Bug 1575631 - Patching netnamespace removes network interface
Summary: Patching netnamespace removes network interface
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.7.1
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
: 3.10.0
Assignee: Ben Bennett
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-07 13:33 UTC by Dmitry Zhukovski
Modified: 2018-05-18 18:52 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-18 18:52:41 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Dmitry Zhukovski 2018-05-07 13:33:16 UTC
Description of problem:
Removing of egress IP from a project removes IP address also from the network interface, but not making the change persistent (IP is not removed from ifcfg-eth0 file). 

Version-Release number of selected component (if applicable):
3.7

How reproducible:
everytime

Steps to Reproduce:
1. check that namespace has assigned egress ip
2. remove it : oc patch netnamespace test -p '{"egressIPs": []}'
3. check its removed from ip list assigned to eth0 (nmcli)
4. check it still exists in ifcfg-eth0 

Actual results:
see above

Expected results:
not removed from live ip addresses OR if removed then removed from ifcfg-ethX too

Additional info:
Is it expected behaviour ?

Comment 2 Meng Bo 2018-05-08 09:39:40 UTC
I am not sure why the egressIP is attached to the ifcfg-ethx file. 
In my testing, the ifcfg-ethx file will not be updated with the egressIP added or removed.

You'd better provide the exact openshift version and the full contents of the ifcfg-ethx file.

Comment 3 Ben Bennett 2018-05-09 20:00:06 UTC
Yeah, I'm confused too.  We should not be adding it to ifcfg-ethX.

Comment 4 Ben Bennett 2018-05-15 15:54:19 UTC
Based on the file attached to the case it looks to me like you are using an IP address that is assigned to a node already.  You need to use independent addresses for the egressIPs, not ones that are in use by nodes.

Nothing should be updating ifcfg-ethX when the addresses are added or removed by openshift.  The assignment is not permanent.

Comment 7 Ben Bennett 2018-05-18 18:52:41 UTC
For OpenStack you can turn off port-security, and if all of the nodes are in the same ethernet switching domain, then the address can move between them.

But for this that is not needed.  See:
  https://docs.openshift.com/container-platform/3.9/admin_guide/managing_networking.html#enabling-static-ips-for-external-project-traffic

You just need to tell openstack that the node has a large set of ip addresses, but don't put them as interfaces on the node explicitly, but then put the addresses in the hostsubnet object for the node (step 2 "Manually assign the egress IP to the desired node hosts) of the above URL).

Then openshift will add and remove the addresses from the main interface on the box.  BUT you do need to make sure that the addresses can get through to the box.


Note You need to log in before you can comment on or make changes to this bug.