From 0f1c5ec93ff3df4ef8f072478a78b7959da500f5 Mon Sep 17 00:00:00 2001 From: Johan Wassberg Date: Wed, 15 Mar 2023 13:08:24 +0100 Subject: [PATCH] Don't throw away v6 route when IP forwarding In environments where we relay on RAs for IPv6 (e.g Safespring) we need to forcely allow RAs even if IP forwarding is enabled by some service(s). E.g docker: https://github.com/SUNET/puppet-sunet/blob/2dc4de00de1d2404d5dffaf17d18723e2b369cd0/templates/dockerhost/systemd_dropin_nftables_ns.conf.erb#L46 --- iaas-setup.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/iaas-setup.sh b/iaas-setup.sh index 4ce578b..a236b69 100755 --- a/iaas-setup.sh +++ b/iaas-setup.sh @@ -75,6 +75,29 @@ if grep -q '^# en_US.UTF-8 UTF-8$' $locale_gen_file; then locale-gen fi +if [ "$(lsb_release -is)" == "Debian" ]; then + interfaces_file='/etc/network/interfaces.d/50-cloud-init' + + if [ -f "${interfaces_file}" ]; then + interface_string='iface ens3 inet6 dhcp' + accept_ra_string=' accept_ra 2' + + if ! grep -qPz "${interface_string}\n${accept_ra_string}" ${interfaces_file} ; then + + # By default net.ipv6.conf.ens3.accept_ra is set to 1 which + # makes the kernel throw a way the IPv6 route when + # net.ipv6.conf.all.forwarding is set to 1 by our service for + # Docker. + echo "Configuring interfaces to always accept Router Advertisements even with IP Forwarding enabled" + sed -i -r "s/(${interface_string})/\1\n${accept_ra_string}/" ${interfaces_file} + else + echo "WARN: Configuration already applied or no match for \"${interface_string}\" in ${interfaces_file}" + fi + else + echo "WARN: ${interfaces_file} not found. File renamed in this image?" + fi +fi + DEBIAN_FRONTEND="noninteractive" apt-get -y update DEBIAN_FRONTEND="noninteractive" apt-get -o Dpkg::Options::="--force-confnew" --fix-broken --assume-yes dist-upgrade reboot