[radvd] Add radvd role for IPv6 RA management

Creates a new Ansible role to manage radvd (Router
Advertisement Daemon) configuration for IPv6 networks.

Features:
- Manages system radvd.service and /etc/radvd.conf
- Configuration fragment assembly from /etc/cifmw-radvd.d/
- Support for SLAAC and DHCPv6 (M-flag, O-flag)
- IPv6 prefix, route, and RDNSS advertisement
- Dynamic network addition/removal via tasks_from
- Molecule test coverage

Assisted-By: Claude Code/claude-4.5-sonnet
Signed-off-by: Harald Jensås <[email protected]>

Author: hjensas

docs/dictionary/en-custom.txt

@@ -23,6 +23,7 @@ arxcruz
 AssignedTeam
 auth
 authfile
+autoconfiguration
 autohold
 autoholds
 autoscale
@@ -147,6 +148,7 @@ dfb
 dfce
 dfg
 dhcp
+dhcpv
 dib
 dicts
 dirs
@@ -480,9 +482,11 @@ qtjhbpzc
 quickstart
 rabbitmq
 radosgw
+radvd
 raukadah
 rbd
 rdk
+rdnss
 rdo
 rdoinfo
 rdoproject
@@ -529,6 +533,7 @@ Sinha
 sizepercent
 skbg
 skiplist
+slaac
 snr
 specificities
 spnego
@@ -537,6 +542,7 @@ src
 sshkey
 ssl
 sso
+stateful
 stderr
 stdout
 stp
@@ -584,6 +590,7 @@ uidmap
 unclaim
 undefine
 undercloud
+unicast
 unittest
 unmanaged
 uoyt

roles/radvd/README.md

@@ -0,0 +1,203 @@
+# radvd
+
+Manage radvd (Router Advertisement Daemon) configuration.
+
+This role provides IPv6 Router Advertisements for network interfaces, enabling
+Stateless Address Autoconfiguration (SLAAC) and/or DHCPv6.
+
+## Privilege escalation
+
+- Package installation
+- Writing in protected locations `/etc/radvd.conf`, `/etc/cifmw-radvd.d`
+- Managing system service `radvd.service`
+
+## Common Parameters
+
+* `cifmw_radvd_basedir`: (String) Configuration fragments directory. Defaults to `/etc/cifmw-radvd.d`.
+* `cifmw_radvd_networks`: (List) List of networks to configure. Defaults to `[]`.
+* `cifmw_radvd_remove_package`: (Bool) Remove the radvd package during cleanup. Defaults to `false`.
+
+## Network Configuration
+
+Each network in `cifmw_radvd_networks` supports the following parameters:
+
+* `name`: (String) Network/interface name. **Required**.
+* `state`: (String) Network status. Must be either `present` or `absent`. Defaults to `present`.
+* `prefixes`: (List[mapping]) List of IPv6 prefixes to advertise. **Required when state is present**.
+* `adv_send_advert`: (Bool) Enable/disable router advertisements. Defaults to `true`.
+* `adv_managed_flag`: (Bool) Managed address configuration flag (M-flag). Indicates DHCPv6 for addresses.
+* `adv_other_config_flag`: (Bool) Other configuration flag (O-flag). Indicates DHCPv6 for other configuration.
+* `adv_ra_solicited_unicast`: (Bool) Enable unicast router advertisements.
+* `adv_link_mtu`: (Int) Advertised MTU for the link.
+* `min_rtr_adv_interval`: (Int) Minimum router advertisement interval in seconds.
+* `max_rtr_adv_interval`: (Int) Maximum router advertisement interval in seconds.
+* `routes`: (List[mapping]) List of routes to advertise. Optional.
+* `rdnss`: (List[mapping]) List of recursive DNS servers to advertise. Optional.
+
+### Prefix mapping
+
+* `network`: (String) IPv6 prefix (e.g., `2001:db8:1::/64`). **Required**.
+* `adv_on_link`: (Bool) On-link flag. Defaults to `true`.
+* `adv_autonomous`: (Bool) Autonomous address configuration flag (SLAAC). Defaults to `true`.
+* `adv_router_addr`: (Bool) Include router address in prefix information.
+* `adv_valid_lifetime`: (String/Int) Valid lifetime for the prefix (e.g., `86400`, `infinity`).
+* `adv_preferred_lifetime`: (String/Int) Preferred lifetime for the prefix.
+
+### Route mapping
+
+* `network`: (String) IPv6 route prefix. **Required**.
+* `adv_route_preference`: (String) Route preference (`low`, `medium`, `high`).
+* `adv_route_lifetime`: (Int) Route lifetime in seconds.
+
+### RDNSS mapping
+
+* `servers`: (List[String]) List of IPv6 DNS server addresses. **Required**.
+* `adv_rdnss_lifetime`: (Int) RDNSS lifetime in seconds.
+
+## Examples
+
+### Basic network with SLAAC only
+
+```yaml
+- name: Configure radvd networks
+  vars:
+    cifmw_radvd_networks:
+      - name: testnet
+        adv_managed_flag: false
+        adv_other_config_flag: false
+        adv_link_mtu: 1500
+        min_rtr_adv_interval: 30
+        max_rtr_adv_interval: 100
+        prefixes:
+          - network: "2001:db8:1::/64"
+            adv_on_link: true
+            adv_autonomous: true
+            adv_router_addr: true
+  ansible.builtin.include_role:
+    name: radvd
+```
+
+### Network with DHCPv6 for addresses and other configuration
+
+```yaml
+- name: Configure radvd with DHCPv6
+  vars:
+    cifmw_radvd_networks:
+      - name: provisioning
+        adv_managed_flag: true
+        adv_other_config_flag: true
+        adv_ra_solicited_unicast: true
+        adv_link_mtu: 1500
+        min_rtr_adv_interval: 30
+        max_rtr_adv_interval: 100
+        prefixes:
+          - network: "2001:db8:2::/64"
+            adv_on_link: true
+            adv_autonomous: false
+        rdnss:
+          - servers:
+              - "2001:db8:2::53"
+            adv_rdnss_lifetime: 300
+  ansible.builtin.include_role:
+    name: radvd
+```
+
+### Multiple networks
+
+```yaml
+- name: Configure multiple networks
+  vars:
+    cifmw_radvd_networks:
+      - name: net1
+        adv_managed_flag: true
+        adv_other_config_flag: true
+        adv_link_mtu: 1500
+        min_rtr_adv_interval: 30
+        max_rtr_adv_interval: 100
+        prefixes:
+          - network: "2001:db8:1::/64"
+            adv_on_link: true
+            adv_autonomous: true
+      - name: net2
+        adv_managed_flag: false
+        adv_other_config_flag: false
+        prefixes:
+          - network: "2001:db8:2::/64"
+            adv_on_link: true
+            adv_autonomous: true
+  ansible.builtin.include_role:
+    name: radvd
+```
+
+### Remove a network configuration
+
+```yaml
+- name: Remove radvd configuration for a network
+  vars:
+    cifmw_radvd_networks:
+      - name: testnet
+        state: absent
+  ansible.builtin.include_role:
+    name: radvd
+```
+
+### Adding a single network dynamically
+
+You can also add a single network using `tasks_from: manage_network.yml`:
+
+```yaml
+- name: Add a single network to radvd
+  vars:
+    cifmw_radvd_network:
+      name: testnet
+      adv_managed_flag: true
+      adv_other_config_flag: true
+      adv_link_mtu: 1500
+      min_rtr_adv_interval: 30
+      max_rtr_adv_interval: 100
+      prefixes:
+        - network: "2001:db8:1::/64"
+          adv_on_link: true
+          adv_autonomous: true
+          adv_router_addr: true
+  ansible.builtin.include_role:
+    name: radvd
+    tasks_from: manage_network.yml
+```
+
+### Cleanup entire radvd service
+
+```yaml
+- name: Cleanup radvd
+  vars:
+    # Set to true to also remove the radvd package (default: false)
+    cifmw_radvd_remove_package: false
+  ansible.builtin.include_role:
+    name: radvd
+    tasks_from: cleanup.yml
+```
+
+## Understanding the flags
+
+### Managed Flag (M-flag) - `adv_managed_flag`
+
+When set to `true`, hosts should use DHCPv6 to obtain IPv6 addresses (stateful DHCPv6).
+When set to `false`, hosts should use SLAAC (Stateless Address Autoconfiguration) based on the advertised prefix.
+
+### Other Config Flag (O-flag) - `adv_other_config_flag`
+
+When set to `true`, hosts should use DHCPv6 to obtain other configuration information (DNS, NTP, etc.).
+
+### Common configurations
+
+1. **SLAAC only**: `adv_managed_flag: false`, `adv_other_config_flag: false`, `adv_autonomous: true`
+2. **SLAAC + DHCPv6 for options**: `adv_managed_flag: false`, `adv_other_config_flag: true`, `adv_autonomous: true`
+3. **DHCPv6 for everything**: `adv_managed_flag: true`, `adv_other_config_flag: true`, `adv_autonomous: false`
+
+## Notes
+
+- The interface/bridge specified by the `name` parameter must exist before radvd can advertise on it.
+- IPv6 forwarding must be enabled on the host for router advertisements to work properly.
+- Multiple prefixes can be advertised on the same interface.
+- The role uses the system `radvd.service` from the RPM package.
+- Configuration is assembled from fragments in `/etc/cifmw-radvd.d/` into `/etc/radvd.conf`.

roles/radvd/defaults/main.yml

@@ -0,0 +1,22 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables within this role should have a prefix of "cifmw_radvd"
+
+cifmw_radvd_basedir: "/etc/cifmw-radvd.d"
+cifmw_radvd_networks: []
+cifmw_radvd_remove_package: false

roles/radvd/handlers/main.yml

@@ -0,0 +1,21 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Restart radvd service
+  become: true
+  ansible.builtin.systemd:
+    name: radvd.service
+    state: restarted

roles/radvd/meta/main.yml

@@ -0,0 +1,30 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: CI Framework
+  description: CI Framework Role -- radvd
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: "2.14"
+  namespace: cifmw
+  galaxy_tags:
+    - cifmw
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []

roles/radvd/molecule/default/cleanup.yml

@@ -0,0 +1,52 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Cleanup
+  hosts: all
+  tasks:
+    - name: Copy generated content in ci-framework-data/artifacts
+      vars:
+        dest_dir: >-
+          {{
+            (ansible_user_dir,
+             'ci-framework-data',
+             'artifacts') | path_join
+          }}
+      ansible.posix.synchronize:
+        src: "{{ item }}"
+        dest: "{{ dest_dir }}"
+      loop:
+        - /etc/radvd.conf
+        - /etc/cifmw-radvd.d/
+
+    - name: Cleanup radvd
+      ansible.builtin.import_role:
+        name: "radvd"
+        tasks_from: "cleanup.yml"
+
+    - name: Check if cleanup files still exist
+      become: true
+      ansible.builtin.stat:
+        path: "{{ item }}"
+      register: _cleanup_check
+      loop:
+        - /etc/radvd.conf
+        - /etc/cifmw-radvd.d
+
+    - name: Assert cleanup was successful
+      ansible.builtin.assert:
+        that:
+          - not (_cleanup_check.results | map(attribute='stat.exists') | list | max)