1718197 – Setting cidr to an improper value (192.168.225.1/24) in undercloud.conf deploys successfully but breaks minor updates of undercloud.

Bug 1718197 - Setting cidr to an improper value (192.168.225.1/24) in undercloud.conf deploys successfully but breaks minor updates of undercloud.

Summary: Setting cidr to an improper value (192.168.225.1/24) in undercloud.conf deplo...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	15.0 (Stein)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z2
Target Release:	15.0 (Stein)
Assignee:	Harald Jensås
QA Contact:	Alex Katz
Docs Contact:
URL:
Whiteboard:
Depends On:	1717558 1755086
Blocks:
TreeView+	depends on / blocked

Reported:	2019-06-07 08:37 UTC by Harald Jensås
Modified:	2020-03-05 11:54 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-neutron-14.0.4-0.20191209140459.57edfee.el8ost
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1717558
Environment:
Last Closed:	2020-03-05 11:53:49 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1831811	None	None	None	2019-06-07 08:38:14 UTC
OpenStack gerrit	667541	'None'	MERGED	Turn CIDR in query filter into proper subnet	2020-03-08 09:47:30 UTC
Red Hat Product Errata	RHBA-2020:0709	None	None	None	2020-03-05 11:54:19 UTC

Description Harald Jensås 2019-06-07 08:37:20 UTC

+++ This bug was initially created as a clone of Bug #1717558 +++

Description of problem:

When deploying the undercloud, if you specify a non-normalized cidr in undercloud.conf for the control plane, such as 192.168.225.1/24, the deployment succeeds and the subnet is created correctly with 192.168.225.0/24.  If you attempt to perform a minor update to the undercloud, it fails because it looks for a network with the value in undercloud.conf (192.168.225.1/24), doesn't find it (because it's really 192.168.225.0/24) and then attempts to create the network for 192.168.225.1/24 which fails due to overlapping IP addresses.

Version-Release number of selected component (if applicable):

AFAIK, this issue exists in both OSP13 and OSP14.

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Harald Jensås on 2019-06-06 02:01:01 UTC ---

Neutron converts/normalizes the value provided as CIDR in a pre-commit method:
  https://opendev.org/openstack/neutron/src/branch/master/neutron/db/db_base_plugin_v2.py#L820

818            # turn the CIDR into a proper subnet
819            net = netaddr.IPNetwork(s['cidr'])
820            subnet['subnet']['cidr'] = '%s/%s' % (net.network, net.prefixlen)


This explain why we can create a subnet without the actual network address in the CIDR.


However when listing subnets and querying with a CIDR that does not use the actual network address, the result is empty:

$ curl -s -H "X-Auth-Token: $(openstack token issue -c id -f value)" -H "Content-Type: application/json" http://192.168.122.103:9696/v2.0/subnets?cidr=192.168.100.1/24 | json_reformat 
{
    "subnets": [

    ]
}


Looks like this patch would fix it neutron side:

--- a/neutron/db/db_base_plugin_common.py
+++ b/neutron/db/db_base_plugin_common.py
@@ -300,6 +300,12 @@ class DbBasePluginCommon(object):
                      page_reverse=False):
         pager = base_obj.Pager(sorts, limit, page_reverse, marker)
         filters = filters or {}
+        if filters.get('cidr'):
+            cidr_list = []
+            for cidr in filters['cidr']:
+                net = netaddr.IPNetwork(cidr)
+                cidr_list.append('%s/%s' % (net.network, net.prefixlen))
+            filters.update({'cidr': cidr_list})
         # TODO(ihrachys) remove explicit reader usage when subnet OVO switches
         # to engine facade by default
         with db_api.CONTEXT_READER.using(context):

Comment 9 Alex Katz 2020-01-28 12:44:09 UTC

Verified with the following packages:
 - openstack-neutron-14.0.3
 - openstack-neutron-14.0.4

Update scenarios:
GA -> Z1
GA -> Z2
Z1 -> Z2

Comment 10 Alex McLeod 2020-02-19 12:48:27 UTC

If this bug requires doc text for errata release, please set the 'Doc Type' and provide draft text according to the template in the 'Doc Text' field. The documentation team will review, edit, and approve the text.

If this bug does not require doc text, please set the 'requires_doc_text' flag to '-'.

Comment 12 errata-xmlrpc 2020-03-05 11:53:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0709

Note You need to log in before you can comment on or make changes to this bug.