Faidon Liambotis has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/350238 )
Change subject: Fix ipaddress6_primary to ignore deprecated addresses
......................................................................
Fix ipaddress6_primary to ignore deprecated addresses
During a fleet-wide audit, it was discovered that on the few hosts
that we have with a secondary IPv6 addresses with a preferred_lft of 0
(in order for the IPv6 source selection algorithm to ignore them),
ipaddress6_primary was not coming up with the correct address.
The cause for this was that ipaddress6_primary relied on
ipaddress6_#{interface_primary}, but the latter is pretty limited
(essentially uses the first IPv6 address that "ifconfig" outputs).
Instead of that, write our own code to extract the primary IPv6 address
using our own, hopefully more accurate heuristics.
Bug: T163196
Change-Id: I1f9bb1d5f3f278a96be8ddb132520ed3bed709c9
---
M modules/base/lib/facter/interface_primary.rb
1 file changed, 22 insertions(+), 4 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
Volans: Looks good to me, but someone else must approve
diff --git a/modules/base/lib/facter/interface_primary.rb
b/modules/base/lib/facter/interface_primary.rb
index e22aaaf..f4eefef 100644
--- a/modules/base/lib/facter/interface_primary.rb
+++ b/modules/base/lib/facter/interface_primary.rb
@@ -17,9 +17,13 @@
Facter.add('interface_primary') do
confine :kernel => :linux
setcode do
- gw_route = Facter::Util::Resolution.exec('ip -4 route list 0/0')
- /.* dev (?<intf>[^\s]+) .*/ =~ gw_route
- intf
+ # Pick the interface used to reach the default IPv4 gateway. The IPv6 gw
+ # may or may not be reachable through the same interface, so technically
+ # this is "interface4_primary", but that's a corner-case that we currently
+ # do not need to handle.
+ gw_route = Facter::Util::Resolution.exec('ip -4 route list 0/0')
+ /.* dev (?<intf>[^\s]+) .*/ =~ gw_route
+ intf
end
end
@@ -34,7 +38,21 @@
Facter.add('ipaddress6_primary') do
confine :kernel => :linux
setcode do
+ ip = nil
intf = Facter.fact('interface_primary').value
- Facter.fact('ipaddress6_' + intf).value
+
+ # Do not rely on ipaddress6_#{interface_primary}, as its underlying
+ # implementation is unreliable and often wrong. Among other issues, it uses
+ # ifconfig instead of iproute and does not filter out deprecated
+ # (preferred_lft 0) addresses. Do our own parsing.
+ ipout = Facter::Util::Resolution.exec("ip -6 address list dev #{intf}")
+ ipout.each_line do |s|
+ if s =~ %r{^\s*inet6 ([0-9a-f:]+)\/([0-9]+) scope global (?!deprecated)}
+ ip = Regexp.last_match(1)
+ break
+ end
+ end
+
+ ip
end
end
--
To view, visit https://gerrit.wikimedia.org/r/350238
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I1f9bb1d5f3f278a96be8ddb132520ed3bed709c9
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Volans <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
