2122925 – members without subnet wrongly associated to VIP subnet

Bug 2122925 - members without subnet wrongly associated to VIP subnet

Summary: members without subnet wrongly associated to VIP subnet

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-networking-ovn
Sub Component:
Version:	16.2 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z9
Target Release:	16.1 (Train on RHEL 8.2)
Assignee:	Luis Tomas Bolivar
QA Contact:	Fiorella Yanac
Docs Contact:
URL:
Whiteboard:
Depends On:	2122923 2122926
Blocks:
TreeView+	depends on / blocked

Reported:	2022-08-31 10:02 UTC by Fernando Royo
Modified:	2022-12-07 20:27 UTC (History)
CC List:	9 users (show)
Fixed In Version:	python-networking-ovn-7.3.1-1.20220922083226.4e24f4c.el8ost
Doc Type:	Bug Fix
Doc Text:	Before this update, it was possible to add members without stating which subnet they belonged to, but they should be in the same subnet as the Virtual IP (VIP) port. If the subnet of the members is different to the VIP subnet, the members are created but incorrectly configured because there is no connectivity to them. With this update, members without a subnet are only accepted if the IP of the member belongs to the Classless Inter-Domain Routing (CIDR) number of the VIP subnet, as that is the subnet associated to the load balancer used to obtain the subnet for the members that do not have it. Member creation without a subnet is rejected if its IP does not belong to the VIP subnet CIDR.
Clone Of:	2122923
Environment:
Last Closed:	2022-12-07 20:27:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	851013	None	MERGED	Ensure members without subnet belong to VIP subnet or fail	2022-08-31 10:03:16 UTC
Red Hat Issue Tracker	OSP-18478	None	None	None	2022-08-31 10:20:15 UTC
Red Hat Product Errata	RHBA-2022:8795	None	None	None	2022-12-07 20:27:42 UTC

Description Fernando Royo 2022-08-31 10:02:35 UTC

+++ This bug was initially created as a clone of Bug #2122923 +++

Description of problem:

When members are added without subnet_id information, the ovn-octavia provider used the VIP subnet for the subnet_id. However, if the member does not belong to the same subnet as the VIP subnet (i.e., different cidr), the API does not return any error but there is no connectivity to the member (as it does not belong to the obtained subnet).

An extra checking to ensure the VIP CIDR includes the member IP should be done.

Comment 13 errata-xmlrpc 2022-12-07 20:27:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.9 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8795

Note You need to log in before you can comment on or make changes to this bug.