Page MenuHomePhabricator
Create Task
Maniphest T37947

Enable IPv6 on CloudVPS
Closed, ResolvedPublic
Actions

Description

Update OpenStack to a version which supports IPv6 and enable it (cf. also T73218).

Details

Reference
bz35947
SubjectRepoBranchLines +/-
Update GeoIP maps for new WMCS rangesoperations/dnsmaster+37 -34
Add semicolon to end of prefix in cloud6 prefix listoperations/homer/publicmaster+1 -1
Modifications to CR BGP policy for eqiad cloud-private IPv6 aggregateoperations/homer/publicmaster+13 -0
Add WMCS cloud-private eqiad ranges to private6 prefix listoperations/homer/publicmaster+2 -0
Remove cloud hosts except clouddb from the "no IPv6 hostname" listoperations/software/netbox-extrasmaster+0 -7
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT53494 Use Beta cluster as a true canary for code deployments (epic)
 OpenNoneT87220 Minimize infrastructure differences between Beta Cluster and production
 OpenNoneT211677 Support IPv6 in beta
 OpenNoneT270694 CloudVPS: introduce tenant networks
 Resolved aborreroT364725 Migrate Cloud VPS instances to VXLAN based networks
 OpenNoneT392688 Enable IPv6 on Cloud VPS infrastructure services
 Resolved taaviT379175 Enable IPv6 for the Cloud VPS web proxy
 OpenNoneT392509 Enable IPv6 for Toolforge services
 Resolved taaviT392506 Enable IPv6 for tools.wmflabs.org / *.toolserver.org legacy redirector service
 Resolved taaviT211575 Enable IPv6 on toolforge.org
 OpenNoneT220306 Add IPv6 monitoring
 Resolved aborreroT37947 Enable IPv6 on CloudVPS
 Resolved aborreroT245495 CloudVPS: IPv6 in codfw1dev
 Resolved aborreroT187929 Cloud IPv6 subnets
 Resolved aborreroT374712 netbox: create IPv6 entries for Cloud VPS
 Resolved aborreroT376462 dns: integrate PTR support for 2a02:ec80:a100::/48
 Resolved aborreroT374715 openstack: work out IPv6 and designate integration
 Resolved aborreroT377740 neutron: clarify why DNS extension is not enabled
 Resolved aborreroT378192 openstack: wmf sink: extend it to support IPv6
 Resolved aborreroT378995 openstack codfw1dev: API endpoints errors 2024-11-04
 Resolved aborreroT374714 openstack: clarify IPv6 firewalling
 Resolved aborreroT377339 horizon: enable IPv6 security group panels
 Resolved aborreroT374716 cloudgw: add support and enable IPv6
 ResolvedcmooneyT374713 cloudsw: codfw: enable IPv6
 Resolved aborreroT376879 keepalived: it doesn't support mixing IPv4 and IPv6 VIPs on the same VRRP instance
 Resolved aborreroT375847 openstack: initial IPv6 support in neutron
 Resolved aborreroT377467 Decision Request - How to do the Cloud VPS VXLAN/IPv6 migration
 Resolved aborreroT379356 openstack: nova-fullstack: add support for IPv6
 Resolved aborreroT380208 openstack: codfw1dev: fullstack tests failing
 Resolved aborreroT380303 Openstack: many orphaned (or seemingly orphaned) VMs in codfw1dev
 Resolved aborreroT380054 Cloud VPS: prepare documentation on VXLAN/IPV6 migration
 Resolved aborreroT380081 horizon: enable the UI to select networks on VM creation panel
 Resolved aborreroT380174 CloudVPS: IPv6 in eqiad1
 Resolved aborreroT380703 versions.toolforge.org is down
 Resolved aborreroT380728 openstack: network problems when introducing new networks
 ResolvedcmooneyT389958 WMCS Eqiad: Enable IPv6 in cloud vrf on switches
 Resolved aborreroT390877 HAProxyServiceUnavailable
Resolved aborreroT391043 CephClusterInError #page Ceph cluster in eqiad is in error status
 Resolved aborreroT391040 CloudVirtDown Cloudvirt node cloudvirt1063 is down. #page
 Resolved aborreroT391039 CephSlowOps Ceph cluster in eqiad has 486 slow ops
 Resolved aborreroT391325 openstack: improve networktests for newer network setup
 ResolvedfnegriT391467 gitlab ci: validate secrets settings in pipeline for tofu integration
 ResolvedcmooneyT380746 dns: add PTR support for 2a02:ec80:a000::
 Resolved taaviT386689 Add new WMCS IPv6 ranges to MediaWiki configuration where required
 ResolvedcmooneyT388379 ProbeDown
Resolved aborreroT389942 openstack: rename lan-flat-cloudinstances2b to VLAN/legacy
 ResolvedJAllemandouT392468 Add new WMCS IP ranges to analytics
 Resolved taaviT392570 metricsinfra: Support scraping v6-enabled instances
 Resolved taaviT392611 VMs with ferm host-level firewall do not permit DHCPv6 responses

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
aborrero added a subscriber: chasemp.Dec 14 2018, 10:43 AM

Persisting here some notes from @chasemp for future reference:

  • This comes from around Kilo time when IPv6 was first being introduced and it was described as planning to be ready for general deploy in Newton. This is just a note I have from that time.
  • BGP for Neutron routers and an upstream is seemingly only a serious option starting in Mitaka and I believe we talked about not wanting to plan on implementing both at once so probably that doubled down on the Newton narrative.
  • At the time we started kicking this around it was unclear what the relationship was going to be between VXLAN (or other overlays) and IPv6. AFAICT overlays still require the host to use IPv4 even if the tenants are on IPv6, which is OK. It seems like ironically IPv6 within the Cloud is tested much better than IPv6 for control plane components.
  • I have a note that indicates Router HA is not viable for IPv6 in Mitka with prefix designation https://docs.openstack.org/mitaka/networking-guide/config-ipv6.html. Whether this seriously matters probably depends on what the ideal model is here but in some dusty corner of my brain the idea that each tenant has globally unique IPv6 space via some overlay mechanism with HA software routers wouldn't work out it seems.

TLDR pre-Neutron things were very unclear what would even be possible

aborrero moved this task from Needs discussion to Soon! on the cloud-services-team (Kanban) board.Dec 14 2018, 10:44 AM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 7:47 PM
Krenair added a parent task: T220306: Add IPv6 monitoring.Apr 7 2019, 6:23 PM
SQL subscribed.Jun 5 2019, 1:27 AM
AfroThundr3007730 subscribed.Jun 5 2019, 1:39 AM
Tomskyhaha subscribed.Jun 13 2019, 12:06 AM
bd808 added a project: Epic.Sep 11 2019, 3:34 PM
bd808 moved this task from Soon! to Epics on the cloud-services-team (Kanban) board.
DoRD unsubscribed.Sep 11 2019, 4:18 PM
aborrero added a comment.Mar 30 2020, 5:28 PM

CloudVPS now uses a version of openstack that fully supports IPv6. Research/PoC work on IPv6 can be seen at T245495: CloudVPS: IPv6 in codfw1dev

mdaniels5757 subscribed.Apr 18 2020, 7:14 PM
Dzahn awarded a token.Nov 2 2020, 7:06 PM
ayounsi mentioned this in T267376: Set up IP addresses for the new wiki replicas setup.Nov 12 2020, 12:51 PM
jberkel subscribed.Nov 14 2020, 7:17 PM
taavi subscribed.Nov 23 2020, 7:54 AM
aborrero removed a subtask: T209460: CloudVPS: network architecture.Jan 19 2021, 3:58 PM
ElHef subscribed.Dec 26 2021, 2:38 PM
Stang subscribed.Dec 31 2021, 5:46 PM
Tks4Fish mentioned this in T187929: Cloud IPv6 subnets.Jan 14 2022, 6:22 PM
AntiCompositeNumber mentioned this in T274050: Users trying to analyze pages are being told they are blocked when they are not.Jan 31 2022, 3:56 PM
LSobanski removed a project: SRE.Nov 7 2022, 3:04 PM
Allen4names unsubscribed.Nov 8 2022, 12:22 AM
fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:45 PM
fnegri moved this task from Kanban to Epics on the cloud-services-team board.
bd808 mentioned this in T211575: Enable IPv6 on toolforge.org.Feb 10 2023, 12:43 AM
bd808 added a subtask: T245495: CloudVPS: IPv6 in codfw1dev.
Rail subscribed.Feb 11 2023, 6:54 PM
JJMC89 merged a task: T329911: Deploy IPv6 for wmflabs.org.Feb 17 2023, 1:43 AM
JJMC89 added subscribers: I, Aklapper.
I added a comment.Feb 17 2023, 1:49 AM

Obviously, no one has come up with this idea since 2012, and it's still the same after 11 years, which is sad.

GeneralNotability subscribed.Nov 18 2023, 7:44 PM
gerritbot added a comment.Nov 20 2023, 2:21 PM

Change 975826 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/software/netbox-extras@master] Remove cloud hosts except clouddb from the "no IPv6 hostname" list

https://gerrit.wikimedia.org/r/975826

gerritbot added a project: Patch-For-Review.Nov 20 2023, 2:21 PM
gerritbot added a comment.Nov 20 2023, 6:11 PM

Change 975826 merged by jenkins-bot:

[operations/software/netbox-extras@master] Remove cloud hosts except clouddb from the "no IPv6 hostname" list

https://gerrit.wikimedia.org/r/975826

cmooney mentioned this in rOSNE2b0436dee4d3: Remove cloud hosts except clouddb from the "no IPv6 hostname" list.Nov 20 2023, 6:11 PM
Maintenance_bot removed a project: Patch-For-Review.Nov 20 2023, 6:30 PM
GPSLeo subscribed.May 12 2024, 6:41 PM

What is the status on this? The lack of IPv6 support of the webservice seems to be one of the reasons for slow connections from some internet providers. T362822

Dzahn subscribed.May 31 2024, 12:54 AM

Just wanted to add this is still a source of trouble for us when trying to use cloud VPS to have test machines. We keep having to work around it a lot in different contexts just like many years ago.

taavi moved this task from Unsorted to Network on the Cloud-VPS board.Jun 4 2024, 4:09 PM
aborrero added a project: User-aborrero.Jul 1 2024, 1:24 PM
aborrero added a parent task: T364725: Migrate Cloud VPS instances to VXLAN based networks.Sep 13 2024, 12:40 PM
aborrero added a subscriber: cmooney.

It has been suggested by @cmooney that we introduce support for IPv6 while on the migration for T364725: Migrate Cloud VPS instances to VXLAN based networks, which I agree, and I'll try to do.

aborrero mentioned this in T364725: Migrate Cloud VPS instances to VXLAN based networks.Sep 13 2024, 12:42 PM
aborrero added a comment.Sep 16 2024, 10:18 AM

additional tracking of the project happening in https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/IPv6/initial_deploy

taavi added a subtask: T377467: Decision Request - How to do the Cloud VPS VXLAN/IPv6 migration.Oct 18 2024, 5:23 PM
aborrero closed subtask T377467: Decision Request - How to do the Cloud VPS VXLAN/IPv6 migration as Resolved.Nov 6 2024, 10:41 AM
taavi added a parent task: T379175: Enable IPv6 for the Cloud VPS web proxy.Nov 6 2024, 4:57 PM
aborrero changed the status of subtask T379356: openstack: nova-fullstack: add support for IPv6 from Open to In Progress.Nov 14 2024, 1:37 PM
aborrero closed subtask T379356: openstack: nova-fullstack: add support for IPv6 as Resolved.Nov 15 2024, 11:10 AM
aborrero closed subtask T245495: CloudVPS: IPv6 in codfw1dev as Resolved.Nov 15 2024, 12:52 PM
aborrero changed the status of subtask T380054: Cloud VPS: prepare documentation on VXLAN/IPV6 migration from Open to Stalled.Nov 22 2024, 4:05 PM
aborrero added a comment.Nov 22 2024, 4:28 PM

We are targeting to announce/start the user-facing migration on 2025-01-06, see also https://wikitech.wikimedia.org/wiki/News/Cloud_VPS_VXLAN_IPv6_migration

gerritbot added a comment.Jan 17 2025, 6:23 PM

Change #1112268 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/homer/public@master] Modifications to CR BGP policy for eqiad cloud-private IPv6 aggregate

https://gerrit.wikimedia.org/r/1112268

gerritbot added a project: Patch-For-Review.Jan 17 2025, 6:23 PM
gerritbot added a comment.Jan 17 2025, 6:29 PM

Change #1112268 merged by jenkins-bot:

[operations/homer/public@master] Modifications to CR BGP policy for eqiad cloud-private IPv6 aggregate

https://gerrit.wikimedia.org/r/1112268

Maintenance_bot removed a project: Patch-For-Review.Jan 17 2025, 6:31 PM
gerritbot added a comment.Jan 17 2025, 7:31 PM

Change #1112273 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/homer/public@master] Add WMCS cloud-private eqiad ranges to private6 prefix list

https://gerrit.wikimedia.org/r/1112273

gerritbot added a project: Patch-For-Review.Jan 17 2025, 7:31 PM
gerritbot added a comment.Jan 20 2025, 11:11 AM

Change #1112273 merged by jenkins-bot:

[operations/homer/public@master] Add WMCS cloud-private eqiad ranges to private6 prefix list

https://gerrit.wikimedia.org/r/1112273

Maintenance_bot removed a project: Patch-For-Review.Jan 20 2025, 11:31 AM
gerritbot added a comment.Feb 5 2025, 1:13 PM

Change #1117538 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/homer/public@master] Add semicolon to end of prefix in cloud6 prefix list

https://gerrit.wikimedia.org/r/1117538

gerritbot added a project: Patch-For-Review.Feb 5 2025, 1:13 PM
gerritbot added a comment.Feb 5 2025, 1:58 PM

Change #1117538 merged by jenkins-bot:

[operations/homer/public@master] Add semicolon to end of prefix in cloud6 prefix list

https://gerrit.wikimedia.org/r/1117538

Maintenance_bot removed a project: Patch-For-Review.Feb 5 2025, 2:31 PM
Geertivp subscribed.Feb 14 2025, 10:09 AM
Geertivp mentioned this in T191813: Programs & Events Dashboard server maintenance log.Feb 14 2025, 10:18 AM
aborrero moved this task from Backlog to Next on the User-aborrero board.Mar 19 2025, 1:28 PM
aborrero moved this task from Next to Doing on the User-aborrero board.Mar 25 2025, 11:09 AM
aborrero mentioned this in T389942: openstack: rename lan-flat-cloudinstances2b to VLAN/legacy.Mar 25 2025, 12:45 PM
aborrero changed the status of subtask T389942: openstack: rename lan-flat-cloudinstances2b to VLAN/legacy from Open to In Progress.
aborrero closed subtask T389942: openstack: rename lan-flat-cloudinstances2b to VLAN/legacy as Resolved.Mar 26 2025, 12:18 PM
aborrero moved this task from Doing to Blocked/waiting on the User-aborrero board.Apr 4 2025, 9:43 AM
taavi added a parent task: T392506: Enable IPv6 for tools.wmflabs.org / *.toolserver.org legacy redirector service.Apr 23 2025, 3:24 PM
aborrero closed this task as Resolved.Apr 24 2025, 8:53 AM
aborrero claimed this task.
aborrero closed subtask T380174: CloudVPS: IPv6 in eqiad1 as Resolved.

It "only" took us 13 years, but it has been finally enabled.

taavi closed subtask T380081: horizon: enable the UI to select networks on VM creation panel as Resolved.Apr 24 2025, 1:20 PM
taavi changed the status of subtask T380054: Cloud VPS: prepare documentation on VXLAN/IPV6 migration from Stalled to Open.
gerritbot added a comment.Apr 24 2025, 1:31 PM

Change #1138758 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/dns@master] Update GeoIP maps for new WMCS ranges

https://gerrit.wikimedia.org/r/1138758

gerritbot added a project: Patch-For-Review.Apr 24 2025, 1:31 PM
gerritbot added a comment.Apr 24 2025, 1:40 PM

Change #1138758 merged by Majavah:

[operations/dns@master] Update GeoIP maps for new WMCS ranges

https://gerrit.wikimedia.org/r/1138758

Maintenance_bot removed a project: Patch-For-Review.Apr 24 2025, 2:30 PM
taavi closed subtask T392611: VMs with ferm host-level firewall do not permit DHCPv6 responses as Resolved.Apr 24 2025, 4:21 PM
bd808 awarded a token.Apr 24 2025, 11:47 PM
Stang unsubscribed.Apr 28 2025, 4:33 AM
taavi closed subtask T392570: metricsinfra: Support scraping v6-enabled instances as Resolved.Apr 29 2025, 7:20 AM
nshahquinn-wmf awarded a token.May 6 2025, 8:43 PM
aborrero closed subtask T380054: Cloud VPS: prepare documentation on VXLAN/IPV6 migration as Resolved.May 16 2025, 2:22 PM
JAllemandou closed subtask T392468: Add new WMCS IP ranges to analytics as Resolved.Thu, Jun 12, 7:49 AM
jberkel unsubscribed.Thu, Jun 12, 8:15 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits