2122926 – members without subnet wrongly associated to VIP subnet

Bug 2122926 - members without subnet wrongly associated to VIP subnet

Summary: members without subnet wrongly associated to VIP subnet

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-ovn-octavia-provider
Sub Component:
Version:	16.2 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z1
Target Release:	17.0
Assignee:	Luis Tomas Bolivar
QA Contact:	Bruna Bonguardo
Docs Contact:
URL:
Whiteboard:
Depends On:	2122923
Blocks:	2122925
TreeView+	depends on / blocked

Reported:	2022-08-31 10:04 UTC by Fernando Royo
Modified:	2023-01-25 12:29 UTC (History)
CC List:	10 users (show)
Fixed In Version:	python-ovn-octavia-provider-1.0.1-0.20220926144453.bbf881f.el9ost
Doc Type:	Bug Fix
Doc Text:	Before this update, adding a member without subnet information when the subnet of the member is different than the subnet of the load balancer Virtual IP (VIP) caused the ovn-octavia provider to wrongly use the VIP subnet for the `subnet_id`, which resulted in no error but no connectivity to the member. With this update, a check that the actual IP of the member belongs to the same CIDR that the VIP belongs to when there is no subnet information resolves the issue. If the two IP addresses do not match, the action is rejected, asking for the `subnet_id`.
Clone Of:	2122923
Environment:
Last Closed:	2023-01-25 12:28:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	850558	None	MERGED	Ensure members without subnet belong to VIP subnet or fail	2022-08-31 10:05:28 UTC
Red Hat Issue Tracker	OSP-18480	None	None	None	2022-08-31 10:21:46 UTC
Red Hat Product Errata	RHBA-2023:0271	None	None	None	2023-01-25 12:29:08 UTC

Description Fernando Royo 2022-08-31 10:04:44 UTC

+++ This bug was initially created as a clone of Bug #2122923 +++

Description of problem:

When members are added without subnet_id information, the ovn-octavia provider used the VIP subnet for the subnet_id. However, if the member does not belong to the same subnet as the VIP subnet (i.e., different cidr), the API does not return any error but there is no connectivity to the member (as it does not belong to the obtained subnet).

An extra checking to ensure the VIP CIDR includes the member IP should be done.

Comment 11 errata-xmlrpc 2023-01-25 12:28:51 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 17.0.1 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0271

Note You need to log in before you can comment on or make changes to this bug.