Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#780738: netfilter-persistent: failure to shortcircuit on ipv6.disabled=1 results in "degraded" systemd system
62 views
Skip to first unread message
Stephen Dowdy
Apr 20, 2015, 7:40:04 PM4/20/15
to
Package: netfilter-persistent
Version: 1.0.3
Followup-For: Bug #780738
-- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages netfilter-persistent depends on:
ii init-system-helpers 1.22
ii lsb-base 4.1+Debian13+nmu1
netfilter-persistent recommends no packages.
netfilter-persistent suggests no packages.
-- no debconf information
If IPv6 is disabled, then netfilter-persistent should fail to attempt to load any rules.v6 file, regardless of their existence, because otherwise failures cascade into many other places.
(systemd believes it is in a degraded state due to service failure, needrestart fails to run from dpkg failures related...)
Please shortcircuit any IPv6 conditionals based upon /proc/sys/net/ipv6 non-existence as recommended by original bug report.
sdowdy-jessie-vm:~# cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-3.16.0-4-amd64 root=UUID=797c2b0f-fb63-4857-9b73-f67a9d4eed31 ro ipv6.disable=1
sdowdy-jessie-vm:~# systemctl status netfilter-persistent
* netfilter-persistent.service - netfilter persistent configuration
Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled)
Active: failed (Result: exit-code) since Mon 2015-04-20 16:58:50 MDT; 56s ago
Process: 20901 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=1/FAILURE)
Main PID: 20901 (code=exited, status=1/FAILURE)
Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 2
Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: netfilter-persistent.service: main process exited, code=exited, status=1/FAILURE
Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: Failed to start netfilter persistent configuration.
Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: Unit netfilter-persistent.service entered failed state.
file /etc/iptables/rules.v6 accidentally created when not thinking in dpkg dialog during package updates by asking to save IPv6 rules.
dowdy-jessie-vm:~# cat /etc/iptables/rules.v6
# Generated by ip6tables-save v1.4.21 on Tue Dec 9 20:17:39 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Tue Dec 9 20:17:39 2014
aptitude safe-upgrade with needrestart borks:
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Failed to perform requested operation on package. Trying to recover:
Setting up netfilter-persistent (1.0.3) ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Job for netfilter-persistent.service failed. See 'systemctl status netfilter-persistent.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript netfilter-persistent, action "start" failed.
dpkg: error processing package netfilter-persistent (--configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of iptables-persistent:
iptables-persistent depends on netfilter-persistent (= 1.0.3); however:
Package netfilter-persistent is not configured yet.
dpkg: error processing package iptables-persistent (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
netfilter-persistent
iptables-persistent
Current status: 39 updates [-552].
sdowdy-jessie-vm:~# systemctl is-system-running
degraded
sdowdy-jessie-vm:~# systemctl list-units --state=,failed, --no-legend
netfilter-persistent.service loaded failed failed netfilter persistent configuration
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Version: 1.0.3
Followup-For: Bug #780738
-- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages netfilter-persistent depends on:
ii init-system-helpers 1.22
ii lsb-base 4.1+Debian13+nmu1
netfilter-persistent recommends no packages.
netfilter-persistent suggests no packages.
-- no debconf information
If IPv6 is disabled, then netfilter-persistent should fail to attempt to load any rules.v6 file, regardless of their existence, because otherwise failures cascade into many other places.
(systemd believes it is in a degraded state due to service failure, needrestart fails to run from dpkg failures related...)
Please shortcircuit any IPv6 conditionals based upon /proc/sys/net/ipv6 non-existence as recommended by original bug report.
sdowdy-jessie-vm:~# cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-3.16.0-4-amd64 root=UUID=797c2b0f-fb63-4857-9b73-f67a9d4eed31 ro ipv6.disable=1
sdowdy-jessie-vm:~# systemctl status netfilter-persistent
* netfilter-persistent.service - netfilter persistent configuration
Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled)
Active: failed (Result: exit-code) since Mon 2015-04-20 16:58:50 MDT; 56s ago
Process: 20901 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=1/FAILURE)
Main PID: 20901 (code=exited, status=1/FAILURE)
Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 2
Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: netfilter-persistent.service: main process exited, code=exited, status=1/FAILURE
Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: Failed to start netfilter persistent configuration.
Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: Unit netfilter-persistent.service entered failed state.
file /etc/iptables/rules.v6 accidentally created when not thinking in dpkg dialog during package updates by asking to save IPv6 rules.
dowdy-jessie-vm:~# cat /etc/iptables/rules.v6
# Generated by ip6tables-save v1.4.21 on Tue Dec 9 20:17:39 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Tue Dec 9 20:17:39 2014
aptitude safe-upgrade with needrestart borks:
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Failed to perform requested operation on package. Trying to recover:
Setting up netfilter-persistent (1.0.3) ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Job for netfilter-persistent.service failed. See 'systemctl status netfilter-persistent.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript netfilter-persistent, action "start" failed.
dpkg: error processing package netfilter-persistent (--configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of iptables-persistent:
iptables-persistent depends on netfilter-persistent (= 1.0.3); however:
Package netfilter-persistent is not configured yet.
dpkg: error processing package iptables-persistent (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
netfilter-persistent
iptables-persistent
Current status: 39 updates [-552].
sdowdy-jessie-vm:~# systemctl is-system-running
degraded
sdowdy-jessie-vm:~# systemctl list-units --state=,failed, --no-legend
netfilter-persistent.service loaded failed failed netfilter persistent configuration
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages