Sysctl.conf still being ignored on boot

Hi

I have a setting to disable ipv6 in /etc/sysctl.conf and it is ignored at boot

I have to manually run

sudo sysctl -p

and the settings I’ve added (or are added by suse?) are then appied

I’ve had a look back though posts on these forums and cannot see an actual answer that works (including a thread from 2013)

/etc/sysctl.conf is defintely link to from /usr/lib/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf

ls -l /usr/lib/sysctl.d/99-sysctl.conf
lrwxrwxrwx 1 root root 16 Mar  6 21:05 /usr/lib/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf

One thread suggested

chkconfig -a boot.sysctl

But I got a response of

boot.sysctl: unknown service

Running

sudo systemctl enable systemd-sysctl.service

tells me:


The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.
 
Possible reasons for having this kind of units are:
• A unit may be statically enabled by being symlinked from another unit's
  .wants/ or .requires/ directory.
• A unit's purpose may be to act as a helper for some other unit which has
  a requirement dependency on it.
• A unit may be started when needed via activation (socket, path, timer,
  D-Bus, udev, scripted systemctl call, ...).
• In case of template units, the unit is meant to be enabled with some
  instance name specified.

Running

sudo sysctl -p 

Gives me what I want and reads /etc/sysctl.conf

But this does not happen at boot

Why?

In debian (which I use at work on multiple VMs, actual hardware etc of all OSes dating back years) this just works

But not in Tumbleweed

There is obviously some step I am missing that involves more than just putting an entry in /etc/sysctl.conf

(and has been for a while?)

But it should be possible to just add an entry in /etc/sysctl.conf and reboot and it to just work by default

If it doesn’t, then is it a bug?

It really should not be a question of RTFM because manually running

sudo sysctl -p

works

Regards

Hi
No softlink here, /etc/sysctl.conf is a file, it’s better to use your own conf file in /etc/sysctl.d/, I use a 98-hostname.conf file and is used and read based on the output from;


sysctl --system


net.ipv6.conf.all.disable_ipv6 = 1

Not sure why it would be a softlink…

Is the output from status ok?


systemctl status systemd-sysctl.service

In openSUSE YaST network settings is where ipv6 can be disabled, which does touch /etc/sysctl.conf.

Have you tried running:

mkinitrd

The system is possibly using the version of “sysctl.conf” that is saved in the “initrd”.

Interesting

I’ll give that a go

(although I’ve never had to do similar with any other distro, usually just editing the file and rebooting works, in debian (for example) you dont have to do “update-grub2” which rebuilds your initrd)

Nope

Made no difference

(as per the instructions in /etc/default/grub I ran:)

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

And rebooted

Just to confirm that

/etc/sysctl.conf

is a file

/usr/lib/sysctl.d/99-sysctl.conf

is a link to

/etc/sysctl.conf

And as I said, running

sudo sysctl -p 

loads the config that is in

/etc/sysctl.conf

So I am trying to determine why /etc/systl.conf is not applied at boot

Running

sudo systemctl status systemd-sysctl.service

tells me


systemd-sysctl.service - Apply Kernel Variables
     Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static; vendor preset: disabled)
    Drop-In: /usr/lib/systemd/system/systemd-sysctl.service.d
             └─50-kernel-uname_r.conf
     Active: active (exited) since Mon 2020-03-16 19:19:11 GMT; 2h 54min ago
       Docs: man:systemd-sysctl.service(8)
             man:sysctl.d(5)
   Main PID: 616 (code=exited, status=0/SUCCESS)
      Tasks: 0 (limit: 4915)
     Memory: 0B
     CGroup: /system.slice/systemd-sysctl.service


So, is the problem

“vendor preset: disabled”

?

And how do I enable reading /etc/sysctl.conf

It seems to be enabled by default in other (debian based eg mint, ubuntu debian) distros

It just seems (to me) a bit strange that you should have to add an override to make your OS use the settings that are in /etc/sysctl.conf

ie

cat /etc/sysctl.conf

####
#
# /etc/sysctl.conf is meant for local sysctl settings
#
# sysctl reads settings from the following locations:
#   /boot/sysctl.conf-<kernelversion>
#   /lib/sysctl.d/*.conf
#   /usr/lib/sysctl.d/*.conf
#   /usr/local/lib/sysctl.d/*.conf
#   /etc/sysctl.d/*.conf
#   /run/sysctl.d/*.conf
#   /etc/sysctl.conf
#
# To disable or override a distribution provided file just place a
# file with the same name in /etc/sysctl.d/
#

So it should read /etc/sysctl.conf

and implement it?

at boot?

Hi
The reason is it may be over written on an update (well that may change since the move to /usr/etc on Tumbleweed), so do you see the files and settings in the output from;


sysctl --system

No issues here with ipv6 disabled system wide.

Reading through the posts in this thread…

  1. mkinitrd and everything related to that is irrelevant.
    Commands run that are in the sysctl files are applied late in the boot well after the kernel is put together completely (including loading kernel modules) whereas the initrd is the very first part of the kernel that is loaded.

  2. I don’t see that the @OP has posted his /etc/sysctl.conf and the only one posted is the empty default file without his command. By design, and particularly if you implement the command you wish to run using a sysctl command (which in turn can be placed in a sysctl file) is designed to be run only if the command is valid so as not to bork your system if the command is faulty. I explain all this as part of a paper I wrote long ago that describes how this should be implemented… and I encourage you to invoke your command to disable IPv6 as I recommend in the paper and give you many examples

https://sites.google.com/site/4techsecrets/optimize-and-fix-your-network-connection/tcp-buffer-re-sizing/modifying-tcp-buffer-values

I’m also not aware that these files should be over-written during an upgrade but of course you should always make backups of anything that’s important.

TSU

The entry in /etc/sysctl.conf is this:

net.ipv6.conf.all.disable_ipv6 = 1

This is - as far as I am aware - the normal way to disable ipv6 in linux

You can apply it manually after putting that line in /etc/sysctl.conf by running

sudo sysctl -p

This works, and running ip a afterwards shows that I do not have an ipv6 address

However, it is not applied after a reboot.

This is probably nothing to do with the problem I currently have - I suspect a DNS problem - however I am surprised that adding a perfectly valid setting to sysctl.conf is ignored at boot time

So, why does tumbleweed ignore /etc/sysctl.conf at boot time?

This may well not be the root cause of the issue I am experiencing, it’s just that this is on a laptop that gets used at work and at home, and at work - with no ipv6 - I do not have delays opening web sites which I am thinking are to do with DNS lookups

So I was simply looking to eliminate an obvious difference which is that at home my router gives me an ipv6 address, and I have an ipv6 nameserver in /etc/resolv.conf

But ignore that

This is about why settings in /etc/sysctl.conf are not applied on boot.in Tumbleweed but do work fine if manually run in

Regards

Sorry. missed this

Yes, it does look from running

sudo sysctl --system

that my config is there

But just not applied
I’ve just rebooted, and run that command and I can see


* Applying /etc/sysctl.d/99-sysctl.conf ...
net.ipv6.conf.all.disable_ipv6 = 1

But ip a shows that i have an ipv6 ip address until I manually run

sudo sysctl -p

after which I don’t have an ipv6 ip address

So it looks as though boot reads the config, but ignores it?

The way you’re executing the command may not work, it may work only because the environment assumes what you’re not providing.

As I described in my prior post,
Enter the full command using “sysctl” – You can read the MAN page for a full explanation what it does.
I also recommend the “-w” option although it may not be needed, it’s one of those things that might be required if certain conditions exist (ie already exists as a sysctl setting?) but if that condition doesn’t exist, then it’s not going to cause a problem.

So,

sysctl -w net.ipv6.conf.all.disable_ipv6 = 1

TSU

You seem to believe that you cannot have IPv6 with net.ipv6.conf.all.disable_ipv6 = 1. Guess what - you can.

This is about why settings in /etc/sysctl.conf are not applied on boot.in Tumbleweed

You continue to claim it but so far you did not provide single line of evidence that it is true. Show output of

grep -r . /proc/sys/net/ipv6/conf/*/disable_ipv6

immediately after boot.

And finally show your actual content of /etc/sysctl.conf.

OK, so I ran this immediately after a reboot

sudo grep -r . /proc/sys/net/ipv6/conf/*/disable_ipv6

/proc/sys/net/ipv6/conf/all/disable_ipv6:1
/proc/sys/net/ipv6/conf/default/disable_ipv6:1
/proc/sys/net/ipv6/conf/enp2s0/disable_ipv6:0
/proc/sys/net/ipv6/conf/lo/disable_ipv6:1
/proc/sys/net/ipv6/conf/wlp3s0/disable_ipv6:0

So ipv6 is partly disabled, but not against my two network cards, and I have an inet6 address against the wireless (which is the one with a connection)


ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 68:f7:28:cb:56:d9 brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 34:e6:ad:a4:fa:e2 brd ff:ff:ff:ff:ff:ff
    inet 10.10.3.241/24 brd 10.10.3.255 scope global dynamic noprefixroute wlp3s0
       valid_lft 7094sec preferred_lft 7094sec
    inet6 fe80::d03c:222c:30ac:df7e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Note the inet6 address

Then I manually run

sudo sysctl -p

which returns the result of the only uncommented line is /etc/sysctl.conf (and sets it)

net.ipv6.conf.all.disable_ipv6 = 1

The I immediately re-run the earlier command:


sudo grep -r . /proc/sys/net/ipv6/conf/*/disable_ipv6

/proc/sys/net/ipv6/conf/all/disable_ipv6:1
/proc/sys/net/ipv6/conf/default/disable_ipv6:1
/proc/sys/net/ipv6/conf/enp2s0/disable_ipv6:1
/proc/sys/net/ipv6/conf/lo/disable_ipv6:1
/proc/sys/net/ipv6/conf/wlp3s0/disable_ipv6:1

And ipv6 is now disabled against my network interfaces, which I can see by running ip a again


1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 68:f7:28:cb:56:d9 brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 34:e6:ad:a4:fa:e2 brd ff:ff:ff:ff:ff:ff
    inet 10.10.3.241/24 brd 10.10.3.255 scope global dynamic noprefixroute wlp3s0
       valid_lft 6910sec preferred_lft 6910sec

As I (I thought, already) said, the only uncommented line in /etc/sysctl.conf is

net.ipv6.conf.all.disable_ipv6 = 1

So my conclusion - which I admit may be erroneous - is that I have an inet6 / ipv6 adress until I manually run sudo sysctl -p

And after doing that, I don’t have an inet6 / ipv6 address

Please note this is not specifically about ipv6 - it just happens that I attempted to use a method to disable it on Tumbleweed, that I know persists on debian systems, and it does not appear to work in the same way here ie on boot

So your settings are correctly applied on boot. At which point this thread may be considered closed.

So ipv6 is partly disabled, but not against my two network cards

Any network management application is free to re-enable IPv6 for each interface individually. And this becomes off-topic on this subforum (strictly speaking, it has already been off-topic …).

Please note this is not specifically about ipv6

It is due to semantic of net/ipv6/conf/*/disable_ipv6 sysctl.

FYI
From
https://wiki.archlinux.org/index.php/IPv6#Stateless_autoconfiguration_(SLAAC)

If you are using NetworkManager then it automatically enables IPv6 addresses if there are advertisements for them in the network.

Which essentially means that something else on the network is “broadcasting” (I’m quoting since in IPv6 there is not supposed to be any “broadcasts” but there are “advertisements”) a query for IPv6 so Network Manager is simply responding

TSU

re: ipv6 - I notice I can set the sysctl flag to turn it off, and it’ll come back on. I’m not sure why exactly. I’ve given up on trying to disable it and am embracing the autoconfig now.

Re sysctl.d stubs: I was having a similar issue, but I found out through some debugging something I hadn’t realized before - I was trying to set fs.inotify.max_user_watches and it would commit using sysctl -p, but upon reboot would go back as before.

sudo sysctl --system | grep inotify
* Applying /etc/sysctl.d/10-fs-**inotify**-max-settings.conf ...
fs.**inotify**.max_user_instances = 8192
fs.**inotify**.max_user_watches = 524288
fs.**inotify**.max_user_watches = 65536
fs.**inotify**.max_queued_events = 131072 # 1048576
fs.**inotify**.max_user_instances = 131072 # 1048576
fs.**inotify**.max_user_watches = 131072 # 1048576


Showed me there was multiple entries in the cache, so looks like it’s being set 3 different places. However, no other stubs in /etc/sysctl.d or any entries in /etc/sysctl.conf were fs.inotify.max_ directives. Hmm, it’s a mystery, where is inotify also being set?

I’d never read the man file for sysctl.conf before, but apparently the .conf files are all over the place, not just in /etc/sysctl.d - from man sysctl.conf:


/etc/sysctl.d/*.conf
       /run/sysctl.d/*.conf
       /usr/local/lib/sysctl.d/*.conf
       /usr/lib/sysctl.d/*.conf
       /lib/sysctl.d/*.conf
       /etc/sysctl.conf

I’m not sure how relevant /run is since those are probably auto-generated. But on Opensuse, apparently they can be in /boot/sysctl.conf- too.

I looked at both my Opensuse system and a laptop running Ubuntu to see if they were any different, but no, they both can have sysctl.conf files in all those places. Strange, because I’d never heard of them being anywhere other than /etc/sysctl.d - it certainly pays to read a man file.

I threw together a oneliner to search all these locations and print which files are read:


#!/bin/sh
SEARCHSTR="$1"

for d in /lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /etc/sysctl.d/*.conf /run/sysctl.d/*.conf /etc/sysctl.conf; do echo Searched in: "$d"; grep "$SEARCHSTR" "$d"; echo ' '; done

You can make a script out of it, or run it as a one-liner, just move the SEARCHSTR=$1 on the same line and replace $1 with the directive you’re looking for.

A post was split to a new topic: Assistance with sysctl.conf