Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ipv6 disable check #847

Merged
merged 1 commit into from
May 14, 2024
Merged

Add ipv6 disable check #847

merged 1 commit into from
May 14, 2024

Conversation

ehelms
Copy link
Member

@ehelms ehelms commented May 13, 2024

No description provided.

@ehelms ehelms marked this pull request as ready for review May 14, 2024 01:09
@ehelms ehelms force-pushed the ipv6-check branch 2 times, most recently from 4d535d8 to 2a5d7bd Compare May 14, 2024 12:27
@ehelms
Copy link
Member Author

ehelms commented May 14, 2024

@evgeni Fixed up if you can review again

evgeni
evgeni approved these changes May 14, 2024
View reviewed changes
test/definitions/checks/check_ipv6_disable_test.rb Outdated Show resolved Hide resolved
test/definitions/checks/check_ipv6_disable_test.rb Outdated Show resolved Hide resolved
@Griffin-Sullivan Griffin-Sullivan mentioned this pull request May 14, 2024
Merged
Griffin-Sullivan
Griffin-Sullivan approved these changes May 14, 2024
View reviewed changes
Copy link
Contributor

@Griffin-Sullivan Griffin-Sullivan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Passed testing in SatelliteQE/robottelo#15062

@ehelms ehelms merged commit e19db77 into theforeman:master May 14, 2024
8 checks passed
@ekohl
Copy link
Member

ekohl commented May 17, 2024

I just saw voxpupuli/facterdb#340 and noticed you can also read the sysctl. So technically you can enable it even if it's in /proc/cmdline, but I still think it's a good check because it means that after a reboot it'll also work. Or at least, more likely.

@evgeni
Copy link
Member

evgeni commented May 17, 2024
edited
Loading

No, you really can't, ipv6.disable=1 completely removes IPv6 support from the kernel:

[root@centos9-stream ~]# cat /proc/cmdline 
BOOT_IMAGE=(hd0,msdos1)/boot/vmlinuz-5.14.0-354.el9.x86_64 root=UUID=a91e762e-6199-45c4-8989-1bba94306968 ro no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop ipv6.disable=1
[root@centos9-stream ~]# sysctl -a |grep ipv6
[root@centos9-stream ~]# sysctl -w net.ipv6.conf.all.disable_ipv6=0
sysctl: cannot stat /proc/sys/net/ipv6/conf/all/disable_ipv6: No such file or directory
[root@centos9-stream ~]# ls -alh /proc/sys/net/ipv6/
ls: cannot access '/proc/sys/net/ipv6/': No such file or directory

@ekohl
Copy link
Member

ekohl commented May 17, 2024

Ah, so you can enable/disable it at runtime if the kernel was booted with IPv6 support, but if it's in /proc/cmdline then it surely isn't there.

That makes me wonder if we need both checks.

@evgeni
Copy link
Member

evgeni commented May 17, 2024

That makes me wonder if we need both checks.

I don't think so. ipv6.disable breaks things like bind to [::]. But disabling IPv6 on all interfaces (that's what the all in net.ipv6.conf.all is) means you have no ::1 etc, but I think a bind of [::] should still work, you'd just not get any v6 binds by that, so it's the same as 0.0.0.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evgeni evgeni evgeni approved these changes

@ekohl ekohl ekohl left review comments

@Griffin-Sullivan Griffin-Sullivan Griffin-Sullivan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ehelms @ekohl @evgeni @Griffin-Sullivan