processing /etc/sysctl.d

[Lee]

How to get /etc/sysctl.d/local.conf directives processed?

I don't see any errors or warnings in the logs that look applicable,
and grep sysctl doesn't give me anything interesting:

$ grep sysctl /var/log/* 2>/dev/null
/var/log/auth.log:May 3 19:41:17 spot sudo: lee : TTY=pts/0 ;
PWD=/home/lee ; USER=root ; COMMAND=/usr/sbin/sysctl
--load=/etc/sysctl.d/local.conf
/var/log/kern.log:May 2 17:55:03 spot kernel: [ 0.070323] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/kern.log:May 2 18:28:15 spot kernel: [ 0.070201] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/kern.log:May 2 18:34:23 spot kernel: [ 0.070002] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/kern.log:May 3 18:21:59 spot kernel: [ 0.069819] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/kern.log:May 3 19:18:01 spot kernel: [ 0.070156] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/kern.log:May 3 19:29:12 spot kernel: [ 0.070329] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/messages:May 2 17:55:03 spot kernel: [ 0.070323] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/messages:May 2 18:28:15 spot kernel: [ 0.070201] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/messages:May 2 18:34:23 spot kernel: [ 0.070002] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/messages:May 3 18:21:59 spot kernel: [ 0.069819] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/messages:May 3 19:18:01 spot kernel: [ 0.070156] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/messages:May 3 19:29:12 spot kernel: [ 0.070329] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/syslog:May 2 17:55:03 spot kernel: [ 0.070323] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/syslog:May 2 18:28:15 spot kernel: [ 0.070201] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/syslog:May 2 18:34:23 spot kernel: [ 0.070002] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/syslog:May 3 18:21:59 spot kernel: [ 0.069819] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/syslog:May 3 19:18:01 spot kernel: [ 0.070156] Yama:
disabled by default; enable with sysctl kernel.yama.*
/var/log/syslog:May 3 19:29:12 spot kernel: [ 0.070329] Yama:
disabled by default; enable with sysctl kernel.yama.*



I'm at a loss for how to figure out why my settings aren't taking effect.

$ head /etc/sysctl.d/local.conf
# my site local preferences
#
# man sysctl.d
# Configure kernel parameters at boot
# /etc/sysctl.d/*.conf
# key/name/under/proc/sys = some value

# accept router advertisements
net/ipv6/conf/enp1s0/accept_ra = 1


$ cat /proc/sys/net/ipv6/conf/enp1s0/accept_ra

0


Telling the system to read /etc/sysctl.d/local.conf works:
$ sudo sysctl --load=/etc/sysctl.d/local.conf
<.. snip lots ..>

$ cat /proc/sys/net/ipv6/conf/enp1s0/accept_ra
1

How do I get the system to read it at boot time?

TIA
Lee

[Greg Wooledge]

On Wed, May 03, 2023 at 07:50:30PM -0400, Lee wrote:
> $ head /etc/sysctl.d/local.conf
> # my site local preferences
> #
> # man sysctl.d
> # Configure kernel parameters at boot
> # /etc/sysctl.d/*.conf
> # key/name/under/proc/sys = some value
>
> # accept router advertisements
> net/ipv6/conf/enp1s0/accept_ra = 1
>
>
> $ cat /proc/sys/net/ipv6/conf/enp1s0/accept_ra
> 0
>
>
> Telling the system to read /etc/sysctl.d/local.conf works:
> $ sudo sysctl --load=/etc/sysctl.d/local.conf
> <.. snip lots ..>
>
> $ cat /proc/sys/net/ipv6/conf/enp1s0/accept_ra
> 1
>
> How do I get the system to read it at boot time?

A guess: perhaps this parameter cannot be set during the initial boot,
because the enp1s0 interface isn't in a working state yet.

If you put another parameter in the same local.conf file, one that's
*not* tied to a piece of hardware, does it work?

[Andy Smith]

Hello,

On Wed, May 03, 2023 at 07:50:30PM -0400, Lee wrote:

> I'm at a loss for how to figure out why my settings aren't taking effect.
>
> $ head /etc/sysctl.d/local.conf

[…]

> # accept router advertisements
> net/ipv6/conf/enp1s0/accept_ra = 1

Is it possible that enp1s0 didn't yet exist at the time that
systemd-sysctl.service ran? To check, you could instead set the key

net/ipv6/conf/default/accept_ra = 1

then any new interfaces should get accept_ra=1 as they are created.

Though when I look at my net/ipv6/conf/default/accept_ra it is
already set to 1, so another possibility is that you have something
that is setting net/ipv6/conf/enp1s0/accept_ra back to 0 after
systemd-sysctl.service already set it to 1. NetworkManager is known
to do this:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025073

So, what are you using to manage enp1s0?

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

[Michel Verdier]

Le 4 mai 2023 Greg Wooledge a écrit :

> A guess: perhaps this parameter cannot be set during the initial boot,
> because the enp1s0 interface isn't in a working state yet.

Yes setting parameter on interface is better done in
/etc/network/interfaces or /etc/network/interfaces.d/*
which is used when the interface is configured
with a stanse like

auto enp1s0...
sysctl net/ipv6/conf/default/accept_ra = 1

[Michel Verdier]

Le 4 mai 2023 Michel Verdier a écrit :

> with a stanse like
>
> auto enp1s0...
> sysctl net/ipv6/conf/default/accept_ra = 1

I mean

sysctl net.ipv6.conf.enp1s0.accept_ra = 1

[Greg Wooledge]

And it goes in the "iface" stanza, not the "auto" one, just in case
that wasn't clear to the OP.

[Andy Smith]

Hello,

On Thu, May 04, 2023 at 08:43:52AM +0200, Michel Verdier wrote:
> Yes setting parameter on interface is better done in
> /etc/network/interfaces or /etc/network/interfaces.d/*
> which is used when the interface is configured

There's definitely race conditions between creation of interface and
setting of sysctls at boot, so I agree - I don't think I would use sysctl.d
for any of those interface settings except default/all.

I also don't know if an interface goes away and comes back again (
think ppp, dummy, VPNs, etc) if it gets the same sysctl settings as
you set last time or if it just gets the "default" ones all over
again. I suspect the latter.

So yeah, multiple reasons to not try setting per-interface sysctls
in sysctl.d.

[Lee]

Yes. All of the directives that do _not_ mention enp1s0 "take".
What's annoying is that all this worked before upgrading to 11.7 ..
and I'm positive of that because this is a server running bind that
now dies on the
query-source-v6 address xx::yy port *;
line in named.conf :(

Is there a way to get systemd to do <this> list of commands in
/etc/sysctl.d/something.conf
and <that> set of commands in /etc/sysctl.d/somethingElse.conf _after_
all the interfaces come up?

Thanks
Lee

[Lee]

On 5/3/23, Andy Smith wrote:
> Hello,
>
> On Wed, May 03, 2023 at 07:50:30PM -0400, Lee wrote:
>> I'm at a loss for how to figure out why my settings aren't taking effect.
>>
>> $ head /etc/sysctl.d/local.conf
>
> […]
>
>> # accept router advertisements
>> net/ipv6/conf/enp1s0/accept_ra = 1
>
> Is it possible that enp1s0 didn't yet exist at the time that
> systemd-sysctl.service ran? To check, you could instead set the key
>
> net/ipv6/conf/default/accept_ra = 1
>

it's already set

> then any new interfaces should get accept_ra=1 as they are created.
>
> Though when I look at my net/ipv6/conf/default/accept_ra it is
> already set to 1, so another possibility is that you have something
> that is setting net/ipv6/conf/enp1s0/accept_ra back to 0 after
> systemd-sysctl.service already set it to 1. NetworkManager is known
> to do this:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025073
>
> So, what are you using to manage enp1s0?

yup - I'm using NetworkManager
I wanted a static ipv4 address and that was the only thing I could get working

Thanks
Lee

[Lee]

I suspect that won't work for me:

$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

$ ls -l interfaces.d
total 0

I didn't know what I was doing when I set this machine up & used the
GUI interface to network manager to configure a static ipv4 address.
Or at least I think it's network manager .. ps shows it as
/usr/bin/nm-connection-editor

Thanks
Lee

[Lee]

On 5/4/23, Andy Smith wrote:
> Hello,
>
> On Thu, May 04, 2023 at 08:43:52AM +0200, Michel Verdier wrote:
>> Yes setting parameter on interface is better done in
>> /etc/network/interfaces or /etc/network/interfaces.d/*
>> which is used when the interface is configured
>
> There's definitely race conditions between creation of interface and
> setting of sysctls at boot, so I agree - I don't think I would use sysctl.d
> for any of those interface settings except default/all.
>
> I also don't know if an interface goes away and comes back again (
> think ppp, dummy, VPNs, etc) if it gets the same sysctl settings as
> you set last time or if it just gets the "default" ones all over
> again. I suspect the latter.

enp1s0 does _not_ get the default settings -- I spent way too much
time figuring out how to get ipv6 working on this machine and now,
after upgrading to 11.7, it's broken :(

> So yeah, multiple reasons to not try setting per-interface sysctls
> in sysctl.d.

OK.. I'll try to figure out how to modify whatever in /etc/NetworkManager

<rant>
Why isn't that caveat mentioned in the man pages? It seems like a
rather serious deficiency in sysctl.d
</rant>

Thanks
Lee

[Greg Wooledge]

On Thu, May 04, 2023 at 01:22:40PM -0400, Lee wrote:
> OK.. I'll try to figure out how to modify whatever in /etc/NetworkManager

I've been told that Network Manager will ignore any interfaces that
are defined in /etc/network/interfaces. So the correct way to set up
a static address on that interface would be to add it in /e/n/i and
simply don't touch Network Manager at all.

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet static
address 192.168.x.y/24
# gateway 192.168.x.1 if you need this to be the default route
up sysctl blah blah blah

Also, having "auto enp1s0" here will tell systemd that this interface
is one that matters, and that this interface needs to be up before it
can activate any services that depend on the "network being up". I
have no idea how that works with N-M because I've never used N-M.

I can't help you with IPv6.

[Michel Verdier]

Le 4 mai 2023 Greg Wooledge a écrit :

> I can't help you with IPv6.

ipv6 is setup by adding in /e/n/i

iface enp1s0 inet6 auto

[Andy Smith]

Hello,

On Thu, May 04, 2023 at 12:56:50PM -0400, Lee wrote:
> Is there a way to get systemd to do <this> list of commands in
> /etc/sysctl.d/something.conf
> and <that> set of commands in /etc/sysctl.d/somethingElse.conf _after_
> all the interfaces come up?

I think your NetworkManager is changing this sysctl to 0 because
your default is 1, so these interfaces will be created with it as 1.
All that would happen if you made systemd change it as well is that
you'd have *another* race condition.

Needs to be fixed in the NM config IMHO.

[Lee]

That does sound like the way to go. I originally tried to configure
the box that way and failed, but it seems like it's worth another try.
But since I ended up with networkmanager because it was the only thing
that worked for me I need to allow enough time for troubleshooting &
restoring everything to my current setup before giving it a try --
which will be Monday at best.

Thanks
Lee