In this post, I’ll discuss the deployment of IPv6-only Neutron networks for tenant use. A few things to note about IPv6-only instances:
- IPv6-only works out-of-the-box for basic IP connectivity with OpenStack but you are hosed on the metadata service
- Many people deploy dual stack in order to overcome the metadata issue
- The metadata service only supports IPv4
- An old wish list bug has long expired: https://bugs.launchpad.net/neutron/+bug/1460177
- Workarounds:
- Build all/most of what you want inside the image itself
- Use config-drive
I’m going to use a very basic “config-drive” example here to show how important stuff (metadata) can be injected into an IPv6-only instance. If you don’t know much about config-drive, Red Hat has a reasonable write-up on it. There is tons of info on it; just search. Also, I’m working from the topology of previous blog posts such as my last one on provider networks. I won’t be going over the topology and OpenStack setup here.
In this example, I have a file called “user_data.yaml” (no dependency on the actual file name). There is not much in it; I have a FQDN defined and a key. The only thing I am testing here is whether or not the defined FQDN (v6onlyinstance.example.com) appears in the instance at boot. Here is the output:
[root@c7-os-1]# cat user_data.yaml
#cloud-config
fqdn: v6onlyinstance.example.com
users:
- name: cloud-user
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4W4RPlOBiY14iJwW9kd3Chys5bUBjy2VKJkFa5az8JHcVvOh3LO5BHdhc6WryT+blmx9LKGyVSc0rfzSEAfQ91dXJCHuhl5BNk9pLibs3oe8s/1r/vjtxQopKIIGN3PYuisvpZVLeP1kRhddIdLvuZcQm82L4VPUAOzLqbFdhsu/Y2lU5WyiTiI5VNJwwbzzc67BFHz2ov2bdBgCfFWyUQMikiyIrAv5hVcqADv7XAqY4P5sJaOaHAcNcCfMtY8RbtEMSIyw8fey1erY4ZiknTAn/eU52mc18l9xR4CwI9wYqYdpVyiNULRWH9opK30dqhhthgElzCax+WqmxMXGP [email protected]
Now, I boot an instance, enable “config-drive” and point to the “user_data.yaml” file. The instance is set to use a Neutron network that I previously added that has an IPv6 prefix setup (no IPv4):
nova boot --flavor m1.small --image rh7-stateless --key-name new-aio-key --security-groups default --nic net-name=external-net rhv6-only-drive --config-drive true --user-data user_data.yaml
Notice that in the “nova list” output below, the name of the instance is “rhv6-only-drive” (based on me naming it that in the “nova boot” command):
[root@c7-os-1 ~]# nova list
+--------------------------------------+-----------------+--------+------------+-------------+---------------------------------------------------
| ID | Name | Status | Task State | Power State | Networks
+--------------------------------------+-----------------+--------+------------+-------------+---------------------------------------------------
| 2244a346-a34b-4ab6-905f-71dc207a92e6 | rhv6-only-drive | ACTIVE | - | Running | external-net=2001:db8:cafe:16:f816:3eff:feec:3c59
+--------------------------------------+-----------------+--------+------------+-------------+---------------------------------------------------
Login to the instance (notice that I don’t have to mess with no stinking floating IPs or “ip netns” nonsense! No NAT FTW! ? ):
ssh cloud-user@2001:db8:cafe:16:f816:3eff:feec:3c59
Notice that the hostname is what I set in the “FQDN line” of the “user_data.yaml” file and that the instance only has an IPv6 address. Also, the instance has the domain name “example.com” from the FQDN in the yaml file and a “nameserver” is set (the instance is using Stateless DHCPv6):
[cloud-user@v6onlyinstance ~]$ ip a
. . .
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:ec:3c:59 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8:cafe:16:f816:3eff:feec:3c59/64 scope global dynamic
valid_lft 2591952sec preferred_lft 604752sec
inet6 fe80::f816:3eff:feec:3c59/64 scope link
valid_lft forever preferred_lft forever
[cloud-user@v6onlyinstance ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search openstacklocal. example.com
nameserver 2001:db8:cafe:a::e
[cloud-user@v6onlyinstance ~]$ cat /etc/hostname
v6onlyinstance.example.com
Go ahead, give it a try. You might like IPv6-only. ?
This post first appeared on the Shannon McFarland’s blog. Superuser is always interested in community content, email: [email protected].
// CC BY
- Deploying IPv6-only tenants with OpenStack - January 20, 2017