-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import: networks.conf is not updated with new IP addresses (dns, dhcp and gateway) #6636
Comments
The problem with that is that if the network (and not only the IP changes), then the netmask, dhcp start/end and many other parameters change so IMO we should warn the user since I don't think we can get the right recipe in place to migrate it for all the cases If the network doesn't change (same IP+netmask), we could rewrite it though but that leads to inconsistent behavior in the script which we'll have to see if its acceptable or not |
100% agree. |
I pushed a commit that attempts to migrate the networks configuration if its in the same subnet @nqb, let me know if it looks good to you |
Default This option is provided by Versions:
Options:
IMHO, we should require |
If there is a more EL8 compatible ipcalc on Debian 11, I'd say we use it so that we have less if else conditions in our upgrade but I'm open to both approaches |
My proposal is to use Regarding ed3db78,
=> You expect a "Network" in output. |
The output of ipcalc-ng is not complete though as we need the network identifier of the IP address (ex: 192.168.1.1/24 => 192.168.1.0) I'll dig into that and see if I can find a Debian equivalent |
@julsemaan, look at my last comment, there is the output of |
You're missing a parameter in the command you made which is |
I pushed a fix in get_ip_network which is where that was broken, get_os_netmask works fine on Debian and EL based on my tests but I'll give it a try when the package is built to confirm |
Ok @julsemaan. For me packetfence/addons/functions/configuration.functions Lines 37 to 40 in 4560ace
|
We're not using ipcalc-ng, we're using ipcalc, not sure why your instance has ipcalc-ng Here is what I have on Debian 11 with a base unaltered install:
|
It should be fine now, @nqb, please check again and I think we can close this after |
@julsemaan, still an issue on my side with
EDIT: issue should be also on EL8 |
I pushed another fix, I think we should be good to go now 🤞 |
@julsemaan, stil a problem with the rewrite due to relative path to packetfence/addons/functions/configuration.functions Lines 91 to 93 in 3430fac
|
should hopefully be fine now |
I'm sorry but I found two issues:
Resulting file:
|
I think your first issue is related to the fact you may be importing from a cluster which means the IPs in networks.conf may not match what was in pf.conf. Let me know if I'm on the right track. If that's the case I'm not sure we can do much at this stage (that's why I didn't really like the idea to rewrite networks.conf in the first place since its pretty complex) I'll fix the bad replacement by making the regex stricter |
No, I'm testing an import from a standalone with identical number of interfaces. |
I wonder if the rewrite is really the good way to solve that problem. I don't think we handle here the case of routed networks so it means that some users will have to modify anyway their |
The old IP comes from pf.conf and the new from the OS settings, can you detail what is wrong about the line
I tend to agree with that, this code attempts to be a best effort but I don't think it can cover all the cases |
The IP address 192.168.121.162 was only present in
How do you want to proceed ? |
I think that having this is better than having nothing (which was the case in 11.0) so as long as we're good to live with the limitations it has, its better than what we had. We can polish it to ignore network rewrites of interfaces that don't have the type 'internal' in the post-release |
Looks good to me, let keep as-is.
|
@julsemaan, could you backport all your fixes to maintenance/11.0 ? At the moment, import is broken on maintenance/11.0 on Debian 11 ( |
Before I do that I want to make sure:
Both are fine for me, the backport has a bit more risk since we don't have good test coverage of these tools yet |
I was certainly unclear (again) in my first comment this morning but currently some fixes for this issue have been backported but some not. So I suggest we backport everything. |
I'm building maintenance/11.0-6636 with (hopefully) all the fixes We can then try the build and merge that branch into maintenance/11.0 for more confidence in the fixes |
maintenance/11.0-6636 is on par with devel as far as how this behaves |
@julsemaan, can we backport remaining things to maintenance/11.0 ? |
I never actually tried maintenance/11.0-6636 (only tried the devel fixes from what I recall), would you have time to give it a try to make sure it works as expected and we can then merge Or I can put this in my pipeline and test it at some point, not exactly sure when though |
I will test fix on |
@julsemaan, it looks like Fix: 9220701 has been already backported to I would expect to see almost all commits listed here |
I just checked and the changes are in maintenance/11.0 so it must have been done at some point but we forgot to update this issue. @nqb, I'll let you confirm what I found and we can then close |
I'm closing this issue because I tested an import this morning and networks.conf has been migrated as I expect. However, when you have routed networks, there is some adjustments to perform. I will open another issue for that. |
Describe the bug
When you import an export coming from a PacketFence server with content in
networks.conf
, the file is copied as-is without any changes.It means that if your PacketFence IP address has changed, registration and isolation networks are not correctly configured. Next hops need to be changed too.
To Reproduce
Steps to reproduce the behavior:
networks.conf
=> Your
networks.conf
contained IP addresses of your previous setupExpected behavior
Old IP addresses in
networks.conf
should be replaced by new IP addresses.Additionnal context
As a short term fix, we can warn users about this at end of import.
EDIT: and update current limitations of mechanism.
The text was updated successfully, but these errors were encountered: