cloud-init icon indicating copy to clipboard operation
cloud-init copied to clipboard
verified publisher icon canonical

network-manager: ipv6 connection does not work on Azure and Openstack

Open esposem opened this issue 3 years ago • 2 comments

Proposed Commit Message

This problem is found after below bug fix, ipv6 is not workable after launching a new instance.

[Bug 2056964](https://bugzilla.redhat.com/show_bug.cgi?id=2056964) - [RHEL-9]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles

we can see log "Not bringing up newly configured network interfaces" in /var/log/cloud-init.log

2022-06-17 02:15:22,191 - __init__.py[DEBUG]: Selected renderer 'network-manager' from priority list: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni']
2022-06-17 02:15:22,192 - util.py[DEBUG]: Writing to /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection - wb: [600] 376 bytes
2022-06-17 02:15:22,193 - util.py[DEBUG]: Restoring selinux mode for /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection (recursive=False)
2022-06-17 02:15:22,194 - util.py[DEBUG]: Restoring selinux mode for /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection (recursive=False)
2022-06-17 02:15:22,194 - __init__.py[DEBUG]: Not bringing up newly configured network interfaces


On Azure, ping6 gets Network is unreachable.

$ ping6 ace:cab:deca::fe -c 1
ping6: connect: Network is unreachable

# ip -6 route
::1 dev lo proto kernel metric 256 pref medium
ace:cab:deca::4 dev eth0 proto kernel metric 100 pref medium
fe80::/64 dev eth0 proto kernel metric 1024 pref medium


cat /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection
# Generated by cloud-init. Changes will be lost.

[connection]
id=cloud-init eth0
uuid=1dd9a779-d327-56e1-8454-c65e2556c12c
type=ethernet

[user]
org.freedesktop.NetworkManager.origin=cloud-init

[ethernet]
mac-address=00:0D:3A:58:0F:B3

[ipv4]
method=auto
may-fail=false

[ipv6]
method=dhcp
may-fail=false
addr-gen-mode=stable-privacy


On Openstack, ping6 error is a little bit different, but unreachable either.

#  ping6 2620:52:0:88:f816:3eff:fe23:e623 -c 1
PING 2620:52:0:88:f816:3eff:fe23:e623(2620:52:0:88:f816:3eff:fe23:e623) 56 data bytes
From 2620:52:0:88:ef7e:b597:1cc8:32df icmp_seq=1 Destination unreachable: Address unreachable

--- 2620:52:0:88:f816:3eff:fe23:e623 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms


$ ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2620:52:0:88::/64 dev eth0 proto ra metric 100 pref medium
fe80::/64 dev eth0 proto kernel metric 1024 pref medium
default proto static metric 100 pref medium
	nexthop via 2620:52:0:88::3fe dev eth0 weight 1 
	nexthop via fe80::4e16:fc01:d8c:98ed dev eth0 weight 1 
	nexthop via fe80::4e16:fc01:d83:88aa dev eth0 weight 1 

cat /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection
# Generated by cloud-init. Changes will be lost.

[connection]
id=cloud-init eth0
uuid=1dd9a779-d327-56e1-8454-c65e2556c12c
type=ethernet

[user]
org.freedesktop.NetworkManager.origin=cloud-init

[ethernet]
mtu=1500
mac-address=FA:16:3E:CE:97:C9

[ipv4]
method=auto
may-fail=false

[ipv6]
method=auto
may-fail=false
addr-gen-mode=stable-privacy
route1=::/0,2620:52:0:88::3fe

dhcp6 mode should be "auto" and addr-gen-mode=stable-privacy should be removed.

Signed-off-by: Emanuele Giuseppe Esposito <[email protected]>

RHBZ: 2098501

Checklist:

  • [x] My code follows the process laid out in the documentation
  • [ ] I have updated or added any unit tests accordingly
  • [ ] I have updated or added any documentation accordingly

esposem avatar Jul 22 '22 11:07 esposem

Hi @esposem, thanks for this PR. Sorry for the much-delayed response.

I was hoping to look at RHBZ 2098501 for additional context, but got "You are not authorized to access bug #2098501." and when attempting to request group access I see " There are no groups available for this account to apply for. ". Is there any way I could get a look at that bug? Or is all the context from BZ already in the commit message?

holmanb avatar Aug 03 '22 16:08 holmanb

Hi @holmanb, please try again. I changed the BZ visibility so you should be able to see it now

esposem avatar Aug 05 '22 12:08 esposem

As per https://bugzilla.redhat.com/show_bug.cgi?id=2098501#c1 (comment 1), Openstack instance does not work if stable-privacy is not removed. So I would suggest to get rid of it

esposem avatar Aug 22 '22 07:08 esposem