.conf file in /etc/sysctl.d/ not working

Trying to fulfill the documentation for matter i need to set a few kernel values:

I need this to get my docker homeassistant working in combination with homeassistant-matter-hub also running in docker

Precondition to use homeassistant-matter-hub is to modify the daemon.json for docker like this

    - path: /etc/docker/daemon.json
      contents:
        inline: |
          {
            "ipv6": true,
            "fixed-cidr-v6": "2001:db8:1::/64",
            "experimental": true,
            "ip6tables": true,
            "default-address-pools": [
              { "base": "172.17.0.0/16", "size": 16 },
              { "base": "172.18.0.0/16", "size": 16 },
              { "base": "172.19.0.0/16", "size": 16 },
              { "base": "172.20.0.0/14", "size": 16 },
              { "base": "172.24.0.0/14", "size": 16 },
              { "base": "172.28.0.0/14", "size": 16 },
              { "base": "192.168.0.0/16", "size": 20 },
              { "base": "2001:db8::/104", "size": 112 }
            ]
          }

So (i guess) i have to do 2 thigs:

  1. Set kernel options → DONE
sudo rpm-ostree kargs --append=CONFIG_IPV6_ROUTER_PREF=y
sudo rpm-ostree kargs --append=CONFIG_IPV6_ROUTE_INFO=y
  1. Set kernel parameters
  • Created a file /etc/sysctl.d/60-ipv6.conf
  • Added the following content
# IPv6 for homeassistant-matter-hub
net.ipv6.conf.all.forwarding=0
net.ipv6.conf.enp5s0.accept_ra=2
net.ipv6.conf.enp5s0.accept_ra_rt_info_max_plen=64
  • rebooted

The Problem

It seems that after the reboot the kernel parameters are not set:

$ sysctl net.ipv6.conf.enp5s0
net.ipv6.conf.enp5s0.accept_dad = 1
net.ipv6.conf.enp5s0.accept_ra = 0
net.ipv6.conf.enp5s0.accept_ra_defrtr = 1
net.ipv6.conf.enp5s0.accept_ra_from_local = 0
net.ipv6.conf.enp5s0.accept_ra_min_hop_limit = 1
net.ipv6.conf.enp5s0.accept_ra_min_lft = 0
net.ipv6.conf.enp5s0.accept_ra_mtu = 1
net.ipv6.conf.enp5s0.accept_ra_pinfo = 1
net.ipv6.conf.enp5s0.accept_ra_rt_info_max_plen = 64
net.ipv6.conf.enp5s0.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.enp5s0.accept_ra_rtr_pref = 1
net.ipv6.conf.enp5s0.accept_redirects = 1
net.ipv6.conf.enp5s0.accept_source_route = 0
net.ipv6.conf.enp5s0.accept_untracked_na = 0
net.ipv6.conf.enp5s0.addr_gen_mode = 1
net.ipv6.conf.enp5s0.autoconf = 1
net.ipv6.conf.enp5s0.dad_transmits = 1
net.ipv6.conf.enp5s0.disable_ipv6 = 0
net.ipv6.conf.enp5s0.disable_policy = 0
net.ipv6.conf.enp5s0.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.enp5s0.drop_unsolicited_na = 0
net.ipv6.conf.enp5s0.enhanced_dad = 1
net.ipv6.conf.enp5s0.force_mld_version = 0
net.ipv6.conf.enp5s0.force_tllao = 0
net.ipv6.conf.enp5s0.forwarding = 1
net.ipv6.conf.enp5s0.hop_limit = 64
net.ipv6.conf.enp5s0.ignore_routes_with_linkdown = 0
net.ipv6.conf.enp5s0.ioam6_enabled = 0
net.ipv6.conf.enp5s0.ioam6_id = 65535
net.ipv6.conf.enp5s0.ioam6_id_wide = 4294967295
net.ipv6.conf.enp5s0.keep_addr_on_down = 0
net.ipv6.conf.enp5s0.max_addresses = 16
net.ipv6.conf.enp5s0.max_desync_factor = 600
net.ipv6.conf.enp5s0.mc_forwarding = 0
net.ipv6.conf.enp5s0.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.enp5s0.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.enp5s0.mtu = 1492
net.ipv6.conf.enp5s0.ndisc_evict_nocarrier = 1
net.ipv6.conf.enp5s0.ndisc_notify = 0
net.ipv6.conf.enp5s0.ndisc_tclass = 0
net.ipv6.conf.enp5s0.optimistic_dad = 0
net.ipv6.conf.enp5s0.proxy_ndp = 0
net.ipv6.conf.enp5s0.ra_defrtr_metric = 1024
net.ipv6.conf.enp5s0.ra_honor_pio_life = 0
net.ipv6.conf.enp5s0.regen_max_retry = 3
net.ipv6.conf.enp5s0.router_probe_interval = 60
net.ipv6.conf.enp5s0.router_solicitation_delay = 1
net.ipv6.conf.enp5s0.router_solicitation_interval = 4
net.ipv6.conf.enp5s0.router_solicitation_max_interval = 3600
net.ipv6.conf.enp5s0.router_solicitations = -1
net.ipv6.conf.enp5s0.rpl_seg_enabled = 0
net.ipv6.conf.enp5s0.seg6_enabled = 0
net.ipv6.conf.enp5s0.seg6_require_hmac = 0
sysctl: permission denied on key 'net.ipv6.conf.enp5s0.stable_secret'
net.ipv6.conf.enp5s0.suppress_frag_ndisc = 1
net.ipv6.conf.enp5s0.temp_prefered_lft = 86400
net.ipv6.conf.enp5s0.temp_valid_lft = 604800
net.ipv6.conf.enp5s0.use_oif_addrs_only = 0
net.ipv6.conf.enp5s0.use_optimistic = 0
net.ipv6.conf.enp5s0.use_tempaddr = 0

So i guess im doing somethign wrong here?

The Target

After successfully finishing this task i want to add this code to my butane file for my next server deployment to not have to perform this task manually anytime soon …

Today if messed around with this stuff and loading the file manually works fine:

sudo sysctl --load=/etc/sysctl.d/60-ipv6.conf
net.ipv6.conf.enp5s0.accept_ra = 2
net.ipv6.conf.enp5s0.accept_ra_rt_info_max_plen = 64

This is exaclty what i need
Why is it not loaded “autmoatically”?

There must be something obvious i dont get …

Just a guess: are the parameters not reset by NetworkManager?

echo 2 >/proc/sys/net/ipv6/conf/bridge0/accept_racat /proc/sys/net/ipv6/conf/bridge0/accept_ra
2
systemctl restart NetworkManager
#cat /proc/sys/net/ipv6/conf/bridge0/accept_ra
0

YES they are!
Thank you, i did stumble upon NeworkManager but i do not know what it exactly does …

Can you tell me what i have to do to get these two parameters set the right way?

I am not familiar with Home Assistant, nor with the Home-Assistant-Matter-Hub container images, and I do not have a suitable device to test them.

The following Butane config snippet should set the accept_ra and accept_ra_rt_info_max_plen values.

Butane config snippet
variant: fcos
version: 1.6.0

systemd:
  units:
    - name: accept_ra.service
      enabled: true
      contents: |
        [Unit]
        Description=Set accept_ra and accept_ra_rt_info_max_plen
        After=network.target

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/env bash -c "echo 2 > /proc/sys/net/ipv6/conf/enp1s0/accept_ra"
        ExecStart=/usr/bin/env bash -c "echo 64 > /proc/sys/net/ipv6/conf/enp1s0/accept_ra_rt_info_max_plen"

        [Install]
        WantedBy=multi-user.target

OK,
so setting up a systemd unit for every boot is your suggestion

I will test it out and give feedback

Thank you very much

Oh man, i dont know whats going on

I manually created the file in /etc/systemd/system/accept_ra.service and inserted the code

Below it can also be seen that two Processes are started with exit status SUCCESS

But below you se that the Parameter is not set …

[core@blackpearl ~]$ sudo systemctl status accept_ra
WARNING: terminal is not fully functional
Press RETURN to continue
â—Ź accept_ra.service - Set accept_ra and accept_ra_rt_info_max_plen
     Loaded: loaded (/etc/systemd/system/accept_ra.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (exited) since Sat 2024-12-28 11:30:07 UTC; 3min 22s ago
    Process: 1263 ExecStart=/usr/bin/env bash -c echo 2 > /proc/sys/net/ipv6/conf/enp5s0/accept_ra (code=exited, sta>
    Process: 1270 ExecStart=/usr/bin/env bash -c echo 64 > /proc/sys/net/ipv6/conf/enp5s0/accept_ra_rt_info_max_plen>
   Main PID: 1270 (code=exited, status=0/SUCCESS)
        CPU: 8ms

Dec 28 11:30:07 blackpearl systemd[1]: Starting accept_ra.service - Set accept_ra and accept_ra_rt_info_max_plen...
Dec 28 11:30:07 blackpearl systemd[1]: Finished accept_ra.service - Set accept_ra and accept_ra_rt_info_max_plen.
[core@blackpearl ~]$ sysctl net.ipv6.conf.enp5s0.accept_ra
net.ipv6.conf.enp5s0.accept_ra = 0

EDIT:

This works

[core@blackpearl ~]$ sudo /usr/bin/env bash -c "echo 2 > /proc/sys/net/ipv6/conf/enp5s0/accept_ra"
[core@blackpearl ~]$ sysctl net.ipv6.conf.enp5s0.accept_ra
net.ipv6.conf.enp5s0.accept_ra = 2

Is NetworkManager executed afterwards and resets the settings the same way?

It works for me. NetworkManager.service is started before network.target. Try restarting accept_ra.service or reboot the machine. You can also try provisioning Fedora CoreOS with the provided Butane config.

OK, after making sure to add a Wants and After, this unit seems to be started AFTER NetworkManager, which leads to NetworkManager not re-re-setting these kernel parameters afterwards

@hricky Thank you very very much, this should now be the solution to my problems

Below my final file for others

manually

cat /etc/systemd/system/accept_ra.service
[Unit]
Description=Set accept_ra and accept_ra_rt_info_max_plen
Wants=network-online.target
After=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/env bash -c "echo 2 > /proc/sys/net/ipv6/conf/enp5s0/accept_ra"
ExecStart=/usr/bin/env bash -c "echo 64 > /proc/sys/net/ipv6/conf/enp5s0/accept_ra_rt_info_max_plen"

[Install]
WantedBy=multi-user.target

I understood NetworkManager does as much as it can by itself, so may be it even interprets router advertisements itself instead of relying on accept_ra settings.

I do not know nor the application nor Docker, so is it necessary to bother about those settings having IPv6 set-up nicely by NetworkManager automatic configuration, or are there more things in the game to be taken into account?

May be is systemd-networkd closer to the lower level network setup, having e.g. “IPv6AcceptRA=yes/no” toggle, probably touching the same sysctl…

2 Likes

Sadly i have no knowledge in all of these things, just trying to fulfill the requirements documented in the troubleshooting guide

I am not able to “translate” the kernel parameter value suggestion to the “proper way” of configuring the same things in CoreOS

Is someone with more knowledge than me provides a example including steps i am willing to try if its working

Not sure if im doing something wrong but only After=network.target seems not to be enough for me

As I already mentioned, I am not familiar with the matter. The Butane config was just a wild guess that I tested on a freshly provisioned virtual machine. It probably won’t work in another environment, nor is it the right solution.

My suggestion would be to learn and test to understand exactly what needs to be adjusted and why. Then it would be much easier to figure out where to set it up. Fedora CoreOS provides plenty of options for configuring networking for a machine.

2 Likes

Thank you for your explanation

Just a small remark about the beginning of this thread:

  1. Set kernel options → DONE
sudo rpm-ostree kargs --append=CONFIG_IPV6_ROUTER_PREF=y
sudo rpm-ostree kargs --append=CONFIG_IPV6_ROUTE_INFO=y

Are those options not defined during build of the kernel?
On Fedora Workstation:

grep CONFIG_IPV6_ROUTE  /boot/config-6.11.11-300.fc41.x86_64 

CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y

The Fedora Workstation kernel is build with the options above defined, so they do not have to be passed as kernel arguments (and probably will be just ignored)

1 Like