Project

General

Profile

Actions
Copy link

action #54785

open

tap devices not in any zone, error reported by firewalld

Added by okurz over 5 years ago. Updated about 4 years ago.

Status:
Workable
Priority:
Low
Assignee:
-
Category:
-
Target version:
QA - future
Start date:
2019-07-29
Due date:
% Done:

0%

Estimated time:
Tags:
worker

Description

Observation

On aarch64.o.o in /var/log/firewalld there are a lot of error messages about devices, especially tap devices, not in any zone:

2019-07-25 03:30:04 ERROR: UNKNOWN_INTERFACE: 'ovs-system' is not in any zone
2019-07-25 03:30:05 ERROR: UNKNOWN_INTERFACE: 'tap0' is not in any zone
2019-07-25 03:30:05 ERROR: UNKNOWN_INTERFACE: 'tap128' is not in any zone
2019-07-25 03:30:06 ERROR: UNKNOWN_INTERFACE: 'tap129' is not in any zone
2019-07-25 03:30:07 ERROR: UNKNOWN_INTERFACE: 'tap130' is not in any zone
2019-07-25 03:30:15 ERROR: UNKNOWN_INTERFACE: 'eth0' is not in any zone
2019-07-26 03:30:02 ERROR: UNKNOWN_INTERFACE: 'tap1' is not in any zone
2019-07-26 03:30:03 ERROR: UNKNOWN_INTERFACE: 'tap2' is not in any zone
2019-07-26 03:30:03 ERROR: UNKNOWN_INTERFACE: 'tap3' is not in any zone
2019-07-26 03:30:04 ERROR: UNKNOWN_INTERFACE: 'tap4' is not in any zone
2019-07-26 03:30:05 ERROR: UNKNOWN_INTERFACE: 'tap5' is not in any zone
2019-07-26 03:30:05 ERROR: UNKNOWN_INTERFACE: 'ovs-system' is not in any zone
2019-07-26 03:30:06 ERROR: UNKNOWN_INTERFACE: 'tap0' is not in any zone
2019-07-26 03:30:07 ERROR: UNKNOWN_INTERFACE: 'tap128' is not in any zone
2019-07-26 03:30:07 ERROR: UNKNOWN_INTERFACE: 'tap129' is not in any zone
2019-07-26 03:30:08 ERROR: UNKNOWN_INTERFACE: 'tap130' is not in any zone
2019-07-26 03:30:17 ERROR: UNKNOWN_INTERFACE: 'eth0' is not in any zone
2019-07-27 03:30:01 ERROR: UNKNOWN_INTERFACE: 'tap1' is not in any zone
2019-07-27 03:30:02 ERROR: UNKNOWN_INTERFACE: 'tap2' is not in any zone
2019-07-27 03:30:03 ERROR: UNKNOWN_INTERFACE: 'tap3' is not in any zone
2019-07-27 03:30:03 ERROR: UNKNOWN_INTERFACE: 'tap4' is not in any zone
2019-07-27 03:30:04 ERROR: UNKNOWN_INTERFACE: 'tap5' is not in any zone
2019-07-27 03:30:05 ERROR: UNKNOWN_INTERFACE: 'ovs-system' is not in any zone
2019-07-27 03:30:05 ERROR: UNKNOWN_INTERFACE: 'tap0' is not in any zone
2019-07-27 03:30:06 ERROR: UNKNOWN_INTERFACE: 'tap128' is not in any zone
2019-07-27 03:30:06 ERROR: UNKNOWN_INTERFACE: 'tap129' is not in any zone
2019-07-27 03:30:07 ERROR: UNKNOWN_INTERFACE: 'tap130' is not in any zone
2019-07-27 03:30:15 ERROR: UNKNOWN_INTERFACE: 'eth0' is not in any zone

Problem

  • H1: We never set the zone of the tap devices so who is setting the zone at all? Should the default zone apply? If yes, why does it not apply for some devices? Is this a race between firewalld and wicked?
  • P2: On 2019-07-29 we saw no errors about any devices not in any zone but firewall-cmd --get-zone-of-interface=tap131 states "trusted" wherease for tap130 we see still no zone, as on the previous days

Suggestions

  • Try to set an explicit zone in the interface config files
  • Set the tap devices to an explicit zone with firewall-cmd for openQA tests

Related issues 1 (0 open1 closed)

Related to openQA Tests - action #52499: [aarch64] Proper multi-machine test setup and wicked_basic successfully tested (was: wicked tests always in schedule state - tap worker required)Resolvedokurz2019-06-03

Actions
Actions
Copy link

Also available in: Atom PDF