neutron

  1. Series icehouse
  2. Bug #1443798
  3. Activity log

Activity log for bug #1443798

Date Who What changed Old value New value Message
2015-04-14 07:46:12 watanabe.isao bug added bug
2015-04-14 07:46:27 watanabe.isao neutron: assignee watanabe.isao (watanabe.isao)
2015-04-14 11:39:23 Tristan Cacqueray bug task added ossa
2015-04-14 11:40:11 Tristan Cacqueray ossa: status New Incomplete
2015-04-14 11:40:32 Tristan Cacqueray description If any tenant creates a subnet with a netmask of 31 or 32 in IPv4, IP addresses of network will fail to be generated, and that will cause constant resyncs and neutron-dhcp-agent malfunction. [Example operation] $ neutron subnet-create net 192.168.0.0/31 --name sub Created a new subnet: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | | | cidr | 192.168.0.0/31 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.0.1 | | host_routes | | | id | 42a91f59-1c2d-4e33-9033-4691069c5e4b | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | sub | | network_id | 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e | | subnetpool_id | | | tenant_id | 4ffb89e718d346b48fdce2ac61537bce | +-------------------+--------------------------------------+ [Trace log] 2015-04-15 10:23:25.352 3056 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e. 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent Traceback (most recent call last): 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 112, in call_driver 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent getattr(driver, action)(**action_kwargs) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 201, in enable 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent interface_name = self.device_manager.setup(self.network) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 928, in setup 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent port = self.setup_dhcp_port(network) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 909, in setup_dhcp_port 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent dhcp_port = self.plugin.create_dhcp_port({'port': port_dict}) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 433, in create_dhcp_port 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent port=port, host=self.host) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/client.py", line 156, in call 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent retry=self.retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/transport.py", line 90, in _send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent timeout=timeout, retry=retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 350, in send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent retry=retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 341, in _send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent raise result 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent RemoteError: Remote error: IpAddressGenerationFailure No more IP addresses available on network 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e. -- This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added as to the bug as attachments. -- If any tenant creates a subnet with a netmask of 31 or 32 in IPv4, IP addresses of network will fail to be generated, and that will cause constant resyncs and neutron-dhcp-agent malfunction. [Example operation] $ neutron subnet-create net 192.168.0.0/31 --name sub Created a new subnet: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | | | cidr | 192.168.0.0/31 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.0.1 | | host_routes | | | id | 42a91f59-1c2d-4e33-9033-4691069c5e4b | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | sub | | network_id | 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e | | subnetpool_id | | | tenant_id | 4ffb89e718d346b48fdce2ac61537bce | +-------------------+--------------------------------------+ [Trace log] 2015-04-15 10:23:25.352 3056 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e. 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent Traceback (most recent call last): 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 112, in call_driver 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent getattr(driver, action)(**action_kwargs) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 201, in enable 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent interface_name = self.device_manager.setup(self.network) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 928, in setup 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent port = self.setup_dhcp_port(network) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 909, in setup_dhcp_port 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent dhcp_port = self.plugin.create_dhcp_port({'port': port_dict}) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 433, in create_dhcp_port 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent port=port, host=self.host) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/client.py", line 156, in call 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent retry=self.retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/transport.py", line 90, in _send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent timeout=timeout, retry=retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 350, in send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent retry=retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 341, in _send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent raise result 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent RemoteError: Remote error: IpAddressGenerationFailure No more IP addresses available on network 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e.
2015-04-14 11:41:15 Tristan Cacqueray bug added subscriber Salvatore Orlando
2015-04-14 21:59:23 Salvatore Orlando bug added subscriber Armando Migliaccio
2015-04-15 02:03:16 watanabe.isao bug added subscriber Yushiro FURUKAWA
2015-04-15 07:37:18 watanabe.isao attachment added 1443798_patch.txt https://bugs.launchpad.net/neutron/+bug/1443798/+attachment/4375968/+files/1443798_patch.txt
2015-04-15 07:40:29 watanabe.isao attachment added bug1443798.patch https://bugs.launchpad.net/neutron/+bug/1443798/+attachment/4375971/+files/bug1443798.patch
2015-04-15 16:30:07 Kyle Mestery bug added subscriber Kyle Mestery
2015-04-16 01:23:20 watanabe.isao description -- This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added as to the bug as attachments. -- If any tenant creates a subnet with a netmask of 31 or 32 in IPv4, IP addresses of network will fail to be generated, and that will cause constant resyncs and neutron-dhcp-agent malfunction. [Example operation] $ neutron subnet-create net 192.168.0.0/31 --name sub Created a new subnet: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | | | cidr | 192.168.0.0/31 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.0.1 | | host_routes | | | id | 42a91f59-1c2d-4e33-9033-4691069c5e4b | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | sub | | network_id | 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e | | subnetpool_id | | | tenant_id | 4ffb89e718d346b48fdce2ac61537bce | +-------------------+--------------------------------------+ [Trace log] 2015-04-15 10:23:25.352 3056 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e. 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent Traceback (most recent call last): 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 112, in call_driver 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent getattr(driver, action)(**action_kwargs) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 201, in enable 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent interface_name = self.device_manager.setup(self.network) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 928, in setup 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent port = self.setup_dhcp_port(network) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 909, in setup_dhcp_port 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent dhcp_port = self.plugin.create_dhcp_port({'port': port_dict}) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 433, in create_dhcp_port 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent port=port, host=self.host) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/client.py", line 156, in call 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent retry=self.retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/transport.py", line 90, in _send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent timeout=timeout, retry=retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 350, in send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent retry=retry) 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 341, in _send 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent raise result 2015-04-15 10:23:25.352 3056 TRACE neutron.agent.dhcp.agent RemoteError: Remote error: IpAddressGenerationFailure No more IP addresses available on network 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e. -- This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added as to the bug as attachments. -- If any tenant creates a subnet with a netmask of 31 or 32 in IPv4, IP addresses of network will fail to be generated, and that will cause constant resyncs and neutron-dhcp-agent malfunction. [Example operation 1] - Create subnet from CLI, with CIDR /31 (CIDR /32 has the same result). $ neutron subnet-create net 192.168.0.0/31 --name sub Created a new subnet: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | | | cidr | 192.168.0.0/31 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.0.1 | | host_routes | | | id | 42a91f59-1c2d-4e33-9033-4691069c5e4b | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | sub | | network_id | 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e | | subnetpool_id | | | tenant_id | 4ffb89e718d346b48fdce2ac61537bce | +-------------------+--------------------------------------+ [Example operation 2] - Create subnet from API, with cidr /32 (CIDR /31 has the same result). $ curl -i -X POST -H "content-type:application/json" -d '{"subnet": { "name": "badsub", "cidr" : "192.168.0.0/32", "ip_version": 4, "network_id": "8 8143cda-5fe7-45b6-9245-b1e8b75d28d8"}}' -H "x-auth-token:$TOKEN" http://192.168.122.130:9696/v2.0/subnets HTTP/1.1 201 Created Content-Type: application/json; charset=UTF-8 Content-Length: 410 X-Openstack-Request-Id: req-4e7e74c0-0190-4a69-a9eb-93d545e8aeef Date: Thu, 16 Apr 2015 19:21:20 GMT {"subnet": {"name": "badsub", "enable_dhcp": true, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8", "tenant_id": "4ffb89e718d346b48fdce2ac61537bce", "dns_nameservers": [], "gateway_ip": "192.168.0.1", "ipv6_ra_mode": null, "allocation_pools": [], "host_routes": [], "ip_version": 4, "ipv6_address_mode": null, "cidr": "192.168.0.0/32", "id": "d210d5fd-8b3b-4c0e-b5ad-41798bd47d97", "subnetpool_id": null}} [Example operation 3] - Create subnet from API, with empty allocation_pools. $ curl -i -X POST -H "content-type:application/json" -d '{"subnet": { "name": "badsub", "cidr" : "192.168.0.0/24", "allocation_pools": [], "ip_version": 4, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8"}}' -H "x-auth-token:$TOKEN" http://192.168.122.130:9696/v2.0/subnets HTTP/1.1 201 Created Content-Type: application/json; charset=UTF-8 Content-Length: 410 X-Openstack-Request-Id: req-54ce81db-b586-4887-b60b-8776a2ebdb4e Date: Thu, 16 Apr 2015 19:18:21 GMT {"subnet": {"name": "badsub", "enable_dhcp": true, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8", "tenant_id": "4ffb89e718d346b48fdce2ac61537bce", "dns_nameservers": [], "gateway_ip": "192.168.0.1", "ipv6_ra_mode": null, "allocation_pools": [], "host_routes": [], "ip_version": 4, "ipv6_address_mode": null, "cidr": "192.168.0.0/24", "id": "abc2dca4-bf8b-46f5-af1a-0a1049309854", "subnetpool_id": null}} [Trace log] 2015-04-17 04:23:27.907 16641 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is e0a6a81a005d4aa0b40130506afa0267. _add_unique_id /usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqp.py:258 2015-04-17 04:23:27.979 16641 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for 88143cda-5fe7-45b6-9245-b1e8b75d28d8. 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent Traceback (most recent call last): 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 112, in call_driver 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent getattr(driver, action)(**action_kwargs) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 201, in enable 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent interface_name = self.device_manager.setup(self.network) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 928, in setup 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent port = self.setup_dhcp_port(network) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 909, in setup_dhcp_port 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent dhcp_port = self.plugin.create_dhcp_port({'port': port_dict}) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 433, in create_dhcp_port 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent port=port, host=self.host) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/client.py", line 156, in call 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent retry=self.retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/transport.py", line 90, in _send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent timeout=timeout, retry=retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 350, in send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent retry=retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 341, in _send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent raise result 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent RemoteError: Remote error: IpAddressGenerationFailure No more IP addresses available on network 88143cda-5fe7-45b6-9245-b1e8b75d28d8.
2015-04-16 06:43:30 watanabe.isao attachment added bug1443798.patch.testCLI.txt https://bugs.launchpad.net/neutron/+bug/1443798/+attachment/4376859/+files/bug1443798.patch.testCLI.txt
2015-04-16 06:44:22 watanabe.isao attachment added bug1443798.patch https://bugs.launchpad.net/neutron/+bug/1443798/+attachment/4376860/+files/bug1443798.patch
2015-04-16 06:45:44 watanabe.isao attachment added bug1443798.patch.testAPI.txt https://bugs.launchpad.net/neutron/+bug/1443798/+attachment/4376862/+files/bug1443798.patch.testAPI.txt
2015-04-16 06:57:52 watanabe.isao information type Private Security Public Security
2015-04-16 07:17:49 OpenStack Infra neutron: status New In Progress
2015-04-16 12:38:54 Tristan Cacqueray tags network kilo-backport-potential kilo-rc-potential network
2015-04-17 13:06:48 Kyle Mestery neutron: importance Undecided High
2015-04-17 13:10:27 OpenStack Infra neutron: assignee watanabe.isao (watanabe.isao) Kyle Mestery (mestery)
2015-04-17 13:10:56 Kyle Mestery neutron: milestone liberty-1
2015-04-17 21:42:06 OpenStack Infra neutron: assignee Kyle Mestery (mestery) Andrew Boik (drewboik)
2015-04-17 22:14:40 Andrew Boik neutron: assignee Andrew Boik (drewboik)
2015-04-20 00:21:55 watanabe.isao neutron: assignee watanabe.isao (watanabe.isao)
2015-04-20 14:25:09 Jeremy Stanley description -- This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added as to the bug as attachments. -- If any tenant creates a subnet with a netmask of 31 or 32 in IPv4, IP addresses of network will fail to be generated, and that will cause constant resyncs and neutron-dhcp-agent malfunction. [Example operation 1] - Create subnet from CLI, with CIDR /31 (CIDR /32 has the same result). $ neutron subnet-create net 192.168.0.0/31 --name sub Created a new subnet: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | | | cidr | 192.168.0.0/31 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.0.1 | | host_routes | | | id | 42a91f59-1c2d-4e33-9033-4691069c5e4b | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | sub | | network_id | 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e | | subnetpool_id | | | tenant_id | 4ffb89e718d346b48fdce2ac61537bce | +-------------------+--------------------------------------+ [Example operation 2] - Create subnet from API, with cidr /32 (CIDR /31 has the same result). $ curl -i -X POST -H "content-type:application/json" -d '{"subnet": { "name": "badsub", "cidr" : "192.168.0.0/32", "ip_version": 4, "network_id": "8 8143cda-5fe7-45b6-9245-b1e8b75d28d8"}}' -H "x-auth-token:$TOKEN" http://192.168.122.130:9696/v2.0/subnets HTTP/1.1 201 Created Content-Type: application/json; charset=UTF-8 Content-Length: 410 X-Openstack-Request-Id: req-4e7e74c0-0190-4a69-a9eb-93d545e8aeef Date: Thu, 16 Apr 2015 19:21:20 GMT {"subnet": {"name": "badsub", "enable_dhcp": true, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8", "tenant_id": "4ffb89e718d346b48fdce2ac61537bce", "dns_nameservers": [], "gateway_ip": "192.168.0.1", "ipv6_ra_mode": null, "allocation_pools": [], "host_routes": [], "ip_version": 4, "ipv6_address_mode": null, "cidr": "192.168.0.0/32", "id": "d210d5fd-8b3b-4c0e-b5ad-41798bd47d97", "subnetpool_id": null}} [Example operation 3] - Create subnet from API, with empty allocation_pools. $ curl -i -X POST -H "content-type:application/json" -d '{"subnet": { "name": "badsub", "cidr" : "192.168.0.0/24", "allocation_pools": [], "ip_version": 4, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8"}}' -H "x-auth-token:$TOKEN" http://192.168.122.130:9696/v2.0/subnets HTTP/1.1 201 Created Content-Type: application/json; charset=UTF-8 Content-Length: 410 X-Openstack-Request-Id: req-54ce81db-b586-4887-b60b-8776a2ebdb4e Date: Thu, 16 Apr 2015 19:18:21 GMT {"subnet": {"name": "badsub", "enable_dhcp": true, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8", "tenant_id": "4ffb89e718d346b48fdce2ac61537bce", "dns_nameservers": [], "gateway_ip": "192.168.0.1", "ipv6_ra_mode": null, "allocation_pools": [], "host_routes": [], "ip_version": 4, "ipv6_address_mode": null, "cidr": "192.168.0.0/24", "id": "abc2dca4-bf8b-46f5-af1a-0a1049309854", "subnetpool_id": null}} [Trace log] 2015-04-17 04:23:27.907 16641 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is e0a6a81a005d4aa0b40130506afa0267. _add_unique_id /usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqp.py:258 2015-04-17 04:23:27.979 16641 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for 88143cda-5fe7-45b6-9245-b1e8b75d28d8. 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent Traceback (most recent call last): 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 112, in call_driver 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent getattr(driver, action)(**action_kwargs) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 201, in enable 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent interface_name = self.device_manager.setup(self.network) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 928, in setup 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent port = self.setup_dhcp_port(network) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 909, in setup_dhcp_port 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent dhcp_port = self.plugin.create_dhcp_port({'port': port_dict}) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 433, in create_dhcp_port 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent port=port, host=self.host) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/client.py", line 156, in call 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent retry=self.retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/transport.py", line 90, in _send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent timeout=timeout, retry=retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 350, in send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent retry=retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 341, in _send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent raise result 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent RemoteError: Remote error: IpAddressGenerationFailure No more IP addresses available on network 88143cda-5fe7-45b6-9245-b1e8b75d28d8. If any tenant creates a subnet with a netmask of 31 or 32 in IPv4, IP addresses of network will fail to be generated, and that will cause constant resyncs and neutron-dhcp-agent malfunction. [Example operation 1]  - Create subnet from CLI, with CIDR /31 (CIDR /32 has the same result). $ neutron subnet-create net 192.168.0.0/31 --name sub Created a new subnet: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | | | cidr | 192.168.0.0/31 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.0.1 | | host_routes | | | id | 42a91f59-1c2d-4e33-9033-4691069c5e4b | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | sub | | network_id | 65cc6b46-17ec-41a8-9fe4-5bf93fc25d1e | | subnetpool_id | | | tenant_id | 4ffb89e718d346b48fdce2ac61537bce | +-------------------+--------------------------------------+ [Example operation 2]  - Create subnet from API, with cidr /32 (CIDR /31 has the same result). $ curl -i -X POST -H "content-type:application/json" -d '{"subnet": { "name": "badsub", "cidr" : "192.168.0.0/32", "ip_version": 4, "network_id": "8 8143cda-5fe7-45b6-9245-b1e8b75d28d8"}}' -H "x-auth-token:$TOKEN" http://192.168.122.130:9696/v2.0/subnets HTTP/1.1 201 Created Content-Type: application/json; charset=UTF-8 Content-Length: 410 X-Openstack-Request-Id: req-4e7e74c0-0190-4a69-a9eb-93d545e8aeef Date: Thu, 16 Apr 2015 19:21:20 GMT {"subnet": {"name": "badsub", "enable_dhcp": true, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8", "tenant_id": "4ffb89e718d346b48fdce2ac61537bce", "dns_nameservers": [], "gateway_ip": "192.168.0.1", "ipv6_ra_mode": null, "allocation_pools": [], "host_routes": [], "ip_version": 4, "ipv6_address_mode": null, "cidr": "192.168.0.0/32", "id": "d210d5fd-8b3b-4c0e-b5ad-41798bd47d97", "subnetpool_id": null}} [Example operation 3]  - Create subnet from API, with empty allocation_pools. $ curl -i -X POST -H "content-type:application/json" -d '{"subnet": { "name": "badsub", "cidr" : "192.168.0.0/24", "allocation_pools": [], "ip_version": 4, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8"}}' -H "x-auth-token:$TOKEN" http://192.168.122.130:9696/v2.0/subnets HTTP/1.1 201 Created Content-Type: application/json; charset=UTF-8 Content-Length: 410 X-Openstack-Request-Id: req-54ce81db-b586-4887-b60b-8776a2ebdb4e Date: Thu, 16 Apr 2015 19:18:21 GMT {"subnet": {"name": "badsub", "enable_dhcp": true, "network_id": "88143cda-5fe7-45b6-9245-b1e8b75d28d8", "tenant_id": "4ffb89e718d346b48fdce2ac61537bce", "dns_nameservers": [], "gateway_ip": "192.168.0.1", "ipv6_ra_mode": null, "allocation_pools": [], "host_routes": [], "ip_version": 4, "ipv6_address_mode": null, "cidr": "192.168.0.0/24", "id": "abc2dca4-bf8b-46f5-af1a-0a1049309854", "subnetpool_id": null}} [Trace log] 2015-04-17 04:23:27.907 16641 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is e0a6a81a005d4aa0b40130506afa0267. _add_unique_id /usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqp.py:258 2015-04-17 04:23:27.979 16641 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for 88143cda-5fe7-45b6-9245-b1e8b75d28d8. 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent Traceback (most recent call last): 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 112, in call_driver 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent getattr(driver, action)(**action_kwargs) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 201, in enable 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent interface_name = self.device_manager.setup(self.network) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 928, in setup 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent port = self.setup_dhcp_port(network) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/linux/dhcp.py", line 909, in setup_dhcp_port 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent dhcp_port = self.plugin.create_dhcp_port({'port': port_dict}) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/opt/stack/neutron/neutron/agent/dhcp/agent.py", line 433, in create_dhcp_port 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent port=port, host=self.host) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/client.py", line 156, in call 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent retry=self.retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/transport.py", line 90, in _send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent timeout=timeout, retry=retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 350, in send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent retry=retry) 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py", line 341, in _send 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent raise result 2015-04-17 04:23:27.979 16641 TRACE neutron.agent.dhcp.agent RemoteError: Remote error: IpAddressGenerationFailure No more IP addresses available on network 88143cda-5fe7-45b6-9245-b1e8b75d28d8.
2015-04-20 14:26:12 Thierry Carrez ossa: importance Undecided High
2015-04-20 14:26:12 Thierry Carrez ossa: status Incomplete Confirmed
2015-04-20 14:26:29 Thierry Carrez nominated for series neutron/kilo
2015-04-20 14:26:29 Thierry Carrez bug task added neutron/kilo
2015-04-21 13:17:18 Thierry Carrez bug task deleted neutron/kilo
2015-04-21 14:58:11 Thierry Carrez nominated for series neutron/kilo
2015-04-21 14:58:11 Thierry Carrez bug task added neutron/kilo
2015-04-23 01:30:34 Kyle Mestery neutron: milestone liberty-1 kilo-rc2
2015-04-23 05:18:24 OpenStack Infra neutron: status In Progress Fix Committed
2015-04-23 05:57:13 OpenStack Infra neutron/kilo: status New In Progress
2015-04-23 05:57:13 OpenStack Infra neutron/kilo: assignee Akihiro Motoki (amotoki)
2015-04-23 06:47:53 Thierry Carrez neutron/kilo: milestone kilo-rc2
2015-04-23 06:47:55 Thierry Carrez neutron: milestone kilo-rc2
2015-04-23 07:51:36 Thierry Carrez neutron/kilo: importance Undecided High
2015-04-23 14:08:07 OpenStack Infra neutron/kilo: status In Progress Fix Committed
2015-04-23 18:40:00 Thierry Carrez neutron/kilo: status Fix Committed Fix Released
2015-04-23 18:40:08 Thierry Carrez tags kilo-backport-potential kilo-rc-potential network network
2015-04-30 09:57:38 Thierry Carrez neutron/kilo: milestone kilo-rc2 2015.1.0
2015-05-04 14:27:22 Thierry Carrez nominated for series neutron/icehouse
2015-05-04 14:27:22 Thierry Carrez bug task added neutron/icehouse
2015-05-04 14:27:22 Thierry Carrez nominated for series neutron/juno
2015-05-04 14:27:22 Thierry Carrez bug task added neutron/juno
2015-05-04 14:27:31 Thierry Carrez neutron/icehouse: status New Incomplete
2015-05-04 14:27:34 Thierry Carrez neutron/juno: status New Incomplete
2015-05-12 21:41:40 Tristan Cacqueray ossa: status Confirmed Incomplete
2015-06-09 18:42:46 Tristan Cacqueray ossa: status Incomplete Won't Fix
2015-06-24 20:13:07 Thierry Carrez neutron: status Fix Committed Fix Released
2015-06-24 20:13:07 Thierry Carrez neutron: milestone liberty-1
2015-06-26 17:31:08 OpenStack Infra tags network in-feature-qos network
2015-06-26 17:31:10 OpenStack Infra bug watch added http://bugs.python.org/issue21239
2015-06-30 02:30:09 OpenStack Infra tags in-feature-qos network in-feature-pecan in-feature-qos network
2015-10-15 12:14:45 Thierry Carrez neutron: milestone liberty-1 7.0.0