Bug 1972524: baremetal: Ensure ipv6 bootstrap VM client-id is predictable #5110

hardys · 2021-07-28T12:39:09Z

In #4052 we added interfaces to control the MAC addresses for the
NICs in the bootstrap VM, so that in environments where DHCP pools
are not allowed, a static reservation can be made.

Unfortunately that doesn't work in ipv6 environments currently,
because NetworkManager needs a specific configuration similar to
that applied via the MCO[1] for cluster hosts to ensure the
generated client-ID is derived from the MAC and predictable.

[1] https://github.com/openshift/machine-config-operator/blob/master/templates/common/on-prem/files/NetworkManager-onprem.conf.yaml

In openshift#4052 we added interfaces to control the MAC addresses for the NICs in the bootstrap VM, so that in environments where DHCP pools are not allowed, a static reservation can be made. Unfortunately that doesn't work in ipv6 environments currently, because NetworkManager needs a specific configuration similar to that applied via the MCO[1] for cluster hosts to ensure the generated client-ID is derived from the MAC and predictable. [1] https://github.com/openshift/machine-config-operator/blob/master/templates/common/on-prem/files/NetworkManager-onprem.conf.yaml

openshift-ci · 2021-07-28T12:39:28Z

@hardys: This pull request references Bugzilla bug 1972524, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.9.0) matches configured target release for branch (4.9.0)
bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla ([email protected]), skipping review request.

In response to this:

Bug 1972524: baremetal: Ensure ipv6 bootstrap VM client-id is predictable

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

hardys · 2021-07-28T12:41:16Z

I tested this and we can now see if you set e.g externalMACAddress: "00:51:ff:2b:0d:5e" that the client-ID is derived from the MAC like the cluster hosts:

Expiry Time           MAC address         Protocol   IP address                    Hostname   Client ID or DUID
------------------------------------------------------------------------------------------------------------------------------------------------------
 2021-07-28 14:29:14   00:51:ff:2b:0d:45   ipv6       fd2e:6f44:5dd8:c956::14/120   master-0   00:03:00:01:00:51:ff:2b:0d:45
 2021-07-28 14:29:25   00:51:ff:2b:0d:49   ipv6       fd2e:6f44:5dd8:c956::15/120   master-1   00:03:00:01:00:51:ff:2b:0d:49
 2021-07-28 14:29:39   00:51:ff:2b:0d:4d   ipv6       fd2e:6f44:5dd8:c956::16/120   master-2   00:03:00:01:00:51:ff:2b:0d:4d
 2021-07-28 14:13:08   00:51:ff:2b:0d:5e   ipv6       fd2e:6f44:5dd8:c956::3c/120   -          00:03:00:01:00:51:ff:2b:0d:5e

hardys · 2021-07-28T12:41:36Z

/label platform/baremetal

These control the MAC for the bootstrap VM NICs, not the bridges on the host where the VM is running.

hardys · 2021-07-28T12:45:25Z

/cc @stbenjam @yrobla

I also added a commit to clarify the install-config docs, since we currently say they control the bridge MAC which isn't strictly accurate.

hardys · 2021-07-28T12:50:46Z

Note we should ensure e2e-metal-ipi-ovn-ipv6 passes before merging this

hardys · 2021-07-28T16:20:34Z

/test e2e-metal-ipi-ovn-ipv6

hardys · 2021-07-29T08:12:43Z

/test e2e-metal-ipi-ovn-ipv6

hardys · 2021-07-30T10:09:05Z

/test e2e-metal-ipi-ovn-ipv6

kirankt

/lgtm

kirankt · 2021-08-05T18:21:06Z

/test e2e-metal-ipi-ovn-ipv6

stbenjam · 2021-08-05T18:25:13Z

/approve
/hold

Feel free to release the hold when metal IPv6 passes

openshift-ci · 2021-08-05T18:25:23Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kirankt, stbenjam

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~data/data/bootstrap/baremetal/OWNERS~~ [stbenjam]
~~docs/user/metal/OWNERS~~ [stbenjam]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

hardys · 2021-08-06T08:27:40Z

/test e2e-metal-ipi-ovn-ipv6

hardys · 2021-08-06T11:10:17Z

Looks like we hit an issue which will be fixed via openshift/cluster-kube-apiserver-operator#1202 - probably best to hold off retesting until that lands

kirankt · 2021-08-11T13:20:51Z

/retest

kirankt · 2021-08-11T17:28:14Z

/test e2e-metal-ipi-ovn-ipv6

hardys · 2021-08-24T12:23:37Z

/test e2e-metal-ipi-ovn-ipv6

openshift-ci · 2021-08-24T12:47:54Z

@hardys: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-workers-rhel7	`b13a1e0`	link	`/test e2e-aws-workers-rhel7`
ci/prow/e2e-openstack-byon	`b13a1e0`	link	`/test e2e-openstack-byon`
ci/prow/e2e-aws-single-node	`b13a1e0`	link	`/test e2e-aws-single-node`
ci/prow/e2e-crc	`b13a1e0`	link	`/test e2e-crc`
ci/prow/e2e-metal-ipi-ovn-ipv6	`b13a1e0`	link	`/test e2e-metal-ipi-ovn-ipv6`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

zaneb · 2021-08-24T16:20:59Z

/retest-required

zaneb · 2021-08-24T19:19:20Z

/hold cancel

openshift-ci · 2021-08-24T19:37:30Z

@hardys: All pull requests linked via external trackers have merged:

openshift/installer#5110

Bugzilla bug 1972524 has been moved to the MODIFIED state.

In response to this:

Bug 1972524: baremetal: Ensure ipv6 bootstrap VM client-id is predictable

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

hardys · 2021-09-29T10:00:26Z

/cherry-pick release-4.8

openshift-cherrypick-robot · 2021-09-29T10:01:20Z

@hardys: new pull request created: #5250

In response to this:

/cherry-pick release-4.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

In openshift#5110 we hade sure that for Baremetal IPI the IPv6 bootstrap VM client-id is predictable. This however did not cover UPI deployments. With this change deployments with platform `none` will also use predictable client-id. Fixes: OCPBUGS-33496

openshift-ci bot requested review from markmc and russellb July 28, 2021 12:39

openshift-ci bot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Jul 28, 2021

openshift-ci bot added the platform/baremetal IPI bare metal hosts platform label Jul 28, 2021

baremetal: clarify docs for MACAddress options

b13a1e0

These control the MAC for the bootstrap VM NICs, not the bridges on the host where the VM is running.

openshift-ci bot requested review from stbenjam and yrobla July 28, 2021 12:45

hardys removed request for markmc and russellb July 28, 2021 12:50

kirankt approved these changes Aug 5, 2021

View reviewed changes

openshift-ci bot assigned kirankt Aug 5, 2021

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021

openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 5, 2021

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 5, 2021

openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 24, 2021

openshift-merge-robot merged commit 85e923a into openshift:master Aug 24, 2021

openshift-cherrypick-robot mentioned this pull request Sep 29, 2021

Bug 2008823: baremetal: Ensure ipv6 bootstrap VM client-id is predictable #5250

Merged

mkowalski mentioned this pull request May 27, 2024

OCPBUGS-33496: ensure ipv6 bootstrap VM client-id is predictable #8480

Open

Bug 1972524: baremetal: Ensure ipv6 bootstrap VM client-id is predictable #5110

Bug 1972524: baremetal: Ensure ipv6 bootstrap VM client-id is predictable #5110

Uh oh!

Conversation

hardys commented Jul 28, 2021

Uh oh!

openshift-ci bot commented Jul 28, 2021

Uh oh!

hardys commented Jul 28, 2021

Uh oh!

hardys commented Jul 28, 2021

Uh oh!

hardys commented Jul 28, 2021

Uh oh!

hardys commented Jul 28, 2021

Uh oh!

hardys commented Jul 28, 2021

Uh oh!

hardys commented Jul 29, 2021

Uh oh!

hardys commented Jul 30, 2021

Uh oh!

kirankt left a comment

Choose a reason for hiding this comment

Uh oh!

kirankt commented Aug 5, 2021

Uh oh!

stbenjam commented Aug 5, 2021

Uh oh!

openshift-ci bot commented Aug 5, 2021

Uh oh!

hardys commented Aug 6, 2021

Uh oh!

hardys commented Aug 6, 2021

Uh oh!

kirankt commented Aug 11, 2021

Uh oh!

kirankt commented Aug 11, 2021

Uh oh!

hardys commented Aug 24, 2021

Uh oh!

openshift-ci bot commented Aug 24, 2021

Uh oh!

zaneb commented Aug 24, 2021

Uh oh!

zaneb commented Aug 24, 2021

Uh oh!

openshift-ci bot commented Aug 24, 2021

Uh oh!

hardys commented Sep 29, 2021

Uh oh!

openshift-cherrypick-robot commented Sep 29, 2021

Uh oh!

Uh oh!