Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1683

Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"

    • rhel-system-roles-1.23.0-2.1.el9
    • Normal
    • sst_system_roles
    • 20
    • 22
    • None
    • Hide

      Waiting for system-role build to include the PR in errata

      Show
      Waiting for system-role build to include the PR in errata
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Hide

      Given a system administrator configuring networking on a RHEL system,
      When they use the provided playbook to set up an IPv6 routing rule with the from parameter set to ::/0,
      Then the playbook should execute without errors

      Definition of Done

      • The implementation meets the acceptance criteria
      • The unit tests and integration tests are written and passed
      • The code is part of a build attached to an errata
      Show
      Given a system administrator configuring networking on a RHEL system, When they use the provided playbook to set up an IPv6 routing rule with the from parameter set to ::/0, Then the playbook should execute without errors Definition of Done The implementation meets the acceptance criteria The unit tests and integration tests are written and passed The code is part of a build attached to an errata
    • Pass
    • None
    • Bug Fix
    • Hide
      .`network` role validates routing rules with `0.0.0.0/0` or `::/0`

      Previously, when the `from:` or `to:` settings were set to the `0.0.0.0/0` or `::/0` addresses in the routing rule, the `network` RHEL System Role failed to configure the routing rule and rejected the settings as invalid. With this update, the `network` role allows `0.0.0.0/0` and `::/0` for `from:` and `to:` in routing rule validation. As a result, the role successfully configures the routing rules without raising the validation errors.
      Show
      .`network` role validates routing rules with `0.0.0.0/0` or `::/0` Previously, when the `from:` or `to:` settings were set to the `0.0.0.0/0` or `::/0` addresses in the routing rule, the `network` RHEL System Role failed to configure the routing rule and rejected the settings as invalid. With this update, the `network` role allows `0.0.0.0/0` and `::/0` for `from:` and `to:` in routing rule validation. As a result, the role successfully configures the routing rules without raising the validation errors.
    • Done
    • None

      What were you trying to do that didn't work?

      The playbook fails while trying to add a ipv6 routing rule:

      # cat net.yml | egrep routin -A4
                routing_rule:
                  - priority: 5
                    from: '::/0' 
                    iif: eth1
                    table: 1
      

      The error message seems to point to `from` parameter which cannot be equal to `0`

      [...]
      The full traceback is:
        File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 2760, in main
        File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 1850, in connections
      fatal: [192.168.77.53]: FAILED! => {
      [...]
          },
          "msg": "fatal error: configuration error: connections[0].ip.routing_rule[0]: the prefix length for 'from' cannot be zero",
          "stderr": "\n",
          "stderr_lines": [
              ""
          ]
      }
      
      PLAY RECAP *************************************************************************************************************************************************************************************************************************
      192.168.77.53              : ok=7    changed=0    unreachable=0    failed=1    skipped=9    rescued=0    ignored=0  
      
      
      # cat -n /usr/share/ansible/roles/rhel-system-roles.network/library/network_connections.py | egrep routing_rule.*from
        1239                    if routing_rule["from"]:
        1242                            routing_rule["from"]["address"],
        1243                            routing_rule["from"]["prefix"],
      

      The command is fully supported by networkmanager:

      # nmcli connection modify eth1 ipv6.routing-rules 'priority 5 from ::/0 table 1'
      # nmcli connection up eth1
      Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)
      
      # cat /etc/NetworkManager/system-connections/eth1.nmconnection | grep rule
      routing-rule1=priority 5 from ::/0 table 1
      

      Please provide the package NVR for which bug is seen:

      # ansible-galaxy collection list | egrep rhel
      redhat.rhel_system_roles 1.21.2
      

      How reproducible:

      Always

      Steps to reproduce

      # dnf install redhat.rhel_system_roles -y
      
      1. Example of playbook:
      
      ---
      - name: Configure the network with rhel system roles
        hosts: all
        become: true
        vars:
          network_connections:
            - name: eth1
              type: ethernet
              autoconnect: true
              state: up
              ip:
                dhcp4: false
                address: 
                  - fd6d:8d64:af0c::2/64
                gateway6: fd6d:8d64:af0c::1
                route:
                  - network: 'fd6d:8d64:af0c::'
                    prefix: 64
                    table: 1
                  - network: '::'
                    prefix: 0
                    gateway: 'fd6d:8d64:af0c::1'
                    table: 1
                routing_rule:
                  - priority: 5
                    from: '::/0' 
                    iif: eth1
                    table: 1
                  - priority: 5
                    from: fd6d:8d64:af0c::/64
                    table: 1
        roles:
          - rhel-system-roles.network
      ...
      

      Expected results

      # cat /etc/NetworkManager/system-connections/eth1.nmconnection | grep rule
      routing-rule1=priority 5 from ::/0 table 1
      

      Actual results

      The full traceback is:
        File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 2760, in main
        File "/tmp/ansible_network_connections_payload_s4vo9dpf/ansible_network_connections_payload.zip/ansible/modules/network_connections.py", line 1850, in connections
      fatal: [192.168.77.53]: FAILED! => {
      [...]
          },
          "msg": "fatal error: configuration error: connections[0].ip.routing_rule[0]: the prefix length for 'from' cannot be zero",
          "stderr": "\n",
          "stderr_lines": [
              ""
          ]
      }
      
      PLAY RECAP *************************************************************************************************************************************************************************************************************************
      192.168.77.53              : ok=7    changed=0    unreachable=0    failed=1    skipped=9    rescued=0    ignored=0  
      

            liangwen12year Wen Liang
            rhn-support-elaurett Emanuele Lauretta
            Robert Fubel
            Jan Fiala
            Richard Megginson Richard Megginson
            Jakub Haruda Jakub Haruda
            Mayur Patil Mayur Patil
            Votes:
            2 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: