CA-106754: Disallow bonding when more than one PIF has an IP config

simonjbeaumont · simonjbeaumont · commit 767fefa1e074 · 2016-02-24T14:55:26.000Z
Any IPs on the non-primary bond-slaves would be lost.

An example of the old and new behaviour:

    [root@dt04 ~]# xe pif-list device=eth1 --minimal
    f628a46c-f483-897b-3234-aecc3c107d84
    [root@dt04 ~]# xe pif-list device=eth2 --minimal
    76472575-ef64-001f-4305-234e2dfc6f7c
    [root@dt04 ~]# xe network-create name-label=bond-network
    e7c98ee2-d000-477f-1692-2b6fd741dc3d

Before this patch
-----------------

    [root@dt04 ~]# xe pif-reconfigure-ip uuid=f628a46c-f483-897b-3234-aecc3c107d84 mode=static IP=10.0.0.1 netmask=255.255.255.0 gateway=10.0.0.0
    [root@dt04 ~]# xe pif-reconfigure-ip uuid=76472575-ef64-001f-4305-234e2dfc6f7c mode=static IP=10.0.0.2 netmask=255.255.255.0 gateway=10.0.0.0

    [root@dt04 ~]# ip address show xenbr1 | grep inet
        inet 10.0.0.1/24 brd 10.0.0.255 scope global xenbr1
    [root@dt04 ~]# ip address show xenbr2 | grep inet
        inet 10.0.0.2/24 brd 10.0.0.255 scope global xenbr2

    [root@dt04 ~]# xe bond-create pif-uuids=f628a46c-f483-897b-3234-aecc3c107d84,76472575-ef64-001f-4305-234e2dfc6f7c network-uuid=e7c98ee2-d000-477f-1692-2b6fd741dc3d
    4a243b9c-6625-4bba-776a-f29873486f81

    [root@dt04 ~]# xe bond-list uuid=4a243b9c-6625-4bba-776a-f29873486f81 params=master --minimal
    8605deeb-76d4-9637-086f-512779f4c2c6

    [root@dt04 ~]# xe pif-list uuid=f628a46c-f483-897b-3234-aecc3c107d84  params=device,IP
        device ( RO): eth1
            IP ( RO):
    [root@dt04 ~]# xe pif-list uuid=76472575-ef64-001f-4305-234e2dfc6f7c params=device,IP
        device ( RO): eth2
            IP ( RO): 10.0.0.2
    [root@dt04 ~]# xe pif-list uuid=8605deeb-76d4-9637-086f-512779f4c2c6 params=device,IP
    device ( RO)    : bond0
            IP ( RO): 10.0.0.1

    [root@dt04 ~]# xe network-list uuid=e7c98ee2-d000-477f-1692-2b6fd741dc3d params=bridge --minimal
    xapi1
    [root@dt04 ~]# ip address show xapi1 | grep inet
        inet 10.0.0.1/24 brd 10.0.0.255 scope global xapi1

There is no interface with the IP configuration that's on the other PIF since the xenbr2 iface has gone:

    [root@dt04 ~]# ip address show xenbr2 | grep inet
    Device "xenbr2" does not exist.

After this patch
----------------

    [root@dt04 ~]# xe bond-create pif-uuids=f628a46c-f483-897b-3234-aecc3c107d84,76472575-ef64-001f-4305-234e2dfc6f7c network-uuid=e7c98ee2-d000-477f-1692-2b6fd741dc3d
    Only one PIF on a bond is allowed to have an IP configuration.
    &lt;extra&gt;: f628a46c-f483-897b-3234-aecc3c107d84
    &lt;extra&gt;: 76472575-ef64-001f-4305-234e2dfc6f7c

Removing the IP config from either PIF will then allow the Bond.create to succeed:

    [root@dt04 ~]# xe pif-reconfigure-ip uuid=f628a46c-f483-897b-3234-aecc3c107d84 mode=none
    [root@dt04 ~]# xe bond-create pif-uuids=f628a46c-f483-897b-3234-aecc3c107d84,76472575-ef64-001f-4305-234e2dfc6f7c network-uuid=e7c98ee2-d000-477f-1692-2b6fd741dc3d
    f8e5baf8-b620-31e5-abb8-3e3fb214c08d

Signed-off-by: Si Beaumont &lt;simon.beaumont@citrix.com&gt;
diff --git a/ocaml/idl/api_errors.ml b/ocaml/idl/api_errors.ml
@@ -102,6 +102,7 @@ let pif_device_not_found = "PIF_DEVICE_NOT_FOUND"
 let pif_already_bonded = "PIF_ALREADY_BONDED"
 let pif_cannot_bond_cross_host = "PIF_CANNOT_BOND_CROSS_HOST"
 let pif_bond_needs_more_members = "PIF_BOND_NEEDS_MORE_MEMBERS"
+let pif_bond_more_than_one_ip = "PIF_BOND_MORE_THAN_ONE_IP"
 let pif_configuration_error = "PIF_CONFIGURATION_ERROR"
 let pif_is_management_iface = "PIF_IS_MANAGEMENT_INTERFACE"
 let pif_incompatible_primary_address_type = "PIF_INCOMPATIBLE_PRIMARY_ADDRESS_TYPE"
diff --git a/ocaml/idl/datamodel.ml b/ocaml/idl/datamodel.ml
@@ -517,6 +517,8 @@ let _ =
     ~doc:"You cannot bond interfaces across different hosts." ();
   error Api_errors.pif_bond_needs_more_members []
     ~doc:"A bond must consist of at least two member interfaces" ();
+  error Api_errors.pif_bond_more_than_one_ip []
+    ~doc:"Only one PIF on a bond is allowed to have an IP configuration." ();
   error Api_errors.pif_configuration_error [ "PIF"; "msg" ]
     ~doc:"An unknown error occurred while attempting to configure an interface." ();
   error Api_errors.invalid_ip_address_specified [ "parameter" ]
diff --git a/ocaml/xapi/xapi_bond.ml b/ocaml/xapi/xapi_bond.ml
@@ -316,6 +316,7 @@ let create ~__context ~network ~members ~mAC ~mode ~properties =
 		(* 5. Members must not be the management interface if HA is enabled *)
 		(* 6. Members must be PIFs that are managed by xapi *)
 		(* 7. Members must have the same PIF properties *)
+		(* 8. Only the primary PIF should have a non-None IP configuration *)
 		List.iter (fun self ->
 			let bond = Db.PIF.get_bond_slave_of ~__context ~self in
 			let bonded = try ignore(Db.Bond.get_uuid ~__context ~self:bond); true with _ -> false in
@@ -346,6 +347,8 @@ let create ~__context ~network ~members ~mAC ~mode ~properties =
 				else
 					p
 		in
+		if List.length pifs_with_ip_conf > 1
+		then raise Api_errors.(Server_error (pif_bond_more_than_one_ip, List.map Ref.string_of pifs_with_ip_conf));
 
 		(* Create master PIF and Bond objects *)
 		let device = choose_bond_device_name ~__context ~host in
