Merge pull request #1554 from aravindhp/release-4.10-win2022-disable-…

…ipv6 [release-4.10] OCPBUGS-11898: Disable IPv6 on Windows 2022
openshift · Apr 19, 2023 · 1d41080 · 1d41080
2 parents 87eccad + 8935ede
commit 1d41080
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 11 deletions.
diff --git a/docs/vsphere_ci/README.md b/docs/vsphere_ci/README.md
@@ -30,14 +30,16 @@ Please ensure the `scripts` directory is present in the location where you are
 running Packer from and has the following files:
 
     - authorized_keys
-    - install-vm-tools.cmd
     - configure-vm-tools.ps1
-    - install-openssh.ps1
+    - disable-ipv6.ps1
     - install-docker.ps1
     - install-firewall-rules.ps1
+    - install-openssh.ps1
     - install-updates.ps1
+    - install-vm-tools.cmd
+    - rename-computer.ps1
 
-In addition the `answer-file` directory is present at the same level as the `scripts` directory and has the following
+In addition, the `answer-file` directory is present at the same level as the `scripts` directory and has the following
 files:
 
     - autounattend.xml
@@ -49,20 +51,22 @@ deploying WMCO, this private key will be provided by the user in the form of a S
 
 The [autounattend.xml](scripts/autounattend.xml) file automates the Windows installation and  must be edited to update the
 value of `WindowsPassword` with a user provided password. autounattend.xml specifies that the following steps should
-occur after the basic install:
+occur after the basic installation:
 
 - Runs `install-vm-tools.cmd` script which installs VMWare tools
 - Runs `configure-vm-tools.ps1` script which configures VMWare tools
 - Runs `install-openssh.ps1` script which installs and configures OpenSSH Server
 - Runs `install-docker.ps1` script which installs Docker
 
-Packer takes over after after the initial install and runs [provisioners](https://www.packer.io/docs/provisioners) that
+Packer takes over after the initial install and runs [provisioners](https://www.packer.io/docs/provisioners) that
 performs the following:
-- Runs `install-firewall-rules.ps1` script which configures the firewall rules
-- Runs `install-updates.ps1` script which installs the latest updates
+- Creates `C:\rename-computer.ps1` that will randomize the hostname on first boot
+- Runs `install-firewall-rules.ps1` to configure the firewall rules
+- Runs `install-updates.ps1` to install the latest updates
 - Reboot to apply the updates
-- Runs `install-updates.ps1` script again to ensure we are installing all updates as some Windows updates requires
+- Runs `install-updates.ps1` again to ensure we are installing all updates as some Windows updates requires
   reboots
+- Runs `disable-ipv6.ps1` to disable IPv6 at the OS level
 - Reboot again to apply the updates
 - Pauses to wait for the VM to coalesce
 

diff --git a/docs/vsphere_ci/scripts/disable-ipv6.ps1 b/docs/vsphere_ci/scripts/disable-ipv6.ps1
@@ -0,0 +1,2 @@
+# Reference: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows
+New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ -Name DisabledComponents -PropertyType DWord -Value 0xFF -Force
diff --git a/docs/vsphere_ci/windows-server-2022.pkr.hcl b/docs/vsphere_ci/windows-server-2022.pkr.hcl
@@ -134,12 +134,19 @@ build {
     script            = "scripts/install-updates.ps1"
   }
 
+  # Disable IPv6
+  provisioner "powershell" {
+    elevated_password = "${var.vm-elevated-password}"
+    elevated_user     = "${var.vm-elevated-user}"
+    script            = "scripts/disable-ipv6.ps1"
+  }
+
   # Restart again to apply the updates
   provisioner "windows-restart" {
     restart_timeout = "1h"
   }
 
-  # Pause to allow Windows to coalesce and executy a dummy command
+  # Pause to allow Windows to coalesce and execute a dummy command
   provisioner "powershell" {
     elevated_password = "${var.vm-elevated-password}"
     elevated_user     = "${var.vm-elevated-user}"

diff --git a/hack/machineset.sh b/hack/machineset.sh
@@ -185,7 +185,7 @@ get_vsphere_ms() {
 
   # set golden image template name
   # TODO: read from parameter
-  template="windows-golden-images/windows-server-2022-template-withDocker"
+  template="windows-golden-images/windows-server-2022-template-ipv6-disabled-with-docker"
 
   # TODO: Reduce the number of API calls, make just one call
   #       to `oc get machines` and pass the data around. This is the

diff --git a/test/e2e/providers/vsphere/vsphere.go b/test/e2e/providers/vsphere/vsphere.go
@@ -47,7 +47,7 @@ func (p *Provider) newVSphereMachineProviderSpec(clusterID string) (*mapi.VSpher
 	// defined in the job spec.
 	vmTemplate := os.Getenv("VM_TEMPLATE")
 	if vmTemplate == "" {
-		vmTemplate = "windows-golden-images/windows-server-2022-template-with-docker"
+		vmTemplate = "windows-golden-images/windows-server-2022-template-ipv6-disabled-with-docker"
 	}
 
 	log.Printf("creating machineset based on template %s\n", vmTemplate)