Bug 15739

Summary: too many ifcfg-veth* hangs NetworkManager, blacklisting docker* and veth* in /etc/sysconfig/udev_net fixes it
Product: Mageia Reporter: Pablo Castorino <castorinop>
Component: RPM PackagesAssignee: Base system maintainers <basesystem>
Status: NEW --- QA Contact:
Severity: critical    
Priority: Normal CC: albator78, gnome, marja11, ngompa13, saveurlinux
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: MGA6TOO
Source RPM: systemd, networkmanager CVE:
Status comment:

Description Pablo Castorino 2015-04-20 15:38:45 CEST 
Description of problem:

After reboot, no detect any interface (eth or wlan), NetworkManager fails.


Version-Release number of selected component (if applicable):
docker-1.5.0-1.mga5, networkmanager-1.0.0-4.mga5


How reproducible:


Steps to Reproduce:
1. reboot machine
2. ls /etc/sysconfig/network-scripts/ifcfg-veth* (more of 200 files)
3. no network devices aviable. restart NetworkManager fails
4. rm /etc/sysconfig/network-scripts/ifcfg-veth* -f 
5. appears network devices (eth and/or wlan) 


i try fix ignoring veth* into /etc/NetworkManager/NetworkManager.conf with

unmanaged-devices=interface-name:docker0,interface-name:veth*
but not have results.



Reproducible: 

Steps to Reproduce:
Manuel Hiebel 2015-04-28 19:53:31 CEST

Keywords: (none) => Triaged
Component: Release (media or process) => RPM Packages
Source RPM: (none) => networkmanager

Samuel Verschelde 2015-06-06 02:40:31 CEST

Whiteboard: (none) => MGA5TOO
Keywords: Triaged => (none)

Comment 1 Marja Van Waes 2016-10-16 22:40:22 CEST 
@ Pablo

Sorry for the late reply, we're short on active BugSquad members.

Is this bug still valid?

Assignee: bugsquad => gnome
Keywords: (none) => NEEDINFO
CC: (none) => marja11

Comment 2 François Andriot 2018-05-01 12:54:50 CEST 
Hello, not sure if same bug, but looks similar.
I'm running Mageia 6 and using docker.

Every time I start a docker container, e.g. 'docker run -ti --rm mageia:6 bash', it creates a new '/etc/sysconfig/network-scripts/ifcfg-vethXXX' file on the host.

Upon reboot, the 'network' service fails to start because the 'veth' interfaces do not exist anymore.

The error is also reproducible after stopping docker (so that 'veth' interfaces are removed) and using 'systemctl restart network'.

# systemctl restart network
Job for network.service failed because the control process exited with error code.
See "systemctl status network.service" and "journalctl -xe" for details.

# systemctl status network
[...]
mai 01 12:42:40 arcadia.vtf network[26581]: Activation de l'interface veth2ec91ee :  ERREUR   : [/etc/sysconfig/network-scripts/ifup-eth] Device veth2ec91ee 
mai 01 12:42:40 arcadia.vtf network[26581]: [ÉCHEC ]


I've tracked the problem and found out that this is NOT caused by NetworkManager, but by systemd/udev scripts directly.

When docker creates a 'veth' interface, systemd will evaluate: /lib/udev/rules.d/81-net.rules
This will run: /usr/lib/udev/net_create_ifcfg
Which is responsible for creating the 'ifcfg-vethXXX' file.

To prevent the file creation, you must edit file: /etc/sysconfig/udev_net
Modify line 'BLACKLIST_ALL' to add the 'docker*' and 'veth*' interfaces at the end.

E.g. original line:
BLACKLIST_ALL="ppp*|ippp*|isdn*|plip*|hso*|lo*|irda*|dummy*|ipsec*|vmnet*|wifi*|wmaster*|br*|vbd*|vtpm*|vif*|ax*|nr*|rose*|bce*|scc*|virbr*|vnet*|tmpbridge"
Will become:
BLACKLIST_ALL="ppp*|ippp*|isdn*|plip*|hso*|lo*|irda*|dummy*|ipsec*|vmnet*|wifi*|wmaster*|br*|vbd*|vtpm*|vif*|ax*|nr*|rose*|bce*|scc*|virbr*|vnet*|tmpbridge|docker*|veth*"

CC: (none) => albator78

Comment 3 Marja Van Waes 2018-05-03 22:43:39 CEST 
(In reply to François Andriot from comment #2)
<snip>
> 
> I've tracked the problem and found out that this is NOT caused by
> NetworkManager, but by systemd/udev scripts directly.
> 
> When docker creates a 'veth' interface, systemd will evaluate:
> /lib/udev/rules.d/81-net.rules
> This will run: /usr/lib/udev/net_create_ifcfg
> Which is responsible for creating the 'ifcfg-vethXXX' file.
> 
> To prevent the file creation, you must edit file: /etc/sysconfig/udev_net
> Modify line 'BLACKLIST_ALL' to add the 'docker*' and 'veth*' interfaces at
> the end.
> 
> E.g. original line:
> BLACKLIST_ALL="ppp*|ippp*|isdn*|plip*|hso*|lo*|irda*|dummy*|ipsec*|vmnet*|wif
> i*|wmaster*|br*|vbd*|vtpm*|vif*|ax*|nr*|rose*|bce*|scc*|virbr*|vnet*|tmpbridg
> e"
> Will become:
> BLACKLIST_ALL="ppp*|ippp*|isdn*|plip*|hso*|lo*|irda*|dummy*|ipsec*|vmnet*|wif
> i*|wmaster*|br*|vbd*|vtpm*|vif*|ax*|nr*|rose*|bce*|scc*|virbr*|vnet*|tmpbridg
> e|docker*|veth*"

Thanks a lot, François!

Whiteboard: MGA5TOO => MGA6TOO
CC: sysadmin-bugs => gnome, ngompa13
Keywords: NEEDINFO => (none)
Assignee: gnome => basesystem
Summary: too many ifcfg-veth* hangs NetworkManager => too many ifcfg-veth* hangs NetworkManager, blacklisting docker* and veth* in /etc/sysconfig/udev_net fixes it
Source RPM: networkmanager => systemd, networkmanager

Comment 4 david Cossé 2021-04-22 19:28:14 CEST 
(In reply to Marja Van Waes from comment #3)
> (In reply to François Andriot from comment #2)
> <snip>
> > 
> > I've tracked the problem and found out that this is NOT caused by
> > NetworkManager, but by systemd/udev scripts directly.
> > 
> > When docker creates a 'veth' interface, systemd will evaluate:
> > /lib/udev/rules.d/81-net.rules
> > This will run: /usr/lib/udev/net_create_ifcfg
> > Which is responsible for creating the 'ifcfg-vethXXX' file.
> > 
> > To prevent the file creation, you must edit file: /etc/sysconfig/udev_net
> > Modify line 'BLACKLIST_ALL' to add the 'docker*' and 'veth*' interfaces at
> > the end.
> > 
> > E.g. original line:
> > BLACKLIST_ALL="ppp*|ippp*|isdn*|plip*|hso*|lo*|irda*|dummy*|ipsec*|vmnet*|wif
> > i*|wmaster*|br*|vbd*|vtpm*|vif*|ax*|nr*|rose*|bce*|scc*|virbr*|vnet*|tmpbridg
> > e"
> > Will become:
> > BLACKLIST_ALL="ppp*|ippp*|isdn*|plip*|hso*|lo*|irda*|dummy*|ipsec*|vmnet*|wif
> > i*|wmaster*|br*|vbd*|vtpm*|vif*|ax*|nr*|rose*|bce*|scc*|virbr*|vnet*|tmpbridg
> > e|docker*|veth*"
> 
> Thanks a lot, François!

on Mageia 8 and systemd-246.13-1.mga8 there is not veth* added at the end:
# blacklist all automatic network actions for these interfaces
BLACKLIST_ALL="ppp*|ippp*|isdn*|plip*|hso*|lo*|irda*|dummy*|ipsec*|vmnet*|wifi*|wmaster*|br*|vbd*|vtpm*|vif*|ax*|nr*|rose*|bce*|scc*|virbr*|vnet*|tmpbridge"
# blacklist persistent naming actions for these interfaces
# this includes persistent naming and ifcfg file creation
# but ifup/ifdown actions are still allowed
# *.* skips VLAN
BLACKLIST_PERSISTENT="bnep*|pan*|tap*|tun*|usb*|*.*

CC: (none) => saveurlinux