Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-31957

Rollback from bad NMState configuration not working

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-9.2.0
    • NetworkManager
    • None
    • None
    • None
    • rhel-net-mgmt
    • ssg_networking
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Testing the error path in kubernetes-nmstate when a user supplies an invalid configuration.

      Please provide the package NVR for which bug is seen:

      NetworkManager-1.42.2-13.el9_2.x86_64

      How reproducible:

      Always

      Steps to reproduce

      1. Apply configuration using kubernetes-nmstate with a bad default gateway. This triggers a rollback because the validation probes fail. Note that this configuration does not cause a failure when applied with NMState by itself. It's a kubernetes-nmstate probe that fails.
      apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: worker-1-br-ex
spec:
  nodeSelector:
    kubernetes.io/hostname: worker-1
  desiredState:
    interfaces:
    - name: enp2s0
      type: ethernet
      state: up
      ipv4:
        enabled: false
      ipv6:
        enabled: false
    - name: br-ex
      type: ovs-bridge
      state: up
      ipv4:
        enabled: false
        dhcp: false
      ipv6:
        enabled: false
        dhcp: false
      bridge:
        port:
        - name: enp2s0
        - name: br-ex
    - name: br-ex
      type: ovs-interface
      state: up
      copy-mac-from: enp2s0
      ipv4:
        enabled: true
        dhcp: true
        address:
        - ip: "169.254.169.2"
          prefix-length: 29
      ipv6:
        enabled: false
        dhcp: false
    routes:
      config:
      - destination: 0.0.0.0/0
        next-hop-address: 192.168.111.222
        next-hop-interface: br-ex

      Expected results

      Node rolls back to working state it previously had.

      Actual results

      The bridge interface is down and the node has no connectivity to that network.

      [root@worker-1 core]# nmcli con show
      NAME                UUID                                  TYPE           DEVICE 
      Wired Connection    1999aeef-ae8e-4674-929c-bf2e85096191  ethernet       enp1s0 
      lo                  ab5f7645-fc13-43ad-9084-65449574ff01  loopback       lo     
      Wired connection 1  ebbb19cf-19ac-394d-82df-deb4c6336d3e  ethernet       enp2s0 
      br-ex-br            bd320509-b1dd-4ee2-803d-a679d3513194  ovs-bridge     br-ex  
      br-ex-port          a168f756-6e99-4d1e-8142-92b8c81f848c  ovs-port       br-ex  
      enp2s0-port         485d7c18-2414-4ed2-a6c2-d26270b6d6ed  ovs-port       enp2s0 
      Wired Connection    8ad4e78e-9807-436d-ab69-3978532a8503  ethernet       –     
      br-ex-if            7eefe75d-1ebb-42f6-a9ba-38422dc543dd  ovs-interface  --

      I will upload NetworkManager trace logs from this scenario as well.

      Also worth noting that if I run "nmcli con up br-ex-if" the bridge is restored.

              nm-team Network Management Team
              bnemec@redhat.com Benjamin Nemec
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: