OpenStack Heat

can't create neutron port fixed_ip if subnet associated with segment

Bug #1692567 reported by Bob Fournier
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
Undecided
Harald Jensås
neutron
Fix Released
Undecided
Unassigned

Bug Description

There doesn't seem to be a way to create a fixed_ip for an OS::Neutron::Port if the subnet is associated with a Neutron segment.

For example, using this:
resources:
  instance_port:
    type: OS::Neutron::Port
    properties:
      network: ctlplane
      fixed_ips: [{"subnet": ctlplane-subnet0, "ip_address": 10.8.146.8}]

  my_ironic_instance:
    type: OS::Nova::Server
    properties:
      key_name: default
      image: overcloud-full
      flavor: baremetal
      networks:
        - network: ctlplane
          port: {get_resource: instance_port}

If the subnet is NOT associated with a segment, I am able to create a stack with a Neutron port with 10.8.146.8 as expected.

However, in this case the subnet is associated with a neutron segment:
[stack@host01 ~]$ neutron subnet-show ctlplane-subnet0
+-------------------+----------------------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------------------+
| allocation_pools | {"start": "10.8.146.5", "end": "10.8.146.20"} |
| cidr | 10.8.146.0/24 |
| created_at | 2017-05-19T21:57:53Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.8.146.1 |
| host_routes | {"destination": "169.254.169.254/32", "nexthop": "10.8.146.1"} |
| id | 2510cb92-e3f7-4ef3-98a8-ba409c33406b |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | ctlplane-subnet0 |
| network_id | 5f93540c-b00e-42c7-b1a1-0560906d9a8d |
| project_id | 08b43a05b88c4d4089355b3aba9dd8fb |
| revision_number | 2 |
| segment_id | d5b2dc5d-ee11-4057-9481-fd28fab14b31 |
| service_types | |
| subnetpool_id | |
| tags | |
| tenant_id | 08b43a05b88c4d4089355b3aba9dd8fb |
| updated_at | 2017-05-19T21:57:53Z |
+-------------------+----------------------------------------------------------------+

[stack@host01 ~]$ openstack network segment show d5b2dc5d-ee11-4057-9481-fd28fab14b31
+------------------+--------------------------------------+
| Field | Value |
+------------------+--------------------------------------+
| description | None |
| id | d5b2dc5d-ee11-4057-9481-fd28fab14b31 |
| name | subnet0 |
| network_id | 5f93540c-b00e-42c7-b1a1-0560906d9a8d |
| network_type | flat |
| physical_network | ctlplane |
| segmentation_id | None |
+------------------+--------------------------------------+

The stack is created successfuly, however the neutron port has a fixed_ip from the allocation_pool (10.8.146.15, see below) not the defined fixed_ip in the template.
[stack@host01 ~]$ heat stack-list
+--------------------------------------+------------+-----------------+----------------------+--------------+
| id | stack_name | stack_status | creation_time | updated_time |
+--------------------------------------+------------+-----------------+----------------------+--------------+
| ed4e655b-7ff1-4823-98a8-5a76822e08b9 | test-stack | CREATE_COMPLETE | 2017-05-22T14:48:24Z | None |
+--------------------------------------+------------+-----------------+----------------------+--------------+

[stack@host01 ~]$ neutron port-show da1787b8-f537-4b5f-a5c8-ed986360d7f3
+-----------------------+---------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+---------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | host01.beaker.tripleo.lab.eng.rdu2.redhat.com |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| created_at | 2017-05-22T14:48:25Z |
| description | |
| device_id | 3aad41e0-4ccb-45ef-8c64-6937712a61c7 |
| device_owner | compute:None |
| extra_dhcp_opts | {"opt_value": "http://10.8.146.1:8088/boot.ipxe", "ip_version": 4, "opt_name": |
| | "tag:ipxe,bootfile-name"} |
| | {"opt_value": "10.8.146.1", "ip_version": 4, "opt_name": "tftp-server"} |
| | {"opt_value": "undionly.kpxe", "ip_version": 4, "opt_name": "tag:!ipxe |
| | ,bootfile-name"} |
| | {"opt_value": "10.8.146.1", "ip_version": 4, "opt_name": "server-ip-address"} |
| fixed_ips | {"subnet_id": "2510cb92-e3f7-4ef3-98a8-ba409c33406b", "ip_address": |
| | "10.8.146.15"} |
| id | da1787b8-f537-4b5f-a5c8-ed986360d7f3 |
| ip_allocation | deferred |
| mac_address | b0:83:fe:c6:53:21 |
| name | test-stack-instance_port-4idizi33xgm4 |
| network_id | 5f93540c-b00e-42c7-b1a1-0560906d9a8d |
| project_id | 08b43a05b88c4d4089355b3aba9dd8fb |
| revision_number | 12 |
| security_groups | f862fbd3-5c64-41d4-87e6-1825d9d04568 |
| status | DOWN |
| tags | |
| tenant_id | 08b43a05b88c4d4089355b3aba9dd8fb |
| updated_at | 2017-05-22T14:48:35Z |
+-----------------------+---------------------------------------------------------------------------------+

In heat/engine/resources/openstack/neutron/port.py, it doesn't look like segment can be used as a property.

Revision history for this message
Rabi Mishra (rabi) wrote :

Can you create port with the subnet with the desired fixed_ip without heat? Looks like a neutron issue rather than heat one. AFAIK, neutron segment support does not allow specifying segment for a port yet.

Revision history for this message
Bob Fournier (bfournie) wrote :

True, this is also a Neutron issue as its not possible to create a port with a fixed_ip if the subnet is associated with a segment. The neutron port create commands only takes the subnet parameter for fixed_ip, and if a valid subnet is used the port is created, but the port does not have a fixed ip.

[stack@host01 ~]$ openstack port create --network ctlplane --fixed-ip subnet=ctlplane-subnet0,ip-address=10.8.146.8 fixed-ip-test

[stack@host01 ~]$ openstack port show fixed-ip-test
+-----------------------+--------------------------------------+
| Field | Value |
 +-----------------------+--------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2017-05-22T17:58:53Z |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | |
| id | 05adac6f-9b10-4877-a1bd-fdda52852159 |
| ip_address | None |
| mac_address | fa:16:3e:2c:8b:80 |
| name | fixed-ip-test |
| network_id | 5f93540c-b00e-42c7-b1a1-0560906d9a8d |
| option_name | None |
| option_value | None |
| port_security_enabled | False |
| project_id | 08b43a05b88c4d4089355b3aba9dd8fb |
| qos_policy_id | None |
| revision_number | 3 |
| security_groups | f862fbd3-5c64-41d4-87e6-1825d9d04568 |
| status | DOWN |
| subnet_id | None |
| updated_at | 2017-05-22T17:58:53Z |
 +-----------------------+--------------------------------------+

I will open a Neutron bug. Perhaps this heat bug should stay open so it can be resolved after the support is added to Neutron?

Revision history for this message
Harald Jensås (harald-jensas) wrote :

I ran this trough pdb, when using segments ip_allocation is DEFERRED instead of IMMEDIATE. Grepping the code I found references in neutron/db/ipam_backend_mixin.py where comments says this happens on routed networks (segments) when host is not known.

No Segment:
-----------
-> self.ipam.allocate_ips_for_port_and_store(
(Pdb) n
> /usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py(1262)create_port_db()
 -> context, port, port_id)
(Pdb) n
> /usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py(1263)create_port_db()
 -> db_port['ip_allocation'] = ipa.IP_ALLOCATION_IMMEDIATE

...

-> return db_port
(Pdb) print fixed_ips
[{u'subnet_id': u'64e6df15-4b8f-478b-94fa-b4e99abcea7f', u'ip_address': u'192.168.24.250'}]
(Pdb) print db_port
<neutron.db.models_v2.Port[object at 76b2cd0] {project_id=u'e6d293744b534510ae2af1c9be08666c', id='e11a7193-bb17-471f-a393-d57c0c338b6a', name=u'fixed-ip-test', network_id=u'509106ce-7e19-4985-aa57-2e71a830d520', mac_address='fa:16:3e:dd:51:f5', admin_state_up=True, status='DOWN', device_id='', device_owner='', ip_allocation='immediate', standard_attr_id=12}>

With Segment:
-------------
-> self.ipam.allocate_ips_for_port_and_store(
(Pdb) n
> /usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py(1262)create_port_db()
 -> context, port, port_id)
(Pdb) n
DeferIpam: DeferIpa...ferred',)
> /usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py(1262)create_port_db()
 -> context, port, port_id)
(Pdb) n
> /usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py(1264)create_port_db()
 -> except ipam_exc.DeferIpam:
(Pdb) n
> /usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py(1265)create_port_db()
 -> db_port['ip_allocation'] = ipa.IP_ALLOCATION_DEFERRED

...

-> return db_port
(Pdb) print fixed_ips
[{u'subnet_id': u'86668c2f-d226-4459-babc-8be614a1ee61', u'ip_address': u'172.20.0.250'}]
(Pdb) print db_port
<neutron.db.models_v2.Port[object at 635de90] {project_id=u'6a3e466b1a7245cf832e717edc053938', id='6ff51cca-0877-4a4b-aad3-a097d4ac2ce4', name=u'fixed-ip-test', network_id=u'f19d0817-7394-4f5d-840f-e440476f05b2', mac_address='fa:16:3e:00:cd:13', admin_state_up=True, status='DOWN', device_id='', device_owner='', ip_allocation='deferred', standard_attr_id=29}>

https://github.com/openstack/neutron/blob/master/neutron/db/db_base_plugin_v2.py#L1259:L1264
    try:
        self.ipam.allocate_ips_for_port_and_store(
            context, port, port_id)
        db_port['ip_allocation'] = ipa.IP_ALLOCATION_IMMEDIATE
    except ipam_exc.DeferIpam:
        db_port['ip_allocation'] = ipa.IP_ALLOCATION_DEFERRED

https://github.com/openstack/neutron/blob/master/neutron/db/ipam_backend_mixin.py#L695:L696
    # No, must be a deferred IP port because there are matching
    # subnets. Happens on routed networks when host isn't known.

https://github.com/openstack/neutron/blob/master/neutron/db/ipam_backend_mixin.py#L740:L742
    Updates the port's IPs based on any new fixed_ips passed in or if
    deferred IP allocation is in effect because allocation requires host
    binding information that wasn't provided until port update.

Revision history for this message
Harald Jensås (harald-jensas) wrote :
Download full text (3.9 KiB)

We need to pass the --host parameter to the port create to inform neutron on which neutron node to bind the port?

(undercloud) [stack@ocataleafs ~]$ openstack port create --host ocataleafs.lab.example.com --network ctlplane --fixed-ip subnet=subnet0,ip-address=172.20.0.13 fixed-ip-subnet0-t3
+-----------------------+----------------------------------------------------------------------------+
| Field | Value |
 +-----------------------+----------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | ocataleafs.lab.example.com |
| binding_profile | |
| binding_vif_details | ovs_hybrid_plug='True', port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2017-05-23T15:24:05Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | ip_address='172.20.0.13', subnet_id='86668c2f-d226-4459-babc-8be614a1ee61' |
| id | 6b56a723-f98e-408e-8012-3e5954ba2770 |
| ip_address | None |
| mac_address | fa:16:3e:9d:bc:cc |
| name | fixed-ip-subnet0-t3 |
| network_id | f19d0817-7394-4f5d-840f-e440476f05b2 |
| option_name | None |
| option_value | None |
| port_security_enabled | False |
| project_id | 6a3e466b1a7245cf832e717edc053938 |
| qos_policy_id ...

Read more...

Revision history for this message
Harald Jensås (harald-jensas) wrote :

This also seem to require the network segment to be available on the host we ask for the port to bind to.

In my setup subnet0 is local using physical_network 'ctlplane', and subnet1 is a remote/non-local subnet on physical_network 'subnet1'.

(undercloud) [stack@ocataleafs ~]$ openstack network segment show subnet0
+------------------+--------------------------------------+
| Field | Value |
 +------------------+--------------------------------------+
| description | None |
| id | ce07c9be-bc4a-4b56-a8fd-0176c694e175 |
| name | subnet0 |
| network_id | f19d0817-7394-4f5d-840f-e440476f05b2 |
| network_type | flat |
| physical_network | ctlplane |
| segmentation_id | None |
 +------------------+--------------------------------------+
(undercloud) [stack@ocataleafs ~]$ openstack network segment show subnet1
+------------------+--------------------------------------+
| Field | Value |
 +------------------+--------------------------------------+
| description | None |
| id | a93f33ae-5e07-4140-bd13-9e9a5d090031 |
| name | subnet1 |
| network_id | f19d0817-7394-4f5d-840f-e440476f05b2 |
| network_type | flat |
| physical_network | subnet1 |
| segmentation_id | None |
 +------------------+--------------------------------------+

I cannot bind a port with fixed_ip in subnet1 onto this node.

(undercloud) [stack@ocataleafs ~]$ openstack port create --host ocataleafs.lab.example.com --network ctlplane --fixed-ip subnet=subnet1,ip-address=172.20.0.70 fixed-ip-subnet1

HttpException: Bad Request (HTTP 400) (Request-ID: req-e7965660-077a-4f23-8648-739245c877af), Invalid input for operation: Failed to create port on network f19d0817-7394-4f5d-840f-e440476f05b2, because fixed_ips included invalid subnet cee4e96b-0fe0-469f-b008-7f87cc793d7a.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/467400

Changed in heat:
assignee: nobody → Harald Jensås (harald-jensas)
status: New → In Progress
Revision history for this message
Harald Jensås (harald-jensas) wrote :

The neutron part of this bug is better explained here in https://launchpad.net/bugs/1695740

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on heat (master)

Change abandoned by Harald Jensås (<email address hidden>) on branch: master
Review: https://review.openstack.org/467400
Reason: Abandon. With neutron code change this is no longer needed.

Revision history for this message
Rico Lin (rico-lin) wrote :

Hi Harald Jensås, so I assume that we don't need this bug anymore?

Changed in heat:
status: In Progress → Invalid
status: Invalid → Incomplete
Revision history for this message
Harald Jensås (harald-jensas) wrote :

Hi Rico Lin,

The following change in Neutron was released: https://review.openstack.org/#/c/470788/

With this we can close both the Heat and Neutron part of this bug.

--
Harald

Changed in neutron:
status: New → Fix Released
Changed in heat:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.