ovn_adoption: fix scp with IPv6 addresses in cluster-to-standalone

[rebtoor]

The scp command constructed from the SSH command by replacing "ssh" with "scp" does not account for IPv6 addresses. When the controller host is an IPv6 address (e.g. 2620:cf:cf:aaaa::70), scp interprets the colons as the host:path separator, causing it to connect to a bogus IPv4 address derived from the first octet.

Fix by splitting the SSH command into the scp options and the host, then wrapping the host in square brackets for the scp remote path. This is compatible with both IPv4 and IPv6 addresses since brackets around an IPv4 address are valid in scp.

Update both the test role and the user-facing documentation.

Example of actual behavior:

fatal: [localhost]: FAILED! => {"changed": true, "cmd": "set -euxo pipefail\n\nCONTROLLER1_SSH=\"ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70\"\n\necho \"Using CONTROLLER1 for database conversion\"\n\n# Create working directory on controller\n$CONTROLLER1_SSH sudo mkdir -p /tmp/ovn_standalone_conversion\n\n# Convert cluster databases to standalone on the controller\n$CONTROLLER1_SSH sudo ovsdb-tool cluster-to-standalone /tmp/ovn_standalone_conversion/ovnnb_db.db /var/lib/openvswitch/ovn/ovnnb_db.db\n$CONTROLLER1_SSH sudo ovsdb-tool cluster-to-standalone /tmp/ovn_standalone_conversion/ovnsb_db.db /var/lib/openvswitch/ovn/ovnsb_db.db\n\n# Set permissions for copying\n$CONTROLLER1_SSH sudo chmod 644 /tmp/ovn_standalone_conversion/ovn*.db\n\n# Create local temp directory\nmkdir -p /tmp/ovn_adoption_dbs\n\n# Use scp like other parts of the codebase\nCONTROLLER1_SCP=$(echo \"$CONTROLLER1_SSH\" | sed 's/^ssh/scp/')\n\necho \"Copying NB database to ansible controller...\"\n${CONTROLLER1_SCP}:/tmp/ovn_standalone_conversion/ovnnb_db.db /tmp/ovn_adoption_dbs/\n\necho \"Copying SB database to ansible controller...\"\n${CONTROLLER1_SCP}:/tmp/ovn_standalone_conversion/ovnsb_db.db /tmp/ovn_adoption_dbs/\n\n# Cleanup on controller\n$CONTROLLER1_SSH sudo rm -rf /tmp/ovn_standalone_conversion\n\necho \"Successfully converted and copied databases to ansible controller\"\n", "delta": "0:00:02.052464", "end": "2026-05-27 18:59:20.832418", "msg": "non-zero return code", "rc": 255, "start": "2026-05-27 18:59:18.779954", "stderr": "+ CONTROLLER1_SSH='ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70'\n+ echo 'Using CONTROLLER1 for database conversion'\n+ ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70 sudo mkdir -p /tmp/ovn_standalone_conversion\n+ ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70 sudo ovsdb-tool cluster-to-standalone /tmp/ovn_standalone_conversion/ovnnb_db.db /var/lib/openvswitch/ovn/ovnnb_db.db\n+ ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70 sudo ovsdb-tool cluster-to-standalone /tmp/ovn_standalone_conversion/ovnsb_db.db /var/lib/openvswitch/ovn/ovnsb_db.db\n+ ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70 sudo chmod 644 '/tmp/ovn_standalone_conversion/ovn*.db'\n+ mkdir -p /tmp/ovn_adoption_dbs\n++ echo 'ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70'\n++ sed 's/^ssh/scp/'\n+ CONTROLLER1_SCP='scp -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70'\n+ echo 'Copying NB database to ansible controller...'\n+ scp -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70:/tmp/ovn_standalone_conversion/ovnnb_db.db /tmp/ovn_adoption_dbs/\nssh: connect to host 0.0.10.60 port 22: Network is unreachable\r\nConnection closed", "stderr_lines": ["+ CONTROLLER1_SSH='ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70'", "+ echo 'Using CONTROLLER1 for database conversion'", "+ ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70 sudo mkdir -p /tmp/ovn_standalone_conversion", "+ ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70 sudo ovsdb-tool cluster-to-standalone /tmp/ovn_standalone_conversion/ovnnb_db.db /var/lib/openvswitch/ovn/ovnnb_db.db", "+ ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70 sudo ovsdb-tool cluster-to-standalone /tmp/ovn_standalone_conversion/ovnsb_db.db /var/lib/openvswitch/ovn/ovnsb_db.db", "+ ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70 sudo chmod 644 '/tmp/ovn_standalone_conversion/ovn*.db'", "+ mkdir -p /tmp/ovn_adoption_dbs", "++ echo 'ssh -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70'", "++ sed 's/^ssh/scp/'", "+ CONTROLLER1_SCP='scp -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70'", "+ echo 'Copying NB database to ansible controller...'", "+ scp -i /home/zuul/.ssh/id_cifw -o StrictHostKeyChecking=accept-new root@2620:cf:cf:aaaa::70:/tmp/ovn_standalone_conversion/ovnnb_db.db /tmp/ovn_adoption_dbs/", "ssh: connect to host 0.0.10.60 port 22: Network is unreachable", "Connection closed"], "stdout": "Using CONTROLLER1 for database conversion\nCopying NB database to ansible controller...", "stdout_lines": ["Using CONTROLLER1 for database conversion", "Copying NB database to ansible controller..."]}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ciecierski for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[centosinfra-prod-github-app]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/fedb48d3028743138e8c6702cf4d02ac

✔️ noop SUCCESS in 0s
❌ adoption-standalone-to-crc-ceph POST_FAILURE in 1h 53m 15s
❌ adoption-standalone-to-crc-no-ceph POST_FAILURE in 1h 53m 50s
✔️ adoption-docs-preview SUCCESS in 1m 38s

[karelyatin]

would need to make this conditional using[] for host when ipv6 enabled.

[rebtoor]

actually, does it work it seems :D

[centosinfra-prod-github-app]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/9a5f6acbf55c4266be3ec76b456adec6

✔️ noop SUCCESS in 0s
❌ adoption-standalone-to-crc-ceph POST_FAILURE in 4h 05m 25s
❌ adoption-standalone-to-crc-no-ceph POST_FAILURE in 3h 13m 49s
✔️ adoption-docs-preview SUCCESS in 1m 38s

[rebtoor]

recheck

[centosinfra-prod-github-app]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/b79859e7064a43efbadc0deef1924e93

✔️ noop SUCCESS in 0s
❌ adoption-standalone-to-crc-ceph POST_FAILURE in 3h 09m 01s
❌ adoption-standalone-to-crc-no-ceph POST_FAILURE in 3h 10m 47s
✔️ adoption-docs-preview SUCCESS in 1m 44s

[klgill]

The proc_migrating-ovn-data.adoc file lgtm.

[github-actions]

This PR is stale because it has been for over 15 days with no activity.
Remove stale label or comment or this PR will be closed in 7 days.

[ciecierski]

@karelyatin and @rebtoor do we need this change ? It is marked stale already

[karelyatin]

@karelyatin and @rebtoor do we need this change ? It is marked stale already
@ciecierski looks valid to me but @rebtoor can share more context here.