Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhel-9.4
Affects Version/s: None
Component/s: rhel-system-roles
Labels:

Fixed in Build:
rhel-system-roles-1.23.0-2.1.el9
Regression:
None
Severity:
Moderate

Pool Team:

rhel-sst-system-roles

Dev Target Milestone:
20
Internal Target Milestone:
22
Story Points:
None
Status Summary:

Hide

Waiting for system-role build to include the PR in errata

Show
Waiting for system-role build to include the PR in errata
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Acceptance Criteria:
Hide

Given a system administrator configuring networking on a RHEL system,
When they use the provided playbook to set up an IPv6 routing rule with the from parameter set to ::/0,
Then the playbook should execute without errors

Definition of Done

The implementation meets the acceptance criteria

The unit tests and integration tests are written and passed

The code is part of a build attached to an errata
Show
Given a system administrator configuring networking on a RHEL system, When they use the provided playbook to set up an IPv6 routing rule with the from parameter set to ::/0, Then the playbook should execute without errors Definition of Done The implementation meets the acceptance criteria The unit tests and integration tests are written and passed The code is part of a build attached to an errata
Preliminary Testing:
Pass
Errata Link:
https://errata.devel.redhat.com/advisory/124808
Test Coverage:
None

Release Note Type:
Bug Fix
Release Note Text:

Hide
.`network` role validates routing rules with `0.0.0.0/0` or `::/0`

Previously, when the `from:` or `to:` settings were set to the `0.0.0.0/0` or `::/0` addresses in the routing rule, the `network` RHEL System Role failed to configure the routing rule and rejected the settings as invalid. With this update, the `network` role allows `0.0.0.0/0` and `::/0` for `from:` and `to:` in routing rule validation. As a result, the role successfully configures the routing rules without raising the validation errors.

Show
.`network` role validates routing rules with `0.0.0.0/0` or `::/0` Previously, when the `from:` or `to:` settings were set to the `0.0.0.0/0` or `::/0` addresses in the routing rule, the `network` RHEL System Role failed to configure the routing rule and rejected the settings as invalid. With this update, the `network` role allows `0.0.0.0/0` and `::/0` for `from:` and `to:` in routing rule validation. As a result, the role successfully configures the routing rules without raising the validation errors.
Release Note Status:
Done

Experience:

PX Impact Score:
PX Technical Impact:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

The playbook fails while trying to add a ipv6 routing rule:

# cat net.yml | egrep routin -A4
          routing_rule:
            - priority: 5
              from: '::/0' 
              iif: eth1
              table: 1

The error message seems to point to `from` parameter which cannot be equal to `0`

[...]
The full traceback is:
  File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 2760, in main
  File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 1850, in connections
fatal: [192.168.77.53]: FAILED! => {
[...]
    },
    "msg": "fatal error: configuration error: connections[0].ip.routing_rule[0]: the prefix length for 'from' cannot be zero",
    "stderr": "\n",
    "stderr_lines": [
        ""
    ]
}

PLAY RECAP *************************************************************************************************************************************************************************************************************************
192.168.77.53              : ok=7    changed=0    unreachable=0    failed=1    skipped=9    rescued=0    ignored=0  


# cat -n /usr/share/ansible/roles/rhel-system-roles.network/library/network_connections.py | egrep routing_rule.*from
  1239                    if routing_rule["from"]:
  1242                            routing_rule["from"]["address"],
  1243                            routing_rule["from"]["prefix"],

The command is fully supported by networkmanager:

# nmcli connection modify eth1 ipv6.routing-rules 'priority 5 from ::/0 table 1'
# nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)

# cat /etc/NetworkManager/system-connections/eth1.nmconnection | grep rule
routing-rule1=priority 5 from ::/0 table 1

Please provide the package NVR for which bug is seen:

# ansible-galaxy collection list | egrep rhel
redhat.rhel_system_roles 1.21.2

How reproducible:

Always

Steps to reproduce

# dnf install redhat.rhel_system_roles -y

1. Example of playbook:

---
- name: Configure the network with rhel system roles
  hosts: all
  become: true
  vars:
    network_connections:
      - name: eth1
        type: ethernet
        autoconnect: true
        state: up
        ip:
          dhcp4: false
          address: 
            - fd6d:8d64:af0c::2/64
          gateway6: fd6d:8d64:af0c::1
          route:
            - network: 'fd6d:8d64:af0c::'
              prefix: 64
              table: 1
            - network: '::'
              prefix: 0
              gateway: 'fd6d:8d64:af0c::1'
              table: 1
          routing_rule:
            - priority: 5
              from: '::/0' 
              iif: eth1
              table: 1
            - priority: 5
              from: fd6d:8d64:af0c::/64
              table: 1
  roles:
    - rhel-system-roles.network
...

Expected results

# cat /etc/NetworkManager/system-connections/eth1.nmconnection | grep rule
routing-rule1=priority 5 from ::/0 table 1

Actual results

The full traceback is:
  File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 2760, in main
  File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 1850, in connections
fatal: [192.168.77.53]: FAILED! => {
[...]
    },
    "msg": "fatal error: configuration error: connections[0].ip.routing_rule[0]: the prefix length for 'from' cannot be zero",
    "stderr": "\n",
    "stderr_lines": [
        ""
    ]
}

PLAY RECAP *************************************************************************************************************************************************************************************************************************
192.168.77.53              : ok=7    changed=0    unreachable=0    failed=1    skipped=9    rescued=0    ignored=0

is cloned by

RHEL-16501 Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"

Closed

links to

RHEA-2023:124808 rhel-system-roles bug fix and enhancement update

mentioned on

Merge request - System Roles update 1.23.0-1.1

Assignee:: Wen Liang

Reporter:: Emanuele Lauretta

Need Info From:: Robert Fubel

Contributors:: Jan Fiala

Developer:: Richard Megginson

QA Contact:: Jakub Haruda

Doc Contact:: Mayur Patil

Votes:: 2 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: 2023/08/25 12:52 PM

Updated:: 2024/09/23 10:02 PM

Resolved:: 2024/04/30 9:51 AM

Target start:: 2023/10/05

Dev Target end:: 2024/01/15

Target end:: 2024/01/29

Release Date:: 2024/04/30

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates