MAAS

ipv6 addresses in dhcpd.conf

Bug #2027621 reported by Jorge Merlino
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
High
Jacopo Rota
MAAS 3.5.0-beta1
3.0
Fix Released
Medium
Jorge Merlino
MAAS 3.0.2
3.1
Fix Released
Medium
Jorge Merlino
MAAS 3.1.3
3.2
Fix Released
Medium
Jorge Merlino
MAAS 3.2.9
3.3
Fix Released
High
Jacopo Rota
MAAS 3.3.5
3.4
Fix Released
High
Jacopo Rota
MAAS 3.4.0-rc1
3.5
Fix Released
High
Jacopo Rota
MAAS 3.5.0-beta1

Bug Description

This issue occurs in HA installations, when there are ipv6 and ipv4 addresses configured in the same interface and the same VLAN where DHCP is enabled. Sometimes ipv6 addresses are used in the address and peer address parameters on the failover DHCP configuration on dhcpd.conf.

It seems that MAAS does not check the type of the ip addresses when building the failover configuration in the make_failover_peer_config method on dhcpd.conf.

I'm using snap version 3.2.8-12050-g.fc2c8d020.

Example:

- Secondary DHCP node:

#
# Failover Peers
#
failover peer "failover-vlan-5001" {
  secondary;
  address 192.168.133.6;
  peer address 2001:1890:f804:5f05:e643:4bff:fea6:8aa7;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
}

- Primary DHCP node:

#
# Failover Peers
#
failover peer "failover-vlan-5001" {
  primary;
  address 2001:1890:f804:5f05:e643:4bff:fea6:8aa7;
  peer address 192.168.133.6;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 3600;
  split 255;
}

Related branches

~jorge-merlino/maas:lp2027621-3.0
Jacopo Rota: Approve
MAAS Lander: Approve
Diff: 286 lines (+123/-21)
2 files modified
src/maasserver/dhcp.py (+15/-9)
src/maasserver/tests/test_dhcp.py (+108/-12)
~jorge-merlino/maas:lp2027621-3.1
Jacopo Rota: Approve
MAAS Lander: Approve
Diff: 286 lines (+123/-21)
2 files modified
src/maasserver/dhcp.py (+15/-9)
src/maasserver/tests/test_dhcp.py (+108/-12)
~jorge-merlino/maas:lp2027621-3.2
Jacopo Rota: Approve
MAAS Lander: Approve
Diff: 286 lines (+123/-21)
2 files modified
src/maasserver/dhcp.py (+15/-9)
src/maasserver/tests/test_dhcp.py (+108/-12)
~r00ta/maas:lp-2027621-3.3
MAAS Lander: Approve
Jacopo Rota: Approve
Diff: 286 lines (+123/-21)
2 files modified
src/maasserver/dhcp.py (+15/-9)
src/maasserver/tests/test_dhcp.py (+108/-12)
~r00ta/maas:lp-2027621-3.4
MAAS Lander: Approve
Jacopo Rota: Approve
Diff: 286 lines (+123/-21)
2 files modified
src/maasserver/dhcp.py (+15/-9)
src/maasserver/tests/test_dhcp.py (+108/-12)
~r00ta/maas:lp-2027621
MAAS Lander: Approve
Anton Troyanov: Approve
Diff: 286 lines (+123/-21)
2 files modified
src/maasserver/dhcp.py (+15/-9)
src/maasserver/tests/test_dhcp.py (+108/-12)
Jorge Merlino (jorge-merlino)
tags: added: sts
Jacopo Rota (r00ta)
Changed in maas:
assignee: nobody → Jacopo Rota (r00ta)
milestone: none → 3.4.0
Jacopo Rota (r00ta)
Changed in maas:
importance: Undecided → High
status: New → Triaged
status: Triaged → In Progress
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Hello Jorge, or anyone else affected,

Accepted maas 3.1.3 into ppa:maas/3.1-next and snap:3.1/edge
(code version 3.1.3-10930-g.2eb4e7525).

Please test this update and provide your feedback on this bug:

If it fixes the bug for you, please add a comment mentioning the version you tested and what testing has been performed, and change the tag from verification-needed-maas-3.1 to verification-done-maas-3.1.

If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-maas-3.1.

The update will be released after the bug(s) have been verified and quality assurance testing is successful.

Thank you in advance for helping!

tags: added: verification-needed-maas-3.1
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Hello Jorge, or anyone else affected,

Accepted maas 3.0.2 into ppa:maas/3.0-next and snap:3.0/edge
(code version 3.0.2-10056-g.089ec66c2).

Please test this update and provide your feedback on this bug:

If it fixes the bug for you, please add a comment mentioning the version you tested and what testing has been performed, and change the tag from verification-needed-maas-3.0 to verification-done-maas-3.0.

If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-maas-3.0.

The update will be released after the bug(s) have been verified and quality assurance testing is successful.

Thank you in advance for helping!

tags: added: verification-needed-maas-3.0
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote (last edit ):
Download full text (7.0 KiB)

Verification done on MAAS 3.1.3.

In a HA deployment with 1 region+rack and 1 rack,
the dhcpd.conf file's section 'failover peer' has
IPv4+IPv6 address in 3.1.2 and only IPv4 in 3.1.3.

The synthetic reproducer changes the order of IPs
in the maasdb so the IPv6 address has a _lower id_
than then IPv4 address (and thus goes first in the
for-loop in get_ip_address_for_rack_controller()).

 def get_ip_address_for_rack_controller(rack_controller, vlan, ip_version: int):
 ...
     interfaces = rack_controller.interface_set.all().prefetch_related(
 ...
     for interface in interfaces:
  for ip_address in interface.ip_addresses.all():
 ...

MAAS 3.1.2:

 $ snap list maas
 Name Version Rev Tracking Publisher Notes
 maas 3.1.2-10926-g.5ad7060e5 30495 3.1/stable canonical✓ -

Before changing maasdb:

 $ maas admin rack-controllers read | jq '.[] | [.system_id, .hostname, (.interface_set[] | .links[] | [.id, .ip_address, .subnet.vlan.id])]'
 [
   "xx8thd",
   "maas-srv-31snap",
   [
     1,
     "10.31.200.2",
     5001
   ],
   [
     7,
     "fc00::2",
     5001
   ]
 ]
 [
   "w6fgbh",
   "maas-srv-peer-31snap",
   [
     2,
     "10.31.200.3",
     5001
   ],
   [
     8,
     "fc00::3",
     5001
   ]
 ]

Change maasdb:

 $ sudo maas-test-db.psql
 maasdb=# \c maasdb

 maasdb=# select * from maasserver_staticipaddress order by id;
  id | created | updated | ip | alloc_type | subnet_id | user_id | lease_time | temp_expires_on
 ----+-------------------------------+-------------------------------+-------------+------------+-----------+---------+------------+-----------------
   1 | 2024-02-23 10:07:47.030013+00 | 2024-02-23 10:07:47.030013+00 | 10.31.200.2 | 1 | 1 | | 0 |
   2 | 2024-02-23 10:16:10.319517+00 | 2024-02-23 10:16:10.319517+00 | 10.31.200.3 | 1 | 1 | | 0 |
   7 | 2024-02-23 11:32:50.972432+00 | 2024-02-23 11:32:50.972432+00 | fc00::2 | 1 | 6 | | 0 |
   8 | 2024-02-23 11:33:25.04944+00 | 2024-02-23 11:33:25.04944+00 | fc00::3 | 1 | 6 | | 0 |
 (4 rows)

 <just a swap value to replace the ip address which must be unique/non-duplicated>

 maasdb=# update maasserver_staticipaddress set ip='10.31.200.33' where id=8;
 UPDATE 1
 maasdb=# update maasserver_staticipaddress set ip='fc00::3' where id=2;
 UPDATE 1
 maasdb=# update maasserver_staticipaddress set ip='10.31.200.3' where id=8;
 UPDATE 1

 maasdb=# select * from maasserver_staticipaddress order by id;
  id | created | updated | ip | alloc_type | subnet_id | user_id | lease_time | temp_expires_on
 ----+-------------------------------+-------------------------------+-------------+------------+-----------+---------+------------+-----------------
   1 | 2024-02-23 10:07:47.030013+00 | 2024-02-23 10:07:47.030013+00 | 10.31.200.2 | 1 | 1 | | 0 |
   2 | 2024-02-23 10:16:10.319517+00 | 2024-02-23 10:16:10.319517+00 | fc00::3 | 1 | 1 | | 0 |
   7 | 20...

Read more...

tags: added: verification-done-maas-3.1
removed: verification-needed-maas-3.1
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Docs used above to add another rack server (to achieve HA on DHCP):
https://maas.io/docs/configuring-maas-controllers#add-a-new-rack-1
https://maas.io/docs/ensuring-high-availability-for-controllers#enter-ha-mode-1

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :
Download full text (5.8 KiB)

Verification done on MAAS 3.0.2.

In a HA deployment with 1 region+rack and 1 rack,
the dhcpd.conf file's section 'failover peer' has
IPv4+IPv6 address in 3.0.1 and only IPv4 in 3.0.2

The synthetic reproducer changes the order of IPs
in the maasdb so the IPv6 address has a _lower id_
than then IPv4 address (and thus goes first in the
for-loop in get_ip_address_for_rack_controller()).

(Steps are described in more detail in comment #3.)

Before DB changes:

 # maas admin rack-controllers read | jq '.[] | [.system_id, .hostname, (.interface_set[] | .links[] | [.id, .ip_address, .subnet.vlan.id])]'
 [
   "hy37ba",
   "maas-srv-30snap",
   [
     1,
     "10.30.200.2",
     5001
   ],
   [
     3,
     "fc00::2",
     5001
   ]
 ]
 [
   "8meq3e",
   "maas-srv-peer-30snap",
   [
     2,
     "10.30.200.3",
     5001
   ],
   [
     4,
     "fc00::3",
     5001
   ]
 ]

DB changes:

 # maas-test-db.psql
 postgres=# \c maasdb
 maasdb=# select id, ip from maasserver_staticipaddress order by id;
  id | ip
 ----+-------------
   1 | 10.30.200.2
   2 | 10.30.200.3
   3 | fc00::2
   4 | fc00::3
 (4 rows)

 maasdb=# update maasserver_staticipaddress set ip='1.2.3.4' where id=4;
 UPDATE 1
 maasdb=# update maasserver_staticipaddress set ip='fc00::3' where id=2;
 UPDATE 1
 maasdb=# update maasserver_staticipaddress set ip='10.30.200.3' where id=4;
 UPDATE 1

 maasdb=# select id, ip from maasserver_staticipaddress order by id;
  id | ip
 ----+-------------
   1 | 10.30.200.2
   2 | fc00::3
   3 | fc00::2
   4 | 10.30.200.3
 (4 rows)

 maasdb=# \q

After DB changes:

 # maas admin rack-controllers read | jq '.[] | [.system_id, .hostname, (.interface_set[] | .links[] | [.id, .ip_address, .subnet.vlan.id])]'
 [
   "hy37ba",
   "maas-srv-30snap",
   [
     1,
     "10.30.200.2",
     5001
   ],
   [
     3,
     "fc00::2",
     5001
   ]
 ]
 [
   "8meq3e",
   "maas-srv-peer-30snap",
   [
     2,
     "fc00::3",
     5001
   ],
   [
     4,
     "10.30.200.3",
     5001
   ]
 ]

MAAS 3.0.1:

 # snap list maas
 Name Version Rev Tracking Publisher Notes
 maas 3.0.1-10052-g.82c730c57 28871 3.0/stable canonical✓ -

 Enable DHCP with HA:

 root@maas-srv-30snap:~# sudo cat /var/snap/maas/common/maas/dhcpd.conf | sed -n '/^failover peer/,/^}/p'
 failover peer "failover-vlan-5001" {
     primary;
     address 10.30.200.2;
     peer address fc00::3;
     max-response-delay 60;
     max-unacked-updates 10;
     load balance max seconds 3;
     mclt 3600;
     split 255;
 }

 root@maas-srv-peer-30snap:~# sudo cat /var/snap/maas/common/maas/dhcpd.conf | sed -n '/^failover peer/,/^}/p'
 failover peer "failover-vlan-5001" {
     secondary;
     address fc00::3;
     peer address 10.30.200.2;
     max-response-delay 60;
     max-unacked-updates 10;
     load balance max seconds 3;
 }

 Disable/Re-enable DHCP with HA (switch the order of servers for testing purposes):

 root@maas-srv-30snap:~# sudo cat /var/snap/maas/common/maas/dhcpd.conf | sed -n '/^failover peer/,/^}/p'
 failover peer "failover-vlan-5001" {
     secondary;
     address 10.30.200.2;
     peer address fc00::3;
     max-response-delay 60;
     max-unacked-updates 10;
     ...

Read more...

tags: added: verification-done-maas-3.0
removed: verification-needed-maas-3.0
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

MAAS 3.1.3 has been released:
- deb: ppa:maas/3.1 (1:3.1.3-10930-g.2eb4e7525-0ubuntu1~20.04.1)
- snap: 3.1/stable (3.1.3-10930-g.2eb4e7525)

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

MAAS 3.0.2 has been released:
- deb: ppa:maas/3.0 (1:3.0.2-10056-g.089ec66c2-0ubuntu1~20.04.1)
- snap: 3.0/stable (3.0.2-10056-g.089ec66c2)

Anton Troyanov (troyanov)
Changed in maas:
milestone: 3.5.0 → 3.5.0-beta1
Anton Troyanov (troyanov)
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.