Fix rabbitmq IPv6 with TLS/FIPS

Rabbitmq IPv6 config requires changes to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
and RABBITMQ_CTL_ERL_ARGS which are clobbered by the TLS/FIPS config.
Rework the logic that build the args to handle this.

Closes: OSPRH-8372

apis/go.mod

@@ -116,3 +116,5 @@ replace github.com/openshift/api => github.com/openshift/api v0.0.0-202304141430
 
 // custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.6.0_patches_tag)
 replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20240626194327-e7df1b654cb7 //allow-merging
+
+replace github.com/openstack-k8s-operators/lib-common/modules/common => github.com/olliewalsh/lib-common/modules/common v0.0.0-20240708202327-c53112301ef0

apis/go.sum

@@ -84,6 +84,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/olliewalsh/lib-common/modules/common v0.0.0-20240708202327-c53112301ef0 h1:ZTfIYF/Be9K6l/rziPY77hqnSTE7xBQV+BEawyswEiY=
+github.com/olliewalsh/lib-common/modules/common v0.0.0-20240708202327-c53112301ef0/go.mod h1:k9KuWN2LBtLbKHgcyh/0lrwk3Kr0cOAhiR3hi/mrwOQ=
 github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
 github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
@@ -108,8 +110,6 @@ github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240704220915-7
 github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240704220915-746cf7c339c5/go.mod h1:t9jIbObwq9/kswhmUcdZBUH+L9xLtm0+5flPcPSBH8M=
 github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240704220917-e65444cf5f26 h1:rPemtm9yElXfCD3uKvUQWwxdPwpEXhJpUq5cxyKnQR4=
 github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240704220917-e65444cf5f26/go.mod h1:Pg+s5VIUvZNec600X7GtlGTAUD2vafi9GZ7V0guaujI=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240624132705-6c8da3c0bbfd h1:ZlZW1W+IEDNN5Vz5HG3iyQWn5kk3omno4i6J3snwy3w=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240624132705-6c8da3c0bbfd/go.mod h1:k9KuWN2LBtLbKHgcyh/0lrwk3Kr0cOAhiR3hi/mrwOQ=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240624132705-6c8da3c0bbfd h1:solheCgtkDXK3AKTwZYmwoeQqXiwjB8K6T/YuxDjNDc=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240624132705-6c8da3c0bbfd/go.mod h1:zuPcZ5Kopr15AdfxvA0xqKIIGCZ0XbSe/0VHNKuvbEE=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240624132705-6c8da3c0bbfd h1:MY3MDe11c9R/kp0ALVeaWHIdRpbQh9Xs3ym/Z/KBBlU=

go.mod

@@ -130,3 +130,5 @@ replace github.com/openshift/api => github.com/openshift/api v0.0.0-202304141430
 
 // custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.6.0_patches_tag)
 replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20240626194327-e7df1b654cb7 //allow-merging
+
+replace github.com/openstack-k8s-operators/lib-common/modules/common => github.com/olliewalsh/lib-common/modules/common v0.0.0-20240708202327-c53112301ef0

go.sum

@@ -92,6 +92,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/olliewalsh/lib-common/modules/common v0.0.0-20240708202327-c53112301ef0 h1:ZTfIYF/Be9K6l/rziPY77hqnSTE7xBQV+BEawyswEiY=
+github.com/olliewalsh/lib-common/modules/common v0.0.0-20240708202327-c53112301ef0/go.mod h1:k9KuWN2LBtLbKHgcyh/0lrwk3Kr0cOAhiR3hi/mrwOQ=
 github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
 github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
@@ -120,8 +122,6 @@ github.com/openstack-k8s-operators/lib-common/modules/ansible v0.3.1-0.202406241
 github.com/openstack-k8s-operators/lib-common/modules/ansible v0.3.1-0.20240624132705-6c8da3c0bbfd/go.mod h1:tP+nxk95PisCKJaXE/an2igG9lluxuOVhdmV9WtkR2s=
 github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240624132705-6c8da3c0bbfd h1:NuDKT4KCTJNun1glbc6ULOoaO6hRY4Ct22gYGrZd6Eg=
 github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240624132705-6c8da3c0bbfd/go.mod h1:GooNi6hM78cOUMjhBy0fXsZIcDTK1dUb1rlay170IJo=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240624132705-6c8da3c0bbfd h1:ZlZW1W+IEDNN5Vz5HG3iyQWn5kk3omno4i6J3snwy3w=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240624132705-6c8da3c0bbfd/go.mod h1:k9KuWN2LBtLbKHgcyh/0lrwk3Kr0cOAhiR3hi/mrwOQ=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240624132705-6c8da3c0bbfd h1:solheCgtkDXK3AKTwZYmwoeQqXiwjB8K6T/YuxDjNDc=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240624132705-6c8da3c0bbfd/go.mod h1:zuPcZ5Kopr15AdfxvA0xqKIIGCZ0XbSe/0VHNKuvbEE=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240624132705-6c8da3c0bbfd h1:MY3MDe11c9R/kp0ALVeaWHIdRpbQh9Xs3ym/Z/KBBlU=

main.go

@@ -52,6 +52,7 @@ import (
 	placementv1 "github.com/openstack-k8s-operators/placement-operator/api/v1beta1"
 	swiftv1 "github.com/openstack-k8s-operators/swift-operator/api/v1beta1"
 	telemetryv1 "github.com/openstack-k8s-operators/telemetry-operator/api/v1beta1"
+
 	// Note(lpiwowar): Please, do not remove! This import is necessary in order
 	// to make the test-operator part of the openstack-operator-index.
 	_ "github.com/openstack-k8s-operators/test-operator/api/v1beta1"
@@ -75,6 +76,7 @@ import (
 	corev1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1"
 	dataplanev1 "github.com/openstack-k8s-operators/openstack-operator/apis/dataplane/v1beta1"
 
+	ocp_networkv1 "github.com/openshift/api/network/v1"
 	clientcontrollers "github.com/openstack-k8s-operators/openstack-operator/controllers/client"
 	corecontrollers "github.com/openstack-k8s-operators/openstack-operator/controllers/core"
 	dataplanecontrollers "github.com/openstack-k8s-operators/openstack-operator/controllers/dataplane"
@@ -117,6 +119,7 @@ func init() {
 	utilruntime.Must(routev1.AddToScheme(scheme))
 	utilruntime.Must(certmgrv1.AddToScheme(scheme))
 	utilruntime.Must(barbicanv1.AddToScheme(scheme))
+	utilruntime.Must(ocp_networkv1.AddToScheme(scheme))
 	//+kubebuilder:scaffold:scheme
 }
 

pkg/openstack/rabbitmq.go

@@ -155,24 +155,43 @@ func reconcileRabbitMQ(
 		},
 	}
 
+	IPv6Enabled, err := ocp.HasIPv6ClusterNetwork(ctx, helper)
+	if err != nil {
+		return mqFailed, ctrl.Result{}, err
+	}
+	inetFamily := "inet"
+	inetProtocol := "tcp"
+	tlsArgs := ""
+	fipsArgs := ""
+	if IPv6Enabled {
+		inetFamily = "inet6"
+	}
+	erlangInetConfig := fmt.Sprintf("{%s,true}.\n", inetFamily)
+
 	if instance.Spec.TLS.PodLevel.Enabled {
+		inetProtocol = "tls"
+		tlsArgs = "-ssl_dist_optfile /etc/rabbitmq/inter-node-tls.config"
 		fipsEnabled, err := ocp.IsFipsCluster(ctx, helper)
 		if err != nil {
 			return mqFailed, ctrl.Result{}, err
 		}
-		clusterNodeTLSArgs := "-proto_dist inet_tls -ssl_dist_optfile /etc/rabbitmq/inter-node-tls.config"
 		if fipsEnabled {
-			clusterNodeTLSArgs += " -crypto fips_mode true"
+			fipsArgs = "-crypto fips_mode true"
 		}
-
-		envVars = append(envVars, corev1.EnvVar{
-			Name:  "RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS",
-			Value: clusterNodeTLSArgs,
-		}, corev1.EnvVar{
-			Name:  "RABBITMQ_CTL_ERL_ARGS",
-			Value: clusterNodeTLSArgs,
-		})
 	}
+	envVars = append(envVars, corev1.EnvVar{
+		Name: "RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS",
+		Value: fmt.Sprintf(
+			"-kernel inetrc '/etc/rabbitmq/erl_inetrc' -proto_dist %s_%s %s %s",
+			inetFamily,
+			inetProtocol,
+			tlsArgs,
+			fipsArgs,
+		),
+	}, corev1.EnvVar{
+		Name:  "RABBITMQ_CTL_ERL_ARGS",
+		Value: fmt.Sprintf("-proto_dist %s_%s %s", inetFamily, inetProtocol, tlsArgs),
+	})
 
 	cms := []util.Template{
 		{
@@ -206,7 +225,7 @@ func reconcileRabbitMQ(
 		},
 	}
 
-	err := configmap.EnsureConfigMaps(ctx, helper, instance, cms, nil)
+	err = configmap.EnsureConfigMaps(ctx, helper, instance, cms, nil)
 	if err != nil {
 		Log.Error(err, "Unable to create rabbitmq config maps")
 		return mqFailed, ctrl.Result{}, err
@@ -344,6 +363,8 @@ func reconcileRabbitMQ(
 			rabbitmq.Spec.Rabbitmq.AdditionalConfig = strings.Join(settings, "\n")
 		}
 
+		rabbitmq.Spec.Rabbitmq.ErlangInetConfig = erlangInetConfig
+		rabbitmq.Spec.Rabbitmq.AdvancedConfig = ""
 		if tlsCert != "" {
 			rabbitmq.Spec.TLS.CaSecretName = tlsCert
 			rabbitmq.Spec.TLS.SecretName = tlsCert