Magnum

Failed to create port on network <UUID>, because fixed_ips included invalid subnet <UUID>

Bug #2038109 reported by Felipe Reyes
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Magnum
In Progress
Undecided
Felipe Reyes
magnum (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

[Impact]

When creating a new "cluster"that overrides the fixed network defined in the cluster template, but not the subnet.

It would be expected that the cluster create request fails with a 400 error since the client is submitting an invalid request.

[Environment]

Focal Ussuri

[Test Case]

1. Create a new cluster template WITHOUT a fixed network/subnet set.
openstack coe cluster template create k8s-cluster-template \
    --image fedora-coreos-32 \
    --keypair testkey \
    --external-network ext_net \
    --flavor m1.small \
    --network-driver flannel \
    --coe kubernetes \
    --fixed-network admin_net \
    --fixed-subnet admin_subnet

2. Create a new cluster using the template previously created and select an existing network

openstack coe cluster create \
    --cluster-template k8s-cluster-template \
    --timeout 120 \
    --fixed-network private \
    k8scluster

Expected result

The cluster gets created

Actual result:

The cluster creation fails with the following error:

$ openstack coe cluster show k8scluster -f json -c faults | jq -r '.faults'
{
  "default-master": "Resource CREATE failed: BadRequest: resources.kube_masters.resources[0].resources.kube_master_eth0: Invalid input for operation: Failed to create port on network 525df7a4-1aeb-4eae-a37f-432a809a8161, because fixed_ips included invalid subnet 30e1b4ed-811f-4226-a19d-0a56cc72fc10.\nNeutron server returns request_ids: ['req-7a55a40a-3aa3-4a67-8ecf-b2e47ae16a84']",
  "default-worker": "Resource CREATE failed: BadRequest: resources.kube_masters.resources[0].resources.kube_master_eth0: Invalid input for operation: Failed to create port on network 525df7a4-1aeb-4eae-a37f-432a809a8161, because fixed_ips included invalid subnet 30e1b4ed-811f-4226-a19d-0a56cc72fc10.\nNeutron server returns request_ids: ['req-7a55a40a-3aa3-4a67-8ecf-b2e47ae16a84']"
}

Felipe Reyes (freyes)
Changed in magnum (Ubuntu):
status: New → Confirmed
Revision history for this message
Felipe Reyes (freyes) wrote :
Download full text (16.0 KiB)

the issue can be reproduced using master (with devstack)

$ openstack coe cluster template create k8s-cluster-template --image fedora-coreos-35.20220116.3.0-openstack.x86_64 --keypair testkey --external-network public --flavor m1.small --network-driver flannel --coe kubernetes
Request to create cluster template k8s-cluster-template accepted
+-----------------------+------------------------------------------------+
| Field | Value |
 +-----------------------+------------------------------------------------+
| insecure_registry | - |
| labels | {} |
| updated_at | - |
| floating_ip_enabled | True |
| fixed_subnet | - |
| master_flavor_id | - |
| uuid | 9c7edc11-a710-4f24-8850-f9911e7ff0d5 |
| no_proxy | - |
| https_proxy | - |
| tls_disabled | False |
| keypair_id | testkey |
| public | False |
| http_proxy | - |
| docker_volume_size | - |
| server_type | vm |
| external_network_id | public |
| cluster_distro | fedora-coreos |
| image_id | fedora-coreos-35.20220116.3.0-openstack.x86_64 |
| volume_driver | - |
| registry_enabled | False |
| docker_storage_driver | overlay2 |
| apiserver_port | - |
| name | k8s-cluster-template |
| created_at | 2023-10-03T19:45:21.945595+00:00 |
| network_driver | flannel |
| fixed_network | - |
| coe | kubernetes |
| flavor_id | m1.small |
| master_lb_enabled | False |
| dns_nameserver | 8.8.8.8 |
| hidden | False |
| tags | - |
 +-----------------------+------------------------------------------------+
$ openstack coe cluster create \
    --cluster-template k8s-cluster-template \ ...

Revision history for this message
Felipe Reyes (freyes) wrote :

The approach I'm taking to solve this problem is to implement the validate_fixed_network and validate_fixed_subnet - https://opendev.org/openstack/magnum/src/commit/a3276fd53b3a018522e3159137664d9808603514/magnum/api/attr_validator.py#L99

Changed in magnum:
assignee: nobody → Felipe Reyes (freyes)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to magnum (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/magnum/+/897362

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/magnum/+/897506

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/magnum/+/897507

Revision history for this message
Felipe Reyes (freyes) wrote :

There is an issue with magnum-ui preventing users from selecting a subnet when overriding the network, see https://bugs.launchpad.net/magnum-ui/+bug/2038663

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to magnum-ui (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/magnum-ui/+/898007

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.