[Centos] IPV6_AUTOCONF=no when using dhcp6

[ubuntu-server-builder]

This bug was originally filed in Launchpad as LP: #1806014

Launchpad details

affected_projects = []
assignee = harald-jensas
assignee_name = Harald Jensås
date_closed = 2019-12-18T17:55:14.382344+00:00
date_created = 2018-11-30T10:19:22.236269+00:00
date_fix_committed = 2019-11-20T17:56:40.195664+00:00
date_fix_released = 2019-12-18T17:55:14.382344+00:00
id = 1806014
importance = medium
is_complete = True
lp_url = https://bugs.launchpad.net/cloud-init/+bug/1806014
milestone = None
owner = the-neighbour
owner_name = Herbert Buurman
private = False
status = fix_released
submitter = the-neighbour
submitter_name = Herbert Buurman
tags = ['centos', 'dhcp6', 'ipv6']
duplicates = []

Launchpad user Herbert Buurman(the-neighbour) wrote on 2018-11-30T10:19:22.236269+00:00

When instructing cloud-init to use type: dhcp6 for the subnet of a physical network interface, the end-result is that /etc/sysconfig/network contains IPV6_AUTOCONF=no. This causes router advertisements to be ignored and no default route set up.

https://github.com/cloud-init/cloud-init/blob/master/cloudinit/net/network_state.py#L333 This configures network.use_ipv6 = True, which is fine.

https://github.com/cloud-init/cloud-init/blob/master/cloudinit/net/sysconfig.py#L649 This configures IPV6_AUTOCONF=no to be written whenever network.use_ipv6 is True. However, in the use-case where dhcp6 is used, IPV6_AUTOCONF should be set to yes.

Proposed fix: Distinguish between IPv6 being configured statically or using DHCP when writing the sysconfig file.

Cloud-provider: AWS EC2. Guest OS: CentOS Linux release 7.5.1804 (Core) EC2 user-data provided with cloud-init config:

#cloud-config
package_upgrade: true
write_files:
- path: /etc/cloud/cloud.cfg.d/99-custom-networking.cfg
  owner: root:root
  permissions: 0600
  content: |
    network:
      version: 1
      config:
      - type: physical
        name: eth0
        subnets:
          - type: dhcp
          - type: dhcp6
power_state:
  mode: reboot
  delay: now
  message: Rebooting post-config
  timeout: 30
  condition: True

[ubuntu-server-builder]

Launchpad user Herbert Buurman(the-neighbour) wrote on 2018-11-30T10:19:22.236269+00:00

Launchpad attachments: cloud-init.tar

[ubuntu-server-builder]

Launchpad user Nick Adams(h-nick-n) wrote on 2019-06-23T22:56:15.287191+00:00

Also dealing with this bug. Working around it by manually editing /etc/sysconfig/network with bootcmd or manually setting the default route.

[ubuntu-server-builder]

Launchpad user Ryan Harper(raharper) wrote on 2019-07-18T21:48:44.687749+00:00

Thanks for filing the bug. We've another issue related here since the AUTOCONF controls ipv6 router advertisements. the V1 network-config doesn't allow one to express whether you want to opt-in or out of router advertisements which may be desired with either static6 or dhcp6.

In netplan (network-config version=2) one can provide:

accept-ra: true|false

Which in sysconfig rendering could be used to toggle IPV6_AUTOCONF.

[ubuntu-server-builder]

Launchpad user Harald Jensås(harald-jensas) wrote on 2019-10-14T13:31:27.092087+00:00

There is a flag IPV6_FORCE_ACCEPT_RA[1] that can be set on an interface to accept_ra's while keeping autoconf (slaac) disabled. I wonder if that's what should be enabled for dhcp interfaces not IPV6_AUTOCONF which also set the autocnf sysctl.

accept_ra - INTEGER Accept Router Advertisements; autoconfigure using them.

It also determines whether or not to transmit Router
Solicitations. If and only if the functional setting is to
accept Router Advertisements, Router Solicitations will be
transmitted.

Possible values are:
    0 Do not accept Router Advertisements.
    1 Accept Router Advertisements if forwarding is disabled.
    2 Overrule forwarding behaviour. Accept Router Advertisements
      even if forwarding is enabled.

Functional default: enabled if local forwarding is disabled.
            disabled if local forwarding is enabled.

autoconf - BOOLEAN Autoconfigure addresses using Prefix Information in Router Advertisements.

Functional default: enabled if accept_ra_pinfo is enabled.
            disabled if accept_ra_pinfo is disabled.

[1] https://github.com/fedora-sysv/initscripts/commit/28745ca8101b47b8a33213cfc524a4ada742721b

[ubuntu-server-builder]

Launchpad user Harald Jensås(harald-jensas) wrote on 2019-10-14T14:47:38.296600+00:00

I did some testing, using an openstack instance with radvd running on a router in a flat provider network.

radvd was set up with the following config on the provider network: interface eth1 { AdvSendAdvert on; AdvManagedFlag on; AdvOtherConfigFlag on; AdvRASolicitedUnicast on; AdvLinkMTU 1450; prefix fd12:3456:789a:1::/64 { AdvAutonomous on; AdvOnLink on; }; };

Setting IPV6_FORCE_ACCEPT_RA=yes in the interface configuration seem to fix this problem without also enabling autoconf which I belive would be the preffered configuration.

Question: Would it based on this result make sense to make the "accept-ra: true|false" in netplan (network-config version=2) control IPV6_FORCE_ACCEPT_RA in sysconf? And for cloudinit/sources/helpers/openstack.py enable it for network['type'] == dhcpv6-stateful?

Actual results:

instance metadata - network_data.json: { "services": [ { "type": "dns", "address": "fd12:3456:789a:1::1" } ], "networks": [ { "network_id": "0e5c86ca-4f61-4e8d-a356-84c8001a297b", "type": "ipv6_dhcpv6-stateful", "services": [ { "type": "dns", "address": "fd12:3456:789a:1::1" } ], "netmask": "ffff:ffff:ffff:ffff::", "link": "tapecbf57bf-c0", "routes": [ { "netmask": "::", "network": "::", "gateway": "fd12:3456:789a:1::fffe" } ], "ip_address": "fd12:3456:789a:1::1:14e", "id": "network0" } ], "links": [ { "vif_id": "ecbf57bf-c0ff-4104-b5bf-5c310cc32d96", "type": "phy", "ethernet_mac_address": "fa:16:3e:26:da:7e", "id": "tapecbf57bf-c0", "mtu": 1450 } ] }

file: /etc/sysconfig/network NOZEROCONF=yes

Created by cloud-init on instance boot automatically, do not edit.

# NETWORKING=yes NETWORKING_IPV6=yes IPV6_AUTOCONF=no

file: /etc/sysconfig/network-scripts/ifcfg-eth0

Created by cloud-init on instance boot automatically, do not edit.

# BOOTPROTO=none DEFROUTE=yes DEVICE=eth0 DHCPV6C=yes HWADDR=fa:16:3e:26:da:7e IPV6INIT=yes IPV6_DEFAULTGW=fd12:3456:789a:1::fffe MTU=1450 ONBOOT=yes TYPE=Ethernet USERCTL=no

$ sysctl net.ipv6.conf.eth0 net.ipv6.conf.eth0.accept_dad = 1 net.ipv6.conf.eth0.accept_ra = 0 <- RA is disabled net.ipv6.conf.eth0.accept_ra_defrtr = 1 net.ipv6.conf.eth0.accept_ra_pinfo = 1 net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.eth0.accept_ra_rtr_pref = 1 net.ipv6.conf.eth0.accept_redirects = 0 net.ipv6.conf.eth0.accept_source_route = 0 net.ipv6.conf.eth0.autoconf = 0 <- Autoconf is disabled net.ipv6.conf.eth0.dad_transmits = 1 net.ipv6.conf.eth0.disable_ipv6 = 0 net.ipv6.conf.eth0.enhanced_dad = 1 net.ipv6.conf.eth0.force_mld_version = 0 net.ipv6.conf.eth0.force_tllao = 0 net.ipv6.conf.eth0.forwarding = 0 net.ipv6.conf.eth0.hop_limit = 64 net.ipv6.conf.eth0.keep_addr_on_down = 0 net.ipv6.conf.eth0.max_addresses = 16 net.ipv6.conf.eth0.max_desync_factor = 600 net.ipv6.conf.eth0.mc_forwarding = 0 net.ipv6.conf.eth0.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.eth0.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.eth0.mtu = 1450 net.ipv6.conf.eth0.ndisc_notify = 0 net.ipv6.conf.eth0.optimistic_dad = 0 net.ipv6.conf.eth0.proxy_ndp = 0 net.ipv6.conf.eth0.regen_max_retry = 3 net.ipv6.conf.eth0.router_probe_interval = 60 net.ipv6.conf.eth0.router_solicitation_delay = 1 net.ipv6.conf.eth0.router_solicitation_interval = 4 net.ipv6.conf.eth0.router_solicitations = 3 net.ipv6.conf.eth0.temp_prefered_lft = 86400 net.ipv6.conf.eth0.temp_valid_lft = 604800 net.ipv6.conf.eth0.use_optimistic = 0 net.ipv6.conf.eth0.use_tempaddr = 0

$ ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:26:da:7e brd ff:ff:ff:ff:ff:ff inet6 fd12:3456:789a:1::1:14e/128 scope global dynamic valid_lft 7353sec preferred_lft 7053sec inet6 fe80::f816:3eff:fe26:da7e/64 scope link valid_lft forever preferred_lft forever

$ ip -6 route unreachable ::/96 dev lo metric 1024 error -113 pref medium unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -113 pref medium unreachable 2002:a00::/24 dev lo metric 1024 error -113 pref medium unreachable 2002:7f00::/24 dev lo metric 1024 error -113 pref medium unreachable 2002:a9fe::/32 dev lo metric 1024 error -113 pref medium unreachable 2002:ac10::/28 dev lo metric 1024 error -113 pref medium unreachable 2002:c0a8::/32 dev lo metric 1024 error -113 pref medium unreachable 2002:e000::/19 dev lo metric 1024 error -113 pref medium unreachable 3ffe:ffff::/32 dev lo metric 1024 error -113 pref medium fd12:3456:789a:1::1:14e dev eth0 proto kernel metric 256 expires 7036sec pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth4 proto kernel metric 256 pref medium fe80::/64 dev eth2 proto kernel metric 256 pref medium fe80::/64 dev eth5 proto kernel metric 256 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium fe80::/64 dev eth3 proto kernel metric 256 pref medium

(undercloud) [centos@undercloud ~]$ ping6 fd12:3456:789a:1::1:14e PING fd12:3456:789a:1::1:14e(fd12:3456:789a:1::1:14e) 56 data bytes ^C --- fd12:3456:789a:1::1:14e ping statistics --- 45 packets transmitted, 0 received, 100% packet loss, time 44006ms

Communication with the undercloud fails.

Expected results:

The instance should be able to communicate.

Additional info:

If I add IPV6_FORCE_ACCEPT_RA=yes to /etc/sysconfig/network-scripts/ifcfg-eth0 and do "ifdown etc0 / ifup eth0" the results are:

$ sysctl net.ipv6.conf.eth0 net.ipv6.conf.eth0.accept_dad = 1 net.ipv6.conf.eth0.accept_ra = 1 <<-- RA's are enabled net.ipv6.conf.eth0.accept_ra_defrtr = 1 net.ipv6.conf.eth0.accept_ra_pinfo = 1 net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.eth0.accept_ra_rtr_pref = 1 net.ipv6.conf.eth0.accept_redirects = 0 net.ipv6.conf.eth0.accept_source_route = 0 net.ipv6.conf.eth0.autoconf = 0 <<-- Autoconf is disabled net.ipv6.conf.eth0.dad_transmits = 1 net.ipv6.conf.eth0.disable_ipv6 = 0 net.ipv6.conf.eth0.enhanced_dad = 1 net.ipv6.conf.eth0.force_mld_version = 0 net.ipv6.conf.eth0.force_tllao = 0 net.ipv6.conf.eth0.forwarding = 0 net.ipv6.conf.eth0.hop_limit = 64 net.ipv6.conf.eth0.keep_addr_on_down = 0 net.ipv6.conf.eth0.max_addresses = 16 net.ipv6.conf.eth0.max_desync_factor = 600 net.ipv6.conf.eth0.mc_forwarding = 0 net.ipv6.conf.eth0.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.eth0.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.eth0.mtu = 1450 net.ipv6.conf.eth0.ndisc_notify = 0 net.ipv6.conf.eth0.optimistic_dad = 0 net.ipv6.conf.eth0.proxy_ndp = 0 net.ipv6.conf.eth0.regen_max_retry = 3 net.ipv6.conf.eth0.router_probe_interval = 60 net.ipv6.conf.eth0.router_solicitation_delay = 1 net.ipv6.conf.eth0.router_solicitation_interval = 4 net.ipv6.conf.eth0.router_solicitations = 3 sysctl: reading key "net.ipv6.conf.eth0.stable_secret" net.ipv6.conf.eth0.temp_prefered_lft = 86400 net.ipv6.conf.eth0.temp_valid_lft = 604800 net.ipv6.conf.eth0.use_optimistic = 0 net.ipv6.conf.eth0.use_tempaddr = 0

$ ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:26:da:7e brd ff:ff:ff:ff:ff:ff inet6 fd12:3456:789a:1::1:14e/128 scope global dynamic valid_lft 6995sec preferred_lft 6695sec inet6 fe80::f816:3eff:fe26:da7e/64 scope link valid_lft forever preferred_lft forever

$ ip -6 route unreachable ::/96 dev lo metric 1024 error -113 pref medium unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -113 pref medium unreachable 2002:a00::/24 dev lo metric 1024 error -113 pref medium unreachable 2002:7f00::/24 dev lo metric 1024 error -113 pref medium unreachable 2002:a9fe::/32 dev lo metric 1024 error -113 pref medium unreachable 2002:ac10::/28 dev lo metric 1024 error -113 pref medium unreachable 2002:c0a8::/32 dev lo metric 1024 error -113 pref medium unreachable 2002:e000::/19 dev lo metric 1024 error -113 pref medium unreachable 3ffe:ffff::/32 dev lo metric 1024 error -113 pref medium fd12:3456:789a:1::1:14e dev eth0 proto kernel metric 256 expires 7022sec pref medium fd12:3456:789a:1::/64 dev eth0 proto kernel metric 256 expires 86309sec pref medium <<-- Route is added fe80::/64 dev eth4 proto kernel metric 256 pref medium fe80::/64 dev eth2 proto kernel metric 256 pref medium fe80::/64 dev eth5 proto kernel metric 256 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium fe80::/64 dev eth3 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::f816:3eff:fef2:dd78 dev eth0 proto ra metric 1024 expires 1709sec hoplimit 64 pref medium

!! - Now that the route was added I can communicate with the instance !!!

(undercloud) [centos@undercloud ~]$ ping6 fd12:3456:789a:1::1:14e PING fd12:3456:789a:1::1:14e(fd12:3456:789a:1::1:14e) 56 data bytes 64 bytes from fd12:3456:789a:1::1:14e: icmp_seq=1 ttl=64 time=0.554 ms 64 bytes from fd12:3456:789a:1::1:14e: icmp_seq=2 ttl=64 time=1.09 ms 64 bytes from fd12:3456:789a:1::1:14e: icmp_seq=3 ttl=64 time=0.472 ms ^C --- fd12:3456:789a:1::1:14e ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.472/0.705/1.090/0.274 ms

[ubuntu-server-builder]

Launchpad user Ryan Harper(raharper) wrote on 2019-11-20T17:55:04.999245+00:00

Merge Proposal migrated to github:

https://github.com/canonical/cloud-init/pull/51

[ubuntu-server-builder]

Launchpad user Ryan Harper(raharper) wrote on 2019-11-20T17:56:39.471439+00:00

https://github.com/canonical/cloud-init/commit/62bbc262c3c7f633eac1d09ec78c055eef05166a

[ubuntu-server-builder]

Launchpad user Chad Smith(chad.smith) wrote on 2019-12-18T17:55:16.385150+00:00

This bug is believed to be fixed in cloud-init in version 19.4. If this is still a problem for you, please make a comment and set the state back to New

Thank you.