Bug 1718197 - Setting cidr to an improper value ( in undercloud.conf deploys successfully but breaks minor updates of undercloud.
Summary: Setting cidr to an improper value ( in undercloud.conf deplo...
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 15.0 (Stein)
Hardware: Unspecified
OS: Unspecified
Target Milestone: z2
: 15.0 (Stein)
Assignee: Harald Jensås
QA Contact: Alex Katz
Depends On: 1717558 1755086
TreeView+ depends on / blocked
Reported: 2019-06-07 08:37 UTC by Harald Jensås
Modified: 2020-03-05 11:54 UTC (History)
8 users (show)

Fixed In Version: openstack-neutron-14.0.4-0.20191209140459.57edfee.el8ost
Doc Type: No Doc Update
Doc Text:
Clone Of: 1717558
Last Closed: 2020-03-05 11:53:49 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1831811 0 None None None 2019-06-07 08:38:14 UTC
OpenStack gerrit 667541 0 'None' MERGED Turn CIDR in query filter into proper subnet 2020-03-08 09:47:30 UTC
Red Hat Product Errata RHBA-2020:0709 0 None None None 2020-03-05 11:54:19 UTC

Description Harald Jensås 2019-06-07 08:37:20 UTC
+++ This bug was initially created as a clone of Bug #1717558 +++

Description of problem:

When deploying the undercloud, if you specify a non-normalized cidr in undercloud.conf for the control plane, such as, the deployment succeeds and the subnet is created correctly with  If you attempt to perform a minor update to the undercloud, it fails because it looks for a network with the value in undercloud.conf (, doesn't find it (because it's really and then attempts to create the network for which fails due to overlapping IP addresses.

Version-Release number of selected component (if applicable):

AFAIK, this issue exists in both OSP13 and OSP14.

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

--- Additional comment from Harald Jensås on 2019-06-06 02:01:01 UTC ---

Neutron converts/normalizes the value provided as CIDR in a pre-commit method:

818            # turn the CIDR into a proper subnet
819            net = netaddr.IPNetwork(s['cidr'])
820            subnet['subnet']['cidr'] = '%s/%s' % (net.network, net.prefixlen)

This explain why we can create a subnet without the actual network address in the CIDR.

However when listing subnets and querying with a CIDR that does not use the actual network address, the result is empty:

$ curl -s -H "X-Auth-Token: $(openstack token issue -c id -f value)" -H "Content-Type: application/json" | json_reformat 
    "subnets": [


Looks like this patch would fix it neutron side:

--- a/neutron/db/db_base_plugin_common.py
+++ b/neutron/db/db_base_plugin_common.py
@@ -300,6 +300,12 @@ class DbBasePluginCommon(object):
         pager = base_obj.Pager(sorts, limit, page_reverse, marker)
         filters = filters or {}
+        if filters.get('cidr'):
+            cidr_list = []
+            for cidr in filters['cidr']:
+                net = netaddr.IPNetwork(cidr)
+                cidr_list.append('%s/%s' % (net.network, net.prefixlen))
+            filters.update({'cidr': cidr_list})
         # TODO(ihrachys) remove explicit reader usage when subnet OVO switches
         # to engine facade by default
         with db_api.CONTEXT_READER.using(context):

Comment 9 Alex Katz 2020-01-28 12:44:09 UTC
Verified with the following packages:
 - openstack-neutron-14.0.3
 - openstack-neutron-14.0.4

Update scenarios:
GA -> Z1
GA -> Z2
Z1 -> Z2

Comment 10 Alex McLeod 2020-02-19 12:48:27 UTC
If this bug requires doc text for errata release, please set the 'Doc Type' and provide draft text according to the template in the 'Doc Text' field. The documentation team will review, edit, and approve the text.

If this bug does not require doc text, please set the 'requires_doc_text' flag to '-'.

Comment 12 errata-xmlrpc 2020-03-05 11:53:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.