1281610 – IPv6 URLs Incorrect in Puppet Hieradata

Bug 1281610 - IPv6 URLs Incorrect in Puppet Hieradata

Summary: IPv6 URLs Incorrect in Puppet Hieradata

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	8.0 (Liberty)
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	unspecified
Target Milestone:	ga
Target Release:	8.0 (Liberty)
Assignee:	Miles Gould
QA Contact:	Amit Ugol
Docs Contact:
URL:
Whiteboard:
Depends On:	1319265
Blocks:
TreeView+	depends on / blocked

Reported:	2015-11-12 22:35 UTC by Dan Sneddon
Modified:	2016-04-15 14:30 UTC (History)
CC List:	9 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-0.8.7-10.el7ost
Doc Type:	Bug Fix
Doc Text:	IPv6 requires that IP addresses used in URLs be surrounded by square brackets, to distinguish them from a port declaration. However, this requirement was not met in the case of certain TripleO Heat Templates, and as a consequence, IPv6 deployments were failing, with services unable to reach other services. A number of fixes were applied to the TripleO Heat Templates and the OpenStack Puppet Modules in order to properly wrap IPv6 IP addresses in brackets for use in URLs. As a result, this problem has been fixed.
Clone Of:
Environment:
Last Closed:	2016-04-15 14:30:49 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0637	0	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 8 director release candidate Bug Fix Advisory	2016-04-15 18:28:05 UTC

Description Dan Sneddon 2015-11-12 22:35:11 UTC

Description of problem:
While testing the IPv6 versions of the isolated network TripleO heat templates from this patch (https://review.openstack.org/#/c/235423/), I found that the URLs generated by the Heat templates are not correctly formatted for IPv6 addresses. For instance, if IPv6 addresses are used for the VIP addresses, you end up with URLs like this in the Puppet Hieradata on the controller:

controller.yaml:ceilometer::agent::auth::auth_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0

For IPv6 addresses in URLs, the IP should be enclosed in square brackets, like this:
controller.yaml:ceilometer::agent::auth::auth_url: http://[fd00:fd00:fd00:2000:f816:3eff:feea:2430]:5000/v2.0

Version-Release number of selected component (if applicable):
OSP 8.0 beta 1

How reproducible:
100%

Steps to Reproduce:
1. Deploy with IPv6 isolated networks
2. 
3.

Actual results:
Deployment will fail with a Puppet error currently, but looking at the Hieradata on the controllers, I can see a lot of URLs that are formatted incorrectly:

[root@overcloud-controller-0 hieradata]# grep fd00 * | grep "://"
controller.yaml:ceilometer::agent::auth::auth_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0
controller.yaml:ceilometer::agent::central::coordination_url: redis://fd00:fd00:fd00:2000:f816:3eff:fef6:3820:6379
controller.yaml:ceilometer::api::keystone_auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:ceilometer_mysql_conn_string: mysql://ceilometer:unset@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ceilometer
controller.yaml:cinder::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:cinder::database_connection: mysql://cinder:3b5c45836f5fcae1538630721d976b1070012b7f@fd00:fd00:fd00:2000:f816:3eff:feea:2430/cinder
controller.yaml:cinder::glance::glance_api_servers: http://fd00:fd00:fd00:3000:f816:3eff:fe6c:bdcd:9292
controller.yaml:glance::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:glance::api::database_connection: mysql://glance:bad73578501498d1930d5523f87409e0240acc72@fd00:fd00:fd00:2000:f816:3eff:feea:2430/glance
controller.yaml:glance::backend::swift::swift_store_auth_address: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0
controller.yaml:glance::registry::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:glance::registry::database_connection: mysql://glance:bad73578501498d1930d5523f87409e0240acc72@fd00:fd00:fd00:2000:f816:3eff:feea:2430/glance
controller.yaml:heat::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:heat::database_connection: mysql://heat:933fe07227d9f91d2fc6cc08c4ba4d186f6b7eae@fd00:fd00:fd00:2000:f816:3eff:feea:2430/heat
controller.yaml:heat::engine::heat_metadata_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8000
controller.yaml:heat::engine::heat_waitcondition_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8000/v1/waitcondition
controller.yaml:heat::engine::heat_watch_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8003
controller.yaml:heat::keystone_ec2_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/ec2tokens
controller.yaml:horizon::keystone_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:keystone::database_connection: mysql://keystone:54cb5591cd7bff13ff96818678a15d70f18a81d9@fd00:fd00:fd00:2000:f816:3eff:feea:2430/keystone
controller.yaml:neutron::server::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:neutron::server::database_connection: mysql://neutron:6f2bd4548e3cc64ae5da05a26ee8a8c91081c8bf@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ovs_neutron?charset=utf8
controller.yaml:neutron_dsn: mysql://neutron:6f2bd4548e3cc64ae5da05a26ee8a8c91081c8bf@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ovs_neutron?charset=utf8
controller.yaml:nova::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:nova::database_connection: mysql://nova:9f94295091a6be6309ce0dd19d29c9c5dac72fea@fd00:fd00:fd00:2000:f816:3eff:feea:2430/nova
controller.yaml:nova::glance_api_servers: http://fd00:fd00:fd00:3000:f816:3eff:fe6c:bdcd:9292
controller.yaml:nova::network::neutron::neutron_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:9696
controller.yaml:swift::proxy::authtoken::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/


Expected results:
The URLs will need to have square brackets around the URLs in order to be correct. We either need to develop a way to produce the URLs correctly in Heat (conditional parameters?), or we need to address this in the Puppet modules and rewrite the URLs before they get committed to a configuration file.

Additional info:
RFC 2732 - Format for Literal IPv6 Addresses in URL's - https://www.ietf.org/rfc/rfc2732.txt

Comment 2 Gilles Dubreuil 2015-11-25 06:45:05 UTC

Could you please indicate which component is involved in generating the faulty Hiera data?

The component in question which is generating the url, effectively needs to detect when an ipv6 is involved (instead of an ipv6 or a simply a hostname) to add the brackets.

Comment 3 Gilles Dubreuil 2015-11-25 06:46:26 UTC

Sorry in comment 2, I meant
(instead of an ipv4 or simply a hostname)

Comment 4 Dan Sneddon 2015-12-03 16:33:04 UTC

Here is the current plan for addressing this bug:

I am going to modify the TripleO Heat Templates such that the port objects return not only an IP address, but also an IP address suitable for use in URLs. The IPv4 version of the ports will return a raw IPv4 address, but the IPv6 version of the ports will return a bracketed IPv6 address for the same property.

I will then modify the parameters that construct a URL to use the new property, so URLs will contain brackets when using IPv6.

Comment 5 Dan Sneddon 2016-01-05 00:46:09 UTC

This bug is fixed upstream. The changes were mostly in the EndpointMap nested stack. We now populate both the raw IP and the bracketed IP in the VipMap for IPv6 endpoints. The VipMap feeds the EndpointMap, but the bracketed IPs are used in the case of IPv6. With these changes, the URLs output by the EndpointMap have the brackets, while the values with raw IPs do not have brackets.

Example of Puppet hieradata after the change:

ceph.yaml:ceph::profile::params::public_network: fd00:fd00:fd00:3000:f816:3eff:fe48:6ecd/64
controller.yaml:apache::ip: fd00:fd00:fd00:2000:f816:3eff:fe80:f5bf
controller.yaml:ceilometer::agent::auth::auth_url: http://[fd00:fd00:fd00:2000:f816:3eff:fe68:10b5]:5000/v2.0
controller.yaml:ceilometer::agent::central::coordination_url: redis://[fd00:fd00:fd00:2000:f816:3eff:fe06:a3a8]:6379
controller.yaml:ceilometer::api::host: fd00:fd00:fd00:2000:f816:3eff:fe80:f5bf
controller.yaml:ceilometer::api::keystone_auth_uri: http://[fd00:fd00:fd00:2000:f816:3eff:fe68:10b5]:5000/v2.0

Since the URLs now contain brackets, this bug has been fixed upstream. Once the IPv6 Heat templates are merged downstream, this bug can be closed.

Comment 6 Dan Sneddon 2016-02-05 15:58:55 UTC

This bug was fixed in a variety of places. A change to the main IPv6 TripleO Heat templates (modifying EndpointMap) fixed some of the URLs, but there were patches to several different OpenStack Puppet Modules that fixed the rest. This bug was more of a general issue than a specific code problem.

Comment 10 Miles Gould 2016-04-13 15:04:29 UTC

I tried to deploy an overcloud with IPv6 isolated networks; deployment failed, but all the URLs containing IPv6 addresses in the hieradata on overcloud-controller-0 have square brackets around the IPv6 addresses.

Comment 12 errata-xmlrpc 2016-04-15 14:30:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0637.html

Note You need to log in before you can comment on or make changes to this bug.