phillxnet
August 14, 2021, 6:54pm
5
@kageurufu Thanks for the helpful pointer on this one. Much appreciated.
Just a quick correction however. The actual file to edit is not /boot/default/grub (non existent) but:
/etc/default/grub
As per our existing Built on openSUSE dev notes and status Disable IPv6 at the kernel level section, only in reverse of course. So our equivalent ‘undo’ sed command would be:
sed -i 's/ipv6\.disable=1[ ]*//g' /etc/default/grub
Followed by, as you correctly indicate, the grub re-config command of:
grub2-mkconfig -o /boot/grub2/grub.cfg
and a reboot.
Note the ‘undo’ sed accounts for trailing space, or not. The former is the case with our installer:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 plymouth.enable=0 rd.kiwi.oem.maxdisk=5000G"
GRUB_CMDLINE_LINUX=""
but if folks have used our above dev notes then they will have:
GRUB_CMDLINE_LINUX_DEFAULT="plymouth.enable=0 rd.kiwi.oem.maxdisk=5000G"
GRUB_CMDLINE_LINUX="ipv6.disable=1"
or similar and so no trailing space.
I’ve now added a new section to our above dev notes “To ‘undo’ IPv6 disable at the kernel level” to cover our current issues in rockstor-installer:
opened 02:38PM - 14 Aug 21 UTC
closed 07:55AM - 18 Aug 21 UTC
We have recently encountered at least a couple of failures related to our stance… in disabling IPv6. The first and currently most significant was in a recent upstream docker update to version: 20.10.6
"Docker 20.10.6: all containers stopped and cannot start if ipv6 is disabled on host"
https://github.com/moby/moby/issues/42288
The second is in our ability to instantiate/configure, via the Web-UI, a teaming/bonding interface reported by forum member Emmanuel_perez in the following forum post:
"Issues when trying add Teaming to Rockstor network "
https://forum.rockstor.com/t/issues-when-trying-add-teaming-to-rockstor-network/7913
We originally disabled IPv6 via yast2 which in turn edits /etc/sysctl.conf file. But this, ironically now, in turn caused a docker and postfix issue:
https://github.com/rockstor/rockstor-core/issues/2139#issuecomment-592956225
when no IPv6 config was assigned/available to the loopback and ethernet interfaces and services still attempted to use them.
So we moved to disabling via the kernel command line and tweaked our postfix (email notifications) to use only IPv4.
See part of "[openSUSE] fix postfix config re ipv4, tlsmgr, & CA file settings. ...":
https://github.com/rockstor/rockstor-core/pull/2135
"Enforce "inet_protocols = ipv4" in postfix if a prior 'all' setting is found. This avoids postfix service failure on ipv4 only systems."
The original intention for our move to disable IPv6, system wide, was as follows, from: https://github.com/rockstor/rockstor-core/issues/2139#issuecomment-593116985
> [Our] intention [in disabling IPv6 is down to:] ... our Web-UI can only configure for ipv4 so we should, with our appliance aim, ensure the entire system is only using ipv4. Otherwise there are network configurations at play that were not intended by our users. I had initially though that the Yast suggestion in the dev notes would be sufficient.
& from @tyukh in the same issue:
> Since I am not a maintainer, I can only give my opinion. IPv6 is not used, has not been tested, and is completely unsupported in Rockstor codebase. Because of this, enabled IPv6 can cause potential problems and strange behavior.
> For example, the configuration for a some service may have IPv6 settings (e.g. interface binding) that Rockstar does not expect and process.
However we now have complete dysfunction of Rock-ons (our docker based plugin system) due to the above sited upstream docker bug that has been acknowledged & fixed in the docker development team:
https://github.com/moby/moby/pull/42413
but not backported to our Leap 15.* base for a few weeks now. Likely as a default Leap install is not affected by this issue.
Docker 20.10.7 does now have this fix in place: https://docs.docker.com/engine/release-notes/#20107
But given we have the following very similar issue from dockers history (in 2016):
```
- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
```
We may well now be swimming against the tide and would be best advised to drop our non standard grub config which was not favoured at the time but found to be the only 'fix'. From: https://github.com/rockstor/rockstor-core/issues/2139#issuecomment-592951389
> I think I'd rather go the sysctl route as we already do some editing there in initrock I believe where as we currently don't mess with grub and I'd rather leave it that way if possible.
So we are left with the hard choice of removing our hard disable of IPv6 simply due to the repeat issues found in software we absolutely depend upon simply not any longer being familiar with OS's in our current state. And returning to our prior multi year setting of not disabling but also not configuring IPv6 at all. At least until we do add this non trivial capability anyway.
Comments and alternative options welcome.
and in rockstor-core:
opened 05:35PM - 14 Aug 21 UTC
closed 07:57AM - 18 Aug 21 UTC
Further to an immediate upstream docker bug related to systems using the ipv6.di… sable=1 kernel command line option, it is proposed that we now drop this hard disable and return to our prior enabled but unconfigured/maintained IPv6 setup.
Please see the related issue in https://github.com/rockstor/rockstor-installer:
"remove ipv6.disable=1 kernel option": https://github.com/rockstor/rockstor-installer/issues/74
for full history and context.
Please note that the above issue concerns our installer builder no longer auto-adding this options. Where as this issue concerns the proposal to effect a related change but via an rpm update. Thereby enabling this Rock-on breaking upstream issue to be addressed on existing installs. Noting here also the potentially related IPv6 'avoidance' element of a prior rockstor-core repo issue:
See part of "[openSUSE] fix postfix config re ipv4, tlsmgr, & CA file settings. ...":
https://github.com/rockstor/rockstor-core/pull/2135
"Enforce "inet_protocols = ipv4" in postfix if a prior 'all' setting is found. This avoids postfix service failure on ipv4 only systems."
Thanks to forum member sanderweel for tracking down the docker related issue regarding this kernel option:
https://forum.rockstor.com/t/lost-ability-to-start-all-my-rockons-after-updating-system/7857/8
Linking for context here to our current docker related forum report regarding Rock-on failure:
I have found the cause of our misery! Apparently by updating our system, a new version of Docker (20.10.6) is installed. I found out (hooray for google) that this version has a problem with disabled IPv6: it ignores this and tries to bind ports using IPv6, even if IPv6 has been disabled on the system. This causes all the errors.
The only solutions are: enabling IPv6 or downgrading Docker. Because IPv6 on Rockstor is disabled intentionally, I chose to downgrade Docker and this worked! all my Roc…
&
Thanks to all concerned for bringing this rather untimely upstream issue to the fore. As can be seen from the above issue texts we are rather in a spot on this one but bit by bit, as always.
Hope that helps.
2 Likes