Re: [netcf-devel] ncftool 'Failed to initialize netcf' missing a dep?
by Dale Bewley
----- "David Lutterkort" <lutter(a)redhat.com> wrote:
> Can you try this again with 'NETCF_DEBUG=1 ncftool', i.e. set
> NETCF_DEBUG in the environment ? That should spew out some more
> details.
>
> David
Thanks for the tip.
[root@localhost ~]# NETCF_DEBUG=1 ncftool
warning: augeas initialization had errors
please file a bug with the following lines in the bug report:
/augeas/files/etc/sysconfig/iptables/error = "parse_failed"
/augeas/files/etc/sysconfig/iptables/error/pos = "0"
/augeas/files/etc/sysconfig/iptables/error/line = "1"
/augeas/files/etc/sysconfig/iptables/error/char = "0"
/augeas/files/etc/sysconfig/iptables/error/lens = "/usr/share/augeas/lenses/dist/iptables.aug:59.10-.32"
/augeas/files/etc/sysconfig/iptables/error/message = "Iterated lens matched less than it should"
Failed to initialize netcf
error: unspecified error
error: errors in loading some config files
[root@localhost sysconfig]# cat iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m limit --limit-burst 10 --limit 6/minute -j LOG --log-level 6
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT -m comment --comment "Forwarding for VM bridges"
-A FORWARD -m limit --limit-burst 10 --limit 6/minute -j LOG --log-level 6
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
I also discovered that after no changes to any configurations,
a restart of the network makes ncftool/augeas happy.
[root@localhost sysconfig]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0... done.
[ OK ]
[root@localhost ~]# iptables -L -n|grep PHYS
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged /* Forwarding for VM bridges */
[root@localhost sysconfig]# NETCF_DEBUG=1 ncftool
ncftool>
If I reboot, ncftool is broken again, with the same error, until a network restart.
Note the following line in iptables:
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT -m comment --comment "Forwarding for VM bridges"
If I comment out that entire line with a #, I'm somewhat surprised when I run ncftool, to see iptables restart and this line is deleted.
[root@localhost sysconfig]# NETCF_DEBUG=1 ncftool
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
ncftool> quit
I found that if I remove '-m comment --comment "Forwarding for VM bridges"' then ncftool is happy, even after a fresh reboot. So, perhaps it's an augeas bug with the comment module in iptables? It does seem odd that even with this line present, ncftool does work if I restart the network service.
14 years, 3 months
Gentoo integration / basic questions
by elias
Hi,
I'm just working on getting netcf integrated into Gentoo. See also:
http://bugs.gentoo.org/show_bug.cgi?id=295993
But I have some basic questions first.
I have installed netcf and put the netcf.aug into
/usr/share/augeas/lenses/netcf.aug.
Is it correct to put the aug file into this directory or should it remain in
the default installation path (/usr/share/netcf/lenses).
I've never used an Augeas based tool before, sorry for this question ;-)
Is or should ncftool/netcf be able to read existing interfaces?
So I could just use it on top of another network configuration.
e.g.:
- Gentoo's Initsystem creates + configures interfaces
- netcf provides read-only information about them to further services like
libvirt
Don't worry, my plan is to integrate it fully into Gentoo, but depending on it
completely makes it hard establishing it in existing environments, so this
read-existing-interfaces capability would be quite interesting, I just don't
know whether this is already possible as 'ncftool list' displays nothing here
without providing an XML based definition.
Thank you!
Regards,
Elias P.
14 years, 3 months
Re: [netcf-devel] ncftool 'Failed to initialize netcf' missing a dep?
by Dale Bewley
----- "David Lutterkort" <lutter(a)redhat.com> wrote:
> On Tue, 2009-12-01 at 13:49 -0800, Dale Bewley wrote:
> > Out of the box F12 64bit fairly slim install with 497 packages,
> > NetworkManager is not running. It's been chkconfig'd off in the
> > kickstart %post.
> >
> > There is an eth0 and an eth1 interface. Eth1 is inactive and eth0
> is
> > configured by anaconda to use dhcp. Netcf 0.1.4 fails run:
>
> This seems like another manifestation of the bug you found with not
> having the bridge module loaded - the fix for that is only in
> netcf-0.1.5, not in 0.1.4. Can you retry with 0.1.5 ? (It's in
> updates-testing)
Almost, but it's different because the bridge module actually is present.
I neglected to mention that.
I just tested again on a fresh F12 install:
[root@localhost ~]# lsmod |grep bridge
bridge 54112 0
stp 2724 1 bridge
llc 6400 2 bridge,stp
[root@localhost ~]# ncftool
Failed to initialize netcf
error: unspecified error
error: errors in loading some config files
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:22:19:65:F4:E2
inet addr:10.1.200.134 Bcast:10.1.200.255 Mask:255.255.255.0
inet6 addr: fe80::222:19ff:fe65:f4e2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:259 errors:0 dropped:0 overruns:0 frame:0
TX packets:153 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29218 (28.5 KiB) TX bytes:20886 (20.3 KiB)
Interrupt:37 Memory:ec000000-ec012800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
virbr0 Link encap:Ethernet HWaddr F2:B5:3A:82:90:D9
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
# upgrading to netcf 0.1.5 did not help
[root@localhost ~]# yum --enablerepo=updates-testing update netcf
...
Updated:
netcf.x86_64 0:0.1.5-1.fc12
Dependency Updated:
netcf-libs.x86_64 0:0.1.5-1.fc12
...
[root@localhost ~]# ncftool
Failed to initialize netcf
error: unspecified error
error: errors in loading some config files
[root@localhost ~]# virsh iface-list
error: Failed to list active interfaces
error: this function is not supported by the hypervisor: virConnectNumOfInterfaces
# creating my own bridge does make it work
[root@localhost ~]# cd /etc/sysconfig/network-scripts
[root@localhost network-scripts]# ls ifcfg*
ifcfg-eth0 ifcfg-eth1 ifcfg-lo
[root@localhost network-scripts]# cat <<EOF > ifcfg-eth0
> DEVICE=eth0
> HWADDR=
> ONBOOT=yes
> BRIDGE=br0
> EOF
[root@localhost network-scripts]# cat <<EOF > ifcfg-br0
> DEVICE=br0
> ONBOOT=yes
> TYPE=Bridge
> BOOTPROTO=dhcp
> EOF
[root@localhost network-scripts]# service network restart
Shutting down interface br0: [ OK ]
Shutting down interface eth0: bridge br0 does not exist!
[ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
Bringing up interface br0:
Determining IP information for br0... done.
[ OK ]
[root@localhost network-scripts]# ncftool
ncftool> list
br0
lo
ncftool> quit
[root@localhost network-scripts]# virsh iface-list --all
Name State MAC Address
--------------------------------------------
br0 active 00:22:19:65:f4:e2
lo active 00:00:00:00:00:00
eth1 inactive 00:22:19:65:f4:e4
[root@localhost network-scripts]# ifconfig
br0 Link encap:Ethernet HWaddr 00:22:19:65:F4:E2
inet addr:10.1.200.134 Bcast:10.1.200.255 Mask:255.255.255.0
inet6 addr: fe80::222:19ff:fe65:f4e2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1157 errors:0 dropped:0 overruns:0 frame:0
TX packets:536 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:93393 (91.2 KiB) TX bytes:118448 (115.6 KiB)
eth0 Link encap:Ethernet HWaddr 00:22:19:65:F4:E2
inet6 addr: fe80::222:19ff:fe65:f4e2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1147 errors:0 dropped:0 overruns:0 frame:0
TX packets:525 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:113163 (110.5 KiB) TX bytes:118536 (115.7 KiB)
Interrupt:37 Memory:ec000000-ec012800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
virbr0 Link encap:Ethernet HWaddr F2:B5:3A:82:90:D9
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
--
Dale Bewley - Unix Administrator - Shields Library - UC Davis
GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD 1753 064D 2583 B098 A0F3
14 years, 3 months
ncftool 'Failed to initialize netcf' missing a dep?
by Dale Bewley
Out of the box F12 64bit fairly slim install with 497 packages, NetworkManager is not running. It's been chkconfig'd off in the kickstart %post.
There is an eth0 and an eth1 interface. Eth1 is inactive and eth0 is configured by anaconda to use dhcp. Netcf 0.1.4 fails run:
[root@localhost bin]# ncftool
Failed to initialize netcf
error: unspecified error
error: errors in loading some config files
Virsh refuses to use netcf-libs as well:
[root@localhost bin]# virsh iface-define /tmp/br0.xml
error: Failed to define interface from /tmp/br0.xml
error: this function is not supported by the hypervisor: virInterfaceDefineXML
However, if I manually create a bridge like this:
[root@localhost network-scripts]# cat ifcfg-br0
DEVICE=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=dhcp
[root@localhost network-scripts]# cat ifcfg-eth0
DEVICE=eth0
HWADDR=
ONBOOT=yes
BRIDGE=br0
[root@localhost network-scripts]# service network restart
Then netcf does run, and libvirt is happy to use it.
[root@localhost network-scripts]# virsh iface-list --all
Name State MAC Address
--------------------------------------------
br0 active 00:22:19:65:f9:c9
lo active 00:00:00:00:00:00
eth1 inactive 00:22:19:65:f9:cb
If I service network stop, netcf is still happy to run. I'm not sure what dependency is changing to make netcf functional.
My goal was to put something like this in my kickstart:
virsh net-destroy default
virsh net-undefine default
cat <<EOF > /tmp/br0.xml
<interface type='bridge' name='br0'>
<start mode='onboot'/>
<protocol family='ipv4'>
<dhcp />
</protocol>
<bridge>
<interface type='ethernet' name='eth0'>
</interface>
</bridge>
</interface>
EOF
virsh iface-define /tmp/br0.xml
BTW, (when netcf will intialize) this does work, but it still does produce an error and virsh iface-list --all doesn't look as would be expected until after a service network restart.
[root@localhost network-scripts]# virsh iface-define /tmp/br0.xml
error: Failed to define interface from /tmp/br0.xml
error: invalid argument in virGetInterface
--
Dale Bewley - Unix Administrator - Shields Library - UC Davis
GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD 1753 064D 2583 B098 A0F3
14 years, 3 months
Arch Linux backend
by Jon Nordby
I'm interesting in writing an Arch Linux backend for netcf. I'd need augeas
support for the relevant configurations, but what else? What is the basic
principle, what functions should be implemented etc.? How do I approach
this?
--
Regards Jon Nordby - www.jonnor.com
14 years, 4 months