{"id":2205,"date":"2017-10-27T11:21:27","date_gmt":"2017-10-27T16:21:27","guid":{"rendered":"http:\/\/osric.com\/chris\/accidental-developer\/?p=2205"},"modified":"2017-10-27T11:21:27","modified_gmt":"2017-10-27T16:21:27","slug":"ipa-server-upgrade-ipv6-stack-is-enabled-in-the-kernel-but-there-is-no-interface-that-has-1-address-assigned","status":"publish","type":"post","link":"https:\/\/osric.com\/chris\/accidental-developer\/2017\/10\/ipa-server-upgrade-ipv6-stack-is-enabled-in-the-kernel-but-there-is-no-interface-that-has-1-address-assigned\/","title":{"rendered":"ipa-server-upgrade: IPv6 stack is enabled in the kernel but there is no interface that has ::1 address assigned"},"content":{"rendered":"

I applied the latest CentOS updates, as usual. It included a kernel update, so I rebooted the system:<\/p>\n

$ sudo yum update -y\r\n$ sudo reboot<\/code><\/pre>\n
After reboot, ipactl<\/code> showed that FreeIPA was not running:<\/p>\n
$ sudo ipactl status\r\nDirectory Service: STOPPED\r\nDirectory Service must be running in order to obtain status of other services\r\nipa: INFO: The ipactl command was successful<\/code><\/pre>\n
I tried to start it:<\/p>\n
$ sudo ipactl start\r\nUpgrade required: please run ipa-server-upgrade command\r\nAborting ipactl<\/code><\/pre>\n
I tried running ipa-server-upgrade<\/code>:<\/p>\n
$ sudo ipa-server-upgrade\r\nIPv6 stack is enabled in the kernel but there is no interface that has ::1 address assigned. Add ::1 address resolution to 'lo' interface. You might need to enable IPv6 on the interface 'lo' in sysctl.conf.\r\nThe ipa-server-upgrade command failed. See \/var\/log\/ipaupgrade.log for more information<\/code><\/pre>\n
I had previously disabled IPv6 in \/etc\/sysctl.conf<\/code> and removed the ::1<\/code> entry from \/etc\/hosts<\/code>.<\/p>\n
I added the localhost<\/code> entry back to \/etc\/hosts<\/code>:<\/p>\n
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6<\/code><\/pre>\n
I removed the statements disabling IPv6 from \/etc\/sysctl.conf<\/code>:<\/p>\n
net.ipv6.conf.all.disable_ipv6 = 1\r\nnet.ipv6.conf.default.disable_ipv6 = 1\r\nnet.ipv6.conf.lo.disable_ipv6 = 1<\/code><\/pre>\n
I rebooted for good measure, but even after reboot ipa-server-upgrade<\/code> produced the same error. Indeed, IPv6 is not enabled:<\/p>\n
$ ping6 ::1\r\nconnect: No route to host\r\n$ ping6 localhost\r\nconnect: No route to host\r\n$ sysctl net.ipv6.conf.all.disable_ipv6\r\nnet.ipv6.conf.all.disable_ipv6 = 1<\/code><\/pre>\n
That makes sense. Merely removing the lines setting IPv6 to disabled didn’t actually do anything to re-enable it.<\/p>\n
$ sudo sysctl net.ipv6.conf.all.disable_ipv6=0\r\nnet.ipv6.conf.all.disable_ipv6 = 0\r\n$ sudo sysctl net.ipv6.conf.lo.disable_ipv6=0\r\nnet.ipv6.conf.lo.disable_ipv6 = 0<\/code><\/pre>\n
After that change, ping6 ::1<\/code> and ping6 localhost<\/code> worked as expected. I left IPv6 disabled on the default interface, but noticed in ifconfig<\/code> that eth0<\/code> had picked up an IPv6 address, so I disabled that:<\/p>\n
$ sudo sysctl net.ipv6.conf.eth0.disable_ipv6=1<\/code><\/pre>\n
I also added that same line to \/etc\/sysctl.conf<\/code>.<\/p>\n
I ran the upgrade again:<\/p>\n
$ sudo ipa-server-upgrade\r\nUpgrading IPA:. Estimated time: 1 minute 30 seconds\r\n...\r\n...\r\n...\r\nThe IPA services were upgraded\r\nThe ipa-server-upgrade command was successful<\/code><\/pre>\n
And started FreeIPA:<\/p>\n
$ sudo ipactl start\r\nStarting Directory Service\r\nStarting krb5kdc Service\r\nStarting kadmin Service\r\nStarting httpd Service\r\nStarting ipa-custodia Service\r\nStarting ntpd Service\r\nStarting pki-tomcatd Service\r\nStarting ipa-otpd Service\r\nipa: INFO: The ipactl command was successful<\/code><\/pre>\n
Success! And apparently disabling IPv6 is not the best idea.<\/p>\n","protected":false},"excerpt":{"rendered":"
I applied the latest CentOS updates, as usual. It included a kernel update, so I rebooted the system: $ sudo yum update -y $ sudo reboot After reboot, ipactl showed that FreeIPA was not running: $ sudo ipactl status Directory Service: STOPPED Directory Service must be running in order to obtain status of other services … Continue reading ipa-server-upgrade: IPv6 stack is enabled in the kernel but there is no interface that has ::1 address assigned<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[422],"tags":[417,461],"class_list":["post-2205","post","type-post","status-publish","format-standard","hentry","category-sysadmin","tag-freeipa","tag-ipv6"],"_links":{"self":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/comments?post=2205"}],"version-history":[{"count":3,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2205\/revisions"}],"predecessor-version":[{"id":2208,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2205\/revisions\/2208"}],"wp:attachment":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/media?parent=2205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/categories?post=2205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/tags?post=2205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}