Bug 1753983

Summary: [RFE] Add support of disable IPv6 persistently
Product: Red Hat Enterprise Linux 8 Reporter: Gris Ge <fge>
Component: nmstateAssignee: Gris Ge <fge>
Status: CLOSED ERRATA QA Contact: Mingyu Shi <mshi>
Severity: high Docs Contact:
Priority: high    
Version: 8.1CC: amusil, dholler, jiji, jishi, mburman, network-qe
Target Milestone: rcKeywords: FutureFeature, RFE
Target Release: 8.2Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: nmstate-0.1.1-4.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:00:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1755139    

Description Gris Ge 2019-09-20 12:44:04 UTC 
Description of problem:

Currently, the ipv6 disabled by nmstate will be re-enabled after reboot.
Need to use the NM 1.20 new feature to support disabling IPv6 persistently.


Version-Release number of selected component (if applicable):
nmstate-0.0.8-15.el8

How reproducible:
100%

Steps to Reproduce:
1. Use nmstatectl to disable IPvv6 of certain interface.
2. Reboot
3. Check ipv6 status of that interface

Actual results:

IPv6 got enabled after reboot.

Expected results:

IPv6 stay in disable mode

Additional info:

The libnm 1.20 supports `NM.SETTING_IP6_CONFIG_METHOD_DISABLED`.
Comment 3 Mingyu Shi 2019-12-04 09:52:08 UTC 
RHEL-8.1.1-20191202.n.3
[root@hp-dl388g8-04 ~]0# rpm -q nmstate
nmstate-0.1.1-5.el8.noarch

[root@hp-dl388g8-04 /mnt/tests/kernel/networking/nmstate/temp]0# cat /etc/NetworkManager/system-connections/dummy0.nmconnection 
[connection]
id=dummy0
uuid=49fa4c29-e3df-44b3-8aab-688eacb44808
type=dummy
autoconnect-slaves=1
interface-name=dummy0
permissions=

[ethernet]
cloned-mac-address=5A:A3:C8:3D:26:FB
mac-address-blacklist=
mtu=1500

[ipv4]
dhcp-client-id=mac
dns-search=
method=disabled

[ipv6]
addr-gen-mode=eui64
dhcp-duid=ll
dns-search=
method=link-local
[root@hp-dl388g8-04 /mnt/tests/kernel/networking/nmstate/temp]0# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2620:52:0:4982:b285:95b0:cd4f:814d/64 scope global dynamic noprefixroute 
       valid_lft 2592000sec preferred_lft 604800sec
    inet6 fe80::2eb3:eb04:4162:2aa2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
12: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
    inet6 fe80::58a3:c8ff:fe3d:26fb/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@hp-dl388g8-04 /mnt/tests/kernel/networking/nmstate/temp]0# nmstatectl set dummydisableipv6.yaml 
2019-12-04 04:31:21,665 root         DEBUG    Checkpoint /org/freedesktop/NetworkManager/Checkpoint/2 created for all devices: 60
2019-12-04 04:31:21,665 root         DEBUG    Adding new interfaces: []
2019-12-04 04:31:21,667 root         DEBUG    Editing interfaces: ['dummy0']
2019-12-04 04:31:21,668 root         DEBUG    Connection settings for ConnectionSetting.import_by_profile:
id: dummy0
iface: dummy0
uuid: 49fa4c29-e3df-44b3-8aab-688eacb44808
type: dummy
autoconnect: True
autoconnect_slaves: <enum NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_YES of type NM.SettingConnectionAutoconnectSlaves>
2019-12-04 04:31:21,671 root         DEBUG    Executing NM action: func=commit_changes_async
2019-12-04 04:31:21,676 root         DEBUG    Connection update succeeded: dev=dummy0
2019-12-04 04:31:21,676 root         DEBUG    Executing NM action: func=_safe_modify_async
2019-12-04 04:31:21,678 root         DEBUG    Device reapply succeeded: dev=dummy0
2019-12-04 04:31:21,678 root         DEBUG    NM action queue exhausted, quiting mainloop
2019-12-04 04:31:21,745 root         DEBUG    Checkpoint /org/freedesktop/NetworkManager/Checkpoint/2 destroyed
Desired state applied: 
---
interfaces:
- name: dummy0
  type: dummy
  state: up
  ipv6:
    enabled: false
  mtu: 1500
[root@hp-dl388g8-04 /mnt/tests/kernel/networking/nmstate/temp]0# nmcli connection up dummy0 
ap           ifname       passwd-file  
[root@hp-dl388g8-04 /mnt/tests/kernel/networking/nmstate/temp]0# nmcli connection up dummy0 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@hp-dl388g8-04 /mnt/tests/kernel/networking/nmstate/temp]0# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2620:52:0:4982:b285:95b0:cd4f:814d/64 scope global dynamic noprefixroute 
       valid_lft 2591939sec preferred_lft 604739sec
    inet6 fe80::2eb3:eb04:4162:2aa2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@hp-dl388g8-04 /mnt/tests/kernel/networking/nmstate/temp]0# cat dummydisableipv6.yaml 
---
interfaces:
  - name: dummy0
    type: dummy
    state: up
    mtu: 1500
    ipv6:
      enabled: false

[root@hp-dl388g8-04 ~]0# cat /etc/NetworkManager/system-connections/dummy0.nmconnection 
[connection]
id=dummy0
uuid=49fa4c29-e3df-44b3-8aab-688eacb44808
type=dummy
autoconnect-slaves=1
interface-name=dummy0
permissions=

[ethernet]
cloned-mac-address=5A:A3:C8:3D:26:FB
mac-address-blacklist=
mtu=1500

[ipv4]
dhcp-client-id=mac
dns-search=
method=disabled

[ipv6]
addr-gen-mode=eui64
dhcp-duid=ll
dns-search=
method=disabled



after 'nmcli con up' or reboot, the ipv6 of the interface remains disabled.

The bug can be reproduced on RHEL-8.1.0: by 'nmcli up' or rebooting system after disabled ipv6, and the iface's configuration under /etc/NetworkManager/system-connections will always be ipv6.method=ignore
Comment 4 Mingyu Shi 2019-12-04 10:09:43 UTC 
#comment 3 was added here wrong (it is for RHEL 8.1.1)

Here's the verification on RHEL-8.2.0-20191203.0
nmstate-0.2.0-2.el8.noarch

[root@hp-dl380pg8-13 /mnt/tests/kernel/networking/nmstate/temp]0# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
4: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2620:52:0:4982:a2d3:c1ff:fefb:ae98/64 scope global dynamic noprefixroute 
       valid_lft 2591996sec preferred_lft 604796sec
    inet6 fe80::a2d3:c1ff:fefb:ae98/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
10: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
    inet6 fe80::f021:e9ff:fe95:c9ba/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@hp-dl380pg8-13 /mnt/tests/kernel/networking/nmstate/temp]0# cat /etc/NetworkManager/system-connections/dummy0.nmconnection 
[connection]
id=dummy0
uuid=2e842f5a-a725-45d9-89dc-ff9d27858e67
type=dummy
autoconnect-slaves=1
interface-name=dummy0
permissions=

[ethernet]
cloned-mac-address=F2:21:E9:95:C9:BA
mac-address-blacklist=
mtu=1500

[dummy]

[ipv4]
dhcp-client-id=mac
dns-search=
method=disabled

[ipv6]
addr-gen-mode=eui64
dhcp-duid=ll
dns-search=
method=link-local

[proxy]
[root@hp-dl380pg8-13 /mnt/tests/kernel/networking/nmstate/temp]0# nmstatectl set dummydisableipv6.yaml 
2019-12-04 04:58:49,779 root         DEBUG    Checkpoint /org/freedesktop/NetworkManager/Checkpoint/3 created for all devices: 60
2019-12-04 04:58:49,780 root         DEBUG    Adding new interfaces: []
2019-12-04 04:58:49,782 root         DEBUG    Editing interfaces: ['dummy0']
2019-12-04 04:58:49,784 root         DEBUG    Connection settings for ConnectionSetting.import_by_profile:
id: dummy0
iface: dummy0
uuid: 2e842f5a-a725-45d9-89dc-ff9d27858e67
type: dummy
autoconnect: True
autoconnect_slaves: <enum NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_YES of type NM.SettingConnectionAutoconnectSlaves>
2019-12-04 04:58:49,788 root         DEBUG    Executing NM action: func=commit_changes_async
2019-12-04 04:58:49,807 root         DEBUG    Connection update succeeded: dev=dummy0
2019-12-04 04:58:49,807 root         DEBUG    Executing NM action: func=_safe_modify_async
2019-12-04 04:58:49,813 root         DEBUG    Device reapply succeeded: dev=dummy0
2019-12-04 04:58:49,813 root         DEBUG    NM action queue exhausted, quiting mainloop
2019-12-04 04:58:49,877 root         DEBUG    Checkpoint /org/freedesktop/NetworkManager/Checkpoint/3 destroyed
Desired state applied: 
---
interfaces:
- name: dummy0
  type: dummy
  state: up
  ipv6:
    enabled: false
[root@hp-dl380pg8-13 /mnt/tests/kernel/networking/nmstate/temp]0# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
4: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2620:52:0:4982:a2d3:c1ff:fefb:ae98/64 scope global dynamic noprefixroute 
       valid_lft 2591963sec preferred_lft 604763sec
    inet6 fe80::a2d3:c1ff:fefb:ae98/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@hp-dl380pg8-13 /mnt/tests/kernel/networking/nmstate/temp]0# cat /etc/NetworkManager/system-connections/dummy0.nmconnection 
[connection]
id=dummy0
uuid=2e842f5a-a725-45d9-89dc-ff9d27858e67
type=dummy
autoconnect-slaves=1
interface-name=dummy0
permissions=

[ethernet]
cloned-mac-address=F2:21:E9:95:C9:BA
mac-address-blacklist=
mtu=1500

[dummy]

[ipv4]
dhcp-client-id=mac
dns-search=
method=disabled

[ipv6]
addr-gen-mode=eui64
dhcp-duid=ll
dns-search=
method=disabled

[proxy]
[root@hp-dl380pg8-13 /mnt/tests/kernel/networking/nmstate/temp]0# nmcli connection up dummy0 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@hp-dl380pg8-13 /mnt/tests/kernel/networking/nmstate/temp]0# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
4: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2620:52:0:4982:a2d3:c1ff:fefb:ae98/64 scope global dynamic noprefixroute 
       valid_lft 2591995sec preferred_lft 604795sec
    inet6 fe80::a2d3:c1ff:fefb:ae98/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@hp-dl380pg8-13 /mnt/tests/kernel/networking/nmstate/temp]0# nmstatectl show dummy0
---
dns-resolver:
  config:
    search: []
    server: []
  running:
    search:
    - rhts.eng.pek2.redhat.com
    server:
    - 10.73.2.107
    - 10.73.2.108
    - 10.66.127.10
route-rules:
  config: []
routes:
  config: []
  running: []
interfaces:
- name: dummy0
  type: dummy
  state: up
  ipv4:
    dhcp: false
    enabled: false
  ipv6:
    autoconf: false
    dhcp: false
    enabled: false
  mac-address: F2:21:E9:95:C9:BA
  mtu: 1500

after 'nmcli con up' or reboot, the ipv6 of the interface remains disabled.
Comment 7 errata-xmlrpc 2020-04-28 16:00:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1696