Bug 1467520 - nmcli removes route-* files
nmcli removes route-* files
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager (Show other bugs)
7.5
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Thomas Haller
Desktop QE
:
Depends On: 1436531
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-04 02:28 EDT by Vladyslav Shapoval
Modified: 2017-09-05 08:09 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-09-05 08:09:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vladyslav Shapoval 2017-07-04 02:28:10 EDT
Hi

Description of problem:

nmcli removes route-* files while creating/editing connection.


Steps to Reproduce:
1. Create a new connection
> nmcli con add type ethernet con-name eth1 ifname eth1 ip4 192.168.0.100/24

2. Create route-eth1 file with any route you want, for instance:
> echo "table public_kiev to default via 192.168.0.1 dev eth1" > /etc/sysconfig/network-scripts/route-eth1

> ll /etc/sysconfig/network-scripts/ | grep route-
-rw-r--r-- 1 root root    54 чер 29 10:48 route-eth1

3. Modify the connection, for instance change mtu:
> nmcli con mod eth1 mtu 1500

Actual results:
route-eth1 is missing
> ll /etc/sysconfig/network-scripts/ | grep route-


Please check
Expected results:
route-eth1 is not removed
Comment 2 Thomas Haller 2017-07-04 04:14:06 EDT
First of all, when you create/modifiy an ifcfg-rh file outside of NetworkManager, then you must tell NetworkManager to reload the file. Do so via

  $ nmcli connection load "$FILENAME"

or 

  $ nmcli connection reload

(an alternative, is configuring monitor-connection-files=TRUE, see `man NetworkManager.conf`, but that is *not* a recommended configuration, because NetworkManager might pickup configurations that are incomplete/wrong while you are still editing the file).




But even if you reload the connection before step 3), NM will log:

<debug> [1499155685.1176] ifcfg-rh: loading from file "/etc/sysconfig/network-scripts/ifcfg-eth1"...
<warn>  [1499155685.1181] ifcfg-rh:     ignoring manual default route: 'table public_kiev to default via 192.168.0.1 dev eth1' (/etc/sysconfig/network-scripts/route-eth1)

so, from NM's point of view, there are no routes, because NM does not support policy routing yet (RFE bug 1436531).


The current behavior is expected, as NM is currently unable to handle these routes, and persisting a connection to ifcfg-rh inevitable purges the route file.


The solution is to add support for policy routing...


This bug depends on bug 1436531.
Comment 3 Thomas Haller 2017-07-04 04:16:50 EDT
ah, another thing that doesn't work... NM does not allow you to configure default routes like regular routes. So, even when supporting policy routing, the line would still be rejected.

NM currently only allows to configure the default route by a combination of the options:

  ipv4.never-default
  ipv4.gateway
  ipv4.route-metric


That probably should be improved as well, to treat default routes (with a prefix length zero), like any other route.
Comment 4 Vladyslav Shapoval 2017-07-04 05:12:12 EDT
could you please check the following case:
1) creete connection:
> nmcli con add type ethernet con-name eth1 ifname eth1 ip4 1.1.1.1/24

2) create route-eth1 with the content:
1.1.1.0/24 dev eth1  proto kernel  scope link  src 1.1.1.1  metric 100

3) reload connection:
> nmcli con reload eth1

4) change mtu:
> nmcli con mod eth1 mtu 1600

route-eth1 is removed after that.

I'm confused, but:
1) the route is not default route
2) this is not policy-routing
Comment 5 Thomas Haller 2017-07-07 08:49:26 EDT
(In reply to Vladyslav Shapoval from comment #4)
> could you please check the following case:
> 1) creete connection:
> > nmcli con add type ethernet con-name eth1 ifname eth1 ip4 1.1.1.1/24
> 
> 2) create route-eth1 with the content:
> 1.1.1.0/24 dev eth1  proto kernel  scope link  src 1.1.1.1  metric 100
> 
> 3) reload connection:
> > nmcli con reload eth1

It's `nmcli connection reload`, without argument.
The "eth1" has no effect, it still reloads them all.


> 4) change mtu:
> > nmcli con mod eth1 mtu 1600
> 
> route-eth1 is removed after that.

Not for me. With rhel-7.3 and newer, the route file is there, as expected.

Note that I end up with

# cat route-eth1 
1.1.1.0/24 via (null) metric 100

which is fixed in rhel-7.4 with https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=af8aac9b544cb64df3b77a413dfded23e976d1b0


What version of NM are you using?
Comment 6 Vladyslav Shapoval 2017-07-17 07:58:43 EDT
> What version of NM are you using?
Name        : NetworkManager
Arch        : x86_64
Epoch       : 1
Version     : 1.4.0
Release     : 12.el7


Sorry, I missed one step. Please follow this STR:

1. Create connection:
> nmcli con add type ethernet con-name eth1 ifname eth1 ip4 1.1.1.1/24

2. Сreate route-eth1:
> echo "1.1.1.0/24 via (null) metric 100" > route-eth1

3. Create empty rule-eth1:
> touch rule-eth1

4. Reload connection:
> nmcli con reload eth1

5. Try to modify mtu:
> nmcli con mod eth1 mtu 1600

nmcli says "Error: Failed to modify connection 'eth1': Cannot modify a connection that has an associated 'rule-' or 'rule6-' file".
This is ok.

6. Delete rule-eth1
> rm rule-eth1

7. Try to change mtu again:
> nmcli con mod eth1 mtu 1600

After this route-eth1 is removed
Comment 7 Thomas Haller 2017-09-05 08:09:32 EDT
(In reply to Vladyslav Shapoval from comment #6)
> > What version of NM are you using?
> Name        : NetworkManager
> Arch        : x86_64
> Epoch       : 1
> Version     : 1.4.0
> Release     : 12.el7
> 
> 
> Sorry, I missed one step. Please follow this STR:
> 
> 1. Create connection:
> > nmcli con add type ethernet con-name eth1 ifname eth1 ip4 1.1.1.1/24
> 
> 2. Сreate route-eth1:
> > echo "1.1.1.0/24 via (null) metric 100" > route-eth1

Side note: the "via (null)" should be omitted. NM would wrongly wrote that, but you shouldn't edit it by hand (bug 1452648). It doesn't hurt though.


> 3. Create empty rule-eth1:
> > touch rule-eth1
> 
> 4. Reload connection:
> > nmcli con reload eth1

The connection has no routes at this point (as you can verify with `nmcli connection show eth1`) and in the logfile you'll see
  <warn>  [1504612201.9289] ifcfg-rh:     'rule-' or 'rule6-' file is present; you will need to use a dispatcher script to apply these routes


> 5. Try to modify mtu:
> > nmcli con mod eth1 mtu 1600
> 
> nmcli says "Error: Failed to modify connection 'eth1': Cannot modify a
> connection that has an associated 'rule-' or 'rule6-' file".
> This is ok.

Yes. NM doesn't support rule files. Maybe one day it will, but for now it just backs off and expects that they are handled via /etc/NetworkManager/dispatcher.d/10-ifcfg-rh-routes.sh. That is RFE bug 1384799.


> 6. Delete rule-eth1
> > rm rule-eth1

You didn't reload the connection at this point. It still has no routes at all. But the subsequent `nmcli connection modify` will no longer fail, because the presence of the rule file is checked at the moment when writing.

If you modify the connection on-disk, you need to reload again. Removing the rule file will un-shadow the route. If you issue a reload, you would see the route.

> 7. Try to change mtu again:
> > nmcli con mod eth1 mtu 1600
> 
> After this route-eth1 is removed

you modify a connection that has no route. NM writes a complete ifcfg file, without any routes. route-eth1 gets removed.



When you modify files on disk, issue `nmcli connection load "$FILE"` or `nmcli connection reload`.



I think everything here works as expected. I am closing this as NOTABUG. Please reopen if you disagree or leave a comment. Thank you!!

Note You need to log in before you can comment on or make changes to this bug.