Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-22720

Cannot modify existing ipsec connection

    • nmstate-2.2.24-1.el9
    • ZStream
    • 1
    • sst_network_management
    • ssg_networking
    • 26
    • 1
    • False
    • Hide

      None

      Show
      None
    • No
    • NMT - RHEL 8.10/9.4 DTM 24
    • Approved Blocker
    • Hide

      Given a system administrator applies an IPsec connection policy using nmstate operator with certain parameters (like left, right, leftid, etc.) and the policy is successfully applied,
      When they attempt to update the NodeNetworkConfigurationPolicy by adding type: tunnel to the existing IPsec connection configuration,
      Then the update should be successfully applied, allowing modification of the mode 'type', and the NodeNetworkConfigurationPolicy status should not show as 'Degraded' or 'FailedToConfigure'.

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Unit test and integration test are written and pass
      • The code is part of a downstream build attached to an errata
      Show
      Given a system administrator applies an IPsec connection policy using nmstate operator with certain parameters (like left, right, leftid, etc.) and the policy is successfully applied, When they attempt to update the NodeNetworkConfigurationPolicy by adding type: tunnel to the existing IPsec connection configuration, Then the update should be successfully applied, allowing modification of the mode 'type', and the NodeNetworkConfigurationPolicy status should not show as 'Degraded' or 'FailedToConfigure'. Definition of Done: The implementation meets the acceptance criteria Unit test and integration test are written and pass The code is part of a downstream build attached to an errata
    • Pass
    • None
    • None

      What were you trying to do that didn't work?

      Please provide the package NVR for which bug is seen:

      nmstate-2.2.23-1.el9_2.x86_64

      How reproducible:

      Steps to reproduce

      1. Apply nncp by nmstate operator
      kind: NodeNetworkConfigurationPolicy
      apiVersion: nmstate.io/v1
      metadata:
      name: "ipsec-policy1"
      spec:
      nodeSelector:
      kubernetes.io/hostname: "huirwang-0125a-nvmtp-worker-a-lbrrf"
      desiredState:
      interfaces:

      • name: plutoVM
        type: ipsec
        libreswan:
        left: 10.0.128.2
        leftid: '%fromcert'
        leftrsasigkey: '%cert'
        leftcert: '10_0_128_2'
        right: 10.0.0.2
        rightid: '%fromcert'
        rightrsasigkey: '%cert'
        ikev2: insist
        leftmodecfgclient: no
        rightsubnet: 10.0.0.2/32

      then it can be applied successfuly.
      Then update nncp by add `type: tunnel`, it failed to apply

      % oc get nncp
      NAME STATUS REASON
      ipsec-policy1 Degraded FailedToConfigure

      Expected results

      Should be able to update mode 'type'

      Actual results

      Failed to update mode 'type'

            rh-ee-mshi1 Mingyu Shi
            huirwang Huiran Wang
            Network Management Team Network Management Team
            Mingyu Shi Mingyu Shi
            Votes:
            0 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved: