yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2073894] Re: IPv6 dns nameservers described with their scope on the IP are not supported

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <2073894@xxxxxxxxxxxxxxxxxx>
Date: Tue, 27 Aug 2024 15:01:50 -0000
Reply-to: Bug 2073894 <2073894@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/926079
Committed: https://opendev.org/openstack/neutron/commit/1ed8609a6818d99133bf56483adb9bce8c886fd6
Submitter: "Zuul (22348)"
Branch:    master

commit 1ed8609a6818d99133bf56483adb9bce8c886fd6
Author: Elvira García <egarciar@xxxxxxxxxx>
Date:   Fri Aug 9 18:16:59 2024 +0200

    Get ips from system dns resolver without scope
    
    Currently, is_valid_ipv6 accepts ipv6 addresses with scope. However
    netaddr library won't accept an address with scope. Now,
    get_noscope_ipv6() can be used to avoid this situation. In a future we
    will be able to use the same function which is also being defined on
    oslo.utils. https://review.opendev.org/c/openstack/oslo.utils/+/925469
    
    Closes-Bug: #2073894
    Signed-off-by: Elvira García <egarciar@xxxxxxxxxx>
    Change-Id: I27f25f90c54d7aaa3c4a7b5317b4b8a4122e4068


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2073894

Title:
  IPv6 dns nameservers described with their scope on the IP are not
  supported

Status in neutron:
  Fix Released
Status in oslo.utils:
  In Progress

Bug description:
  When updating a port, we sometimes need to check dns nameserver ips.
  When this happens, if the DNS resolver file (resolv.conf) includes an
  address with scope like fe80::5054:ff:fe96:8af7%eth2, oslo_utils
  is_valid_ipv6 detects this as valid ipv6 input, but netaddr will raise
  an exception since this is not strictly just the IPv6 address, and
  therefore the port update fails with a raised exception and the port
  is deleted.

  On a normal scenario, this means that the metadata port cannot be
  spawned and therefore no VMs can be properly configured using
  metadata.

  [resolv.conf example]
  # Generated by NetworkManager
  nameserver 10.0.0.1
  nameserver fe80::5054:ff:fe96:8af7%eth2
  nameserver 2620:52:0:13b8::fe

  This was found on an environment using Train, but affects every
  version.

  100% Reproducible, just need to try to spawn a VM on an environment
  with the resolv.conf similar to the example.

  Traceback found on controller logs:
  https://paste.opendev.org/show/bzqgpsJRifX0uovHw5nJ/

  From the compute logs we see the metadata port was deleted after the
  exception:

  2024-07-18 04:38:06.036 49524 DEBUG
  networking_ovn.agent.metadata.agent [-] There is no metadata port for
  network 75b73d16-cb05-42d1-84c5-19eccf3a252d or it has no MAC or IP
  addresses configured, tearing the namespace down if needed
  _get_provision_params /usr/lib/python3.6/site-
  packages/networking_ovn/agent/metadata/agent.py:474

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2073894/+subscriptions

References

[Bug 2073894] [NEW] IPv6 dns nameservers described with their scope on the IP are not supported
From: Elvira García Ruiz, 2024-07-23