Faidon Liambotis has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/350238 )
Change subject: Fix ipaddress6_primary to ignore deprecated addresses
......................................................................
Fix ipaddress6_primary to ignore deprecated addresses
During a fleet-wide audit, it was discovered that on the few hosts
that we have with a secondary IPv6 addresses with a preferred_lft of 0
(in order for the IPv6 source selection algorithm to ignore them),
ipaddress6_primary was not coming up with the correct address.
The cause for this was that ipaddress6_primary relied on
ipaddress6_#{interface_primary}, but the latter is pretty limited
(essentially uses the first IPv6 address that "ifconfig" outputs).
Instead of that, write our own code to extract the primary IPv6 address
using our own, hopefully more accurate heuristics.
Bug: T163196
Change-Id: I1f9bb1d5f3f278a96be8ddb132520ed3bed709c9
---
M modules/base/lib/facter/interface_primary.rb
1 file changed, 22 insertions(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/38/350238/1
diff --git a/modules/base/lib/facter/interface_primary.rb
b/modules/base/lib/facter/interface_primary.rb
index e22aaaf..fe14c81 100644
--- a/modules/base/lib/facter/interface_primary.rb
+++ b/modules/base/lib/facter/interface_primary.rb
@@ -17,9 +17,13 @@
Facter.add('interface_primary') do
confine :kernel => :linux
setcode do
- gw_route = Facter::Util::Resolution.exec('ip -4 route list 0/0')
- /.* dev (?<intf>[^\s]+) .*/ =~ gw_route
- intf
+ # Pick the interface used to reach the default IPv4 gateway. The IPv6 gw
+ # may or may not be reachable through the same interface, so technically
+ # this is "interface4_primary", but that's a corner-case that we currently
+ # do not need to handle.
+ gw_route = Facter::Util::Resolution.exec('ip -4 route list 0/0')
+ /.* dev (?<intf>[^\s]+) .*/ =~ gw_route
+ intf
end
end
@@ -34,7 +38,21 @@
Facter.add('ipaddress6_primary') do
confine :kernel => :linux
setcode do
+ ip = nil
intf = Facter.fact('interface_primary').value
- Facter.fact('ipaddress6_' + intf).value
+
+ # Do not rely on ipaddress6_#{interface_primary}, as its underlying
+ # implementation is unreliable and often wrong. Among other issues, it uses
+ # ifconfig instead of iproute and does not filter out deprecated
+ # (preferred_lft 0) addresses. Do our own parsing.
+ ipout = Facter::Util::Resolution.exec("ip -6 address list dev #{intf}")
+ ipout.each_line do |s|
+ if s =~ /^\s*inet6 ([0-9a-f:]+)\/([0-9]+) scope global (?!deprecated)/
+ ip = $1
+ break
+ end
+ end
+
+ ip
end
end
--
To view, visit https://gerrit.wikimedia.org/r/350238
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1f9bb1d5f3f278a96be8ddb132520ed3bed709c9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
