[Pkg-salt-team] Bug#998655: salt-minion: network.managed state with bridge interfaces breaks ifupdown, thus breaking networking

Matthias Merz debian at merz-ka.de
Fri Nov 5 17:08:36 GMT 2021 

Package: salt-minion
Version: 3002.6+dfsg1-4
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: debian at merz-ka.de

Hi Debian salt maintainers,

when using salt to create network bridge interfaces, this broke my
complete network connectivity on the target machine. After some
digging around, I found an associated upstream bugreport also
containing a pull-request containing a patch, but I'd like to document
this in debian, hoping this might justify inclusion of the fix in the
next bullseye point release.

When adding interfaces with:

foo-state:
  network.managed:
    - type: bridge
    - ...

the resulting entry in /etc/network/interfaces will look like:
iface ext-txx inet manual
.
   bridge_ports eno1.10

With this dot making ifupdown refuse to start any network interfaces:
# ifup -a
ifup: /etc/network/interfaces:12: option with empty value
ifup: couldn't read interfaces file "/etc/network/interfaces"


Severity normal is somehow a "guess", it will trigger only in narrow
environments, but may disconnect a machine from the network completely
(because ifupdown refuses to work with a broken interfaces file), so
may need physical access to a machine to restore service.


upstream bugreport and pull-request can be found here:
https://github.com/saltstack/salt/issues/58195
https://github.com/saltstack/salt/pull/61095/

So the cause is a trailing dot in a jinja template file.


Thanks for having a look,
Yours
Matthias Merz


-- System Information:
Debian Release: 11.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/24 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages salt-minion depends on:
ii  dctrl-tools           2.24-3+b1
ii  init-system-helpers   1.60
ii  lsb-base              11.1.0
ii  python3               3.9.2-3
ii  python3-pycryptodome  3.9.7+dfsg1-1+b2
ii  python3-systemd       234-3+b4
ii  python3-zmq           20.0.0-1+b1
ii  salt-common           3002.6+dfsg1-4

Versions of packages salt-minion recommends:
ii  debconf-utils  1.5.77
ii  dmidecode      3.3-2
ii  e2fsprogs      1.46.2-2
pn  sfdisk         <none>

Versions of packages salt-minion suggests:
pn  python3-augeas  <none>

-- no debconf information

More information about the pkg-salt-team mailing list