[FACT-1475] facter returns wrong ipv6 information when IPV6 stack is disabled Created: 2016/07/26  Updated: 2018/08/22  Resolved: 2018/07/25

Status: Closed
Project: Facter
Component/s: None
Affects Version/s: FACT 3.8.0
Fix Version/s: FACT 3.11.4

Type: Bug Priority: Normal
Reporter: CJ Toolseram [X] (Inactive) Assignee: Enis Inan
Resolution: Fixed Votes: 1
Labels: docs_reviewed, help_wanted, networking, regression, sadness
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File ipv6.pp    
Issue Links:
Duplicate
is duplicated by FACT-1532 ipv6 facts in RHEL5 systems Closed
is duplicated by FACT-1739 ipaddress6 returns ipv4 address Closed
is duplicated by FACT-1823 facter detect ipv6 fact on ipv4 only ... Closed
Template:
Epic Link: unintended side efFACTs
Team: Platform OS
Sprint: Platform OS Kanban
Release Notes: Bug Fix
Release Notes Summary: Facter correctly validates the ip command's output for the ipv6 family. If the ip command's output is invalid (e.g. if it contains ipv4 info.), then Facter ignores it.

 Description   

ipv6 is disabled but facter is still showing ipv6 facts with ipv4 address

facter debug:

2016-07-22 14:23:28.082752 DEBUG leatherman.execution:88 - executing command: /sbin/ip -6 route show
2016-07-22 14:23:28.083535 DEBUG | - default via 10.13.21.1 dev eth0
2016-07-22 14:23:28.083599 DEBUG | - 10.13.20.0/24 dev eth0  proto kernel  scope link  src 10.13.21.85

running /sbin/ip -6 route show locally still show ipv4 address in the route table

# /sbin/ip -6 route show 
default via 10.11.17.1 dev eth0 
10.11.17.0/24 dev eth0 proto kernel scope link src 10.11.17.78



 Comments   
Comment by Branan Riley [ 2017/05/17 ]

I cannot begin to fathom who thought the ip command should return v4 information to a v6 query.

I guess we should work around this? But I feel like everything I knew about the universe is wrong

Comment by Peter Meier [ 2017/08/24 ]

We could at least validate the info we get from `ip` like whether the supposed ipv6 address contains a : (colon) otherwise drop it.

This is what people are left to do now if they have hosts with ipv6 disabled, but are slowly enabling it and hence try to figure out, if the host has an ipv6 address.

IMHO this is a pretty severe bug that is opened way too long, as it is reporting false facts, that people can't rely on, which makes the purpose of facts completely meaningless. Especially this wasn't the case in Facter versions < 3, so people have code that is with the newer facter version completely unreliable. So at least it is also a regression.

Comment by Enis Inan [ 2018/07/19 ]

What distro is the customer using? Also, how are they disabling IPV 6?

I followed the directions outlined in https://www.techrepublic.com/article/how-to-disable-ipv6-on-linux/ for disabling IPV 6, which consists of running

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1

and to re-enable it, you can do

sysctl -w net.ipv6.conf.all.disable_ipv6=0
sysctl -w net.ipv6.conf.default.disable_ipv6=0

When I disabled IPV 6 this way, the v6 facts no longer showed up. It was just the v4 facts, which is the expected behavior. I tested this on CentOS 5/6/7.

Comment by Vadym Chepkov [ 2018/07/19 ]

I think it was submitted on our behalf. Attached is the class we use.

ipv6.pp

Comment by Enis Inan [ 2018/07/20 ]

Vadym Chepkov Thanks! I've tried applying that manifest on CentOS 5, 6, and 7 nodes but I still can't reproduce the issue.

- CentOS 7.2.1511
 
[root@s5ivbahpr655b6y facter]# ./MODULES/disable-ipv6.sh
Notice: Compiled catalog for s5ivbahpr655b6y.delivery.puppetlabs.net in environment production in 0.06 seconds
Notice: /Stage[main]/Customer::Ipv6/Kernel_parameter[ipv6.disable]/ensure: created
Notice: Applied catalog in 0.85 seconds
 
2018-07-20 14:02:32.161888 DEBUG leatherman.execution:93 - executing command: /usr/sbin/ip route show
2018-07-20 14:02:32.163215 DEBUG | - default via 10.32.112.1 dev ens160  proto static  metric 100
2018-07-20 14:02:32.163318 DEBUG | - 10.32.22.9 via 10.32.112.1 dev ens160  proto dhcp  metric 100
2018-07-20 14:02:32.163377 DEBUG | - 10.32.112.0/20 dev ens160  proto kernel  scope link  src 10.32.121.83  metric 100
2018-07-20 14:02:32.163510 DEBUG leatherman.execution:559 - process exited with status code 0.
2018-07-20 14:02:32.163595 DEBUG leatherman.execution:93 - executing command: /usr/sbin/ip -6 route show
2018-07-20 14:02:32.164709 DEBUG | - fe80::/64 dev ens160  proto kernel  metric 256
 
ip => "10.32.121.83",
ip6 => "fe80::250:56ff:feb1:9ba",

- CentOS 6.8
 
[root@piha7udjnj6h5uc facter]# ./MODULES/disable-ipv6.sh
Notice: Compiled catalog for piha7udjnj6h5uc.delivery.puppetlabs.net in environment production in 0.02 seconds
Notice: /Stage[main]/Customer::Ipv6/File[/etc/modprobe.d/ipv6.conf]/ensure: defined content as '{md5}c8ba1560186f48a0dff968f34036bc31'
Notice: Applied catalog in 0.05 seconds
 
2018-07-20 14:45:28.071300 DEBUG leatherman.execution:93 - executing command: /sbin/ip route show
2018-07-20 14:45:28.072318 DEBUG | - 10.32.112.0/20 dev eth0  proto kernel  scope link  src 10.32.116.113
2018-07-20 14:45:28.072393 DEBUG | - 169.254.0.0/16 dev eth0  scope link  metric 1002
2018-07-20 14:45:28.072437 DEBUG | - default via 10.32.112.1 dev eth0
2018-07-20 14:45:28.072525 DEBUG leatherman.execution:559 - process exited with status code 0.
2018-07-20 14:45:28.072593 DEBUG leatherman.execution:93 - executing command: /sbin/ip -6 route show
2018-07-20 14:45:28.073317 DEBUG | - unreachable ::/96 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.073408 DEBUG | - unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.073481 DEBUG | - unreachable 2002:a00::/24 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.073550 DEBUG | - unreachable 2002:7f00::/24 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.073618 DEBUG | - unreachable 2002:a9fe::/32 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.073686 DEBUG | - unreachable 2002:ac10::/28 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.073752 DEBUG | - unreachable 2002:c0a8::/32 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.073817 DEBUG | - unreachable 2002:e000::/19 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.073969 DEBUG | - unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -113 mtu 65536
2018-07-20 14:45:28.074047 DEBUG | - fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500
2018-07-20 14:45:28.074188 DEBUG leatherman.execution:559 - process exited with status code 0.
 
ip => "10.32.116.113",
ip6 => "fe80::250:56ff:feb1:bf9",

- CentOS 5.10
 
[root@bygtprhtypfegzi facter]# ./MODULES/disable-ipv6.sh
Notice: Compiled catalog for bygtprhtypfegzi.delivery.puppetlabs.net in environment production in 0.03 seconds
Notice: /Stage[main]/Customer::Ipv6/File[/etc/modprobe.d/ipv6.conf]/ensure: defined content as '{md5}c8ba1560186f48a0dff968f34036bc31'
Notice: Applied catalog in 0.05 seconds
 
2018-07-20 07:48:35.807193 DEBUG leatherman.execution:93 - executing command: /sbin/ip route show
2018-07-20 07:48:35.808340 DEBUG | - 10.32.112.0/20 dev eth0  proto kernel  scope link  src 10.32.116.121
2018-07-20 07:48:35.808461 DEBUG | - 169.254.0.0/16 dev eth0  scope link
2018-07-20 07:48:35.808545 DEBUG | - default via 10.32.112.1 dev eth0
2018-07-20 07:48:35.808690 DEBUG leatherman.execution:559 - process exited with status code 0.
2018-07-20 07:48:35.808821 DEBUG leatherman.execution:93 - executing command: /sbin/ip -6 route show
2018-07-20 07:48:35.809740 DEBUG | - unreachable ::/96 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.809884 DEBUG | - unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.810006 DEBUG | - unreachable 2002:a00::/24 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.810119 DEBUG | - unreachable 2002:7f00::/24 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.810230 DEBUG | - unreachable 2002:a9fe::/32 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.810331 DEBUG | - unreachable 2002:ac10::/28 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.810446 DEBUG | - unreachable 2002:c0a8::/32 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.810562 DEBUG | - unreachable 2002:e000::/19 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.810669 DEBUG | - unreachable 3ffe:ffff::/32 dev lo  metric 1024  expires 21246358sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2018-07-20 07:48:35.810780 DEBUG | - fe80::/64 dev eth0  metric 256  expires 21246358sec mtu 1500 advmss 1440 hoplimit 4294967295
2018-07-20 07:48:35.810981 DEBUG leatherman.execution:559 - process exited with status code 0.
 
ip => "10.32.116.121",
ip6 => "fe80::250:56ff:feb1:2868",

You can see that for all nodes, ip6 facts still resolve correctly. The catalog also shows that the right logic is applied from the manifest. It seems like ipv6 is not being disabled on my machines? Could I be doing something wrong here?

Comment by Peter Meier [ 2018/07/20 ]

Yes it resolves, still to an ipv6 address. So somehow you still have an ip6 address on your interfaces, which means that you do not have properly disabled ipv6. Are you unloading the module?

Anyway it seems that meanwhile the ip util got fixed. At least CentOS 7:

#  cat /proc/cmdline 
BOOT_IMAGE=/vmlinuz-3.10.0-693.21.1.el7.x86_64 root=/dev/mapper/vg--meh-root ro crashkernel=auto rd.lvm.lv=vg-meh/root rd.lvm.lv=vg-meh/swap ipv6.disable=1 console=ttyS0,115200 panic=30 LANG=en_US.UTF-8
# ip -6 addr 
# ip -6 route show
# facter -p --show-legacy | grep ipaddress
default_ipaddress => 192.168.1.22
ipaddress => 192.168.1.22
ipaddress_eth0 => 192.168.1.22
ipaddress_lo => 127.0.0.1

 

Compare to what I reported in FACT-1739

So facter is not anymore reporting an ipaddress6 fact.

Still this could have been avoided if facter would match values against an excpected pattern. Which in this case here would be pretty trivial, as the format of an ipaddress is (luckily) the same on any system.

Comment by Enis Inan [ 2018/07/20 ]

Peter Meier I'm not sure what you mean by "unloading the module." I have it here https://github.com/ekinanp/facter/tree/FACT-1475/MODULES (that I'll revert once I can replicate the issue and get a fix in) with the ipv6 manifest in the customer module. The script disable-ipv6.sh is a wrapper to puppet apply that declares that class. (The other modules in there are dependencies for the kernel_parameter resource).

Do I need to reboot the machine?

Comment by Vadym Chepkov [ 2018/07/20 ]

Yes, changes take effect during boot time.

Comment by Enis Inan [ 2018/07/20 ]

Vadym Chepkov Ah, I'm able to reproduce it now. Thank you! Going to try to put up a fix for this soon.

Generated at Mon Jan 27 10:29:23 PST 2020 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.