Avahi issues with 16.09

[FRidh]

Issue description

I would like my systems to find each other, and therefore I want to enable Avahi.

I began with

  services.avahi = {
    enable = true;
  };

A rebuild results in

Sep 28 12:39:12 fr-desktop systemd[1]: Starting Avahi daemon...
Sep 28 12:39:12 fr-desktop systemd[1]: Started Avahi daemon.
Sep 28 12:39:12 fr-desktop avahi-daemon[16600]: Found user 'avahi' (UID 10) and group 'avahi' (GID 10).
Sep 28 12:39:12 fr-desktop avahi-daemon[16600]: Successfully dropped root privileges.
Sep 28 12:39:12 fr-desktop avahi-daemon[16600]: avahi-daemon 0.6.32 starting up.
Sep 28 12:39:12 fr-desktop avahi-daemon[16600]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Sep 28 12:39:12 fr-desktop systemd[1]: avahi-daemon.service: Main process exited, code=exited, status=255/n/a
Sep 28 12:39:12 fr-desktop systemd[1]: avahi-daemon.service: Unit entered failed state.
Sep 28 12:39:12 fr-desktop systemd[1]: avahi-daemon.service: Failed with result 'exit-code'.

For some reason it fails, but wait, there is a warning. Maybe that makes a difference. Let's enable the option nssmdns, so

  services.avahi = {
    enable = true;
    nssbdns = true;
  };

Now I get

Sep 28 12:42:34 fr-desktop systemd[1]: Starting Avahi daemon...
Sep 28 12:42:34 fr-desktop systemd[1]: Started Avahi daemon.
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: Found user 'avahi' (UID 10) and group 'avahi' (GID 10).
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: Successfully dropped root privileges.
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: avahi-daemon 0.6.32 starting up.
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: dbus_bus_request_name(): Connection ":1.473" is not allowed to own the service "org.freedesktop.Avahi" due to security policies in the configuration file
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: WARNING: Failed to contact D-Bus daemon.
Sep 28 12:42:34 fr-desktop systemd[1]: avahi-daemon.service: Main process exited, code=exited, status=255/n/a
Sep 28 12:42:34 fr-desktop systemd[1]: avahi-daemon.service: Unit entered failed state.
Sep 28 12:42:34 fr-desktop systemd[1]: avahi-daemon.service: Failed with result 'exit-code'.

Why is it not allowed to?

Technical details

• NixOS at 210ebb5

[FRidh]

@bjornfor I saw that in the past you also had an issue with Avahi. Do you have an idea what's going on?

[groxxda]

If you only want mDNS, systemd-resolved may be an option for you..
But that avahi fails to claim the dbus name is strange. The avahi module adds the avahi pkg to dbus packages, so the policy file should be picked up.
Can you confirm that:

• dbus was reloaded/restarted after you enabled the avahi module
• there is an <includedir> entry for avahi in /run/current-system/etc/dbus-1/system-local.conf
• this directory contains avahi-dbus.conf
• avahi-dbus.conf allows the user avahi for org.freedesktop.Avahi:

  <policy user="avahi">
    <allow own="org.freedesktop.Avahi"/>
  </policy>

• avahi-daemon is running as user avahi

I don't get the dbus error you are seeing, but I didn't check with your specific commit.

Eventually our avahi module should be updated to behave more like the upstream service (for example socket activation, should also fix your permission error)...

[bjornfor]

(on mobile) My problem was that the NixOS module changed some default values, which caused my availability to stop publishing address/hostname. This is my current config (works on Nixos 16.09):

avahi = {
  enable = true;
  nssmdns = true;
  publish.enable = true;
  publish.addresses = true;
  publish.workstation = true;
};

Don't know anything about the dbus warning / issue.

[FRidh]

This is odd. Just now after I booted my machine again, I tried a rebuild and it worked. I guess there was some state after I did some upgrades that messed it up.

[FRidh]

Thanks for the feedback, I was about to have a closer look at it but now it just works...

[FRidh]

@groxxda actually, what I just want is my machines to find each other so I can ssh to them.

[layus]

I just got bitten by the same bug. I enabled avahi and nssmdns, and avahi-daemon.service fails. A reboot made it work properly. So apparently, nixos-rebuild switch is not good enough here... What could possibly be the cause for this ?

I got the same error messages, and the two following lines are bothersome:

Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: dbus_bus_request_name(): Connection ":1.473" is not allowed to own the service "org.freedesktop.Avahi" due to security policies in the configuration file
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: WARNING: Failed to contact D-Bus daemon.

Not sure if this can be considered as fixed :-).

[layus]

I have tested, the same issue arises with disnix for example. It is caused by dbus not being restarted, but only reloaded, which obviously does not reload the new config file.

Now this decision was taken by (@)edolstra in 1c39a47. Apparently restarting dbus was not a good solution either.

I wonder if it would be possible to reload dbus with the new config files by putting the config files behind a symlink, possibly managed by systemd too. That way we could reload dbus and ensure that it takes the new config files into account.

[tomberek]

NixOps requires a nixops reboot.

Does this overall issue impact or speed up kdbus adoption?

[Mic92]

@tomberek kdbus will be probably superseded by http://www.bus1.org/ at some point.

[matthiasbeyer]

So this issue was fixed by #20871, as far as I can see. Although, this caused #22302 and finally #22322 which makes xfce4 unusable for me - do you see a way to fix this whole issue? It seems like having #20871 is a good thing.

Do you think a reboot would solve the problem for me with xfce?