Merge "Deprecate default 192.0.2.0/24 CIDR"

instack_undercloud/tests/test_validator.py

@@ -113,6 +113,7 @@ class TestValidator(base.BaseTestCase):
                           undercloud._validate_network)
 
     def test_no_alter_params(self):
+        self.conf.config(network_cidr='192.0.2.0/24')
         params = {opt.name: self.conf.conf[opt.name]
                   for opt in undercloud._opts}
         save_params = dict(params)

instack_undercloud/undercloud.py

@@ -77,11 +77,30 @@ secured.
 
 #############################################################################
 """
+CIDR_DEPRECATION_MESSAGE = """
+*****************************************************************************
+The old default CIDR of 192.0.2.0/24 is deprecated due to it being an
+unroutable address range under RFC 5737.  This default will change in the
+Ocata release of OpenStack, so you should stop using the default CIDR and set
+a valid, routable CIDR instead.
+
+Note that if you have already deployed an overcloud with the 192.0.2.0/24
+CIDR, it will not be possible to change it without re-deploying.  If the
+overcloud cannot be re-deployed, you must explicitly set the network values
+in undercloud.conf to ensure continued use of the 192.0.2.0/24 CIDR during
+future upgrades.
+*****************************************************************************
+"""
 # We need 4 GB, leave a little room for variation in what 4 GB means on
 # different platforms.
 REQUIRED_MB = 3750
 
 
+# Allow logging of a warning at the end of the deploy if the deprecated cidr
+# is in use.
+deprecated_cidr = False
+
+
 # When adding new options to the lists below, make sure to regenerate the
 # sample config by running "tox -e genconfig" in the project root.
 _opts = [
@@ -154,10 +173,21 @@ _opts = [
                help=('MTU to use for the local_interface.')
                ),
     cfg.StrOpt('network_cidr',
-               default='192.0.2.0/24',
+               sample_default='192.0.2.0/24',
                help=('Network CIDR for the Neutron-managed network for '
                      'Overcloud instances. This should be the subnet used '
-                     'for PXE booting.')
+                     'for PXE booting. The current default for this value '
+                     'is 192.0.2.0/24, but this is deprecated due to it being '
+                     'a non-routable CIDR under RFC 5737. The default value '
+                     'for this option will be changed in the Ocata release. '
+                     'A different, valid CIDR should be selected to avoid '
+                     'problems. If an overcloud has already been deployed '
+                     'with the 192.0.2.0/24 CIDR and therefore the CIDR '
+                     'cannot be changed, you must set this option to '
+                     '192.0.2.0/24 explicitly to avoid it changing in future '
+                     'releases, and all other network options related to the '
+                     'CIDR (e.g. local_ip) must also be set to maintain a '
+                     'valid configuration.')
                ),
     cfg.StrOpt('masquerade_network',
                default='192.0.2.0/24',
@@ -527,10 +557,30 @@ def _validate_network():
         LOG.error('Undercloud configuration validation failed: %s', message)
         raise validator.FailedValidation(message)
 
+    _validate_cidr()
     params = {opt.name: CONF[opt.name] for opt in _opts}
     validator.validate_config(params, error_handler)
 
 
+def _validate_cidr():
+    """Check for default network_cidr
+
+    The old default cidr of 192.0.2.0/24 is deprecated due to being unroutable
+    under RFC 5737.  However, since we need to give users notice of the
+    change, we need some logic to warn them of the problem before actually
+    changing the default, which could be a breaking change on upgrades.
+
+    This function handles the sentinel value of None, which indicates that
+    the user has not overridden the default value, and sets an override on the
+    conf opt to match the previous default.  It also sets a global flag so we
+    can warn about the deprecation at the end of the deploy.
+    """
+    if CONF.network_cidr is None:
+        global deprecated_cidr
+        deprecated_cidr = True
+        CONF.set_override('network_cidr', '192.0.2.0/24')
+
+
 def _validate_configuration():
     _check_hostname()
     _check_memory()
@@ -1062,3 +1112,5 @@ def install(instack_root):
     _run_command(['sudo', 'rm', '-f', '/tmp/svc-map-services'], None, 'rm')
     LOG.info(COMPLETION_MESSAGE, {'password_path': PATHS.PASSWORD_PATH,
              'stackrc_path': os.path.expanduser('~/stackrc')})
+    if deprecated_cidr:
+        LOG.warning(CIDR_DEPRECATION_MESSAGE)

undercloud.conf.sample

@@ -60,8 +60,16 @@
 #local_mtu = 1500
 
 # Network CIDR for the Neutron-managed network for Overcloud
-# instances. This should be the subnet used for PXE booting. (string
-# value)
+# instances. This should be the subnet used for PXE booting. The
+# current default for this value is 192.0.2.0/24, but this is
+# deprecated due to it being a non-routable CIDR under RFC 5737. The
+# default value for this option will be changed in the Ocata release.
+# A different, valid CIDR should be selected to avoid problems. If an
+# overcloud has already been deployed with the 192.0.2.0/24 CIDR and
+# therefore the CIDR cannot be changed, you must set this option to
+# 192.0.2.0/24 explicitly to avoid it changing in future releases, and
+# all other network options related to the CIDR (e.g. local_ip) must
+# also be set to maintain a valid configuration. (string value)
 #network_cidr = 192.0.2.0/24
 
 # Network that will be masqueraded for external access, if required.