Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1426

nmpolicy capture leaves dhcp values which blocks further policies

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • None
    • None
    • 1
    • rhel-net-mgmt
    • ssg_networking
    • 4
    • 1
    • Hide

      Already fixed in RHEL 9.2, proposed to close as current release

      Show
      Already fixed in RHEL 9.2, proposed to close as current release
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • NMT - RHEL-9.5 DTM 2
    • Hide

      Given a system administrator configuring a OCP cluster

      When the system administrator applies a sequence of network policies that includes a change from static to dynamic IP configuration and back on a cluster node's primary interface,

      Then the network policies should be applied successfully and there should be no residual DHCP configuration values on the primary interface that could block the application of subsequent network policies.

      Definition of Done

      • The implementation meets the acceptance criteria
      • The unit tests and integration tests are written and passed
      • The code is part of a build attached to an errata
      Show
      Given a system administrator configuring a OCP cluster When the system administrator applies a sequence of network policies that includes a change from static to dynamic IP configuration and back on a cluster node's primary interface, Then the network policies should be applied successfully and there should be no residual DHCP configuration values on the primary interface that could block the application of subsequent network policies. Definition of Done The implementation meets the acceptance criteria The unit tests and integration tests are written and passed The code is part of a build attached to an errata
    • None
    • None
    • If docs needed, set a value
    • None
    • 0

      Description of problem:
      Applying a dynamic IP (DHCP) configuration on a cluster node's primary interface leaves DHCP configuration values, which then block other policies from being applied.

      Version-Release number of selected component (if applicable):
      OCP cluster version 4.13.4
      kubernetes-nmstate-operator.4.13.0-202306070816
      nmstate-2.2.9-6.rhaos4.13.el8.x86_64

      How reproducible:
      Always

      Steps to Reproduce:
      1.
      Label a cluster node with

      {"capture": "allow"}

      :
      $ oc label node cnv-qe-18.cnvqe.lab.eng.rdu2.redhat.com "capture"="allow"

      • Change the node name to the name of a node in your cluster.

      2.
      Apply the attached setup policies 1-static-ip-primary-net.yaml and 2-capture-br1-deployment.yaml

      • Wait for the first policy to finish successfully before applying the second policy.
      • Set the nodeSelector in 1-static-ip-primary-net.yaml to point to the name of same node you labeled.

      3.
      Apply the attached teardown policies 3-capture-br1-teardown.yaml and 4-dynamic-ip-primary-net.yaml

      • Once again - change the nodeSelector in 4-dynamic-ip-primary-net.yaml

      4.
      Check the NNS of the node, specifically the primary interface:
      $ oc get nns net-ys-4132s-2-k8htj-worker-0-2mn4r -o yaml | less
      ipv4:
      address:

      • ip: 192.168.0.176
        prefix-length: 18
        dhcp: false
        dhcp-client-id: ll
        enabled: true
        ipv6:
        addr-gen-mode: eui64
        address:
      • ip: fe80::3998:9201:288e:90c5
        prefix-length: 64
      • ip: fe80::f816:3eff:fefc:319b
        prefix-length: 64
        autoconf: false
        dhcp: false
        dhcp-duid: ll
        enabled: true
        lldp:
        enabled: false
        mac-address: FA:16:3E:FC:31:9B
        max-mtu: 7950
        min-mtu: 68
        mptcp:
        address-flags: []
        mtu: 7950
        name: ens3
        state: up
        type: ethernet
        wait-ip: any

      "dhcp-client-id: ll" was added to ipv4, and "dhcp-duid: ll" was added to ipv6.

      5.
      Try applying the 2 setup policies again (1-static-ip-primary-net.yaml and 2-capture-br1-deployment.yaml).

      Actual results:
      Applying the second policy fails.

      Expected results:
      Configuration applied successfully.

      Additional info:
      1. According to the NNCE, the new added parameter is to blame:
      325 [2023-07-10T13:17:10Z INFO nmstate::query_apply::net_state] Retrying on: VerificationError: Verification failure: capture-br1.interface.ipv4.dhcp-client-id desire ' 325 "ll"', current 'null'
      2. The attached journalctl and nmstate-handler pod logs start just before applying the first policy, and stop after applying the last teardown policy (in order to avoid unnecessary noise).

      Acceptance Criteria:
      Given a system administrator configuring a OCP cluster

      When the system administrator applies a sequence of network policies that includes a change from static to dynamic IP configuration and back on a cluster node's primary interface,

      Then the network policies should be applied successfully and there should be no residual DHCP configuration values on the primary interface that could block the application of subsequent network policies.

        1. nmpolicy-seconday-interface.yaml
          3 kB

              fge@redhat.com Gris Ge
              ysegev@redhat.com Yoss Segev
              Gris Ge Gris Ge
              Mingyu Shi Mingyu Shi
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: