Description of problem: OSP16 deployment with policy-based routing rules. os-net-config does not enable new ip rules during subsequent deployments. Version-Release number of selected component (if applicable): os-net-config-11.3.1-0.20191202211303.d814f68.el8ost.noarch How reproducible: 100% Steps to Reproduce: 1. example nic-config def: - type: ovs_bridge name: br-ex dns_servers: {get_param: DnsServers} use_dhcp: false mtu: 1500 members: - type: interface name: nic4 mtu: 1500 primary: true - type: vlan vlan_id: {get_param: ExternalNetworkVlanID} mtu: 1500 addresses: - ip_netmask: {get_param: ExternalIpSubnet} routes: - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} table: 200 rules: - rule: "from 192.168.2.0/24 table 200" - rule: "from 10.10.10.0/24 table 200" Here '- rule: "from 10.10.10.0/24 table 200"' is the new definition. parameter_defaults: NetworkDeploymentActions: ['CREATE','UPDATE'] ^^ deployment param to ensure the new config is used. After deployment the config is in the appropriate file: [root@overcloud-controller-0 ~]# cat /etc/sysconfig/network-scripts/rule-vlan5 # This file is autogenerated by os-net-config from 192.168.2.0/24 table 200 from 10.10.10.0/24 table 200 However the rule is not active: [root@overcloud-controller-0 ~]# ip rule 0: from all lookup local 32765: from 192.168.2.0/24 lookup custom 32766: from all lookup main 32767: from all lookup default A restart of the interface is needed to activate the rule: root@overcloud-controller-0 ~]# ifdown vlan5; ifup vlan5 WARN : [ifdown] You are using 'ifdown' script provided by 'network-scripts', which are now deprecated. WARN : [ifdown] 'network-scripts' will be removed in one of the next major releases of RHEL. WARN : [ifdown] It is advised to switch to 'NetworkManager' instead - it provides 'ifup/ifdown' scripts as well. RTNETLINK answers: No such file or directory WARN : [ifup] You are using 'ifup' script provided by 'network-scripts', which are now deprecated. WARN : [ifup] 'network-scripts' will be removed in one of the next major releases of RHEL. WARN : [ifup] It is advised to switch to 'NetworkManager' instead - it provides 'ifup/ifdown' scripts as well. [root@overcloud-controller-0 ~]# ip rule 0: from all lookup local 32764: from 10.10.10.0/24 lookup custom 32765: from 192.168.2.0/24 lookup custom 32766: from all lookup main 32767: from all lookup default
Matt, did you create the route table? network_config: - type: route_table name: custom table_id: 200
(In reply to Dan Sneddon from comment #1) > Matt, did you create the route table? > > network_config: > - > type: route_table > name: custom > table_id: 200 Hi Dan, Yes, route_table defined; here is my current network_config I'm testing. slightly different rules but same behavior. params: $network_config: network_config: - type: route_table name: custom table_id: 200 - type: interface name: nic1 mtu: get_param: ControlPlaneMtu use_dhcp: false addresses: - ip_netmask: list_join: - / - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: list_concat_unique: - get_param: ControlPlaneStaticRoutes - - default: true next_hop: get_param: ControlPlaneDefaultRoute - type: linux_bond name: bond_internal mtu: get_attr: [MinViableMtuBondApi, value] use_dhcp: false bonding_options: get_param: BondInterfaceOvsOptions domain: get_param: DnsSearchDomains members: - type: interface name: nic2 mtu: get_attr: [MinViableMtuBondApi, value] primary: true - type: interface name: nic5 mtu: get_attr: [MinViableMtuBondApi, value] - type: vlan device: bond_internal mtu: get_param: StorageMtu vlan_id: get_param: StorageNetworkVlanID addresses: - ip_netmask: get_param: StorageIpSubnet routes: list_concat_unique: - get_param: StorageInterfaceRoutes - type: vlan device: bond_internal mtu: get_param: StorageMgmtMtu vlan_id: get_param: StorageMgmtNetworkVlanID addresses: - ip_netmask: get_param: StorageMgmtIpSubnet routes: list_concat_unique: - get_param: StorageMgmtInterfaceRoutes - type: vlan device: bond_internal mtu: get_param: InternalApiMtu vlan_id: get_param: InternalApiNetworkVlanID addresses: - ip_netmask: get_param: InternalApiIpSubnet routes: list_concat_unique: - get_param: InternalApiInterfaceRoutes - type: ovs_bridge name: br-tenant use_dhcp: false addresses: - ip_netmask: get_param: TenantIpSubnet members: - type: interface name: nic3 - type: ovs_bridge name: br-ex dns_servers: {get_param: DnsServers} use_dhcp: false mtu: 1500 members: - type: interface name: nic4 mtu: 1500 primary: true - type: vlan vlan_id: {get_param: ExternalNetworkVlanID} mtu: 1500 addresses: - ip_netmask: {get_param: ExternalIpSubnet} routes: - default: true next_hop: {get_param: ExternalInterfaceDefaultRoute} table: 200 rules: - rule: "to 192.168.2.0/24 table main priority 500" comment: "all adjacent traffic on 192.168.2.0/24 to main table" - rule: "from 192.168.2.0/24 table 200 priority 501" comment: "all remote traffic from 192.168.2.0/24 to custom table"
Verified changes were in OSP-16z2, compose 20200406.1, rpm os-net-config-11.3.2-0.20200313111250.049314b.el8ost.noarch.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2114