search

TeemIp / teemip-core-ip-mgmt

Core modules of TeemIP, a WEB based IP Address Management tool
https://www.teemip.net
GNU Affero General Public License v3.0
19 stars 12 forks source link

Find space doesn't take pre-existing other-org allocations into account #17

Closed athompson-merlin closed 1 year ago

athompson-merlin commented 2 years ago

When I use the "Find space" feature on an IP Block, it malfunctions in the situation where I have previously created a new IP Subnet with a different org_id within the same parent block or subnet. This caused (OK, helped) me to accidentally re-allocate IPs that were already in use, and caused an outage. There were a few more checks that failed to catch my error, and of course I typed in the new incorrect address so it's on me ultimately, but I did not expect my IPAM tool to give me bad data to begin with.

I do like separation of Orgs by default, but the "Find space" feature is not an area where I feel it's useful... The check at - I think - https://github.com/TeemIp/teemip-core-ip-mgmt/blob/093fe41744b473daf128823c9800570c453cc5b0/teemip-ip-mgmt/src/Model/_IPv4Subnet.php#L89 appears to be the start of the problem, although I'm not at all sure of that...

Our iTop install is in Enterprise mode, not SP mode.. Version info in next comment.

athompson-merlin commented 2 years ago 
  ===== begin =====
  iTopVersion: 3.0.1
  iTopBuild: 9191
  iTopBuildDate: 2022-04-08 14:53:42
  MySQLVersion: 10.3.35-MariaDB
  PHPVersion: 7.4.32
  OSVersion: Linux
  WebServerVersion: Apache/2.4.37 (AlmaLinux) OpenSSL/1.1.1k
  PHPModules: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, cgi-fcgi, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, json, ldap, exif, mysqlnd, PDO, apcu, SimpleXML, soap, sockets, sodium, sqlite3, tokenizer, xml, xmlwriter, xsl, mysqli, pdo_mysql, pdo_sqlite, xmlreader, zip, apc, Phar, mysql, Zend OPcache
  ItopSetting/cron_max_execution_time: 600
  ItopSetting/timezone: America/Winnipeg
  PHPSetting/memory_limit: 256M
  PHPSetting/max_execution_time: 30
  PHPSetting/upload_max_filesize: 2M
  PHPSetting/post_max_size: 8M
  MySQLSetting/max_allowed_packet: 16777216
  MySQLSetting/key_buffer_size: 134217728
  MySQLSetting/query_cache_size: 1048576
  MySQLStatus/Key_read_requests: 24
  MySQLStatus/Key_reads: 2
  InstallDate: 2022-10-24 14:57:36
  InstallPath: /var/www/html/3.0/
  ---- Installation choices ----
  InstalledExtension/itop-config-mgmt-core/3.0.1
  InstalledExtension/itop-config-mgmt-datacenter/3.0.1
  InstalledExtension/itop-config-mgmt-end-user/3.0.1
  InstalledExtension/itop-config-mgmt-storage/3.0.1
  InstalledExtension/itop-config-mgmt-virtualization/3.0.1
  InstalledExtension/itop-service-mgmt-enterprise/3.0.1
  InstalledExtension/itop-ticket-mgmt-itil-user-request/3.0.1
  InstalledExtension/itop-ticket-mgmt-itil-incident/3.0.1
  InstalledExtension/itop-ticket-mgmt-itil-enhanced-portal/3.0.1
  InstalledExtension/itop-ticket-mgmt-itil/3.0.1
  InstalledExtension/itop-change-mgmt-itil/3.0.1
  InstalledExtension/itop-kown-error-mgmt/3.0.1
  InstalledExtension/itop-problem-mgmt/3.0.1
  InstalledExtension/combodo-pmp-light/1.1.1 (iTop Hub)
  InstalledExtension/combodo-saml/1.1.0 (iTop Hub)
  InstalledExtension/combodo-workflow-graphical-view/1.1.0 (iTop Hub)
  InstalledExtension/combodo-send-updates-by-email/1.3.1 (iTop Hub)
  InstalledExtension/molkobain-datacenter-view/1.10.1 (iTop Hub)
  InstalledExtension/teemip-core-ip-mgmt/3.0.0 (iTop Hub)
  InstalledExtension/teemip-macaddress-lookup/3.0.0 (iTop Hub)
  InstalledExtension/teemip-network-mgmt-extended/3.0.0 (iTop Hub)
  InstalledExtension/teemip-zone-mgmt/3.0.0 (iTop Hub)
  ---- Actual modules installed ----
  InstalledModule/authent-cas: 3.0.1
  InstalledModule/authent-external: 3.0.1
  InstalledModule/authent-ldap: 3.0.1
  InstalledModule/authent-local: 3.0.1
  InstalledModule/combodo-backoffice-darkmoon-theme: 3.0.1
  InstalledModule/combodo-gantt-view: 1.1.1
  InstalledModule/combodo-workflow-graphical-view: 1.1.0
  InstalledModule/itop-attachments: 3.0.1
  InstalledModule/itop-backup: 3.0.1
  InstalledModule/itop-config: 3.0.1
  InstalledModule/itop-files-information: 3.0.1
  InstalledModule/itop-object-copier: 1.4.2
  InstalledModule/itop-portal-base: 3.0.1
  InstalledModule/itop-portal: 3.0.1
  InstalledModule/itop-profiles-itil: 3.0.1
  InstalledModule/itop-sla-computation: 3.0.1
  InstalledModule/itop-structure: 3.0.1
  InstalledModule/itop-themes-compat: 3.0.1
  InstalledModule/itop-tickets: 3.0.1
  InstalledModule/itop-welcome-itil: 3.0.1
  InstalledModule/molkobain-fontawesome5-pack: 1.4.0
  InstalledModule/molkobain-handy-framework: 1.8.0
  InstalledModule/molkobain-newsroom-provider: 1.5.0
  InstalledModule/combodo-db-tools: 3.0.1
  InstalledModule/email-reply: 1.4.0
  InstalledModule/itop-config-mgmt: 3.0.1
  InstalledModule/itop-core-update: 3.0.1
  InstalledModule/itop-datacenter-mgmt: 3.0.1
  InstalledModule/itop-endusers-devices: 3.0.1
  InstalledModule/itop-faq-light: 3.0.1
  InstalledModule/itop-hub-connector: 3.0.1
  InstalledModule/itop-incident-mgmt-itil: 3.0.1
  InstalledModule/itop-knownerror-mgmt: 3.0.1
  InstalledModule/itop-problem-mgmt: 3.0.1
  InstalledModule/itop-request-mgmt-itil: 3.0.1
  InstalledModule/itop-service-mgmt: 3.0.1
  InstalledModule/itop-storage-mgmt: 3.0.1
  InstalledModule/itop-virtualization-mgmt: 3.0.1
  InstalledModule/molkobain-console-tooltips: 1.3.0
  InstalledModule/molkobain-datacenter-view: 1.10.1
  InstalledModule/teemip-framework: 3.0.0
  InstalledModule/teemip-network-mgmt: 3.0.0
  InstalledModule/combodo-pmp-light: 1.1.1
  InstalledModule/combodo-saml: 1.1.0
  InstalledModule/combodo-webhook-integration: 1.1.1
  InstalledModule/itop-bridge-cmdb-ticket: 3.0.1
  InstalledModule/itop-bridge-virtualization-storage: 3.0.1
  InstalledModule/itop-change-mgmt-itil: 3.0.1
  InstalledModule/itop-full-itil: 3.0.1
  InstalledModule/teemip-ip-mgmt: 3.0.0
  InstalledModule/teemip-ipv6-mgmt: 3.0.0
  InstalledModule/teemip-macaddress-lookup: 3.0.0
  InstalledModule/teemip-newsroom-provider: 1.1.1
  InstalledModule/teemip-webservices: 3.0.0
  InstalledModule/teemip-zone-mgmt: 3.0.0
  InstalledModule/teemip-config-mgmt-adaptor: 3.0.0
  InstalledModule/teemip-datacenter-mgmt-adaptor: 3.0.0
  InstalledModule/teemip-endusers-devices-adaptor: 3.0.0
  InstalledModule/teemip-network-mgmt-extended: 3.0.0
  InstalledModule/teemip-storage-mgmt-adaptor: 3.0.0
  InstalledModule/teemip-virtualization-mgmt-adaptor: 3.0.0
  InstalledModule/teemip-bridge-virtualization-network-extended: 1.1.0
  ===== end =====
xtophe38 commented 1 year ago

Hello,

As you already know, IP spaces are segregated by Organizations in TeemIp. That implies that every single organization can host a full IPv4 space and a full IPv6 space. That implies as well that all IP Objects must belong to a given organization. Moreover, all IP objects contained in a parent IP Object (like subnets in blocks or addresses in subnets or ranges) must belong to the same organization than its parent. The only exception applies to blocks that can be delegated from one organization to another. But even in that case, when a block from Org A is delegated to Org B, it will only be able to host IP objects from Org B.

This coherency is enforced through the GUI. The CSV import or the REST API may be a bit more permissive but it's your responsibility, as iTop / TeemIp administrator to make sure the "organization rule" is respected.

When you say that you "_have previously created a new IP Subnet with a different orgid within the same parent block or subnet.": what interface did you use to make this happen ? REST ?

Now, in what the "Find space" function is concerned:

When you look for some space, you should know the usage that you'll make out of it and therefore which organization will use it.

Since you are using iTop in 'Enterprise' mode, you probably just need to manage a single IPv4/6 space. But you may need to use the same RFC1918 space in different environments. In that case, the only way to go with TeemIp is to directly create the "duplicate" space in the target organization(s), without going through the delegation process that can, today, delegate space to one organization only.

With the hope that helps...

Note: fyi, TeemIp 3.0.1 has been released now.