Bug 1918469 - OpenShift IPI VMware installer doesn't validate VIP's IP's against the machine CIDR provided.
Summary: OpenShift IPI VMware installer doesn't validate VIP's IP's against the machin...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.6
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.8.0
Assignee: Aditya Narayanaswamy
QA Contact: jima
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-01-20 19:57 UTC by Asish CM
Modified: 2021-04-07 22:19 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-04-07 22:19:47 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 4754 0 None open Bug 1918469: Check if VIP IPs overlap with machine CIDR provided 2021-03-15 19:54:27 UTC
Github openshift installer pull 4779 0 None open Revert "Bug 1918469: Check if VIP IPs overlap with machine CIDR provided during vsphere installation" 2021-03-22 19:02:49 UTC

Internal Links: 1933402

Description Asish CM 2021-01-20 19:57:47 UTC
Version: 4.6

Platform: Vmware
IPI 


OpenShift IPI VMware installer doesn't validate the provided VIP's (API VIP and Ingress VIP) IP whether belongs to the machine CIDR provided on install-config.yaml or not.


When VIP's outside machine CIDR is used installation fails with error "ERROR:
~~~ 
"time="2020-12-11T18:28:30Z" level=info msg="Checking whether address x.x.x.x/25 ens192 contains VIP y.y.y.y"
time="2020-12-11T18:28:30Z" level=error msg="Failed to find a suitable node IP"""
~~~



What did you expect to happen?

Openshift installer should validate the VIP's against the machine CIDR and should abort the installation with a clear error message.

How to reproduce it 

- Perform VMware IPI installation with apiVIP and ingressVIP IP's outside machine CIDR.

Comment 9 Matthew Staebler 2021-04-07 22:19:47 UTC
The `machineNetwork` field does not appear to be set universally for vSphere installations. There does not appear to be anything in the installation or the running cluster that cares what the machine CIDR is. The installer survey does not ask the user for the machine CIDR. Consequently, the installer cannot rely on the `machineNetwork` field being set. The installer cannot validate the VIPs against the machine CIDR, if the installer cannot rely on the machine CIDR being valid.


Note You need to log in before you can comment on or make changes to this bug.