remove unroutable ipv6 config #694
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b4ldr
added a commit
to b4ldr/voxpupuli-acceptance
that referenced
this pull request
Dec 22, 2020
Enabled by default Also see: voxpupuli/modulesync_config#694
This was referenced Dec 22, 2020
ekohl
reviewed
Dec 22, 2020
Comment on lines
-82
to
-85
| - name: Enable IPv6 on docker | ||
| run: | | ||
| echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json | ||
| sudo service docker restart |
There was a problem hiding this comment.
I added this because in https://github.com/theforeman/foreman/puppet-dns we needed to test with IPv6 localhost. This enabled me to perform requests to ::1.
There was a problem hiding this comment.
@ekohl can you try the fix in https://github.com/voxpupuli/puppet-unbound/blob/master/spec/acceptance/unbound_spec.rb#L13 or the other PR to see if that resolves the issue. I initialy added that fix for the same reason in unbond (and i thought nsd but they may have been internal modules)
There was a problem hiding this comment.
i have created theforeman/puppet-dns#182 to test
b4ldr
added a commit
to b4ldr/voxpupuli-acceptance
that referenced
this pull request
Dec 22, 2020
Enabled by default Also see: voxpupuli/modulesync_config#694
ekohl
approved these changes
Feb 23, 2021
|
Looks like we need a signed commit in this repository. Could you manage that? |
b4ldr
force-pushed
the
fix_ipv6
branch
3 times, most recently
from
2f02995 to
9bf0636
Compare
The current configuration configures the docker daemon to issue ipv6
addresses in an RFC 3849 IPv6 documentation range[1], most Likely copied f
rom the docker documentation[2]. I suspect that theses images dont have
any additional IPv6 prefixes delegated to them so im not sure any value
makes senses here.
I suspect that this is never the desired outcome as it means the docker
instance gets configured with a un-routable global IPv6 address. This
means outgoing connections will first try to connect to resources via
IPv6 (if a AAAA is avalible) and time out before trying IPv4. This can
be observed in a beaker job[3] where wget first tries to download the
puppet.deb file over ipv6
In most cases i think one just wants to have the docker image have a
ipv6 loopback and linklocal address which for reasons [4] docker dosn't
give us. I don't think anyone actually needs a global IPv6
address. As such adding something like the following to[4]
spec_helper_acceptance.rb would produce the desired affect
shell('sysctl net.ipv6.conf.all.disable_ipv6=0')
[1]https://tools.ietf.org/html/rfc3849
[2]https://docs.docker.com/config/daemon/ipv6/
[3]https://github.com/voxpupuli/puppet-unbound/runs/1595247379?check_suite_focus=true
(line 272)
[4]moby/moby#33099
[5]https://github.com/voxpupuli/puppet-unbound/blob/master/spec/acceptance/unbound_spec.rb#L13
Signed-off-by: John Bond <github@johnbond.org>
fixed |
|
Thanks! |
b4ldr
added a commit
to b4ldr/voxpupuli-acceptance
that referenced
this pull request
Jun 4, 2021
Enabled by default Also see: voxpupuli/modulesync_config#694
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current configuration configures the docker daemon to issue ipv6
addresses in an RFC 3849 IPv6 documentation range[1], most Likely copied f
rom the docker documentation[2]. I suspect that theses images dont have
any additional IPv6 prefixes delegated to them so im not sure any value
makes senses here.
I suspect that this is never the desired outcome as it means the docker
instance gets configured with a un-routable global IPv6 address. This
means outgoing connections will first try to connect to resources via
IPv6 (if a AAAA is avalible) and time out before trying IPv4. This can
be observed in a beaker job[3] where wget first tries to download the
puppet.deb file over ipv6
In most cases i think one just wants to have the docker image have a
ipv6 loopback and linklocal address which for reasons [4] docker dosn't
give us. I don't think anyone actually needs a global IPv6
address. As such adding something like the following to[5]
spec_helper_acceptance.rb[6] would produce the desired affect
shell('sysctl net.ipv6.conf.all.disable_ipv6=0')
[1]https://tools.ietf.org/html/rfc3849
[2]https://docs.docker.com/config/daemon/ipv6/
[3]https://github.com/voxpupuli/puppet-unbound/runs/1595247379?check_suite_focus=true
(line 272)
[4]moby/moby#33099
[5]https://github.com/voxpupuli/puppet-unbound/blob/master/spec/acceptance/unbound_spec.rb#L13
[6]voxpupuli/voxpupuli-acceptance#16