Raise rather than generating millions of IPs.

Fixes bug #1163394 Formerly if we tried to create many millions of floating IPs with a range like "192.168.2.224/2", address_to_hosts would happily iterate over all of them (which would take a long time) and then nova-manage would eventually crash with an OutOfMemoryError when we tried putting all of them in a list. Or, if the initial list wasn't quite big enough to use all memory, it would blow up later (even more slowly) when we tried to put them in the database via SQLAlchemy. Now, raise exception.InvalidInput if the number of IPs is a million or more. (A million is erring on the side of caution.) Change-Id: Ifc6b6a8faadc2e97e09f9f6c975e52229f705789 (cherry picked from commit 34de8d1)
openstack · Apr 30, 2013 · df5d13c · df5d13c
1 parent c185195
commit df5d13c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/bin/nova-manage b/bin/nova-manage
@@ -375,6 +375,14 @@ class FloatingIpCommands(object):
                 reason = _("/%s should be specified as single address(es) "
                            "not in cidr format") % net.prefixlen
                 raise exception.InvalidInput(reason=reason)
+            elif net.size >= 1000000:
+                # NOTE(dripton): If we generate a million IPs and put them in
+                # the database, the system will slow to a crawl and/or run
+                # out of memory and crash.  This is clearly a misconfiguration.
+                reason = _("Too many IP addresses will be generated.  Please "
+                           "increase /%s to reduce the number generated."
+                          ) % net.prefixlen
+                raise exception.InvalidInput(reason=reason)
             else:
                 return net.iter_hosts()
 

diff --git a/nova/tests/test_nova_manage.py b/nova/tests/test_nova_manage.py
@@ -99,6 +99,13 @@ def assert_loop(result, expected):
         result = address_to_hosts('192.168.100.0/28')
         self.assertTrue(len(list(result)) == 14)
         assert_loop(result, expected)
+        # /16
+        result = address_to_hosts('192.168.100.0/16')
+        self.assertTrue(len(list(result)) == 65534)
+        # NOTE(dripton): I don't test /13 because it makes the test take 3s.
+        # /12 gives over a million IPs, which is ridiculous.
+        self.assertRaises(exception.InvalidInput, address_to_hosts,
+                          '192.168.100.1/12')
 
 
 class NetworkCommandsTestCase(test.TestCase):