OpenStack-Ansible

1.2.3.4 is not supposed to be used as example

Bug #1775544 reported by Niklas Hagman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Low
Amy Marrich

Bug Description

According to RFC 5737, https://tools.ietf.org/html/rfc5737, IPv4 Address Blocks Reserved for Documentation, 192.0.2.0/24, 198.51.100.0/24 or 203.0.113.0/24 should be used in documentation.

These networks should be blocked by Internet Service Providers so they do not appear on public Internet. Openstack ansible is using "1.2.3.4" as example for a public address. 1.2.3.4 is routable on public Internet.

./etc/openstack_deploy/user_variables.yml.prod.example:haproxy_keepalived_external_vip_cidr: "1.2.3.4/32"
./etc/openstack_deploy/user_variables.yml.prod-ceph.example:haproxy_keepalived_external_vip_cidr: "1.2.3.4/32"

It also exist in documentation examples on
https://docs.openstack.org/openstack-ansible/latest/user/prod/example.html
https://docs.openstack.org/openstack-ansible/queens/user/prod/example.html
https://docs.openstack.org/openstack-ansible/latest/user/l3pods/example.html
https://docs.openstack.org/openstack-ansible/queens/user/l3pods/example.html
https://docs.openstack.org/openstack-ansible/latest/user/ceph/full-deploy.html
https://docs.openstack.org/openstack-ansible/queens/user/ceph/full-deploy.html

My suggestion for solution is to change haproxy_keepalived_external_vip_cidr into something like "<external_ip_address>/32" and making sure it fails at runtime if the user forgets to specify a correct IPv4 or IPv6 address.

Markos Chandras (hwoarang)
Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Low
Jean-Philippe Evrard (jean-philippe-evrard)
Changed in openstack-ansible:
assignee: nobody → Amy Marrich (amy-marrich)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/574930

Changed in openstack-ansible:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/574930
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=e72136e6e279a4e7bd351c462274b7f8fb4a9717
Submitter: Zuul
Branch: master

commit e72136e6e279a4e7bd351c462274b7f8fb4a9717
Author: Amy Marrich (spotz) <email address hidden>
Date: Tue Jun 12 20:16:08 2018 -0500

    Remove IP range 1.2.3.4 from doc examples

    IP range 1.2.3.4/32 changed to <external_ip_address>/32 in docs

    Change-Id: Ic410882eb928af8cacc22d306bafa7a646d98491
    Closes-Bug: #1775544

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible 18.0.0.0b3

This issue was fixed in the openstack/openstack-ansible 18.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.