I have two Debian servers on EC2 instances in AWS. I’m using ansible to deploy to them. As far as I can tell they are configured the same (someone else set them up, but I’ve been trying to compare things in AWS console and also on the servers themselves). I am likely wrong about this, just can’t find where the configuration is different.
The issue I’m having is that deploying to one server takes forever, and deploying to the other server is really quick. The hang up is happening within apt_repository. One server is attempting to connect using IPv6 first, and only when all of those time out does it try and succeed to download using an IPv4 address. The other server doesn’t do this… it just using IPv4 and downloads instantaneously. I cannot figure out why these servers are handling the apt_repository module differently. Is there a some undocumented flag that I could pass to this module to force it to only use IPv4? Like when using wget, how you can pass --prefer-family=IPv4? I’ve looked through the Python code for this module and there doesn’t seem to be an option for that. It just calls fetch_url. I suppose one thing I could do would be to pass the IPv4 address directly to apt_repository, but then if that changes I’ll have to manually update again. I’d prefer DNS resolution to be working. Just not sure why it’s not. Both of these servers are using the same network / vpc settings too.
Just thought I’d put this out there in case anyone has some bright idea that I’m clearly not seeing. Thanks for your time.
The first thing I would test is whether both servers can resolve a hostname
which has both IPv4 and IPv6 addresses, and whether they can both connect to
each address.
My suspicion is that one is (mis?)configured with an IPv6 address, and therfore
tries to use IPv6, which then fails, and the other server doesn't even have an
IPv6 address (or route?) and therefore just goes for IPv4 immediately.
For example, this is what I get on one of my (not AWS) machines:
$ ping4 -n google.com
PING google.com (172.217.16.206) 56(84) bytes of data.
64 bytes from 172.217.16.206: icmp_seq=1 ttl=57 time=10.2 ms
64 bytes from 172.217.16.206: icmp_seq=2 ttl=57 time=10.3 ms
64 bytes from 172.217.16.206: icmp_seq=3 ttl=57 time=10.2 ms
$ ping6 -n google.com
PING google.com(2a00:1450:4001:806::200e) 56 data bytes
64 bytes from 2a00:1450:4001:806::200e: icmp_seq=1 ttl=57 time=10.3 ms
64 bytes from 2a00:1450:4001:806::200e: icmp_seq=2 ttl=57 time=10.3 ms
64 bytes from 2a00:1450:4001:806::200e: icmp_seq=3 ttl=57 time=10.3 ms
Yes, this is definitely not something specific to ansible.
I would aim to have both instances being properly dualstack, but I'm
an IPv6 evangelist
Apart from what Antony said, it could also be that the instance has
somehow gotten an IPv6 address assigned, which makes the OS think it's
got dualstack connectivity, but then the required network
configuration further up is not there/working.
For example there might not be an IPv6 egress internet gateway, or a
security group is missing some IPv6 prefix.
