Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1929946

Summary: linux bridge: cannot create subordinate port and copy-mac-from it in one transaction
Product: Red Hat Enterprise Linux 8 Reporter: Mingyu Shi <mshi>
Component: nmstateAssignee: Gris Ge <fge>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Mingyu Shi <mshi>
Severity: high Docs Contact:
Priority: high    
Version: 8.4CC: ferferna, jiji, jishi, network-qe, till
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-18 03:41:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mingyu Shi 2021-02-18 02:16:41 UTC 
Description of problem:
For linux bridge, currently you have to create the subordinate port first, then copy-mac-from it. If you create and copy mac in one transaction, you'll fail.
It works well for bond copy-mac.

Version-Release number of selected component (if applicable):
nmstate-1.0.2-0.3.el8.noarch
nispor-1.0.1-3.el8.x86_64
NetworkManager-1.30.0-0.10.el8.x86_64

How reproducible:
100%

Steps to Reproduce:
#make sure there are no dummy0 and dummy1
ip link del dummy0
ip link del dummy1
echo "interfaces:
- name: br0
  type: linux-bridge
  state: up
  copy-mac-from: dummy1
  bridge:
    port:
    - name: dummy0
    - name: dummy1
- name: dummy1
  type: dummy
  state: up
- name: dummy0
  type: dummy
  state: up" | nmstatectl set -

Actual results:
Failed

Traceback (most recent call last):
  File "/usr/bin/nmstatectl", line 11, in <module>
    load_entry_point('nmstate==1.0.2', 'console_scripts', 'nmstatectl')()
  File "/usr/lib/python3.6/site-packages/nmstatectl/nmstatectl.py", line 73, in main
    return args.func(args)
  File "/usr/lib/python3.6/site-packages/nmstatectl/nmstatectl.py", line 326, in set
    apply(args)
  File "/usr/lib/python3.6/site-packages/nmstatectl/nmstatectl.py", line 343, in apply
    args.save_to_disk,
  File "/usr/lib/python3.6/site-packages/nmstatectl/nmstatectl.py", line 407, in apply_state
    save_to_disk=save_to_disk,
  File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 71, in apply
    _apply_ifaces_state(plugins, net_state, verify_change, save_to_disk)
  File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 115, in _apply_ifaces_state
    _verify_change(plugins, net_state)
  File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 120, in _verify_change
    net_state.verify(current_state)
  File "/usr/lib/python3.6/site-packages/libnmstate/net_state.py", line 74, in verify
    self._ifaces.verify(current_state.get(Interface.KEY))
  File "/usr/lib/python3.6/site-packages/libnmstate/ifaces/ifaces.py", line 632, in verify
    cur_iface.state_for_verify(),
libnmstate.error.NmstateVerificationError: 

difference
==========
--- desired
+++ current
@@ -3,9 +3,44 @@
 type: linux-bridge
 state: up
 bridge:
+  options:
+    group-addr: 01:80:C2:00:00:00
+    group-forward-mask: 0
+    hash-max: 4096
+    mac-ageing-time: 300
+    multicast-last-member-count: 2
+    multicast-last-member-interval: 100
+    multicast-querier: false
+    multicast-querier-interval: 25500
+    multicast-query-interval: 12500
+    multicast-query-response-interval: 1000
+    multicast-query-use-ifaddr: false
+    multicast-router: 1
+    multicast-snooping: true
+    multicast-startup-query-count: 2
+    multicast-startup-query-interval: 3125
+    stp:
+      enabled: true
+      forward-delay: 15
+      hello-time: 2
+      max-age: 20
+      priority: 32768
   port:
   - name: dummy0
+    stp-hairpin-mode: false
+    stp-path-cost: 100
+    stp-priority: 32
     vlan: {}
   - name: dummy1
+    stp-hairpin-mode: false
+    stp-path-cost: 100
+    stp-priority: 32
     vlan: {}
-mac-address: null
+ipv4:
+  enabled: false
+ipv6:
+  enabled: false
+lldp:
+  enabled: false
+mac-address: 2E:34:62:EA:95:B6
+mtu: 1500


Expected results:
No failure

Additional info:
Comment 1 Gris Ge 2021-02-18 03:41:40 UTC 
This is really complex to fix in nmstate and easy to workaround(submit the desire state separately).

I expect user of nmstate knowing the `copy-from-mac` is using mac from __existing__ interface, not from pending-creation interface.

Sorry, I have to close as insufficient data and reopen it once we have real use case need the support of this scenario.
Comment 2 Mingyu Shi 2021-02-18 08:28:38 UTC 
I found this issue when I created bond and attached it to a bridge(more typical than attach a new-created dummy), like:
---
interfaces:
- name: br0
  type: linux-bridge
  state: up
  copy-mac-from: bond1
  bridge:
    port:
    - name: bond0
    - name: bond1
- name: bond1
  type: bond
  state: up
  copy-mac-from: eth2
  link-aggregation:
    mode: balance-rr
    port:
    - eth1
    - eth2

(In reply to Gris Ge from comment #1)
> I expect user of nmstate knowing the `copy-from-mac` is using mac from
> __existing__ interface, not from pending-creation interface.

Like in #bz1896934 (or some probable scenarios), certain network information is unconfirmed/unknown at deploy time. that's why I consider this issue as a potential problem: maybe a user doesn't know the subordinate mac and doesn't have a chance to apply 2 transactions at deploy time or something.
But of course this is just my guess. So I agree to wait for a real user case, too.