Bug 855573

Summary: failure to define interface with netmask of more than 24 bits
Product: [Fedora] Fedora Reporter: Laine Stump <laine>
Component: netcfAssignee: Laine Stump <laine>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: crobinso, laine, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 848722 Environment:
Last Closed: 2012-10-15 03:39:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Laine Stump 2012-09-09 03:15:48 UTC 
+++ This bug was initially created as a clone of Bug #848722 +++

Description of problem:
could not build bridge interface use virsh iface-define
# virsh iface-define br0.xml 
error: Failed to define interface from br0.xml
error: internal error could not get interface XML description: XSLT transformation failed - runtime error: file /usr/share/netcf/xml/initscripts-get.xsl line 196 element node

Version-Release number of selected component (if applicable):
# virsh version
Compiled against library: libvir 0.9.10
Using library: libvir 0.9.10
Using API: QEMU 0.9.10
Running hypervisor: QEMU 0.12.1

How reproducible:
1. prepare interface xml:
# cat br0.xml 
<interface type="bridge" name="br0">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="118.123.12.65" prefix="25"/>
    <route gateway="118.123.12.1"/>
  </protocol>
  <bridge stp="on" delay="0">
    <interface type="ethernet" name="eth0">
    </interface>
  </bridge>
</interface>
2. define with this xml
# virsh iface-define br0.xml 

Actual results:
error: Failed to define interface from br0.xml
error: internal error could not get interface XML description: XSLT transformation failed - runtime error: file /usr/share/netcf/xml/initscripts-get.xsl line 196 element node

Expected results:
Interface br0 defined from br0.xml

Additional info:

--- Additional comment from jdenemar on 2012-08-17 06:54:02 EDT ---

virsh version doesn't really tell us much. Could you run the following command and paste the result here?

    rpm -qa | grep 'libvirt\|netcf'

--- Additional comment from laine on 2012-08-17 14:27:26 EDT ---

And more importantly, please install the "netcf" package (by default, only "netcf-libs" is installed, then as root, run:

   # ncftool -d dumpxml eth0

This should print out a more detailed message about why netcf is failing the xslt transform. Usually this is due to a system config file (e.g. one of the files in /etc/modprobe.d) that has a construct that isn't properly understood by augeas.

The output of the above ncftool command should tell us the troublesome file; if you can then also attach the contents of that file, we can hopefully figure out the problem.

(btw, starting with RHEL6.3, there is a simpler method of bridging an ethernet interface. Instead of writing your own XML, you can just do this:

   # virsh iface-bridge eth0 br0

(I would recommend having NetworkManager disabled when you do it - NM is getting better at cooperating with netcf, but it's still problematic.)

--- Additional comment from itxx00 on 2012-08-20 22:16:06 EDT ---

(In reply to comment #2)
> virsh version doesn't really tell us much. Could you run the following
> command and paste the result here?
> 
>     rpm -qa | grep 'libvirt\|netcf'

# rpm -qa|grep 'libvirt\|netcf'
libvirt-0.9.10-21.el6_3.3.x86_64
netcf-0.1.9-2.el6.x86_64
netcf-libs-0.1.9-2.el6.x86_64
libvirt-client-0.9.10-21.el6_3.3.x86_64
libvirt-python-0.9.10-21.el6_3.3.x86_64
libvirt-java-0.4.7-1.el6_3.1.noarch

(In reply to comment #3)
> And more importantly, please install the "netcf" package (by default, only
> "netcf-libs" is installed, then as root, run:
> 
>    # ncftool -d dumpxml eth0
> 
# ncftool -d dumpxml eth0
<?xml version="1.0"?>
<interface type="ethernet" name="eth0">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="118.123.12.65" prefix="25"/>
    <route gateway="118.123.12.1"/>
  </protocol>
</interface>

> This should print out a more detailed message about why netcf is failing the
> xslt transform. Usually this is due to a system config file (e.g. one of the
> files in /etc/modprobe.d) that has a construct that isn't properly
> understood by augeas.
> 
# ls /etc/modprobe.d/
anaconda.conf  blacklist.conf  blacklist-kvm.conf  dist-alsa.conf  dist.conf  dist-oss.conf


> (btw, starting with RHEL6.3, there is a simpler method of bridging an
> ethernet interface. Instead of writing your own XML, you can just do this:
> 
>    # virsh iface-bridge eth0 br0
> 
# virsh iface-bridge eth0 br0
error: Failed to define new bridge interface br0
error: internal error could not get interface XML description: XSLT transformation failed - runtime error: file /usr/share/netcf/xml/initscripts-get.xsl line 196 element node

> (I would recommend having NetworkManager disabled when you do it - NM is
> getting better at cooperating with netcf, but it's still problematic.)

we have not install the NetworkManager on this server.
thanks.

--- Additional comment from laine on 2012-08-22 23:57:45 EDT ---

Okay, now I understand what's happening. The function ipcalc_netmask in netcf had a bug for any netmask > 24. This bug is fixed in the following upstream commit:

commit d340f2dfcd6461c9743dccdabe3b610f5fbc8fe8
Author: Jens Nyberg I <jens.i.nyberg>
Date:   Wed Nov 30 12:01:09 2011 -0500

    Fix ipcalc_netmask
    
    1) make the bitmask creation simpler to understand.
    
    2) effectively increase string length for inet_ntop result by 1 (it
       already takes the terminating NULL into account).

Moving to POST.

--- Additional comment from itxx00 on 2012-08-23 08:32:33 EDT ---

(In reply to comment #5)
> Okay, now I understand what's happening. The function ipcalc_netmask in
> netcf had a bug for any netmask > 24. This bug is fixed in the following
> upstream commit:
> 
> commit d340f2dfcd6461c9743dccdabe3b610f5fbc8fe8
> Author: Jens Nyberg I <jens.i.nyberg>
> Date:   Wed Nov 30 12:01:09 2011 -0500
> 
>     Fix ipcalc_netmask
>     
>     1) make the bitmask creation simpler to understand.
>     
>     2) effectively increase string length for inet_ntop result by 1 (it
>        already takes the terminating NULL into account).
> 
> Moving to POST.

Thanks very much.^^
Comment 1 Fedora Update System 2012-09-09 03:27:40 UTC 
netcf-0.2.2-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/netcf-0.2.2-1.fc17
Comment 2 Fedora Update System 2012-09-10 22:23:27 UTC 
Package netcf-0.2.2-1.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing netcf-0.2.2-1.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-13735/netcf-0.2.2-1.fc17
then log in and leave karma (feedback).
Comment 3 Cole Robinson 2012-10-15 03:39:54 UTC 
netcf-0.2.2 is now in F17 stable