Support IPv6 Secondary Interface in shiftstack-qa automation#17
Support IPv6 Secondary Interface in shiftstack-qa automation#17tusharjadhav3302 wants to merge 2 commits into
Conversation
12c352f to
52bb7ae
Compare
…PRH-6486 Co-authored-by: Cursor <cursoragent@cursor.com>
52bb7ae to
80ab1dc
Compare
Co-authored-by: Cursor <cursoragent@cursor.com>
|
|
||
| - name: Build pod name to IPv6 address mapping | ||
| ansible.builtin.set_fact: | ||
| ipv6_pod_ips: "{{ ipv6_pod_ips | default({}) | combine({item.item: item.stdout}) }}" |
There was a problem hiding this comment.
default({}) only fires when the variable is undefined. Since this file is included in a loop (configure_ipv6_secondary.yml loops over projects), set_fact persists ipv6_pod_ips across iterations - the second network would inherit the first's pod-IP mappings, mixing IPs across namespaces.
The legacy IR plugin (check_ipv6_connectivity.yml:10-11) explicitly resets both variables before each iteration:
- set_fact:
pods_names: []
pods_ips: []Adding a similar set_fact: ipv6_pod_ips: {} reset at the top of this file would fix it.
| kubernetes.core.k8s_info: | ||
| kubeconfig: "{{ kubeconfig }}" | ||
| api_version: k8s.cni.cncf.io/v1 | ||
| kind: NetworkAttachmentDefinition |
There was a problem hiding this comment.
This k8s_info query has no namespace filter - it returns all NADs cluster-wide. The == check on the until assertion would fail if any other NADs exist (Multus defaults, SR-IOV operator, other tests).
Note: this is the same pattern from the legacy IR plugin (configure-ipv6-networks.cno.yml:64), so it's a ported behavior. Still worth fixing since the migration is an opportunity - consider adding a namespace filter per project, or using a subset check.
| - name: Discover IPv6 interfaces on first worker | ||
| ansible.builtin.shell: | | ||
| set -o pipefail && \ | ||
| oc adm node-logs {{ ocp_workers[0] }} | \ |
There was a problem hiding this comment.
Nit: parsing oc adm node-logs journal output for interface names is fragile - log format changes between OCP versions could break the sed regex. verify_ipv6_external_reachability.yml already uses oc debug node/ successfully - the same approach (ip -6 addr show scope global) would query live interface state directly.
Also, this discovers only on ocp_workers[0] - if NIC naming differs across workers, the macvlan config could reference a wrong interface on other nodes.
Note: the legacy IR plugin uses the same approach (configure-ipv6-networks.cno.yml:25), so this is a faithful port - but the migration is an opportunity to improve it.
| cloud: "{{ user_cloud }}" | ||
| state: absent | ||
| name: "{{ item.net_name }}" | ||
| loop: "{{ ipv6_secondary_networks.networks }}" |
There was a problem hiding this comment.
Nit: the router and subnet operations above correctly use registered_resources from the resources file, but network deletion uses ipv6_secondary_networks.networks (static config). Same pattern as the legacy (remove_ipv6_resources.yml:38) - not blocking, but using the registered IDs would be more robust.
| type: "{{ installcfg_worker_flavor }}" | ||
| serverGroupPolicy: "{{ installcfg_worker_servergrouppolicy }}" | ||
| {%- if ocp_deployment_topology.secondary_ip_protocol == 'ipv6' +%} | ||
| additionalNetworkIDs: {{ ipv6_secondary_network_ids | to_json }} |
There was a problem hiding this comment.
Nit: ipv6_secondary_network_ids is set via set_fact in the prepare play (localhost). This works when deploy_installer_host: false (the default) because installer=localhost. But with deploy_installer_host: true (used by 5 existing job definitions), the variable would be undefined here.
The IDs are already saved to the resources file - loading them back in the install role would make this portable.
Summary
create_ipv6_secondary_networks.ymlprepare task that creates IPv6 networks(slaac + dhcpstateless), subnets, and router for secondary worker interfaces
configure_ipv6_secondaryday2ops procedure that applies DHCP kernel argMachineConfig, patches CNO with macvlan additionalNetworks, deploys test pods,
and verifies pod-to-pod IPv6 connectivity
secondary_ip_protocolinstead ofnon-existent
network_secondaryosp_verification_ipv6_secondary.yamljob definition (4-stable) for the scenarioconfigs/global.ymlDetails
Prepare phase:
Install phase:
additionalNetworkIDsto install-config worker platform block whensecondary_ip_protocol == 'ipv6', so Nova pre-creates IPv6 ports on workersPost-install (day2ops procedure):
05-worker-kernelarg-dhcpMachineConfig forip=dhcp,dhcp6oc adm node-logsoc debug node/from worker nodesCleanup:
cleanup_ipv6_secondary.ymldetaches subnets, removes router and networksFuture Scope (not in this PR)
(
scenarios/baremetal/shiftstack/tests-ipv6-secondary.yml) pointing to thenew job definition for automated Zuul scheduling.
IPv6 secondary networks for full VM-to-pod and pod-to-VM validation.
Deferred because it requires admin-only OpenStack operations (image upload, flavor creation).
and re-check connectivity.
Test Plan
ansible-lintpasses with production profileosp_verification_ipv6_secondary.yamloc debug node/Jira
https://redhat.atlassian.net/browse/OSPRH-6486