Ubuntu 16.04 - Linux Firewall 'Start at boot' prevents interface from coming up on reboot

This is within an OpenStack environment using Ubuntu 16.04 OS.

This ticket relates to two issues that prevent interface from coming up after reboot.

It seems Webmin will add one or more DNS servers entries in the file /etc/network/interfaces when using the Networking->Host names and DNS client module and during the Setup Wizard after a fresh installation.

The entries below cause 'misplaced option' error when the command sudo ifup ens3 is issued:

/etc/network/interfaces:8: misplaced option
ifup: couldn't read interfaces file "/etc/network/interfaces"

When these entries are added to /etc/network/interfaces when system is already running it will not cause any apparent issue. The error only occurs once the system tries to bring up to interface, which in most cases will be when the server is rebooted.

STR: Add the following line below to /etc/network/interfaces manually.

Alternatively, use the Webmin GUI to have these entries generated. A) set the DNS servers using Webmin Network Configuration module. B) set the Firewall to Start at boot using the Linux Firewall

        dns-nameservers 8.8.8.8 127.0.0.1
        post-up iptables-restore < /etc/iptables.up.rules

Upon reboot these entries will prevent the network interface (in this case ens3) to come up. The only way to recover is to login via the console on comment out the lines as per screenshot.

Once the lines are commented out the interface can be brought up again using

sudo ifup ens3

Note: Within an OpenStack instance one does not have to set the network interfaces to static. The configuration of the instances supplied by the hosting provider are sufficient.

Status: 
Active

Comments

So dns-nameservers should be a valid interface-level directive ... however, it looks like on your system Webmin is confused by the source line.

What is in the .cfg files referenced by the pattern in that line?

Sure...

These is a one file in the /interfaces.d/ folder, 50-cloud-init.cfg .

Its contents.

auto lo
iface lo inet loopback

auto ens3
iface ens3 inet dhcp

Also, to be clear. ifup will also fail if only this line is added...by selecting Start on boot for the Linux Firewall.

post-up iptables-restore < /etc/iptables.up.rules

Was the source line indented before Virtualmin modifed the interfaces file?

If so, try un-indenting it - my guess is that it is being incorrectly treated as an option on the interface.

Sorry for late response. For some reason I'm not always receiving the notifications when an issue receives a reply.

I can't tell right now. I would have to create a new Ubuntu 16.04 instance in the cloud to try to replicate the issue. Your intuition might be right about the source line being indented.

Has someone else reported something similar? Is this issue still outstanding?

I haven't seen anyone else report this problem, sorry.

However, a source line like that will definitely confuse Webmin / Virtualmin.

I'm going to spin up a virtual instance one of these days. Hopefully I can confirm the issue or close this ticket.

I noticed the same problem with Webmin on a virtual server running Ubuntu Xenial. When I check "Activate at boot: Yes", the server fails to boot.

diff output:

@@ -16,9 +16,8 @@

allow-hotplug eth1
iface eth1 inet dhcp
-   allow-hotplug eth2
-   post-up iptables-restore < /etc/iptables.up.rules

+allow-hotplug eth2
iface eth2 inet dhcp

allow-hotplug eth3

Those lines are prepended with a tab character. The file originates from the image the hosting provider has in its OS image. As you can see, Webmin changes eth2, although the only network interface that is used is "ens6".

Ok, that's a separate bug - the allow-hotplug line isn't handled properly. I'll fix this in the next release of webmin.