Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-16501

Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"

    • rhel-system-roles-1.23.0-2.1.el8
    • None
    • Moderate
    • rhel-sst-system-roles
    • 20
    • None
    • Hide

      Waiting for system-role build to include the PR in errata

      Show
      Waiting for system-role build to include the PR in errata
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Hide

      Given a system administrator configuring networking on a RHEL system,
      When they use the provided playbook to set up an IPv6 routing rule with the from parameter set to ::/0,
      Then the playbook should execute without errors

      Definition of Done

      • The implementation meets the acceptance criteria
      • The unit tests and integration tests are written and passed
      • The code is part of a build attached to an errata
      Show
      Given a system administrator configuring networking on a RHEL system, When they use the provided playbook to set up an IPv6 routing rule with the from parameter set to ::/0, Then the playbook should execute without errors Definition of Done The implementation meets the acceptance criteria The unit tests and integration tests are written and passed The code is part of a build attached to an errata
    • Pass
    • None
    • Bug Fix
    • Hide
      .`network` role validates routing rules with `0.0.0.0/0` or `::/0`

      Previously, when the `from:` or `to:` settings were set to the `0.0.0.0/0` or `::/0` addresses in the routing rule, the `network` RHEL System Role failed to configure the routing rule and rejected the settings as invalid. With this update, the `network` role allows `0.0.0.0/0` and `::/0` for `from:` and `to:` in routing rule validation. As a result, the role successfully configures the routing rules without raising the validation errors.
      Show
      .`network` role validates routing rules with `0.0.0.0/0` or `::/0` Previously, when the `from:` or `to:` settings were set to the `0.0.0.0/0` or `::/0` addresses in the routing rule, the `network` RHEL System Role failed to configure the routing rule and rejected the settings as invalid. With this update, the `network` role allows `0.0.0.0/0` and `::/0` for `from:` and `to:` in routing rule validation. As a result, the role successfully configures the routing rules without raising the validation errors.
    • Done
    • None

      What were you trying to do that didn't work?

      The playbook fails while trying to add a ipv6 routing rule:

      # cat net.yml | egrep routin -A4
                routing_rule:
                  - priority: 5
                    from: '::/0' 
                    iif: eth1
                    table: 1
      

      The error message seems to point to `from` parameter which cannot be equal to `0`

      [...]
      The full traceback is:
        File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 2760, in main
        File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 1850, in connections
      fatal: [192.168.77.53]: FAILED! => {
      [...]
          },
          "msg": "fatal error: configuration error: connections[0].ip.routing_rule[0]: the prefix length for 'from' cannot be zero",
          "stderr": "\n",
          "stderr_lines": [
              ""
          ]
      }
      
      PLAY RECAP *************************************************************************************************************************************************************************************************************************
      192.168.77.53              : ok=7    changed=0    unreachable=0    failed=1    skipped=9    rescued=0    ignored=0  
      
      
      # cat -n /usr/share/ansible/roles/rhel-system-roles.network/library/network_connections.py | egrep routing_rule.*from
        1239                    if routing_rule["from"]:
        1242                            routing_rule["from"]["address"],
        1243                            routing_rule["from"]["prefix"],
      

      The command is fully supported by networkmanager:

      # nmcli connection modify eth1 ipv6.routing-rules 'priority 5 from ::/0 table 1'
      # nmcli connection up eth1
      Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)
      
      # cat /etc/NetworkManager/system-connections/eth1.nmconnection | grep rule
      routing-rule1=priority 5 from ::/0 table 1
      

      Please provide the package NVR for which bug is seen:

      # ansible-galaxy collection list | egrep rhel
      redhat.rhel_system_roles 1.21.2
      

      How reproducible:

      Always

      Steps to reproduce

      # dnf install redhat.rhel_system_roles -y
      
      1. Example of playbook:
      
      ---
      - name: Configure the network with rhel system roles
        hosts: all
        become: true
        vars:
          network_connections:
            - name: eth1
              type: ethernet
              autoconnect: true
              state: up
              ip:
                dhcp4: false
                address: 
                  - fd6d:8d64:af0c::2/64
                gateway6: fd6d:8d64:af0c::1
                route:
                  - network: 'fd6d:8d64:af0c::'
                    prefix: 64
                    table: 1
                  - network: '::'
                    prefix: 0
                    gateway: 'fd6d:8d64:af0c::1'
                    table: 1
                routing_rule:
                  - priority: 5
                    from: '::/0' 
                    iif: eth1
                    table: 1
                  - priority: 5
                    from: fd6d:8d64:af0c::/64
                    table: 1
        roles:
          - rhel-system-roles.network
      ...
      

      Expected results

      # cat /etc/NetworkManager/system-connections/eth1.nmconnection | grep rule
      routing-rule1=priority 5 from ::/0 table 1
      

      Actual results

      The full traceback is:
        File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 2760, in main
        File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 1850, in connections
      fatal: [192.168.77.53]: FAILED! => {
      [...]
          },
          "msg": "fatal error: configuration error: connections[0].ip.routing_rule[0]: the prefix length for 'from' cannot be zero",
          "stderr": "\n",
          "stderr_lines": [
              ""
          ]
      }
      
      PLAY RECAP *************************************************************************************************************************************************************************************************************************
      192.168.77.53              : ok=7    changed=0    unreachable=0    failed=1    skipped=9    rescued=0    ignored=0  
      

              djez@redhat.com David Jez
              rhn-support-elaurett Emanuele Lauretta
              Robert Fubel
              Richard Megginson Richard Megginson
              David Jez David Jez
              Mayur Patil Mayur Patil
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: