1918469 – OpenShift IPI VMware installer doesn't validate VIP's IP's against the machine CIDR provided.

Bug 1918469 - OpenShift IPI VMware installer doesn't validate VIP's IP's against the machine CIDR provided.

Summary: OpenShift IPI VMware installer doesn't validate VIP's IP's against the machin...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Aditya Narayanaswamy
QA Contact:	jima
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-01-20 19:57 UTC by Asish CM
Modified:	2024-03-25 17:55 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-04-07 22:19:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift installer pull 4754	0	None	open	Bug 1918469: Check if VIP IPs overlap with machine CIDR provided	2021-03-15 19:54:27 UTC
Github	openshift installer pull 4779	0	None	open	Revert "Bug 1918469: Check if VIP IPs overlap with machine CIDR provided during vsphere installation"	2021-03-22 19:02:49 UTC

Internal Links: 1933402

Description Asish CM 2021-01-20 19:57:47 UTC

Version: 4.6

Platform: Vmware
IPI 


OpenShift IPI VMware installer doesn't validate the provided VIP's (API VIP and Ingress VIP) IP whether belongs to the machine CIDR provided on install-config.yaml or not.


When VIP's outside machine CIDR is used installation fails with error "ERROR:
~~~ 
"time="2020-12-11T18:28:30Z" level=info msg="Checking whether address x.x.x.x/25 ens192 contains VIP y.y.y.y"
time="2020-12-11T18:28:30Z" level=error msg="Failed to find a suitable node IP"""
~~~



What did you expect to happen?

Openshift installer should validate the VIP's against the machine CIDR and should abort the installation with a clear error message.

How to reproduce it 

- Perform VMware IPI installation with apiVIP and ingressVIP IP's outside machine CIDR.

Comment 9 Matthew Staebler 2021-04-07 22:19:47 UTC

The `machineNetwork` field does not appear to be set universally for vSphere installations. There does not appear to be anything in the installation or the running cluster that cares what the machine CIDR is. The installer survey does not ask the user for the machine CIDR. Consequently, the installer cannot rely on the `machineNetwork` field being set. The installer cannot validate the VIPs against the machine CIDR, if the installer cannot rely on the machine CIDR being valid.

Note You need to log in before you can comment on or make changes to this bug.