Bug 629206

Jan,

Can you run "ncftool -d" and attach the output. This *might* tell us what is confusing augeas and causing the "unspecified error" message. If you can also attach the full contents of /etc/sysconfig/system-config-firewall, /etc/sysconfig/iptables, and /etc/sysconfig/ifcfg-*, that may come in handy as well.

Is it possible for me to have access to this machine? That can sometimes save a lot of time in dicovering the root cause.

In the meantime, if you need to do other testing on this machine, please see the Technical Note I just added here - making that change should allow ncftool to work.

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Until the root cause of this intermittent problem is found, you can work around it by setting:

   net.bridge.bridge-nf-call-iptables = 0

in /etc/sysctl.conf (and or manually setting it with "sysctl -w"). This should allow netcf to continue initializing.

The given error message will pop up when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read/modify; this could be due to permissions on the file, or its content.

To aid in tracking down the source of the bug, please rune ncftool with the "-d" option, and attach the output to this bug. (also, the contents of any /etc/sysconfig/* file mentioned in that output would also be helpfule).

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,9 +1,10 @@
-Until the root cause of this intermittent problem is found, you can work around it by setting:
+Under some circumstances, the netcf command crashes, returning the error message:
 
-   net.bridge.bridge-nf-call-iptables = 0
+Failed to initialize netcf
+error: unspecified error
+						
+To work around this issue, set the following value in /etc/sysctl.conf:
 
-in /etc/sysctl.conf (and or manually setting it with "sysctl -w"). This should allow netcf to continue initializing.
+   net.bridge.bridge-nf-call-iptables = 0
-
+						
-The given error message will pop up when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read/modify; this could be due to permissions on the file, or its content.
+This issue presents when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read or modify.-
-To aid in tracking down the source of the bug, please rune ncftool with the "-d" option, and attach the output to this bug. (also, the contents of any /etc/sysconfig/* file mentioned in that output would also be helpfule).

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,8 +1,10 @@
-Under some circumstances, the netcf command crashes, returning the error message:
+Under some circumstances, when the ncftool command is run it will immediately exit, returning the error message:
 
 Failed to initialize netcf
 error: unspecified error
-						
+
+Similarly, libvirt's "virsh" tool (which uses the netcf library) will report that none of its iface-* commands are available.
+					
 To work around this issue, set the following value in /etc/sysctl.conf:
 
    net.bridge.bridge-nf-call-iptables = 0

Note that this bug will be fixed once and for all once netcf is rebased to at least netcf-0.1.7 (see Bug 651032

The fix for this problem is in netcf-0.17-1, which has been built:

https://brewweb.devel.redhat.com/buildinfo?buildID=154128

With the new version of netcf, there is no longer any need for the Technical Note (as a matter of fact, it is now incorrect), so I've removed it.

Deleted Technical Notes Contents.

Old Contents:
Under some circumstances, when the ncftool command is run it will immediately exit, returning the error message:

Failed to initialize netcf
error: unspecified error

Similarly, libvirt's "virsh" tool (which uses the netcf library) will report that none of its iface-* commands are available.
					
To work around this issue, set the following value in /etc/sysctl.conf:

   net.bridge.bridge-nf-call-iptables = 0
						
This issue presents when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read or modify.

Verified this bug PASS with netcf-0.1.7-1.el6.x86_64
- 2.6.32-94.el6.x86_64
- libvirt-0.8.7-1.el6.x86_64

# getenforce 
Enforcing

# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 0
# ncftool 
ncftool> help
Commands:

    list       - list network interfaces
    dumpxml    - dump the XML description of an interface
    define     - define an interface from an XML file
    undefine   - undefine an interface
    ifup       - bring up an interface
    ifdown     - bring down an interface
    help       - print help
    quit       - exit the program

Type 'help <command>' for more information on a command

ncftool> list
eth0
lo
ncftool> dumpxml eth0
<?xml version="1.0"?>
<interface type="ethernet" name="eth0">
  <start mode="onboot"/>
  <mac address="00:25:64:A7:1F:4D"/>
  <protocol family="ipv4">
    <dhcp/>
  </protocol>
  <protocol family="ipv6">
    <autoconf/>
  </protocol>
</interface>

ncftool> dumpxml lo
<?xml version="1.0"?>
<interface type="ethernet" name="lo">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="127.0.0.1" prefix="8"/>
  </protocol>
</interface>

ncftool> quit

# virsh iface-list --all
Name                 State      MAC Address
--------------------------------------------
eth0                 active     00:25:64:a7:1f:4d
lo                   active     00:00:00:00:00:00

# virsh iface-dumpxml eth0
<interface type='ethernet' name='eth0'>
  <mac address='00:25:64:a7:1f:4d'/>
  <protocol family='ipv4'>
    <ip address='10.66.65.132' prefix='23'/>
  </protocol>
  <protocol family='ipv6'>
    <ip address='fe80::225:64ff:fea7:1f4d' prefix='64'/>
  </protocol>
</interface>

# virsh iface-dumpxml lo
<interface type='ethernet' name='lo'>
  <protocol family='ipv4'>
    <ip address='127.0.0.1' prefix='8'/>
  </protocol>
  <protocol family='ipv6'>
    <ip address='::1' prefix='128'/>
  </protocol>
</interface>

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, netcf was unable to initialize due to the system's iptables configuration and failed with a "Failed to initialize netcf. error: unspecified error" error message. This is now fixed and netcf no longer fails during initialization.

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0620.html