Bug 1706646

Summary: The network target is reached before IPv6 adresses are assigned
Product: Red Hat Enterprise Linux 7 Reporter: Graham Leggett <minfrin>
Component: NetworkManagerAssignee: Thomas Haller <thaller>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.6CC: acardace, atragler, bgalvani, dtardon, knoha, lnykryn, lrintel, rkhan, rmetrich, stanislav.moravec, sukulkar, systemd-maint-list, thaller, till, vbenes
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: NetworkManager-1.18.6-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-29 20:30:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Graham Leggett 2019-05-05 22:49:33 UTC 
Description of problem:

The network target is reached before IPv6 adresses are assigned:

May  5 22:32:09 localhost network: Bringing up loopback interface:  [  OK  ]
May  5 22:32:09 localhost network: Bringing up interface eth0:  [  OK  ]
May  5 22:32:09 localhost network: Bringing up interface eth1:  [  OK  ]
May  5 22:32:09 localhost network: Bringing up interface eth2:  [  OK  ]
May  5 22:32:09 localhost systemd: Started LSB: Bring up/down networking.
May  5 22:32:09 localhost systemd: Reached target Network.

Which in turn causes dovecot to fail to start up one second later:

May  5 22:32:10 localhost dovecot: Error: bind(x:x:x:x:x:x:x:x, 995) failed: Cannot assign requested address
May  5 22:32:10 localhost dovecot: Error: service(pop3-login): listen(pop3s.dovecot, 995) failed: Cannot assign requested address
May  5 22:32:10 localhost dovecot: Error: bind(x:x:x:x:x:x:x:x, 993) failed: Cannot assign requested address
May  5 22:32:10 localhost dovecot: Error: service(imap-login): listen(imaps.dovecot, 993) failed: Cannot assign requested address
May  5 22:32:10 localhost dovecot: Fatal: Failed to start listeners

Adding the following acts as a workaround:

[root@localhost ~]# cat /etc/sysctl.d/90-dovecot-workaround.conf
net.ipv6.conf.eth0.accept_dad = 0

Full explanation of the bug is here: https://serverfault.com/questions/766253/ensure-systemd-wait-for-ipv6-before-start-service-unit

Version-Release number of selected component (if applicable):

systemd-219-62.el7_6.6.x86_64

How reproducible:

Always

Steps to Reproduce:
- Ask dovecot to bind to a specific static IPv6 address.
- Boot machine

Actual results:

- Dovecot fails to start

Expected results:

- Dovecot starts normally

Additional info:
Comment 11 Keigo Noha 2020-02-26 06:45:51 UTC 
Hi Graham,

It looks that the issue is triggered by IPV6_FAILURE_FATAL=no in corresponding /etc/sysconfig/network-scripts/ifcfg-XXX or ipv6.may-fail=yes by nmcli command.
It means that NetworkManager-wait-online service doesn't wait for IPV6 connectivity.

So, ipv.may-fail=no by nmcli command or IPV6_FAILURE_FATAL=yes may resolve your issue.

Thanks,
Keigo
Comment 15 Thomas Haller 2020-03-17 12:50:15 UTC 
fixed upstream:

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8af2570b15b251c5d0cdc82d70c36f9197798060


Note that `nm-online` isn't really useful for the user to call. Hence, the importance of nm-online manual page is not as high. It would be better to explain how `network-online.target` works in general. Anyway, I hope it's clearer now...
Comment 16 Renaud Métrich 2020-04-20 08:02:00 UTC 
See also BZ 1825666 opened recently.
I think the proposed nm-online update is not enough.
Comment 17 Thomas Haller 2020-05-02 12:25:13 UTC 
(In reply to Renaud Métrich from comment #16)
> See also BZ 1825666 opened recently.

Right. With https://bugzilla.redhat.com/show_bug.cgi?id=1825666#c7, that resulted in 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/352f1f53114301218a4277ad7455afc69efb7a8f

> I think the proposed nm-online update is not enough.

What else do you suggest?
Comment 18 Renaud Métrich 2020-05-04 08:53:43 UTC 
Hi Thomas,

I suggest improving the systemd manpage as well, see 1825666#c6:
"
Below is where the issue is:

systemd.special(7) states:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
       network-online.target
       [...]
       What precisely this requires is left to the implementation
           of the network managing service.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

This is already obscure, the admin must understand that on RHEL8, it's NetworkManager and achieved through exectuing NetworkManager-wait-online.service.
First I think that a patch should be made in systemd manpage to clear state NetworkManager is the network managing service.
"

Beniamino did some work on RHEL8's BZ 1825666
Comment 19 Thomas Haller 2020-05-04 19:04:53 UTC 
> I suggest improving the systemd manpage as well, see 1825666#c6:

OK. Makes sense...

I think this bug is a duplicate to bug 1825666, with the difference that this bug is for NetworkManager@rhel-7 and the other is for NetworkManager@rhel-8. As far as NetworkManager package is concerned (and the man page that it provides), I think this will be soon fixed.


Please clone this or the other bug to systemd (depending on whether you want it for rhel-7 or rhel-8), which provides systemd.special man page. Usually, I would clone the bug myself, but I don't overly agree that this change to the manual page should be done, so I have no good arguments of my own to argue in favour of the change. Renaud, if you feel systemd should adjust their manual page, please clone the bug (or the other one, for rhel-8).
Comment 20 Renaud Métrich 2020-05-05 06:19:53 UTC 
See #1831484 for systemd.special part.
Comment 24 Vladimir Benes 2020-05-15 08:31:32 UTC 
We have a test case for this functionality since NM-1.4:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci/-/blob/master/nmcli/features/ipv6.feature#L955

 and man page now properly explains how may-fail yes/no affects nm-online too.
Comment 26 errata-xmlrpc 2020-09-29 20:30:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: NetworkManager security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4003