Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1417

Shouldn't verify unmanaged port in vrf

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • nmstate-2.2.58-1.el10
    • None
    • Low
    • 1
    • rhel-net-mgmt
    • ssg_networking
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • NMT SST - Future releases
    • Hide

      Definition of Done:

      Please mark each item below with ( / ) if completed or ( x ) if incomplete:

      The acceptance criteria defined below are met.

      Given a VRF interface managed by nmstate with an unmanaged port (created via ip link) attached externally,

      When applying a VRF configuration that does not explicitly list the unmanaged port,

      Then nmstate applies successfully without verification errors, leaving the unmanaged port attached to the VRF

      ( ) Code changes are included in a downstream build attached to an errata.

      ( ) All required testing (manual and/or automated) passes successfully.

      ( ) Related documentation updates (if applicable) have been completed.

      Show
      Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: The acceptance criteria defined below are met. Given a VRF interface managed by nmstate with an unmanaged port (created via ip link) attached externally, When applying a VRF configuration that does not explicitly list the unmanaged port, Then nmstate applies successfully without verification errors, leaving the unmanaged port attached to the VRF ( ) Code changes are included in a downstream build attached to an errata. ( ) All required testing (manual and/or automated) passes successfully. ( ) Related documentation updates (if applicable) have been completed.
    • Pass
    • None
    • None
    • 0

      Description of problem:
      This is an extended test of https://bugzilla.redhat.com/show_bug.cgi?id=1932247
      Nmstate should not touch or verify unmanaged(including externally manageble) interface except it is explictly listed under "interfaces" key.
      This rule works well when testing with linux bridge, bond etc, but failed if using vrf.

      Version-Release number of selected component (if applicable):
      nmstate-2.2.12-2.el9.x86_64
      nispor-1.2.10-1.el9.x86_64
      NetworkManager-1.43.9-1.el9.x86_64
      DISTRO=RHEL-9.3.0-updates-20230611.28

      How reproducible:
      100%

      Steps to Reproduce:

      echo "
interfaces:
- name: vrf0
  type: vrf
  state: up
  vrf:
    route-table-id: 100
" | nmstatectl apply

ip link add veth0 type veth peer veth0_p
ip link set veth0 master vrf0
ip link set veth0 up
ip link set veth0_p up

echo "
interfaces:
- name: vrf0
  type: vrf
  state: up
  vrf:
    port:
    - veth0
" | nmstatectl apply

nmcli dev 

echo "
interfaces:
- name: vrf0
  type: vrf
  state: up
  vrf:
    port: []
" | nmstatectl apply

      Actual results:
      NmstateError: VerificationError: Verification failure: vrf0.interface.vrf.port desire '[]', current '["veth0"]'

      Expected results:
      Report applying successfully while veth0 is still attaching to vrf0, and veth0 stays unmanaged in `nmcli dev`

      Additional info:

              rh-ee-mshi1 Mingyu Shi
              rh-ee-mshi1 Mingyu Shi
              Network Management Team Network Management Team
              Mingyu Shi Mingyu Shi
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: