Bug 2142518

Summary: [RFE] findif.sh: Support policy-based routing (RHEL9)
Product: Red Hat Enterprise Linux 9 Reporter: Oyvind Albrigtsen <oalbrigt>
Component: resource-agentsAssignee: Oyvind Albrigtsen <oalbrigt>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: low Docs Contact: Steven J. Levine <slevine>
Priority: low    
Version: 9.1CC: agk, cfeist, cluster-maint, fdinitto, Jukka-Pekka.Jarvinen, jwboyer, mjuricek, nwahl, phagara, sbradley, slevine
Target Milestone: rcKeywords: FutureFeature, RFE, Triaged
Target Release: 9.2Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: resource-agents-4.10.0-44.el9_3 Doc Type: Enhancement
Doc Text:
.`IPaddr2` and `IPsrcaddr` cluster resource agents now support policy-based routing The `IPaddr2` and `IPsrcaddr` cluster resource agents now support policy-based routing,which enables you to configure complex routing scenarios. Policy-based routing requires that you configure the resource agent's `table` parameter.
 Story Points: ---
Clone Of: 2040110 Environment:
Last Closed: 2023-11-07 08:23:10 UTC Type: Story
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2040110    
Bug Blocks:    

Description Oyvind Albrigtsen 2022-11-14 10:05:31 UTC 
+++ This bug was initially created as a clone of Bug #2040110 +++

Description of problem:

A customer has opened a support case stating that findif.sh fails with "Unable to find nic or netmask" if policy-based routing [1] is in use. I'll post details in a private comment. They've said:

"So script tries to find the interface by executing command 'ip -o -f inet route list match <addr> scope link', this returns nothing since <iface> has policy routing configured and is not present in default routing table.

It works fine if nic and cidr_netmask are specified as resource attributes.

The request is to do one of the following:
  (a) add support for policy-based routing, or
  (b) add a note to the cidr_netmask option in the IPaddr2 metadata, noting that it's required if policy-based routing is in use.

My comments:

Option (a) could turn out to be quite difficult to implement due to added complexity. Adding this feature could inadvertently cause route detection to break in other circumstances, and these breaks may go undetected for a while if they occur in uncommon configurations. There may also be OS compatibility issues. There's probably a way to do everything with the `ip` command (which is standard enough) -- e.g., with `ip rule list` and then choosing the appropriate table. With all of that said, I have not yet explored our options for implementing support for policy-based routing. Maybe it ends up being straightforward.

Option (b) opens the door to clunky documentation. There's nothing special about the policy-based routing case IMO, compared to other cases where cidr_netmask must be specified explicitly. If we document this in the metadata, why not all the other cases? Still, it's the easier of the two.


[1] Chapter 23. Configuring policy-based routing to define alternative routes (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/configuring-policy-based-routing-to-define-alternative-routes_configuring-and-managing-networking)

-----

Version-Release number of selected component (if applicable):

resource-agents-4.1.1-90.el8_4.7

-----

How reproducible:

Sounds like "always"

-----

Steps to Reproduce:

Not exactly sure. You'd need to configure policy-based routing as described in the link under "Description of problem". I'll post the customer's details privately.

-----

Actual results:

findif fails with "ERROR: Unable to find nic or netmask."

-----

Expected results:

findif succeeds at finding the proper netmask.

-----

Additional info:

We have made it clear to the customer that findif.sh makes an effort to find the correct nic and/or netmask (the IPaddr2 metadata says "try"), but that it's more of a convenience tool; explicit configuration may be required.

https://github.com/ClusterLabs/resource-agents/pull/1818
Comment 6 Oyvind Albrigtsen 2023-06-21 10:03:23 UTC 
Additional patch: https://github.com/ClusterLabs/resource-agents/pull/1875
Comment 18 Oyvind Albrigtsen 2023-10-05 11:43:38 UTC 
Additional patch to fix inconsistency issue found QE: https://github.com/ClusterLabs/resource-agents/pull/1891
Comment 21 errata-xmlrpc 2023-11-07 08:23:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (resource-agents bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6312