Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-16501

Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"

    XMLWordPrintable

Details

    • rhel-system-roles-1.23.0-2.1.el8
    • Normal
    • sst_system_roles
    • 20
    • Hide

      Waiting for system-role build to include the PR in errata

      Show
      Waiting for system-role build to include the PR in errata
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Hide

      Given a system administrator configuring networking on a RHEL system,
      When they use the provided playbook to set up an IPv6 routing rule with the from parameter set to ::/0,
      Then the playbook should execute without errors

      Definition of Done

      • The implementation meets the acceptance criteria
      • The unit tests and integration tests are written and passed
      • The code is part of a build attached to an errata
      Show
      Given a system administrator configuring networking on a RHEL system, When they use the provided playbook to set up an IPv6 routing rule with the from parameter set to ::/0, Then the playbook should execute without errors Definition of Done The implementation meets the acceptance criteria The unit tests and integration tests are written and passed The code is part of a build attached to an errata
    • Pass
    • Bug Fix
    • Hide
      .`network` role validates routing rules with `0.0.0.0/0` or `::/0`

      Previously, when the `from:` or `to:` settings were set to the `0.0.0.0/0` or `::/0` addresses in the routing rule, the `network` RHEL System Role failed to configure the routing rule and rejected the settings as invalid. With this update, the `network` role allows `0.0.0.0/0` and `::/0` for `from:` and `to:` in routing rule validation. As a result, the role successfully configures the routing rules without raising the validation errors.
      Show
      .`network` role validates routing rules with `0.0.0.0/0` or `::/0` Previously, when the `from:` or `to:` settings were set to the `0.0.0.0/0` or `::/0` addresses in the routing rule, the `network` RHEL System Role failed to configure the routing rule and rejected the settings as invalid. With this update, the `network` role allows `0.0.0.0/0` and `::/0` for `from:` and `to:` in routing rule validation. As a result, the role successfully configures the routing rules without raising the validation errors.
    • Done

    Description

      What were you trying to do that didn't work?

      The playbook fails while trying to add a ipv6 routing rule: 

      # cat net.yml | egrep routin -A4
          routing_rule:
            - priority: 5
              from: '::/0' 
              iif: eth1
              table: 1

      The error message seems to point to `from` parameter which cannot be equal to `0`

      [...]
The full traceback is:
  File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 2760, in main
  File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 1850, in connections
fatal: [192.168.77.53]: FAILED! => {
[...]
    },
    "msg": "fatal error: configuration error: connections[0].ip.routing_rule[0]: the prefix length for 'from' cannot be zero",
    "stderr": "\n",
    "stderr_lines": [
        ""
    ]
}

PLAY RECAP *************************************************************************************************************************************************************************************************************************
192.168.77.53              : ok=7    changed=0    unreachable=0    failed=1    skipped=9    rescued=0    ignored=0  


# cat -n /usr/share/ansible/roles/rhel-system-roles.network/library/network_connections.py | egrep routing_rule.*from
  1239                    if routing_rule["from"]:
  1242                            routing_rule["from"]["address"],
  1243                            routing_rule["from"]["prefix"],

      The command is fully supported by networkmanager:

      # nmcli connection modify eth1 ipv6.routing-rules 'priority 5 from ::/0 table 1'
# nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)

# cat /etc/NetworkManager/system-connections/eth1.nmconnection | grep rule
routing-rule1=priority 5 from ::/0 table 1

      Please provide the package NVR for which bug is seen:

      # ansible-galaxy collection list | egrep rhel
redhat.rhel_system_roles 1.21.2

      How reproducible:

      Always

      Steps to reproduce

      # dnf install redhat.rhel_system_roles -y

1. Example of playbook:

---
- name: Configure the network with rhel system roles
  hosts: all
  become: true
  vars:
    network_connections:
      - name: eth1
        type: ethernet
        autoconnect: true
        state: up
        ip:
          dhcp4: false
          address: 
            - fd6d:8d64:af0c::2/64
          gateway6: fd6d:8d64:af0c::1
          route:
            - network: 'fd6d:8d64:af0c::'
              prefix: 64
              table: 1
            - network: '::'
              prefix: 0
              gateway: 'fd6d:8d64:af0c::1'
              table: 1
          routing_rule:
            - priority: 5
              from: '::/0' 
              iif: eth1
              table: 1
            - priority: 5
              from: fd6d:8d64:af0c::/64
              table: 1
  roles:
    - rhel-system-roles.network
...

      Expected results

      # cat /etc/NetworkManager/system-connections/eth1.nmconnection | grep rule
routing-rule1=priority 5 from ::/0 table 1

      Actual results

      The full traceback is:
  File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 2760, in main
  File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 1850, in connections
fatal: [192.168.77.53]: FAILED! => {
[...]
    },
    "msg": "fatal error: configuration error: connections[0].ip.routing_rule[0]: the prefix length for 'from' cannot be zero",
    "stderr": "\n",
    "stderr_lines": [
        ""
    ]
}

PLAY RECAP *************************************************************************************************************************************************************************************************************************
192.168.77.53              : ok=7    changed=0    unreachable=0    failed=1    skipped=9    rescued=0    ignored=0

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. RHEL-1683 Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          Web Link RHEA-2023:124810 rhel-system-roles bug fix and enhancement update

          mentioned on

          GitLab Commit - System Roles update 1.23.0-2.1

          GitLab Merge request - System Roles update 1.23.0-2.1

          Activity

            People

              djez@redhat.com David Jez
              rhn-support-elaurett Emanuele Lauretta
              Robert Fubel
              Richard Megginson Richard Megginson
              David Jez David Jez
              Mayur Patil Mayur Patil
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: