[Bug 904903] New: 13.2/wicked tun interface setup, using migrated/prior working 13.1 config(s), FAILs
http://bugzilla.suse.com/show_bug.cgi?id=904903
Bug ID: 904903
Summary: 13.2/wicked tun interface setup, using migrated/prior
working 13.1 config(s), FAILs
Classification: openSUSE
Product: openSUSE Distribution
Version: 13.2
Hardware: Other
OS: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: Network
Assignee: bnc-team-screening@forge.provo.novell.com
Reporter: grantksupport@operamail.com
QA Contact: qa-bugs@suse.de
Found By: ---
Blocker: ---
I've upgraded opensuse 13.1 -> 13.2.
With the upgrade, the functioning of 'tun' interface setup FAILs, causing the
subsequent FAIL of dependent services, such as openvpn.
This has been initially discussed @ -factory ML,
http://lists.opensuse.org/opensuse-factory/2014-11/msg00198.html
Focusing 1st on the tun1 fail,
The orig, pre opensuse 13.2 config consists of
cat /etc/sysconfig/network/ifcfg-tun1
STARTMODE='auto'
BOOTPROTO='static'
TUNNEL='tun'
TUNNEL_SET_GROUP='openvpn'
TUNNEL_SET_OWNER='openvpn'
TUNNEL_SET_PERSISTENT='yes'
IPV6INIT='no'
IPV6_AUTOCONF='no'
IPADDR="0.0.0.0"
and has been in use, here, for generations of pre-13.2 opensuse + openvpn use
without error or fail.
Whereas
IPADDR="0.0.0.0"
is widely historically referenced/used for initial setup of tun interface (also
used for DHCP*, Tomcat, others ...),, under 13.2's 'wicked', it causes an
error,
ifdown tun1
tun1 device-down
ifup tun1
wicked: ifcfg-tun1: ignoring unspecified ip address 0.0.0.0
wicked: device tun1 failed: operation timed out
tun1 setup-in-progress
and
/var/log/messages
Nov 10 13:22:24 edge03 wicked: ifcfg-tun1: ignoring unspecified
ip address 0.0.0.0
Nov 10 13:22:32 edge03 wicked: device tun1 failed: operation
timed out
Nov 10 13:22:39 edge03 wicked: device tun1 failed: operation
timed out
There's clear disagreement on the ML as to whether or not '0.0.0.0' is
acceptable use.
The current documentation across wicked/ifcfg no longer addresses all the above
params, and is somewhat consistent across man pages. Referring to,
man ifcfg-tunnel
...
Universal TUN/TAP tunnels
The universal TUN/TAP kernel driver provides an interface for
user space programs to operate a tun-
nel. There are two modes in which the interface can be created:
TUN (a Point-to-Point interface using local and remote IP) or
TAP (like normal ethernet interface, e.g. for use in bridges).
The following configuration allows to create the interfaces
persistently:
...
ifcfg-tun0
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='tun'
TUNNEL_SET_OWNER='username'
TUNNEL_SET_GROUP='groupname'
...
and changing to that ^^^ as a starting point, so that, here
cat /etc/sysconfig/network/ifcfg-tun1
STARTMODE='auto'
BOOTPROTO='static'
TUNNEL='tun'
TUNNEL_SET_GROUP='openvpn'
TUNNEL_SET_OWNER='openvpn'
#TUNNEL_SET_PERSISTENT='yes'
#IPV6INIT='no'
#IPV6_AUTOCONF='no'
#IPADDR="0.0.0.0"
On reboot, tun1 is still not functional & available for use.
journalctl output from the boot
journalctl -xb | egrep -i "tun|wicked" | egrep -v "named"
Nov 10 18:41:55 edge03 kernel: tun: Universal TUN/TAP device driver,
1.6
Nov 10 18:41:55 edge03 kernel: tun: (C) 1999-2004 Max Krasnyansky
http://bugzilla.suse.com/show_bug.cgi?id=904903
grant k
http://bugzilla.suse.com/show_bug.cgi?id=904903
--- Comment #4 from Marius Tomaschewski
This could be bug 904380 which has a known fix in the pipeline
No, it is not. (In reply to grant k from comment #0)
I've upgraded opensuse 13.1 -> 13.2. ... The orig, pre opensuse 13.2 config consists of
cat /etc/sysconfig/network/ifcfg-tun1 STARTMODE='auto' BOOTPROTO='static' TUNNEL='tun' TUNNEL_SET_GROUP='openvpn' TUNNEL_SET_OWNER='openvpn' TUNNEL_SET_PERSISTENT='yes' ^^^^^^^^^^^^^^^^^^^^^^^^^^^ Enforced to "yes" in the past, "no" was never implemented -> obsolete & ignored.
IPV6INIT='no'
^^^^^^^^^^^^^ Invalid & ignored before and now.
IPV6_AUTOCONF='no'
^^^^^^^^^^^^^^^^^^ Invalid & ignored before and now. -> use sysctl's to set it. See also "man 5 ifsysctl". A good idea is to create a /etc/sysctl.d/wicked-<ifname>.conf here + ifsysctl-<ifname> link.
IPADDR="0.0.0.0"
and has been in use, here, for generations of pre-13.2 opensuse + openvpn use without error or fail.
Whereas
IPADDR="0.0.0.0"
is widely historically referenced/used for initial setup of tun interface
It is historical crap ignored since 8.x I AFAIR, that is since the begin of "ip addr" (iproute2) and sysconfig.
(also used for DHCP*, Tomcat, others ...),,
This are completely different use cases, sorry.
under 13.2's 'wicked', it causes an error, ... ifup tun1 wicked: ifcfg-tun1: ignoring unspecified ip address 0.0.0.0
No, it does not cause any error but a warning message and is ignored after. The intention behind this warning was to let people cleanup their crap. I'm about to apply a patch making it not visibly by default.
wicked: device tun1 failed: operation timed out tun1 setup-in-progress
These duplicate messages do not have anything to do with the 0.0.0.0 message.
On reboot, tun1 is still not functional & available for use.
It will also be never functional until you start a driver on it, that is
until you start e.g. "openvpn" on it.
Before, ifup were just applying things without any verify breaking upper
layers (e.g. duplicate address detection) because lower layers were not
complete:
# ip a s
http://bugzilla.suse.com/show_bug.cgi?id=904903
Marius Tomaschewski
http://bugzilla.suse.com/show_bug.cgi?id=904903
grant k
http://bugzilla.suse.com/show_bug.cgi?id=904903
grant k
http://bugzilla.suse.com/show_bug.cgi?id=904903
grant k
http://bugzilla.suse.com/show_bug.cgi?id=904903
grant k
http://bugzilla.suse.com/show_bug.cgi?id=904903
grant k
http://bugzilla.suse.com/show_bug.cgi?id=904903
--- Comment #10 from grant k
http://bugzilla.suse.com/show_bug.cgi?id=904903
Pawel Wieczorkiewicz
http://bugzilla.suse.com/show_bug.cgi?id=904903
--- Comment #16 from Pawel Wieczorkiewicz
Further the driver could be started by scripts support which is going to be added in wicked 0.6.18 release (please see the systemd schema scripting in boo#907215).
BTW: current master git repo version with added scripts support can be found at OBS network:wicked:master. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com