Project

General

Profile

Actions

action #133358

closed

QA - coordination #121720: [saga][epic] Migration to QE setup in PRG2+NUE3 while ensuring availability

QA - coordination #123800: [epic] Provide SUSE QE Tools services running in PRG2 aka. Prg CoLo

Migration of o3 VM to PRG2 - Ensure IPv6 is fully working

Added by okurz 11 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Feature requests
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Motivation

o3 was migrated to PRG2 but IPv6 is not fully working and should be done properly

Acceptance criteria

  • AC1: o3 is reachable over IPv6 as SUSE R&D internally
  • AC2: Same as AC1 but for community members outside SUSE

Suggestions

  • Look in #132143 for IPv6 related notes
  • Ensure IPv6 is no longer completely disabled in /etc/sysctl.conf (because it was disabled to workaround login problems, see #133403#note-5)
  • Coordinate with Eng-Infra to ensure IPv6 entries can be resolved and routed properly
  • Activate IPv6 on the system and fix issues as they appear
  • Make sure this is reboot-safe

Related issues 7 (1 open6 closed)

Related to openQA Infrastructure - action #133403: Login on o3 does not workResolvedmkittler2023-07-26

Actions
Related to openQA Infrastructure - action #134948: Ensure IPv6 is working in the OSD setup (since we have workers in PRG2 and the VM has been migrated) size:MResolvedokurz2023-08-31

Actions
Related to openQA Infrastructure - action #151130: IPv6 for openqa.opensuse.org and open.qa size:SWorkable2023-11-19

Actions
Related to openQA Infrastructure - action #156322: zabbix-proxy.dmz-prg2.suse.org not reachable from ariel.suse-dmz.opensuse.orgResolvedjbaier_cz2024-02-29

Actions
Related to openQA Tests - action #159558: network unreachable on aarch64-o3Resolvedmkittler2024-04-24

Actions
Related to openSUSE admin - tickets #159759: Add AAAA+reverse-PTR for openqa.opensuse.org pointing to 2a07:de40:b251:2:10:150:2:10Resolvedcrameleon2024-04-29

Actions
Copied from openQA Infrastructure - action #132143: Migration of o3 VM to PRG2 - 2023-07-19 size:MResolvednicksinger2023-06-29

Actions
Actions #1

Updated by okurz 11 months ago

  • Copied from action #132143: Migration of o3 VM to PRG2 - 2023-07-19 size:M added
Actions #2

Updated by mkittler 11 months ago

  • Description updated (diff)
Actions #3

Updated by okurz 11 months ago

Actions #4

Updated by okurz 11 months ago

  • Status changed from New to Blocked
  • Assignee set to okurz

I created https://sd.suse.com/servicedesk/customer/portal/1/SD-128488 but we should also keep in mind https://sd.suse.com/servicedesk/customer/portal/1/SD-127745 for oqa-jumpy. I think without those two SD tickets resolved there is no point in further debugging.

Actions #5

Updated by okurz 10 months ago

  • Related to action #134948: Ensure IPv6 is working in the OSD setup (since we have workers in PRG2 and the VM has been migrated) size:M added
Actions #7

Updated by okurz 9 months ago

  • Target version changed from Ready to Tools - Next
Actions #8

Updated by okurz 9 months ago

OSD IPv6 was properly fixed meanwhile, https://sd.suse.com/servicedesk/customer/portal/1/SD-128488 still open for o3

Actions #9

Updated by okurz 7 months ago

  • Related to action #151130: IPv6 for openqa.opensuse.org and open.qa size:S added
Actions #10

Updated by okurz 4 months ago

Will re-enable IPv6 on openqa.opensuse.org and reboot the machine. Expect horrible catastrophes to happen … or nothing at all :)

on o3 in /etc/sysctl.conf removed

# workaround poo#133403
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
new-ariel:~ # wicked ifstatus all
lo              up
      link:     #1, state up
      type:     loopback
      config:   compat:suse:/etc/sysconfig/network/ifcfg-lo
      leases:   ipv4 static granted
      leases:   ipv6 static granted
      addr:     ipv4 127.0.0.1/8 [static]
      addr:     ipv6 ::1/128 [static]

eth0            up
      link:     #2, state up, mtu 1500
      type:     ethernet, hwaddr 02:00:00:db:4a:10
      config:   compat:suse:/etc/sysconfig/network/ifcfg-eth0
      leases:   ipv4 static granted
      addr:     ipv4 10.150.2.10/24 [static]
      route:    ipv4 default via 10.150.2.254 proto boot

eth1            up
      link:     #3, state up, mtu 1500
      type:     ethernet, hwaddr 02:00:00:db:4a:11
      config:   compat:suse:/etc/sysconfig/network/ifcfg-eth1
      leases:   ipv4 static granted
      addr:     ipv4 10.150.1.11/24 [static]
      route:    ipv4 10.151.15.2/32 via 10.150.1.254 proto boot
new-ariel:~ # wicked ifup all
lo              up
eth0            up
eth1            up
new-ariel:~ # wicked ifstatus all
lo              up
      link:     #1, state up
      type:     loopback
      config:   compat:suse:/etc/sysconfig/network/ifcfg-lo
      leases:   ipv4 static granted
      leases:   ipv6 static granted
      addr:     ipv4 127.0.0.1/8 [static]
      addr:     ipv6 ::1/128 [static]

eth0            up
      link:     #2, state up, mtu 1500
      type:     ethernet, hwaddr 02:00:00:db:4a:10
      config:   compat:suse:/etc/sysconfig/network/ifcfg-eth0
      leases:   ipv4 static granted
      leases:   ipv6 static granted
      addr:     ipv4 10.150.2.10/24 [static]
      addr:     ipv6 2a07:de40:b281:2:10:150:2:10/64 [static]
      route:    ipv4 default via 10.150.2.254 [static]
      route:    ipv6 default via 2a07:de40:b281:2:ffff:ffff:ffff:ffff metric 1024 proto boot

eth1            up
      link:     #3, state up, mtu 1500
      type:     ethernet, hwaddr 02:00:00:db:4a:11
      config:   compat:suse:/etc/sysconfig/network/ifcfg-eth1
      leases:   ipv4 static granted
      addr:     ipv4 10.150.1.11/24 [static]
      route:    ipv4 10.151.15.2/32 via 10.150.1.254 [static]
new-ariel:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 02:00:00:db:4a:10 brd ff:ff:ff:ff:ff:ff
    altname enp0s2
    altname ens2
    inet 10.150.2.10/24 brd 10.150.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a07:de40:b281:2:10:150:2:10/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::ff:fedb:4a10/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 02:00:00:db:4a:11 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
    inet 10.150.1.11/24 brd 10.150.1.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::ff:fedb:4a11/64 scope link 
       valid_lft forever preferred_lft forever
new-ariel:~ # ip r
default via 10.150.2.254 dev eth0 
10.150.1.0/24 dev eth1 proto kernel scope link src 10.150.1.11 
10.150.2.0/24 dev eth0 proto kernel scope link src 10.150.2.10 
10.151.15.2 via 10.150.1.254 dev eth1 
new-ariel:~ # ip -6 r
2a07:de40:b281:2::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via 2a07:de40:b281:2:ffff:ffff:ffff:ffff dev eth0 metric 1024 pref medium

I could connect over SSH IPv6 now as well. No login problems on https://openqa.opensuse.org. Now a AAAA record for openqa.opensuse.org needs to be (re-)added.

Commented on the SD ticket accordingly.

Actions #11

Updated by ph03nix 4 months ago

yay! Thanks Oliver :-)

Actions #12

Updated by okurz 4 months ago

  • Target version changed from Tools - Next to future
Actions #13

Updated by jbaier_cz 3 months ago

  • Related to action #156322: zabbix-proxy.dmz-prg2.suse.org not reachable from ariel.suse-dmz.opensuse.org added
Actions #14

Updated by okurz about 2 months ago

  • Target version changed from future to Ready

Movement in https://sd.suse.com/servicedesk/customer/portal/1/SD-128488. Firewall config is done, external IPv6 address is reachabled. Added listen [::]:443 http2 ssl; in the nginx config. and changed internal connections from 127.0.0.1 to [::1]. Now I get a response on https://[2a07:de40:b251:2:10:150:2:10], pending DNS config.

Actions #15

Updated by okurz about 2 months ago

Actions #16

Updated by okurz about 2 months ago

  • Related to tickets #159759: Add AAAA+reverse-PTR for openqa.opensuse.org pointing to 2a07:de40:b251:2:10:150:2:10 added
Actions #17

Updated by okurz about 2 months ago

  • Category set to Feature requests
  • Status changed from Blocked to Resolved

I verified and everything seems to work fine.

Actions

Also available in: Atom PDF