Bug 1390605

VLANs are crucial for the RHV use-case.

I can confirm that the vlan device doesn't receive an IP address, but mvollmer will have to take a look and see whether this is intended behavior and/or a Cockpit bug.

Did this work before? It looks like this case isn't covered by the Cockpit integration tests.

(In reply to Dominik Perpeet from comment #3)
> I can confirm that the vlan device doesn't receive an IP address, but
> mvollmer will have to take a look and see whether this is intended behavior
> and/or a Cockpit bug.
> 
> Did this work before? It looks like this case isn't covered by the Cockpit
> integration tests.

We never got an IP in the tests because the vlan that we try to connect to doesn't actually exist, and there wont be any DHCP replies.

Can someone help me set up a working vlan with virt-manager?  I am a bit out of my depth here.

Can you show the nmcli invocation for setting up the vlan?

Also, can you show the output of "nmcli con show $CON" for the working vlan connection?

Here is the difference from the good to the bad ifcfg files.  Can you try them one by one and tell which one causes the breakage?

The bad one specifies the device:

+DEVICE=enp4s0.162

The bad one does IPv6 differently, no idea what this means exactly:

-IPV6INIT=yes
+IPV6INIT=no

The bad one switches of some reordering:

-REORDER_HDR=yes
+REORDER_HDR=no
+VLAN_FLAGS=NO_REORDER_HDR

> 3. Try to activate the vlan device

Did you try to activate it via Cockpit, or with nmcli?  Could you try nmcli as well?

Cockpit gets a JavaScript exception when clicking on the On button.  Maybe this is the whole problem?

(In reply to Marius Vollmer from comment #5)
> Can you show the nmcli invocation for setting up the vlan?
> 
> Also, can you show the output of "nmcli con show $CON" for the working vlan
> connection?

Hi

[root@orchid-vds2 ~]# nmcli connection show 
NAME           UUID                                  TYPE            DEVICE 
System enp4s0  7bea4bfb-6e6d-447f-8475-fe413f05f520  802-3-ethernet  enp4s0


[root@orchid-vds2 ~]# nmcli con add type vlan con-name enp4s0.162 dev enp4s0 id 162; \
> nmcli con mod uuid 7bea4bfb-6e6d-447f-8475-fe413f05f520 ipv4.method disabled ipv6.method ignore; \
> nmcli con mod id enp4s0.162 ipv4.method auto; \
> nmcli con down uuid 7bea4bfb-6e6d-447f-8475-fe413f05f520; \
> nmcli con up uuid 7bea4bfb-6e6d-447f-8475-fe413f05f520; \
> nmcli con up id enp4s0.162
Connection 'enp4s0.162' (88f2f4dc-aac9-4fda-a889-4a2f79b710f3) successfully added.


[root@orchid-vds2 ~]# nmcli con show --active 
NAME           UUID                                  TYPE            DEVICE     
System enp4s0  7bea4bfb-6e6d-447f-8475-fe413f05f520  802-3-ethernet  enp4s0     
enp4s0.162   88f2f4dc-aac9-4fda-a889-4a2f79b710f3  vlan            enp4s0.162 
virbr0         243e5622-6e3b-4784-b8a7-c8b3d119d42a  bridge          virbr0

(In reply to Marius Vollmer from comment #7)
> > 3. Try to activate the vlan device
> 
> Did you try to activate it via Cockpit, or with nmcli?  Could you try nmcli
> as well?
> 
> Cockpit gets a JavaScript exception when clicking on the On button.  Maybe
> this is the whole problem?

Yes, i'm trying to activate the vlan device via cockpit.
Like i wrote in description, with nmcli or via ifcfg-* files it wokring as expected. The issue is to activate(and get ip) the vlan device only via cockpit.

The JavaScript exception should be cured by this:

   https://github.com/cockpit-project/cockpit/pull/5293

Please reopen if there is more to do.  We unfortunately don't test whether the VLAN actually works in our tests, and I would need help with setting that up.

(Well, we don't have any VLAN tests at all right now, but we can fix that ourselves, I guess.)

> Like i wrote in description, with nmcli or via ifcfg-* files it wokring as expected.

Does the following work?

 - Create VLAN interface in Cockpit, say "ens3.62"
 - Activate that interface with "nmcli con up ens3.62"

(In reply to Marius Vollmer from comment #10)
> The JavaScript exception should be cured by this:
> 
>    https://github.com/cockpit-project/cockpit/pull/5293
> 
> Please reopen if there is more to do.  We unfortunately don't test whether
> the VLAN actually works in our tests, and I would need help with setting
> that up.
> 
> (Well, we don't have any VLAN tests at all right now, but we can fix that
> ourselves, I guess.)

This exception isn't raised in the version reported (118), only on master. So it's unrelated, I would say.

(In reply to Marius Vollmer from comment #7)
 
> Cockpit gets a JavaScript exception when clicking on the On button.  Maybe
> this is the whole problem?

Argh, this only happens with versions later than 118, so it can't explain your trouble.  Sorry.

Could you look at comment 6?

(In reply to Marius Vollmer from comment #11)
> > Like i wrote in description, with nmcli or via ifcfg-* files it wokring as expected.
> 
> Does the following work?
> 
>  - Create VLAN interface in Cockpit, say "ens3.62"
>  - Activate that interface with "nmcli con up ens3.62"

The follow dosen't work. Activation failed. If the vlan device is created via cockpit, it can't be activated neither using nmcli.

(In reply to Marius Vollmer from comment #14)
> Could you look at comment 6?

I look at comment 6 and yes i noticed the difference as well...i'm not sure i understand what do you want me to try..?

(In reply to Michael Burman from comment #16)
> (In reply to Marius Vollmer from comment #14)
> > Could you look at comment 6?
> 
> I look at comment 6 and yes i noticed the difference as well...i'm not sure
> i understand what do you want me to try..?

Take the original ifcfg-enp4s0.162-1 file as reported in comment 0 and do this:

 # nmcli con reload
 # nmcli con up enp4s0.162-1
 # nmcli dev
 
I assume that this will not show the bug: enp4s0.162 correctly receives an IP address.  Please paste the output of the commands here.

Then you stop the device and make the first change to ifcfg-enp4s0.162-1:

 # nmcli dev dis enp4s0.162
 # vi etc/sysconfig/network-scripts/ifcfg-enp4s0.162 
 (add the "DEVICE=enp4s0.162" line somewhere)

Then you repeat the test:

 # nmcli con reload
 # nmcli con up enp4s0.162-1
 # nmcli dev

Does it still receive an IP address?  Please paste the output as well.

Continue with the remaining two changes:

 - Change IPV6INIT to "no".
 - Change REORDER_HDR to "no" and add "VLAN_FLAGS=NO_REORDER_HDR"

I was able to reproduce this with help of the reporter.  (Thanks!)

The crucial bit is the NM_VLAN_FLAG_REORDER_HEADERS flag in the vlan settings.
The interface can only successfully acquire a IP address when that flag is set.

NetworkManager says that this flag is set by default, except when using the D-Bus API.

Thus, "nmcli con add type vlan" will set the flag, but Cockpit will not.

Since the flag seems to be important and is on "by default" with certain ways of creating a VLAN interface, I think Cockpit should cargo cult this and just set it as well "by default".


Here is the relevant bit of the docs:

   The default value of this property is NM_VLAN_FLAG_REORDER_HEADERS, but it 
   used to be 0. To preserve backward compatibility, the default-value in the
   D-Bus API continues to be 0 and a missing property on D-Bus is still
   considered as 0.

I managed to miss this, or it was added later.

https://github.com/cockpit-project/cockpit/pull/5294

Upstream master commit
https://github.com/cockpit-project/cockpit/commit/8ceb7172b80efba8e2d5269be078f0e65559b091

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2888.html