OCPBUGS-881: fail to create install-config.yaml as apiVIP and ingress VIP are not in machine networks

pkg/asset/installconfig/nutanix/nutanix.go

@@ -14,8 +14,11 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 
+	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/defaults"
 	"github.com/openshift/installer/pkg/types/nutanix"
 	nutanixtypes "github.com/openshift/installer/pkg/types/nutanix"
+	"github.com/openshift/installer/pkg/types/validation"
 	"github.com/openshift/installer/pkg/validate"
 )
 
@@ -266,6 +269,14 @@ func getSubnet(ctx context.Context, client *nutanixclientv3.Client, peUUID strin
 func getVIPs() (string, string, error) {
 	var apiVIP, ingressVIP string
 
+	defaultMachineNetwork := &types.Networking{
+		MachineNetwork: []types.MachineNetworkEntry{
+			{
+				CIDR: *defaults.DefaultMachineCIDR,
+			},
+		},
+	}
+
 	//TODO: Add support to specify multiple VIPs (-> dual-stack)
 	if err := survey.Ask([]*survey.Question{
 		{
@@ -274,7 +285,11 @@ func getVIPs() (string, string, error) {
 				Help:    "The VIP to be used for the OpenShift API.",
 			},
 			Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error {
-				return validate.IP((ans).(string))
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
 			}),
 		},
 	}, &apiVIP); err != nil {
@@ -291,7 +306,11 @@ func getVIPs() (string, string, error) {
 				if apiVIP == (ans.(string)) {
 					return fmt.Errorf("%q should not be equal to the Virtual IP address for the API", ans.(string))
 				}
-				return validate.IP((ans).(string))
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
 			}),
 		},
 	}, &ingressVIP); err != nil {

pkg/asset/installconfig/ovirt/network.go

@@ -9,7 +9,11 @@ import (
 	ovirtsdk4 "github.com/ovirt/go-ovirt"
 	"github.com/pkg/errors"
 
+	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/defaults"
 	"github.com/openshift/installer/pkg/types/ovirt"
+	"github.com/openshift/installer/pkg/types/validation"
+	"github.com/openshift/installer/pkg/validate"
 )
 
 func askNetwork(c *ovirtsdk4.Connection, p *ovirt.Platform) error {
@@ -107,14 +111,29 @@ func askVNICProfileID(c *ovirtsdk4.Connection, p *ovirt.Platform) error {
 func askVIPs(p *ovirt.Platform) error {
 	//TODO: Add support to specify multiple VIPs (-> dual-stack)
 	var apiVIP, ingressVIP string
+
+	defaultMachineNetwork := &types.Networking{
+		MachineNetwork: []types.MachineNetworkEntry{
+			{
+				CIDR: *defaults.DefaultMachineCIDR,
+			},
+		},
+	}
+
 	err := survey.Ask([]*survey.Question{
 		{
 			Prompt: &survey.Input{
 				Message: "Internal API virtual IP",
 				Help:    "This is the virtual IP address that will be used to address the OpenShift control plane. Make sure the IP address is not in use.",
 				Default: "",
 			},
-			Validate: survey.ComposeValidators(survey.Required),
+			Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error {
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
+			}),
 		},
 	}, &apiVIP)
 	if err != nil {
@@ -129,7 +148,16 @@ func askVIPs(p *ovirt.Platform) error {
 				Help:    "This is the virtual IP address that will be used to address the OpenShift ingress routers. Make sure the IP address is not in use.",
 				Default: "",
 			},
-			Validate: survey.ComposeValidators(survey.Required),
+			Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error {
+				if apiVIP == (ans.(string)) {
+					return fmt.Errorf("%q should not be equal to the Virtual IP address for the API", ans.(string))
+				}
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
+			}),
 		},
 	}, &ingressVIP)
 	if err != nil {

pkg/asset/installconfig/vsphere/vsphere.go

@@ -15,6 +15,9 @@ import (
 	"github.com/vmware/govmomi/vim25"
 	"k8s.io/apimachinery/pkg/util/sets"
 
+	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/defaults"
+	"github.com/openshift/installer/pkg/types/validation"
 	"github.com/openshift/installer/pkg/types/vsphere"
 	"github.com/openshift/installer/pkg/validate"
 )
@@ -347,14 +350,26 @@ func getNetwork(ctx context.Context, datacenter string, cluster string, finder F
 func getVIPs() (string, string, error) {
 	var apiVIP, ingressVIP string
 
+	defaultMachineNetwork := &types.Networking{
+		MachineNetwork: []types.MachineNetworkEntry{
+			{
+				CIDR: *defaults.DefaultMachineCIDR,
+			},
+		},
+	}
+
 	if err := survey.Ask([]*survey.Question{
 		{
 			Prompt: &survey.Input{
 				Message: "Virtual IP Address for API",
 				Help:    "The VIP to be used for the OpenShift API.",
 			},
 			Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error {
-				return validate.IP((ans).(string))
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
 			}),
 		},
 	}, &apiVIP); err != nil {
@@ -371,7 +386,11 @@ func getVIPs() (string, string, error) {
 				if apiVIP == (ans.(string)) {
 					return fmt.Errorf("%q should not be equal to the Virtual IP address for the API", ans.(string))
 				}
-				return validate.IP((ans).(string))
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
 			}),
 		},
 	}, &ingressVIP); err != nil {

pkg/types/defaults/installconfig.go

@@ -20,7 +20,8 @@ import (
 )
 
 var (
-	defaultMachineCIDR    = ipnet.MustParseCIDR("10.0.0.0/16")
+	// DefaultMachineCIDR default machine CIDR applied to MachineNetwork.
+	DefaultMachineCIDR    = ipnet.MustParseCIDR("10.0.0.0/16")
 	defaultServiceNetwork = ipnet.MustParseCIDR("172.30.0.0/16")
 	defaultClusterNetwork = ipnet.MustParseCIDR("10.128.0.0/14")
 	defaultHostPrefix     = 23
@@ -34,7 +35,7 @@ func SetInstallConfigDefaults(c *types.InstallConfig) {
 	}
 	if len(c.Networking.MachineNetwork) == 0 {
 		c.Networking.MachineNetwork = []types.MachineNetworkEntry{
-			{CIDR: *defaultMachineCIDR},
+			{CIDR: *DefaultMachineCIDR},
 		}
 		if c.Platform.Libvirt != nil {
 			c.Networking.MachineNetwork = []types.MachineNetworkEntry{

pkg/types/defaults/installconfig_test.go

@@ -27,7 +27,7 @@ func defaultInstallConfig() *types.InstallConfig {
 		AdditionalTrustBundlePolicy: defaultAdditionalTrustBundlePolicy(),
 		Networking: &types.Networking{
 			MachineNetwork: []types.MachineNetworkEntry{
-				{CIDR: *defaultMachineCIDR},
+				{CIDR: *DefaultMachineCIDR},
 			},
 			NetworkType:    defaultNetworkType,
 			ServiceNetwork: []ipnet.IPNet{*defaultServiceNetwork},

pkg/types/validation/installconfig.go

@@ -578,7 +578,7 @@ func validateAPIAndIngressVIPs(vips vips, fieldNames vipFields, vipIsRequired bo
 				}
 			}
 
-			if err := validateIPinMachineCIDR(vip, n); err != nil {
+			if err := ValidateIPinMachineCIDR(vip, n); err != nil {
 				allErrs = append(allErrs, field.Invalid(fldPath.Child(fieldNames.APIVIPs), vip, err.Error()))
 			}
 
@@ -621,7 +621,7 @@ func validateAPIAndIngressVIPs(vips vips, fieldNames vipFields, vipIsRequired bo
 				allErrs = append(allErrs, field.Invalid(fldPath.Child(fieldNames.IngressVIPs), vip, err.Error()))
 			}
 
-			if err := validateIPinMachineCIDR(vip, n); err != nil {
+			if err := ValidateIPinMachineCIDR(vip, n); err != nil {
 				allErrs = append(allErrs, field.Invalid(fldPath.Child(fieldNames.IngressVIPs), vip, err.Error()))
 			}
 
@@ -657,7 +657,8 @@ func validateAPIAndIngressVIPs(vips vips, fieldNames vipFields, vipIsRequired bo
 	return allErrs
 }
 
-func validateIPinMachineCIDR(vip string, n *types.Networking) error {
+// ValidateIPinMachineCIDR confirms if the specified VIP is in the machine CIDR.
+func ValidateIPinMachineCIDR(vip string, n *types.Networking) error {
 	var networks []string
 
 	for _, network := range n.MachineNetwork {