OpenStack Compute (nova)

Nova erroneously asserts a subnet is required on a network to boot an instance

Bug #1637118 reported by Dustin Lundquist
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Confirmed
Low
Unassigned

Bug Description

Deploying an instance attached to a network with a subnet is infact valid, since that instance could communicate via IPv6 link-local addresses or non-IP protocols. Obviously nova metadata wouldn't work, but the instance could otherwise be used. Nova should not assert that a network must have a subnet.

    $ openstack network show facb7425-5c4a-4700-a333-e5a39be51beb
    +---------------------------+--------------------------------------+
    | Field | Value |
    +---------------------------+--------------------------------------+
    | admin_state_up | UP |
    | availability_zone_hints | |
    | availability_zones | nova |
    | created_at | 2016-10-12T23:32:35Z |
    | description | |
    | id | facb7425-5c4a-4700-a333-e5a39be51beb |
    | ipv4_address_scope | None |
    | ipv6_address_scope | None |
    | mtu | 1450 |
    | name | lb-mgmt-net |
    | port_security_enabled | True |
    | project_id | 2da3ff5836314dadb6bee8151cb649c8 |
    | project_id | 2da3ff5836314dadb6bee8151cb649c8 |
    | provider:network_type | vxlan |
    | provider:physical_network | None |
    | provider:segmentation_id | 72 |
    | revision_number | 6 |
    | router:external | Internal |
    | shared | False |
    | status | ACTIVE |
    | subnets | |
    | tags | [] |
    | updated_at | 2016-10-26T15:32:06Z |
    +---------------------------+--------------------------------------+
    $ openstack server create test --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --nic net-id=facb7425-5c4a-4700-a333-e5a39be51beb
    Network facb7425-5c4a-4700-a333-e5a39be51beb requires a subnet in order to boot instances on. (HTTP 400) (Request-ID: req-11ce6a29-d1a7-48ab-85a0-8fea1e28da53)

Tags: neutron ipv6
Revision history for this message
Dustin Lundquist (dlundquist) wrote :

Looking through Nova code it looks like this validation was introduced to fix a previous Nova bug https://bugs.launchpad.net/nova/+bug/1252410.

Matt Riedemann (mriedem)
tags: added: neutron
Revision history for this message
Matt Riedemann (mriedem) wrote :

This is been this way for a long time, and changing it would be an API behavior change, so we'd need some discussion on what the correct validation is. I'll post a query to the nova and neutron teams in the openstack-dev mailing list.

Revision history for this message
Matt Riedemann (mriedem) wrote :

Also note in the commit message here:

https://review.openstack.org/#/c/79801/

"Note: a patch to fix the neutron port-security-enabled extension will follow which allows one to boot instances on networks without subnets and ports without fixedips."

That's this code:

https://github.com/openstack/nova/blob/a6053dd608a96ae57521a74b0d6f0f24d7efe75c/nova/network/neutronv2/api.py#L756

So if the network doesn't have port security enabled then we don't need subnets.

However, that happens in nova-compute long after we've validated the request here:

https://github.com/openstack/nova/blob/a6053dd608a96ae57521a74b0d6f0f24d7efe75c/nova/network/neutronv2/api.py#L1597

And failed as noted in this bug.

Revision history for this message
Matt Riedemann (mriedem) wrote :

http://lists.openstack.org/pipermail/openstack-dev/2016-November/107015.html

Sean Dague (sdague)
Changed in nova:
status: New → Confirmed
importance: Undecided → Low
tags: added: ipv6
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.