⚓ T380174 CloudVPS: IPv6 in eqiad1

Subject	Repo	Branch	Lines +/-
cloudgw: cleanup pre-IPv6 settings	operations/puppet	production	+3 -13
P:dns: Update discovery-map for new WMCS addresses	operations/puppet	production	+36 -34
openstack: networktests: cleanup and simplify	operations/puppet	production	+30 -127
hieradata: Enable wmcs_nova_fixed_ptr in eqiad1	operations/puppet	production	+1 -1
hieradata: Set eqiad1 domain_id_internal_reverse_v6	operations/puppet	production	+2 -2
openstack: eqiad1: networktests: fix typos	operations/puppet	production	+3 -3
network: Update new WMCS IPv6 ranges	operations/puppet	production	+6 -0
cloudgw: enable NAT for additional VXLAN subnets	operations/puppet	production	+7 -1
cloudgw: use rack-specific default IPv6 routes	operations/puppet	production	+2 -1
cloudgw: update wan VIP	operations/puppet	production	+1 -1
cloudgw: fix IPv6 range on VIPs	operations/puppet	production	+2 -2
cloudgw: enable IPv6	operations/puppet	production	+19 -0
openstack: networktests: refresh FQDN of the neutron virtual router	operations/puppet	production	+1 -1
Add reverse for new IPv6 range assigned by cloud services	operations/dns	master	+8 -0

Status	Assigned	Task
Open	None	T53494 Use Beta cluster as a true canary for code deployments (epic)
Declined	None	T87220 Minimize infrastructure differences between Beta Cluster and production
Open	None	T211677 Support IPv6 in beta
Open	None	T404466 Support IPv6-only VMs
Open	None	T392688 Enable IPv6 on Cloud VPS infrastructure services
Resolved	taavi	T379175 Enable IPv6 for the Cloud VPS web proxy
Open	None	T270694 CloudVPS: introduce tenant networks
Resolved	• aborrero	T364725 Migrate Cloud VPS instances to VXLAN based networks
Open	None	T392509 Enable IPv6 for Toolforge services
Resolved	taavi	T392506 Enable IPv6 for tools.wmflabs.org / *.toolserver.org legacy redirector service
Resolved	taavi	T211575 Enable IPv6 on toolforge.org
Open	None	T220306 Add IPv6 monitoring
Resolved	• aborrero	T37947 Enable IPv6 on CloudVPS
Resolved	• aborrero	T380174 CloudVPS: IPv6 in eqiad1
Resolved	• aborrero	T380703 versions.toolforge.org is down
Resolved	• aborrero	T380728 openstack: network problems when introducing new networks
Resolved	cmooney	T389958 WMCS Eqiad: Enable IPv6 in cloud vrf on switches
Resolved	• aborrero	T390877 HAProxyServiceUnavailable
Resolved	• aborrero	T391043 CephClusterInError #page Ceph cluster in eqiad is in error status
Resolved	• aborrero	T391040 CloudVirtDown Cloudvirt node cloudvirt1063 is down. #page
Resolved	• aborrero	T391039 CephSlowOps Ceph cluster in eqiad has 486 slow ops
Resolved	• aborrero	T391325 openstack: improve networktests for newer network setup
Resolved	fnegri	T391467 gitlab ci: validate secrets settings in pipeline for tofu integration
Resolved	cmooney	T380746 dns: add PTR support for 2a02:ec80:a000::
Resolved	taavi	T386689 Add new WMCS IPv6 ranges to MediaWiki configuration where required
Resolved	cmooney	T388379 ProbeDown

• aborrero changed the status of subtask T380728: openstack: network problems when introducing new networks from Open to In Progress.Nov 25 2024, 11:47 AM

Change #1097397 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/dns@master] Add reverse for new IPv6 range assigned by cloud services

https://gerrit.wikimedia.org/r/1097397

gerritbot added a project: Patch-For-Review.Nov 25 2024, 2:33 PM

Change #1097397 merged by Cathal Mooney:

[operations/dns@master] Add reverse for new IPv6 range assigned by cloud services

https://gerrit.wikimedia.org/r/1097397

Maintenance_bot removed a project: Patch-For-Review.Nov 25 2024, 3:32 PM

• aborrero moved this task from Doing to Next on the User-aborrero board.Feb 4 2025, 4:44 PM

taavi moved this task from Unsorted to Network on the Cloud-VPS board.Feb 8 2025, 9:37 AM

Geertivp subscribed.Feb 14 2025, 4:12 PM

Given we have a theory for why T380728: openstack: network problems when introducing new networks happened, we (@cmooney and me) are trying to target end of March for a rollout of this.

• aborrero changed the status of subtask T380728: openstack: network problems when introducing new networks from In Progress to Open.Mar 4 2025, 11:25 AM

• aborrero added a subtask: T388379: ProbeDown .Mar 10 2025, 2:10 PM

• aborrero moved this task from Next to Doing on the User-aborrero board.Mar 19 2025, 1:18 PM

taavi closed subtask T388379: ProbeDown as Resolved.Mar 20 2025, 9:11 AM

• aborrero moved this task from Doing to Blocked/waiting on the User-aborrero board.Apr 4 2025, 9:43 AM

• aborrero moved this task from Blocked/waiting to Doing on the User-aborrero board.Apr 15 2025, 12:51 PM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/197

eqiad1: refresh FQDN for neutron virtual router

Change #1136719 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] openstack: networktests: refresh FQDN of the neutron virtual router

https://gerrit.wikimedia.org/r/1136719

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/197

eqiad1: refresh FQDN for neutron virtual router

Change #1136719 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] openstack: networktests: refresh FQDN of the neutron virtual router

https://gerrit.wikimedia.org/r/1136719

Maintenance_bot removed a project: Patch-For-Review.Apr 16 2025, 9:30 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/198

eqiad1: introduce VXLAN/IPv4-only settings

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/198

eqiad1: introduce VXLAN/IPv4-only settings

Maintenance_bot removed a project: Patch-For-Review.Apr 16 2025, 12:31 PM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/204

eqiad1: enable VXLAN/dualstack network

• aborrero closed subtask T380728: openstack: network problems when introducing new networks as Resolved.Apr 21 2025, 11:12 AM

merging https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/204 has been scheduled for 2025-04-23 @ 09:30 UTC.

Change #1137793 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: enable IPv6

https://gerrit.wikimedia.org/r/1137793

we need to allocate this in netbox:

2a02:ec80:a000:fe04::1003:1 (cloudgw1003 virt leg)
2a02:ec80:a000:fe03::1003:1 (cloudgw1003 wan leg)
2a02:ec80:a000:fe04::1004:1 (cloudgw1004 virt leg)
2a02:ec80:a000:fe03::1004:1 (cloudgw1004 wan leg)
2a02:ec80:a100:fe04::1:1 (cloudgw VIP virt leg)
2a02:ec80:a100:fe03::2 (cloudgw VIP wan leg)

Change #1137793 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: enable IPv6

https://gerrit.wikimedia.org/r/1137793

Host rebooted by aborrero@cumin1002 with reason: enable IPv6

Mentioned in SAL (#wikimedia-cloud) [2025-04-23T09:14:25Z] <arturo> enable IPv6 on cloudgw (T380174) -- includes server reboot

Host rebooted by aborrero@cumin1002 with reason: enable IPv6

Change #1138297 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: fix IPv6 range on VIPs

https://gerrit.wikimedia.org/r/1138297

Change #1138297 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: fix IPv6 range on VIPs

https://gerrit.wikimedia.org/r/1138297

Change #1138304 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: update wan VIP

https://gerrit.wikimedia.org/r/1138304

Change #1138304 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: update wan VIP

https://gerrit.wikimedia.org/r/1138304

Change #1138306 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: use rack-specific default IPv6 routes

https://gerrit.wikimedia.org/r/1138306

Change #1138306 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: use rack-specific default IPv6 routes

https://gerrit.wikimedia.org/r/1138306

Host rebooted by aborrero@cumin1002 with reason: enable IPv6

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/204

eqiad1: enable VXLAN/dualstack network

Maintenance_bot removed a project: Patch-For-Review.Apr 23 2025, 10:30 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/208

eqiad1: network: add VXLAN/dualstack

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/208

eqiad1: network: add VXLAN/dualstack

Maintenance_bot removed a project: Patch-For-Review.Apr 23 2025, 11:30 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/209

eqiad1: subnets: introduce vxlan-dualstack-ipv4

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/209

eqiad1: subnets: introduce vxlan-dualstack-ipv4

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/210

eqiad1: subnets: introduce vxlan-dualstack-ipv6

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/210

eqiad1: subnets: introduce vxlan-dualstack-ipv6

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/211

eqiad1: routers: introduce vxlan-dualstack-ipv6

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/211

eqiad1: routers: introduce vxlan-dualstack-ipv6

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/212

eqiad1: ports: introduce cloudinstances2b-gw-dualstack

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/212

eqiad1: ports: introduce cloudinstances2b-gw-dualstack

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/213

eqiad1: ports: introduce cloudinstances2b-gw-dualstack-v6

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/213

eqiad1: ports: introduce cloudinstances2b-gw-dualstack-v6

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/214

eqiad1: router_intercaces: introduce cloudinstances2b-gw-dualstack

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/214

eqiad1: router_intercaces: introduce cloudinstances2b-gw-dualstack

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/215

eqiad1: router_intercaces: introduce cloudinstances2b-gw-dualstack-v6

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/215

eqiad1: router_intercaces: introduce cloudinstances2b-gw-dualstack-v6

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/216

eqiad1: dns: add records for new neutron router addresses

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/216

eqiad1: dns: add records for new neutron router addresses

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/networktests-tofu-provisioning/-/merge_requests/16

networktests: create dualstack infra in both deployments

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/networktests-tofu-provisioning/-/merge_requests/16

networktests: create dualstack infra in both deployments

we discovered that when enabling https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/commit/1a85f66e47b615f16e9dc492d823c313c0bdf086 on the neutron router, it would magically reset the enable_snat bit on the openstack API. This resulted in the whole network not working.

Thanks to opentofu, this was detected in the diff of the next patch, and corrected with a simple tofu apply.

Thanks @taavi for spotting it.

Change #1138336 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: enable NAT for additional VXLAN subnets

https://gerrit.wikimedia.org/r/1138336

Change #1138336 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: enable NAT for additional VXLAN subnets

https://gerrit.wikimedia.org/r/1138336

Maintenance_bot removed a project: Patch-For-Review.Apr 23 2025, 12:31 PM

Host rebooted by aborrero@cumin1002 with reason: enable IPv6

Change #1138339 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] network: Update new WMCS IPv6 ranges

https://gerrit.wikimedia.org/r/1138339

gerritbot added a project: Patch-For-Review.Apr 23 2025, 12:38 PM

Change #1138342 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:dns: Update discovery-map for new WMCS addresses

https://gerrit.wikimedia.org/r/1138342

Change #1138339 merged by Majavah:

[operations/puppet@production] network: Update new WMCS IPv6 ranges

https://gerrit.wikimedia.org/r/1138339

Host rebooted by aborrero@cumin1002 with reason: enable IPv6

Change #1138353 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] openstack: eqiad1: networktests: fix typos

https://gerrit.wikimedia.org/r/1138353

Change #1138353 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] openstack: eqiad1: networktests: fix typos

https://gerrit.wikimedia.org/r/1138353

Change #1138356 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] hieradata: Set eqiad1 domain_id_internal_reverse_v6

https://gerrit.wikimedia.org/r/1138356

Change #1138356 merged by Majavah:

[operations/puppet@production] hieradata: Set eqiad1 domain_id_internal_reverse_v6

https://gerrit.wikimedia.org/r/1138356

Change #1138371 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] hieradata: Enable wmcs_nova_fixed_ptr in eqiad1

https://gerrit.wikimedia.org/r/1138371

Change #1138371 merged by Majavah:

[operations/puppet@production] hieradata: Enable wmcs_nova_fixed_ptr in eqiad1

https://gerrit.wikimedia.org/r/1138371

Mentioned in SAL (#wikimedia-cloud) [2025-04-23T14:27:11Z] <arturo> enabling IPv6 dualstack on neutron virtual router (T380174)

taavi closed subtask T380746: dns: add PTR support for 2a02:ec80:a000:: as Resolved.Apr 23 2025, 4:18 PM

IPv6 is up and running.

Change #1138718 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] openstack: networktests: cleanup and simplify

https://gerrit.wikimedia.org/r/1138718

Change #1138718 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] openstack: networktests: cleanup and simplify

https://gerrit.wikimedia.org/r/1138718

Change #1138743 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: cleanup pre-IPv6 settings

https://gerrit.wikimedia.org/r/1138743

Change #1138342 merged by Majavah:

[operations/puppet@production] P:dns: Update discovery-map for new WMCS addresses

https://gerrit.wikimedia.org/r/1138342

Change #1138743 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: cleanup pre-IPv6 settings

https://gerrit.wikimedia.org/r/1138743

Maintenance_bot removed a project: Patch-For-Review.Apr 25 2025, 12:30 PM

jberkel unsubscribed.Apr 25 2025, 1:08 PM

taavi closed subtask T386689: Add new WMCS IPv6 ranges to MediaWiki configuration where required as Resolved.Apr 28 2025, 8:49 AM

Stang unsubscribed.May 2 2025, 4:33 AM

CloudVPS: IPv6 in eqiad1
Closed, ResolvedPublic
Actions

Description

Details

Related Objects
Search...

Event Timeline

CloudVPS: IPv6 in eqiad1Closed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

CloudVPS: IPv6 in eqiad1
Closed, ResolvedPublic
Actions

Related Objects
Search...