Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2124309

Summary: RHOSP could check if allocated VIPs are already used by external hosts
Product: Red Hat OpenStack Reporter: Alex Stupnikov <astupnik>
Component: puppet-pacemakerAssignee: OSP Team <rhos-maint>
Status: CLOSED ERRATA QA Contact: dabarzil
Severity: medium Docs Contact:
Priority: low    
Version: 17.1 (Wallaby)CC: dabarzil, jelynch, jjoyce, joflynn, jschluet, lmiccini, mburns, ramishra, rhos-maint, slinaber, tvignaud
Target Milestone: gaKeywords: Triaged
Target Release: 17.1   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: puppet-pacemaker-1.5.1-1.20221120001158.31e7487.el9ost Doc Type: Enhancement
Doc Text:
With this enhancement, operators can enable the run_arping feature for Pacemaker-managed virtual IPs (VIPs), so that the cluster preemptively checks for duplicate IPs. + To do this, you must add the following configuration to the environment file: + ---- ExtraConfig: pacemaker::resource::ip::run_arping: true ---- + If a duplicate is found, the following error is logged in the `/var/log/pacemaker/pacemaker.log` file: + ---- Sep 07 05:54:54 IPaddr2(ip-172.17.3.115)[209771]: ERROR: IPv4 address collision 172.17.3.115 [DAD] Sep 07 05:54:54 IPaddr2(ip-172.17.3.115)[209771]: ERROR: Failed to add 172.17.3.115 ----
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-16 01:12:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alex Stupnikov 2022-09-05 15:31:30 UTC 
Description of problem:

One of our customers ended up having RHOSP deployment where on of VIPs (used by OVN DB) matched IP address configured on his switch.

In customer's case this VIP was allocated from appropriate subnet pool, so at the end of the day this looks like configuration issue. At the same time, we have checks for regular IP addresses and it would be good to implement something similar to check if there are existing hosts with allocated VIP addresses in proper networks before actually setting them.

I am not sure if this should be done by deployment framework, or VIP pacemaker resource could do something similar, or different component should be responsible for this. So I have selected openstack-tripleo-heat-templates component for initial triage.
Comment 6 Luca Miccini 2022-09-07 06:37:38 UTC 
when run_arping=true and pacemaker detects a collision one can find the following in pacemaker.log:

Sep 07 05:54:54  IPaddr2(ip-172.17.1.31)[209771]:    ERROR: IPv4 address collision 172.17.1.31 [DAD]
Sep 07 05:54:54  IPaddr2(ip-172.17.1.31)[209771]:    ERROR: Failed to add 172.17.1.31
Comment 9 Luca Miccini 2023-05-02 14:32:18 UTC 
  ExtraConfig:
    pacemaker::resource::ip::run_arping: true


  Resource: ip-172.17.3.115 (class=ocf provider=heartbeat type=IPaddr2)
    Attributes: ip-172.17.3.115-instance_attributes
      cidr_netmask=32
      ip=172.17.3.115
      run_arping=true
Comment 20 errata-xmlrpc 2023-08-16 01:12:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:4577