neutron

Ensure subnet do not overlap when IP overlapping is disabled

Bug #1055822 reported by Salvatore Orlando
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Critical
Salvatore Orlando
neutron 2012.2 "folsom"

Bug Description

it should be possible to disable overlapping IPs for ensuring features such as metadata and security groups, currently still offered by nova, keep working without putting security at risk.

We need the API to return an error (possibly 409) is a subnet being created overlaps with another one (without returning the details of the other subnet of cours).

Also we need a flag for globally enabling/disabling overlapping IPs. Default should be disabled.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/13605

Changed in quantum:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/13605
Committed: http://github.com/openstack/quantum/commit/95153e4e3eaa2738d532463a244ff923c73ec9ff
Submitter: Jenkins
Branch: master

commit 95153e4e3eaa2738d532463a244ff923c73ec9ff
Author: Salvatore Orlando <email address hidden>
Date: Mon Sep 24 16:20:35 2012 -0700

    Do global CIDR check if overlapping IPs disabled.

    Fix bug 1055822

    This patch adds a global configuration option for enabling or disabling
    overlapping IPs for subnets in different networks.
    If they are disabled, the validation of the CIDR against overlapping
    ones should be performed globally and not just among subnets defined for
    the current network.

    Change-Id: If6a562324f0a5c3982591be8030c4628ec9007b6

Changed in quantum:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/13648

Changed in quantum:
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/13648
Committed: http://github.com/openstack/quantum/commit/4c679f618889d277c33964e510dc5b714956fcf4
Submitter: Jenkins
Branch: master

commit 4c679f618889d277c33964e510dc5b714956fcf4
Author: Salvatore Orlando <email address hidden>
Date: Tue Sep 25 10:51:59 2012 -0700

    Warn about use of overlapping ips in config file

    Fix bug 1055822

    Add an explicity user in the configuration file regarding consequences of
    enabling overlapping IPs when Quantum is used with nova security groups
    and/or metadata.

    Change-Id: Ifa67216fc7479a7858c0653422bf5baab58fb350

Changed in quantum:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in quantum:
milestone: none → folsom-rc3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/13656

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/13657

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (milestone-proposed)

Reviewed: https://review.openstack.org/13656
Committed: http://github.com/openstack/quantum/commit/408ada668f58f3bb5d1d2747d09a6e68dca1be6a
Submitter: Jenkins
Branch: milestone-proposed

commit 408ada668f58f3bb5d1d2747d09a6e68dca1be6a
Author: Salvatore Orlando <email address hidden>
Date: Mon Sep 24 16:20:35 2012 -0700

    Do global CIDR check if overlapping IPs disabled.

    Fix bug 1055822

    This patch adds a global configuration option for enabling or disabling
    overlapping IPs for subnets in different networks.
    If they are disabled, the validation of the CIDR against overlapping
    ones should be performed globally and not just among subnets defined for
    the current network.

    Change-Id: If6a562324f0a5c3982591be8030c4628ec9007b6

Changed in quantum:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/13657
Committed: http://github.com/openstack/quantum/commit/5dfc99b767bbab22ccb0d4e5134fd2178768645e
Submitter: Jenkins
Branch: milestone-proposed

commit 5dfc99b767bbab22ccb0d4e5134fd2178768645e
Author: Salvatore Orlando <email address hidden>
Date: Tue Sep 25 10:51:59 2012 -0700

    Warn about use of overlapping ips in config file

    Fix bug 1055822

    Add an explicity user in the configuration file regarding consequences of
    enabling overlapping IPs when Quantum is used with nova security groups
    and/or metadata.

    Change-Id: Ifa67216fc7479a7858c0653422bf5baab58fb350

Thierry Carrez (ttx)
Changed in quantum:
milestone: folsom-rc3 → 2012.2
Jian Wen (wenjianhn)
tags: removed: folsom-rc-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/30582

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.