Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix incoming ipv6 #199

Draft
wants to merge 8 commits into
base: dualstack-support
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/integration.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:
push:
branches:
- master
- fix-incoming-ipv6

env:
REGISTRY: ghcr.io
Expand Down
51 changes: 13 additions & 38 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ up: env control-plane-bake partition-bake
# without restarting the metal-core
# TODO: should be investigated and fixed if possible
sleep 10
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o "PubkeyAcceptedKeyTypes +ssh-rsa" root@leaf01 -i files/ssh/id_rsa 'systemctl restart metal-core'
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o "PubkeyAcceptedKeyTypes +ssh-rsa" root@leaf02 -i files/ssh/id_rsa 'systemctl restart metal-core'
ssh -F files/ssh/config leaf01 'systemctl restart metal-core'
ssh -F files/ssh/config leaf02 'systemctl restart metal-core'

.PHONY: restart
restart: down up
Expand Down Expand Up @@ -103,7 +103,9 @@ external_network:
--opt "com.docker.network.driver.mtu=9000" \
--opt "com.docker.network.bridge.name=mini_lab_ext" \
--opt "com.docker.network.bridge.enable_ip_masquerade=true" && \
sudo ip route add 203.0.113.128/25 via 203.0.113.2 dev mini_lab_ext; fi
sudo ip route add 203.0.113.128/25 via 203.0.113.2 dev mini_lab_ext && \
sudo ip route add 2001:db8:1:1::/80 via 2001:db8:1::2 dev mini_lab_ext; \
fi

.PHONY: env
env:
Expand All @@ -130,32 +132,17 @@ cleanup-partition:
_privatenet: env
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network | grep user-private-network || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000001 --name user-private-network

.PHONY: _public_ips
_public_ips: env
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network ip list --name firewall | grep firewall || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network ip create --network internet-mini-lab --project 00000000-0000-0000-0000-000000000001 --ipaddress 203.0.113.129 --name firewall
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network ip list --name machine | grep machine || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network ip create --network internet-mini-lab --project 00000000-0000-0000-0000-000000000001 --ipaddress 203.0.113.130 --name machine

.PHONY: machine
machine: _privatenet _public_ips
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --userdata "@/tmp/ignition.json" --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
machine: _privatenet
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --userdata "@/tmp/ignition.json" --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')

.PHONY: firewall
firewall: _privatenet _public_ips
firewall: _privatenet
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --userdata "@/tmp/ignition.json" --firewall-rules-file=/tmp/rules.yaml --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')

# IPv6
.PHONY: _privatenet6
_privatenet6: env
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 | grep user-private-network-6 || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network-6 --addressfamily ipv6

.PHONY: machine6
machine6: _privatenet6
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test6 --name test6 --hostname test6 --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')

.PHONY: firewall6
firewall6: _ips _privatenet6
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-ipv6-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')

.PHONY: public-ip
public-ip:
@docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network ip list --name test --network internet-mini-lab -o template --template "{{ .ipaddress }}"

.PHONY: ls
ls: env
Expand All @@ -178,11 +165,11 @@ docker-leaf02:

.PHONY: ssh-leaf01
ssh-leaf01:
ssh -o StrictHostKeyChecking=no -o "PubkeyAcceptedKeyTypes +ssh-rsa" -i files/ssh/id_rsa root@leaf01
ssh -F files/ssh/config leaf01

.PHONY: ssh-leaf02
ssh-leaf02:
ssh -o StrictHostKeyChecking=no -o "PubkeyAcceptedKeyTypes +ssh-rsa" -i files/ssh/id_rsa root@leaf02
ssh -F files/ssh/config leaf02

## MACHINE MANAGEMENT ##

Expand All @@ -202,10 +189,6 @@ password-machine01:
password-machine02:
@$(MAKE) --no-print-directory _password MACHINE_UUID=2294c949-88f6-5390-8154-fa53d93a3313

.PHONY: password-machine03
password-machine03:
@$(MAKE) --no-print-directory _password MACHINE_UUID=2a92f14d-d3b1-4d46-b813-5d058103743e

.PHONY: _free-machine
_free-machine: env
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine rm $(MACHINE_UUID)
Expand All @@ -220,10 +203,6 @@ free-machine01:
free-machine02:
@$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine02 MACHINE_UUID=2294c949-88f6-5390-8154-fa53d93a3313

.PHONY: free-machine03
free-machine03:
@$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine03 MACHINE_UUID=2a92f14d-d3b1-4d46-b813-5d058103743e

.PHONY: _console-machine
_console-machine:
@echo "exit console with CTRL+5 and then quit telnet through q + ENTER"
Expand All @@ -237,10 +216,6 @@ console-machine01:
console-machine02:
@$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4001

.PHONY: console-machine03
console-machine03:
@$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4002

## SSH TARGETS FOR MACHINES ##
# Python code could be replaced by jq, but it is not preinstalled on Cumulus
.PHONY: ssh-firewall
Expand Down
9 changes: 4 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -195,15 +195,14 @@ docker compose run --rm metalctl machine rm e0ab02d2-27cd-5a5e-8efc-080ba80cf258

## Flavors

There's few versions of mini-lab environment that you can run. We call them flavors. There's 2 flavors at the moment:
There are two versions, or flavors, of the mini-lab environment which differ in regards to the NOS running on the leaves:

- `default` -- runs 2 machines.
- `cluster-api` -- runs 3 machines. Useful for testing Control plane and worker node deployment with [Cluster API provider](https://github.com/metal-stack/cluster-api-provider-metalstack).
- `sonic` -- use SONiC as network operating system for the leaves
- `cumulus` -- runs 2 Cumulus switches.
- `sonic` -- runs 2 SONiC switches

In order to start specific flavor, you can define the flavor as follows:

```bash
export MINI_LAB_FLAVOR=cluster-api
export MINI_LAB_FLAVOR=sonic
make
```
2 changes: 1 addition & 1 deletion files/ignition.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"path": "/etc/hosts.allow",
"append": true,
"contents": {
"source": "data:,ALL%3A%20%5Bfe80%3A%3A%5D%2F10%0D%0AALL%3A%20203.0.113.1%0D%0A",
"source": "data:,ALL%3A%20%5Bfe80%3A%3A%5D%2F10%0D%0AALL%3A%20203.0.113.1%0D%0AALL%3A%202001%3Adb8%3A1%3A%3A1%0D%0A",
"verification": {}
},
"mode": 644
Expand Down
6 changes: 6 additions & 0 deletions files/rules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,9 @@ ingress:
- 203.0.113.1/25
to:
- 203.0.113.128/25
- comment: allow incoming ssh ipv6
ports:
- 22
protocol: TCP
to:
- 2001:db8:1:1::1/80
13 changes: 5 additions & 8 deletions files/ssh/config
Original file line number Diff line number Diff line change
@@ -1,17 +1,14 @@
Host leaf01
HostName leaf01
Host leaf*
User root
IdentityFile files/ssh/id_rsa
PasswordAuthentication no
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
PubkeyAcceptedKeyTypes +ssh-rsa

Host * !leaf01
Host *
User metal
IdentityFile files/ssh/id_rsa
PasswordAuthentication no
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
PubkeyAcceptedKeyTypes +ssh-rsa

Host fe80::*
# bash could be replaced with ncat, but it is not preinstalled on Cumulus
ProxyCommand ssh -q -F files/ssh/config leaf01 'sudo ip vrf exec default bash -c "exec 3<>/dev/tcp/%h/%p; cat<&0 >&3 & cat<&3 >&1"'
12 changes: 2 additions & 10 deletions images/sonic/config_db.json
Original file line number Diff line number Diff line change
Expand Up @@ -55,26 +55,18 @@
"admin_status": "up",
"mtu": "9100"
},
"Ethernet8": {
"Ethernet120": {
"lanes": "33,34,35,36",
"alias": "fortyGigE0/8",
"index": "2",
"speed": "40000",
"admin_status": "up",
"mtu": "9100"
},
"Ethernet12": {
"lanes": "37,38,39,40",
"alias": "fortyGigE0/12",
"index": "3",
"speed": "40000",
"admin_status": "up",
"mtu": "9100"
}
},
"VERSIONS": {
"DATABASE": {
"VERSION": "version_202311_03"
}
}
}
}
1 change: 1 addition & 0 deletions inventories/group_vars/all/images.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ metal_stack_release_version: develop

# metal_hammer_image_url: https://images.metal-stack.io/metal-hammer/pull-requests/<pr-number-and-title>/metal-hammer-initrd.img.lz4
# metal_api_image_name:
metal_python_version: v0.39.2
metal_api_image_tag: dualstack-support
# metal_metalctl_image_name:
metal_metalctl_image_tag: 256-dualstack-support
Expand Down
2 changes: 1 addition & 1 deletion inventories/group_vars/sonic/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ dhcp_listening_interfaces:
- Vlan4000

metal_core_spine_uplinks:
- Ethernet0
- Ethernet120

sonic_docker_routing_config_mode: split-unified
sonic_frr_mgmt_framework_config: false
Expand Down
2 changes: 0 additions & 2 deletions mini-lab.cumulus.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,5 @@ topology:
- endpoints: ["leaf02:swp1", "vms:lan1"]
- endpoints: ["leaf01:swp2", "vms:lan2"]
- endpoints: ["leaf02:swp2", "vms:lan3"]
- endpoints: ["leaf01:swp3", "vms:lan4"]
- endpoints: ["leaf02:swp3", "vms:lan5"]
- endpoints: ["leaf01:swp31", "inet:eth1"]
- endpoints: ["leaf02:swp31", "inet:eth2"]
14 changes: 6 additions & 8 deletions mini-lab.sonic.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,9 @@ topology:
- endpoints: ["inet:ext", "mini_lab_ext:inet"]
mtu: 9000
- endpoints: ["www:ext", "mini_lab_ext:www"]
- endpoints: ["leaf01:eth1", "inet:eth1"]
- endpoints: ["leaf02:eth1", "inet:eth2"]
- endpoints: ["leaf01:eth2", "vms:lan0"]
- endpoints: ["leaf02:eth2", "vms:lan1"]
- endpoints: ["leaf01:eth3", "vms:lan2"]
- endpoints: ["leaf02:eth3", "vms:lan3"]
- endpoints: ["leaf01:eth4", "vms:lan4"]
- endpoints: ["leaf02:eth4", "vms:lan5"]
- endpoints: ["leaf01:eth1", "vms:lan0"]
- endpoints: ["leaf02:eth1", "vms:lan1"]
- endpoints: ["leaf01:eth2", "vms:lan2"]
- endpoints: ["leaf02:eth2", "vms:lan3"]
- endpoints: ["leaf01:eth3", "inet:eth1"]
- endpoints: ["leaf02:eth3", "inet:eth2"]
9 changes: 0 additions & 9 deletions scripts/manage_vms.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,6 @@
"lan_indices": [2, 3],
"serial-port": 4001,
},
"machine03": {
"name": "machine03",
"uuid": "2a92f14d-d3b1-4d46-b813-5d058103743e",
"disk-path": "/machine03.img",
"disk-size": "5G",
"memory": "2G",
"lan_indices": [4, 5],
"serial-port": 4002,
},
}


Expand Down
8 changes: 8 additions & 0 deletions test/ci-cleanup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,11 @@ if [ ! -z "$running_containers" ]; then
fi

make cleanup

echo "Remove containers from previous runs"

previous_mini_lab_containers=$(docker container list --all --filter label=containerlab=mini-lab --quiet)

if [ ! -z "$previous_mini_lab_containers" ]; then
docker container rm --force $(docker container list --all --filter label=containerlab=mini-lab --quiet)
fi
2 changes: 1 addition & 1 deletion test/integration.sh
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,6 @@ echo "Test connectivity to outside ipv6"
make connect-to-www-ipv6

echo "Test connectivity from outside"
ssh -o StrictHostKeyChecking=no -o "PubkeyAcceptedKeyTypes +ssh-rsa" -i files/ssh/id_rsa metal@203.0.113.130 -C exit
ssh -F files/ssh/config metal@$(make public-ip) -C exit

echo "Successfully started mini-lab"
Loading