Bug 781708
Summary: | Concurrency problem between network and sshd service | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Corinna Vinschen <vinschen> | |
Component: | openssh | Assignee: | Petr Lautrbach <plautrba> | |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 16 | CC: | johannbg, mattias.ellert, metherid, mgrepl, mschmidt, notting, plautrba, systemd-maint, tmraz | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 782042 (view as bug list) | Environment: | ||
Last Closed: | 2013-02-13 21:23:34 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: |
Description
Corinna Vinschen
2012-01-14 14:55:42 UTC
Grr, I pressed the return key in the wrong spot so I failed to edit the message before sending it. Here's what's missing in the above report: - The sshd.service file is untouched. The dependencies are After=syslog.target network.target auditd.service - I could workaround the issue by adding another dependency: After=syslog.target network.target auditd.service vncserver@:1.service Which is kind of surprising, because vncserver@:1.service depends only on a subset of the sshd.service dependencies: After=syslog.target network.target Version-Release number of selected component (if applicable): systemd-37-3.fc16.x86_64 openssh-server-5.8p2-23.fc16.x86_64 avahi-0.6.30-4.fc16.x86_64 Expected results: The dependency on network.target should be enough to avoid this issue. avahi-daemon (*if* it's the culprit here) should not disallow to bind to an address while its registering it. Corinna (In reply to comment #0) > 12:32:22 network[962]: Bringing up interface br0: [ OK ] > 12:32:24 avahi-daemon[1092]: Registering new address record for > fc00::1 on br0.*. > 12:32:24 avahi-daemon[1092]: Withdrawing address record for > fe80::6250:40ff:fe30:2010 on br0. > > So the network is supposed to be up 2 seconds before sshd tries to > create a listener on these addresses. There's no good reason that > it should fail for the IPv6 address, except that avahi-daemon > is apparently doing "something" with the IPv6 address at this time. No, avahi is not the problem. In fact, avahi just reported correctly when the IPv6 address really becomes available to applications. When an IPv6 address is assigned to an interface, it does not become usable immediately. It is in a "tentative" state for a moment for the purpose of a mandatory duplicate address detection. You can see it with an experiment: ifdown eth0 ifup eth0; ip addr show dev eth0 You'll see something like: ... inet6 fc00::1/64 scope global tentative ... When you ask ip the same question again a little later, the "tentative" flag will be gone. Ideally sshd would use IP_FREEBIND to avoid the need for ordering. Reassigning to openssh. These discussion threads are relevant: http://lists.fedoraproject.org/pipermail/devel/2011-May/151272.html http://lists.debian.org/debian-devel/2011/05/msg00801.html Ah, I see. But I don't think openssh is the culprit in the first place, even if it might make sense to patch IP_FREEBIND into it. The underlying problem is that the dependency mechanism is broken by the fact that the initscripts network script reports success before all addresses are actually available. From my POV network should only report success when all network addresses are available *and* left the tentative state. This would do the right thing in non-NetworkManager scenarios which don't have to cope with dynamic addresses. Corinna Cloned for initscripts as bug 782042. This message is a reminder that Fedora 16 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '16'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 16's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 16 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. |