Reviewed: https://review.opendev.org/709444 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7e09e72661b0b3a0f898c20d451e204aa7a17194 Submitter: Zuul Branch: master
commit 7e09e72661b0b3a0f898c20d451e204aa7a17194 Author: Harald Jensås <[email protected]> Date: Thu Feb 27 02:38:13 2020 +0100 Filter subnets on fixed_ips segment For v6_stateless IP addresses for all stateless subnets within a network are implicitly included. When using segments implicitly allocating addresses across subnets on different segments is incorrect. IPs from subnets on differnt segments was allocated when no host binding information was available but a subnet_id in fixed_ips request was present. This change adds filtering based on segment_id when fixed_ips are used. If fixed_ips are not all on the same segment exception FixedIpsSubnetsNotOnSameSegment is raised. Related: rhbz#1803989 Related-Bug: #1864333 Related-Bug: #1865138 Closes-Bug: #1864225 Change-Id: I336ae76283f29dd226344fb454aaa0e4aac030ea ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1864225 Title: IP allocation for stateless IPv6 does not filter on segment when fixed-ips contain a subnet_id Status in neutron: Fix Released Bug description: Network 45b993b2-5224-409e-9756-0be190a19cf5 with two segments and two subnets: $ openstack network segment list --network provider -f yaml - ID: 612f96f0-7682-49f7-bfc2-c52437f6e948 Name: provider-segment1 Network: 45b993b2-5224-409e-9756-0be190a19cf5 Network Type: flat Segment: null - ID: 9632dc77-d8d1-4d2b-afab-23568f1d475f Name: provider-segment2 Network: 45b993b2-5224-409e-9756-0be190a19cf5 Network Type: flat Segment: null $ openstack subnet list --network provider -f yaml - ID: 926269c1-b05e-4b48-bafe-6be8e9cbd12c Name: provider-subnet1 Network: 45b993b2-5224-409e-9756-0be190a19cf5 Subnet: dead:beef:1::/64 - ID: cdec94ce-8e3b-4c5b-aba2-13271f8b8b91 Name: provider-subnet2 Network: 45b993b2-5224-409e-9756-0be190a19cf5 Subnet: dead:beef:2::/64 $ openstack subnet show -c segment_id -c ipv6_address_mode \ -c ipv6_ra_mode -c address_mode provider-subnet1 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | ipv6_address_mode | dhcpv6-stateless | | ipv6_ra_mode | dhcpv6-stateless | | segment_id | 612f96f0-7682-49f7-bfc2-c52437f6e948 | +-------------------+--------------------------------------+ $ openstack subnet show -c segment_id -c ipv6_address_mode \ -c ipv6_ra_mode -c address_mode provider-subnet2 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | ipv6_address_mode | dhcpv6-stateless | | ipv6_ra_mode | dhcpv6-stateless | | segment_id | 9632dc77-d8d1-4d2b-afab-23568f1d475f | +-------------------+--------------------------------------+ The two subnets have stateless address mode and are on different segments. When creating port, openstack port create --network provider test- port1 ip allocation is deffered because segments are used and no host id is provided. When creating a port with a subnet specified in fixed-ips the implicit address allocation for stateless subnets will allocate an address in both subnets. $ openstack port create --network provider \ --fixed-ip=subnet=provider-subnet1 test-port1 \ -c fixed_ips -f yaml fixed_ips: - ip_address: dead:beef:1:0:f816:3eff:fe9f:4907 subnet_id: 926269c1-b05e-4b48-bafe-6be8e9cbd12c - ip_address: dead:beef:2:0:f816:3eff:fe9f:4907 subnet_id: cdec94ce-8e3b-4c5b-aba2-13271f8b8b91 Upon trying to bind this port later as part of provisioning with Ironic, this fails because fixed_ips included invalid subnet. --- Failed to provision instance 3340fad9-93a6-4915-a87f-5f79cb647e03: Failed to prepare to deploy: Unable to set binding:host_id for neutron port c83d24aa-4167-4d37-9d1a-833290d55d83. Error: Invalid input for operation: Failed to create port on network 94543fd0-3a89-4d15-ad0c-ee1da99a63a4, because fixed_ips included invalid subnet 9c463bf7-0d6b-498e-a8b5-2c6c8bef7b56 --- This happens because all subnets are returned as candidates when fixed_ips is specified, despite that host id is not included: https://opendev.org/openstack/neutron/src/branch/master/neutron/objects/subnet.py#L330-L337 Then addresses for all stateless subnets in the candidates are allocated: https://opendev.org/openstack/neutron/src/branch/master/neutron/db/ipam_pluggable_backend.py#L256 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1864225/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
