Skip to content

Implement support for IPv6 networking in tasks #8801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Feb 25, 2024
Merged

Implement support for IPv6 networking in tasks #8801

merged 8 commits into from
Feb 25, 2024

Conversation

Qjammer
Copy link
Contributor

@Qjammer Qjammer commented Aug 28, 2023
edited by taylorsilva
Loading

Changes proposed by this PR

closes #5919

  • CLI option (--containerd-v6-enable) to enable ipv6 in tasks
  • CLI option (--containerd-v6-pool) to configure subnet from which containers get their address
  • CLI option (--containerd-v6-disable-masquerade) to disable masquerading of ipv6 connections using the worker address

Release Note

  • Add IPv6 networking support to tasks - There's now a CONCOURSE_CONTAINERD_V6_ENABLE/--containerd-v6-enable config option on the concourse worker command to enable IPv6 support in containerd containers. There are two IPv6 config's you can change. --containerd-v6-pool to specify the IPv6 subnet to use. Default subnet is fd9c:31a6:c759::/64. --containerd-v6-disable-masquerade to disable IPMasq, which is on by default if you use IPv6.

@Qjammer Qjammer requested a review from a team as a code owner August 28, 2023 21:21
@taylorsilva taylorsilva self-assigned this Sep 12, 2023
@taylorsilva
Copy link
Member

Triggering the unit tests again. Was some weird "data race" error.

@taylorsilva
Copy link
Member

CNI networking test is failing:

=== RUN   TestSuite/TestNewCNINetworkWithInvalidConfigDoesntFail

    suite.go:87: test panicked: runtime error: invalid memory address or nil pointer dereference

        goroutine 110 [running]:

        runtime/debug.Stack()

        	runtime/debug/stack.go:24 +0x67

        github.com/stretchr/testify/suite.failOnPanic(0xc00014ab60, {0x17ed520, 0x2162ec0})

        	github.com/stretchr/testify@v1.8.2/suite/suite.go:87 +0x3a

        github.com/stretchr/testify/suite.Run.func1.1()

        	github.com/stretchr/testify@v1.8.2/suite/suite.go:183 +0x345

        panic({0x17ed520?, 0x2162ec0?})

        	runtime/panic.go:920 +0x270

        github.com/concourse/concourse/worker/runtime.CNINetworkConfig.ToJSONv4({{0x0, 0x0}, {0x0, 0x0}, 0x0, {{0x1920735, 0xd}}, {0x0, {0x0, 0x0}, ...}})

        	github.com/concourse/concourse/worker/runtime/cni_network.go:147 +0x6f

        github.com/concourse/concourse/worker/runtime.NewCNINetwork({0xc0000af2d0, 0x3, 0xc00014c000?})

        	github.com/concourse/concourse/worker/runtime/cni_network.go:337 +0x4c5

        github.com/concourse/concourse/worker/runtime_test.(*CNINetworkSuite).TestNewCNINetworkWithInvalidConfigDoesntFail(0xc000294cb0)

        	github.com/concourse/concourse/worker/runtime/cni_network_test.go:51 +0x176

        reflect.Value.call({0xc00049b240?, 0xc00005f370?, 0x13?}, {0x1917d9f, 0x4}, {0xc0000afda8, 0x1, 0x1?})

        	reflect/value.go:596 +0x14a5

        reflect.Value.Call({0xc00049b240?, 0xc00005f370?, 0xc000294cb0?}, {0xc0002f6da8, 0x1, 0x1})

        	reflect/value.go:380 +0xb6

        github.com/stretchr/testify/suite.Run.func1(0xc00014ab60)

        	github.com/stretchr/testify@v1.8.2/suite/suite.go:197 +0x685

        testing.tRunner(0xc00014ab60, 0xc0001d6870)

        	testing/testing.go:1595 +0x239

        created by testing.(*T).Run in goroutine 6

        	testing/testing.go:1648 +0x82b

Looks like this is the failing test:

concourse/worker/runtime/cni_network_test.go

Line 47 in de5cd81

func (s *CNINetworkSuite) TestNewCNINetworkWithInvalidConfigDoesntFail() {

@Qjammer
Enable ipv6 in docker-compose
2255bbd 
Signed-off-by: Ramiro Balado <baladoramiro+github@gmail.com>
@Qjammer
Make subnet smaller
830961c 
Signed-off-by: Ramiro Balado <baladoramiro+github@gmail.com>
@Qjammer
Basics of IPv6 done
e401f93 
Signed-off-by: Ramiro Balado <baladoramiro+github@gmail.com>
@Qjammer
Reorder to avoid weird error
145acc7 
Signed-off-by: Ramiro Balado <baladoramiro+github@gmail.com>
@Qjammer
Default to disabled ipv6
1e29379 
Signed-off-by: Ramiro Balado <baladoramiro+github@gmail.com>
@Qjammer
Remove unused comments
daf20c6 
Signed-off-by: Ramiro Balado <baladoramiro+github@gmail.com>
@Qjammer
Fall back to defaults if parsing fails
5315d77 
Signed-off-by: Ramiro Balado <baladoramiro+github@gmail.com>
@taylorsilva
Copy link
Member

Thanks for fixing the tests! Will review soon

taylorsilva
taylorsilva reviewed Feb 25, 2024
View reviewed changes
Copy link
Member

@taylorsilva taylorsilva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking good to me. I tested this by running a task that would run ip addr so I could see the networking setup inside the container.

With IPv6 enabled I got this, which shows an eth2 interface running IPv6:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo
       valid_lft forever preferred_lft forever
2: eth2@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether b6:07:74:53:07:23 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fd9c:31a6:c759::4/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::b407:74ff:fe53:723/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
3: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 26:24:9f:17:af:35 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.80.0.4/16 brd 10.80.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::2424:9fff:fe17:af35/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

And without IPv6 enabled I saw what we are used to seeing, only one veth for IPv4:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo
       valid_lft forever preferred_lft forever
2: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 76:ae:2d:1c:67:6a brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.80.0.18/16 brd 10.80.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::74ae:2dff:fe1c:676a/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

@taylorsilva
Copy link
Member

Added a release note to OP

@taylorsilva
nit: run go fmt and convert vars to camel-case
eb5f16c 
Signed-off-by: Taylor Silva <dev@taydev.net>
@taylorsilva
Copy link
Member

Added a commit just to fix some style related stuff. This PR seems fine as-is to me. It appears to work as described and does not break existing setups that only use IPv4.

Once CI is done running I'll merge.

Sorry it took so long for me to get around to this PR btw @Qjammer. I've been busy with work and finally found some weekend time to look at this.

@taylorsilva taylorsilva merged commit e286d25 into concourse:master Feb 25, 2024
@taylorsilva
Copy link
Member

I'll make PR's to add these env vars to the bosh and helm chart

taylorsilva added a commit to concourse/concourse-chart that referenced this pull request Feb 25, 2024
@taylorsilva
add containerd IPv6 env vars
8743cf6 
From concourse/concourse#8801

Signed-off-by: Taylor Silva <dev@taydev.net>
@taylorsilva taylorsilva mentioned this pull request Feb 25, 2024
Merged
6 tasks
taylorsilva added a commit to concourse/concourse-bosh-release that referenced this pull request Feb 26, 2024
@taylorsilva
add ipv6 flags
f10dc15 
from concourse/concourse#8801

Signed-off-by: Taylor Silva <dev@taydev.net>
@taylorsilva taylorsilva mentioned this pull request Feb 26, 2024
Merged
@Qjammer Qjammer deleted the ipv6_support branch February 26, 2024 13:49
@xtremerui xtremerui added this to the v7.12.0 milestone Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylorsilva taylorsilva taylorsilva approved these changes

Assignees

@taylorsilva taylorsilva

Labels
enhancement
Projects
None yet
Milestone
v7.12.0
Development

Successfully merging this pull request may close these issues.
3 participants
@Qjammer @taylorsilva @xtremerui