abc"
	$ openshift-install create manifests
	INFO Credentials loaded from file "/home/stack/clouds.yaml" 
	INFO Consuming Install Config from target directory 
	INFO Manifests created in: manifests and openshift
```
Comment 6 errata-xmlrpc 2023-01-17 19:51:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399