Bug 1281610 - IPv6 URLs Incorrect in Puppet Hieradata
IPv6 URLs Incorrect in Puppet Hieradata
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates (Show other bugs)
8.0 (Liberty)
Unspecified Unspecified
urgent Severity unspecified
: ga
: 8.0 (Liberty)
Assigned To: Miles Gould
Amit Ugol
:
Depends On: 1319265
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-12 17:35 EST by Dan Sneddon
Modified: 2016-04-15 10:30 EDT (History)
9 users (show)

See Also:
Fixed In Version: openstack-tripleo-heat-templates-0.8.7-10.el7ost
Doc Type: Bug Fix
Doc Text:
IPv6 requires that IP addresses used in URLs be surrounded by square brackets, to distinguish them from a port declaration. However, this requirement was not met in the case of certain TripleO Heat Templates, and as a consequence, IPv6 deployments were failing, with services unable to reach other services. A number of fixes were applied to the TripleO Heat Templates and the OpenStack Puppet Modules in order to properly wrap IPv6 IP addresses in brackets for use in URLs. As a result, this problem has been fixed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-15 10:30:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dan Sneddon 2015-11-12 17:35:11 EST
Description of problem:
While testing the IPv6 versions of the isolated network TripleO heat templates from this patch (https://review.openstack.org/#/c/235423/), I found that the URLs generated by the Heat templates are not correctly formatted for IPv6 addresses. For instance, if IPv6 addresses are used for the VIP addresses, you end up with URLs like this in the Puppet Hieradata on the controller:

controller.yaml:ceilometer::agent::auth::auth_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0

For IPv6 addresses in URLs, the IP should be enclosed in square brackets, like this:
controller.yaml:ceilometer::agent::auth::auth_url: http://[fd00:fd00:fd00:2000:f816:3eff:feea:2430]:5000/v2.0

Version-Release number of selected component (if applicable):
OSP 8.0 beta 1

How reproducible:
100%

Steps to Reproduce:
1. Deploy with IPv6 isolated networks
2. 
3.

Actual results:
Deployment will fail with a Puppet error currently, but looking at the Hieradata on the controllers, I can see a lot of URLs that are formatted incorrectly:

[root@overcloud-controller-0 hieradata]# grep fd00 * | grep "://"
controller.yaml:ceilometer::agent::auth::auth_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0
controller.yaml:ceilometer::agent::central::coordination_url: redis://fd00:fd00:fd00:2000:f816:3eff:fef6:3820:6379
controller.yaml:ceilometer::api::keystone_auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:ceilometer_mysql_conn_string: mysql://ceilometer:unset@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ceilometer
controller.yaml:cinder::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:cinder::database_connection: mysql://cinder:3b5c45836f5fcae1538630721d976b1070012b7f@fd00:fd00:fd00:2000:f816:3eff:feea:2430/cinder
controller.yaml:cinder::glance::glance_api_servers: http://fd00:fd00:fd00:3000:f816:3eff:fe6c:bdcd:9292
controller.yaml:glance::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:glance::api::database_connection: mysql://glance:bad73578501498d1930d5523f87409e0240acc72@fd00:fd00:fd00:2000:f816:3eff:feea:2430/glance
controller.yaml:glance::backend::swift::swift_store_auth_address: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0
controller.yaml:glance::registry::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:glance::registry::database_connection: mysql://glance:bad73578501498d1930d5523f87409e0240acc72@fd00:fd00:fd00:2000:f816:3eff:feea:2430/glance
controller.yaml:heat::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:heat::database_connection: mysql://heat:933fe07227d9f91d2fc6cc08c4ba4d186f6b7eae@fd00:fd00:fd00:2000:f816:3eff:feea:2430/heat
controller.yaml:heat::engine::heat_metadata_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8000
controller.yaml:heat::engine::heat_waitcondition_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8000/v1/waitcondition
controller.yaml:heat::engine::heat_watch_server_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:8003
controller.yaml:heat::keystone_ec2_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/ec2tokens
controller.yaml:horizon::keystone_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:keystone::database_connection: mysql://keystone:54cb5591cd7bff13ff96818678a15d70f18a81d9@fd00:fd00:fd00:2000:f816:3eff:feea:2430/keystone
controller.yaml:neutron::server::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:neutron::server::database_connection: mysql://neutron:6f2bd4548e3cc64ae5da05a26ee8a8c91081c8bf@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ovs_neutron?charset=utf8
controller.yaml:neutron_dsn: mysql://neutron:6f2bd4548e3cc64ae5da05a26ee8a8c91081c8bf@fd00:fd00:fd00:2000:f816:3eff:feea:2430/ovs_neutron?charset=utf8
controller.yaml:nova::api::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/
controller.yaml:nova::database_connection: mysql://nova:9f94295091a6be6309ce0dd19d29c9c5dac72fea@fd00:fd00:fd00:2000:f816:3eff:feea:2430/nova
controller.yaml:nova::glance_api_servers: http://fd00:fd00:fd00:3000:f816:3eff:fe6c:bdcd:9292
controller.yaml:nova::network::neutron::neutron_url: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:9696
controller.yaml:swift::proxy::authtoken::auth_uri: http://fd00:fd00:fd00:2000:f816:3eff:feea:2430:5000/v2.0/


Expected results:
The URLs will need to have square brackets around the URLs in order to be correct. We either need to develop a way to produce the URLs correctly in Heat (conditional parameters?), or we need to address this in the Puppet modules and rewrite the URLs before they get committed to a configuration file.

Additional info:
RFC 2732 - Format for Literal IPv6 Addresses in URL's - https://www.ietf.org/rfc/rfc2732.txt
Comment 2 Gilles Dubreuil 2015-11-25 01:45:05 EST
Could you please indicate which component is involved in generating the faulty Hiera data?

The component in question which is generating the url, effectively needs to detect when an ipv6 is involved (instead of an ipv6 or a simply a hostname) to add the brackets.
Comment 3 Gilles Dubreuil 2015-11-25 01:46:26 EST
Sorry in comment 2, I meant
(instead of an ipv4 or simply a hostname)
Comment 4 Dan Sneddon 2015-12-03 11:33:04 EST
Here is the current plan for addressing this bug:

I am going to modify the TripleO Heat Templates such that the port objects return not only an IP address, but also an IP address suitable for use in URLs. The IPv4 version of the ports will return a raw IPv4 address, but the IPv6 version of the ports will return a bracketed IPv6 address for the same property.

I will then modify the parameters that construct a URL to use the new property, so URLs will contain brackets when using IPv6.
Comment 5 Dan Sneddon 2016-01-04 19:46:09 EST
This bug is fixed upstream. The changes were mostly in the EndpointMap nested stack. We now populate both the raw IP and the bracketed IP in the VipMap for IPv6 endpoints. The VipMap feeds the EndpointMap, but the bracketed IPs are used in the case of IPv6. With these changes, the URLs output by the EndpointMap have the brackets, while the values with raw IPs do not have brackets.

Example of Puppet hieradata after the change:

ceph.yaml:ceph::profile::params::public_network: fd00:fd00:fd00:3000:f816:3eff:fe48:6ecd/64
controller.yaml:apache::ip: fd00:fd00:fd00:2000:f816:3eff:fe80:f5bf
controller.yaml:ceilometer::agent::auth::auth_url: http://[fd00:fd00:fd00:2000:f816:3eff:fe68:10b5]:5000/v2.0
controller.yaml:ceilometer::agent::central::coordination_url: redis://[fd00:fd00:fd00:2000:f816:3eff:fe06:a3a8]:6379
controller.yaml:ceilometer::api::host: fd00:fd00:fd00:2000:f816:3eff:fe80:f5bf
controller.yaml:ceilometer::api::keystone_auth_uri: http://[fd00:fd00:fd00:2000:f816:3eff:fe68:10b5]:5000/v2.0

Since the URLs now contain brackets, this bug has been fixed upstream. Once the IPv6 Heat templates are merged downstream, this bug can be closed.
Comment 6 Dan Sneddon 2016-02-05 10:58:55 EST
This bug was fixed in a variety of places. A change to the main IPv6 TripleO Heat templates (modifying EndpointMap) fixed some of the URLs, but there were patches to several different OpenStack Puppet Modules that fixed the rest. This bug was more of a general issue than a specific code problem.
Comment 10 Miles Gould 2016-04-13 11:04:29 EDT
I tried to deploy an overcloud with IPv6 isolated networks; deployment failed, but all the URLs containing IPv6 addresses in the hieradata on overcloud-controller-0 have square brackets around the IPv6 addresses.
Comment 12 errata-xmlrpc 2016-04-15 10:30:49 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0637.html

Note You need to log in before you can comment on or make changes to this bug.