Bug 2035658 - NMPolicy can't replace strings using captures, making teardown not possible
Summary: NMPolicy can't replace strings using captures, making teardown not possible
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Networking
Version: 4.10.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
: 4.10.0
Assignee: Alona Kaplan
QA Contact: Adi Zavalkovsky
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-12-26 15:15 UTC by Adi Zavalkovsky
Modified: 2022-03-16 16:05 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-16 16:05:38 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
deploy (2.66 KB, text/plain)
2021-12-26 15:15 UTC, Adi Zavalkovsky
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github nmstate nmpolicy pull 76 0 None Merged replace, test: Add unit test to replace with cap 2022-01-12 12:17:58 UTC
Red Hat Product Errata RHSA-2022:0947 0 None None None 2022-03-16 16:05:55 UTC

Description Adi Zavalkovsky 2021-12-26 15:15:17 UTC
Created attachment 1847818 [details]
deploy

Description of problem:
When using NMPolicy's capture feature, modifying values using a previous capture results in a bug.
I.e when updating routing tables in the capture section, using ' XXX := capture.YYY' results in a bug. A more relevant example in the attached file.

This is bad because when deploying an nncp to teardown a bridge, only way to get previous default interface, is using capture. 

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Deploy bridge behind default interface (nmpolicy_bug.yaml deploy section)
2. Destroy bridge (nmpolicy_bug.yaml destroy section)
3.

Actual results:

status:
  conditions:
  - lastHearbeatTime: "2021-12-26T13:11:28Z"
    lastTransitionTime: "2021-12-26T13:11:28Z"
    message: |
      failure generating desiredState and capturedStates
        failed to generate state, err
          failed to resolve capture expression, err
            invalid replace
              right hand argument is not a string


Expected results:

Bridge successfully destroyed, config applied to default interface.

Additional info:

Comment 1 Alona Kaplan 2021-12-27 06:43:08 UTC
I think the problem with the teardown was - `deafult-interface: "ens3"`. We don't support this kind of capture.

Anyway, `capture` field on nncp cannot be updated, so to teardown, the old policy has first be removed.

Comment 2 Adi Zavalkovsky 2021-12-27 08:06:30 UTC
@

Comment 3 Adi Zavalkovsky 2021-12-27 08:09:54 UTC
(In reply to Alona Kaplan from comment #1)
> I think the problem with the teardown was - `deafult-interface: "ens3"`. We
> don't support this kind of capture.
> 
> Anyway, `capture` field on nncp cannot be updated, so to teardown, the old
> policy has first be removed.


Sorry, I may have not been clear enough.
1. I didn't update the nncp, I removed the old policy and created a new one.
2. I didn't actually use this capture, I added it to demonstrate, and forgot to add the actual capture.
Actual capture - capture.br1.interfaces.0.bridge.port.0.name, which suits the desiredState when manipulating the port's config.

Comment 4 Alona Kaplan 2021-12-27 08:39:34 UTC
Can you please attach the full policies you used to add and teardown the bridge.

Comment 6 Alona Kaplan 2021-12-27 09:13:14 UTC
Thanks!

Now I can understand the issue.
We will add support to have a capture ref as a replace value and not just a string,
so capture like the following `routes.running.next-hop-interface := capture.br1.interfaces.0.bridge.port.0.name` will be supported.

Comment 7 Adi Zavalkovsky 2022-01-12 12:42:24 UTC
Verified on latest CNV 4.10

Applied capture - br1-routes-takeover: capture.br1-routes | routes.running.next-hop-interface := capture.br1.interfaces.0.bridge.port.0.name

Captured State -
br1-routes: 
...
          - destination: 192.168.0.0/18
            metric: 425
            next-hop-address: 0.0.0.0
            next-hop-interface: br1
            table-id: 254
  
br1-routes-takeover:
...
          - destination: 192.168.0.0/18
            metric: 425
            next-hop-address: 0.0.0.0
            next-hop-interface: ens3
            table-id: 254

Comment 12 errata-xmlrpc 2022-03-16 16:05:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0947


Note You need to log in before you can comment on or make changes to this bug.