2029719 – Verification is not performed on ipv4/ipv6 subtrees when enabled is false

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2029719 - Verification is not performed on ipv4/ipv6 subtrees when enabled is false

Summary: Verification is not performed on ipv4/ipv6 subtrees when enabled is false

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	nmstate
Sub Component:
Version:	9.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	unspecified
Target Milestone:	rc
Target Release:	9.1
Assignee:	Gris Ge
QA Contact:	Mingyu Shi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-12-07 07:35 UTC by Radim Hrazdil
Modified:	2023-10-16 03:47 UTC (History)
CC List:	7 users (show)
Fixed In Version:	nmstate-2.1.3-0.20220714.81d80992.el9
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-11-15 10:00:44 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	NMT-960	None	None	None	2023-10-16 03:47:55 UTC
Red Hat Issue Tracker	RHELPLAN-104939	None	None	None	2021-12-07 07:46:48 UTC
Red Hat Product Errata	RHBA-2022:7991	None	None	None	2022-11-15 10:00:56 UTC

Description Radim Hrazdil 2021-12-07 07:35:07 UTC

Description of problem:

The following desired state, which contains undefined property under ipv4 subtree can be successfully applied:

interfaces:
- name: eth1
  type: ethernet
  state: up
  ipv4:
    doesntexist: blah
    enabled: false
    address:
    - ip: 192.168.0.1
      prefix-length: 24


Only when enabled is set to true, the configuration fails on an error similar to the following paste:

Traceback (most recent call last):
  File "/usr/bin/nmstatectl", line 11, in <module>
    load_entry_point('nmstate==1.1.0', 'console_scripts', 'nmstatectl')()
  File "/usr/lib/python3.6/site-packages/nmstatectl/nmstatectl.py", line 74, in main
    return args.func(args)
  File "/usr/lib/python3.6/site-packages/nmstatectl/nmstatectl.py", line 338, in set
    return apply(args)
  File "/usr/lib/python3.6/site-packages/nmstatectl/nmstatectl.py", line 355, in apply
    args.save_to_disk,
  File "/usr/lib/python3.6/site-packages/nmstatectl/nmstatectl.py", line 419, in apply_state
    save_to_disk=save_to_disk,
  File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 90, in apply
    _apply_ifaces_state(plugins, net_state, verify_change, save_to_disk)
  File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 141, in _apply_ifaces_state
    _verify_change(plugins, net_state)
  File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 156, in _verify_change
    net_state.verify(current_state)
  File "/usr/lib/python3.6/site-packages/libnmstate/net_state.py", line 86, in verify
    self._ifaces.verify(current_state.get(Interface.KEY))
  File "/usr/lib/python3.6/site-packages/libnmstate/ifaces/ifaces.py", line 665, in verify
    cur_iface.state_for_verify(),
libnmstate.error.NmstateVerificationError: 
desired
=======
---
name: eth1
type: ethernet
state: up
ipv4:
  enabled: true
  address:
  - ip: 192.168.0.1
    prefix-length: 24
  doesntexist: absent

current
=======
---
name: eth1
type: ethernet
state: up
accept-all-mac-addresses: false
ethernet:
  auto-negotiation: false
ethtool:
  feature:
    rx-gro: true
    rx-gro-list: false
    rx-udp-gro-forwarding: false
    tx-checksum-ip-generic: true
    tx-generic-segmentation: true
    tx-nocache-copy: false
    tx-tcp-ecn-segmentation: true
    tx-tcp-mangleid-segmentation: false
    tx-tcp-segmentation: true
    tx-tcp6-segmentation: true
  ring:
    rx: 256
    tx: 256
ipv4:
  enabled: true
  address:
  - ip: 192.168.0.1
    prefix-length: 24
  dhcp: false
ipv6:
  enabled: false
lldp:
  enabled: false
mac-address: 52:55:00:D1:56:02
mtu: 1500

difference
==========
--- desired
+++ current
@@ -2,9 +2,33 @@
 name: eth1
 type: ethernet
 state: up
+accept-all-mac-addresses: false
+ethernet:
+  auto-negotiation: false
+ethtool:
+  feature:
+    rx-gro: true
+    rx-gro-list: false
+    rx-udp-gro-forwarding: false
+    tx-checksum-ip-generic: true
+    tx-generic-segmentation: true
+    tx-nocache-copy: false
+    tx-tcp-ecn-segmentation: true
+    tx-tcp-mangleid-segmentation: false
+    tx-tcp-segmentation: true
+    tx-tcp6-segmentation: true
+  ring:
+    rx: 256
+    tx: 256
 ipv4:
   enabled: true
   address:
   - ip: 192.168.0.1
     prefix-length: 24
-  doesntexist: absent
+  dhcp: false
+ipv6:
+  enabled: false
+lldp:
+  enabled: false
+mac-address: 52:55:00:D1:56:02
+mtu: 1500



According to the documentation, ipv4.enabled is false, all other properties are ignored. But it seems it would be better 
to perform verification to make sure the ipv4 properties are sane.
It's easy to imagine that a user would have a desired state with disabled and enabled ipv4 stack and the unexistent property.
When enabling the ipv4, the configuration would fail on a seemingly unrelated error.

Making sure that the properties are sane even when the ipv4 stack is set to disabled could prevent users to run into such issue,
which in my opinion has a potential to create more confusion, than failing immediately.


Version-Release number of selected component (if applicable):
nmstate-1.1.0-3.el8

nispor                         x86_64   1.2.2-1.el8          appstream   1.4 M
python3-libnmstate             noarch   1.1.0-3.el8          appstream   239 k
python3-nispor                 noarch   1.2.2-1.el8          appstream    39 k
NetworkManager                 x86_64   1:1.36.0-0.1.el8     baseos      2.3 M

How reproducible:
100%

Steps to Reproduce:
1. apply desiredState with ipv4.doesntexist property and ipv4.enabled: false
2. change ipv4.enabled to true
3.

Actual results:


Expected results:


Additional info:

Comment 1 Gris Ge 2021-12-08 07:15:43 UTC

We are rewriting nmstate in rust in 8.7/9.1, where it will raise error like:


```
[fge@c8s eth]$ echo '---
> interfaces:
> - name: eth1
>   state: up
>   mtu: 1500
>   ipv4:
>     foo: a
>     enabled: false' | sudo ncl set
serde_yaml::Error: unknown field `foo`, expected one of `enabled`, `dhcp`, `address`

```

Considering this is cosmetic problem, we will not fix this problem in RHEL 8.6.

Comment 2 Gris Ge 2022-05-27 10:01:49 UTC

Patch merged in upstream.

User will get failure on not allowed property name.

Comment 3 Mingyu Shi 2022-06-13 09:09:34 UTC

Hi

Gris, does the new patch verify all invalid property name or just for ip subtree?

Comment 4 Gris Ge 2022-07-20 09:41:35 UTC

Hi Mingyu,

Except top level yaml, all other invalid property will cause failure in nmstate 2.1+

Comment 7 Mingyu Shi 2022-08-09 08:08:37 UTC

Verified with:
nmstate-2.1.3-1.el9.x86_64
NetworkManager-1.39.10-1.el9.x86_64

[16:07:13@dell-per430-03 ~]0# echo "interfaces:
- name: dummy
  type: dummy
  state: up
  ipv4:
    doesntexist: blah
    enabled: false
    address:
    - ip: 192.168.0.1
      prefix-length: 24" | nmstatectl set
Using 'set' is deprecated, use 'apply' instead.
serde_yaml::Error: unknown field `doesntexist`, expected one of `enabled`, `dhcp`, `autoconf`, `dhcp-client-id`, `dhcp-duid`, `address`, `auto-dns`, `auto-gateway`, `auto-routes`, `auto-route-table-id`, `addr-gen-mode`

Comment 9 errata-xmlrpc 2022-11-15 10:00:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nmstate bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7991

Note You need to log in before you can comment on or make changes to this bug.