From 499101147d9c609a6effd4f934ff542175299d7e Mon Sep 17 00:00:00 2001
From: "Eric D. Helms" <ericdhelms@gmail.com>
Date: Mon, 13 May 2024 14:39:53 -0400
Subject: [PATCH] Add ipv6 disable check

---
 definitions/checks/check_ipv6_disable.rb      | 23 ++++++++++++++
 definitions/scenarios/update.rb               |  1 +
 .../scenarios/upgrade_to_capsule_6_16.rb      |  1 +
 .../scenarios/upgrade_to_capsule_6_16_z.rb    |  1 +
 .../scenarios/upgrade_to_satellite_6_16.rb    |  1 +
 .../scenarios/upgrade_to_satellite_6_16_z.rb  |  1 +
 .../checks/check_ipv6_disable_test.rb         | 31 +++++++++++++++++++
 7 files changed, 59 insertions(+)
 create mode 100644 definitions/checks/check_ipv6_disable.rb
 create mode 100644 test/definitions/checks/check_ipv6_disable_test.rb

diff --git a/definitions/checks/check_ipv6_disable.rb b/definitions/checks/check_ipv6_disable.rb
new file mode 100644
index 000000000..ca6064f37
--- /dev/null
+++ b/definitions/checks/check_ipv6_disable.rb
@@ -0,0 +1,23 @@
+class Checks::CheckIpv6Disable < ForemanMaintain::Check
+  metadata do
+    label :check_ipv6_disable
+    description 'Check if ipv6.disable=1 is set at kernel level'
+  end
+
+  def run
+    cmdline_file = File.read('/proc/cmdline')
+
+    assert(!cmdline_file.include?("ipv6.disable=1"), error_message)
+  end
+
+  def error_message
+    base = "\nThe kernel contains ipv6.disable=1 which is known to break installation and upgrade"\
+           ", remove and reboot before continuining."
+
+    if feature(:instance).downstream
+      base += " See https://access.redhat.com/solutions/5045841 for more details."
+    end
+
+    base
+  end
+end
diff --git a/definitions/scenarios/update.rb b/definitions/scenarios/update.rb
index 43a1c7ee6..a39df7c9e 100644
--- a/definitions/scenarios/update.rb
+++ b/definitions/scenarios/update.rb
@@ -28,6 +28,7 @@ def compose
         Checks::SystemRegistration,
         Checks::CheckHotfixInstalled,
         Checks::CheckTmout,
+        Checks::CheckIpv6Disable,
         Checks::CheckUpstreamRepository,
         Checks::Disk::AvailableSpace,
         Checks::Disk::AvailableSpaceCandlepin, # if candlepin
diff --git a/definitions/scenarios/upgrade_to_capsule_6_16.rb b/definitions/scenarios/upgrade_to_capsule_6_16.rb
index aa5db4cf6..1bd5d959e 100644
--- a/definitions/scenarios/upgrade_to_capsule_6_16.rb
+++ b/definitions/scenarios/upgrade_to_capsule_6_16.rb
@@ -27,6 +27,7 @@ class PreUpgradeCheck < Abstract
     def compose
       add_steps(find_checks(:default))
       add_steps(find_checks(:pre_upgrade))
+      add_step(Checks::CheckIpv6Disable)
       add_step(Checks::Disk::AvailableSpacePostgresql13)
       add_step(Checks::Repositories::Validate.new(:version => '6.16'))
     end
diff --git a/definitions/scenarios/upgrade_to_capsule_6_16_z.rb b/definitions/scenarios/upgrade_to_capsule_6_16_z.rb
index 754289ac6..bb66b4685 100644
--- a/definitions/scenarios/upgrade_to_capsule_6_16_z.rb
+++ b/definitions/scenarios/upgrade_to_capsule_6_16_z.rb
@@ -27,6 +27,7 @@ class PreUpgradeCheck < Abstract
     def compose
       add_steps(find_checks(:default))
       add_steps(find_checks(:pre_upgrade))
+      add_step(Checks::CheckIpv6Disable)
       add_step(Checks::Repositories::Validate.new(:version => '6.16'))
     end
   end
diff --git a/definitions/scenarios/upgrade_to_satellite_6_16.rb b/definitions/scenarios/upgrade_to_satellite_6_16.rb
index 8b1a85ce3..30aeb7cb3 100644
--- a/definitions/scenarios/upgrade_to_satellite_6_16.rb
+++ b/definitions/scenarios/upgrade_to_satellite_6_16.rb
@@ -27,6 +27,7 @@ class PreUpgradeCheck < Abstract
     def compose
       add_steps(find_checks(:default))
       add_steps(find_checks(:pre_upgrade))
+      add_step(Checks::CheckIpv6Disable)
       add_step(Checks::Disk::AvailableSpacePostgresql13)
       add_step(Checks::Repositories::Validate.new(:version => '6.16'))
       add_step(Checks::CheckOrganizationContentAccessMode)
diff --git a/definitions/scenarios/upgrade_to_satellite_6_16_z.rb b/definitions/scenarios/upgrade_to_satellite_6_16_z.rb
index 397d6ec03..99195957e 100644
--- a/definitions/scenarios/upgrade_to_satellite_6_16_z.rb
+++ b/definitions/scenarios/upgrade_to_satellite_6_16_z.rb
@@ -27,6 +27,7 @@ class PreUpgradeCheck < Abstract
     def compose
       add_steps(find_checks(:default))
       add_steps(find_checks(:pre_upgrade))
+      add_step(Checks::CheckIpv6Disable)
       add_step(Checks::Repositories::Validate.new(:version => '6.16'))
     end
   end
diff --git a/test/definitions/checks/check_ipv6_disable_test.rb b/test/definitions/checks/check_ipv6_disable_test.rb
new file mode 100644
index 000000000..1c83f2bc2
--- /dev/null
+++ b/test/definitions/checks/check_ipv6_disable_test.rb
@@ -0,0 +1,31 @@
+require 'test_helper'
+
+describe Checks::CheckIpv6Disable do
+  include DefinitionsTestHelper
+
+  subject { Checks::CheckIpv6Disable.new }
+
+  context 'throw an error message when ipv6.disable=1 is set' do
+    before do
+      File.expects(:read).with('/proc/cmdline').returns('ipv6.disable=1')
+    end
+
+    it 'system is self registered' do
+      result = run_step(subject)
+
+      assert result.fail?
+    end
+  end
+
+  context 'success when ipv6.disable=1 is not set' do
+    before do
+      File.expects(:read).with('/proc/cmdline').returns('test.net=0')
+    end
+
+    it 'system is self registered' do
+      result = run_step(subject)
+
+      assert result.success?
+    end
+  end
+end