Reviewed: https://review.opendev.org/c/openstack/neutron/+/900240 Committed: https://opendev.org/openstack/neutron/commit/2f91d330dae0127be1adb98f3d6d1fd49745f25d Submitter: "Zuul (22348)" Branch: master
commit 2f91d330dae0127be1adb98f3d6d1fd49745f25d Author: Brian Haley <[email protected]> Date: Mon Nov 6 15:03:50 2023 -0500 Correctly validate subnet arguments when using a subnetpool When creating a subnet using a subnetpool, we were failing to validate all the passed API arguments in the dictionary, leading to a case where you could specify an invalid DNS nameserver. For example, using an IPv4 nameserver on an IPv6 subnet. This could cause daemons the l3-agent starts, like radvd, to fail to start correctly, leading to a loss of connectivity. Specifying a subnet by cidr without a subnetpool did already correctly fail with an IP version mismatch error, this is just an edge case that was never tested. Since _validate_subnet() was called in so many places it was moved to a common location and is only not called for IPv6 prefix-delegation subnets. Closes-bug: #2036877 Change-Id: I6302e9a373cf93e706cec10f87c3beaf632a0391 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2036877 Title: radvd seems to crash when ipv4 addresses are supplied as nameservers to ipv6 subnets Status in neutron: Fix Released Bug description: I'll copy from this report, please notice that I'm NOT the original reporter!: https://bugs.launchpad.net/kolla-ansible/+bug/2033980/comments/8 Before cleaning the PID file, I did take a look at the config of radvd: ``` $ cat /var/lib/neutron/ra/aee91f41-1945-40b4-b72f-8be2eb369b44.radvd.conf interface qr-caa16d7e-26 { AdvSendAdvert on; MinRtrAdvInterval 30; MaxRtrAdvInterval 100; AdvLinkMTU 1450; RDNSS 2a02:74a0:x:0::53 10.40.3.53 2a02:74a0:x:0::54 {}; prefix 2a02:74a0:x:y::/64 { AdvOnLink on; AdvAutonomous on; }; route fe80::a9fe:a9fe/128 { }; }; ``` We've been configuring the router with terraform, assigning the ipv4 resolvers to the IPv4 subnet and the IPv6 resolvers to the IPv6 subnet. After deleting the router, adjusting the subnets (no resolvers on v4, only ipv6 resolvers on ipv6), and recreating the router, radvd is now active and everything's fine. It seems that due to misconfiguration (and incomplete template parsing), IPv4 nameservers ended up in the config of radvd, which failed to start. Neutron was then unable to clean up the pidfile, thus failing to start radvd again. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2036877/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
