neutron

IPv6 dns nameservers described with their scope on the IP are not supported

Bug #2073894 reported by Elvira García Ruiz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Elvira García Ruiz
oslo.utils
Fix Released
Undecided
Elvira García Ruiz

Bug Description

When updating a port, we sometimes need to check dns nameserver ips. When this happens, if the DNS resolver file (resolv.conf) includes an address with scope like fe80::5054:ff:fe96:8af7%eth2, oslo_utils is_valid_ipv6 detects this as valid ipv6 input, but netaddr will raise an exception since this is not strictly just the IPv6 address, and therefore the port update fails with a raised exception and the port is deleted.

On a normal scenario, this means that the metadata port cannot be spawned and therefore no VMs can be properly configured using metadata.

[resolv.conf example]
# Generated by NetworkManager
nameserver 10.0.0.1
nameserver fe80::5054:ff:fe96:8af7%eth2
nameserver 2620:52:0:13b8::fe

This was found on an environment using Train, but affects every version.

100% Reproducible, just need to try to spawn a VM on an environment with the resolv.conf similar to the example.

Traceback found on controller logs: https://paste.opendev.org/show/bzqgpsJRifX0uovHw5nJ/

From the compute logs we see the metadata port was deleted after the exception:

2024-07-18 04:38:06.036 49524 DEBUG networking_ovn.agent.metadata.agent [-] There is no metadata port for network 75b73d16-cb05-42d1-84c5-19eccf3a252d or it has no MAC or IP addresses configured, tearing the namespace down if needed _get_provision_params /usr/lib/python3.6/site-packages/networking_ovn/agent/metadata/agent.py:474

Tags: ipv6
Elvira García Ruiz (elviragr)
Changed in oslo.utils:
assignee: nobody → Elvira García Ruiz (elviragr)
Elvira García Ruiz (elviragr)
Changed in neutron:
importance: Undecided → Medium
Bernard Cafarelli (bcafarel)
tags: added: ipv6
Elvira García Ruiz (elviragr)
Changed in neutron:
status: New → In Progress
Elvira García Ruiz (elviragr)
Changed in oslo.utils:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oslo.utils (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/oslo.utils/+/925469

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/926079

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to oslo.utils (master)

Reviewed: https://review.opendev.org/c/openstack/oslo.utils/+/925469
Committed: https://opendev.org/openstack/oslo.utils/commit/076aaac87f6478a95bfb156bd674dfd0558f6782
Submitter: "Zuul (22348)"
Branch: master

commit 076aaac87f6478a95bfb156bd674dfd0558f6782
Author: Elvira García <email address hidden>
Date: Thu Aug 1 13:21:42 2024 +0200

    Add a function to trim scope out of ipv6 addr

    Currently, is_valid_ipv6 accepts ipv6 addresses with scope. However,
    there are functions that won't accept an address with scope. An example
    of this would be the netaddress.IPAdress() function used in Neutron.

    Related-Bug: #2073894
    Change-Id: If2757dfc91f5b4c8257dee49d6da1e216b3e7cd8

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/926079
Committed: https://opendev.org/openstack/neutron/commit/1ed8609a6818d99133bf56483adb9bce8c886fd6
Submitter: "Zuul (22348)"
Branch: master

commit 1ed8609a6818d99133bf56483adb9bce8c886fd6
Author: Elvira García <email address hidden>
Date: Fri Aug 9 18:16:59 2024 +0200

    Get ips from system dns resolver without scope

    Currently, is_valid_ipv6 accepts ipv6 addresses with scope. However
    netaddr library won't accept an address with scope. Now,
    get_noscope_ipv6() can be used to avoid this situation. In a future we
    will be able to use the same function which is also being defined on
    oslo.utils. https://review.opendev.org/c/openstack/oslo.utils/+/925469

    Closes-Bug: #2073894
    Signed-off-by: Elvira García <email address hidden>
    Change-Id: I27f25f90c54d7aaa3c4a7b5317b4b8a4122e4068

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/neutron/+/927292

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/neutron/+/927293

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/neutron/+/927294

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/927371

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/2024.1)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/927292
Committed: https://opendev.org/openstack/neutron/commit/6f77c811f73ca1e5c5f4e599ff5c788dd28f6916
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit 6f77c811f73ca1e5c5f4e599ff5c788dd28f6916
Author: Elvira García <email address hidden>
Date: Fri Aug 9 18:16:59 2024 +0200

    Get ips from system dns resolver without scope

    Currently, is_valid_ipv6 accepts ipv6 addresses with scope. However
    netaddr library won't accept an address with scope. Now,
    get_noscope_ipv6() can be used to avoid this situation. In a future we
    will be able to use the same function which is also being defined on
    oslo.utils. https://review.opendev.org/c/openstack/oslo.utils/+/925469

    Closes-Bug: #2073894
    Signed-off-by: Elvira García <email address hidden>
    Change-Id: I27f25f90c54d7aaa3c4a7b5317b4b8a4122e4068
    (cherry picked from commit 1ed8609a6818d99133bf56483adb9bce8c886fd6)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/927294
Committed: https://opendev.org/openstack/neutron/commit/45d9f65196a2dba083b7ce775f9ffe4de211e05a
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 45d9f65196a2dba083b7ce775f9ffe4de211e05a
Author: Elvira García <email address hidden>
Date: Fri Aug 9 18:16:59 2024 +0200

    Get ips from system dns resolver without scope

    Currently, is_valid_ipv6 accepts ipv6 addresses with scope. However
    netaddr library won't accept an address with scope. Now,
    get_noscope_ipv6() can be used to avoid this situation. In a future we
    will be able to use the same function which is also being defined on
    oslo.utils. https://review.opendev.org/c/openstack/oslo.utils/+/925469

    Closes-Bug: #2073894
    Signed-off-by: Elvira García <email address hidden>
    Change-Id: I27f25f90c54d7aaa3c4a7b5317b4b8a4122e4068
    (cherry picked from commit 1ed8609a6818d99133bf56483adb9bce8c886fd6)

Elvira García Ruiz (elviragr)
Changed in oslo.utils:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/927371
Committed: https://opendev.org/openstack/neutron/commit/0798f33c017f403a3c195aa84ed82dd3b321fbb9
Submitter: "Zuul (22348)"
Branch: master

commit 0798f33c017f403a3c195aa84ed82dd3b321fbb9
Author: Elvira García <email address hidden>
Date: Wed Aug 28 12:07:27 2024 +0200

    Use oslo netutils for get_noscope_ipv6 function

    We needed to declare get_noscope_ipv6() on ipv6_netutils in Neutron
    while this function was made avaliable in oslo.utils. This is not needed
    anymore.

    Related-Bug: #2073894
    Change-Id: I76a1c9f75906e8c0bd0ad368c55f01d58811b42d

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/927293
Committed: https://opendev.org/openstack/neutron/commit/15cf75b770c08787b5cba7d07a69f30e34fa15e6
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 15cf75b770c08787b5cba7d07a69f30e34fa15e6
Author: Elvira García <email address hidden>
Date: Fri Aug 9 18:16:59 2024 +0200

    Get ips from system dns resolver without scope

    Currently, is_valid_ipv6 accepts ipv6 addresses with scope. However
    netaddr library won't accept an address with scope. Now,
    get_noscope_ipv6() can be used to avoid this situation. In a future we
    will be able to use the same function which is also being defined on
    oslo.utils. https://review.opendev.org/c/openstack/oslo.utils/+/925469

    Closes-Bug: #2073894
    Signed-off-by: Elvira García <email address hidden>
    Change-Id: I27f25f90c54d7aaa3c4a7b5317b4b8a4122e4068
    (cherry picked from commit 1ed8609a6818d99133bf56483adb9bce8c886fd6)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 25.0.0.0rc1

This issue was fixed in the openstack/neutron 25.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 2023.1-eom

This issue was fixed in the openstack/neutron 2023.1-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 23.3.0

This issue was fixed in the openstack/neutron 23.3.0 Bobcat release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 24.1.0

This issue was fixed in the openstack/neutron 24.1.0 Caracal release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.