feat(datasource/aliyun): add IPv6 metaserver and DHCP strategy based on NIC metadata

[challvy]

Proposed Commit Message

Fixes #6892

feat(aliyun): support IPv6 metaserver and IPv6-only NIC config

Alibaba Cloud ECS now exposes the metadata service over both IPv4
(100.100.100.200) and IPv6 (fd00:100::100:200), and supports attaching
IPv6-only ENIs that have no IPv4 address. The current AliYun datasource
only configures the IPv4 endpoint and unconditionally emits dhcp4: true
for every NIC, which prevents IPv6-only instances from reaching IMDS
and causes long boot delays on IPv6-only ENIs.

This change:

- Adds the IPv6 metadata endpoint to DataSourceAliYun.metadata_urls so
  wait_for_url tries both endpoints. IPv4 instances are unaffected.
- Makes DHCP rendering metadata-driven in
  convert_ecs_metadata_network_config():
    * dhcp6 is enabled when 'ipv6s' is present on a NIC (existing).
    * dhcp4 is disabled and dhcp4-overrides is dropped when
      'private-ipv4s' is absent on a NIC, so DHCPv4 is not attempted
      on IPv6-only NICs.
- Adds unit tests covering IPv4-only, dual-stack, and IPv6-only NIC
  scenarios under tests/unittests/sources/test_aliyun.py.

Additional Context

The IPv6 metadata endpoint and IPv6-only ENIs are documented features
of Alibaba Cloud ECS. With these changes, cloud-init can correctly
fetch metadata and render network configuration on:

NIC metadata	dhcp4	dhcp6
private-ipv4s only	true	false
private-ipv4s + ipv6s (dual-stack)	true	true
ipv6s only (IPv6-only ENI)	false	true

Backwards compatibility:

• Existing IPv4-only instances are unaffected — their NIC metadata
  always contains private-ipv4s, so dhcp4 stays true.
• Adding a second URL to metadata_urls does not change behaviour
  when the IPv4 IMDS endpoint responds successfully.

Test Steps

1. Unit tests (covers all three NIC scenarios):

   tox -e py3 -- tests/unittests/sources/test_aliyun.py
   

   Expected: all tests pass, including the new
   test_dhcp4_disabled_when_no_private_ipv4s,
   test_dhcp6_enabled_when_ipv6s_present, and
   test_ipv6_only_nic_config.

2. Live verification on an Alibaba Cloud ECS instance:

   a. Launch a dual-stack ECS instance with both IPv4 and IPv6
   addresses, boot with this cloud-init build, and confirm:

   • /run/cloud-init/instance-data.json contains metadata fetched
     from IMDS.
   • The rendered netplan contains dhcp4: true and dhcp6: true
     for the dual-stack NIC.

   b. Attach an IPv6-only secondary ENI (no private-ipv4s in
   metadata), reboot, and confirm:

   • Boot is not delayed by DHCPv4 timeouts on the IPv6-only NIC.
   • The rendered netplan for that NIC contains dhcp4: false and
     dhcp6: true.

   c. (Optional) Disable IPv4 IMDS on a test instance and confirm
   cloud-init still reaches metadata via
   http://[fd00:100::100:200].

Merge type

• Squash merge using "Proposed Commit Message"
• Rebase and merge unique commits. Requires commit messages per-commit each referencing the pull request number (#<PR_NUM>)

[Copilot]

Pull request overview

Adds AliYun (Alibaba Cloud ECS) support for reaching IMDS over IPv6 and avoids DHCPv4 timeouts on IPv6-only ENIs by rendering DHCP settings based on NIC metadata.

Changes:

• Add the IPv6 IMDS endpoint (http://[fd00:100::100:200]) to DataSourceAliYun.metadata_urls so IMDS discovery can succeed on IPv6-only instances.
• Update convert_ecs_metadata_network_config() to disable dhcp4 (and drop dhcp4-overrides) when a NIC lacks private-ipv4s, while still enabling dhcp6 when ipv6s is present.
• Add unit tests covering IPv4-only, dual-stack, and IPv6-only NIC scenarios.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
cloudinit/sources/DataSourceAliYun.py	Adds IPv6 IMDS base URL to the datasource’s metadata URL candidates.
cloudinit/sources/helpers/aliyun.py	Makes DHCPv4/DHCPv6 configuration conditional on per-NIC metadata and hardens override cleanup.
tests/unittests/sources/test_aliyun.py	Extends unit test coverage for the updated DHCP rendering logic.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[challvy]

@blackboxsw Hi, according to my latest tests, there is an issue with this change: in an IPv6 environment, because it waits for the DHCPv4 negotiation result (with a timeout of several minutes), the boot process gets stuck for several minutes. Please do not merge this yet. Let me do further testing and modify the code, and then we can consider merging it.

[blackboxsw]

@challvy thanks for this input. We'll await your findings, please keep us informed. I do wonder if that timeout you are seeing with dhcp4 is due to Aliyun's EphemeralIPNetwork call in get_data not providing an ipv6=True value, and not providing connectivity_urls_data params which would attempt to reach either ipv4 and ipv6 connectivity URLs, effectively disregarding dhcpv4 setup if ipv6 IMDS URL were accessible.

[blackboxsw]

Additionally, in situations where IPv6 only is configured for an instance. I think we may need a bit of an overhaul within EphemeralIPNetwork to potentially run a dual-stack race to request both dhcp6 and dhcp4 addrs when both ipv4=true and ipv6=true and no connectivity_urls are accessible. That way, the EphemeralIPNetwork could proceed when either ipv6 or ipv4 connectivity is asserted to a known IMDS URL, thereby avoiding a wait on an unconfigured DHCP4 response for ipv6-only networks.

[challvy]

@blackboxsw Thank you for your feedback; I still need some time on my side to design and validate it.