Skip to content

Commit

Permalink
Allow host to be in any MachineNetwork
Browse files Browse the repository at this point in the history
In the belongs-to-machine-cidr validation, allow the host to be a member
of any MachineNetwork. In a dual-stack cluster, require it to be a
member of both an IPv4 and an IPv6 network.

Previously it was assumed that the only reason for multiple
MachineNetworks to appear was that a dual stack cluster could contain
exactly one IPv4 and one IPv6 MachineNetwork.
  • Loading branch information
zaneb committed Sep 3, 2024
1 parent 2275adb commit 5a072e0
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 18 deletions.
16 changes: 8 additions & 8 deletions internal/host/transition_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3204,7 +3204,7 @@ var _ = Describe("Refresh Host", func() {
imageStatuses: map[string]*models.ContainerImageAvailability{common.TestDefaultConfig.ImageName: common.TestImageStatusesFailure},
role: models.HostRoleWorker,
statusInfoChecker: makeValueChecker(formatStatusInfoFailedValidation(statusInfoNotReadyForInstall,
"Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks",
"Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use",
"Host couldn't synchronize with any NTP server",
"Failed to fetch container images needed for installation from image. This may be due to a network hiccup. Retry to install again. If this problem persists, "+
"check your network settings to make sure you’re not blocked.")),
Expand All @@ -3218,7 +3218,7 @@ var _ = Describe("Refresh Host", func() {
HasCPUCoresForRole: {status: ValidationSuccess, messagePattern: "Sufficient CPU cores for role worker"},
HasMemoryForRole: {status: ValidationSuccess, messagePattern: "Sufficient RAM for role worker"},
IsHostnameUnique: {status: ValidationSuccess, messagePattern: "Hostname worker-1 is unique in cluster"},
BelongsToMachineCidr: {status: ValidationFailure, messagePattern: "Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks"},
BelongsToMachineCidr: {status: ValidationFailure, messagePattern: "Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use"},
IsPlatformNetworkSettingsValid: {status: ValidationSuccess, messagePattern: "Platform RHEL is allowed"},
CompatibleWithClusterPlatform: {status: ValidationSuccess, messagePattern: "Host is compatible with cluster platform baremetal"},
IsNTPSynced: {status: ValidationFailure, messagePattern: "Host couldn't synchronize with any NTP server"},
Expand All @@ -3239,7 +3239,7 @@ var _ = Describe("Refresh Host", func() {
imageStatuses: map[string]*models.ContainerImageAvailability{common.TestDefaultConfig.ImageName: common.TestImageStatusesFailure},
role: models.HostRoleMaster,
statusInfoChecker: makeValueChecker(formatStatusInfoFailedValidation(statusInfoNotReadyForInstall,
"Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks",
"Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use",
"Require at least 4 CPU cores for master role, found only 2",
"Require at least 16.00 GiB RAM for role master, found only 8.00 GiB",
"Host couldn't synchronize with any NTP server",
Expand All @@ -3255,7 +3255,7 @@ var _ = Describe("Refresh Host", func() {
HasCPUCoresForRole: {status: ValidationFailure, messagePattern: "Require at least 4 CPU cores for master role, found only 2"},
HasMemoryForRole: {status: ValidationFailure, messagePattern: "Require at least 16.00 GiB RAM for role master, found only 8.00 GiB"},
IsHostnameUnique: {status: ValidationSuccess, messagePattern: "Hostname worker-1 is unique in cluster"},
BelongsToMachineCidr: {status: ValidationFailure, messagePattern: "Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks"},
BelongsToMachineCidr: {status: ValidationFailure, messagePattern: "Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use"},
IsPlatformNetworkSettingsValid: {status: ValidationSuccess, messagePattern: "Platform RHEL is allowed"},
CompatibleWithClusterPlatform: {status: ValidationSuccess, messagePattern: "Host is compatible with cluster platform baremetal"},
IsNTPSynced: {status: ValidationFailure, messagePattern: "Host couldn't synchronize with any NTP server"},
Expand Down Expand Up @@ -3369,7 +3369,7 @@ var _ = Describe("Refresh Host", func() {
imageStatuses: map[string]*models.ContainerImageAvailability{common.TestDefaultConfig.ImageName: common.TestImageStatusesFailure},
role: models.HostRoleMaster,
statusInfoChecker: makeValueChecker(formatStatusInfoFailedValidation(statusInfoNotReadyForInstall,
"Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks",
"Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use",
"Host couldn't synchronize with any NTP server",
"Failed to fetch container images needed for installation from image. This may be due to a network hiccup. Retry to install again. If this problem persists, "+
"check your network settings to make sure you’re not blocked.")),
Expand Down Expand Up @@ -3402,7 +3402,7 @@ var _ = Describe("Refresh Host", func() {
imageStatuses: map[string]*models.ContainerImageAvailability{common.TestDefaultConfig.ImageName: common.TestImageStatusesFailure},
role: models.HostRoleMaster,
statusInfoChecker: makeValueChecker(formatStatusInfoFailedValidation(statusInfoNotReadyForInstall,
"Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks",
"Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use",
"Host couldn't synchronize with any NTP server",
"Failed to fetch container images needed for installation from image. This may be due to a network hiccup. Retry to install again. If this problem persists, "+
"check your network settings to make sure you’re not blocked.")),
Expand Down Expand Up @@ -4234,7 +4234,7 @@ var _ = Describe("Refresh Host", func() {
ntpSources: defaultNTPSources,
role: models.HostRoleMaster,
statusInfoChecker: makeValueChecker(formatStatusInfoFailedValidation(statusInfoNotReadyForInstall,
"Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks")),
"Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use")),
validationsChecker: makeJsonChecker(map[validationID]validationCheckResult{
IsConnected: {status: ValidationSuccess, messagePattern: "Host is connected"},
HasInventory: {status: ValidationSuccess, messagePattern: "Valid inventory exists for the host"},
Expand All @@ -4245,7 +4245,7 @@ var _ = Describe("Refresh Host", func() {
HasCPUCoresForRole: {status: ValidationSuccess, messagePattern: "Sufficient CPU cores for role master"},
HasMemoryForRole: {status: ValidationSuccess, messagePattern: "Sufficient RAM for role master"},
IsHostnameUnique: {status: ValidationSuccess, messagePattern: " is unique in cluster"},
BelongsToMachineCidr: {status: ValidationFailure, messagePattern: "Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks"},
BelongsToMachineCidr: {status: ValidationFailure, messagePattern: "Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use"},
IsHostnameValid: {status: ValidationSuccess, messagePattern: "Hostname .* is allowed"},
BelongsToMajorityGroup: {status: ValidationSuccess, messagePattern: "Host has connectivity to the majority of hosts in the cluster"},
IsNTPSynced: {status: ValidationSuccess, messagePattern: "Host NTP is synced"},
Expand Down
4 changes: 2 additions & 2 deletions internal/host/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -605,8 +605,8 @@ func (v *validator) belongsToMachineCidr(c *validationContext) (ValidationStatus
if c.inventory == nil || !network.IsMachineCidrAvailable(c.cluster) {
return ValidationPending, "Missing inventory or machine network CIDR"
}
if !network.IsHostInPrimaryMachineNetCidr(v.log, c.cluster, c.host) {
return ValidationFailure, "Host does not belong to machine network CIDRs. Verify that the host belongs to every CIDR listed under machine networks"
if !network.IsHostInMachineNetCidrs(v.log, c.cluster, c.host) {
return ValidationFailure, "Host does not belong to machine network CIDRs. Verify that the host belongs to a listed machine network CIDR for each IP stack in use"
}
return ValidationSuccess, "Host belongs to all machine network CIDRs"
}
Expand Down
18 changes: 10 additions & 8 deletions internal/network/machine_network_cidr.go
Original file line number Diff line number Diff line change
Expand Up @@ -540,23 +540,25 @@ func GetDefaultRouteNetworkByFamily(h *models.Host, networks map[AddressFamily][
return ret, fmt.Errorf("can not find cidr by route: no inventory for host %s", h.ID.String())
}

func IsHostInPrimaryMachineNetCidr(log logrus.FieldLogger, cluster *common.Cluster, host *models.Host) bool {
// The host should belong to all the networks specified as Machine Networks.

// TODO(mko) This rule should be revised as soon as OCP supports multiple machineNetwork
// entries using the same IP stack.

func IsHostInMachineNetCidrs(log logrus.FieldLogger, cluster *common.Cluster, host *models.Host) bool {
// The host should belong to one of the networks specified as Machine
// Networks in each address family.
if !IsMachineCidrAvailable(cluster) {
return false
}

ret := true
results := map[bool]bool{}
for _, machineNet := range cluster.MachineNetworks {
_, machineIpnet, err := net.ParseCIDR(string(machineNet.Cidr))
if err != nil {
return false
}
ret = ret && belongsToNetwork(log, host, machineIpnet)
isIPv4 := IsIPV4CIDR(string(machineNet.Cidr))
results[isIPv4] = results[isIPv4] || belongsToNetwork(log, host, machineIpnet)
}
ret := true
for _, present := range results {
ret = ret && present
}
return ret
}
Expand Down

0 comments on commit 5a072e0

Please sign in to comment.