-
Bug
-
Resolution: Unresolved
-
Major
-
rhel-9.2.0
-
nmstate-2.2.37-1.el9
-
No
-
Important
-
ZStream
-
1
-
rhel-sst-network-management
-
ssg_networking
-
1
-
-
False
-
-
None
-
NMT - RHEL-9.6/RHEL 10 DTM 4
-
Approved Blocker
-
-
Pass
-
Automated
-
None
What were you trying to do that didn't work?
we are trying to create nncp route-rules below, rule is created by applied for some reason to br-ex device (ovs-if-br-ex) breaking br-ex connectivity.
apiVersion: nmstate.io/v1 kind: NodeNetworkConfigurationPolicy metadata: name: egress-policy spec: desiredState: route-rules: config: - ip-to: 100.77.77.0/26 priority: 5550 route-table: 254 nodeSelector: node-role.kubernetes.io/gateway: ""
sh-5.1# ip rule list 0: from all lookup local 30: from all fwmark 0x1745ec lookup 7 5550: from all to 100.77.77.0/26 lookup main proto static 5999: from all fwmark 0x3f0 lookup main 32766: from all lookup main 32767: from all lookup default
What is the impact of this issue to you?
nncp status is degraded, ovs-configuration.service didn't started, connectivity issue on br-ex device (ovs-if-br-ex) blocking parter to use worker and egressIP running on it.
Please provide the package NVR for which the bug is seen:
sh-5.1# rpm -qa |grep nmstate nmstate-2.2.27-2.el9_4.x86_64
kubernetes-nmstate-operator.4.16.0-202407181806
OCP 4.14
OCP 4.16
sh-5.1# cat /etc/os-release NAME="Red Hat Enterprise Linux CoreOS" ID="rhcos" ID_LIKE="rhel fedora" VERSION="416.94.202407081958-0" VERSION_ID="4.16" VARIANT="CoreOS" VARIANT_ID=coreos PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux CoreOS 416.94.202407081958-0" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos::coreos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://docs.okd.io/latest/welcome/index.html" BUG_REPORT_URL="https://access.redhat.com/labs/rhir/" REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform" REDHAT_BUGZILLA_PRODUCT_VERSION="4.16" REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform" REDHAT_SUPPORT_PRODUCT_VERSION="4.16" OPENSHIFT_VERSION="4.16" RHEL_VERSION=9.4 OSTREE_VERSION="416.94.202407081958-0"
How reproducible is this bug?:
always
Steps to reproduce
- Apply nncp above with specified priority in table 254
- Check ip rules is applied : ip rule list
- Check in which interface the route-rule is applied: for c in $(nmcli -f UUID c show|grep -); do nmcli c show $c |grep routing; done
Expected results
nncp add route-rules without applying it on br-ex device
Actual results
nncp is applied on br-ex device (ovs-if-br-ex) for some reason
- is duplicated by
-
OCPBUGS-37666 NMstate: Failed to create a nmstate policy - failed to verify certificate
- Closed
- links to
-
RHEA-2024:139365 Bug fixes and enhancements of nmstate