harvester · martindekov · Jun 15, 2026 · Jun 15, 2026 · w13915984028 · Jun 15, 2026
diff --git a/pkg/config/constants.go b/pkg/config/constants.go
@@ -26,4 +26,8 @@ const (
 
 	DefaultPersistentPercentageNum = 0.3
 	PersistentSizeMinGiB           = 150
+
+	SysctlDisableIPv6All     = "net.ipv6.conf.all.disable_ipv6"
+	SysctlDisableIPv6Default = "net.ipv6.conf.default.disable_ipv6"
+	SysctlDisableIPv6Lo      = "net.ipv6.conf.lo.disable_ipv6"
 )
diff --git a/pkg/config/cos.go b/pkg/config/cos.go
@@ -195,6 +195,28 @@ func ConvertToCOS(config *HarvesterConfig) (*yipSchema.YipConfig, error) {
 	// disable multipath for longhorn
 	disableLonghornMultipathing(&initramfs)
 
+	// write a persistent sysctl drop-in and apply at runtime; persists after reboot
+	initramfs.Directories = append(initramfs.Directories, yipSchema.Directory{
+		Path:        "/etc/sysctl.d",
+		Permissions: 0755,
+		Owner:       0,
+		Group:       0,
+	})
+	initramfs.Files = append(initramfs.Files, yipSchema.File{
+		Path: "/etc/sysctl.d/zz-harvester-enable-ipv6.conf",
+		Content: fmt.Sprintf("# Written by harvester-installer: overrides /etc/sysctl.d/ipv6.conf\n%s = 0\n%s = 0\n%s = 0\n",
+			SysctlDisableIPv6All, SysctlDisableIPv6Default, SysctlDisableIPv6Lo),
+		Permissions: 0644,
+		Owner:       0,
+		Group:       0,
+	})
+	if initramfs.Sysctl == nil {
+		initramfs.Sysctl = make(map[string]string)
+	}
+	initramfs.Sysctl[SysctlDisableIPv6All] = "0"
+	initramfs.Sysctl[SysctlDisableIPv6Default] = "0"
+	initramfs.Sysctl[SysctlDisableIPv6Lo] = "0"
+
 	// TOP
 	if cfg.Install.Mode != ModeInstall {
 		if err := initRancherdStage(config, &initramfs); err != nil {

diff --git a/pkg/config/cos_test.go b/pkg/config/cos_test.go
@@ -231,3 +231,78 @@ func containsFile(files []yipSchema.File, fileName string) bool {
 	}
 	return false
 }
+
+func containsDirectory(dirs []yipSchema.Directory, path string) bool {
+	for _, d := range dirs {
+		if d.Path == path {
+			return true
+		}
+	}
+	return false
+}
+
+func TestConvertToCOS_EnableIPv6(t *testing.T) {
+	testCases := []struct {
+		name  string
+		check func(t *testing.T, initramfs yipSchema.Stage)
+	}{
+		{
+			name: "sysctl directory present",
+			check: func(t *testing.T, initramfs yipSchema.Stage) {
+				assert.True(t, containsDirectory(initramfs.Directories, "/etc/sysctl.d"),
+					"initramfs.Directories should contain /etc/sysctl.d")
+			},
+		},
+		{
+			name: "drop-in file present",
+			check: func(t *testing.T, initramfs yipSchema.Stage) {
+				assert.True(t, containsFile(initramfs.Files, "/etc/sysctl.d/zz-harvester-enable-ipv6.conf"),
+					"initramfs.Files should contain /etc/sysctl.d/zz-harvester-enable-ipv6.conf")
+			},
+		},
+		{
+			name: "drop-in file content",
+			check: func(t *testing.T, initramfs yipSchema.Stage) {
+				for _, f := range initramfs.Files {
+					if f.Path == "/etc/sysctl.d/zz-harvester-enable-ipv6.conf" {
+						assert.Contains(t, f.Content, SysctlDisableIPv6All+" = 0")
+						assert.Contains(t, f.Content, SysctlDisableIPv6Default+" = 0")
+						assert.Contains(t, f.Content, SysctlDisableIPv6Lo+" = 0")
+						assert.Equal(t, uint32(0644), f.Permissions)
+						return
+					}
+				}
+				t.Error("drop-in file not found")
+			},
+		},
+		{
+			name: "sysctl map not nil",
+			check: func(t *testing.T, initramfs yipSchema.Stage) {
+				assert.NotNil(t, initramfs.Sysctl)
+			},
+		},
+		{
+			name: "sysctl map keys",
+			check: func(t *testing.T, initramfs yipSchema.Stage) {
+				assert.Equal(t, "0", initramfs.Sysctl[SysctlDisableIPv6All])
+				assert.Equal(t, "0", initramfs.Sysctl[SysctlDisableIPv6Default])
+				assert.Equal(t, "0", initramfs.Sysctl[SysctlDisableIPv6Lo])
+			},
+		},
+	}
+
+	conf, err := LoadHarvesterConfig(util.LoadFixture(t, "harvester-config.yaml"))
+	assert.NoError(t, err)
+	conf.Mode = ModeInstall
+
+	yipConfig, err := ConvertToCOS(conf)
+	assert.NoError(t, err)
+
+	initramfs := yipConfig.Stages["initramfs"][0]
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			tc.check(t, initramfs)
+		})
+	}
+}
diff --git a/pkg/console/network.go b/pkg/console/network.go
@@ -89,6 +89,17 @@ func applyNetworks(network config.Network, hostname string) error {
 		}
 	}
 
+	// enable IPv6 before applying NetworkManager profiles
+	for _, param := range []string{
+		config.SysctlDisableIPv6All,
+		config.SysctlDisableIPv6Default,
+		config.SysctlDisableIPv6Lo,
+	} {
+		if out, execErr := exec.Command("sysctl", "-w", fmt.Sprintf("%s=0", param)).CombinedOutput(); execErr != nil {
+			logrus.Warnf("Failed to enable IPv6 sysctl %s: %v (%s)", param, execErr, string(out))
+		}
+	}
+
 	err = config.UpdateManagementInterfaceConfig(network, []string{}, config.NMConnectionPath, true)
 	if err != nil {
 		return err