Bug 2188388

Summary: [rhel-9] [RFE] Configure "ipv6.addr-gen-mode=eui64' as default in NetworkManager
Product: Red Hat Enterprise Linux 9 Reporter: Thomas Haller <thaller>
Component: cloud-initAssignee: Ani Sinha <anisinha>
Status: CLOSED ERRATA QA Contact: Huijuan Zhao <huzhao>
Severity: medium Docs Contact:
Priority: high    
Version: 9.3CC: andavis, anisinha, bdas, bgalvani, cconte, coldford, desktop-qa-list, dustymabe, eterrell, fpalin, ggrimaux, huzhao, jansari, jgreguske, jlibosva, lrintel, mlaniel, nm-team, rkhan, rpawlik, sfaye, sukulkar, till, xiachen, xiliang, yacao
Target Milestone: rcKeywords: FutureFeature, RFE, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: cloud-init-23.1.1-9.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2103285
: 2229460 (view as bug list) Environment:
Last Closed: 2023-11-07 08:28:38 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2103285    
Bug Blocks: 2229460    

Description Thomas Haller 2023-04-20 15:07:55 UTC 
+++ This bug was initially created as a clone of Bug #2103285 +++

This is a clone of bug 2103285.


the summary is:

- cloud-init creates NetworkManager profiles with `ipv6.addr-gen-mode=eui64`. That is good and necessary in the environment of bug 2103285. Note that cloud-init does not explicitly configure eui64 in NetworkManager. But it gets it implicitly, because it does not specify the addr-gen-mode in the files that it writes.

- later, when other interfaces get added, NetworkManager auto generates new profiles for those interfaces and activates them. Those are named "Wired connection 1". Those profiles have `ipv6.addr-gen-mode=default` (which, on most RHEL systems ends up being "stable-private" and not "eui64"). That causes problems for the custome.



In NetworkManager 1.40, the per-profile setting of "ipv6.addr-gen-mode" can be overriden by global-connection-defaults in NetworkManage.conf. See for details the commit message https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/e6a33c04ebe1ac84e31628911e25bdfd7534dd3c.

This was requested by bug 2082682 for the CoreOS issue https://github.com/coreos/fedora-coreos-tracker/issues/907.


Note that in https://bugzilla.redhat.com/show_bug.cgi?id=2082682#c15 there was also consideration whether this needs to be adressed in cloud-init. So far, it was not, but this report is about doing that.




Choosing addr-gen-mode=eui64 may not be best in all cases. See for example https://github.com/coreos/fedora-coreos-tracker/issues/907#issuecomment-1119911839 .
However, as cloud-init already deploys it profiles with eui64, it seems to have already made that choice. It should go one step further, and deploy a file /etc/NetworkManager/conf.d/30-cloud-init-ip6-addr-gen-mode.conf with content:

  # This is generated by cloud-init.
  #
  [connection.30-cloud-init-ip6-addr-gen-mode]
  # Select EUI64 to be used if the profile does not specify it.
  ipv6.addr-gen-mode=0


This will work with NetworkManager 1.40.0+, rhel-8.7+, rhel-9.2+
Comment 8 Ani Sinha 2023-07-25 11:19:31 UTC 
Upstream discussion will happen as a part of https://github.com/canonical/cloud-init/pull/4291 .
Comment 10 Huijuan Zhao 2023-08-06 07:56:23 UTC 
Tested with cloud-init-23.1.1-9.el9(NetworkManager-1.43.9-1.el9.x86_64) on OpenStack, the instance can get ipv6 address and ping successfully, and I think the below test results are expected, setting Verified:Tested

----
# cat /etc/cloud/cloud.cfg

   network:
      renderers: ['network-manager', 'eni', 'netplan', 'sysconfig', 'networkd']
----


# nmcli -f NAME,FILENAME,DBUS-PATH  c show
NAME             FILENAME                                                             DBUS-PATH                                  
cloud-init eth0  /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection  /org/freedesktop/NetworkManager/Settings/1 
lo               /run/NetworkManager/system-connections/lo.nmconnection               /org/freedesktop/NetworkManager/Settings/2


# cat /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection
# Generated by cloud-init. Changes will be lost.

[connection]
id=cloud-init eth0
...
[ipv6]
method=auto
may-fail=false
route1=::/0,2620:52:0:84::3fe



# nmcli -o c show /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection
connection.id:                          cloud-init eth0
...
ipv4.method:                            auto
ipv4.may-fail:                          no
ipv6.method:                            auto
ipv6.routes:                            { ip = ::/0, nh = 2620:52:0:84::3fe }
ipv6.may-fail:                          no
ipv6.addr-gen-mode:                     default-or-eui64


# cat /etc/NetworkManager/conf.d/30-cloud-init-ip6-addr-gen-mode.conf
# This is generated by cloud-init. Do not edit.
#
[.config]
  enable=nm-version-min:1.40
[connection.30-cloud-init-ip6-addr-gen-mode]
  # Select EUI64 to be used if the profile does not specify it.
  ipv6.addr-gen-mode=0
Comment 13 Huijuan Zhao 2023-08-10 08:44:37 UTC 
Move to VERIFIED per comment 10
Comment 15 errata-xmlrpc 2023-11-07 08:28:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: cloud-init security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6371