1060076 – XML error: bridge stp should be on or off got yes

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1060076 - XML error: bridge stp should be on or off got yes

Summary: XML error: bridge stp should be on or off got yes

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	netcf
Sub Component:
Version:	7.0
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Laine Stump
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-01-31 10:41 UTC by Lubos Kocman
Modified:	2014-06-18 08:35 UTC (History)
CC List:	16 users (show)
Fixed In Version:	netcf-0.2.3-8.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1031053
Environment:
Last Closed:	2014-06-13 12:40:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Lubos Kocman 2014-01-31 10:41:34 UTC

Hello the same happened to me in RHEL-7

virt-manager-0.10.0-11.el7.noarch
libvirt-python-1.1.1-19.el7.x86_64
libvirt-glib-0.1.7-2.el7.x86_64
libvirt-daemon-driver-network-1.1.1-19.el7.x86_64
libvirt-daemon-driver-nwfilter-1.1.1-19.el7.x86_64
libvirt-gconfig-0.1.7-2.el7.x86_64
libvirt-daemon-driver-storage-1.1.1-19.el7.x86_64
libvirt-daemon-driver-nodedev-1.1.1-19.el7.x86_64
libvirt-client-1.1.1-19.el7.x86_64
libvirt-daemon-driver-secret-1.1.1-19.el7.x86_64
libvirt-daemon-kvm-1.1.1-19.el7.x86_64
libvirt-daemon-config-network-1.1.1-19.el7.x86_64
libvirt-daemon-1.1.1-19.el7.x86_64
libvirt-daemon-driver-interface-1.1.1-19.el7.x86_64
libvirt-daemon-driver-qemu-1.1.1-19.el7.x86_64
libvirt-gobject-0.1.7-2.el7.x86_64


+++ This bug was initially created as a clone of Bug #1031053 +++

Description of problem:
The above error message is displayed after configuring a bridge interface with NetworkManager

Version-Release number of selected component (if applicable):
libvirt-1.0.5.6-3.fc19.x86_64
netcf-libs-0.2.3-4.fc19.x86_64
NetworkManager-0.9.8.8-1.fc19.x86_64

How reproducible:
always

Steps to Reproduce:
1. create bridge configuration with NetworkManager
2. run virt-manager and open "Network Interfaces" tab in localhost connection details, or run virt-install

Actual results:
"XML error: bridge stp shold be on or off got yes"

Expected results:
No error message

Additional info:
NM puts "yes" or "no" in the ifcfg file depending on the user STP setting:

# grep STP /etc/sysconfig/network-scripts/ifcfg-br0
STP=no

the brctl tool accepts both "on"/"off" and "yes"/"no". But libvirt handles only "on" and "off".

--- Additional comment from Martin Wilck on 2013-11-15 09:41:36 EST ---



--- Additional comment from Martin Wilck on 2013-11-15 09:43:36 EST ---

Confirmed - the patch from comment #1 solves this problem.

--- Additional comment from Eric Blake on 2013-11-15 10:06:29 EST ---

Can you please post this patch upstream to libvir-list?  It will get reviewed faster, and it is easier for upstream to apply patches that go through the list than patches that require firing up a web browser.

--- Additional comment from Martin Wilck on 2013-11-15 12:45:33 EST ---

I sent the mail in the hope the list does't require subscription.

--- Additional comment from Eric Blake on 2013-11-15 15:43:50 EST ---

(In reply to Martin Wilck from comment #4)
> I sent the mail in the hope the list does't require subscription.

Thanks; it came through just fine:
https://www.redhat.com/archives/libvir-list/2013-November/msg00581.html

List policy is to reply-all, so that you need not subscribe.  Hopefully you get a response soon.

--- Additional comment from Cole Robinson on 2013-11-17 18:01:06 EST ---

As Dan mentioned in reply to that message, at its root this sounds like a netcf issue, reassigning.

--- Additional comment from Martin Wilck on 2013-11-18 03:43:32 EST ---

Comment from Mailing list:

"The XML schema does not care what values the brctl tool
exposes. It standardizes on on & off for values. Whatever
tool is creating this XML (netcf I guess) should translate
from the values brctl uses to what the XML requires."

--- Additional comment from Martin Wilck on 2013-11-18 03:48:11 EST ---

Another proposed patch, for netcf this time.

(wrt Daniel's comment, I haven't seen a schema file that would specify the netcf output in that detail. However I really don't care if the fix is applied in netcf or libvirt. I want this to get fixed either way).

--- Additional comment from Martin Wilck on 2013-11-18 03:51:07 EST ---

> (wrt Daniel's comment, I haven't seen a schema file that would specify the
> netcf output in that detail. 

Found it now. It's in interface.rng:

          <attribute name="stp">
            <ref name="on-or-off"/>
          </attribute>

--- Additional comment from Laine Stump on 2013-11-18 04:18:58 EST ---

(In reply to Martin Wilck from comment #8)
> Created attachment 825430 [details]
> [PATCH] redhat-put.xsl: transform STP value to "on/off"
> 
> Another proposed patch, for netcf this time.


Thanks for taking the time to make these patches. Sorry to keep doing this to you, but if you could send this netcf patch to

   netcf-devel.org

I can more easily push it into git with proper attribution to you. (you should be able to post without subscribing - it will just queue up the mail to wait for an admin (me) to clear it.

--- Additional comment from Martin Wilck on 2013-11-18 04:23:16 EST ---

Sent the email.
Subject: [PATCH] redhat-put.xsl: transform STP value to "on/off"

--- Additional comment from Martin Wilck on 2013-11-18 04:24:15 EST ---

Hmm, I got this:

You are not allowed to post to this mailing list, and your message has
been automatically rejected.  If you think that your messages are
being rejected in error, contact the mailing list owner at
netcf-devel-owner.org.

--- Additional comment from Laine Stump on 2013-11-18 06:10:04 EST ---

(In reply to Martin Wilck from comment #12)
> You are not allowed to post to this mailing list, and your message has
> been automatically rejected.

Oops. I had thought the netcf mailing list was configured similarly to libvir-list. I just changed it to hold-for-moderation messages from non-subscribers rahter than deleting them. Can you make one more try to that address? If that doesn't work, just email the patch to my email directly, and I'll forward it on to the list. (BTW, I'm assuming that you're making the patch with git send-email.)

Comment 2 Laine Stump 2014-01-31 12:06:37 UTC

Fixed upstream with this patch:

commit 048d13afcc91f4a16a80012aa34b9a024d95368e
Author: Martin Wilck <martin.wilck.com>
Date:   Mon Nov 18 12:35:15 2013 +0100

    transform STP value from "yes/no" to "on/off" in redhat-put.xsl
    
    Some tools (e.g. NetworkManager) use "yes"/"no" in config files
    rather than "on/off". netcf needs to transform this in order to conform
    with the schema.

Comment 4 Laine Stump 2014-02-11 11:52:08 UTC

A fix is available in the following candidate build:

https://brewweb.devel.redhat.com/buildinfo?buildID=334740

Comment 6 Jincheng Miao 2014-02-24 09:38:50 UTC

Hi Laine, Lubos,

I met some problem when I reproduce this bug.

1. When creating bridge br0 in NetworkManager, an ifcfg-br0 will be created
# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=bridge-br0
STP=yes
BRIDGING_OPTS=priority=128
TYPE=Bridge
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=br0
UUID=5cd60a6a-816b-488b-abd6-2777787ddef9
ONBOOT=yes

then start bridge-br0 from virt-manager, an error will be reported
"Error: Device 'bridge-br0' is waiting for slaves before proceeding with activation."

if add a slave to br0 in virt-manager, choose type is Ethernet, an ifcfg-bridge-slave will be created
# cat /etc/sysconfig/network-scripts/ifcfg-bridge_slave 
HWADDR=10:60:4B:78:2A:74
TYPE=Ethernet
NAME=bridge-slave
UUID=ff64fd7e-a25e-4f19-92e3-41d2c5de952d
ONBOOT=no
BRIDGE=5cd60a6a-816b-488b-abd6-2777787ddef9

then start bridge-br0 from virt-manager, the error is still:
"Error: Device 'bridge-br0' is waiting for slaves before proceeding with activation."

2. If I use nmcli to setup the bridge
The nmcli steps are from https://bugzilla.redhat.com/show_bug.cgi?id=1051401#c3
# nmcli con add type bridge ifname br0
# nmcli con add type bridge-slave ifname eno1 master br0
# nmcli dev disconnect eno1
# nmcli con up bridge-slave-eno1

but the bridge can be listed in virt-manager

could you give some more hints about this reproducing?

Comment 7 Laine Stump 2014-02-24 09:56:48 UTC

Although you may sometimes have success in limited circumstances, netcf and NetworkManager do not work well together, and are not supported together, and we have always said that if you want to use netcf (and the "virsh iface-*" commands, and host interface pieces of virt-manager) you should disable the NetworkManager service and enable the network service instead.

In this case, you've created the bridge with NetworkManager, but then tried to start it with virt-manager/netcf. You should instead create the bridge using virt-manager (or even simpler, the "virsh iface-bridge $physdevname $brname" command).

To give more detail, at least part of the problem is that netcf was written to create and manage bridges with the connection between the bridge and ethernet device indicated with "BRIDGE=$devname" in the ethernet device's config file, but when support for bridges was later added to NetworkManager, it used "BRIDGE=$uuid". netcf starts network devices using /sbin/ifup, and if you directly call /sbin/ifup for a bridge device, it will only attempt to start the bridge itself, but not the attached ethernet devices; recognizing this, if you tell netcf to start a bridge, it will first call /sbin/ifup on any attached ethernet devices, and then ifup the bridge, but NM has put a uuid in the BRIDGE setting rather than a device name, so netcf tries to ifup the uuid, and apparently ifup doesn't recognize uuids.

Again, the solution is to not use NetworkManager, but to either 1) create/edit the ifcfg files manually, 2) use virt-manager, or 3) use the "virsh iface-bridge" command.

Comment 8 Jincheng Miao 2014-03-04 03:17:10 UTC

This bug is caused by the STP option of the bridge configuration file could be yes/no, but netcf only supports on/off.

The reproducing steps are:
# rpm -q netcf
netcf-0.2.3-7.el7.x86_64

1. create a bridge, for simplest, I used virsh
# virsh iface-bridge eno1 br0 --no-stp --no-start
Created bridge br0 with attached device eno1

2. change ifcfg-br0
# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=dhcp
STP=no

3. start this br0 in virt-manager
# virt-manager --debug
...
2014-03-04 10:57:28,537 (host:1021): Starting interface 'br0'
2014-03-04 10:57:28,539 (asyncjob:190): Creating async job for function cb=<function tmpcb at 0x331af50>
2014-03-04 10:57:29,987 (engine:287): Tick is slow, not running at requested rate.
2014-03-04 10:57:31,335 (host:1108): XML error: bridge interface stp should be on or off got no
Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/host.py", line 1106, in interface_selected
    self.populate_interface_state(name)
  File "/usr/share/virt-manager/virtManager/host.py", line 1118, in populate_interface_state
    mac = interface.get_mac()
  File "/usr/share/virt-manager/virtManager/interface.py", line 73, in get_mac
    return self.xpath("/interface/mac/@address")
  File "/usr/share/virt-manager/virtManager/interface.py", line 60, in xpath
    return util.xpath(self.get_xml(inactive=True), *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 100, in get_xml
    return self._XMLDesc(self._inactive_xml_flags)
  File "/usr/share/virt-manager/virtManager/interface.py", line 46, in _XMLDesc
    return self.interface.XMLDesc(flags)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2417, in XMLDesc
    if ret is None: raise libvirtError ('virInterfaceGetXMLDesc() failed', net=self)
libvirtError: XML error: bridge interface stp should be on or off got no

# virsh iface-unbridge br0
error: XML error: bridge interface stp should be on or off got no


After install latest netcf-0.2.3-8.el7.x86_64 , and restart libvirtd
# rpm -q netcf
netcf-0.2.3-8.el7.x86_64

# virt-manager --debug
...
2014-03-04 11:06:41,978 (host:1021): Starting interface 'br0'
2014-03-04 11:06:41,980 (asyncjob:190): Creating async job for function cb=<function tmpcb at 0x297fd70>
2014-03-04 11:06:43,913 (engine:287): Tick is slow, not running at requested rate.

There is no error happened.

# virsh iface-unbridge br0
Device eno1 un-attached from bridge br0

So that this bug is fixed, and I change the status to VERIFIED.

Comment 9 Ludek Smid 2014-06-13 12:40:26 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.