Nixpkgs: Avahi issues with 16.09

Created on 28 Sep 2016 · 11Comments · Source: NixOS/nixpkgs

Issue description

I would like my systems to find each other, and therefore I want to enable Avahi.

I began with

  services.avahi = {
    enable = true;
  };

A rebuild results in

Sep 28 12:39:12 fr-desktop systemd[1]: Starting Avahi daemon...
Sep 28 12:39:12 fr-desktop systemd[1]: Started Avahi daemon.
Sep 28 12:39:12 fr-desktop avahi-daemon[16600]: Found user 'avahi' (UID 10) and group 'avahi' (GID 10).
Sep 28 12:39:12 fr-desktop avahi-daemon[16600]: Successfully dropped root privileges.
Sep 28 12:39:12 fr-desktop avahi-daemon[16600]: avahi-daemon 0.6.32 starting up.
Sep 28 12:39:12 fr-desktop avahi-daemon[16600]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Sep 28 12:39:12 fr-desktop systemd[1]: avahi-daemon.service: Main process exited, code=exited, status=255/n/a
Sep 28 12:39:12 fr-desktop systemd[1]: avahi-daemon.service: Unit entered failed state.
Sep 28 12:39:12 fr-desktop systemd[1]: avahi-daemon.service: Failed with result 'exit-code'.

For some reason it fails, but wait, there is a warning. Maybe that makes a difference. Let's enable the option nssmdns, so

  services.avahi = {
    enable = true;
    nssbdns = true;
  };

Now I get

Sep 28 12:42:34 fr-desktop systemd[1]: Starting Avahi daemon...
Sep 28 12:42:34 fr-desktop systemd[1]: Started Avahi daemon.
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: Found user 'avahi' (UID 10) and group 'avahi' (GID 10).
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: Successfully dropped root privileges.
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: avahi-daemon 0.6.32 starting up.
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: dbus_bus_request_name(): Connection ":1.473" is not allowed to own the service "org.freedesktop.Avahi" due to security policies in the configuration file
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: WARNING: Failed to contact D-Bus daemon.
Sep 28 12:42:34 fr-desktop systemd[1]: avahi-daemon.service: Main process exited, code=exited, status=255/n/a
Sep 28 12:42:34 fr-desktop systemd[1]: avahi-daemon.service: Unit entered failed state.
Sep 28 12:42:34 fr-desktop systemd[1]: avahi-daemon.service: Failed with result 'exit-code'.

Why is it not allowed to?

Technical details

NixOS at 210ebb529b00d013029256c1e2550b26753719cb

nixos

Source

FRidh

Most helpful comment

(on mobile) My problem was that the NixOS module changed some default values, which caused my availability to stop _publishing_ address/hostname. This is my current config (works on Nixos 16.09):

avahi = {
  enable = true;
  nssmdns = true;
  publish.enable = true;
  publish.addresses = true;
  publish.workstation = true;
};

Don't know anything about the dbus warning / issue.

bjornfor on 28 Sep 2016

👍2

All 11 comments

@bjornfor I saw that in the past you also had an issue with Avahi. Do you have an idea what's going on?

FRidh on 28 Sep 2016

If you only want mDNS, systemd-resolved may be an option for you..
But that avahi fails to claim the dbus name is strange. The avahi module adds the avahi pkg to dbus packages, so the policy file should be picked up.
Can you confirm that:

dbus was reloaded/restarted after you enabled the avahi module
there is an <includedir> entry for avahi in /run/current-system/etc/dbus-1/system-local.conf
this directory contains avahi-dbus.conf
avahi-dbus.conf allows the user avahi for org.freedesktop.Avahi:

  <policy user="avahi">
    <allow own="org.freedesktop.Avahi"/>
  </policy>

avahi-daemon is running as user avahi

I don't get the dbus error you are seeing, but I didn't check with your specific commit.

Eventually our avahi module should be updated to behave more like the upstream service (for example socket activation, should also fix your permission error)...

groxxda on 28 Sep 2016

(on mobile) My problem was that the NixOS module changed some default values, which caused my availability to stop _publishing_ address/hostname. This is my current config (works on Nixos 16.09):

avahi = {
  enable = true;
  nssmdns = true;
  publish.enable = true;
  publish.addresses = true;
  publish.workstation = true;
};

Don't know anything about the dbus warning / issue.

bjornfor on 28 Sep 2016

👍2

This is odd. Just now after I booted my machine again, I tried a rebuild and it worked. I guess there was some state after I did some upgrades that messed it up.

FRidh on 29 Sep 2016

Thanks for the feedback, I was about to have a closer look at it but now it just works...

FRidh on 29 Sep 2016

@groxxda actually, what I just want is my machines to find each other so I can ssh to them.

FRidh on 29 Sep 2016

I just got bitten by the same bug. I enabled avahi and nssmdns, and avahi-daemon.service fails. A reboot made it work properly. So apparently, nixos-rebuild switch is not good enough here... What could possibly be the cause for this ?

I got the same error messages, and the two following lines are bothersome:

Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: dbus_bus_request_name(): Connection ":1.473" is not allowed to own the service "org.freedesktop.Avahi" due to security policies in the configuration file
Sep 28 12:42:34 fr-desktop avahi-daemon[18148]: WARNING: Failed to contact D-Bus daemon.

Not sure if this can be considered as fixed :-).

layus on 2 Dec 2016

👍1

I have tested, the same issue arises with disnix for example. It is caused by dbus not being restarted, but only reloaded, which obviously does not reload the new config file.

Now this decision was taken by (@)edolstra in 1c39a47ac87959b2589ef797e519af96d73c27d6. Apparently restarting dbus was not a good solution either.

I wonder if it would be possible to reload dbus with the new config files by putting the config files behind a symlink, possibly managed by systemd too. That way we could reload dbus and ensure that it takes the new config files into account.

layus on 2 Dec 2016

👍1

NixOps requires a nixops reboot.

Does this overall issue impact or speed up kdbus adoption?