Bug 1093421
| Summary: | /usr/lib/sysctl.d/00-system.conf values not set after boot | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dean Hunter <deanhunter> |
| Component: | systemd | Assignee: | systemd-maint |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | giun7a, johannbg, lnykryn, msekleta, plautrba, s, systemd-maint, vpavlin, zbyszek |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-05-27 02:28:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dean Hunter
2014-05-01 17:25:48 UTC
I forgot to mention that even on a machine without a bridge, ie. a new build with only em1 configured the problem exists. Immediatelly after booting: [dean@host ~]$ sudo sysctl --all | grep net.bridge net.bridge.bridge-nf-call-arptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-filter-pppoe-tagged = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 net.bridge.bridge-nf-pass-vlan-input-dev = 0 [dean@host ~]$ sudo sysctl --system * Applying /usr/lib/sysctl.d/00-system.conf ... net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 * Applying /usr/lib/sysctl.d/50-default.conf ... kernel.sysrq = 16 kernel.core_uses_pid = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 fs.protected_hardlinks = 1 fs.protected_symlinks = 1 * Applying /etc/sysctl.d/99-sysctl.conf ... * Applying /usr/lib/sysctl.d/libvirtd.conf ... fs.aio-max-nr = 1048576 * Applying /etc/sysctl.conf ... [dean@host ~]$ sudo sysctl --all | grep net.bridge net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-filter-pppoe-tagged = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 net.bridge.bridge-nf-pass-vlan-input-dev = 0 [dean@host ~]$ As a quick and dirty solution, you might want to add a snippet with [Service] ExecStartPost=/usr/lib/systemd/systemd-sysctl --prefix=net.bridge to NetworkManager.service. Alternatively, you might add 'bridge' to /etc/modules-load.d/bridge.conf, to make sure the module is loaded early at boot. Yes, this is mostly likely a timing issue. (In reply to Zbigniew Jędrzejewski-Szmek from comment #3) > As a quick and dirty solution, you might want to add a snippet with > > [Service] > ExecStartPost=/usr/lib/systemd/systemd-sysctl --prefix=net.bridge > > to NetworkManager.service. [dean@host ~]$ cat /etc/systemd/system/NetworkManager.service [Unit] Description=Network Manager Wants=network.target Before=network.target network.service [Service] Type=dbus BusName=org.freedesktop.NetworkManager ExecStart=/usr/sbin/NetworkManager --no-daemon ExecStartPost=/usr/lib/systemd/systemd-sysctl --prefix=net.bridge # NM doesn't want systemd to kill its children for it KillMode=process [Install] WantedBy=multi-user.target Alias=dbus-org.freedesktop.NetworkManager.service Also=NetworkManager-dispatcher.service [dean@host ~]$ sudo restorecon -v /etc/systemd/system/NetworkManager.service restorecon reset /etc/systemd/system/NetworkManager.service context unconfined_u:object_r:systemd_unit_file_t:s0->unconfined_u:object_r:NetworkManager_unit_file_t:s0 [dean@host ~]$ sudo systemctl stop NetworkManager.service [dean@host ~]$ sudo systemctl disable NetworkManager.service rm '/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service' rm '/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service' rm '/etc/systemd/system/multi-user.target.wants/NetworkManager.service' [dean@host ~]$ sudo systemctl enable NetworkManager.service ln -s '/etc/systemd/system/NetworkManager.service' '/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service' ln -s '/etc/systemd/system/NetworkManager.service' '/etc/systemd/system/multi-user.target.wants/NetworkManager.service' ln -s '/usr/lib/systemd/system/NetworkManager-dispatcher.service' '/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service' [dean@host ~]$ sudo systemctl start NetworkManager.service [dean@host ~]$ sudo sysctl --all | grep net.bridge net.bridge.bridge-nf-call-arptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-filter-pppoe-tagged = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 net.bridge.bridge-nf-pass-vlan-input-dev = 0 [dean@host ~]$ (In reply to Zbigniew Jędrzejewski-Szmek from comment #4) > Alternatively, you might add 'bridge' to /etc/modules-load.d/bridge.conf, to > make sure the module is loaded early at boot. > > Yes, this is mostly likely a timing issue. [dean@host ~]$ sudo ls -l /etc/modules-load.d total 0 [dean@host ~]$ Googling "/etc/modules-load.d/bridge.conf" found #1022977. The work-around found in comment #2 works. So thank you for giving me enough information to find a work-around. It also says this problem has been known for more than a few years. Do you have any idea when it might get resolved? (In reply to Dean Hunter from comment #7) > It also says this problem has been known for more than a few years. Do you > have any idea when it might get resolved? No idea. It seems that special support for the bridge sysctl settings might have to be added in systemd, like there is support for network interface settings. *** This bug has been marked as a duplicate of bug 1022977 *** |