New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd-networkd fails with "could not set address: Permission denied" when IPv6 is disabled in the kernel #12656
Comments
Could you provide debugging log of networkd? By creating the following, journal stores debugging logs:
Also, if possible, could you try with the current git master? |
What does this mean? The issue happens only when machine is rebooted? |
On Fri, 24 May 2019, Yu Watanabe wrote:
> On reboot, the network did not came back and I saw the following messages:
What does this mean? The issue happens only when machine is rebooted?
What happens when restarting `networkd`? Does `systemctl restart
systemd-networkd.service` solve the issue?
I don't know, right now I don't have console access to the server. All the
information I gathered was from rebooting the server in rescue mode and
inspecting the logs in the filesystem. I will try to provide you the
detailed logs.
…--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
|
Here are the requested debug logs:
|
@yuwata How important is it to try with current git master? Do you have reasons to think it could be fixed? I already tried with the two pull requests that I identified as possibly related. Are there other changes that you think could be related? Do the above logs help you in any way? I want to know if I should keep the server available for further debugging or if I can reset it to Debian stable and reuse it again... |
@rhertzog Sorry, I have no idea now why it fails. Please reset the machine if you need to use the machine with Debian stable. BTW, which version works fine? That is, what version of systemd does Debian stable have? |
We have modified the logic about interfaces to be up recently. So, I'd like to know whether it works for your issue or not. |
On Mon, 27 May 2019, Yu Watanabe wrote:
BTW, which version works fine? That is, what version of systemd does Debian stable have?
Debian Stable has version 232-25+deb9u11
|
Can you set Address via |
@yuwata So I had the occasion to do more investigation and found the issue. The problem does still exist in git master as of 20190605 (when I built my snapshot). The problem comes down to the fact that the network configuration file instructs to configure an IPv6 address but that system has a kernel policy disabling IPv6:
I don't know what changed between Debian 9 and Debian 10: is it the kernel returning an error when it was silently discarding any request related to IPv6? is it systemd-networkd that is more picky than before? is it the boot order that changed and systemd-sysctl.service is now run before systemd-networkd? In any case, I don't think that it matters much. You could argue that the network configuration was broken and you would be right... but at the same time, you will break thousands of servers on upgrade (or whenever someone applies a similar policy to disable IPv6 through configuration management). IMO systemd should lookup if IPv6 was enabled or not and simply ignore IPv6 related configuration if it's disabled on the network interface that we're trying to configure. For consistency, you might want to do the same for IPv4 (i.e. not configure IPv4 if it's disabled, not sure if it's actually possible at this point). With this supplementary information it should now be easy to reproduce. |
@rhertzog I don't quite get it: In your example config you configure an IPv6 address and set a IPv6 gateway and at the same time you disable ipv6 via sysctl? This sounds like it was only working by accident under Debian 9 i.e. v232. |
That make sence for me. But the same time, this is not our bug. @ssahani what do you think about that? |
@mbiebl You must understand that the network configuration file was provided by the hoster (OVH) who did setup the dedicated server. But then we ran our usual configuration management on it which includes disabling IPv6... you can argue that we should cleanup the network configuration file during this process, but it's best when we don't have to muck around this part since this is clearly the hoster's business. And up to now, this was working just fine. @yuwata It might not be your bug, but it's still a user-visible regression that will affect many systemd-networkd users. IPv6 is getting more widely deployed but there are still many admins who disable it to reduce the attack surface and because they haven't taken the time to think through all the consequences. |
@yuwata clearly a misconfiguration and warning patches are nice to let the user know what is going wrong. |
@yuwata I made a quick test on a my laptop:
With this configuration IPv6 is disabled on the test interface when it's created. When I start systemd-network I still see the error:
Looking through the code I see that it checks the value of net.ipv6.conf.all.disable_ipv6 and not the one of the specific device that is managed. I changed net.ipv6.conf.all.disable_ipv6 and tried again and got this:
So I guess it's fixed for most cases where IPv6 is globally disabled. It might still be wrong for a few cases where it's only disabled on some specific interfaces. |
Please also test #12795. Thank you. |
upstream: systemd/systemd#12656 systemd/systemd#12774 Change-Id: I289c460053c654c945a3ca47cb5a318420e1e400 Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/7649 Reviewed-by: Anish Swaminathan <anishs@vmware.com> Tested-by: Anish Swaminathan <anishs@vmware.com>
systemd version the issue has been seen with
Used distribution
Expected behaviour you didn't see
Unexpected behaviour you saw
Steps to reproduce the problem
I upgraded a working server from Debian 9 (stretch) to Debian buster. Its network configuration was managed with system-networkd:
The ethernet card is managed by the "ixgbe" network driver:
On reboot, the network did not came back and I saw the following messages:
FWIW, I opened this bug on the Debian side too: https://bugs.debian.org/929469
The text was updated successfully, but these errors were encountered: