Is the current situation good enough? In the procps package, the default
is still "2". Image deployments change that as Scott described in
comment #23 (but that was 3y ago, might have changed). I don't know how
server installs using the text mode installer behave, it's been a while
since I last
** Tags added: trusty
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/1068756
Title:
IPv6 Privacy Extensions enabled on Ubuntu Server by default
To manage notifications about
ok. so some updates.
Ben fixed this in the cloud image build process via [1] (commit [2]), and
limited the change to utopic+.
The fix was done by adding a file /etc/sysctl.d/99-cloudimg-ipv6.conf
The problem with this change is described in bug 1352255 and bug
994931. If ipv6 addresses are
interestingly enough, modifying the privacy settings via sysctl has some
negative affects if addresses are already up. see diagnosis in bug
1377005 .
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
Just to document additional support. I concur that on a Server install,
PE should disabled by default. A server doesn't fall into the use case
of needing to protect the privacy of the user. It is meant to be known,
not obfuscated.
--
You received this bug notification because you are a member
marked this 'triaged' in cloud-init while still not really relevant.
Ben Howard has disabled the privacy extensions in cloud images in 14.10, and
the plan is to just do the same for 14.04.
** Changed in: cloud-init (Ubuntu)
Status: New = Triaged
** Changed in: cloud-init (Ubuntu)
Disabled IPv6 privacy extensions for Ubuntu 14.10 via /etc/sysctl.d. I
would be in favor of making this a default for 14.04 as well.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
given RFC4941 SHOULD (RFC capitalisation) be turned off by default above, and
the general lack of value of privacy extensions being enabled on a server or
cloud geust, i really think we should:
a.) turn off privacy extensions on cloud-images for 14.10+
b.) look for a way to disable them by
** Also affects: cloud-init (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/1068756
Title:
IPv6 Privacy Extensions enabled on
Neil: the metadata is just one example (though that's not happening).
The firewall rule thing applies irrespective of the metadata. The cloud
environment created requires only /128 addresses it knows about to be
accessible, and firewalls everything else out. Reasons for this include
prevention of
There's no problem with using it in an IPv6 environment if you use
IPv6 prefix mechanisms as designed
If you've tied down your cloud environment too tight (and technically
contra the spec - IPv6 is prefix based, not address based) then you
have to expect to make alterations to the standard
This affects 14.04 too
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/1068756
Title:
IPv6 Privacy Extensions enabled on Ubuntu Server by default
To manage notifications about
That doesn't work if (for instance) you have 2 machines on the same SDN
virtual LAN, which is a /64, and you want to prevent source spoofing
between them. For avoidance of doubt, we do use /64s.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
I would suggest that is a design flaw in your network - which is
working in an IPv4 manner, not an IPv6 one. You should have used a
prefix smaller than /64
The problem here is with the network design, not the image.
On 4 June 2014 14:40, Alex Bligh ubu...@alex.org.uk wrote:
That doesn't work if
14 matches
Mail list logo