No port found <two uuids> when loadbalancer member shares IP with another instance in Openstack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Openstack Integrator Charm |
Fix Released
|
Medium
|
Unassigned |
Bug Description
When troubleshooting an issue related to loadbalancer creation for kubernetes-master via the openstack-
unit-openstack-
unit-openstack-
unit-openstack-
unit-openstack-
unit-openstack-
Traceback (most recent call last):
File "/var/lib/
bus.
File "/var/lib/
_invoke(
File "/var/lib/
handler.
File "/var/lib/
self.
File "/var/lib/
lb = layer.openstack
File "/var/lib/
lb_manager = LoadBalancer.
File "/var/lib/
lb = cls(app_name, port, subnet, algorithm, fip_net, manage_secgrps)
File "/var/lib/
self.
File "/var/lib/
self.
File "/var/lib/
if self.member_sg_id not in _openstack(
File "/var/lib/
output = _run_with_
File "/var/lib/
result = subprocess.
File "/usr/lib/
raise CalledProcessEr
subprocess.
This was tracked down by George Kraft as occurring in find_port of the LB Implementation class for Octavia.
The presence of two ports in the above traceback is due to the port query matching any ports with a fixed-ip of one of the LB members. If two separate tenant network subnets share a CIDR, such as 192.168.0.0/24 and both tenant subnets contain a VM on the same IP as one of the kubernetes-master or kubernetes-worker units, there's potential IP space collision.
I recommend limiting the query in this function to the subnet of the LB:
Current filter is: --fixed-ip ip-address=
This can be extended to be more accurate with: --fixed-ip subnet=
To reproduce, deploy kubernetes on top of openstack in a project.
In another project, create a network and subnet with the same same CIDR as the kubernetes project's subnet.
In that other project, create a port on the subnet with the same IP address of one of the kubernetes-master units, then add-relation kubernetes-
PR incoming.
Changed in charm-openstack-integrator: | |
importance: | Undecided → Medium |
status: | New → Fix Committed |
milestone: | none → 1.23+ck1 |
tags: | added: backport-needed |
Changed in charm-openstack-integrator: | |
milestone: | 1.23+ck1 → 1.24 |
tags: | removed: backport-needed |
Changed in charm-openstack-integrator: | |
status: | Fix Committed → Fix Released |
https:/ /github. com/juju- solutions/ charm-openstack -integrator/ pull/57