neutron

Turning on 'enable_dhcp' on subnet update cause request failure for pluggable IPAM

Bug #1514810 reported by Pavel Bondar
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Gary Kotton

Bug Description

Bug reproducible only if pluggable IPAM is in effect.

Steps to reproduce:
1. Enable pluggable IPAM by setting ipam_driver to 'internal' (or another ipam driver).
2. Create Network.
3. Create Subnet with unchecked 'Enable DHCP' option.
4. Verify Subnet is created.
5. Edit Subnet and check 'Enable DHCP' option, press 'Save'

Observed error in UI:
"Error: Failed to update subnet "90.90.0.0/24": No more IP addresses available on network a9bb6abf-98ec-40d3-a79f-365703949b3b."

Error in neutron log:

2015-11-10 12:07:09.656 DEBUG neutron.api.v2.base [req-c585fc85-2143-4d09-95bb-615be2fac2da admin 507df20dc0be462db98373c6bcf6a88c] Request body: {u'subnet': {u'dns_nameservers': [], u'allocation_pools': [{u'start
': u'90.90.0.2', u'end': u'90.90.0.254'}], u'host_routes': [], u'name': u'niny', u'enable_dhcp': True}} from (pid=29244) prepare_request_body /opt/stack/neutron/neutron/api/v2/base.py:645
2015-11-10 12:07:09.754 INFO neutron.api.v2.resource [req-c585fc85-2143-4d09-95bb-615be2fac2da admin 507df20dc0be462db98373c6bcf6a88c] update failed (client error): No more IP addresses available on network a9bb6a
bf-98ec-40d3-a79f-365703949b3b.

Root cause:
Query in _validate_subnet is not compatible with pluggable IPAM.
It directly queries tables for built-in IPAM.

range_qry = context.session.query(models_v2.
                        IPAvailabilityRange).join(models_v2.IPAllocationPool)

https://github.com/openstack/neutron/blob/87ce4868ca/neutron/db/db_base_plugin_v2.py#L458

Need to reword this validation to support pluggable IPAM.

See original description
Pavel Bondar (pasha117)
Changed in neutron:
assignee: nobody → Pavel Bondar (pasha117)
tags: added: l3-ipam-dhcp
tags: added: liberty-backport-potential
Revision history for this message
Miguel Angel Ajo (mangelajo) wrote :

looping in Carl Baldwin to the bug.

Changed in neutron:
importance: Undecided → Medium
tags: added: needs-attention
Revision history for this message
Miguel Angel Ajo (mangelajo) wrote :

The report makes sense to me, needs-attention flag added for Carl to have a look on it.

Revision history for this message
Pavel Bondar (pasha117) wrote :

This query stands for validating subnet has at least one ip to allocate for dhcp port:

                    range_qry = context.session.query(models_v2.
                        IPAvailabilityRange).join(models_v2.IPAllocationPool)
                    ip_range = range_qry.filter_by(subnet_id=s['id']).first()
                    if not ip_range:
                        raise n_exc.IpAddressGenerationFailure(
                            net_id=cur_subnet.network_id)

But as I see there is no easy way to perform this check for third-party ipam driver.
IPAM interface allows only to allocate and deallocate ips, but info about available ips is not populated over IPAM interface.

This check was added in:
https://review.openstack.org/#/c/174228/

Need to confirm if this check is a MUST or a nice to have one.

Revision history for this message
John Belamaric (jbelamaric) wrote :

When is the DHCP IP address allocated? I would think that if there are no IPs left, it would produce an error at that time. If that is done synchronously, I would think it is sufficient.

Adding an IPAM call that provides a count of available addresses for a given subnet would be useful in other ways beyond this, however. But that probably wouldn't be backport-eligible since it would essentially be adding a feature.

Carl Baldwin (carl-baldwin)
description: updated
Gary Kotton (garyk)
Changed in neutron:
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/247019

Changed in neutron:
assignee: Pavel Bondar (pasha117) → Gary Kotton (garyk)
status: Confirmed → In Progress
Gary Kotton (garyk)
Changed in neutron:
importance: Medium → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/247019
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=8d8444aa0ce0e6db1ebbc922311ec1eef546f2fe
Submitter: Jenkins
Branch: master

commit 8d8444aa0ce0e6db1ebbc922311ec1eef546f2fe
Author: Gary Kotton <email address hidden>
Date: Wed Nov 18 08:26:18 2015 -0800

    IPAM: fix 'enable-dhcp' with internal driver

    Commit 0c1f96ad5a6606c1205bd50ea944c3a383892cde broke the ipam
    internal driver. The base plugin should only call the ipam interface
    and not invoke the IPallocation data model.

    The code that validated that the subnet had one free IP address was
    removed. This would not guarantee that a port would indeed be free,
    that is, a parallel operation could have created a port on the subnet
    during this check.

    Closes-bug: #1514810

    Change-Id: I4d7ecb985762a8eef39cb2f22f210b4899f1a22e

Changed in neutron:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/249060

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/liberty)

Reviewed: https://review.openstack.org/249060
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b2801195e3b3202290f55d261c89d304b2a4a0fd
Submitter: Jenkins
Branch: stable/liberty

commit b2801195e3b3202290f55d261c89d304b2a4a0fd
Author: Gary Kotton <email address hidden>
Date: Wed Nov 18 08:26:18 2015 -0800

    IPAM: fix 'enable-dhcp' with internal driver

    Commit 0c1f96ad5a6606c1205bd50ea944c3a383892cde broke the ipam
    internal driver. The base plugin should only call the ipam interface
    and not invoke the IPallocation data model.

    The code that validated that the subnet had one free IP address was
    removed. This would not guarantee that a port would indeed be free,
    that is, a parallel operation could have created a port on the subnet
    during this check.

    Closes-bug: #1514810

    Conflicts:
     neutron/db/db_base_plugin_v2.py

    Change-Id: I4d7ecb985762a8eef39cb2f22f210b4899f1a22e
    (cherry picked from commit 8d8444aa0ce0e6db1ebbc922311ec1eef546f2fe)

tags: added: in-stable-liberty
Doug Hellmann (doug-hellmann)
Changed in neutron:
status: Fix Committed → Fix Released
Ihar Hrachyshka (ihar-hrachyshka)
tags: removed: liberty-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.