RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 629206 - Failed to initialize netcf - netcf still doesn't work
Summary: Failed to initialize netcf - netcf still doesn't work
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: netcf
Version: 6.0
Hardware: All
OS: Linux
low
high
Target Milestone: rc
: ---
Assignee: Laine Stump
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On: 651032
Blocks: 584893
TreeView+ depends on / blocked
 
Reported: 2010-09-01 09:29 UTC by Jan Ščotka
Modified: 2011-05-19 13:43 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, netcf was unable to initialize due to the system's iptables configuration and failed with a "Failed to initialize netcf. error: unspecified error" error message. This is now fixed and netcf no longer fails during initialization.
Clone Of:
Environment:
Last Closed: 2011-05-19 13:43:34 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0620 0 normal SHIPPED_LIVE netcf bugfix update 2011-05-18 17:56:09 UTC

Description Jan Ščotka 2010-09-01 09:29:16 UTC 
Description of problem:
Hi,
Still after reapiring bugs discovered in 
https://bugzilla.redhat.com/show_bug.cgi?id=584893
netcf isn't working

Version-Release number of selected component (if applicable):
[root@dhcp-2-205 ~]# rpm -qa netcf
netcf-0.1.6-4.el6.x86_64
ls /etc/sysconfig/system-config-firewall -alhZ
-rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/system-config-firewall


How reproducible:
100%

Steps to Reproduce:
1. # ncftool 
  
Actual results:
Failed to initialize netcf
error: unspecified error

Expected results:
ncftool

Additional info:
strace of command (some last lines:
++++++++++++++++++++++++++++++++++
read(3, "module Lokkit =\n  autoload xfm\n\n"..., 8192) = 2216
read(3, "", 4096)                       = 0
read(3, "", 8192)                       = 0
close(3)                                = 0
munmap(0x7f9f0c033000, 4096)            = 0
stat("/usr/share/netcf/lenses/rx.aug", 0x7fff1c85c940) = -1 ENOENT (No such file or directory)
stat("/usr/share/augeas/lenses/rx.aug", 0x7fff1c85c940) = -1 ENOENT (No such file or directory)
stat("/usr/share/augeas/lenses/dist/rx.aug", {st_mode=S_IFREG|0644, st_size=2117, ...}) = 0
open("/usr/share/augeas/lenses/dist/rx.aug", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2117, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9f0c033000
read(3, "(*\nModule: Rx\n   Generic regexps"..., 8192) = 2117
read(3, "", 4096)                       = 0
read(3, "", 8192)                       = 0
close(3)                                = 0
munmap(0x7f9f0c033000, 4096)            = 0
stat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
stat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
stat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
open("/etc/sysconfig/system-config-firewall", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9f0c033000
read(3, "# Configuration file for system-"..., 8192) = 276
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7f9f0c033000, 4096)            = 0
access("/usr/sbin/lokkit", X_OK)        = 0
access("/etc/sysconfig/system-config-firewall", R_OK) = 0
open("/etc/sysconfig/system-config-firewall", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9f0c033000
read(3, "# Configuration file for system-"..., 8192) = 276
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7f9f0c033000, 4096)            = 0
lstat("/etc", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
lstat("/etc/sysconfig", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
open("/etc/sysconfig/system-config-firewall.augnew", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
gettid()                                = 2952
open("/proc/self/task/2952/attr/current", O_RDONLY) = 4
read(4, "unconfined_u:unconfined_r:unconf"..., 4095) = 54
close(4)                                = 0
lstat("/etc/sysconfig/system-config-firewall", {st_mode=S_IFREG|0600, st_size=276, ...}) = 0
lgetxattr("/etc/sysconfig/system-config-firewall", "security.selinux", "system_u:object_r:system_conf_t:s0", 255) = 35
open("/selinux/mls", O_RDONLY)          = 4
read(4, "1", 19)                        = 1
close(4)                                = 0
futex(0x3cf961e710, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC, 0) = 4
connect(4, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"}, 110) = -1 ENOENT (No such file or directory)
close(4)                                = 0
lchown("/etc/sysconfig/system-config-firewall.augnew", 0, 0) = 0
chmod("/etc/sysconfig/system-config-firewall.augnew", 0100600) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC, 0) = 4
connect(4, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"}, 110) = -1 ENOENT (No such file or directory)
close(4)                                = 0
lsetxattr("/etc/sysconfig/system-config-firewall.augnew", "security.selinux", "system_u:object_r:system_conf_t:s0", 35, 0) = 0
fsync(3)                                = 0
close(3)                                = 0
unlink("/etc/sysconfig/system-config-firewall.augnew") = 0
stat("etc/sysconfig/system-config-firewall", 0x7fff1c85ce20) = -1 ENOENT (No such file or directory)
brk(0x29a3000)                          = 0x29a3000
write(2, "Failed to initialize netcf\n", 27Failed to initialize netcf
) = 27
write(2, "error: unspecified error\n", 25error: unspecified error
) = 25
exit_group(1)                           = ?
Comment 3 Laine Stump 2010-09-01 18:23:46 UTC 
Jan,

Can you run "ncftool -d" and attach the output. This *might* tell us what is confusing augeas and causing the "unspecified error" message. If you can also attach the full contents of /etc/sysconfig/system-config-firewall, /etc/sysconfig/iptables, and /etc/sysconfig/ifcfg-*, that may come in handy as well.

Is it possible for me to have access to this machine? That can sometimes save a lot of time in dicovering the root cause.

In the meantime, if you need to do other testing on this machine, please see the Technical Note I just added here - making that change should allow ncftool to work.
Comment 4 Laine Stump 2010-09-01 18:23:46 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Until the root cause of this intermittent problem is found, you can work around it by setting:

   net.bridge.bridge-nf-call-iptables = 0

in /etc/sysctl.conf (and or manually setting it with "sysctl -w"). This should allow netcf to continue initializing.

The given error message will pop up when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read/modify; this could be due to permissions on the file, or its content.

To aid in tracking down the source of the bug, please rune ncftool with the "-d" option, and attach the output to this bug. (also, the contents of any /etc/sysconfig/* file mentioned in that output would also be helpfule).
Comment 7 Ryan Lerch 2010-10-01 02:24:49 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,9 +1,10 @@
-Until the root cause of this intermittent problem is found, you can work around it by setting:
+Under some circumstances, the netcf command crashes, returning the error message:
 
-   net.bridge.bridge-nf-call-iptables = 0
+Failed to initialize netcf
+error: unspecified error
+						
+To work around this issue, set the following value in /etc/sysctl.conf:
 
-in /etc/sysctl.conf (and or manually setting it with "sysctl -w"). This should allow netcf to continue initializing.
+   net.bridge.bridge-nf-call-iptables = 0
-
+						
-The given error message will pop up when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read/modify; this could be due to permissions on the file, or its content.
+This issue presents when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read or modify.-
-To aid in tracking down the source of the bug, please rune ncftool with the "-d" option, and attach the output to this bug. (also, the contents of any /etc/sysconfig/* file mentioned in that output would also be helpfule).
Comment 8 Laine Stump 2010-11-16 17:24:37 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,8 +1,10 @@
-Under some circumstances, the netcf command crashes, returning the error message:
+Under some circumstances, when the ncftool command is run it will immediately exit, returning the error message:
 
 Failed to initialize netcf
 error: unspecified error
-						
+
+Similarly, libvirt's "virsh" tool (which uses the netcf library) will report that none of its iface-* commands are available.
+					
 To work around this issue, set the following value in /etc/sysctl.conf:
 
    net.bridge.bridge-nf-call-iptables = 0
Comment 9 Laine Stump 2010-11-16 17:26:40 UTC 
Note that this bug will be fixed once and for all once netcf is rebased to at least netcf-0.1.7 (see Bug 651032
Comment 10 Laine Stump 2011-01-13 20:34:38 UTC 
The fix for this problem is in netcf-0.17-1, which has been built:

https://brewweb.devel.redhat.com/buildinfo?buildID=154128
Comment 11 Laine Stump 2011-01-14 18:07:39 UTC 
With the new version of netcf, there is no longer any need for the Technical Note (as a matter of fact, it is now incorrect), so I've removed it.
Comment 12 Laine Stump 2011-01-14 18:07:39 UTC 
Deleted Technical Notes Contents.

Old Contents:
Under some circumstances, when the ncftool command is run it will immediately exit, returning the error message:

Failed to initialize netcf
error: unspecified error

Similarly, libvirt's "virsh" tool (which uses the netcf library) will report that none of its iface-* commands are available.
					
To work around this issue, set the following value in /etc/sysctl.conf:

   net.bridge.bridge-nf-call-iptables = 0
						
This issue presents when the augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read or modify.
Comment 14 zhanghaiyan 2011-01-18 07:58:15 UTC 
Verified this bug PASS with netcf-0.1.7-1.el6.x86_64
- 2.6.32-94.el6.x86_64
- libvirt-0.8.7-1.el6.x86_64

# getenforce 
Enforcing

# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 0
# ncftool 
ncftool> help
Commands:

    list       - list network interfaces
    dumpxml    - dump the XML description of an interface
    define     - define an interface from an XML file
    undefine   - undefine an interface
    ifup       - bring up an interface
    ifdown     - bring down an interface
    help       - print help
    quit       - exit the program

Type 'help <command>' for more information on a command

ncftool> list
eth0
lo
ncftool> dumpxml eth0
<?xml version="1.0"?>
<interface type="ethernet" name="eth0">
  <start mode="onboot"/>
  <mac address="00:25:64:A7:1F:4D"/>
  <protocol family="ipv4">
    <dhcp/>
  </protocol>
  <protocol family="ipv6">
    <autoconf/>
  </protocol>
</interface>

ncftool> dumpxml lo
<?xml version="1.0"?>
<interface type="ethernet" name="lo">
  <start mode="onboot"/>
  <protocol family="ipv4">
    <ip address="127.0.0.1" prefix="8"/>
  </protocol>
</interface>

ncftool> quit

# virsh iface-list --all
Name                 State      MAC Address
--------------------------------------------
eth0                 active     00:25:64:a7:1f:4d
lo                   active     00:00:00:00:00:00

# virsh iface-dumpxml eth0
<interface type='ethernet' name='eth0'>
  <mac address='00:25:64:a7:1f:4d'/>
  <protocol family='ipv4'>
    <ip address='10.66.65.132' prefix='23'/>
  </protocol>
  <protocol family='ipv6'>
    <ip address='fe80::225:64ff:fea7:1f4d' prefix='64'/>
  </protocol>
</interface>

# virsh iface-dumpxml lo
<interface type='ethernet' name='lo'>
  <protocol family='ipv4'>
    <ip address='127.0.0.1' prefix='8'/>
  </protocol>
  <protocol family='ipv6'>
    <ip address='::1' prefix='128'/>
  </protocol>
</interface>
Comment 15 Misha H. Ali 2011-05-09 05:12:33 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, netcf was unable to initialize due to the system's iptables configuration and failed with a "Failed to initialize netcf. error: unspecified error" error message. This is now fixed and netcf no longer fails during initialization.
Comment 16 errata-xmlrpc 2011-05-19 13:43:34 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0620.html
Note You need to log in before you can comment on or make changes to this bug.