Bug 848722

Summary: failure to define interface with netmask of more than 24 bits
Product: Red Hat Enterprise Linux 6 Reporter: xingxing <itxx00>
Component: netcfAssignee: Laine Stump <laine>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: acathrow, bili, cwei, dallan, dyuan, itxx00, jdenemar, jmiao, mjenner, mzhan, orion, trinh.dao, veillard, ydu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: netcf-0.1.9-4.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 855573 (view as bug list) Environment:
Last Closed: 2013-11-21 21:30:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 844780    

Description xingxing 2012-08-16 09:45:41 UTC
Description of problem:
could not build bridge interface use virsh iface-define
# virsh iface-define br0.xml 
error: Failed to define interface from br0.xml
error: internal error could not get interface XML description: XSLT transformation failed - runtime error: file /usr/share/netcf/xml/initscripts-get.xsl line 196 element node

Version-Release number of selected component (if applicable):
# virsh version
Compiled against library: libvir 0.9.10
Using library: libvir 0.9.10
Using API: QEMU 0.9.10
Running hypervisor: QEMU 0.12.1

How reproducible:
1. prepare interface xml:
# cat br0.xml 
<interface type="bridge" name="br0">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="118.123.12.65" prefix="25"/>
    <route gateway="118.123.12.1"/>
  </protocol>
  <bridge stp="on" delay="0">
    <interface type="ethernet" name="eth0">
    </interface>
  </bridge>
</interface>
2. define with this xml
# virsh iface-define br0.xml 

Actual results:
error: Failed to define interface from br0.xml
error: internal error could not get interface XML description: XSLT transformation failed - runtime error: file /usr/share/netcf/xml/initscripts-get.xsl line 196 element node

Expected results:
Interface br0 defined from br0.xml

Additional info:

Comment 2 Jiri Denemark 2012-08-17 10:54:02 UTC
virsh version doesn't really tell us much. Could you run the following command and paste the result here?

    rpm -qa | grep 'libvirt\|netcf'

Comment 3 Laine Stump 2012-08-17 18:27:26 UTC
And more importantly, please install the "netcf" package (by default, only "netcf-libs" is installed, then as root, run:

   # ncftool -d dumpxml eth0

This should print out a more detailed message about why netcf is failing the xslt transform. Usually this is due to a system config file (e.g. one of the files in /etc/modprobe.d) that has a construct that isn't properly understood by augeas.

The output of the above ncftool command should tell us the troublesome file; if you can then also attach the contents of that file, we can hopefully figure out the problem.

(btw, starting with RHEL6.3, there is a simpler method of bridging an ethernet interface. Instead of writing your own XML, you can just do this:

   # virsh iface-bridge eth0 br0

(I would recommend having NetworkManager disabled when you do it - NM is getting better at cooperating with netcf, but it's still problematic.)

Comment 4 xingxing 2012-08-21 02:16:06 UTC
(In reply to comment #2)
> virsh version doesn't really tell us much. Could you run the following
> command and paste the result here?
> 
>     rpm -qa | grep 'libvirt\|netcf'

# rpm -qa|grep 'libvirt\|netcf'
libvirt-0.9.10-21.el6_3.3.x86_64
netcf-0.1.9-2.el6.x86_64
netcf-libs-0.1.9-2.el6.x86_64
libvirt-client-0.9.10-21.el6_3.3.x86_64
libvirt-python-0.9.10-21.el6_3.3.x86_64
libvirt-java-0.4.7-1.el6_3.1.noarch

(In reply to comment #3)
> And more importantly, please install the "netcf" package (by default, only
> "netcf-libs" is installed, then as root, run:
> 
>    # ncftool -d dumpxml eth0
> 
# ncftool -d dumpxml eth0
<?xml version="1.0"?>
<interface type="ethernet" name="eth0">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="118.123.12.65" prefix="25"/>
    <route gateway="118.123.12.1"/>
  </protocol>
</interface>

> This should print out a more detailed message about why netcf is failing the
> xslt transform. Usually this is due to a system config file (e.g. one of the
> files in /etc/modprobe.d) that has a construct that isn't properly
> understood by augeas.
> 
# ls /etc/modprobe.d/
anaconda.conf  blacklist.conf  blacklist-kvm.conf  dist-alsa.conf  dist.conf  dist-oss.conf


> (btw, starting with RHEL6.3, there is a simpler method of bridging an
> ethernet interface. Instead of writing your own XML, you can just do this:
> 
>    # virsh iface-bridge eth0 br0
> 
# virsh iface-bridge eth0 br0
error: Failed to define new bridge interface br0
error: internal error could not get interface XML description: XSLT transformation failed - runtime error: file /usr/share/netcf/xml/initscripts-get.xsl line 196 element node

> (I would recommend having NetworkManager disabled when you do it - NM is
> getting better at cooperating with netcf, but it's still problematic.)

we have not install the NetworkManager on this server.
thanks.

Comment 5 Laine Stump 2012-08-23 03:57:45 UTC
Okay, now I understand what's happening. The function ipcalc_netmask in netcf had a bug for any netmask > 24. This bug is fixed in the following upstream commit:

commit d340f2dfcd6461c9743dccdabe3b610f5fbc8fe8
Author: Jens Nyberg I <jens.i.nyberg>
Date:   Wed Nov 30 12:01:09 2011 -0500

    Fix ipcalc_netmask
    
    1) make the bitmask creation simpler to understand.
    
    2) effectively increase string length for inet_ntop result by 1 (it
       already takes the terminating NULL into account).

Moving to POST.

Comment 6 xingxing 2012-08-23 12:32:33 UTC
(In reply to comment #5)
> Okay, now I understand what's happening. The function ipcalc_netmask in
> netcf had a bug for any netmask > 24. This bug is fixed in the following
> upstream commit:
> 
> commit d340f2dfcd6461c9743dccdabe3b610f5fbc8fe8
> Author: Jens Nyberg I <jens.i.nyberg>
> Date:   Wed Nov 30 12:01:09 2011 -0500
> 
>     Fix ipcalc_netmask
>     
>     1) make the bitmask creation simpler to understand.
>     
>     2) effectively increase string length for inet_ntop result by 1 (it
>        already takes the terminating NULL into account).
> 
> Moving to POST.

Thanks very much.^^

Comment 7 RHEL Program Management 2012-09-07 04:58:29 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Comment 8 Laine Stump 2012-10-08 15:18:19 UTC
*** Bug 863584 has been marked as a duplicate of this bug. ***

Comment 9 Orion Poplawski 2012-10-08 15:54:03 UTC
Any chance a fixed version of this package could be made available somewhere?

Comment 12 Borys Borysenko 2013-04-01 14:19:13 UTC
I've patched netcf rpm packages with Jens Nyberg commit and now problems with prefix more than 24 bits looks like fixed. Tested on 6.4 x86_84:

[root@kvm ~]# cat iface-eth1.xml
<interface type='ethernet' name='eth1'>
  <start mode='onboot'/>
  <mac address='00:25:90:a3:63:d1'/>
  <protocol family='ipv4'>
    <ip address='10.30.0.41' prefix='25'/>
    <route gateway='10.20.0.1'/>
  </protocol>
</interface>

[root@kvm ~]# ncftool define iface-eth1.xml
Defined interface eth1
[root@kvm ~]# ncftool dumpxml eth1
<?xml version="1.0"?>
<interface type="ethernet" name="eth1">
  <start mode="onboot"/>
  <mac address="00:25:90:a3:63:d1"/>
  <protocol family="ipv4">
    <ip address="10.30.0.41" prefix="25"/>
    <route gateway="10.20.0.1"/>
  </protocol>
</interface>

[root@kvm ~]# grep NETMASK /etc/sysconfig/network-scripts/ifcfg-eth1
NETMASK=255.255.255.128

If someone will needed it, I uploaded srpm and rpm files to my dropbox account. 
https://www.dropbox.com/sh/x2kcoi05s16akh5/OXWqkUV7sY

The patch is simple, so i hope it will be included in current RHEL release. Thanks.

Comment 14 Laine Stump 2013-07-31 20:07:40 UTC
No rebase for 6.5, so this will need to be updated via a backport of the patch.

Comment 15 Laine Stump 2013-08-05 18:00:26 UTC
Testing this bug: the description provides perfect instructions for testing. Before this patch is applied, that operation would fail 100%. After the patch it should succeed 100%.

Comment 16 Laine Stump 2013-08-06 16:44:38 UTC
The fix for this problem has been included in a build for RHEL6:

https://brewweb.devel.redhat.com/buildinfo?buildID=285470

Comment 18 Jincheng Miao 2013-08-07 08:14:54 UTC
This fix is verified:

# cat br0.xml
<interface type="bridge" name="br0">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="118.123.12.65" prefix="25"/>
    <route gateway="118.123.12.1"/>
  </protocol>
  <bridge stp="on" delay="0">
    <interface type="ethernet" name="eth0">
    </interface>
  </bridge>
</interface>

# virsh iface-define br0.xml 
Interface br0 defined from br0.xml

# ncftool -d dumpxml br0
<?xml version="1.0"?>
<interface type="bridge" name="br0">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="118.123.12.65" prefix="25"/>
    <route gateway="118.123.12.1"/>
  </protocol>
  <bridge stp="on" delay="0">
    <interface type="ethernet" name="eth0"/>
  </bridge>
</interface>


As above, no error occurs when defining iface. So change status to VERIFIED.

Comment 19 Laine Stump 2013-08-13 17:17:46 UTC
*** Bug 970656 has been marked as a duplicate of this bug. ***

Comment 20 errata-xmlrpc 2013-11-21 21:30:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1660.html