kubevirt: Support static gateway and DNS with DHCP

[qinqon]

Support configuring static gateway routes and DNS servers on DHCP-enabled
interfaces in KubeVirt. This allows mixed configurations where IP addresses
are obtained via DHCP but routing and DNS are statically configured.

Changes:

• ConfigDrive: Always process routes on DHCP network types (ipv4_dhcp/ipv6_dhcp)
  per the OpenStack schema — no custom fields needed
• NoCloud v1: Support both destination (CIDR) and network/netmask route formats;
  put routes/DNS directly on dhcp subnets; skip legacy gateway when explicit routes exist
• NoCloud v2: Parse dhcp-overrides for schema compatibility; routes and nameservers
  always emitted when defined
• Schema validation: Add test-time validation of all fixtures against upstream JSON
  schemas from OpenStack Ironic
  and cloud-init
• Fixture fixes: Add required fields (ethernet_mac_address, network_id, name),
  move v2 nameservers to per-interface, remove non-standard fields

[gemini-code-assist]

Code Review

This pull request adds support for configuring static gateways and DNS on DHCP-enabled interfaces in KubeVirt, which is a valuable feature for mixed network configurations. The implementation correctly handles this for both ConfigDrive and NoCloud data sources. The changes are well-tested with new test cases for various formats. My review focuses on improving code maintainability by addressing significant code duplication in both the network configuration logic and the newly added tests. By refactoring these areas, the code will be cleaner and easier to manage in the future.

[gemini-code-assist]

The logic for adding a static gateway for DHCP is duplicated for IPv4 (lines 312-319) and IPv6 (lines 327-334). This code can be refactored to reduce redundancy and improve maintainability.

For example, you could extract the common logic into a closure or a private helper method. The only difference is the destination network string ("0.0.0.0/0" vs "::/0"), which can be passed as an argument or determined based on a flag.

This will make the code cleaner and easier to modify in the future.

[gemini-code-assist]

These three new test functions (test_dhcp_with_static_gateway_and_dns, test_dhcp_with_static_gateway_and_dns_nocloud_v1, and test_dhcp_with_static_gateway_and_dns_nocloud_v2) are almost identical and contain a lot of duplicated assertion logic.

To improve maintainability and reduce code duplication, consider creating a single helper function that takes a &KubeVirtCloudConfig and performs all the common assertions. Each test would then just be responsible for setting up its specific configuration and calling this shared helper.

Example of a shared assertion function signature:

fn assert_dhcp_with_static_gw_and_dns(config: &KubeVirtCloudConfig) {
    // All the common assertion logic goes here
}

This would make the test suite much cleaner and easier to manage.

[prestist]

One small question, otherwise it LGTM from my perspective.

@travier would you mind also taking a look as well :)

[prestist]

Hmm so really accept_dhcp_option is IPv4 limited right? Is this a technical difference or intentional absence of functionality for ipv6

[qinqon]

Good catch — accept_dhcp_option was actually an invented field that doesn't exist in the OpenStack network_data.json schema. I've removed it in the latest force-push.

The OpenStack schema already allows routes on ipv4_dhcp/ipv6_dhcp network types, so the presence of routes on a DHCP network entry is sufficient signal to configure them statically — no custom field needed.

I also added test-time schema validation (using the upstream JSON schemas from Ironic and cloud-init) to catch this kind of deviation going forward. The fixtures have been fixed to comply with the upstream schemas as well.

[qinqon]

/gemini review

[gemini-code-assist]

Code Review

This pull request adds support for static gateway and DNS configuration on DHCP-enabled interfaces in KubeVirt. The changes are well-implemented across ConfigDrive and NoCloud providers, and include new schema validation for test fixtures. I have two suggestions for improvement: one to enhance route parsing consistency in nocloud.rs, and another to refactor duplicated test code in tests.rs for better maintainability.

[gemini-code-assist]

The route parsing logic for netmask when used with network only attempts to parse it as an IP address. For consistency with other parts of the codebase (e.g., static IP netmask parsing in this file, and route parsing in configdrive.rs), it should also support parsing the netmask as a prefix length.

Suggested change

	if let Some(netmask) = &route.netmask {
	let netmask_addr = IpAddr::from_str(netmask)?;
	IpNetwork::with_netmask(network_addr, netmask_addr)?
	} else {
	return Err(anyhow::anyhow!(
	"Invalid netmask format: {}. Expected IP address or prefix length.",
	netmask
	"Route with 'network' field requires 'netmask'"
	));
	};
	iface.ip_addresses.push(ip_network);
	}
	if let Some(netmask) = &route.netmask {
	if let Ok(netmask_addr) = IpAddr::from_str(netmask) {
	IpNetwork::with_netmask(network_addr, netmask_addr)?
	} else if let Ok(prefix_len) = netmask.parse::<u8>() {
	IpNetwork::new(network_addr, prefix_len)?
	} else {
	return Err(anyhow::anyhow!(
	"Invalid netmask format for route: {}. Expected IP address or prefix length.",
	netmask
	));
	}
	} else {
	return Err(anyhow::anyhow!(
	"Route with 'network' field requires 'netmask'"
	));
	}

[gemini-code-assist]

These three tests (test_dhcp_with_static_gateway_and_dns, test_dhcp_with_static_gateway_and_dns_nocloud_v1, test_dhcp_with_static_gateway_and_dns_nocloud_v2) contain a large amount of duplicated code. To improve maintainability, consider extracting the common test logic into a helper function. This function could take the fixture path and network configuration format as parameters. For example:

fn run_dhcp_static_gw_dns_test(fixture_path: &str, format: NetworkConfigurationFormat) {
    // ... common test logic ...
}

#[test]
fn test_dhcp_with_static_gateway_and_dns() {
    run_dhcp_static_gw_dns_test(
        "./tests/fixtures/kubevirt/dhcp_static_gw_dns",
        NetworkConfigurationFormat::ConfigDrive,
    );
}

// ... other tests ...

[travier]

Can you split the IBM parts into another PR or at least another commit? Thanks

[travier]

Can you split this into another commit? Is this needed for this PR?

[qinqon]

Not needed, this is from and old version where I used the rust crate to validate fixtures, but that got simplified by just using a python strict that validate fixtures before using them on tests at the Makefile.

[qinqon]

Not needed, this is from and old version where I used the rust crate to validate fixtures, but that got simplified by just using a python strict that validate fixtures before using them on tests at the Makefile.

[qinqon]

Can you split the IBM parts into another PR or at least another commit? Thanks

@travier I will put the IBM part at different commit, the important part though if we don't change production code related to that is just the test itself.

[prestist]

The v1 parser guarded against duplicates, when both gateway and explicit routs are set. But in the v2 I don't think we are? I don't think that this could cause issues in runtime but might make sense to fix?

[qinqon]

The v1 parser guarded against duplicates, when both gateway and explicit routs are set. But in the v2 I don't think we are? I don't think that this could cause issues in runtime but might make sense to fix?

Right, in fact we are missing a pair of fixtures to test that

[qinqon]

I have also found that for ipv6 dracut mandates brackets around IPs/routes since ":" is already the dracut separator.

[qinqon]

(pushed):

• prevent duplicate default geteway for v2 when both route and gateway is configured
• fix ipv6, at dracut it need to use brackets, since brakcet is the dracut's separator.

[prestist]

From a code perspective this lgtm. Thank you for working on this, have you had a chance to test the latest changes in kubevirt?

[qinqon]

From a code perspective this lgtm. Thank you for working on this, have you had a chance to test the latest changes in kubevirt?

I have start three VMs with the three formats and I get on the three of them for dynamic address and static gateway and dns

 Using kernel command line parameters:  rd.driver.pre=btrfs ip=eth0:dhcp,dhcp6 rd.route=0.0.0.0/0:192.168.1.1 rd.route=[::/0]:[2001:db8::1] nameserver=8.8.8.8 nameserver=8.8.4.4

I have found that this is invalid the dualstack ip=eth0:dhcp,dhcp6 should be ip=eth0:dhcp ip=eth0:dhcp6

[qinqon]

@prestist pushed the fix, I will ping you after retesting with real VMs on kubevirt.

[qinqon]

@prestist pushed the fix, I will ping you after retesting with real VMs on kubevirt.

So looks like there is a bug at nm-initrd-generator and doing two eth0 configs one override the other so ipv4 get disabled

# Created by nm-initrd-generator
[connection]
id=enp1s0
uuid=b98261cd-d6d8-45fa-85f1-bd93edc4b682
type=ethernet
autoconnect-priority=-100
autoconnect-retries=1
interface-name=enp1s0
multi-connect=1

[ethernet]

[ipv4]
method=disabled <<< --- this
route1=0.0.0.0/0,192.168.1.1

[ipv6]
dhcp-timeout=90
may-fail=false
method=auto
route1=::/0,2001:db8::1

[proxy]

[user]
org.freedesktop.NetworkManager.origin=nm-initrd-generator

for network manager generator we should fallback to ip=eth0:dhcp,dhcp6 puff... clearly unit test is not enoug for all this :-/

[qinqon]

@prestist looks like dracut do not support IPv6 DHCPv6 Stateful for NetworkManager so we cannot implement full IPv6 support is that ok ?

This is the wrong thing at NetworkManager

For the NM patch, you'd need nm-initrd-generator to:

• auto6 → ipv6.method=auto (SLAAC, current behavior)
• dhcp6 → ipv6.method=dhcp (stateful DHCPv6 only, new behavior)

Maybe we can merge this since ipv4 is working fine and continue with ipv6 support later on, for the use case we need ipv4 is enough.

[prestist]

In am going get back to this soon sorry, been jumping around too much.

[prestist]

Yes, this should be fine to merge as-is. The IPv6 DHCPv6 stateful limitation is an upstream dracut/NetworkManager issue, not something we can fix in afterburn.

We can address full IPv6 DHCPv6 stateful support in a future PR once the upstream nm-initrd-generator adds support for ipv6.method=dhcp. The current implementation is correct and doesn't block that work.

LGTM to merge. Thank you again for the thorough testing and documentation of the limitation!