within ovirt-engine service, we have -Djava.net.preferIPv4Stack=true which is not as it sounds... it does not prefer but enforces the use of ipv4, it means that ipv6 cannot be used, including access to dns or ldap. thanks to Simon Fayer who found this! not sure why this was introduced, it was ever since fc17[1] we cannot just disable ipv6 in modern systems. workaround: /etc/ovirt-engine/engine.conf.d/90-ipv6.conf --- ENGINE_PROPERTIES="${ENGINE_PROPERTIES} java.net.preferIPv4Stack=false" --- we should either remove or truly justify this... and fix our implementation where it might be wrong and depend on ipv4 only. [1] https://gerrit.ovirt.org/#/c/4416/
OK, reason is outlined here[1] [1] https://docs.jboss.org/author/display/AS71/Interfaces+and+ports
Looks more like a RFE for adding IPv6 support than a bugfix. I'm not sure this should be targeted to zstream. Yaniv?
(In reply to Sandro Bonazzola from comment #2) > Looks more like a RFE for adding IPv6 support than a bugfix. I'm not sure > this should be targeted to zstream. Yaniv? where was the statement that we intentionally do not support ipv6 for dns, ldap, smtp, snmp, openstack services etc? as far as I understand, this is a left over because of <loopback/> setting in jboss-7.0, which did not support listening to ipv4 loopback. this is a bug, real customer reported this, due to our incorrect configuration of jboss.
assigning to Alon since he already provided the patches.
Can you add details on how to test this?
1. make sure no regressions. 2. try to access dns server / ldap server using ipv6 from within engine, probably best to use the new ldap provider. I am still checking this one.
One problem I found is while jboss is running on a kernel that lacks ipv6, jboss fails with: JBWEB003043: Error initializing endpoint: java.net.SocketException: Protocol family unavailable The problem is that jboss assumes that any-address is ipv6 and does not fallback to ipv4 if ipv6 is not supported. --- <interface name="public"> <any-address/> </interface> --- as usual, bad jboss... including in jeap-6.3. any-ipv4-address seems to work, it will listen to 0.0.0.0 but I am unsure what the impact to ipv6 machines. workaround for these kernels without ipv6 is to add: /etc/ovirt-engine/engine.conf.d/90-ipv4.conf: --- ENGINE_PROPERTIES="java.net.preferIPv4Stack=true" --- this workaround should be valid as most configurations out there does support ipv6. Simon, can you please check it out? using the latest setting which is without java.net.preferIPv4Stack=true and with any-ipv4-address instead of any-address at ovirt-engine.xml.in does it accept connections from ipv6 remote? Thanks!
With those options my IPv6 node does seem to work. I'm not using the ENGINE_HTTP_ENABLED option so the public interface isn't really used; the web interface is still available over IPv6 via Apache (I still have <inet-address value="127.0.0.1"/> for the loopback interface).
(In reply to Simon Fayer from comment #8) > With those options my IPv6 node does seem to work. I'm not using the > ENGINE_HTTP_ENABLED option so the public interface isn't really used; the > web interface is still available over IPv6 via Apache (I still have > <inet-address value="127.0.0.1"/> for the loopback interface). Thanks for your response. Indeed, this effect mostly development environment so in either way it is minor. I just waned to know if listing to :: or 0.0.0.0 behaves the same, apparently not. jboss developers should have been more sensitive.
ok, rhevm-backend-3.5.3-0.2.el6ev.noarch test without "workaround": [root@jb-rhevm35 dev]# grep -IR java.net /usr/share/ovirt-engine [root@jb-rhevm35 dev]# grep -IR inet-address /usr/share/ovirt-engine /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in: <inet-address value="127.0.0.1"/> [root@jb-rhevm35 dev]# ps aux | grep 'ovirt-engine -server' | grep -q prefer ; echo $? 1
This is an automated message. oVirt 3.5.3 has been released on June 15th 2015 and should include the fix for this BZ. Moving to closed current release.