Accurately enforce minimum network ranges

The minimum network range (when a start/end was specified) was incorrectly set to the the size of the minimum network subnet. The minimum network ranges should be minimum subnet size - 2. Also move the subnet size checks into validate_address_range.yml for consistency. Change-Id: I1665a0dd67d5e23e43e658e8e6c9eae1a1068b26 Signed-off-by: David Sullivan <david.sullivan@windriver.com> Closes-Bug: 1845215
2019-10-10 16:39:36 -04:00
parent 2b049882fb
commit 339070babb
3 changed files with 27 additions and 65 deletions
--- a/playbookconfig/src/playbooks/roles/bootstrap/validate-config/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/validate-config/tasks/main.yml
@@ -192,31 +192,6 @@
      msg: "pxeboot_subnet subnet must always be IPv4"
    failed_when: network_params.pxeboot_subnet|ipv4 == False

-  - name: Fail if cluster pod/service subnet size is too small (minimum size = 65536)
-    fail:
-      msg: "Subnet size is too small, must have minimum {{ min_pod_service_num_addresses }} addresses."
-    when: item|ipaddr('size') < min_pod_service_num_addresses
-    with_items:
-      - "{{ network_params.cluster_pod_subnet }}"
-      - "{{ network_params.cluster_service_subnet }}"
-
-  - name: Fail if pxeboot/management/multicast subnet size is too small (minimum size = 16)
-    fail:
-      msg: "Subnet size is too small, must have minimum {{ min_16_addresses }} addresses."
-    when: item|ipaddr('size') < min_16_addresses
-    with_items:
-      - "{{ network_params.pxeboot_subnet }}"
-      - "{{ network_params.management_subnet }}"
-      - "{{ network_params.management_multicast_subnet }}"
-
-  - name: Fail if the size of the remaining subnets is too small (minimum size = 8)
-    fail:
-      msg: "Subnet size is too small, must have minimum {{ min_8_addresses }} addresses."
-    when: item|ipaddr('size') < min_8_addresses
-    with_items:
-      - "{{ network_params.cluster_host_subnet }}"
-      - "{{ network_params.external_oam_subnet }}"
-
  - name: Generate warning if subnet prefix is not typical for Standard systems
    debug:
      msg: "WARNING: Subnet prefix of less than /24 is not typical. This will affect scaling of the system!"
@@ -288,9 +263,6 @@
            "{{ pxeboot_end_address if pxeboot_end_address != 'derived'
            else default_pxeboot_end_address }}"
          subnet: "{{ network_params.pxeboot_subnet }}"
-          use_default:
-            "{{ true if pxeboot_start_address == 'derived' and
-            pxeboot_end_address == 'derived' else false }}"
        management:
          start:
            "{{ management_start_address if management_start_address != 'derived'
@@ -299,9 +271,6 @@
            "{{ management_end_address if management_end_address != 'derived'
            else default_management_end_address }}"
          subnet: "{{ network_params.management_subnet }}"
-          use_default:
-            "{{ true if management_start_address == 'derived' and
-            management_end_address == 'derived' else false }}"
        cluster_host:
          start:
            "{{ cluster_host_start_address if cluster_host_start_address != 'derived'
@@ -310,9 +279,6 @@
            "{{ cluster_host_end_address if cluster_host_end_address != 'derived'
            else default_cluster_host_end_address}}"
          subnet: "{{ network_params.cluster_host_subnet }}"
-          use_default:
-            "{{ true if cluster_host_start_address == 'derived' and
-            cluster_host_end_address == 'derived' else false }}"
        cluster_pod:
          start:
            "{{ cluster_pod_start_address if cluster_pod_start_address != 'derived'
@@ -321,9 +287,6 @@
            "{{ cluster_pod_end_address if cluster_pod_end_address != 'derived'
            else default_cluster_pod_end_address }}"
          subnet: "{{ network_params.cluster_pod_subnet }}"
-          use_default:
-            "{{ true if cluster_pod_start_address == 'derived' and
-            cluster_pod_end_address == 'derived' else false }}"
        cluster_service:
          start:
            "{{ cluster_service_start_address if cluster_service_start_address != 'derived'
@@ -332,9 +295,6 @@
            "{{ cluster_service_end_address if cluster_service_end_address != 'derived'
            else default_cluster_service_end_address }}"
          subnet: "{{ network_params.cluster_service_subnet }}"
-          use_default:
-            "{{ true if cluster_service_start_address == 'derived' and
-            cluster_service_end_address == 'derived' else false }}"
        oam:
          start:
            "{{ external_oam_start_address if external_oam_start_address != 'derived'
@@ -343,9 +303,6 @@
            "{{ external_oam_end_address if external_oam_end_address != 'derived'
            else default_external_oam_end_address }}"
          subnet: "{{ network_params.external_oam_subnet }}"
-          use_default:
-            "{{ true if external_oam_start_address == 'derived' and
-            external_oam_end_address == 'derived' else false }}"
        multicast:
          start:
            "{{ management_multicast_start_address if management_multicast_start_address != 'derived'
@@ -354,9 +311,6 @@
            "{{ management_multicast_end_address if management_multicast_end_address != 'derived'
            else default_management_multicast_end_address }}"
          subnet: "{{ network_params.management_multicast_subnet }}"
-          use_default:
-            "{{ true if management_multicast_start_address == 'derived' and
-            management_multicast_end_address == 'derived' else false }}"
        oam_node:
          start:
            "{{ external_oam_node_0_address if external_oam_node_0_address != 'derived'
@@ -365,9 +319,6 @@
            "{{ external_oam_node_1_address if external_oam_node_1_address != 'derived'
            else default_external_oam_node_1_address }}"
          subnet: "{{ network_params.external_oam_subnet }}"
-          use_default:
-            "{{ true if external_oam_node_0_address == 'derived' and
-            external_oam_node_1_address == 'derived' else false }}"

  - include: validate_address_range.yml
    with_dict: "{{ address_pairs }}"
--- a/playbookconfig/src/playbooks/roles/bootstrap/validate-config/tasks/validate_address_range.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/validate-config/tasks/validate_address_range.yml
@@ -13,7 +13,6 @@
    start_addr: "{{ item.value['start'] }}"
    end_addr: "{{ item.value['end'] }}"
    subnet: "{{ item.value['subnet'] }}"
-    use_default: "{{ item.value['use_default'] }}"

 - block:
  - name: Validate {{ network }} start and end address format
@@ -39,18 +38,34 @@
          if start not in subnet or end not in subnet:
            raise Exception("Failed validation, {{ network }} start or end address must be within its subnet range.")

+          min_subnet_sizes = {
+              'cluster_pod': 65536,
+              'cluster_service': 65536,
+              'pxeboot': 16,
+              'multicast': 16,
+              'management': 16,
+              'cluster_host': 8,
+              'oam': 8
+          }
+          max_subnet_sizes = {
+              'cluster_service': 1048576
+          }
          range = IPRange("{{ start_addr }}", "{{ end_addr }}")
-          if (("{{ network }}" == 'cluster_pod' or "{{ network }}" == 'cluster_service') and
-              range.size < {{ min_pod_service_num_addresses|int }}):
-            raise Exception("Failed validation, {{ network }} address range must contain at least %d addresses." %
-                            int("{{ min_pod_service_num_addresses }}"))
-          elif (("{{ network }}" == 'pxeboot' or "{{ network }}" == 'multicast' or "{{ network }}" == 'management') and
-                range.size < {{ min_16_addresses|int }}):
-            raise Exception("Failed validation, {{ network }} address range must contain at least %d addresses." %
-                            int("{{ min_16_addresses }}"))
-          elif range.size < {{ min_8_addresses|int }}:
-            raise Exception("Failed validation, {{ network }} address range must contain at least %d addresses." %
-                            int("{{ min_8_addresses }}"))
+          subnet_min_size = min_subnet_sizes.get("{{ network }}")
+          subnet_max_size = max_subnet_sizes.get("{{ network }}", None)
+          if subnet.size < subnet_min_size:
+              raise Exception("Failed validation, {{ network }} subnet must contain at least %d addresses." %
+                              subnet_min_size)
+
+          if subnet_max_size and subnet.size > subnet_max_size:
+              raise Exception("Failed validation, {{ network }} subnet must not contain more than %d addresses." %
+                              subnet_max_size)
+
+          range_min_size = subnet_min_size - 2
+          if range.size < range_min_size:
+              raise Exception("Failed validation, {{ network }} address range must contain at least %d addresses." %
+                              range_min_size)
+
          if ("{{ distributed_cloud_role }}" == 'systemcontroller' and  "{{ network }}" == 'management' and
              range.size >= (subnet.size - 2)):
            raise Exception("Failed validation, {{ network }} address range too large, no addresses left for "
@@ -67,4 +82,3 @@
      when: range_check_result.rc != 0

    when: network != 'oam_node'
-  when: not use_default
--- a/playbookconfig/src/playbooks/roles/bootstrap/validate-config/vars/main.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/validate-config/vars/main.yml
@@ -2,9 +2,6 @@
 config_workdir: /tmp/config
 bootstrap_config_file: /tmp/config/bootstrap_config
 typical_subnet_prefix: 24
-min_8_addresses: 8
-min_16_addresses: 16
-min_pod_service_num_addresses: 65536
 minimum_ipv6_prefix_length: 64

 private_pxeboot_subnet: 169.254.202.0/24