action #133358
openQA - coordination #121720: [saga][epic] Migration to QE setup in PRG2+NUE3 while ensuring availability
QA - coordination #123800: [epic] Provide SUSE QE Tools services running in PRG2 aka. Prg CoLo
Migration of o3 VM to PRG2 - Ensure IPv6 is fully working
0%
Description
Motivation¶
o3 was migrated to PRG2 but IPv6 is not fully working and should be done properly
Acceptance criteria¶
- AC1: o3 is reachable over IPv6 as SUSE R&D internally
- AC2: Same as AC1 but for community members outside SUSE
Suggestions¶
- Look in #132143 for IPv6 related notes
- Ensure IPv6 is no longer completely disabled in
/etc/sysctl.conf(because it was disabled to workaround login problems, see #133403#note-5) - Coordinate with Eng-Infra to ensure IPv6 entries can be resolved and routed properly
- Activate IPv6 on the system and fix issues as they appear
- Make sure this is reboot-safe
Updated by okurz 9 months ago
- Copied from action #132143: Migration of o3 VM to PRG2 - 2023-07-19 size:M added
Updated by okurz 9 months ago
- Related to action #133403: Login on o3 does not work added
Updated by okurz 9 months ago
- Status changed from New to Blocked
- Assignee set to okurz
I created https://sd.suse.com/servicedesk/customer/portal/1/SD-128488 but we should also keep in mind https://sd.suse.com/servicedesk/customer/portal/1/SD-127745 for oqa-jumpy. I think without those two SD tickets resolved there is no point in further debugging.
Updated by okurz 8 months ago
- Related to action #134948: Ensure IPv6 is working in the OSD setup (since we have workers in PRG2 and the VM has been migrated) size:M added
Updated by okurz 8 months ago
https://sd.suse.com/servicedesk/customer/portal/1/SD-127745 resolved, https://sd.suse.com/servicedesk/customer/portal/1/SD-128488 still open and valid
Updated by okurz 7 months ago
OSD IPv6 was properly fixed meanwhile, https://sd.suse.com/servicedesk/customer/portal/1/SD-128488 still open for o3
Updated by okurz 5 months ago
- Related to action #151130: IPv6 for openqa.opensuse.org and open.qa added
Updated by okurz 3 months ago
Will re-enable IPv6 on openqa.opensuse.org and reboot the machine. Expect horrible catastrophes to happen … or nothing at all :)
on o3 in /etc/sysctl.conf removed
# workaround poo#133403
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
new-ariel:~ # wicked ifstatus all
lo up
link: #1, state up
type: loopback
config: compat:suse:/etc/sysconfig/network/ifcfg-lo
leases: ipv4 static granted
leases: ipv6 static granted
addr: ipv4 127.0.0.1/8 [static]
addr: ipv6 ::1/128 [static]
eth0 up
link: #2, state up, mtu 1500
type: ethernet, hwaddr 02:00:00:db:4a:10
config: compat:suse:/etc/sysconfig/network/ifcfg-eth0
leases: ipv4 static granted
addr: ipv4 10.150.2.10/24 [static]
route: ipv4 default via 10.150.2.254 proto boot
eth1 up
link: #3, state up, mtu 1500
type: ethernet, hwaddr 02:00:00:db:4a:11
config: compat:suse:/etc/sysconfig/network/ifcfg-eth1
leases: ipv4 static granted
addr: ipv4 10.150.1.11/24 [static]
route: ipv4 10.151.15.2/32 via 10.150.1.254 proto boot
new-ariel:~ # wicked ifup all
lo up
eth0 up
eth1 up
new-ariel:~ # wicked ifstatus all
lo up
link: #1, state up
type: loopback
config: compat:suse:/etc/sysconfig/network/ifcfg-lo
leases: ipv4 static granted
leases: ipv6 static granted
addr: ipv4 127.0.0.1/8 [static]
addr: ipv6 ::1/128 [static]
eth0 up
link: #2, state up, mtu 1500
type: ethernet, hwaddr 02:00:00:db:4a:10
config: compat:suse:/etc/sysconfig/network/ifcfg-eth0
leases: ipv4 static granted
leases: ipv6 static granted
addr: ipv4 10.150.2.10/24 [static]
addr: ipv6 2a07:de40:b281:2:10:150:2:10/64 [static]
route: ipv4 default via 10.150.2.254 [static]
route: ipv6 default via 2a07:de40:b281:2:ffff:ffff:ffff:ffff metric 1024 proto boot
eth1 up
link: #3, state up, mtu 1500
type: ethernet, hwaddr 02:00:00:db:4a:11
config: compat:suse:/etc/sysconfig/network/ifcfg-eth1
leases: ipv4 static granted
addr: ipv4 10.150.1.11/24 [static]
route: ipv4 10.151.15.2/32 via 10.150.1.254 [static]
new-ariel:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:00:00:db:4a:10 brd ff:ff:ff:ff:ff:ff
altname enp0s2
altname ens2
inet 10.150.2.10/24 brd 10.150.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a07:de40:b281:2:10:150:2:10/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ff:fedb:4a10/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:00:00:db:4a:11 brd ff:ff:ff:ff:ff:ff
altname enp0s3
altname ens3
inet 10.150.1.11/24 brd 10.150.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::ff:fedb:4a11/64 scope link
valid_lft forever preferred_lft forever
new-ariel:~ # ip r
default via 10.150.2.254 dev eth0
10.150.1.0/24 dev eth1 proto kernel scope link src 10.150.1.11
10.150.2.0/24 dev eth0 proto kernel scope link src 10.150.2.10
10.151.15.2 via 10.150.1.254 dev eth1
new-ariel:~ # ip -6 r
2a07:de40:b281:2::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via 2a07:de40:b281:2:ffff:ffff:ffff:ffff dev eth0 metric 1024 pref medium
I could connect over SSH IPv6 now as well. No login problems on https://openqa.opensuse.org. Now a AAAA record for openqa.opensuse.org needs to be (re-)added.
Commented on the SD ticket accordingly.
Updated by jbaier_cz 26 days ago
- Related to action #156322: zabbix-proxy.dmz-prg2.suse.org not reachable from ariel.suse-dmz.opensuse.org added
Updated by okurz 6 days ago
- Target version changed from future to Ready
Movement in https://sd.suse.com/servicedesk/customer/portal/1/SD-128488. Firewall config is done, external IPv6 address is reachabled. Added listen [::]:443 http2 ssl; in the nginx config. and changed internal connections from 127.0.0.1 to [::1]. Now I get a response on https://[2a07:de40:b251:2:10:150:2:10], pending DNS config.
Updated by okurz 5 days ago
- Related to action #159558: network unreachable on aarch64-o3 added
Updated by okurz about 9 hours ago
- Related to tickets #159759: Add AAAA+reverse-PTR for openqa.opensuse.org pointing to 2a07:de40:b251:2:10:150:2:10 added