Bug 629206 - Failed to initialize netcf - netcf still doesn't work
Failed to initialize netcf - netcf still doesn't work
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: netcf (Show other bugs)
6.0
All Linux
low Severity high
: rc
: ---
Assigned To: Laine Stump
qe-baseos-daemons
: Regression
Depends On: 651032
Blocks: 584893
  Show dependency treegraph
 
Reported: 2010-09-01 05:29 EDT by Jan Ščotka
Modified: 2011-05-19 09:43 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, netcf was unable to initialize due to the system's iptables configuration and failed with a "Failed to initialize netcf. error: unspecified error" error message. This is now fixed and netcf no longer fails during initialization.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-19 09:43:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Ščotka 2010-09-01 05:29:16 EDT
Description of problem:
Hi,
Still after reapiring bugs discovered in 
https://bugzilla.redhat.com/show_bug.cgi?id=584893
netcf isn't working

Version-Release number of selected component (if applicable):
[root@dhcp-2-205 ~]# rpm -qa netcf
netcf-0.1.6-4.el6.x86_64
ls /etc/sysconfig/system-config-firewall -alhZ
-rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/system-config-firewall


How reproducible:
100%

Steps to Reproduce:
1. # ncftool 
  
Actual results:
Failed to initialize netcf
error: unspecified error

Expected results:
ncftool

Additional info:
strace of command (some last lines:
++++++++++++++++++++++++++++++++++
read(3, "module Lokkit =\n  autoload xfm\n\n"..., 8192) = 2216
read(3, "", 4096)                       = 0
read(3, "", 8192)                       = 0
close(3)                                = 0
munmap(0x7f9f0c033000, 4096)            = 0
stat("/usr/share/netcf/lenses/rx.aug", 0x7fff1c85c940) = -1 ENOENT (No such file or directory)
stat("/usr/share/augeas/lenses/rx.aug", 0x7fff1c85c940) = -1 ENOENT (No such file or directory)
stat("/usr/share/augeas/lenses/dist/rx.aug", {st_mode=S_IFREG|0644, st_size=2117, ...}) = 0
open("/usr/share/augeas/lenses/dist/rx.aug", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2117, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9f0c033000
read(3, "(*\nModule: Rx\n   Generic regexps"..., 8192) = 2117
read(3, "", 4096)                       = 0
read(3, "", 8192)                       = 0
close(3)                                = 0
munmap(0x7f9f0c033000, 4096)            = 0
stat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
stat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
stat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
open("/etc/sysconfig/system-config-firewall", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9f0c033000
read(3, "# Configuration file for system-"..., 8192) = 276
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7f9f0c033000, 4096)            = 0
access("/usr/sbin/lokkit", X_OK)        = 0
access("/etc/sysconfig/system-config-firewall", R_OK) = 0
open("/etc/sysconfig/system-config-firewall", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9f0c033000
read(3, "# Configuration file for system-"..., 8192) = 276
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7f9f0c033000, 4096)            = 0
lstat("/etc", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
lstat("/etc/sysconfig", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
open("/etc/sysconfig/system-config-firewall.augnew", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
gettid()                                = 2952
open("/proc/self/task/2952/attr/current", O_RDONLY) = 4
read(4, "unconfined_u:unconfined_r:unconf"..., 4095) = 54
close(4)                                = 0
lstat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
lgetxattr("/etc/sysconfig/system-config-firewall", "security.selinux", "system_u:object_r:system_conf_t:s0", 255) = 35
open("/selinux/mls", O_RDONLY)          = 4
read(4, "1", 19)                        = 1
close(4)                                = 0
futex(0x3cf961e710, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC, 0) = 4
connect(4, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"}, 110) = -1 ENOENT (No such file or directory)
close(4)                                = 0
lchown("/etc/sysconfig/system-config-firewall.augnew", 0, 0) = 0
chmod("/etc/sysconfig/system-config-firewall.augnew", 0100600) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC, 0) = 4
connect(4, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"}, 110) = -1 ENOENT (No such file or directory)
close(4)                                = 0
lsetxattr("/etc/sysconfig/system-config-firewall.augnew", "security.selinux", "system_u:object_r:system_conf_t:s0", 35, 0) = 0
fsync(3)                                = 0
close(3)                                = 0
unlink("/etc/sysconfig/system-config-firewall.augnew") = 0
stat("etc/sysconfig/system-config-firewall", 0x7fff1c85ce20) = -1 ENOENT (No such file or directory)
brk(0x29a3000)                          = 0x29a3000
write(2, "Failed to initialize netcf\n", 27Failed to initialize netcf
) = 27
write(2, "error: unspecified error\n", 25error: unspecified error
) = 25
exit_group(1)                           = ?
Comment 3 Laine Stump 2010-09-01 14:23:46 EDT
Jan,

Can you run "ncftool -d" and attach the output. This *might* tell us what is confusing augeas and causing the "unspecified error" message. If you can also attach the full contents of /etc/sysconfig/system-config-firewall, /etc/sysconfig/iptables, and /etc/sysconfig/ifcfg-*, that may come in handy as well.

Is it possible for me to have access to this machine? That can sometimes save a lot of time in dicovering the root cause.

In the meantime, if you need to do other testing on this machine, please see the Technical Note I just added here - making that change should allow ncftool to work.
Comment 4 Laine Stump 2010-09-01 14:23:46 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Until the root cause of this intermittent problem is found, you can work around it by setting:

   net.bridge.bridge-nf-call-iptables = 0

in /etc/sysctl.conf (and or manually setting it with "sysctl -w"). This should allow netcf to continue initializing.

The given error message will pop up when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read/modify; this could be due to permissions on the file, or its content.

To aid in tracking down the source of the bug, please rune ncftool with the "-d" option, and attach the output to this bug. (also, the contents of any /etc/sysconfig/* file mentioned in that output would also be helpfule).
Comment 7 Ryan Lerch 2010-09-30 22:24:49 EDT
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,9 +1,10 @@
-Until the root cause of this intermittent problem is found, you can work around it by setting:
+Under some circumstances, the netcf command crashes, returning the error message:
 
-   net.bridge.bridge-nf-call-iptables = 0
+Failed to initialize netcf
+error: unspecified error
+						
+To work around this issue, set the following value in /etc/sysctl.conf:
 
-in /etc/sysctl.conf (and or manually setting it with "sysctl -w"). This should allow netcf to continue initializing.
+   net.bridge.bridge-nf-call-iptables = 0
-
+						
-The given error message will pop up when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read/modify; this could be due to permissions on the file, or its content.
+This issue presents when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read or modify.-
-To aid in tracking down the source of the bug, please rune ncftool with the "-d" option, and attach the output to this bug. (also, the contents of any /etc/sysconfig/* file mentioned in that output would also be helpfule).
Comment 8 Laine Stump 2010-11-16 12:24:37 EST
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,8 +1,10 @@
-Under some circumstances, the netcf command crashes, returning the error message:
+Under some circumstances, when the ncftool command is run it will immediately exit, returning the error message:
 
 Failed to initialize netcf
 error: unspecified error
-						
+
+Similarly, libvirt's "virsh" tool (which uses the netcf library) will report that none of its iface-* commands are available.
+					
 To work around this issue, set the following value in /etc/sysctl.conf:
 
    net.bridge.bridge-nf-call-iptables = 0
Comment 9 Laine Stump 2010-11-16 12:26:40 EST
Note that this bug will be fixed once and for all once netcf is rebased to at least netcf-0.1.7 (see Bug 651032
Comment 10 Laine Stump 2011-01-13 15:34:38 EST
The fix for this problem is in netcf-0.17-1, which has been built:

https://brewweb.devel.redhat.com/buildinfo?buildID=154128
Comment 11 Laine Stump 2011-01-14 13:07:39 EST
With the new version of netcf, there is no longer any need for the Technical Note (as a matter of fact, it is now incorrect), so I've removed it.
Comment 12 Laine Stump 2011-01-14 13:07:39 EST
Deleted Technical Notes Contents.

Old Contents:
Under some circumstances, when the ncftool command is run it will immediately exit, returning the error message:

Failed to initialize netcf
error: unspecified error

Similarly, libvirt's "virsh" tool (which uses the netcf library) will report that none of its iface-* commands are available.
					
To work around this issue, set the following value in /etc/sysctl.conf:

   net.bridge.bridge-nf-call-iptables = 0
						
This issue presents when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read or modify.
Comment 14 zhanghaiyan 2011-01-18 02:58:15 EST
Verified this bug PASS with netcf-0.1.7-1.el6.x86_64
- 2.6.32-94.el6.x86_64
- libvirt-0.8.7-1.el6.x86_64

# getenforce 
Enforcing

# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 0
# ncftool 
ncftool> help
Commands:

    list       - list network interfaces
    dumpxml    - dump the XML description of an interface
    define     - define an interface from an XML file
    undefine   - undefine an interface
    ifup       - bring up an interface
    ifdown     - bring down an interface
    help       - print help
    quit       - exit the program

Type 'help <command>' for more information on a command

ncftool> list
eth0
lo
ncftool> dumpxml eth0
<?xml version="1.0"?>
<interface type="ethernet" name="eth0">
  <start mode="onboot"/>
  <mac address="00:25:64:A7:1F:4D"/>
  <protocol family="ipv4">
    <dhcp/>
  </protocol>
  <protocol family="ipv6">
    <autoconf/>
  </protocol>
</interface>

ncftool> dumpxml lo
<?xml version="1.0"?>
<interface type="ethernet" name="lo">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="127.0.0.1" prefix="8"/>
  </protocol>
</interface>

ncftool> quit

# virsh iface-list --all
Name                 State      MAC Address
--------------------------------------------
eth0                 active     00:25:64:a7:1f:4d
lo                   active     00:00:00:00:00:00

# virsh iface-dumpxml eth0
<interface type='ethernet' name='eth0'>
  <mac address='00:25:64:a7:1f:4d'/>
  <protocol family='ipv4'>
    <ip address='10.66.65.132' prefix='23'/>
  </protocol>
  <protocol family='ipv6'>
    <ip address='fe80::225:64ff:fea7:1f4d' prefix='64'/>
  </protocol>
</interface>

# virsh iface-dumpxml lo
<interface type='ethernet' name='lo'>
  <protocol family='ipv4'>
    <ip address='127.0.0.1' prefix='8'/>
  </protocol>
  <protocol family='ipv6'>
    <ip address='::1' prefix='128'/>
  </protocol>
</interface>
Comment 15 Misha H. Ali 2011-05-09 01:12:33 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, netcf was unable to initialize due to the system's iptables configuration and failed with a "Failed to initialize netcf. error: unspecified error" error message. This is now fixed and netcf no longer fails during initialization.
Comment 16 errata-xmlrpc 2011-05-19 09:43:34 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0620.html

Note You need to log in before you can comment on or make changes to this bug.