Skip to content

fix(network): probe IPv6 and fall back to v4-only on aardvark bind failure#247

Merged
geodro merged 3 commits intomainfrom
fix/ipv6-probe-fallback
Apr 23, 2026
Merged

fix(network): probe IPv6 and fall back to v4-only on aardvark bind failure#247
geodro merged 3 commits intomainfrom
fix/ipv6-probe-fallback

Conversation

@geodro
Copy link
Copy Markdown
Owner

@geodro geodro commented Apr 23, 2026

Summary

  • After creating a dual-stack network, runs a probe container to verify aardvark-dns can bind the IPv6 gateway — falls back to v4-only if it can't
  • Stops containers via systemctl --user stop (StopUnit) instead of podman stop during migration, preventing systemd auto-restart races that broke inter-container DNS
  • Writes a marker file (~/.local/share/lerd/ipv6-probe-failed-lerd) on probe failure so subsequent lerd install runs don't re-trigger the migration

Fixes upgrade failures from v1.17.1 → v1.18.0-beta.3 where HostHasUsableIPv6 returned true but rootless podman's aardvark-dns couldn't bind [fd00:1e7d::1]:53, causing php-fpm, mysql, and nginx to fail with "Cannot assign requested address".

geodro added 3 commits April 23, 2026 16:49
@geodro
fix(network): probe IPv6 after network create and fall back to v4-only
993e9b2 
HostHasUsableIPv6 can return true on hosts where rootless podman's
aardvark-dns still can't bind the ULA gateway (e.g. netavark/pasta
routing gaps). This caused php-fpm, mysql, and nginx to fail on
upgrade with "Cannot assign requested address" on [fd00:1e7d::1]:53.

- After creating a dual-stack network, run a throw-away container to
  verify aardvark-dns can actually bind the IPv6 gateway. If it can't,
  tear down and recreate as v4-only.
- Stop containers via StopUnit (systemctl) instead of podman stop
  during migration, preventing systemd auto-restart races that left
  aardvark-dns with partial registrations and broke inter-container DNS.
- Write a marker file on probe failure so subsequent installs don't
  endlessly re-trigger the dual-stack migration.
@geodro
fix(network): reset network on rollback to prevent stale dual-stack
fe644e7 
Older binaries don't know about dual-stack networks, so rolling back
leaves a broken IPv6 network in place. RecreateNetwork before re-exec
ensures the old binary's `lerd install` starts with a clean network.
@geodro
fix(network): recreate network on rollback to prevent stale dual-stack
5ba698a 
The rollback runs RecreateNetwork (with probe) before re-execing the
old binary. This ensures a clean network regardless of the target
version: if IPv6 works the old binary gets a functional dual-stack
network, if not it gets v4-only.
@geodro geodro merged commit 2674ff3 into main Apr 23, 2026
3 checks passed
@geodro geodro mentioned this pull request Apr 23, 2026
Merged
geodro added a commit that referenced this pull request Apr 23, 2026
@geodro
release: v1.18.0-beta.4 — service version labels, UI restart, IPv6 pr…
c7da6d9 
…obe hardening (#248)

Rolls up the service version labels across CLI/UI/TUI and the Web UI
restart button (#246), plus the stricter IPv6 probe that runs an
aardvark-dns bind check on the fresh dual-stack network and falls back
to v4-only when the gateway cannot bind (#247).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@geodro