-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.20
-
None
-
False
-
-
2
-
Important
-
None
-
rhos-conplat-osasinfra
-
None
-
None
-
None
-
ShiftStack Sprint 281
-
1
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The IP allocation pool for the machine subnet that is created by cluster-api-provider-openstack does not exclude the .5 and .7 addresses, which are reserved for the API and APPS VIPs. If the IP allocation pool includes any of those reserved IPs there might be an IP/port collision if more IPs are requested in that subnet by DHCP. It happens in an OSP deployment with DHCP agents running in the controller/network nodes, as each agent creates it's own DHCP port in the subnet. This issue won't be highlighted when using BYO network for the machine network with the correct IP allocation pool, which should exclude the .5 and .7 addresses too.
Version-Release number of selected component (if applicable):
OCP 4.20.6 on OSP 17.1.11.
How reproducible:
Always
Steps to Reproduce:
1. Deploy OSP 2. Add a machineNetwork under the networking section in the install-config.yaml 3. Check the subnet created for the machine network by cluster-api-provider-openstack excludes the .5 and .7 addresses
Actual results:
The subnet created for the machine network by cluster-api-provider-openstack doesn't exclude the .5 and .7 addresses.
machineNetwork:
- cidr: "10.196.0.0/16" <----
+----------------------+---------------------------------------------------------------------------------------------+
| Field | Value |
+----------------------+---------------------------------------------------------------------------------------------+
| allocation_pools | 10.196.0.2-10.196.255.254 | <<----
| cidr | 10.196.0.0/16 |
| created_at | 2025-12-05T10:08:01Z |
| description | Created by cluster-api-provider-openstack cluster openshift-cluster-api-guests-ostest-b6sfh |
[...]
Installer failure:
failed to fetch Cluster: failed to generate asset \"Cluster\": failed to create cluster: failed provisioning resources after infrastructure ready: Expected HTTP response code [201 202] when accessing [POST http://192.168.122.100:9696/v2.0/ports], but got 409 instead: {\"NeutronError\": {\"type\": \"IpAddressAlreadyAllocated\", \"message\": \"IP address 10.196.0.5 already allocated in subnet dce67567-e0a1-4e20-8a17-dd40cf8504a3\", \"detail\": \"\"}}
Expected results:
No IP/port collisions in the machine network with the reserved .5 and .7 addresses.
install-config.yaml:
apiVersion: v1
baseDomain: "shiftstack.local"
controlPlane:
name: master
platform:
openstack:
type: "master"
serverGroupPolicy: "anti-affinity"
replicas: 3
compute:
- name: worker
platform:
openstack:
type: "worker"
serverGroupPolicy: "anti-affinity"
replicas: 2
metadata:
name: "ostest"
networking:
clusterNetworks:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: "10.196.0.0/16" <<----
serviceNetwork:
- 172.30.0.0/16
networkType: "OVNKubernetes"
platform:
openstack:
cloud: "shiftstack"
region: "regionOne"
externalNetwork: "public"
apiFloatingIP: "192.168.122.211"
ingressFloatingIP: "192.168.122.229"
externalDNS: ['<>']
pullSecret: <>
Additional info:
$ openstack network list +--------------------------------------+------------------------------------------------------------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+------------------------------------------------------------------+--------------------------------------+ | 16b6d7e3-3412-4168-967e-36191f4b55c3 | public | 51a22d8e-c719-4517-972b-741fe412ba30 | | a341f5dd-f876-406b-80bc-c91db50866e3 | k8s-clusterapi-cluster-openshift-cluster-api-guests-ostest-b6sfh | dce67567-e0a1-4e20-8a17-dd40cf8504a3 | | d3e035b5-2dbf-42c5-a4bd-5faaf9590be0 | provisioning | b1385059-5c3e-4c9d-9cb3-fe1aeb612608 | +--------------------------------------+------------------------------------------------------------------+--------------------------------------+ $ openstack subnet list --network a341f5dd-f876-406b-80bc-c91db50866e3 +--------------------------------------+------------------------------------------------------------------+--------------------------------------+---------------+ | ID | Name | Network | Subnet | +--------------------------------------+------------------------------------------------------------------+--------------------------------------+---------------+ | dce67567-e0a1-4e20-8a17-dd40cf8504a3 | k8s-clusterapi-cluster-openshift-cluster-api-guests-ostest-b6sfh | a341f5dd-f876-406b-80bc-c91db50866e3 | 10.196.0.0/16 | +--------------------------------------+------------------------------------------------------------------+--------------------------------------+---------------+ $ openstack subnet show dce67567-e0a1-4e20-8a17-dd40cf8504a3 +----------------------+---------------------------------------------------------------------------------------------+ | Field | Value | +----------------------+---------------------------------------------------------------------------------------------+ | allocation_pools | 10.196.0.2-10.196.255.254 | <<---- | cidr | 10.196.0.0/16 | | created_at | 2025-12-05T10:08:01Z | | description | Created by cluster-api-provider-openstack cluster openshift-cluster-api-guests-ostest-b6sfh | | dns_nameservers | | | dns_publish_fixed_ip | None | | enable_dhcp | True | | gateway_ip | 10.196.0.1 | | host_routes | | | id | dce67567-e0a1-4e20-8a17-dd40cf8504a3 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | k8s-clusterapi-cluster-openshift-cluster-api-guests-ostest-b6sfh | | network_id | a341f5dd-f876-406b-80bc-c91db50866e3 | | prefix_length | None | | project_id | 220d3727315342b69aa303c0ccf49f7b | | revision_number | 1 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | openshiftClusterID=ostest-b6sfh | | updated_at | 2025-12-05T10:08:03Z | +----------------------+---------------------------------------------------------------------------------------------+
The allocation pool for the machine subnet includes the .5 and .7 which can led to IP/port conflicts.
$ openstack port list --project shiftstack +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+--------+ | ID | Name | MAC Address | Fixed IP Addresses | Status | +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+--------+ | 04d84c83-f9f7-4d9e-9ad8-48df01947c67 | | fa:16:3e:5e:67:51 | ip_address='192.168.122.229', subnet_id='51a22d8e-c719-4517-972b-741fe412ba30' | N/A | | 676d4641-7ff9-4003-9e0e-42ede5058c91 | | fa:16:3e:4a:25:33 | ip_address='10.196.0.3', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | ACTIVE | | 6d37eff3-58f8-4ed7-b310-f08a8585b9e6 | | fa:16:3e:e9:a5:a4 | ip_address='10.196.0.1', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | ACTIVE | | 7ff80fd8-be48-40b0-b3e8-24a200fde2f4 | | fa:16:3e:f0:87:f1 | ip_address='10.196.0.5', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | ACTIVE | | 90ba2423-2dd4-4a08-9bb4-2852be651b86 | | fa:16:3e:5c:bc:55 | ip_address='10.196.0.2', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | DOWN | | a48a3077-1cfa-48e7-8dfb-347084bec448 | | fa:16:3e:32:04:c2 | ip_address='192.168.122.211', subnet_id='51a22d8e-c719-4517-972b-741fe412ba30' | N/A | | ebfb7594-f1cb-4440-afdd-1a37c208b5e9 | | fa:16:3e:13:f2:c5 | ip_address='10.196.0.4', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | ACTIVE | +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+--------+
The port with the address 10.196.0.5 was created by Openstack for a DHCP agent, causing the error in the installer when trying to create a port with the same IP address for the API VIP.
OSP deployment with OVN and DHCP agents (pre-adoption OSP 17.1 deployment):
$ openstack network agent list --network a341f5dd-f876-406b-80bc-c91db50866e3 +--------------------------------------+------------+-----------------------------------------+-------------------+-------+-------+--------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+------------+-----------------------------------------+-------------------+-------+-------+--------------------+ | 3bddb000-46a9-4d21-89b8-2d6734f766ca | DHCP agent | osp-controller-uni01alpha-1.localdomain | nova | :-) | UP | neutron-dhcp-agent | | db20bd83-5e3d-4d4c-abe6-badd65a26a9b | DHCP agent | osp-controller-uni01alpha-0.localdomain | nova | :-) | UP | neutron-dhcp-agent | | defd5ac0-c717-431f-84be-5dac463a686f | DHCP agent | osp-controller-uni01alpha-2.localdomain | nova | :-) | UP | neutron-dhcp-agent | +--------------------------------------+------------+-----------------------------------------+-------------------+-------+-------+--------------------+ $ openstack port list --project shiftstack +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+--------+ | ID | Name | MAC Address | Fixed IP Addresses | Status | +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+--------+ | 04d84c83-f9f7-4d9e-9ad8-48df01947c67 | | fa:16:3e:5e:67:51 | ip_address='192.168.122.229', subnet_id='51a22d8e-c719-4517-972b-741fe412ba30' | N/A | | 676d4641-7ff9-4003-9e0e-42ede5058c91 | | fa:16:3e:4a:25:33 | ip_address='10.196.0.3', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | ACTIVE | | 6d37eff3-58f8-4ed7-b310-f08a8585b9e6 | | fa:16:3e:e9:a5:a4 | ip_address='10.196.0.1', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | ACTIVE | | 7ff80fd8-be48-40b0-b3e8-24a200fde2f4 | | fa:16:3e:f0:87:f1 | ip_address='10.196.0.5', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | ACTIVE | | 90ba2423-2dd4-4a08-9bb4-2852be651b86 | | fa:16:3e:5c:bc:55 | ip_address='10.196.0.2', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | DOWN | | a48a3077-1cfa-48e7-8dfb-347084bec448 | | fa:16:3e:32:04:c2 | ip_address='192.168.122.211', subnet_id='51a22d8e-c719-4517-972b-741fe412ba30' | N/A | | ebfb7594-f1cb-4440-afdd-1a37c208b5e9 | | fa:16:3e:13:f2:c5 | ip_address='10.196.0.4', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | ACTIVE | +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+--------+ $ openstack port show 6d37eff3-58f8-4ed7-b310-f08a8585b9e6 +-------------------------+---------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+---------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | | | binding_profile | | | binding_vif_details | | | binding_vif_type | unbound | | binding_vnic_type | normal | | created_at | 2025-12-05T10:08:09Z | | data_plane_status | None | | description | | | device_id | 6476cb58-acf3-4589-9468-943cec2d7192 | | device_owner | network:router_interface | | device_profile | None | | dns_assignment | fqdn='host-10-196-0-1.openstacklocal.', hostname='host-10-196-0-1', ip_address='10.196.0.1' | | dns_domain | | | dns_name | | | extra_dhcp_opts | | | fixed_ips | ip_address='10.196.0.1', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | | id | 6d37eff3-58f8-4ed7-b310-f08a8585b9e6 | | ip_allocation | immediate | | mac_address | fa:16:3e:e9:a5:a4 | | name | | | network_id | a341f5dd-f876-406b-80bc-c91db50866e3 | | numa_affinity_policy | None | | port_security_enabled | False | | project_id | 220d3727315342b69aa303c0ccf49f7b | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 2 | | security_group_ids | | | status | ACTIVE | | tags | | | trunk_details | None | | updated_at | 2025-12-05T10:08:12Z | +-------------------------+---------------------------------------------------------------------------------------------+ $ openstack port show 90ba2423-2dd4-4a08-9bb4-2852be651b86 +-------------------------+---------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+---------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | | | binding_profile | | | binding_vif_details | | | binding_vif_type | unbound | | binding_vnic_type | normal | | created_at | 2025-12-05T10:08:00Z | | data_plane_status | None | | description | | | device_id | ovnmeta-a341f5dd-f876-406b-80bc-c91db50866e3 | | device_owner | network:distributed | | device_profile | None | | dns_assignment | fqdn='host-10-196-0-2.openstacklocal.', hostname='host-10-196-0-2', ip_address='10.196.0.2' | | dns_domain | | | dns_name | | | extra_dhcp_opts | | | fixed_ips | ip_address='10.196.0.2', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | | id | 90ba2423-2dd4-4a08-9bb4-2852be651b86 | | ip_allocation | none | | mac_address | fa:16:3e:5c:bc:55 | | name | | | network_id | a341f5dd-f876-406b-80bc-c91db50866e3 | | numa_affinity_policy | None | | port_security_enabled | False | | project_id | 220d3727315342b69aa303c0ccf49f7b | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 2 | | security_group_ids | | | status | DOWN | | tags | | | trunk_details | None | | updated_at | 2025-12-05T10:08:02Z | +-------------------------+---------------------------------------------------------------------------------------------+ $ openstack port show 676d4641-7ff9-4003-9e0e-42ede5058c91 +-------------------------+---------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+---------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | osp-controller-uni01alpha-2.localdomain | | binding_profile | | | binding_vif_details | connectivity='l2', datapath_type='system', port_filter='True' | | binding_vif_type | ovs | | binding_vnic_type | normal | | created_at | 2025-12-05T10:08:03Z | | data_plane_status | None | | description | | | device_id | dhcp9e59ba2d-9e58-5717-9ccf-e627487b66ea-a341f5dd-f876-406b-80bc-c91db50866e3 | | device_owner | network:dhcp | | device_profile | None | | dns_assignment | ... | | dns_domain | | | dns_name | | | extra_dhcp_opts | | | fixed_ips | ip_address='10.196.0.3', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | | id | 676d4641-7ff9-4003-9e0e-42ede5058c91 | | ip_allocation | immediate | | mac_address | fa:16:3e:4a:25:33 | | name | | | network_id | a341f5dd-f876-406b-80bc-c91db50866e3 | | numa_affinity_policy | None | | port_security_enabled | False | | project_id | 220d3727315342b69aa303c0ccf49f7b | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 3 | | security_group_ids | | | status | ACTIVE | | tags | | | trunk_details | None | | updated_at | 2025-12-05T10:08:05Z | +-------------------------+---------------------------------------------------------------------------------------------+ $ openstack port show ebfb7594-f1cb-4440-afdd-1a37c208b5e9 +-------------------------+---------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+---------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | osp-controller-uni01alpha-0.localdomain | | binding_profile | | | binding_vif_details | connectivity='l2', datapath_type='system', port_filter='True' | | binding_vif_type | ovs | | binding_vnic_type | normal | | created_at | 2025-12-05T10:08:04Z | | data_plane_status | None | | description | | | device_id | dhcp05b2c053-9240-5108-bae8-8eb5e10eef02-a341f5dd-f876-406b-80bc-c91db50866e3 | | device_owner | network:dhcp | | device_profile | None | | dns_assignment | fqdn='host-10-196-0-4.openstacklocal.', hostname='host-10-196-0-4', ip_address='10.196.0.4' | | dns_domain | | | dns_name | | | extra_dhcp_opts | | | fixed_ips | ip_address='10.196.0.4', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | | id | ebfb7594-f1cb-4440-afdd-1a37c208b5e9 | | ip_allocation | immediate | | mac_address | fa:16:3e:13:f2:c5 | | name | | | network_id | a341f5dd-f876-406b-80bc-c91db50866e3 | | numa_affinity_policy | None | | port_security_enabled | False | | project_id | 220d3727315342b69aa303c0ccf49f7b | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 3 | | security_group_ids | | | status | ACTIVE | | tags | | | trunk_details | None | | updated_at | 2025-12-05T10:08:07Z | +-------------------------+---------------------------------------------------------------------------------------------+ $ openstack port show 7ff80fd8-be48-40b0-b3e8-24a200fde2f4 +-------------------------+---------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+---------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | osp-controller-uni01alpha-1.localdomain | | binding_profile | | | binding_vif_details | connectivity='l2', datapath_type='system', port_filter='True' | | binding_vif_type | ovs | | binding_vnic_type | normal | | created_at | 2025-12-05T10:08:05Z | | data_plane_status | None | | description | | | device_id | dhcp22bf6729-349c-5a55-8d8f-fd17909cd553-a341f5dd-f876-406b-80bc-c91db50866e3 | | device_owner | network:dhcp | | device_profile | None | | dns_assignment | fqdn='host-10-196-0-5.openstacklocal.', hostname='host-10-196-0-5', ip_address='10.196.0.5' | | dns_domain | | | dns_name | | | extra_dhcp_opts | | | fixed_ips | ip_address='10.196.0.5', subnet_id='dce67567-e0a1-4e20-8a17-dd40cf8504a3' | | id | 7ff80fd8-be48-40b0-b3e8-24a200fde2f4 | | ip_allocation | immediate | | mac_address | fa:16:3e:f0:87:f1 | | name | | | network_id | a341f5dd-f876-406b-80bc-c91db50866e3 | | numa_affinity_policy | None | | port_security_enabled | False | | project_id | 220d3727315342b69aa303c0ccf49f7b | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 3 | | security_group_ids | | | status | ACTIVE | | tags | | | trunk_details | None | | updated_at | 2025-12-05T10:08:07Z | +-------------------------+---------------------------------------------------------------------------------------------+
