Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tailscale Fails Health Check on F41 #1863

Open
AlexNPavel opened this issue Oct 31, 2024 · 6 comments
Open

Tailscale Fails Health Check on F41 #1863

AlexNPavel opened this issue Oct 31, 2024 · 6 comments
Labels
bug Something isn't working upstream Something that likely isn't us

Comments

@AlexNPavel
Copy link

AlexNPavel commented Oct 31, 2024
edited
Loading

Describe the bug

When running tailscale status on system running aurora-dx:latest (41.20241030.0), tailscale prints this failed health check:

# Health check:
#     - adding [-i tailscale0 -j MARK --set-mark 0x40000/0xff0000] in v6/filter/ts-forward: running [/usr/sbin/ip6tables -t filter -A ts-forward -i tailscale0 -j MARK --set-mark 0x40000/0xff0000 --wait]: exit status 2: Warning: Extension MARK revision 0 not supported, missing kernel module?
ip6tables v1.8.10 (nf_tables): MARK: bad value for option "--set-mark", or out of range (0-4294967295).

Try `ip6tables -h' or 'ip6tables --help' for more information.

Tailscale pings seem to work correctly otherwise, but DNS does not get configured. I mainly use tailscale for a remote pihole, so I noticed that wasn't working anymore.

What did you expect to happen?

Tailscale runs without any errors.

Output of rpm-ostree status

State: idle
AutomaticUpdates: stage; rpm-ostreed-automatic.timer: inactive
Deployments:
● ostree-image-signed:docker://ghcr.io/ublue-os/aurora-dx:latest
                   Digest: sha256:200c66f230f15fb77450dea9d0910f6992d123a1bbef8d3ce084955214533e43
                  Version: 41.20241030.0 (2024-10-30T04:44:13Z)
          LayeredPackages: bees btop byobu

  ostree-image-signed:docker://ghcr.io/ublue-os/aurora-dx:latest
                   Digest: sha256:b169896d19967cd89066cf339712f0b19526a4f41a6b5508d421c4cbd7c7e693
                  Version: 41.20241029.0 (2024-10-29T18:27:51Z)
          LayeredPackages: bees btop byobu

Output of groups

apavel wheel docker incus-admin lxd libvirt

Extra information or context

No response
@dosubot dosubot bot added the bug Something isn't working label Oct 31, 2024
@AlexNPavel
Copy link
Author

Seems to be a known issue with the latest kernels, so we may just need to wait: tailscale/tailscale#13863

@castrojo
Copy link
Member

:stable and :gts are on 6.11.3, here's how to rebase: https://docs.projectbluefin.io/administration#upgrades-and-throttle-settings

@castrojo castrojo added the upstream Something that likely isn't us label Oct 31, 2024
@bb010g
Copy link

bb010g commented Nov 1, 2024

The recently released 6.11.6 includes a fix for this.

@castrojo
Copy link
Member

castrojo commented Nov 4, 2024

@bsherman @m2Giles Let's pin to 6.11.3 on gts/stable before the F41 promotion next week, confirmed that :latest is affected.

@m2Giles
Copy link
Member

m2Giles commented Nov 4, 2024

Will add in the pr

@bsherman
Copy link
Contributor

bsherman commented Nov 4, 2024

@bsherman @m2Giles Let's pin to 6.11.3 on gts/stable before the F41 promotion next week, confirmed that :latest is affected.

I'm going to be shocked if Fedora CoreOS stable rolls forward with a kernel having this bug.

But it won't hurt to test the pinning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working upstream Something that likely isn't us
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bsherman @bb010g @castrojo @AlexNPavel @m2Giles