Bug 1801904
| Summary: | os-net-config does not enable new policy-based routing rules after initial deployment | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Matt Flusche <mflusche> |
| Component: | os-net-config | Assignee: | Dan Sneddon <dsneddon> |
| Status: | CLOSED ERRATA | QA Contact: | nlevinki <nlevinki> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 16.0 (Train) | CC: | bfournie, dsneddon, harsh.kotak, hbrock, hjensas, jslagle, mburns |
| Target Milestone: | z2 | Keywords: | Triaged |
| Target Release: | 16.0 (Train on RHEL 8.1) | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | os-net-config-11.3.2-0.20200313111250.049314b.el8ost | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-14 12:15:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Matt, did you create the route table?
network_config:
-
type: route_table
name: custom
table_id: 200
(In reply to Dan Sneddon from comment #1) > Matt, did you create the route table? > > network_config: > - > type: route_table > name: custom > table_id: 200 Hi Dan, Yes, route_table defined; here is my current network_config I'm testing. slightly different rules but same behavior. params: $network_config: network_config: - type: route_table name: custom table_id: 200 - type: interface name: nic1 mtu: get_param: ControlPlaneMtu use_dhcp: false addresses: - ip_netmask: list_join: - / - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: list_concat_unique: - get_param: ControlPlaneStaticRoutes - - default: true next_hop: get_param: ControlPlaneDefaultRoute - type: linux_bond name: bond_internal mtu: get_attr: [MinViableMtuBondApi, value] use_dhcp: false bonding_options: get_param: BondInterfaceOvsOptions domain: get_param: DnsSearchDomains members: - type: interface name: nic2 mtu: get_attr: [MinViableMtuBondApi, value] primary: true - type: interface name: nic5 mtu: get_attr: [MinViableMtuBondApi, value] - type: vlan device: bond_internal mtu: get_param: StorageMtu vlan_id: get_param: StorageNetworkVlanID addresses: - ip_netmask: get_param: StorageIpSubnet routes: list_concat_unique: - get_param: StorageInterfaceRoutes - type: vlan device: bond_internal mtu: get_param: StorageMgmtMtu vlan_id: get_param: StorageMgmtNetworkVlanID addresses: - ip_netmask: get_param: StorageMgmtIpSubnet routes: list_concat_unique: - get_param: StorageMgmtInterfaceRoutes - type: vlan device: bond_internal mtu: get_param: InternalApiMtu vlan_id: get_param: InternalApiNetworkVlanID addresses: - ip_netmask: get_param: InternalApiIpSubnet routes: list_concat_unique: - get_param: InternalApiInterfaceRoutes - type: ovs_bridge name: br-tenant use_dhcp: false addresses: - ip_netmask: get_param: TenantIpSubnet members: - type: interface name: nic3 - type: ovs_bridge name: br-ex dns_servers: {get_param: DnsServers} use_dhcp: false mtu: 1500 members: - type: interface name: nic4 mtu: 1500 primary: true - type: vlan vlan_id: {get_param: ExternalNetworkVlanID} mtu: 1500 addresses: - ip_netmask: {get_param: ExternalIpSubnet} routes: - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} table: 200 rules: - rule: "to 192.168.2.0/24 table main priority 500" comment: "all adjacent traffic on 192.168.2.0/24 to main table" - rule: "from 192.168.2.0/24 table 200 priority 501" comment: "all remote traffic from 192.168.2.0/24 to custom table" Verified changes were in OSP-16z2, compose 20200406.1, rpm os-net-config-11.3.2-0.20200313111250.049314b.el8ost.noarch. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2114 |
Description of problem: OSP16 deployment with policy-based routing rules. os-net-config does not enable new ip rules during subsequent deployments. Version-Release number of selected component (if applicable): os-net-config-11.3.1-0.20191202211303.d814f68.el8ost.noarch How reproducible: 100% Steps to Reproduce: 1. example nic-config def: - type: ovs_bridge name: br-ex dns_servers: {get_param: DnsServers} use_dhcp: false mtu: 1500 members: - type: interface name: nic4 mtu: 1500 primary: true - type: vlan vlan_id: {get_param: ExternalNetworkVlanID} mtu: 1500 addresses: - ip_netmask: {get_param: ExternalIpSubnet} routes: - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} table: 200 rules: - rule: "from 192.168.2.0/24 table 200" - rule: "from 10.10.10.0/24 table 200" Here '- rule: "from 10.10.10.0/24 table 200"' is the new definition. parameter_defaults: NetworkDeploymentActions: ['CREATE','UPDATE'] ^^ deployment param to ensure the new config is used. After deployment the config is in the appropriate file: [root@overcloud-controller-0 ~]# cat /etc/sysconfig/network-scripts/rule-vlan5 # This file is autogenerated by os-net-config from 192.168.2.0/24 table 200 from 10.10.10.0/24 table 200 However the rule is not active: [root@overcloud-controller-0 ~]# ip rule 0: from all lookup local 32765: from 192.168.2.0/24 lookup custom 32766: from all lookup main 32767: from all lookup default A restart of the interface is needed to activate the rule: root@overcloud-controller-0 ~]# ifdown vlan5; ifup vlan5 WARN : [ifdown] You are using 'ifdown' script provided by 'network-scripts', which are now deprecated. WARN : [ifdown] 'network-scripts' will be removed in one of the next major releases of RHEL. WARN : [ifdown] It is advised to switch to 'NetworkManager' instead - it provides 'ifup/ifdown' scripts as well. RTNETLINK answers: No such file or directory WARN : [ifup] You are using 'ifup' script provided by 'network-scripts', which are now deprecated. WARN : [ifup] 'network-scripts' will be removed in one of the next major releases of RHEL. WARN : [ifup] It is advised to switch to 'NetworkManager' instead - it provides 'ifup/ifdown' scripts as well. [root@overcloud-controller-0 ~]# ip rule 0: from all lookup local 32764: from 10.10.10.0/24 lookup custom 32765: from 192.168.2.0/24 lookup custom 32766: from all lookup main 32767: from all lookup default