Canonical Juju

Autodetection of subnets prevents bootstrap when there are duplicate subnet ranges

Bug #1733266 reported by John A Meinel on 2017-11-20

This bug affects 11 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Fix Released	High	John A Meinel	Canonical Juju 2.4-rc1
	2.3	Fix Released	High	John A Meinel	Canonical Juju 2.3.9

Bug Description

This is a spin off of the issue filed in: bug #1710848

In 2.2 we introduced automatic detection of subnets. But Openstack defaults to a configuration where lots of things are exposed as link-local subnets, and so they all collide.
Nobody is going to be putting those subnets into spaces, so it is ~ok to ignore them.

The correct fix (ultimately) is to change our internals to model separate networks and each network has non-overlapping subnets, but vs other networks they might collide.

In the short term, we need to just change the autodetection code to not fail in a blocking way when subnets overlap.

Tags:

John A Meinel (jameinel) on 2017-11-27

Changed in juju:
status:	Triaged → In Progress

Revision history for this message

Ian Booth (wallyworld) wrote on 2017-11-27:

The PR attached to this bug does not address the issue in the bug. I've raised a new bug to cover the fact that Juju should ignore certain subnets. Bug 1734772.

This bug will be marked as triaged again so that we can work to address the dupe issue.

Changed in juju:
milestone:	2.3-rc2 → 2.3.1
status:	In Progress → Triaged

Canonical Juju QA Bot (juju-qa-bot) on 2017-12-08

Changed in juju:
milestone:	2.3.1 → none

Tim Penhey (thumper) on 2017-12-10

Changed in juju:
milestone:	none → 2.3.2

Revision history for this message

John A Meinel (jameinel) wrote on 2018-01-09:

Removing from the 2.3.2 milestone because the larger fix of modeling Networks for overlapping subnet ranges is a much bigger change.

Changed in juju:
assignee:	Witold Krecicki (wpk) → nobody
milestone:	2.3.2 → none

Revision history for this message

Vincenzo Di Somma (vds) wrote on 2018-03-20:

This bug is preventing a customer deployment, could we change the "importance" to critical?

Revision history for this message

John A Meinel (jameinel) wrote on 2018-03-21: Re: [Bug 1733266] [NEW] Autodetection of subnets prevents bootstrap when there are duplicate subnet ranges

I believe there is a workaround if you create a tenant that doesn't have
visibility to all of the networks that aren't useful. You tend to run into
this when you bootstrap as the admin of Openstack which seems a bit like
running all your applications as root.

If it needs to be escalated then please go through the normal channels to
do so.

As for possible internal fixes. One reasonably straightforward one is to
only include subjects in the Network that was supplied for the model.

John
=:->

On Mar 20, 2018 20:58, "Launchpad Bug Tracker" <email address hidden>
wrote:

> You have been subscribed to a public bug by Vincenzo Di Somma (vds):
>
> This is a spin off of the issue filed in: bug #1710848
>
> In 2.2 we introduced automatic detection of subnets. But Openstack
> defaults to a configuration where lots of things are exposed as link-local
> subnets, and so they all collide.
> Nobody is going to be putting those subnets into spaces, so it is ~ok to
> ignore them.
>
> The correct fix (ultimately) is to change our internals to model
> separate networks and each network has non-overlapping subnets, but vs
> other networks they might collide.
>
> In the short term, we need to just change the autodetection code to not
> fail in a blocking way when subnets overlap.
>
> ** Affects: juju
> Importance: High
> Status: Triaged
>
>
> ** Tags: network openstack-provider
> --
> Autodetection of subnets prevents bootstrap when there are duplicate
> subnet ranges
> https://bugs.launchpad.net/bugs/1733266
> You received this bug notification because you are subscribed to the bug
> report.
>

Revision history for this message

Nicholas Skaggs (nskaggs) wrote on 2018-03-21:

Unsubbing field critical as there is a workaround in place, and it's been utilized successfully.

Jeff Hillman (jhillman) on 2018-05-22

tags:

added: cpe-onsite

Revision history for this message

John A Meinel (jameinel) wrote on 2018-05-23:

We should be able to filter to just the subnets that are part of the Openstack Network that we have defined in Config.

There is "network" and "external-network" which are both something like:
The network label or UUID to bring machines up on when multiple networks exist.

Essentially when we scan subnets to record in the database we could just filter to the network id that is known.

Note that we'll want to be careful because eventually we may want to inventory all networks, but it should be a reasonable first pass fix.

John A Meinel (jameinel) on 2018-05-23

Changed in juju:
assignee:	nobody → John A Meinel (jameinel)
status:	Triaged → In Progress
milestone:	none → 2.4-beta3

Revision history for this message

John A Meinel (jameinel) wrote on 2018-05-23:

https://github.com/juju/juju/pull/8751 for 2.3

Revision history for this message

John A Meinel (jameinel) wrote on 2018-05-23:

#10

https://github.com/juju/juju/pull/8751 only includes subnets that we would have access to, given that they are associated with the network that the user defined.

Revision history for this message

John A Meinel (jameinel) wrote on 2018-05-24:

#11

merging into 2.4/develop https://github.com/juju/juju/pull/8762

Canonical Juju QA Bot (juju-qa-bot) on 2018-05-25

Changed in juju:
milestone:	2.4-beta3 → none

John A Meinel (jameinel) on 2018-06-05

Changed in juju:
milestone:	none → 2.4-rc1
status:	In Progress → Fix Committed

Revision history for this message

John A Meinel (jameinel) wrote on 2018-06-05:

#12

I believe this actually made it into 2.4-beta3, but it isn't worth reopening the milestone.

Revision history for this message

Dmitrii Shcherbakov (dmitriis) wrote on 2018-06-05:

#13

Just in case, OpenStack has a concept of address scopes to allow overlapping subnet ranges for networks with multiple VRFs:

https://docs.openstack.org/neutron/queens/admin/config-address-scopes.html

Revision history for this message

John A Meinel (jameinel) wrote on 2018-06-05: Re: [Bug 1733266] Re: Autodetection of subnets prevents bootstrap when there are duplicate subnet ranges

#14

If I read that document correctly, all subnets in a given 'network id' are
associated with a given address scope. Which still disallows subnets to
overlap. So within a 'network' none of the subnets overlap. It is just that
you might share address scopes across networks.

Juju currently only supports 1 network for all of the instances in the
model, which still restricts you to non-overlapping subnets.

Eventually we probably want to handle >1 network for instances, but as yet
that hasn't been a significant request.

On Tue, Jun 5, 2018 at 8:56 AM, Dmitrii Shcherbakov <
<email address hidden>> wrote:

> Just in case, OpenStack has a concept of address scopes to allow
> overlapping subnet ranges for networks with multiple VRFs:
>
> https://docs.openstack.org/neutron/queens/admin/config-address-
> scopes.html
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1733266
>
> Title:
> Autodetection of subnets prevents bootstrap when there are duplicate
> subnet ranges
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1733266/+subscriptions
>

Anastasia (anastasia-macmood) on 2018-07-10

Changed in juju:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.