Skip to content

OCPBUGS-2628: Ensure network defs without subnet follow noAllowedAddressPairs #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 1 commit into from
Oct 23, 2022
Merged

OCPBUGS-2628: Ensure network defs without subnet follow noAllowedAddressPairs #249

openshift-merge-robot merged 1 commit into from
Oct 23, 2022

Conversation

@mandre
Copy link
Member

@mandre mandre commented Oct 20, 2022

Commit 855a22c introduced a bug that caused network definitions without subnets (the one you would get when setting additionalNetworkIDs in your install-config.yaml) caused the noAllowedAddressPairs property to be skipped while creating the port.

This may in turn caused machine-api to fail creating the port because it does not have the permission to create a port with allowed_address_pair, which is often the case when using provider networks.

@mandre
OCPBUGS-2508: Ensure network defs without subnet follow noAllowedAddr…
2f79952 
…essPairs

Commit 855a22c introduced a bug that
caused network definitions without subnets (the one you would get when
setting `additionalNetworkIDs` in your `install-config.yaml`) caused the
noAllowedAddressPairs property to be skipped while creating the port.

This may in turn caused machine-api to fail creating the port because it
does not have the permission to create a port with allowed_address_pair,
which is often the case when using provider networks.
@openshift-ci-robot openshift-ci-robot added the jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. label Oct 20, 2022
@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 20, 2022

@mandre: This pull request references Jira Issue OCPBUGS-2628, which is invalid:

  • expected Jira Issue OCPBUGS-2628 to depend on a bug targeting a version in 4.11.0, 4.11.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Commit 855a22c introduced a bug that caused network definitions without subnets (the one you would get when setting additionalNetworkIDs in your install-config.yaml) caused the noAllowedAddressPairs property to be skipped while creating the port.

This may in turn caused machine-api to fail creating the port because it does not have the permission to create a port with allowed_address_pair, which is often the case when using provider networks.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Oct 20, 2022
@openshift-ci
Copy link

openshift-ci bot commented Oct 20, 2022

@mandre: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

OCPBUGS-2628: Ensure network defs without subnet follow noAllowedAddressPairs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from EmilienM and mdbooth October 20, 2022 07:31
@mandre
Copy link
Member Author

mandre commented Oct 20, 2022

/jira refresh

@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 20, 2022

@mandre: This pull request references Jira Issue OCPBUGS-2628, which is invalid:

  • expected dependent Jira Issue OCPBUGS-2626 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rlobillo
Copy link

rlobillo commented Oct 20, 2022

Pre-verified with cluster-bot build (build #249) on top of RHOS-16.1-RHEL-8-20220804.n.1

Using below compute section on install-config.yaml:

compute:
- name: worker
  platform:
    openstack:
      zones: []
      additionalNetworkIDs: ['e2fac983-5cb0-4a8e-b492-b3bf8793da5b']
  replicas: 3

Installation worked successfully and workers were correctly deployed:

$ oc get clusterversion && oc get nodes && oc get machines -n openshift-machine-api
NAME      VERSION                                                   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.10.0-0.ci.test-2022-10-20-074928-ci-ln-j76i242-latest   True        False         37m     Cluster version is 4.10.0-0.ci.test-2022-10-20-074928-ci-ln-j76i242-latest
NAME                          STATUS   ROLES    AGE   VERSION
ostest-j6v5m-master-0         Ready    master   81m   v1.23.12+6b34f32
ostest-j6v5m-master-1         Ready    master   78m   v1.23.12+6b34f32
ostest-j6v5m-master-2         Ready    master   81m   v1.23.12+6b34f32
ostest-j6v5m-worker-0-458z8   Ready    worker   50m   v1.23.12+6b34f32
ostest-j6v5m-worker-0-m4k4n   Ready    worker   50m   v1.23.12+6b34f32
ostest-j6v5m-worker-0-slvv6   Ready    worker   48m   v1.23.12+6b34f32
NAME                          PHASE     TYPE        REGION      ZONE   AGE
ostest-j6v5m-master-0         Running                                  108m
ostest-j6v5m-master-1         Running                                  108m
ostest-j6v5m-master-2         Running                                  108m
ostest-j6v5m-worker-0-458z8   Running   m4.xlarge   regionOne   nova   70m
ostest-j6v5m-worker-0-m4k4n   Running   m4.xlarge   regionOne   nova   70m
ostest-j6v5m-worker-0-slvv6   Running   m4.xlarge   regionOne   nova   70m

The networks spec in the machines objects includes "NoAllowedAddressPairs: true" when the networkId:

$ oc get machines -n openshift-machine-api -l machine.openshift.io/cluster-api-machine-role=worker -o json | jq .items[].spec.providerSpec.value.networks                                                                                                
[
  {
    "filter": {},
    "subnets": [
      {
        "filter": {},
        "uuid": "83404eea-2c73-4f38-a198-3fccfa4bab3a"
      }
    ]
  },
  {
    "filter": {},
    "noAllowedAddressPairs": true,
    "uuid": "e2fac983-5cb0-4a8e-b492-b3bf8793da5b"
  }
]
[
  {
    "filter": {},
    "subnets": [
      {
        "filter": {},
        "uuid": "83404eea-2c73-4f38-a198-3fccfa4bab3a"
      }
    ]
  },
  {
    "filter": {},
    "noAllowedAddressPairs": true,
    "uuid": "e2fac983-5cb0-4a8e-b492-b3bf8793da5b"
  }
]
[
  {
    "filter": {},
    "subnets": [
      {
        "filter": {},
        "uuid": "83404eea-2c73-4f38-a198-3fccfa4bab3a"
      }
    ]
  },
  {
    "filter": {},
    "noAllowedAddressPairs": true,
    "uuid": "e2fac983-5cb0-4a8e-b492-b3bf8793da5b"
  }
]

and, from openstack perspective, the ports are correctly created with the expected configuration:

# For the additional Network:

$ for i in $(o port list --network e2fac983-5cb0-4a8e-b492-b3bf8793da5b -c ID -f value); do o port show $i -c allowed_address_pairs; done 
+-----------------------+-------+
| Field                 | Value |
+-----------------------+-------+
| allowed_address_pairs |       |
+-----------------------+-------+
+-----------------------+-------+
| Field                 | Value |
+-----------------------+-------+
| allowed_address_pairs |       |
+-----------------------+-------+
+-----------------------+-------+
| Field                 | Value |
+-----------------------+-------+
| allowed_address_pairs |       |
+-----------------------+-------+

# For the node Network:

$ for i in $(o port list --network provider-net-flat  -c ID -f value); do o port show $i -c name -c allowed_address_pairs; done
+-----------------------+---------------------------+
| Field                 | Value                     |
+-----------------------+---------------------------+
| allowed_address_pairs |                           |
| name                  | ostest-j6v5m-ingress-port |
+-----------------------+---------------------------+
+-----------------------+------------------------------------------------------------+
| Field                 | Value                                                      |
+-----------------------+------------------------------------------------------------+
| allowed_address_pairs | ip_address='10.46.43.132', mac_address='fa:16:3e:3c:2b:3b' |
|                       | ip_address='10.46.43.133', mac_address='fa:16:3e:3c:2b:3b' |
| name                  | ostest-j6v5m-master-0                                      |
+-----------------------+------------------------------------------------------------+
+-----------------------+------------------------------------------------------------+
| Field                 | Value                                                      |
+-----------------------+------------------------------------------------------------+
| allowed_address_pairs | ip_address='10.46.43.132', mac_address='fa:16:3e:83:9d:db' |
|                       | ip_address='10.46.43.133', mac_address='fa:16:3e:83:9d:db' |
| name                  | ostest-j6v5m-master-2                                      |
+-----------------------+------------------------------------------------------------+
+-----------------------+------------------------------------------------------------------+
| Field                 | Value                                                            |
+-----------------------+------------------------------------------------------------------+
| allowed_address_pairs | ip_address='10.46.43.132', mac_address='fa:16:3e:b7:ed:9c'       |
|                       | ip_address='10.46.43.133', mac_address='fa:16:3e:b7:ed:9c'       |
| name                  | ostest-j6v5m-worker-0-slvv6-83404eea-2c73-4f38-a198-3fccfa4bab3a |
+-----------------------+------------------------------------------------------------------+
+-----------------------+------------------------------------------------------------------+
| Field                 | Value                                                            |
+-----------------------+------------------------------------------------------------------+
| allowed_address_pairs | ip_address='10.46.43.132', mac_address='fa:16:3e:31:21:95'       |
|                       | ip_address='10.46.43.133', mac_address='fa:16:3e:31:21:95'       |
| name                  | ostest-j6v5m-worker-0-m4k4n-83404eea-2c73-4f38-a198-3fccfa4bab3a |
+-----------------------+------------------------------------------------------------------+
+-----------------------+------------------------------------------------------------+
| Field                 | Value                                                      |
+-----------------------+------------------------------------------------------------+
| allowed_address_pairs | ip_address='10.46.43.132', mac_address='fa:16:3e:30:e8:c5' |
|                       | ip_address='10.46.43.133', mac_address='fa:16:3e:30:e8:c5' |
| name                  | ostest-j6v5m-master-1                                      |
+-----------------------+------------------------------------------------------------+
+-----------------------+------------------------------------------------------------------+
| Field                 | Value                                                            |
+-----------------------+------------------------------------------------------------------+
| allowed_address_pairs | ip_address='10.46.43.132', mac_address='fa:16:3e:30:e5:7c'       |
|                       | ip_address='10.46.43.133', mac_address='fa:16:3e:30:e5:7c'       |
| name                  | ostest-j6v5m-worker-0-458z8-83404eea-2c73-4f38-a198-3fccfa4bab3a |
+-----------------------+------------------------------------------------------------------+
+-----------------------+-----------------------+
| Field                 | Value                 |
+-----------------------+-----------------------+
| allowed_address_pairs |                       |
| name                  | ostest-j6v5m-api-port |
+-----------------------+-----------------------+

@rlobillo
Copy link

rlobillo commented Oct 20, 2022

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Oct 20, 2022
@mandre
Copy link
Member Author

mandre commented Oct 20, 2022

/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Oct 20, 2022
@pierreprinetti pierreprinetti mentioned this pull request Oct 21, 2022
Merged
@mandre
Copy link
Member Author

mandre commented Oct 21, 2022

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Oct 21, 2022
@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 21, 2022

@mandre: This pull request references Jira Issue OCPBUGS-2628, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.10.z) matches configured target version for branch (4.10.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-2626 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE))
  • dependent Jira Issue OCPBUGS-2626 targets the "4.11.z" version, which is one of the valid target versions: 4.11.0, 4.11.z
  • bug has dependents

Requesting review from QA contact:
/cc @eurijon

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@pierreprinetti
Copy link
Member

pierreprinetti commented Oct 21, 2022

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 21, 2022
@openshift-ci
Copy link

openshift-ci bot commented Oct 21, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pierreprinetti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 21, 2022
@itzikb-redhat
Copy link

itzikb-redhat commented Oct 22, 2022

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Oct 22, 2022
@mandre
Copy link
Member Author

mandre commented Oct 23, 2022

e2e-openstack failed due to slow infra. Let's see if we manage to get the job green by itself, otherwise I'll overwrite it since we know the failure has nothing to do with the patch tested (known flake).
/test e2e-openstack

@pierreprinetti
Copy link
Member

pierreprinetti commented Oct 23, 2022

/retest-required
One last retry?

@mandre
Copy link
Member Author

mandre commented Oct 23, 2022

Infra failure during deprovision? It's a flake again. At least provisioning and the tests were successful.
/override ci/prow/e2e-openstack

@openshift-ci
Copy link

openshift-ci bot commented Oct 23, 2022

@mandre: Overrode contexts on behalf of mandre: ci/prow/e2e-openstack

Details

In response to this:

Infra failure during deprovision? It's a flake again. At least provisioning and the tests were successful.
/override ci/prow/e2e-openstack

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link

openshift-ci bot commented Oct 23, 2022

@mandre: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-openstack-proxy 2f79952 link false /test e2e-openstack-proxy
ci/prow/e2e-openstack 2f79952 link true /test e2e-openstack

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit c697aa0 into openshift:release-4.10 Oct 23, 2022
@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 23, 2022

@mandre: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-2628 has been moved to the MODIFIED state.

Details

In response to this:

Commit 855a22c introduced a bug that caused network definitions without subnets (the one you would get when setting additionalNetworkIDs in your install-config.yaml) caused the noAllowedAddressPairs property to be skipped while creating the port.

This may in turn caused machine-api to fail creating the port because it does not have the permission to create a port with allowed_address_pair, which is often the case when using provider networks.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@pierreprinetti pierreprinetti deleted the fix-no-allowed-address-pairs-4.10 branch October 23, 2022 20:28
@EmilienM EmilienM mentioned this pull request Jan 31, 2023
Closed
pierreprinetti pushed a commit to shiftstack/cluster-api-provider-openstack that referenced this pull request Apr 22, 2024
@iamemilio @pierreprinetti
Tags and Metadata (openshift#249)
61d8f9e 
* Update gophercloud vendor to lastest on master

* Allow for setting Tags and Metadata on machines

* Set the minimum required micro version to use tags

* Propagate machine tags down to ports and networks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EmilienM EmilienM Awaiting requested review from EmilienM

@mdbooth mdbooth Awaiting requested review from mdbooth

Assignees

@pierreprinetti pierreprinetti

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mandre @openshift-ci-robot @rlobillo @pierreprinetti @itzikb-redhat @openshift-merge-robot