You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
= Troubleshooting an incorrect node network configuration policy configuration
8
8
9
-
You can apply changes to the node network configuration across your entire cluster by applying a node network configuration policy.
10
-
If you apply an incorrect configuration, you can use the following example to troubleshoot and correct the failed node network policy.
9
+
You can apply changes to the node network configuration across your entire cluster by applying a node network configuration policy.
11
10
12
-
In this example, a Linux bridge policy is applied to an example cluster that has three control plane nodes and three compute nodes.
13
-
The policy fails to be applied because it references an incorrect interface.
14
-
To find the error, investigate the available NMState resources. You can then update the policy with the correct configuration.
11
+
If you applied an incorrect configuration, you can use the following example to troubleshoot and correct the failed node network policy. The example attempts to apply a Linux bridge policy to a cluster that has three control plane nodes and three compute nodes. The policy is not applied because the policy references the wrong interface.
12
+
13
+
To find an error, you need to investigate the available NMState resources. You can then update the policy with the correct configuration.
14
+
15
+
.Prerequisites
16
+
17
+
* You ensured that an `ens01` interface does not exist on your Linux system.
15
18
16
19
.Procedure
17
20
18
-
. Create a policy and apply it to your cluster. The following example creates a simple bridge on the `ens01`interface:
21
+
. Create a policy on your cluster. The following example creates a simple bridge, `br1` that has `ens01`as its member:
19
22
+
20
23
[source,yaml]
21
24
----
@@ -39,7 +42,10 @@ spec:
39
42
enabled: false
40
43
port:
41
44
- name: ens01
45
+
# ...
42
46
----
47
+
48
+
. Apply the policy to your network interface:
43
49
+
44
50
[source,terminal]
45
51
----
@@ -68,9 +74,9 @@ NAME STATUS
68
74
ens01-bridge-testfail FailedToConfigure
69
75
----
70
76
+
71
-
However, the policy status alone does not indicate if it failed on all nodes or a subset of nodes.
77
+
The policy status alone does not indicate if it failed on all nodes or a subset of nodes.
72
78
73
-
. List the node network configuration enactments to see if the policy was successful on any of the nodes. If the policy failed for only a subset of nodes, it suggests that the problem is with a specific node configuration. If the policy failed on all nodes, it suggests that the problem is with the policy.
79
+
. List the node network configuration enactments to see if the policy was successful on any of the nodes. If the policy failed for only a subset of nodes, the output suggests that the problem is with a specific node configuration. If the policy failed on all nodes, the output suggests that the problem is with the policy.
. View one of the failed enactments and look at the traceback. The following command uses the output tool `jsonpath` to filter the output:
100
+
. View one of the failed enactments. The following command uses the output tool `jsonpath` to filter the output:
95
101
+
96
102
[source,terminal]
97
103
----
98
104
$ oc get nnce compute-1.ens01-bridge-testfail -o jsonpath='{.status.conditions[?(@.type=="Failing")].message}'
99
105
----
100
106
+
101
-
This command returns a large traceback that has been edited for brevity:
102
-
+
103
107
.Example output
104
108
[source,terminal]
105
109
----
106
-
error reconciling NodeNetworkConfigurationPolicy at desired state apply: , failed to execute nmstatectl set --no-commit --timeout 480: 'exit status 1'''
107
-
...
108
-
libnmstate.error.NmstateVerificationError:
109
-
desired
110
-
=======
111
-
---
112
-
name: br1
113
-
type: linux-bridge
114
-
state: up
115
-
bridge:
116
-
options:
117
-
group-forward-mask: 0
118
-
mac-ageing-time: 300
119
-
multicast-snooping: true
120
-
stp:
121
-
enabled: false
122
-
forward-delay: 15
123
-
hello-time: 2
124
-
max-age: 20
125
-
priority: 32768
126
-
port:
127
-
- name: ens01
128
-
description: Linux bridge with the wrong port
129
-
ipv4:
130
-
address: []
131
-
auto-dns: true
132
-
auto-gateway: true
133
-
auto-routes: true
134
-
dhcp: true
135
-
enabled: true
136
-
ipv6:
137
-
enabled: false
138
-
mac-address: 01-23-45-67-89-AB
139
-
mtu: 1500
140
-
141
-
current
142
-
=======
143
-
---
144
-
name: br1
145
-
type: linux-bridge
146
-
state: up
147
-
bridge:
148
-
options:
149
-
group-forward-mask: 0
150
-
mac-ageing-time: 300
151
-
multicast-snooping: true
152
-
stp:
153
-
enabled: false
154
-
forward-delay: 15
155
-
hello-time: 2
156
-
max-age: 20
157
-
priority: 32768
158
-
port: []
159
-
description: Linux bridge with the wrong port
160
-
ipv4:
161
-
address: []
162
-
auto-dns: true
163
-
auto-gateway: true
164
-
auto-routes: true
165
-
dhcp: true
166
-
enabled: true
167
-
ipv6:
168
-
enabled: false
169
-
mac-address: 01-23-45-67-89-AB
170
-
mtu: 1500
171
-
172
-
difference
173
-
==========
174
-
--- desired
175
-
+++ current
176
-
@@ -13,8 +13,7 @@
177
-
hello-time: 2
178
-
max-age: 20
179
-
priority: 32768
180
-
- port:
181
-
- - name: ens01
182
-
+ port: []
183
-
description: Linux bridge with the wrong port
184
-
ipv4:
185
-
address: []
186
-
line 651, in _assert_interfaces_equal\n current_state.interfaces[ifname],\nlibnmstate.error.NmstateVerificationError:
187
-
----
188
-
+
189
-
The `NmstateVerificationError` lists the `desired` policy configuration, the `current` configuration of the policy on the node, and the `difference` highlighting the parameters that do not match. In this example, the `port` is included in the `difference`, which suggests that the problem is the port configuration in the policy.
110
+
[2024-10-10T08:40:46Z INFO nmstatectl] Nmstate version: 2.2.37
111
+
NmstateError: InvalidArgument: Controller interface br1 is holding unknown port ens01
112
+
----
113
+
+
114
+
The previous example shows the output from an `InvalidArgument` error that indicates that the `ens01` is an unknown port. For this example, you might need to change the port configuration in the policy configuration file.
190
115
191
116
. To ensure that the policy is configured properly, view the network configuration for one or all of the nodes by requesting the `NodeNetworkState` object. The following command returns the network configuration for the `control-plane-1` node:
192
117
+
@@ -236,5 +161,5 @@ $ oc get nncp
236
161
NAME STATUS
237
162
ens01-bridge-testfail SuccessfullyConfigured
238
163
----
239
-
164
+
+
240
165
The updated policy is successfully configured on all nodes in the cluster.
0 commit comments