Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1714595

Summary: BAD user experience, ERROR when profile is loaded
Product: Red Hat Enterprise Linux 7 Reporter: Robin Hack <rhack>
Component: tunedAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED ERRATA QA Contact: Robin Hack <rhack>
Severity: unspecified Docs Contact: Marie Hornickova <mdolezel>
Priority: unspecified    
Version: 7.7CC: jeder, jskarvad, lkuprova, olysonek, ovasik, pasik, psklenar
Target Milestone: rcKeywords: Patch, Regression, Upstream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tuned-2.11.0-5.el7 Doc Type: Bug Fix
Doc Text:
.Error messages in `/var/log/tuned/tuned.log` referring to non-existent sysctl settings no longer occur when a `Tuned` profile is loaded Previously, the `Tuned` daemon treated non-existent sysctl settings as an error. For example `net.bridge.bridge-nf-call-ip6tables`, `net.bridge.bridge-nf-call-iptables`, or `net.bridge.bridge-nf-call-arptables`, which are unavailable on some systems, could trigger error in the `/var/log/tuned/tuned.log` file: ---- Failed to set sysctl parameter 'net.bridge.bridge-nf-call-ip6tables' to '0', the parameter does not exist ---- With this update, `Tuned` has been fixed, and the error messages no longer occur within `/var/log/tuned/tuned.log` under the described circumstances.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 13:04:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1709724    

Description Robin Hack 2019-05-28 12:03:15 UTC 
Description of problem:

When profile is applied, then ERROR appears in logs:
2019-05-17 10:44:17,410 ERROR    tuned.plugins.plugin_sysctl: Failed to set sysctl parameter 'net.bridge.bridge-nf-call-ip6tables' to '0', the parameter does not exist
2019-05-17 10:44:17,410 ERROR    tuned.plugins.plugin_sysctl: Failed to set sysctl parameter 'net.bridge.bridge-nf-call-iptables' to '0', the parameter does not exist
2019-05-17 10:44:17,410 ERROR    tuned.plugins.plugin_sysctl: Failed to set sysctl parameter 'net.bridge.bridge-nf-call-arptables' to '0', the parameter does not exist

Version-Release number of selected component (if applicable):
tuned-2.11.0-3.el7.noarch

How reproducible:
always

Steps to Reproduce:
(for example - basically each profile which sets sysctl can be used)
1. tuned-adm profile virtual-guest
2.
3.

Actual results:
ERROR message in log

Expected results:
maybe something much user friendly... like no ERROR message?

Additional info:
Tuned insides:
content of tuned/plugins/plugin_sysctl.py

SYSCTL_CONFIG_DIRS = [ "/run/sysctl.d",
                "/etc/sysctl.d",
                "/usr/local/lib/sysctl.d",
                "/usr/lib/sysctl.d",
                "/lib/sysctl.d" ]


# cat /usr/lib/sysctl.d/00-system.conf

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

then it reads each file and use:
_apply_sysctl_config_line to set sysctl tunable.

Sometimes, this is just false error, because bridge kernel module is missing.
More info:
https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
Comment 2 Ondřej Lysoněk 2019-05-28 13:05:41 UTC 
Thanks for the report. I think we should preserve the old behaviour in this case and ignore nonexistent sysctl settings from the system locations (/run/sysctl.d, /etc/sysctl.d, etc.).
Comment 3 Ondřej Lysoněk 2019-05-28 13:08:17 UTC 
For the record, the errors are completely harmless.
Comment 4 Robin Hack 2019-05-29 11:00:22 UTC 
Hello. I agree. This bug is harmless however it breaks my tests which looks for ERROR messages.
And I would like to have my tests sane without workarounds ;P.

Also, it's just very bad user experience. I remember Logging Polish initiative which should solve issues like this.
Customers aren't happy with false ERRORs.

I agree that ignoring missing keys or broken lines are solution. As we talked with olysonek, previous, not so nice, solution uses same approach (just ignore missing keys).

I will not provide ack for now (rhel7.7) but we can release this fix later :).
Comment 5 Robin Hack 2019-05-29 12:08:27 UTC 
BTW: it's not even issue with initscripts :).

root@ci-vm-10-0-136-236 ~]# modprobe br_netfilter
[root@ci-vm-10-0-136-236 ~]# sysctl -a  | grep bridge
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

Just not kernel module loaded when tuned starts which is normal.
Comment 6 Ondřej Lysoněk 2019-05-29 14:22:36 UTC 
In the new implementation, there are a couple of other newly added error messages that could get printed:
1. Syntax error in one of the sysctl config files [1] [2], attempting to set a deprecated sysctl option [4]
   * 'sysctl --system' reports errors about these problems, however the old Tuned doesn't pass the errors to the log
2. Attempting to set a multi-line sysctl option, which Tuned doesn't support [3]
   * The old Tuned doesn't say anything about these in the log. The old Tuned naively sets and restores these options, but it doesn't work.

[1] https://github.com/redhat-performance/tuned/blob/196131584488a2cdaaecb74e14d14f6a89004f54/tuned/plugins/plugin_sysctl.py#L126
[2] https://github.com/redhat-performance/tuned/blob/196131584488a2cdaaecb74e14d14f6a89004f54/tuned/plugins/plugin_sysctl.py#L132
[3] https://github.com/redhat-performance/tuned/blob/196131584488a2cdaaecb74e14d14f6a89004f54/tuned/plugins/plugin_sysctl.py#L148
[4] https://github.com/redhat-performance/tuned/blob/196131584488a2cdaaecb74e14d14f6a89004f54/tuned/plugins/plugin_sysctl.py#L166

Jardo, Robine, what do you think we should do about these error messages? Personally, I would keep printing them (maybe with the exception of the multi-line options - Tuned could just ignore these if they are in the sysctl config files) - the error messages could reveal real problems.

I hate having to make silly decisions like these, but here we are...
Comment 7 Ondřej Lysoněk 2019-05-29 14:23:04 UTC 
See comment#6.
Comment 8 Ondřej Lysoněk 2019-05-29 15:35:01 UTC 
Upstream pull request:
https://github.com/redhat-performance/tuned/pull/189
Comment 22 errata-xmlrpc 2019-08-06 13:04:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2201