[update] Add complete IPv6 support to workload launch scripts

sathlan · sathlan · commit db16fcb5fd61 · 2026-02-17T19:30:57.000+01:00
Add comprehensive IPv6 support for RHOSO deployments in the update workload launch infrastructure. This enables workload testing on IPv6-only environments that were previously unsupported. Here IPv6-only means that no IPv4 routing is defined at all. **Note:** This requires the deployment of an `IPv6` public network using `cifmw_os_net_setup_config` definition. The critical parameters are: - the name of the external network must be `public` - the name of its associated network must be `public_subnet` - `public_subnet` must have `ip_version` set to `6` The example below show the correct definition: ``` cifmw_os_net_setup_config: - name: public external: true ... subnets: - name: public_subnet ip_version: 6 ``` **Key Features:** - IPv6 VM deployment using direct public network attachment - IPv6-aware security groups and networking rules - IPv6 nameserver parsing for subnet creation - IPv6-specific cleanup and resource management - Conditional timeout handling for IPv6 DHCP behavior **Technical Changes:** - Skip tenant network creation for IPv6 (use public network directly) - Use instance ports instead of floating IPs for IPv6 - Replace regex nameserver parsing with IPv4/IPv6 compatible awk - Fix workload_launch parameter handling for proper timeout control Limitation: SRIOV validation is not supported in IPv6 only setup. Maintains full backward compatibility with existing IPv4 workflows. Signed-off-by: Sofer Athlan-Guyot <sathlang@redhat.com> Partially-Closes: [OSPCIX-1114](https://issues.redhat.com/browse/OSPCIX-1114)
diff --git a/roles/update/templates/l3_agent_start_ping.sh.j2 b/roles/update/templates/l3_agent_start_ping.sh.j2
@@ -25,4 +25,5 @@ fi
 # we will make the awk wait until this ping exits as it will hold
 # the output pipes. So again &>> instead of >> is necessary.
 
+# Modern ping can handle both IPv4 and IPv6 addresses automatically
 ping -D "${VM_IP}" &>> "${PING_LOG}" &
diff --git a/roles/update/templates/workload_launch.sh.j2 b/roles/update/templates/workload_launch.sh.j2
@@ -43,9 +43,25 @@ function os_cmd {
 function set_vm_ip {
     ## assign floating ip or external ip
     local workload_sriov={{workload_sriov|default(false) | bool | ternary("True", "")}}
+
     if [ -n "${workload_sriov}" ]; then
         EXTERNAL_IP=$(os_cmd port show "${SRIOV_PORT}" -f yaml -c fixed_ips | awk '/ip_address/{print $3;exit}')
         VM_IP=${EXTERNAL_IP}
+    elif [ "${IS_IPV6}" = "True" ]; then
+        # For IPv6, get the direct IP from the instance (no floating IPs)
+        if [ -n "${IPV6_PREFIX}" ]; then
+            VM_IP=$(os_cmd server show ${INSTANCE_NAME} -f value -c addresses | grep -oE "${IPV6_PREFIX}[a-f0-9:]+")
+        else
+            # Fallback to generic IPv6 pattern if prefix extraction fails
+            VM_IP=$(os_cmd server show ${INSTANCE_NAME} -f value -c addresses | grep -oE '[0-9a-f:]+:[0-9a-f:]+')
+        fi
+        # Get the port ID for cleanup
+        INSTANCE_PORT_ID=$(os_cmd port list --server ${INSTANCE_NAME} -f value -c ID | head -1)
+        if [ -z "${VM_IP}" ]; then
+            echo "Cannot get IPv6 address from instance"
+            exit 66
+        fi
+        echo "Using direct IPv6 address: ${VM_IP}"
     else
         INSTANCE_FIP=$(os_cmd floating ip create -f value -c floating_ip_address "${EXTERNAL_NET_NAME}")
         if [ -z "${INSTANCE_FIP}" ]; then
@@ -146,7 +162,18 @@ function prepare_env {
     export INSTANCE_FILE="${HOME}/{{ cifmw_update_artifacts_basedir_suffix }}/vm_info.sh"
     export WORKLOAD_FILE="${HOME}/{{ cifmw_update_artifacts_basedir_suffix }}/workload_suffix"
     export SSH_KEY_FILE="${HOME}/.ssh/${KEYPAIR_NAME}"
+{% set ipv6_subnet = cifmw_os_net_setup_config | selectattr('name', 'equalto', 'public') | map(attribute='subnets') | flatten | selectattr('ip_version', 'defined') | selectattr('ip_version', 'equalto', 6) | first | default(none) %}
+    export IS_IPV6={{ ipv6_subnet is not none }}
+    export IPV6_PREFIX='{{ ipv6_subnet.cidr | default('') | regex_replace(':[^:]*$', '') if ipv6_subnet else '' }}'
+    export INSTANCE_PORT_ID=""  # Track port ID for IPv6 cleanup
     mkdir -p "${HOME}/{{ cifmw_update_artifacts_basedir_suffix }}"
+
+    # Validate SRIOV is not used with IPv6 (untested configuration)
+    local workload_sriov={{workload_sriov|default(false) | bool | ternary("True", "")}}
+    if [ "${IS_IPV6}" = "True" ] && [ -n "${workload_sriov}" ]; then
+        echo "ERROR: SRIOV configuration is not supported with IPv6 deployments (untested)"
+        exit 1
+    fi
 }
 
 function sanity_check {
@@ -187,20 +214,39 @@ function sanity_teardown {
 
     local timeout_seconds=${1:-180}
     local elapsed_seconds=0
+
     {% if workload_sriov|default(false) | bool -%}
-    openstack port delete "${SRIOV_PORT}"
+    if [ -n "${SRIOV_PORT}" ]; then
+        echo "Deleting SRIOV port ${SRIOV_PORT}"
+        openstack port delete "${SRIOV_PORT}" || echo "Warning: Failed to delete SRIOV port ${SRIOV_PORT}"
+    fi
     {% elif workload_dpdk|default(false) | bool -%}
-    openstack port delete "${DPDK_PORT}"
+    if [ -n "${DPDK_PORT}" ]; then
+        echo "Deleting DPDK port ${DPDK_PORT}"
+        openstack port delete "${DPDK_PORT}" || echo "Warning: Failed to delete DPDK port ${DPDK_PORT}"
+    fi
     {% else -%}
-    if [ -n "${INSTANCE_FIP}" ]; then
-        echo "Remove ${INSTANCE_FIP} from ${INSTANCE_NAME}"
-        openstack server remove floating ip ${INSTANCE_NAME} ${INSTANCE_FIP}
-        grep "${INSTANCE_FIP}" "${INSTANCE_FILE}"  && rm "${INSTANCE_FILE}"
+    if [ "${IS_IPV6}" = "True" ]; then
+        # For IPv6, clean up port if tracked
+        if [ -n "${INSTANCE_PORT_ID}" ]; then
+            echo "IPv6 deployment - deleting port ${INSTANCE_PORT_ID}"
+            openstack port delete "${INSTANCE_PORT_ID}" || echo "Warning: Failed to delete port ${INSTANCE_PORT_ID}"
+        else
+            echo "IPv6 deployment - no floating IP to clean up"
+        fi
+    else
+        # For IPv4, clean up floating IP
+        if [ -n "${INSTANCE_FIP}" ]; then
+            echo "Remove ${INSTANCE_FIP} from ${INSTANCE_NAME}"
+            openstack server remove floating ip ${INSTANCE_NAME} ${INSTANCE_FIP} || echo "Warning: Failed to remove floating IP from instance"
+            if [ -f "${INSTANCE_FILE}" ] && grep -q "${INSTANCE_FIP}" "${INSTANCE_FILE}"; then
+                rm "${INSTANCE_FILE}"
+            fi
 
-        echo "Delete floating ip ${INSTANCE_FIP}"
-        openstack floating ip delete ${INSTANCE_FIP}
+            echo "Delete floating ip ${INSTANCE_FIP}"
+            openstack floating ip delete ${INSTANCE_FIP} || echo "Warning: Failed to delete floating IP ${INSTANCE_FIP}"
+        fi
     fi
-
     {%- endif %}
 
     {% if cifmw_update_create_volume | default(True) | bool -%}
@@ -248,20 +294,25 @@ function sanity_teardown {
     fi
     {%- endif %}
 
-    echo "Clear default gateway from ${TENANT_NET_NAME}_router"
-    openstack router unset --external-gateway "${TENANT_NET_NAME}"_router
+    # Only clean up tenant network resources if they were created (IPv4 mode)
+    if [ "${IS_IPV6}" != "True" ]; then
+        echo "Clear default gateway from ${TENANT_NET_NAME}_router"
+        openstack router unset --external-gateway "${TENANT_NET_NAME}"_router || echo "Warning: Failed to clear gateway"
 
-    echo "Remove subnet ${TENANT_NET_NAME}_subnet from router ${TENANT_NET_NAME}_router"
-    openstack router remove subnet "${TENANT_NET_NAME}"_router "${TENANT_NET_NAME}"_subnet
+        echo "Remove subnet ${TENANT_NET_NAME}_subnet from router ${TENANT_NET_NAME}_router"
+        openstack router remove subnet "${TENANT_NET_NAME}"_router "${TENANT_NET_NAME}"_subnet || echo "Warning: Failed to remove subnet from router"
 
-    echo "Remove router ${TENANT_NET_NAME}_router"
-    openstack router delete "${TENANT_NET_NAME}_router"
+        echo "Remove router ${TENANT_NET_NAME}_router"
+        openstack router delete "${TENANT_NET_NAME}_router" || echo "Warning: Failed to delete router"
 
-    echo "Remove subnet ${TENANT_NET_NAME}_subnet"
-    openstack subnet delete "${TENANT_NET_NAME}_subnet"
+        echo "Remove subnet ${TENANT_NET_NAME}_subnet"
+        openstack subnet delete "${TENANT_NET_NAME}_subnet" || echo "Warning: Failed to delete subnet"
 
-    echo "Remove network ${TENANT_NET_NAME}"
-    openstack network delete "${TENANT_NET_NAME}"
+        echo "Remove network ${TENANT_NET_NAME}"
+        openstack network delete "${TENANT_NET_NAME}" || echo "Warning: Failed to delete network"
+    else
+        echo "IPv6 deployment - skipping tenant network cleanup (using public network directly, bootstrap router persists)"
+    fi
 
     echo "Remove security group ${SECGROUP_NAME}"
     openstack security group delete "${SECGROUP_NAME}"
@@ -283,7 +334,7 @@ function sanity_teardown {
 function workload_launch {
     # create workload
     timeout_seconds=${1:-120}
-    ssh_timeout_seconds=${1:-180}
+    ssh_timeout_seconds=${2:-180}
     local workload_sriov={{workload_sriov|default(false) | bool | ternary("True", "")}}
     local workload_dpdk={{workload_dpdk|default(false) | bool | ternary("True", "")}}
 
@@ -338,47 +389,82 @@ function workload_launch {
         fi
     fi
 
-    ## create networking
-    openstack network list | grep ${TENANT_NET_NAME}
-    if [ $? -ne 0 ]; then
-        NAMESERVER=$(grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' /etc/resolv.conf  | head -1)
-        echo "Creating router ${TENANT_NET_NAME}_router"
-        os_cmd router create ${TENANT_NET_NAME}_router
+    ## create networking for IPv4
+    if [ "${IS_IPV6}" != "True" ]; then
+        openstack network list | grep ${TENANT_NET_NAME}
+        if [ $? -ne 0 ]; then
+            # Collect all nameservers from resolv.conf
+            NAMESERVERS=$(awk '/^nameserver[[:space:]]/ {print $2}' /etc/resolv.conf)
+
+            # Build DNS arguments
+            DNS_ARGS=""
+            if [ -n "$NAMESERVERS" ]; then
+                for ns in $NAMESERVERS; do
+                    DNS_ARGS="$DNS_ARGS --dns-nameserver $ns"
+                done
+            else
+                echo "Warning: No nameservers found, using public DNS fallback"
+                DNS_ARGS="--dns-nameserver 8.8.8.8"
+            fi
+            echo "Creating router ${TENANT_NET_NAME}_router"
+            os_cmd router create ${TENANT_NET_NAME}_router
+
+            echo "Creating network ${TENANT_NET_NAME}"
+            if [ -n "${workload_dpdk}" ]; then
+                os_cmd network create ${TENANT_NET_NAME} --provider-network-type geneve
+            else
+                os_cmd network create ${TENANT_NET_NAME}
+            fi
 
-        echo "Creating network ${TENANT_NET_NAME}"
-        if [ -n "${workload_dpdk}" ]; then
-            os_cmd network create ${TENANT_NET_NAME} --provider-network-type geneve
-        else
-            os_cmd network create ${TENANT_NET_NAME}
-        fi
+            echo "Creating subnet ${TENANT_NET_NAME}_subnet"
+            os_cmd subnet create \
+                --subnet-range 192.168.0.0/24 \
+                --allocation-pool start=192.168.0.10,end=192.168.0.100 \
+                --gateway 192.168.0.254 \
+                $DNS_ARGS \
+                --network ${TENANT_NET_NAME} \
+                ${TENANT_NET_NAME}_subnet
 
-        echo "Creating subnet ${TENANT_NET_NAME}_subnet"
-        os_cmd subnet create \
-            --subnet-range 192.168.0.0/24 \
-            --allocation-pool start=192.168.0.10,end=192.168.0.100 \
-            --gateway 192.168.0.254 \
-            --dns-nameserver ${NAMESERVER} \
-            --network ${TENANT_NET_NAME} \
-            ${TENANT_NET_NAME}_subnet
+            echo "Add subnet ${TENANT_NET_NAME}_subnet to router ${TENANT_NET_NAME}_router"
+            os_cmd router add subnet  ${TENANT_NET_NAME}_router ${TENANT_NET_NAME}_subnet
 
-        echo "Add subnet ${TENANT_NET_NAME}_subnet to router ${TENANT_NET_NAME}_router"
-        os_cmd router add subnet  ${TENANT_NET_NAME}_router ${TENANT_NET_NAME}_subnet
+            echo "Set external-gateway for ${TENANT_NET_NAME}_router"
+            os_cmd router set --external-gateway ${EXTERNAL_NET_NAME} ${TENANT_NET_NAME}_router
+        fi
+    else
+        # For IPv6, ensure OVN Router Advertisement bootstrap router exists
+        # This is infrastructure-level and persists across all workload operations
+        openstack router list | grep "ovn-ipv6-bootstrap-router"
+        if [ $? -ne 0 ]; then
+            echo "Creating OVN IPv6 bootstrap router (infrastructure-level, required for SLAAC)"
+            os_cmd router create ovn-ipv6-bootstrap-router
 
-        echo "Set external-gateway for ${TENANT_NET_NAME}_router"
-        os_cmd router set --external-gateway ${EXTERNAL_NET_NAME} ${TENANT_NET_NAME}_router
+            echo "Set external-gateway for OVN IPv6 bootstrap router"
+            os_cmd router set --external-gateway ${EXTERNAL_NET_NAME} ovn-ipv6-bootstrap-router
+        fi
     fi
-
     ## create security group
     openstack security group list | grep ${SECGROUP_NAME}
     if [ $? -ne 0 ]; then
         echo "Creating security group ${SECGROUP_NAME}"
         os_cmd security group create ${SECGROUP_NAME}
 
+        # Set protocol and ethertype based on IP version
+        if [ "${IS_IPV6}" = "True" ]; then
+            ICMP_PROTO="ipv6-icmp"
+            ETHERTYPE_ARG="--ethertype IPv6"
+            echo "Creating IPv6 rules for ports 22,80,443 in security group ${SECGROUP_NAME}"
+        else
+            ICMP_PROTO="icmp"
+            ETHERTYPE_ARG=""
+            echo "Creating IPv4 rules for ports 22,80,443 in security group ${SECGROUP_NAME}"
+        fi
+
         echo "Creating rules for ports 22,80,443 in security group ${SECGROUP_NAME}"
-        os_cmd security group rule create --proto icmp ${SECGROUP_NAME}
-        os_cmd security group rule create --proto tcp --dst-port 22 ${SECGROUP_NAME}
-        os_cmd security group rule create --proto tcp --dst-port 80 ${SECGROUP_NAME}
-        os_cmd security group rule create --proto tcp --dst-port 443 ${SECGROUP_NAME}
+        os_cmd security group rule create --proto ${ICMP_PROTO} ${ETHERTYPE_ARG} ${SECGROUP_NAME}
+        os_cmd security group rule create --proto tcp --dst-port 22 ${ETHERTYPE_ARG} ${SECGROUP_NAME}
+        os_cmd security group rule create --proto tcp --dst-port 80 ${ETHERTYPE_ARG} ${SECGROUP_NAME}
+        os_cmd security group rule create --proto tcp --dst-port 443 ${ETHERTYPE_ARG} ${SECGROUP_NAME}
     fi
 
     ## create sriov port
@@ -394,25 +480,39 @@ function workload_launch {
 
 
     ## create instance
-    TENANT_NET_ID=$( openstack network show -f value -c id "${TENANT_NET_NAME}" )
-
-    echo "Creating overcloud instance ${INSTANCE_NAME}"
-    {% if workload_sriov|default(false) | bool -%}
-    os_cmd server create  \
-        --image "${IMAGE_NAME}" \
-        --flavor "${FLAVOR_NAME}" \
-        --key-name "${KEYPAIR_NAME}" \
-        --port "${SRIOV_PORT}" \
-        "${INSTANCE_NAME}"
-    {% else -%}
-    os_cmd server create  \
-        --image "${IMAGE_NAME}" \
-        --flavor "${FLAVOR_NAME}" \
-        --security-group "${SECGROUP_NAME}" \
-        --key-name  "${KEYPAIR_NAME}" \
-        --nic net-id="${TENANT_NET_ID}" \
-        "${INSTANCE_NAME}"
-    {%- endif %}
+    if [ "${IS_IPV6}" = "True" ]; then
+        # For IPv6, attach directly to public network
+        PUBLIC_NET_ID=$(openstack network show -f value -c id "${EXTERNAL_NET_NAME}")
+        echo "Creating overcloud instance ${INSTANCE_NAME} on public network (IPv6)"
+        # Note: SRIOV unsupported in IPv6 only setup (validated in prepare_env)
+        os_cmd server create  \
+            --image "${IMAGE_NAME}" \
+            --flavor "${FLAVOR_NAME}" \
+            --security-group "${SECGROUP_NAME}" \
+            --key-name  "${KEYPAIR_NAME}" \
+            --nic net-id="${PUBLIC_NET_ID}" \
+            "${INSTANCE_NAME}"
+    else
+        # For IPv4, use tenant network (original behavior)
+        TENANT_NET_ID=$( openstack network show -f value -c id "${TENANT_NET_NAME}" )
+        echo "Creating overcloud instance ${INSTANCE_NAME} on tenant network (IPv4)"
+        {% if workload_sriov|default(false) | bool -%}
+        os_cmd server create  \
+            --image "${IMAGE_NAME}" \
+            --flavor "${FLAVOR_NAME}" \
+            --key-name "${KEYPAIR_NAME}" \
+            --port "${SRIOV_PORT}" \
+            "${INSTANCE_NAME}"
+        {% else -%}
+        os_cmd server create  \
+            --image "${IMAGE_NAME}" \
+            --flavor "${FLAVOR_NAME}" \
+            --security-group "${SECGROUP_NAME}" \
+            --key-name  "${KEYPAIR_NAME}" \
+            --nic net-id="${TENANT_NET_ID}" \
+            "${INSTANCE_NAME}"
+        {% endif %}
+    fi
 
     elapsed_seconds=0
     while true; do
@@ -536,5 +636,10 @@ if [[ "${MODE}" == "sanityfast" ]]; then
     SUFFIX=$(openssl rand -hex 5)
     prepare_env
     sanity_check $FAST
-    workload_launch $FAST $FAST
+    if [ "${IS_IPV6}" = "True" ]; then
+        # IPv6 needs longer SSH timeout due to DHCP timeout, but keep boot timeout fast
+        workload_launch $FAST 180
+    else
+        workload_launch $FAST $FAST
+    fi
 fi
