search

brooklyncentral / clocker

Apache Brooklyn cloud native infrastructure blueprints
Apache License 2.0
426 stars 66 forks source link

OpenStack provisioning: IllegalStateException "cidrBlock ::/0 is not a valid CIDR" #257

Open aledsage opened 8 years ago

aledsage commented 8 years ago

Not sure whether to report this again jclouds, Brooklyn or Clocker (so reporting it here for now)! I'll likely cross-post on jclouds jira.

When launching docker-cloud-weave to OpenStack (BlueBox), without specifying a security group anywhere, it gave the error below. This prevented it from creating any VMs.

Failed after 6.11s: Error invoking start at DockerHostImpl{id=uMtN8h3W}: UncheckedExecutionException: java.lang.IllegalArgumentException: cidrBlock ::/0 is not a valid CIDR

org.apache.brooklyn.core.mgmt.internal.EffectorUtils$EffectorCallPropagatedRuntimeException: Error invoking start at DockerHostImpl{id=uMtN8h3W}: UncheckedExecutionException: java.lang.IllegalArgumentException: cidrBlock ::/0 is not a valid CIDR
    at org.apache.brooklyn.core.mgmt.internal.EffectorUtils$EffectorCallPropagatedRuntimeException.propagate(EffectorUtils.java:299)
    at org.apache.brooklyn.core.mgmt.internal.EffectorUtils$EffectorCallPropagatedRuntimeException.access$100(EffectorUtils.java:266)
    at org.apache.brooklyn.core.mgmt.internal.EffectorUtils.handleEffectorException(EffectorUtils.java:306)
    at org.apache.brooklyn.core.effector.EffectorTasks$EffectorBodyTaskFactory$2.handleException(EffectorTasks.java:90)
    at org.apache.brooklyn.util.core.task.DynamicSequentialTask.handleException(DynamicSequentialTask.java:469)
    at org.apache.brooklyn.util.core.task.DynamicSequentialTask$DstJob.call(DynamicSequentialTask.java:417)
    at org.apache.brooklyn.util.core.task.BasicExecutionManager$SubmissionCallable.call(BasicExecutionManager.java:518)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.brooklyn.util.exceptions.PropagatedRuntimeException: UncheckedExecutionException: java.lang.IllegalArgumentException: cidrBlock ::/0 is not a valid CIDR
    at org.apache.brooklyn.util.exceptions.Exceptions.propagate(Exceptions.java:128)
    at org.apache.brooklyn.util.core.task.BasicTask.getUnchecked(BasicTask.java:372)
    at org.apache.brooklyn.util.core.task.Tasks$2.get(Tasks.java:285)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks.preStartAtMachineAsync(MachineLifecycleEffectorTasks.java:412)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks.startInLocation(MachineLifecycleEffectorTasks.java:339)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks.startInLocations(MachineLifecycleEffectorTasks.java:324)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks.start(MachineLifecycleEffectorTasks.java:313)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks$StartEffectorBody.call(MachineLifecycleEffectorTasks.java:214)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks$StartEffectorBody.call(MachineLifecycleEffectorTasks.java:201)
    at org.apache.brooklyn.core.effector.EffectorTasks$EffectorBodyTaskFactory$1.call(EffectorTasks.java:82)
    at org.apache.brooklyn.util.core.task.DynamicSequentialTask$DstJob.call(DynamicSequentialTask.java:359)
    ... 5 more
Caused by: java.util.concurrent.ExecutionException: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalArgumentException: cidrBlock ::/0 is not a valid CIDR
    at java.util.concurrent.FutureTask.report(FutureTask.java:122)
    at java.util.concurrent.FutureTask.get(FutureTask.java:188)
    at com.google.common.util.concurrent.ForwardingFuture.get(ForwardingFuture.java:63)
    at org.apache.brooklyn.util.core.task.BasicTask.get(BasicTask.java:361)
    at org.apache.brooklyn.util.core.task.BasicTask.getUnchecked(BasicTask.java:370)
    ... 14 more
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalArgumentException: cidrBlock ::/0 is not a valid CIDR
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201)
    at com.google.common.cache.LocalCache.get(LocalCache.java:3934)
    at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4736)
    at org.apache.brooklyn.location.jclouds.networking.JcloudsLocationSecurityGroupCustomizer.setSecurityGroupOnTemplate(JcloudsLocationSecurityGroupCustomizer.java:389)
    at org.apache.brooklyn.location.jclouds.networking.JcloudsLocationSecurityGroupCustomizer.customize(JcloudsLocationSecurityGroupCustomizer.java:380)
    at org.apache.brooklyn.location.jclouds.JcloudsLocation.customizeTemplate(JcloudsLocation.java:1419)
    at org.apache.brooklyn.location.jclouds.JcloudsLocation.obtainOnce(JcloudsLocation.java:713)
    at org.apache.brooklyn.location.jclouds.JcloudsLocation.obtain(JcloudsLocation.java:613)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks$ObtainLocationTask.call(MachineLifecycleEffectorTasks.java:406)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks$ObtainLocationTask.call(MachineLifecycleEffectorTasks.java:396)
    at org.apache.brooklyn.util.core.task.Tasks.withBlockingDetails(Tasks.java:98)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks$ProvisionMachineTask.call(MachineLifecycleEffectorTasks.java:380)
    at org.apache.brooklyn.entity.software.base.lifecycle.MachineLifecycleEffectorTasks$ProvisionMachineTask.call(MachineLifecycleEffectorTasks.java:364)
    ... 6 more
Caused by: java.lang.IllegalArgumentException: cidrBlock ::/0 is not a valid CIDR
    at com.google.common.base.Preconditions.checkArgument(Preconditions.java:148)
    at org.jclouds.net.domain.IpPermission$Builder.cidrBlock(IpPermission.java:107)
    at org.jclouds.openstack.nova.v2_0.compute.functions.SecurityGroupRuleToIpPermission.apply(SecurityGroupRuleToIpPermission.java:81)
    at org.jclouds.openstack.nova.v2_0.compute.functions.SecurityGroupRuleToIpPermission.apply(SecurityGroupRuleToIpPermission.java:48)
    at com.google.common.collect.Iterators$8.transform(Iterators.java:794)
    at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48)
    at com.google.common.collect.ImmutableCollection$Builder.addAll(ImmutableCollection.java:281)
    at com.google.common.collect.ImmutableCollection$ArrayBasedBuilder.addAll(ImmutableCollection.java:360)
    at com.google.common.collect.ImmutableSet$Builder.addAll(ImmutableSet.java:508)
    at org.jclouds.compute.domain.SecurityGroupBuilder.ipPermissions(SecurityGroupBuilder.java:43)
    at org.jclouds.openstack.nova.v2_0.compute.functions.NovaSecurityGroupToSecurityGroup.apply(NovaSecurityGroupToSecurityGroup.java:61)
    at org.jclouds.openstack.nova.v2_0.compute.functions.NovaSecurityGroupToSecurityGroup.apply(NovaSecurityGroupToSecurityGroup.java:39)
    at org.jclouds.openstack.nova.v2_0.compute.functions.NovaSecurityGroupInRegionToSecurityGroup.apply(NovaSecurityGroupInRegionToSecurityGroup.java:61)
    at org.jclouds.openstack.nova.v2_0.compute.functions.NovaSecurityGroupInRegionToSecurityGroup.apply(NovaSecurityGroupInRegionToSecurityGroup.java:43)
    at com.google.common.collect.Iterators$8.transform(Iterators.java:794)
    at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48)
    at com.google.common.collect.ImmutableCollection$Builder.addAll(ImmutableCollection.java:301)
    at com.google.common.collect.ImmutableSet$Builder.addAll(ImmutableSet.java:522)
    at com.google.common.collect.ImmutableSet.copyOf(ImmutableSet.java:321)
    at com.google.common.collect.ImmutableSet.copyOf(ImmutableSet.java:300)
    at org.jclouds.openstack.nova.v2_0.compute.extensions.NovaSecurityGroupExtension.listSecurityGroupsInLocation(NovaSecurityGroupExtension.java:116)
    at org.jclouds.openstack.nova.v2_0.compute.extensions.NovaSecurityGroupExtension.listSecurityGroupsInLocation(NovaSecurityGroupExtension.java:109)
    at org.apache.brooklyn.location.jclouds.networking.JcloudsLocationSecurityGroupCustomizer.getOrCreateSharedSecurityGroup(JcloudsLocationSecurityGroupCustomizer.java:420)
    at org.apache.brooklyn.location.jclouds.networking.JcloudsLocationSecurityGroupCustomizer.access$100(JcloudsLocationSecurityGroupCustomizer.java:90)
    at org.apache.brooklyn.location.jclouds.networking.JcloudsLocationSecurityGroupCustomizer$3.call(JcloudsLocationSecurityGroupCustomizer.java:391)
    at org.apache.brooklyn.location.jclouds.networking.JcloudsLocationSecurityGroupCustomizer$3.call(JcloudsLocationSecurityGroupCustomizer.java:389)
    at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4739)
    at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)
    at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2317)
    at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2280)
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195)
    ... 18 more
aledsage commented 8 years ago

See https://issues.apache.org/jira/browse/JCLOUDS-1100

grkvlt commented 8 years ago

Odd, because ::/0 is a valid CIDR, but for IPV6. The equivalent of 0.0.0.0/0 for IPV4. OpenStack supports the syntax (at least in the Horizon UI, I'm sure) but it's what you get in the default set of rules for a security group.

johnmccabe commented 8 years ago

@grkvlt I'm still seeing this with a build of brooklyn/advanced-networking from master and the #272 pr of clocker. I've specified the security group in my location and would have expected that to be used instead of having to specify the docker.host.securityGroup property but still see the JcloudsLocationSecurityGroupCustomizer being invoked and a new default security group being created.

grkvlt commented 8 years ago

We always add the customizer, it should be optional, yes

johnmccabe commented 8 years ago

Partially addressed this in https://github.com/brooklyncentral/clocker/pull/272/commits/d88341abb0ab1334666289a85b3c64e484d996cf in #272 which will use the securityGroup in the location if present and a String. Still need to sort out handling for the IPv6 wildcards.