From 13d8860dabc599244a081ab6e2c40f83f6da487f Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Mon, 8 Jun 2026 12:37:31 +0000
Subject: [PATCH 01/10] Add c2cc_common.sh script, rework c2cc scenarios to use
 the script

---
 test/bin/c2cc_common.sh                       | 173 ++++++++++++++++++
 .../el10/presubmits/el102-src@c2cc-ipv6.sh    | 154 +---------------
 .../el10/presubmits/el102-src@c2cc.sh         | 151 +--------------
 .../el9/presubmits/el98-src@c2cc-ipv6.sh      | 154 +---------------
 .../el9/presubmits/el98-src@c2cc.sh           | 151 +--------------
 5 files changed, 201 insertions(+), 582 deletions(-)
 create mode 100644 test/bin/c2cc_common.sh

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
new file mode 100644
index 0000000000..bc31ad7be4
--- /dev/null
+++ b/test/bin/c2cc_common.sh
@@ -0,0 +1,173 @@
+#!/bin/bash
+#
+# This script contains common functions used by C2CC scenarios.
+
+wait_for_greenboot_on_hosts() {
+    local junit_label=$1
+    local host
+    for host in host1 host2 host3; do
+        local host_ip full_host
+        host_ip=$(get_vm_property "${host}" ip)
+        full_host=$(full_vm_name "${host}")
+        if ! wait_for_greenboot "${full_host}" "${host_ip}"; then
+            record_junit "${host}" "${junit_label}" "FAILED"
+            return 1
+        fi
+        record_junit "${host}" "${junit_label}" "OK"
+    done
+}
+
+configure_c2cc_host() {
+    local host=$1
+    shift
+    # Remaining args are sets of 4: remote_ip remote_pod_cidr remote_svc_cidr remote_domain (repeat)
+
+    run_command_on_vm "${host}" "sudo mkdir -p /etc/microshift/config.d"
+
+    # Build the YAML config with all remote clusters
+    local yaml_content
+    yaml_content="clusterToCluster:"$'\n'"  remoteClusters:"
+    local firewall_cidrs=()
+
+    while [ $# -gt 0 ]; do
+        local remote_ip=$1
+        local remote_pod_cidr=$2
+        local remote_svc_cidr=$3
+        local remote_domain=$4
+        shift 4
+
+        yaml_content+=$'\n'"  - nextHop: ${remote_ip}"
+        yaml_content+=$'\n'"    clusterNetwork:"
+        yaml_content+=$'\n'"    - ${remote_pod_cidr}"
+        yaml_content+=$'\n'"    serviceNetwork:"
+        yaml_content+=$'\n'"    - ${remote_svc_cidr}"
+        yaml_content+=$'\n'"    domain: ${remote_domain}"
+
+        firewall_cidrs+=("${remote_pod_cidr}" "${remote_svc_cidr}")
+    done
+
+    run_command_on_vm "${host}" "sudo tee /etc/microshift/config.d/50-c2cc.yaml > /dev/null <<EOF
+${yaml_content}
+EOF"
+
+    configure_vm_firewall "${host}"
+    for cidr in "${firewall_cidrs[@]}"; do
+        run_command_on_vm "${host}" "sudo firewall-cmd --permanent --zone=trusted --add-source=${cidr}"
+    done
+    run_command_on_vm "${host}" "sudo firewall-cmd --reload"
+    run_command_on_vm "${host}" "sudo systemctl restart microshift"
+}
+
+configure_c2cc_hosts() {
+    local -r host1_ip=$(get_vm_property host1 ip)
+    local -r host2_ip=$(get_vm_property host2 ip)
+    local -r host3_ip=$(get_vm_property host3 ip)
+
+    wait_for_greenboot_on_hosts "c2cc_pre_greenboot"
+
+    configure_c2cc_host host1 \
+        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}" \
+        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
+
+    configure_c2cc_host host2 \
+        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
+        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
+
+    configure_c2cc_host host3 \
+        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
+        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}"
+
+    wait_for_greenboot_on_hosts "c2cc_greenboot"
+}
+
+c2cc_create_vms() {
+    local -r boot_commit_ref="${1}"
+    local -r boot_blueprint="${2}"
+    local -r network="${3-default}"
+    local -r ip_family="${4-ipv4}" 
+
+    # Prepare kickstart for all hosts
+    local ipv6_args=""
+    [ "${ip_family}" = "ipv6" ] && ipv6_args="false true"
+
+    for host in host1 host2 host3; do
+        #unquoted expansion so it expands to nothing or two arguments
+        # shellcheck disable=SC2086
+        prepare_kickstart "${host}" kickstart-bootc.ks.template "${boot_commit_ref}" ${ipv6_args}
+    done
+
+    # Inject host2's and host3's non-default CIDRs into its kickstart config so MicroShift
+    # boots with the correct network from the start (no cleanup-data needed).
+    local -r host2_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host2"
+    cat >> "${host2_ks_dir}/post-microshift.cfg" <<EOF
+cat - >>/etc/microshift/config.yaml <<IEOF
+network:
+  clusterNetwork:
+  - ${CLUSTER_B_POD_CIDR}
+  serviceNetwork:
+  - ${CLUSTER_B_SVC_CIDR}
+IEOF
+EOF
+    local -r host3_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host3"
+    cat >> "${host3_ks_dir}/post-microshift.cfg" <<EOF
+cat - >>/etc/microshift/config.yaml <<IEOF
+network:
+  clusterNetwork:
+  - ${CLUSTER_C_POD_CIDR}
+  serviceNetwork:
+  - ${CLUSTER_C_SVC_CIDR}
+IEOF
+EOF
+
+    launch_vm "${boot_blueprint}" --vmname host1 --network "${network}"
+    launch_vm "${boot_blueprint}" --vmname host2 --network "${network}"
+    launch_vm "${boot_blueprint}" --vmname host3 --network "${network}"
+}
+
+c2cc_remove_vms() {
+    remove_vm host1
+    remove_vm host2
+    remove_vm host3
+}
+
+c2cc_run_tests() {
+    local -r foreign_cidr="${1}"
+    local -r ip_family="${2-ipv4}"
+
+    if ! configure_c2cc_hosts; then
+        return 1
+    fi
+
+    # Retrieve host2's kubeconfig
+    local -r host2_ip=$(get_vm_property host2 ip)
+    local -r kubeconfig_b="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-b"
+    
+    # Retrieve host3's kubeconfig
+    local -r host3_ip=$(get_vm_property host3 ip)
+    local -r kubeconfig_c="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-c"
+
+    # Wait for host2 and host3 to be fully ready (run_tests only waits for host1)
+    wait_for_microshift_to_be_ready host2
+    wait_for_microshift_to_be_ready host3
+
+    run_command_on_vm host2 "sudo cp /var/lib/microshift/resources/kubeadmin/${host2_ip}/kubeconfig /tmp/kubeconfig-b && sudo chmod 644 /tmp/kubeconfig-b"
+    run_command_on_vm host3 "sudo cp /var/lib/microshift/resources/kubeadmin/${host3_ip}/kubeconfig /tmp/kubeconfig-c && sudo chmod 644 /tmp/kubeconfig-c"
+    copy_file_from_vm host2 "/tmp/kubeconfig-b" "${kubeconfig_b}"
+    copy_file_from_vm host3 "/tmp/kubeconfig-c" "${kubeconfig_c}"
+
+    run_tests host1 \
+        --variable "CLUSTER_A_POD_CIDR:${CLUSTER_A_POD_CIDR}" \
+        --variable "CLUSTER_A_SVC_CIDR:${CLUSTER_A_SVC_CIDR}" \
+        --variable "CLUSTER_A_DOMAIN:${CLUSTER_A_DOMAIN}" \
+        --variable "CLUSTER_B_POD_CIDR:${CLUSTER_B_POD_CIDR}" \
+        --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
+        --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
+        --variable "KUBECONFIG_B:${kubeconfig_b}" \
+        --variable "CLUSTER_C_POD_CIDR:${CLUSTER_C_POD_CIDR}" \
+        --variable "CLUSTER_C_SVC_CIDR:${CLUSTER_C_SVC_CIDR}" \
+        --variable "CLUSTER_C_DOMAIN:${CLUSTER_C_DOMAIN}" \
+        --variable "KUBECONFIG_C:${kubeconfig_c}" \
+        --variable "FOREIGN_CIDR:${foreign_cidr}" \
+        --variable "IP_FAMILY:${ip_family}" \
+        suites/c2cc/
+}
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
index 87c59d9de1..92445411e5 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
@@ -1,6 +1,10 @@
 #!/bin/bash
 
 # Sourced from scenario.sh and uses functions defined there.
+
+# shellcheck source=test/bin/c2cc_common.sh
+source "${SCRIPTDIR}/c2cc_common.sh"
+
 export TEST_RANDOMIZATION=suites
 
 # Redefine network-related settings to use the dedicated IPv6 network bridge
@@ -30,158 +34,14 @@ CLUSTER_C_POD_CIDR="fd07::/48"
 CLUSTER_C_SVC_CIDR="fd08::/112"
 CLUSTER_C_DOMAIN="cluster-c.remote"
 
-wait_for_greenboot_on_hosts() {
-    local junit_label=$1
-    local host
-    for host in host1 host2 host3; do
-        local host_ip full_host
-        host_ip=$(get_vm_property "${host}" ip)
-        full_host=$(full_vm_name "${host}")
-        if ! wait_for_greenboot "${full_host}" "${host_ip}"; then
-            record_junit "${host}" "${junit_label}" "FAILED"
-            return 1
-        fi
-        record_junit "${host}" "${junit_label}" "OK"
-    done
-}
-
-configure_c2cc_host() {
-    local host=$1
-    shift
-    # Remaining args are sets of 4: remote_ip remote_pod_cidr remote_svc_cidr remote_domain (repeat)
-
-    run_command_on_vm "${host}" "sudo mkdir -p /etc/microshift/config.d"
-
-    # Build the YAML config with all remote clusters
-    local yaml_content
-    yaml_content="clusterToCluster:"$'\n'"  remoteClusters:"
-    local firewall_cidrs=()
-
-    while [ $# -gt 0 ]; do
-        local remote_ip=$1
-        local remote_pod_cidr=$2
-        local remote_svc_cidr=$3
-        local remote_domain=$4
-        shift 4
-
-        yaml_content+=$'\n'"  - nextHop: ${remote_ip}"
-        yaml_content+=$'\n'"    clusterNetwork:"
-        yaml_content+=$'\n'"    - ${remote_pod_cidr}"
-        yaml_content+=$'\n'"    serviceNetwork:"
-        yaml_content+=$'\n'"    - ${remote_svc_cidr}"
-        yaml_content+=$'\n'"    domain: ${remote_domain}"
-
-        firewall_cidrs+=("${remote_pod_cidr}" "${remote_svc_cidr}")
-    done
-
-    run_command_on_vm "${host}" "sudo tee /etc/microshift/config.d/50-c2cc.yaml > /dev/null <<EOF
-${yaml_content}
-EOF"
-
-    configure_vm_firewall "${host}"
-    for cidr in "${firewall_cidrs[@]}"; do
-        run_command_on_vm "${host}" "sudo firewall-cmd --permanent --zone=trusted --add-source=${cidr}"
-    done
-    run_command_on_vm "${host}" "sudo firewall-cmd --reload"
-    run_command_on_vm "${host}" "sudo systemctl restart microshift"
-}
-
-configure_c2cc_hosts() {
-    local -r host1_ip=$(get_vm_property host1 ip)
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r host3_ip=$(get_vm_property host3 ip)
-
-    wait_for_greenboot_on_hosts "c2cc_pre_greenboot"
-
-    configure_c2cc_host host1 \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host2 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host3 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}"
-
-    wait_for_greenboot_on_hosts "c2cc_greenboot"
-}
-
 scenario_create_vms() {
-    prepare_kickstart host1 kickstart-bootc.ks.template rhel102-bootc-source false true
-    prepare_kickstart host2 kickstart-bootc.ks.template rhel102-bootc-source false true 
-    prepare_kickstart host3 kickstart-bootc.ks.template rhel102-bootc-source false true
-
-    # Inject host2's and host3's non-default CIDRs into its kickstart config so MicroShift
-    # boots with the correct network from the start (no cleanup-data needed).
-    local -r host2_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host2"
-    cat >> "${host2_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_B_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_B_SVC_CIDR}
-IEOF
-EOF
-    local -r host3_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host3"
-    cat >> "${host3_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_C_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_C_SVC_CIDR}
-IEOF
-EOF
-
-    launch_vm rhel102-bootc --vmname host1 --network "${VM_IPV6_NETWORK}"
-    launch_vm rhel102-bootc --vmname host2 --network "${VM_IPV6_NETWORK}"
-    launch_vm rhel102-bootc --vmname host3 --network "${VM_IPV6_NETWORK}"
+    c2cc_create_vms rhel102-bootc-source rhel102-bootc "${VM_IPV6_NETWORK}" ipv6
 }
 
 scenario_remove_vms() {
-    remove_vm host1
-    remove_vm host2
-    remove_vm host3
+    c2cc_remove_vms
 }
 
 scenario_run_tests() {
-    if ! configure_c2cc_hosts; then
-        return 1
-    fi
-
-    # Retrieve host2's kubeconfig
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r kubeconfig_b="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-b"
-    
-    # Retrieve host3's kubeconfig
-    local -r host3_ip=$(get_vm_property host3 ip)
-    local -r kubeconfig_c="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-c"
-
-    # Wait for host2 and host3 to be fully ready (run_tests only waits for host1)
-    wait_for_microshift_to_be_ready host2
-    wait_for_microshift_to_be_ready host3
-
-    run_command_on_vm host2 "sudo cp /var/lib/microshift/resources/kubeadmin/${host2_ip}/kubeconfig /tmp/kubeconfig-b && sudo chmod 644 /tmp/kubeconfig-b"
-    run_command_on_vm host3 "sudo cp /var/lib/microshift/resources/kubeadmin/${host3_ip}/kubeconfig /tmp/kubeconfig-c && sudo chmod 644 /tmp/kubeconfig-c"
-    copy_file_from_vm host2 "/tmp/kubeconfig-b" "${kubeconfig_b}"
-    copy_file_from_vm host3 "/tmp/kubeconfig-c" "${kubeconfig_c}"
-
-    run_tests host1 \
-        --variable "CLUSTER_A_POD_CIDR:${CLUSTER_A_POD_CIDR}" \
-        --variable "CLUSTER_A_SVC_CIDR:${CLUSTER_A_SVC_CIDR}" \
-        --variable "CLUSTER_A_DOMAIN:${CLUSTER_A_DOMAIN}" \
-        --variable "CLUSTER_B_POD_CIDR:${CLUSTER_B_POD_CIDR}" \
-        --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
-        --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
-        --variable "KUBECONFIG_B:${kubeconfig_b}" \
-        --variable "CLUSTER_C_POD_CIDR:${CLUSTER_C_POD_CIDR}" \
-        --variable "CLUSTER_C_SVC_CIDR:${CLUSTER_C_SVC_CIDR}" \
-        --variable "CLUSTER_C_DOMAIN:${CLUSTER_C_DOMAIN}" \
-        --variable "KUBECONFIG_C:${kubeconfig_c}" \
-        --variable "FOREIGN_CIDR:2001:db8::/64" \
-        --variable "IP_FAMILY:ipv6" \
-        suites/c2cc/
+    c2cc_run_tests "2001:db8::/64" ipv6
 }
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
index beb1bd13b4..878a5a1c2d 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
@@ -1,6 +1,10 @@
 #!/bin/bash
 
 # Sourced from scenario.sh and uses functions defined there.
+
+# shellcheck source=test/bin/c2cc_common.sh
+source "${SCRIPTDIR}/c2cc_common.sh"
+
 export TEST_RANDOMIZATION=suites
 
 # Cluster A (host1): default MicroShift CIDRs
@@ -18,155 +22,14 @@ CLUSTER_C_POD_CIDR="10.48.0.0/16"
 CLUSTER_C_SVC_CIDR="10.49.0.0/16"
 CLUSTER_C_DOMAIN="cluster-c.remote"
 
-wait_for_greenboot_on_hosts() {
-    local junit_label=$1
-    local host
-    for host in host1 host2 host3; do
-        local host_ip full_host
-        host_ip=$(get_vm_property "${host}" ip)
-        full_host=$(full_vm_name "${host}")
-        if ! wait_for_greenboot "${full_host}" "${host_ip}"; then
-            record_junit "${host}" "${junit_label}" "FAILED"
-            return 1
-        fi
-        record_junit "${host}" "${junit_label}" "OK"
-    done
-}
-
-configure_c2cc_host() {
-    local host=$1
-    shift
-    # Remaining args are sets of 4: remote_ip remote_pod_cidr remote_svc_cidr remote_domain (repeat)
-
-    run_command_on_vm "${host}" "sudo mkdir -p /etc/microshift/config.d"
-
-    # Build the YAML config with all remote clusters
-    local yaml_content
-    yaml_content="clusterToCluster:"$'\n'"  remoteClusters:"
-    local firewall_cidrs=()
-
-    while [ $# -gt 0 ]; do
-        local remote_ip=$1
-        local remote_pod_cidr=$2
-        local remote_svc_cidr=$3
-        local remote_domain=$4
-        shift 4
-
-        yaml_content+=$'\n'"  - nextHop: ${remote_ip}"
-        yaml_content+=$'\n'"    clusterNetwork:"
-        yaml_content+=$'\n'"    - ${remote_pod_cidr}"
-        yaml_content+=$'\n'"    serviceNetwork:"
-        yaml_content+=$'\n'"    - ${remote_svc_cidr}"
-        yaml_content+=$'\n'"    domain: ${remote_domain}"
-
-        firewall_cidrs+=("${remote_pod_cidr}" "${remote_svc_cidr}")
-    done
-
-    run_command_on_vm "${host}" "sudo tee /etc/microshift/config.d/50-c2cc.yaml > /dev/null <<EOF
-${yaml_content}
-EOF"
-
-    configure_vm_firewall "${host}"
-    for cidr in "${firewall_cidrs[@]}"; do
-        run_command_on_vm "${host}" "sudo firewall-cmd --permanent --zone=trusted --add-source=${cidr}"
-    done
-    run_command_on_vm "${host}" "sudo firewall-cmd --reload"
-    run_command_on_vm "${host}" "sudo systemctl restart microshift"
-}
-
-configure_c2cc_hosts() {
-    local -r host1_ip=$(get_vm_property host1 ip)
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r host3_ip=$(get_vm_property host3 ip)
-
-    wait_for_greenboot_on_hosts "c2cc_pre_greenboot"
-
-    configure_c2cc_host host1 \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host2 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host3 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}"
-
-    wait_for_greenboot_on_hosts "c2cc_greenboot"
-}
-
 scenario_create_vms() {
-    prepare_kickstart host1 kickstart-bootc.ks.template rhel102-bootc-source
-    prepare_kickstart host2 kickstart-bootc.ks.template rhel102-bootc-source
-    prepare_kickstart host3 kickstart-bootc.ks.template rhel102-bootc-source
-
-    # Inject host2's and host3's non-default CIDRs into its kickstart config so MicroShift
-    # boots with the correct network from the start (no cleanup-data needed).
-    local -r host2_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host2"
-    cat >> "${host2_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_B_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_B_SVC_CIDR}
-IEOF
-EOF
-    local -r host3_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host3"
-    cat >> "${host3_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_C_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_C_SVC_CIDR}
-IEOF
-EOF
-
-    launch_vm rhel102-bootc --vmname host1
-    launch_vm rhel102-bootc --vmname host2
-    launch_vm rhel102-bootc --vmname host3
+    c2cc_create_vms rhel102-bootc-source rhel102-bootc
 }
 
 scenario_remove_vms() {
-    remove_vm host1
-    remove_vm host2
-    remove_vm host3
+    c2cc_remove_vms
 }
 
 scenario_run_tests() {
-    configure_c2cc_hosts
-
-    # Retrieve host2's kubeconfig
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r kubeconfig_b="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-b"
-
-    # Retrieve host3's kubeconfig
-    local -r host3_ip=$(get_vm_property host3 ip)
-    local -r kubeconfig_c="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-c"
-
-    # Wait for host2 and host3 to be fully ready (run_tests only waits for host1)
-    wait_for_microshift_to_be_ready host2
-    wait_for_microshift_to_be_ready host3
-
-    run_command_on_vm host2 "sudo cp /var/lib/microshift/resources/kubeadmin/${host2_ip}/kubeconfig /tmp/kubeconfig-b && sudo chmod 644 /tmp/kubeconfig-b"
-    run_command_on_vm host3 "sudo cp /var/lib/microshift/resources/kubeadmin/${host3_ip}/kubeconfig /tmp/kubeconfig-c && sudo chmod 644 /tmp/kubeconfig-c"
-    copy_file_from_vm host2 "/tmp/kubeconfig-b" "${kubeconfig_b}"
-    copy_file_from_vm host3 "/tmp/kubeconfig-c" "${kubeconfig_c}"
-
-    run_tests host1 \
-        --variable "CLUSTER_A_POD_CIDR:${CLUSTER_A_POD_CIDR}" \
-        --variable "CLUSTER_A_SVC_CIDR:${CLUSTER_A_SVC_CIDR}" \
-        --variable "CLUSTER_A_DOMAIN:${CLUSTER_A_DOMAIN}" \
-        --variable "CLUSTER_B_POD_CIDR:${CLUSTER_B_POD_CIDR}" \
-        --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
-        --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
-        --variable "KUBECONFIG_B:${kubeconfig_b}" \
-        --variable "CLUSTER_C_POD_CIDR:${CLUSTER_C_POD_CIDR}" \
-        --variable "CLUSTER_C_SVC_CIDR:${CLUSTER_C_SVC_CIDR}" \
-        --variable "CLUSTER_C_DOMAIN:${CLUSTER_C_DOMAIN}" \
-        --variable "KUBECONFIG_C:${kubeconfig_c}" \
-        --variable "FOREIGN_CIDR:192.0.2.0/24" \
-        suites/c2cc/
+    c2cc_run_tests "192.0.2.0/24"
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
index 0aa851eff5..70b5326220 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
@@ -1,6 +1,10 @@
 #!/bin/bash
 
 # Sourced from scenario.sh and uses functions defined there.
+
+# shellcheck source=test/bin/c2cc_common.sh
+source "${SCRIPTDIR}/c2cc_common.sh"
+
 export TEST_RANDOMIZATION=suites
 
 # Redefine network-related settings to use the dedicated IPv6 network bridge
@@ -30,158 +34,14 @@ CLUSTER_C_POD_CIDR="fd07::/48"
 CLUSTER_C_SVC_CIDR="fd08::/112"
 CLUSTER_C_DOMAIN="cluster-c.remote"
 
-wait_for_greenboot_on_hosts() {
-    local junit_label=$1
-    local host
-    for host in host1 host2 host3; do
-        local host_ip full_host
-        host_ip=$(get_vm_property "${host}" ip)
-        full_host=$(full_vm_name "${host}")
-        if ! wait_for_greenboot "${full_host}" "${host_ip}"; then
-            record_junit "${host}" "${junit_label}" "FAILED"
-            return 1
-        fi
-        record_junit "${host}" "${junit_label}" "OK"
-    done
-}
-
-configure_c2cc_host() {
-    local host=$1
-    shift
-    # Remaining args are sets of 4: remote_ip remote_pod_cidr remote_svc_cidr remote_domain (repeat)
-
-    run_command_on_vm "${host}" "sudo mkdir -p /etc/microshift/config.d"
-
-    # Build the YAML config with all remote clusters
-    local yaml_content
-    yaml_content="clusterToCluster:"$'\n'"  remoteClusters:"
-    local firewall_cidrs=()
-
-    while [ $# -gt 0 ]; do
-        local remote_ip=$1
-        local remote_pod_cidr=$2
-        local remote_svc_cidr=$3
-        local remote_domain=$4
-        shift 4
-
-        yaml_content+=$'\n'"  - nextHop: ${remote_ip}"
-        yaml_content+=$'\n'"    clusterNetwork:"
-        yaml_content+=$'\n'"    - ${remote_pod_cidr}"
-        yaml_content+=$'\n'"    serviceNetwork:"
-        yaml_content+=$'\n'"    - ${remote_svc_cidr}"
-        yaml_content+=$'\n'"    domain: ${remote_domain}"
-
-        firewall_cidrs+=("${remote_pod_cidr}" "${remote_svc_cidr}")
-    done
-
-    run_command_on_vm "${host}" "sudo tee /etc/microshift/config.d/50-c2cc.yaml > /dev/null <<EOF
-${yaml_content}
-EOF"
-
-    configure_vm_firewall "${host}"
-    for cidr in "${firewall_cidrs[@]}"; do
-        run_command_on_vm "${host}" "sudo firewall-cmd --permanent --zone=trusted --add-source=${cidr}"
-    done
-    run_command_on_vm "${host}" "sudo firewall-cmd --reload"
-    run_command_on_vm "${host}" "sudo systemctl restart microshift"
-}
-
-configure_c2cc_hosts() {
-    local -r host1_ip=$(get_vm_property host1 ip)
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r host3_ip=$(get_vm_property host3 ip)
-
-    wait_for_greenboot_on_hosts "c2cc_pre_greenboot"
-
-    configure_c2cc_host host1 \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host2 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host3 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}"
-
-    wait_for_greenboot_on_hosts "c2cc_greenboot"
-}
-
 scenario_create_vms() {
-    prepare_kickstart host1 kickstart-bootc.ks.template rhel98-bootc-source false true
-    prepare_kickstart host2 kickstart-bootc.ks.template rhel98-bootc-source false true 
-    prepare_kickstart host3 kickstart-bootc.ks.template rhel98-bootc-source false true
-
-    # Inject host2's and host3's non-default CIDRs into its kickstart config so MicroShift
-    # boots with the correct network from the start (no cleanup-data needed).
-    local -r host2_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host2"
-    cat >> "${host2_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_B_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_B_SVC_CIDR}
-IEOF
-EOF
-    local -r host3_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host3"
-    cat >> "${host3_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_C_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_C_SVC_CIDR}
-IEOF
-EOF
-
-    launch_vm rhel98-bootc --vmname host1 --network "${VM_IPV6_NETWORK}"
-    launch_vm rhel98-bootc --vmname host2 --network "${VM_IPV6_NETWORK}"
-    launch_vm rhel98-bootc --vmname host3 --network "${VM_IPV6_NETWORK}"
+    c2cc_create_vms rhel98-bootc-source rhel98-bootc "${VM_IPV6_NETWORK}" ipv6
 }
 
 scenario_remove_vms() {
-    remove_vm host1
-    remove_vm host2
-    remove_vm host3
+    c2cc_remove_vms
 }
 
 scenario_run_tests() {
-    if ! configure_c2cc_hosts; then
-        return 1
-    fi
-
-    # Retrieve host2's kubeconfig
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r kubeconfig_b="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-b"
-    
-    # Retrieve host3's kubeconfig
-    local -r host3_ip=$(get_vm_property host3 ip)
-    local -r kubeconfig_c="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-c"
-
-    # Wait for host2 and host3 to be fully ready (run_tests only waits for host1)
-    wait_for_microshift_to_be_ready host2
-    wait_for_microshift_to_be_ready host3
-
-    run_command_on_vm host2 "sudo cp /var/lib/microshift/resources/kubeadmin/${host2_ip}/kubeconfig /tmp/kubeconfig-b && sudo chmod 644 /tmp/kubeconfig-b"
-    run_command_on_vm host3 "sudo cp /var/lib/microshift/resources/kubeadmin/${host3_ip}/kubeconfig /tmp/kubeconfig-c && sudo chmod 644 /tmp/kubeconfig-c"
-    copy_file_from_vm host2 "/tmp/kubeconfig-b" "${kubeconfig_b}"
-    copy_file_from_vm host3 "/tmp/kubeconfig-c" "${kubeconfig_c}"
-
-    run_tests host1 \
-        --variable "CLUSTER_A_POD_CIDR:${CLUSTER_A_POD_CIDR}" \
-        --variable "CLUSTER_A_SVC_CIDR:${CLUSTER_A_SVC_CIDR}" \
-        --variable "CLUSTER_A_DOMAIN:${CLUSTER_A_DOMAIN}" \
-        --variable "CLUSTER_B_POD_CIDR:${CLUSTER_B_POD_CIDR}" \
-        --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
-        --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
-        --variable "KUBECONFIG_B:${kubeconfig_b}" \
-        --variable "CLUSTER_C_POD_CIDR:${CLUSTER_C_POD_CIDR}" \
-        --variable "CLUSTER_C_SVC_CIDR:${CLUSTER_C_SVC_CIDR}" \
-        --variable "CLUSTER_C_DOMAIN:${CLUSTER_C_DOMAIN}" \
-        --variable "KUBECONFIG_C:${kubeconfig_c}" \
-        --variable "FOREIGN_CIDR:2001:db8::/64" \
-        --variable "IP_FAMILY:ipv6" \
-        suites/c2cc/
+    c2cc_run_tests "2001:db8::/64" ipv6
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
index 288afe5567..5a68d2a719 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
@@ -1,6 +1,10 @@
 #!/bin/bash
 
 # Sourced from scenario.sh and uses functions defined there.
+
+# shellcheck source=test/bin/c2cc_common.sh
+source "${SCRIPTDIR}/c2cc_common.sh"
+
 export TEST_RANDOMIZATION=suites
 
 # Cluster A (host1): default MicroShift CIDRs
@@ -18,155 +22,14 @@ CLUSTER_C_POD_CIDR="10.48.0.0/16"
 CLUSTER_C_SVC_CIDR="10.49.0.0/16"
 CLUSTER_C_DOMAIN="cluster-c.remote"
 
-wait_for_greenboot_on_hosts() {
-    local junit_label=$1
-    local host
-    for host in host1 host2 host3; do
-        local host_ip full_host
-        host_ip=$(get_vm_property "${host}" ip)
-        full_host=$(full_vm_name "${host}")
-        if ! wait_for_greenboot "${full_host}" "${host_ip}"; then
-            record_junit "${host}" "${junit_label}" "FAILED"
-            return 1
-        fi
-        record_junit "${host}" "${junit_label}" "OK"
-    done
-}
-
-configure_c2cc_host() {
-    local host=$1
-    shift
-    # Remaining args are sets of 4: remote_ip remote_pod_cidr remote_svc_cidr remote_domain (repeat)
-
-    run_command_on_vm "${host}" "sudo mkdir -p /etc/microshift/config.d"
-
-    # Build the YAML config with all remote clusters
-    local yaml_content
-    yaml_content="clusterToCluster:"$'\n'"  remoteClusters:"
-    local firewall_cidrs=()
-
-    while [ $# -gt 0 ]; do
-        local remote_ip=$1
-        local remote_pod_cidr=$2
-        local remote_svc_cidr=$3
-        local remote_domain=$4
-        shift 4
-
-        yaml_content+=$'\n'"  - nextHop: ${remote_ip}"
-        yaml_content+=$'\n'"    clusterNetwork:"
-        yaml_content+=$'\n'"    - ${remote_pod_cidr}"
-        yaml_content+=$'\n'"    serviceNetwork:"
-        yaml_content+=$'\n'"    - ${remote_svc_cidr}"
-        yaml_content+=$'\n'"    domain: ${remote_domain}"
-
-        firewall_cidrs+=("${remote_pod_cidr}" "${remote_svc_cidr}")
-    done
-
-    run_command_on_vm "${host}" "sudo tee /etc/microshift/config.d/50-c2cc.yaml > /dev/null <<EOF
-${yaml_content}
-EOF"
-
-    configure_vm_firewall "${host}"
-    for cidr in "${firewall_cidrs[@]}"; do
-        run_command_on_vm "${host}" "sudo firewall-cmd --permanent --zone=trusted --add-source=${cidr}"
-    done
-    run_command_on_vm "${host}" "sudo firewall-cmd --reload"
-    run_command_on_vm "${host}" "sudo systemctl restart microshift"
-}
-
-configure_c2cc_hosts() {
-    local -r host1_ip=$(get_vm_property host1 ip)
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r host3_ip=$(get_vm_property host3 ip)
-
-    wait_for_greenboot_on_hosts "c2cc_pre_greenboot"
-
-    configure_c2cc_host host1 \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host2 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host3 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}"
-
-    wait_for_greenboot_on_hosts "c2cc_greenboot"
-}
-
 scenario_create_vms() {
-    prepare_kickstart host1 kickstart-bootc.ks.template rhel98-bootc-source
-    prepare_kickstart host2 kickstart-bootc.ks.template rhel98-bootc-source
-    prepare_kickstart host3 kickstart-bootc.ks.template rhel98-bootc-source
-
-    # Inject host2's and host3's non-default CIDRs into its kickstart config so MicroShift
-    # boots with the correct network from the start (no cleanup-data needed).
-    local -r host2_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host2"
-    cat >> "${host2_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_B_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_B_SVC_CIDR}
-IEOF
-EOF
-    local -r host3_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host3"
-    cat >> "${host3_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_C_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_C_SVC_CIDR}
-IEOF
-EOF
-
-    launch_vm rhel98-bootc --vmname host1
-    launch_vm rhel98-bootc --vmname host2
-    launch_vm rhel98-bootc --vmname host3
+    c2cc_create_vms rhel98-bootc-source rhel98-bootc
 }
 
 scenario_remove_vms() {
-    remove_vm host1
-    remove_vm host2
-    remove_vm host3
+    c2cc_remove_vms
 }
 
 scenario_run_tests() {
-    configure_c2cc_hosts
-
-    # Retrieve host2's kubeconfig
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r kubeconfig_b="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-b"
-
-    # Retrieve host3's kubeconfig
-    local -r host3_ip=$(get_vm_property host3 ip)
-    local -r kubeconfig_c="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-c"
-
-    # Wait for host2 and host3 to be fully ready (run_tests only waits for host1)
-    wait_for_microshift_to_be_ready host2
-    wait_for_microshift_to_be_ready host3
-
-    run_command_on_vm host2 "sudo cp /var/lib/microshift/resources/kubeadmin/${host2_ip}/kubeconfig /tmp/kubeconfig-b && sudo chmod 644 /tmp/kubeconfig-b"
-    run_command_on_vm host3 "sudo cp /var/lib/microshift/resources/kubeadmin/${host3_ip}/kubeconfig /tmp/kubeconfig-c && sudo chmod 644 /tmp/kubeconfig-c"
-    copy_file_from_vm host2 "/tmp/kubeconfig-b" "${kubeconfig_b}"
-    copy_file_from_vm host3 "/tmp/kubeconfig-c" "${kubeconfig_c}"
-
-    run_tests host1 \
-        --variable "CLUSTER_A_POD_CIDR:${CLUSTER_A_POD_CIDR}" \
-        --variable "CLUSTER_A_SVC_CIDR:${CLUSTER_A_SVC_CIDR}" \
-        --variable "CLUSTER_A_DOMAIN:${CLUSTER_A_DOMAIN}" \
-        --variable "CLUSTER_B_POD_CIDR:${CLUSTER_B_POD_CIDR}" \
-        --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
-        --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
-        --variable "KUBECONFIG_B:${kubeconfig_b}" \
-        --variable "CLUSTER_C_POD_CIDR:${CLUSTER_C_POD_CIDR}" \
-        --variable "CLUSTER_C_SVC_CIDR:${CLUSTER_C_SVC_CIDR}" \
-        --variable "CLUSTER_C_DOMAIN:${CLUSTER_C_DOMAIN}" \
-        --variable "KUBECONFIG_C:${kubeconfig_c}" \
-        --variable "FOREIGN_CIDR:192.0.2.0/24" \
-        suites/c2cc/
+    c2cc_run_tests "192.0.2.0/24"
 }

From 0fa465d0c20120e4f8604fa44cb74267732180c4 Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Mon, 8 Jun 2026 12:51:51 +0000
Subject: [PATCH 02/10] Fix typo

---
 test/bin/c2cc_common.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
index bc31ad7be4..223ff174eb 100644
--- a/test/bin/c2cc_common.sh
+++ b/test/bin/c2cc_common.sh
@@ -83,8 +83,8 @@ configure_c2cc_hosts() {
 c2cc_create_vms() {
     local -r boot_commit_ref="${1}"
     local -r boot_blueprint="${2}"
-    local -r network="${3-default}"
-    local -r ip_family="${4-ipv4}" 
+    local -r network="${3:-default}"
+    local -r ip_family="${4:-ipv4}" 
 
     # Prepare kickstart for all hosts
     local ipv6_args=""
@@ -132,7 +132,7 @@ c2cc_remove_vms() {
 
 c2cc_run_tests() {
     local -r foreign_cidr="${1}"
-    local -r ip_family="${2-ipv4}"
+    local -r ip_family="${2:-ipv4}"
 
     if ! configure_c2cc_hosts; then
         return 1

From 26a7246459eb6974bb20152b06c393f12ac0e214 Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Tue, 9 Jun 2026 12:56:49 +0000
Subject: [PATCH 03/10] Modify el10 c2cc ipsec scenario to use common script

---
 test/bin/c2cc_common.sh                       |  37 +++--
 .../el10/presubmits/el102-src@c2cc-ipsec.sh   | 141 +-----------------
 .../el10/presubmits/el102-src@c2cc-ipv6.sh    |   3 +-
 .../el10/presubmits/el102-src@c2cc.sh         |   3 +-
 .../el9/presubmits/el98-src@c2cc-ipv6.sh      |   3 +-
 .../el9/presubmits/el98-src@c2cc.sh           |   3 +-
 6 files changed, 37 insertions(+), 153 deletions(-)

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
index 223ff174eb..5fabd3fa35 100644
--- a/test/bin/c2cc_common.sh
+++ b/test/bin/c2cc_common.sh
@@ -59,11 +59,16 @@ EOF"
 }
 
 configure_c2cc_hosts() {
-    local -r host1_ip=$(get_vm_property host1 ip)
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r host3_ip=$(get_vm_property host3 ip)
+    local -r pre_junit_label="${1:-c2cc_pre_greenboot}"
+    local -r post_junit_label="${2:-c2cc_greenboot}"
+
+    local host1_ip host2_ip host3_ip
+    host1_ip=$(get_vm_property host1 ip) || { echo "failed to get host1 ip" >&2; return 1; }
+    host2_ip=$(get_vm_property host2 ip) || { echo "failed to get host2 ip" >&2; return 1; }
+    host3_ip=$(get_vm_property host3 ip) || { echo "failed to get host3 ip" >&2; return 1; }
+    readonly host1_ip host2_ip host3_ip
 
-    wait_for_greenboot_on_hosts "c2cc_pre_greenboot"
+    wait_for_greenboot_on_hosts "${pre_junit_label}"
 
     configure_c2cc_host host1 \
         "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}" \
@@ -77,7 +82,7 @@ configure_c2cc_hosts() {
         "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
         "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}"
 
-    wait_for_greenboot_on_hosts "c2cc_greenboot"
+    wait_for_greenboot_on_hosts "${post_junit_label}"
 }
 
 c2cc_create_vms() {
@@ -131,11 +136,18 @@ c2cc_remove_vms() {
 }
 
 c2cc_run_tests() {
-    local -r foreign_cidr="${1}"
-    local -r ip_family="${2:-ipv4}"
+    local -r suites_dir="${1}"
+    local -r foreign_cidr="${2}"
+    local -r ip_family="${3}"
+
+    local foreign_cidr_var=""
+    if [ -n "${foreign_cidr}" ]; then
+        foreign_cidr_var="--variable FOREIGN_CIDR:${foreign_cidr}"
+    fi
 
-    if ! configure_c2cc_hosts; then
-        return 1
+    local ip_family_var=""
+    if [ -n "${ip_family}" ]; then
+        ip_family_var="--variable IP_FAMILY:${ip_family}"
     fi
 
     # Retrieve host2's kubeconfig
@@ -155,6 +167,7 @@ c2cc_run_tests() {
     copy_file_from_vm host2 "/tmp/kubeconfig-b" "${kubeconfig_b}"
     copy_file_from_vm host3 "/tmp/kubeconfig-c" "${kubeconfig_c}"
 
+    # shellcheck disable=SC2086
     run_tests host1 \
         --variable "CLUSTER_A_POD_CIDR:${CLUSTER_A_POD_CIDR}" \
         --variable "CLUSTER_A_SVC_CIDR:${CLUSTER_A_SVC_CIDR}" \
@@ -167,7 +180,7 @@ c2cc_run_tests() {
         --variable "CLUSTER_C_SVC_CIDR:${CLUSTER_C_SVC_CIDR}" \
         --variable "CLUSTER_C_DOMAIN:${CLUSTER_C_DOMAIN}" \
         --variable "KUBECONFIG_C:${kubeconfig_c}" \
-        --variable "FOREIGN_CIDR:${foreign_cidr}" \
-        --variable "IP_FAMILY:${ip_family}" \
-        suites/c2cc/
+        ${foreign_cidr_var} \
+        ${ip_family_var} \
+        "${suites_dir}"
 }
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
index 35db1625b6..ab2ad0f1a1 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
@@ -26,84 +26,6 @@ CLUSTER_C_POD_CIDR="10.48.0.0/16"
 CLUSTER_C_SVC_CIDR="10.49.0.0/16"
 CLUSTER_C_DOMAIN="cluster-c.remote"
 
-wait_for_greenboot_on_hosts() {
-    local junit_label=$1
-    local host
-    for host in host1 host2 host3; do
-        local host_ip full_host
-        host_ip=$(get_vm_property "${host}" ip)
-        full_host=$(full_vm_name "${host}")
-        if ! wait_for_greenboot "${full_host}" "${host_ip}"; then
-            record_junit "${host}" "${junit_label}" "FAILED"
-            return 1
-        fi
-        record_junit "${host}" "${junit_label}" "OK"
-    done
-}
-
-configure_c2cc_host() {
-    local host=$1
-    shift
-    # Remaining args are sets of 4: remote_ip remote_pod_cidr remote_svc_cidr remote_domain
-
-    run_command_on_vm "${host}" "sudo mkdir -p /etc/microshift/config.d"
-
-    local yaml_content
-    yaml_content="clusterToCluster:"$'\n'"  remoteClusters:"
-    local firewall_cidrs=()
-
-    while [ $# -gt 0 ]; do
-        local remote_ip=$1
-        local remote_pod_cidr=$2
-        local remote_svc_cidr=$3
-        local remote_domain=$4
-        shift 4
-
-        yaml_content+=$'\n'"  - nextHop: ${remote_ip}"
-        yaml_content+=$'\n'"    clusterNetwork:"
-        yaml_content+=$'\n'"    - ${remote_pod_cidr}"
-        yaml_content+=$'\n'"    serviceNetwork:"
-        yaml_content+=$'\n'"    - ${remote_svc_cidr}"
-        yaml_content+=$'\n'"    domain: ${remote_domain}"
-
-        firewall_cidrs+=("${remote_pod_cidr}" "${remote_svc_cidr}")
-    done
-
-    run_command_on_vm "${host}" "sudo tee /etc/microshift/config.d/50-c2cc.yaml > /dev/null <<EOF
-${yaml_content}
-EOF"
-
-    configure_vm_firewall "${host}"
-    for cidr in "${firewall_cidrs[@]}"; do
-        run_command_on_vm "${host}" "sudo firewall-cmd --permanent --zone=trusted --add-source=${cidr}"
-    done
-    run_command_on_vm "${host}" "sudo firewall-cmd --reload"
-    run_command_on_vm "${host}" "sudo systemctl restart microshift"
-}
-
-configure_c2cc_hosts() {
-    local host1_ip host2_ip host3_ip
-    host1_ip=$(get_vm_property host1 ip) || { echo "failed to get host1 ip" >&2; return 1; }
-    host2_ip=$(get_vm_property host2 ip) || { echo "failed to get host2 ip" >&2; return 1; }
-    host3_ip=$(get_vm_property host3 ip) || { echo "failed to get host3 ip" >&2; return 1; }
-    readonly host1_ip host2_ip host3_ip
-
-    wait_for_greenboot_on_hosts "c2cc_ipsec_pre_greenboot"
-
-    configure_c2cc_host host1 \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host2 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host3 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}"
-
-    wait_for_greenboot_on_hosts "c2cc_ipsec_greenboot"
-}
 
 # configure_ipsec_host writes the PSK and connection configs, initializes the
 # NSS database, and starts the ipsec service on a single host.
@@ -220,71 +142,16 @@ configure_ipsec() {
 }
 
 scenario_create_vms() {
-    prepare_kickstart host1 kickstart-bootc.ks.template rhel102-bootc-source-ipsec
-    prepare_kickstart host2 kickstart-bootc.ks.template rhel102-bootc-source-ipsec
-    prepare_kickstart host3 kickstart-bootc.ks.template rhel102-bootc-source-ipsec
-
-    local -r host2_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host2"
-    cat >> "${host2_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_B_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_B_SVC_CIDR}
-IEOF
-EOF
-    local -r host3_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host3"
-    cat >> "${host3_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_C_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_C_SVC_CIDR}
-IEOF
-EOF
-
-    launch_vm rhel102-bootc --vmname host1
-    launch_vm rhel102-bootc --vmname host2
-    launch_vm rhel102-bootc --vmname host3
+    c2cc_create_vms "rhel102-bootc-source-ipsec" "rhel102-bootc"
 }
 
 scenario_remove_vms() {
-    remove_vm host1
-    remove_vm host2
-    remove_vm host3
+    c2cc_remove_vms
 }
 
 scenario_run_tests() {
-    configure_c2cc_hosts
+    configure_c2cc_hosts "c2cc_ipsec_pre_greenboot" "c2cc_ipsec_greenboot"
     configure_ipsec
 
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r kubeconfig_b="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-b"
-
-    local -r host3_ip=$(get_vm_property host3 ip)
-    local -r kubeconfig_c="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-c"
-
-    wait_for_microshift_to_be_ready host2
-    wait_for_microshift_to_be_ready host3
-
-    run_command_on_vm host2 "sudo cp /var/lib/microshift/resources/kubeadmin/${host2_ip}/kubeconfig /tmp/kubeconfig-b && sudo chmod 644 /tmp/kubeconfig-b"
-    run_command_on_vm host3 "sudo cp /var/lib/microshift/resources/kubeadmin/${host3_ip}/kubeconfig /tmp/kubeconfig-c && sudo chmod 644 /tmp/kubeconfig-c"
-    copy_file_from_vm host2 "/tmp/kubeconfig-b" "${kubeconfig_b}"
-    copy_file_from_vm host3 "/tmp/kubeconfig-c" "${kubeconfig_c}"
-
-    run_tests host1 \
-        --variable "CLUSTER_A_POD_CIDR:${CLUSTER_A_POD_CIDR}" \
-        --variable "CLUSTER_A_SVC_CIDR:${CLUSTER_A_SVC_CIDR}" \
-        --variable "CLUSTER_A_DOMAIN:${CLUSTER_A_DOMAIN}" \
-        --variable "CLUSTER_B_POD_CIDR:${CLUSTER_B_POD_CIDR}" \
-        --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
-        --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
-        --variable "KUBECONFIG_B:${kubeconfig_b}" \
-        --variable "CLUSTER_C_POD_CIDR:${CLUSTER_C_POD_CIDR}" \
-        --variable "CLUSTER_C_SVC_CIDR:${CLUSTER_C_SVC_CIDR}" \
-        --variable "CLUSTER_C_DOMAIN:${CLUSTER_C_DOMAIN}" \
-        --variable "KUBECONFIG_C:${kubeconfig_c}" \
-        suites/c2cc-ipsec/
+    c2cc_run_tests "suites/c2cc-ipsec/"
 }
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
index 92445411e5..abd7328029 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
@@ -43,5 +43,6 @@ scenario_remove_vms() {
 }
 
 scenario_run_tests() {
-    c2cc_run_tests "2001:db8::/64" ipv6
+    configure_c2cc_hosts
+    c2cc_run_tests "suites/c2cc/" "2001:db8::/64" ipv6
 }
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
index 878a5a1c2d..7b5af51096 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
@@ -31,5 +31,6 @@ scenario_remove_vms() {
 }
 
 scenario_run_tests() {
-    c2cc_run_tests "192.0.2.0/24"
+    configure_c2cc_hosts
+    c2cc_run_tests "suites/c2cc/" "192.0.2.0/24"
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
index 70b5326220..cbeec895b4 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
@@ -43,5 +43,6 @@ scenario_remove_vms() {
 }
 
 scenario_run_tests() {
-    c2cc_run_tests "2001:db8::/64" ipv6
+    configure_c2cc_hosts
+    c2cc_run_tests "suites/c2cc/" "2001:db8::/64" ipv6
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
index 5a68d2a719..d773cb98d2 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
@@ -31,5 +31,6 @@ scenario_remove_vms() {
 }
 
 scenario_run_tests() {
-    c2cc_run_tests "192.0.2.0/24"
+    configure_c2cc_hosts
+    c2cc_run_tests "suites/c2cc/" "192.0.2.0/24"
 }

From e184b38f70fab7c6d905b9013af28c9a37dc8011 Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Tue, 9 Jun 2026 13:01:59 +0000
Subject: [PATCH 04/10] Modify el9 c2cc ipsec scenario to use common script

---
 .../el10/presubmits/el102-src@c2cc-ipsec.sh   |   4 +-
 .../el9/presubmits/el98-src@c2cc-ipsec.sh     | 145 +-----------------
 2 files changed, 10 insertions(+), 139 deletions(-)

diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
index ab2ad0f1a1..2c48cd2389 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
@@ -7,6 +7,9 @@
 # full mesh.  Tests validate ESP encapsulation, connectivity, policy
 # enforcement, plaintext rejection, and MTU behaviour.
 
+# shellcheck source=test/bin/c2cc_common.sh
+source "${SCRIPTDIR}/c2cc_common.sh"
+
 # IPsec tests have ordering dependencies (setup verification must pass before
 # enforcement tests), so disable randomization.
 export TEST_RANDOMIZATION=none
@@ -26,7 +29,6 @@ CLUSTER_C_POD_CIDR="10.48.0.0/16"
 CLUSTER_C_SVC_CIDR="10.49.0.0/16"
 CLUSTER_C_DOMAIN="cluster-c.remote"
 
-
 # configure_ipsec_host writes the PSK and connection configs, initializes the
 # NSS database, and starts the ipsec service on a single host.
 # Libreswan, tcpdump, and firewall rules are pre-installed in the
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
index e14f5c6ff8..b95aec48da 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
@@ -7,6 +7,9 @@
 # full mesh.  Tests validate ESP encapsulation, connectivity, policy
 # enforcement, plaintext rejection, and MTU behaviour.
 
+# shellcheck source=test/bin/c2cc_common.sh
+source "${SCRIPTDIR}/c2cc_common.sh"
+
 # IPsec tests have ordering dependencies (setup verification must pass before
 # enforcement tests), so disable randomization.
 export TEST_RANDOMIZATION=none
@@ -26,85 +29,6 @@ CLUSTER_C_POD_CIDR="10.48.0.0/16"
 CLUSTER_C_SVC_CIDR="10.49.0.0/16"
 CLUSTER_C_DOMAIN="cluster-c.remote"
 
-wait_for_greenboot_on_hosts() {
-    local junit_label=$1
-    local host
-    for host in host1 host2 host3; do
-        local host_ip full_host
-        host_ip=$(get_vm_property "${host}" ip)
-        full_host=$(full_vm_name "${host}")
-        if ! wait_for_greenboot "${full_host}" "${host_ip}"; then
-            record_junit "${host}" "${junit_label}" "FAILED"
-            return 1
-        fi
-        record_junit "${host}" "${junit_label}" "OK"
-    done
-}
-
-configure_c2cc_host() {
-    local host=$1
-    shift
-    # Remaining args are sets of 4: remote_ip remote_pod_cidr remote_svc_cidr remote_domain
-
-    run_command_on_vm "${host}" "sudo mkdir -p /etc/microshift/config.d"
-
-    local yaml_content
-    yaml_content="clusterToCluster:"$'\n'"  remoteClusters:"
-    local firewall_cidrs=()
-
-    while [ $# -gt 0 ]; do
-        local remote_ip=$1
-        local remote_pod_cidr=$2
-        local remote_svc_cidr=$3
-        local remote_domain=$4
-        shift 4
-
-        yaml_content+=$'\n'"  - nextHop: ${remote_ip}"
-        yaml_content+=$'\n'"    clusterNetwork:"
-        yaml_content+=$'\n'"    - ${remote_pod_cidr}"
-        yaml_content+=$'\n'"    serviceNetwork:"
-        yaml_content+=$'\n'"    - ${remote_svc_cidr}"
-        yaml_content+=$'\n'"    domain: ${remote_domain}"
-
-        firewall_cidrs+=("${remote_pod_cidr}" "${remote_svc_cidr}")
-    done
-
-    run_command_on_vm "${host}" "sudo tee /etc/microshift/config.d/50-c2cc.yaml > /dev/null <<EOF
-${yaml_content}
-EOF"
-
-    configure_vm_firewall "${host}"
-    for cidr in "${firewall_cidrs[@]}"; do
-        run_command_on_vm "${host}" "sudo firewall-cmd --permanent --zone=trusted --add-source=${cidr}"
-    done
-    run_command_on_vm "${host}" "sudo firewall-cmd --reload"
-    run_command_on_vm "${host}" "sudo systemctl restart microshift"
-}
-
-configure_c2cc_hosts() {
-    local host1_ip host2_ip host3_ip
-    host1_ip=$(get_vm_property host1 ip) || { echo "failed to get host1 ip" >&2; return 1; }
-    host2_ip=$(get_vm_property host2 ip) || { echo "failed to get host2 ip" >&2; return 1; }
-    host3_ip=$(get_vm_property host3 ip) || { echo "failed to get host3 ip" >&2; return 1; }
-    readonly host1_ip host2_ip host3_ip
-
-    wait_for_greenboot_on_hosts "c2cc_ipsec_pre_greenboot"
-
-    configure_c2cc_host host1 \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host2 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${CLUSTER_C_DOMAIN}"
-
-    configure_c2cc_host host3 \
-        "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${CLUSTER_A_DOMAIN}" \
-        "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${CLUSTER_B_DOMAIN}"
-
-    wait_for_greenboot_on_hosts "c2cc_ipsec_greenboot"
-}
-
 # configure_ipsec_host writes the PSK and connection configs, initializes the
 # NSS database, and starts the ipsec service on a single host.
 # Libreswan, tcpdump, and firewall rules are pre-installed in the
@@ -220,71 +144,16 @@ configure_ipsec() {
 }
 
 scenario_create_vms() {
-    prepare_kickstart host1 kickstart-bootc.ks.template rhel98-bootc-source-ipsec
-    prepare_kickstart host2 kickstart-bootc.ks.template rhel98-bootc-source-ipsec
-    prepare_kickstart host3 kickstart-bootc.ks.template rhel98-bootc-source-ipsec
-
-    local -r host2_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host2"
-    cat >> "${host2_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_B_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_B_SVC_CIDR}
-IEOF
-EOF
-    local -r host3_ks_dir="${SCENARIO_INFO_DIR}/${SCENARIO}/vms/host3"
-    cat >> "${host3_ks_dir}/post-microshift.cfg" <<EOF
-cat - >>/etc/microshift/config.yaml <<IEOF
-network:
-  clusterNetwork:
-  - ${CLUSTER_C_POD_CIDR}
-  serviceNetwork:
-  - ${CLUSTER_C_SVC_CIDR}
-IEOF
-EOF
-
-    launch_vm rhel98-bootc --vmname host1
-    launch_vm rhel98-bootc --vmname host2
-    launch_vm rhel98-bootc --vmname host3
+    c2cc_create_vms "rhel98-bootc-source-ipsec" "rhel98-bootc"
 }
 
 scenario_remove_vms() {
-    remove_vm host1
-    remove_vm host2
-    remove_vm host3
+    c2cc_remove_vms
 }
 
 scenario_run_tests() {
-    configure_c2cc_hosts
+    configure_c2cc_hosts "c2cc_ipsec_pre_greenboot" "c2cc_ipsec_greenboot"
     configure_ipsec
 
-    local -r host2_ip=$(get_vm_property host2 ip)
-    local -r kubeconfig_b="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-b"
-
-    local -r host3_ip=$(get_vm_property host3 ip)
-    local -r kubeconfig_c="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-c"
-
-    wait_for_microshift_to_be_ready host2
-    wait_for_microshift_to_be_ready host3
-
-    run_command_on_vm host2 "sudo cp /var/lib/microshift/resources/kubeadmin/${host2_ip}/kubeconfig /tmp/kubeconfig-b && sudo chmod 644 /tmp/kubeconfig-b"
-    run_command_on_vm host3 "sudo cp /var/lib/microshift/resources/kubeadmin/${host3_ip}/kubeconfig /tmp/kubeconfig-c && sudo chmod 644 /tmp/kubeconfig-c"
-    copy_file_from_vm host2 "/tmp/kubeconfig-b" "${kubeconfig_b}"
-    copy_file_from_vm host3 "/tmp/kubeconfig-c" "${kubeconfig_c}"
-
-    run_tests host1 \
-        --variable "CLUSTER_A_POD_CIDR:${CLUSTER_A_POD_CIDR}" \
-        --variable "CLUSTER_A_SVC_CIDR:${CLUSTER_A_SVC_CIDR}" \
-        --variable "CLUSTER_A_DOMAIN:${CLUSTER_A_DOMAIN}" \
-        --variable "CLUSTER_B_POD_CIDR:${CLUSTER_B_POD_CIDR}" \
-        --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
-        --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
-        --variable "KUBECONFIG_B:${kubeconfig_b}" \
-        --variable "CLUSTER_C_POD_CIDR:${CLUSTER_C_POD_CIDR}" \
-        --variable "CLUSTER_C_SVC_CIDR:${CLUSTER_C_SVC_CIDR}" \
-        --variable "CLUSTER_C_DOMAIN:${CLUSTER_C_DOMAIN}" \
-        --variable "KUBECONFIG_C:${kubeconfig_c}" \
-        suites/c2cc-ipsec/
+    c2cc_run_tests "suites/c2cc-ipsec/"
 }

From d40ec04abf17f231210722be2c90cc624cd0bcd2 Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Tue, 9 Jun 2026 13:07:48 +0000
Subject: [PATCH 05/10] Extract CIDRs and randomization to common script

---
 test/bin/c2cc_common.sh                         | 17 +++++++++++++++++
 .../el10/presubmits/el102-src@c2cc-ipsec.sh     | 15 ---------------
 .../el10/presubmits/el102-src@c2cc-ipv6.sh      |  2 --
 .../el10/presubmits/el102-src@c2cc.sh           | 17 -----------------
 .../el9/presubmits/el98-src@c2cc-ipsec.sh       | 15 ---------------
 .../el9/presubmits/el98-src@c2cc-ipv6.sh        |  2 --
 .../el9/presubmits/el98-src@c2cc.sh             | 17 -----------------
 7 files changed, 17 insertions(+), 68 deletions(-)

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
index 5fabd3fa35..61b28534e5 100644
--- a/test/bin/c2cc_common.sh
+++ b/test/bin/c2cc_common.sh
@@ -2,6 +2,23 @@
 #
 # This script contains common functions used by C2CC scenarios.
 
+# Cluster A (host1): default MicroShift CIDRs
+CLUSTER_A_POD_CIDR="10.42.0.0/16"
+CLUSTER_A_SVC_CIDR="10.43.0.0/16"
+CLUSTER_A_DOMAIN="cluster-a.remote"
+
+# Cluster B (host2): non-overlapping CIDRs
+CLUSTER_B_POD_CIDR="10.45.0.0/16"
+CLUSTER_B_SVC_CIDR="10.46.0.0/16"
+CLUSTER_B_DOMAIN="cluster-b.remote"
+
+# Cluster C (host3): non-overlapping CIDRs
+CLUSTER_C_POD_CIDR="10.48.0.0/16"
+CLUSTER_C_SVC_CIDR="10.49.0.0/16"
+CLUSTER_C_DOMAIN="cluster-c.remote"
+
+export TEST_RANDOMIZATION=suites
+
 wait_for_greenboot_on_hosts() {
     local junit_label=$1
     local host
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
index 2c48cd2389..c5a08d7dda 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
@@ -14,21 +14,6 @@ source "${SCRIPTDIR}/c2cc_common.sh"
 # enforcement tests), so disable randomization.
 export TEST_RANDOMIZATION=none
 
-# Cluster A (host1): default MicroShift CIDRs
-CLUSTER_A_POD_CIDR="10.42.0.0/16"
-CLUSTER_A_SVC_CIDR="10.43.0.0/16"
-CLUSTER_A_DOMAIN="cluster-a.remote"
-
-# Cluster B (host2): non-overlapping CIDRs
-CLUSTER_B_POD_CIDR="10.45.0.0/16"
-CLUSTER_B_SVC_CIDR="10.46.0.0/16"
-CLUSTER_B_DOMAIN="cluster-b.remote"
-
-# Cluster C (host3): non-overlapping CIDRs
-CLUSTER_C_POD_CIDR="10.48.0.0/16"
-CLUSTER_C_SVC_CIDR="10.49.0.0/16"
-CLUSTER_C_DOMAIN="cluster-c.remote"
-
 # configure_ipsec_host writes the PSK and connection configs, initializes the
 # NSS database, and starts the ipsec service on a single host.
 # Libreswan, tcpdump, and firewall rules are pre-installed in the
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
index abd7328029..aa2f5bdc04 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
@@ -5,8 +5,6 @@
 # shellcheck source=test/bin/c2cc_common.sh
 source "${SCRIPTDIR}/c2cc_common.sh"
 
-export TEST_RANDOMIZATION=suites
-
 # Redefine network-related settings to use the dedicated IPv6 network bridge
 # shellcheck disable=SC2034  # used elsewhere
 VM_BRIDGE_IP="$(get_vm_bridge_ip "${VM_IPV6_NETWORK}")"
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
index 7b5af51096..ca97c219a7 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
@@ -5,23 +5,6 @@
 # shellcheck source=test/bin/c2cc_common.sh
 source "${SCRIPTDIR}/c2cc_common.sh"
 
-export TEST_RANDOMIZATION=suites
-
-# Cluster A (host1): default MicroShift CIDRs
-CLUSTER_A_POD_CIDR="10.42.0.0/16"
-CLUSTER_A_SVC_CIDR="10.43.0.0/16"
-CLUSTER_A_DOMAIN="cluster-a.remote"
-
-# Cluster B (host2): non-overlapping CIDRs
-CLUSTER_B_POD_CIDR="10.45.0.0/16"
-CLUSTER_B_SVC_CIDR="10.46.0.0/16"
-CLUSTER_B_DOMAIN="cluster-b.remote"
-
-# Cluster C (host3): non-overlapping CIDRs
-CLUSTER_C_POD_CIDR="10.48.0.0/16"
-CLUSTER_C_SVC_CIDR="10.49.0.0/16"
-CLUSTER_C_DOMAIN="cluster-c.remote"
-
 scenario_create_vms() {
     c2cc_create_vms rhel102-bootc-source rhel102-bootc
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
index b95aec48da..ca3dbd94d1 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
@@ -14,21 +14,6 @@ source "${SCRIPTDIR}/c2cc_common.sh"
 # enforcement tests), so disable randomization.
 export TEST_RANDOMIZATION=none
 
-# Cluster A (host1): default MicroShift CIDRs
-CLUSTER_A_POD_CIDR="10.42.0.0/16"
-CLUSTER_A_SVC_CIDR="10.43.0.0/16"
-CLUSTER_A_DOMAIN="cluster-a.remote"
-
-# Cluster B (host2): non-overlapping CIDRs
-CLUSTER_B_POD_CIDR="10.45.0.0/16"
-CLUSTER_B_SVC_CIDR="10.46.0.0/16"
-CLUSTER_B_DOMAIN="cluster-b.remote"
-
-# Cluster C (host3): non-overlapping CIDRs
-CLUSTER_C_POD_CIDR="10.48.0.0/16"
-CLUSTER_C_SVC_CIDR="10.49.0.0/16"
-CLUSTER_C_DOMAIN="cluster-c.remote"
-
 # configure_ipsec_host writes the PSK and connection configs, initializes the
 # NSS database, and starts the ipsec service on a single host.
 # Libreswan, tcpdump, and firewall rules are pre-installed in the
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
index cbeec895b4..6b7445ab25 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
@@ -5,8 +5,6 @@
 # shellcheck source=test/bin/c2cc_common.sh
 source "${SCRIPTDIR}/c2cc_common.sh"
 
-export TEST_RANDOMIZATION=suites
-
 # Redefine network-related settings to use the dedicated IPv6 network bridge
 # shellcheck disable=SC2034  # used elsewhere
 VM_BRIDGE_IP="$(get_vm_bridge_ip "${VM_IPV6_NETWORK}")"
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
index d773cb98d2..bc5a46e36b 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
@@ -5,23 +5,6 @@
 # shellcheck source=test/bin/c2cc_common.sh
 source "${SCRIPTDIR}/c2cc_common.sh"
 
-export TEST_RANDOMIZATION=suites
-
-# Cluster A (host1): default MicroShift CIDRs
-CLUSTER_A_POD_CIDR="10.42.0.0/16"
-CLUSTER_A_SVC_CIDR="10.43.0.0/16"
-CLUSTER_A_DOMAIN="cluster-a.remote"
-
-# Cluster B (host2): non-overlapping CIDRs
-CLUSTER_B_POD_CIDR="10.45.0.0/16"
-CLUSTER_B_SVC_CIDR="10.46.0.0/16"
-CLUSTER_B_DOMAIN="cluster-b.remote"
-
-# Cluster C (host3): non-overlapping CIDRs
-CLUSTER_C_POD_CIDR="10.48.0.0/16"
-CLUSTER_C_SVC_CIDR="10.49.0.0/16"
-CLUSTER_C_DOMAIN="cluster-c.remote"
-
 scenario_create_vms() {
     c2cc_create_vms rhel98-bootc-source rhel98-bootc
 }

From 41d1e5eae43cf80d79049dd8f60d9a1b68549a68 Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Tue, 9 Jun 2026 13:17:46 +0000
Subject: [PATCH 06/10] Extract ipsec specific functions to common script

---
 test/bin/c2cc_common.sh                       | 116 ++++++++++++++++++
 .../el10/presubmits/el102-src@c2cc-ipsec.sh   | 114 -----------------
 .../el9/presubmits/el98-src@c2cc-ipsec.sh     | 114 -----------------
 3 files changed, 116 insertions(+), 228 deletions(-)

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
index 61b28534e5..d605c4c5f6 100644
--- a/test/bin/c2cc_common.sh
+++ b/test/bin/c2cc_common.sh
@@ -201,3 +201,119 @@ c2cc_run_tests() {
         ${ip_family_var} \
         "${suites_dir}"
 }
+
+# ipsec specific functions
+
+# configure_ipsec_host writes the PSK and connection configs, initializes the
+# NSS database, and starts the ipsec service on a single host.
+# Libreswan, tcpdump, and firewall rules are pre-installed in the
+# rhel98-bootc-source-ipsec container image.
+#
+# Uses tunnel mode with subnet selectors to protect C2CC traffic (pod/service
+# CIDRs). MicroShift C2CC routes cross-cluster traffic as raw IP via the
+# host's physical interface — there is no Geneve tunnel between hosts.
+#
+# Arguments:
+#   $1         — VM name (host1, host2, host3)
+#   $2         — this host's IP
+#   $3         — local pod CIDR
+#   $4         — local service CIDR
+#   $5         — pre-shared key (hex string)
+#   $6..N      — sets of 4: remote_ip remote_name remote_pod_cidr remote_svc_cidr
+configure_ipsec_host() {
+    local -r host=$1
+    local -r host_ip=$2
+    local -r local_pod_cidr=$3
+    local -r local_svc_cidr=$4
+    local -r psk=$5
+    shift 5
+
+    local secrets_content=""
+    local conn_content=""
+    while [ $# -gt 0 ]; do
+        local remote_ip=$1
+        local remote_name=$2
+        local remote_pod_cidr=$3
+        local remote_svc_cidr=$4
+        shift 4
+
+        secrets_content+="${host_ip} ${remote_ip} : PSK \"${psk}\""$'\n'
+
+        conn_content+="conn c2cc-to-${remote_name}"$'\n'
+        conn_content+="    type=tunnel"$'\n'
+        conn_content+="    authby=secret"$'\n'
+        conn_content+="    left=${host_ip}"$'\n'
+        conn_content+="    right=${remote_ip}"$'\n'
+        conn_content+="    leftsubnets={${local_pod_cidr} ${local_svc_cidr}}"$'\n'
+        conn_content+="    rightsubnets={${remote_pod_cidr} ${remote_svc_cidr}}"$'\n'
+        conn_content+="    auto=start"$'\n'
+        conn_content+="    ike=aes256-sha2_256-modp2048"$'\n'
+        conn_content+="    esp=aes256-sha2_256"$'\n'
+        conn_content+="    failureshunt=drop"$'\n'
+        conn_content+="    negotiationshunt=drop"$'\n'
+        conn_content+="    ikev2=insist"$'\n'
+        conn_content+=$'\n'
+    done
+
+    run_command_on_vm "${host}" "sudo tee /etc/ipsec.d/c2cc.secrets > /dev/null <<EOF
+${secrets_content}EOF"
+    run_command_on_vm "${host}" "sudo chmod 600 /etc/ipsec.d/c2cc.secrets"
+    run_command_on_vm "${host}" "sudo restorecon -v /etc/ipsec.d/c2cc.secrets"
+
+    run_command_on_vm "${host}" "sudo tee /etc/ipsec.d/c2cc-tunnel.conf > /dev/null <<EOF
+${conn_content}EOF"
+
+    run_command_on_vm "${host}" "sudo ipsec checknss"
+    run_command_on_vm "${host}" "sudo systemctl restart ipsec"
+}
+
+wait_for_ipsec_tunnels() {
+    local host=$1
+    local expected_count=$2
+
+    local attempts=0
+    while [ "${attempts}" -lt 30 ]; do
+        local count
+        count=$(run_command_on_vm "${host}" "sudo ipsec trafficstatus 2>/dev/null | grep -c 'type=ESP' || true")
+        count=$(echo "${count}" | tail -1 | tr -d '\r')
+        if [ "${count}" -ge "${expected_count}" ]; then
+            record_junit "${host}" "ipsec_tunnels" "OK"
+            return 0
+        fi
+        sleep 2
+        attempts=$((attempts + 1))
+    done
+    record_junit "${host}" "ipsec_tunnels" "FAILED"
+    return 1
+}
+
+configure_ipsec() {
+    local host1_ip host2_ip host3_ip
+    host1_ip=$(get_vm_property host1 ip) || { echo "failed to get host1 ip" >&2; return 1; }
+    host2_ip=$(get_vm_property host2 ip) || { echo "failed to get host2 ip" >&2; return 1; }
+    host3_ip=$(get_vm_property host3 ip) || { echo "failed to get host3 ip" >&2; return 1; }
+    readonly host1_ip host2_ip host3_ip
+
+    local psk
+    psk=$(openssl rand -hex 32) || { echo "failed to generate PSK" >&2; return 1; }
+    readonly psk
+
+    configure_ipsec_host host1 "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${psk}" \
+        "${host2_ip}" host2 "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" \
+        "${host3_ip}" host3 "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}"
+
+    configure_ipsec_host host2 "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${psk}" \
+        "${host1_ip}" host1 "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" \
+        "${host3_ip}" host3 "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}"
+
+    configure_ipsec_host host3 "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${psk}" \
+        "${host1_ip}" host1 "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" \
+        "${host2_ip}" host2 "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}"
+
+    # Each host has 2 remote hosts × 4 subnet pairs (2 local × 2 remote CIDRs) = 8 child SAs.
+    for host in host1 host2 host3; do
+        if ! wait_for_ipsec_tunnels "${host}" 8; then
+            return 1
+        fi
+    done
+}
\ No newline at end of file
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
index c5a08d7dda..a38f0dd05f 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipsec.sh
@@ -14,120 +14,6 @@ source "${SCRIPTDIR}/c2cc_common.sh"
 # enforcement tests), so disable randomization.
 export TEST_RANDOMIZATION=none
 
-# configure_ipsec_host writes the PSK and connection configs, initializes the
-# NSS database, and starts the ipsec service on a single host.
-# Libreswan, tcpdump, and firewall rules are pre-installed in the
-# rhel102-bootc-source-ipsec container image.
-#
-# Uses tunnel mode with subnet selectors to protect C2CC traffic (pod/service
-# CIDRs). MicroShift C2CC routes cross-cluster traffic as raw IP via the
-# host's physical interface — there is no Geneve tunnel between hosts.
-#
-# Arguments:
-#   $1         — VM name (host1, host2, host3)
-#   $2         — this host's IP
-#   $3         — local pod CIDR
-#   $4         — local service CIDR
-#   $5         — pre-shared key (hex string)
-#   $6..N      — sets of 4: remote_ip remote_name remote_pod_cidr remote_svc_cidr
-configure_ipsec_host() {
-    local -r host=$1
-    local -r host_ip=$2
-    local -r local_pod_cidr=$3
-    local -r local_svc_cidr=$4
-    local -r psk=$5
-    shift 5
-
-    local secrets_content=""
-    local conn_content=""
-    while [ $# -gt 0 ]; do
-        local remote_ip=$1
-        local remote_name=$2
-        local remote_pod_cidr=$3
-        local remote_svc_cidr=$4
-        shift 4
-
-        secrets_content+="${host_ip} ${remote_ip} : PSK \"${psk}\""$'\n'
-
-        conn_content+="conn c2cc-to-${remote_name}"$'\n'
-        conn_content+="    type=tunnel"$'\n'
-        conn_content+="    authby=secret"$'\n'
-        conn_content+="    left=${host_ip}"$'\n'
-        conn_content+="    right=${remote_ip}"$'\n'
-        conn_content+="    leftsubnets={${local_pod_cidr} ${local_svc_cidr}}"$'\n'
-        conn_content+="    rightsubnets={${remote_pod_cidr} ${remote_svc_cidr}}"$'\n'
-        conn_content+="    auto=start"$'\n'
-        conn_content+="    ike=aes256-sha2_256-modp2048"$'\n'
-        conn_content+="    esp=aes256-sha2_256"$'\n'
-        conn_content+="    failureshunt=drop"$'\n'
-        conn_content+="    negotiationshunt=drop"$'\n'
-        conn_content+="    ikev2=insist"$'\n'
-        conn_content+=$'\n'
-    done
-
-    run_command_on_vm "${host}" "sudo tee /etc/ipsec.d/c2cc.secrets > /dev/null <<EOF
-${secrets_content}EOF"
-    run_command_on_vm "${host}" "sudo chmod 600 /etc/ipsec.d/c2cc.secrets"
-    run_command_on_vm "${host}" "sudo restorecon -v /etc/ipsec.d/c2cc.secrets"
-
-    run_command_on_vm "${host}" "sudo tee /etc/ipsec.d/c2cc-tunnel.conf > /dev/null <<EOF
-${conn_content}EOF"
-
-    run_command_on_vm "${host}" "sudo ipsec checknss"
-    run_command_on_vm "${host}" "sudo systemctl restart ipsec"
-}
-
-wait_for_ipsec_tunnels() {
-    local host=$1
-    local expected_count=$2
-
-    local attempts=0
-    while [ "${attempts}" -lt 30 ]; do
-        local count
-        count=$(run_command_on_vm "${host}" "sudo ipsec trafficstatus 2>/dev/null | grep -c 'type=ESP' || true")
-        count=$(echo "${count}" | tail -1 | tr -d '\r')
-        if [ "${count}" -ge "${expected_count}" ]; then
-            record_junit "${host}" "ipsec_tunnels" "OK"
-            return 0
-        fi
-        sleep 2
-        attempts=$((attempts + 1))
-    done
-    record_junit "${host}" "ipsec_tunnels" "FAILED"
-    return 1
-}
-
-configure_ipsec() {
-    local host1_ip host2_ip host3_ip
-    host1_ip=$(get_vm_property host1 ip) || { echo "failed to get host1 ip" >&2; return 1; }
-    host2_ip=$(get_vm_property host2 ip) || { echo "failed to get host2 ip" >&2; return 1; }
-    host3_ip=$(get_vm_property host3 ip) || { echo "failed to get host3 ip" >&2; return 1; }
-    readonly host1_ip host2_ip host3_ip
-
-    local psk
-    psk=$(openssl rand -hex 32) || { echo "failed to generate PSK" >&2; return 1; }
-    readonly psk
-
-    configure_ipsec_host host1 "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${psk}" \
-        "${host2_ip}" host2 "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" \
-        "${host3_ip}" host3 "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}"
-
-    configure_ipsec_host host2 "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${psk}" \
-        "${host1_ip}" host1 "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" \
-        "${host3_ip}" host3 "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}"
-
-    configure_ipsec_host host3 "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${psk}" \
-        "${host1_ip}" host1 "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" \
-        "${host2_ip}" host2 "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}"
-
-    # Each host has 2 remote hosts × 4 subnet pairs (2 local × 2 remote CIDRs) = 8 child SAs.
-    for host in host1 host2 host3; do
-        if ! wait_for_ipsec_tunnels "${host}" 8; then
-            return 1
-        fi
-    done
-}
-
 scenario_create_vms() {
     c2cc_create_vms "rhel102-bootc-source-ipsec" "rhel102-bootc"
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
index ca3dbd94d1..348e66cdfb 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipsec.sh
@@ -14,120 +14,6 @@ source "${SCRIPTDIR}/c2cc_common.sh"
 # enforcement tests), so disable randomization.
 export TEST_RANDOMIZATION=none
 
-# configure_ipsec_host writes the PSK and connection configs, initializes the
-# NSS database, and starts the ipsec service on a single host.
-# Libreswan, tcpdump, and firewall rules are pre-installed in the
-# rhel98-bootc-source-ipsec container image.
-#
-# Uses tunnel mode with subnet selectors to protect C2CC traffic (pod/service
-# CIDRs). MicroShift C2CC routes cross-cluster traffic as raw IP via the
-# host's physical interface — there is no Geneve tunnel between hosts.
-#
-# Arguments:
-#   $1         — VM name (host1, host2, host3)
-#   $2         — this host's IP
-#   $3         — local pod CIDR
-#   $4         — local service CIDR
-#   $5         — pre-shared key (hex string)
-#   $6..N      — sets of 4: remote_ip remote_name remote_pod_cidr remote_svc_cidr
-configure_ipsec_host() {
-    local -r host=$1
-    local -r host_ip=$2
-    local -r local_pod_cidr=$3
-    local -r local_svc_cidr=$4
-    local -r psk=$5
-    shift 5
-
-    local secrets_content=""
-    local conn_content=""
-    while [ $# -gt 0 ]; do
-        local remote_ip=$1
-        local remote_name=$2
-        local remote_pod_cidr=$3
-        local remote_svc_cidr=$4
-        shift 4
-
-        secrets_content+="${host_ip} ${remote_ip} : PSK \"${psk}\""$'\n'
-
-        conn_content+="conn c2cc-to-${remote_name}"$'\n'
-        conn_content+="    type=tunnel"$'\n'
-        conn_content+="    authby=secret"$'\n'
-        conn_content+="    left=${host_ip}"$'\n'
-        conn_content+="    right=${remote_ip}"$'\n'
-        conn_content+="    leftsubnets={${local_pod_cidr} ${local_svc_cidr}}"$'\n'
-        conn_content+="    rightsubnets={${remote_pod_cidr} ${remote_svc_cidr}}"$'\n'
-        conn_content+="    auto=start"$'\n'
-        conn_content+="    ike=aes256-sha2_256-modp2048"$'\n'
-        conn_content+="    esp=aes256-sha2_256"$'\n'
-        conn_content+="    failureshunt=drop"$'\n'
-        conn_content+="    negotiationshunt=drop"$'\n'
-        conn_content+="    ikev2=insist"$'\n'
-        conn_content+=$'\n'
-    done
-
-    run_command_on_vm "${host}" "sudo tee /etc/ipsec.d/c2cc.secrets > /dev/null <<EOF
-${secrets_content}EOF"
-    run_command_on_vm "${host}" "sudo chmod 600 /etc/ipsec.d/c2cc.secrets"
-    run_command_on_vm "${host}" "sudo restorecon -v /etc/ipsec.d/c2cc.secrets"
-
-    run_command_on_vm "${host}" "sudo tee /etc/ipsec.d/c2cc-tunnel.conf > /dev/null <<EOF
-${conn_content}EOF"
-
-    run_command_on_vm "${host}" "sudo ipsec checknss"
-    run_command_on_vm "${host}" "sudo systemctl restart ipsec"
-}
-
-wait_for_ipsec_tunnels() {
-    local host=$1
-    local expected_count=$2
-
-    local attempts=0
-    while [ "${attempts}" -lt 30 ]; do
-        local count
-        count=$(run_command_on_vm "${host}" "sudo ipsec trafficstatus 2>/dev/null | grep -c 'type=ESP' || true")
-        count=$(echo "${count}" | tail -1 | tr -d '\r')
-        if [ "${count}" -ge "${expected_count}" ]; then
-            record_junit "${host}" "ipsec_tunnels" "OK"
-            return 0
-        fi
-        sleep 2
-        attempts=$((attempts + 1))
-    done
-    record_junit "${host}" "ipsec_tunnels" "FAILED"
-    return 1
-}
-
-configure_ipsec() {
-    local host1_ip host2_ip host3_ip
-    host1_ip=$(get_vm_property host1 ip) || { echo "failed to get host1 ip" >&2; return 1; }
-    host2_ip=$(get_vm_property host2 ip) || { echo "failed to get host2 ip" >&2; return 1; }
-    host3_ip=$(get_vm_property host3 ip) || { echo "failed to get host3 ip" >&2; return 1; }
-    readonly host1_ip host2_ip host3_ip
-
-    local psk
-    psk=$(openssl rand -hex 32) || { echo "failed to generate PSK" >&2; return 1; }
-    readonly psk
-
-    configure_ipsec_host host1 "${host1_ip}" "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" "${psk}" \
-        "${host2_ip}" host2 "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" \
-        "${host3_ip}" host3 "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}"
-
-    configure_ipsec_host host2 "${host2_ip}" "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}" "${psk}" \
-        "${host1_ip}" host1 "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" \
-        "${host3_ip}" host3 "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}"
-
-    configure_ipsec_host host3 "${host3_ip}" "${CLUSTER_C_POD_CIDR}" "${CLUSTER_C_SVC_CIDR}" "${psk}" \
-        "${host1_ip}" host1 "${CLUSTER_A_POD_CIDR}" "${CLUSTER_A_SVC_CIDR}" \
-        "${host2_ip}" host2 "${CLUSTER_B_POD_CIDR}" "${CLUSTER_B_SVC_CIDR}"
-
-    # Each host has 2 remote hosts × 4 subnet pairs (2 local × 2 remote CIDRs) = 8 child SAs.
-    for host in host1 host2 host3; do
-        if ! wait_for_ipsec_tunnels "${host}" 8; then
-            return 1
-        fi
-    done
-}
-
 scenario_create_vms() {
     c2cc_create_vms "rhel98-bootc-source-ipsec" "rhel98-bootc"
 }

From 79faeac81f431808aed67f00c45a22f0d5993649 Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Tue, 9 Jun 2026 13:34:21 +0000
Subject: [PATCH 07/10] Add get_host_ip func to remove duplicity

---
 test/bin/c2cc_common.sh | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
index d605c4c5f6..692709c12b 100644
--- a/test/bin/c2cc_common.sh
+++ b/test/bin/c2cc_common.sh
@@ -19,6 +19,11 @@ CLUSTER_C_DOMAIN="cluster-c.remote"
 
 export TEST_RANDOMIZATION=suites
 
+get_host_ip() {
+    local host=$1
+    get_vm_property "${host}" ip || { echo "failed to get ${host} ip" >&2; return 1; }
+}
+
 wait_for_greenboot_on_hosts() {
     local junit_label=$1
     local host
@@ -80,9 +85,9 @@ configure_c2cc_hosts() {
     local -r post_junit_label="${2:-c2cc_greenboot}"
 
     local host1_ip host2_ip host3_ip
-    host1_ip=$(get_vm_property host1 ip) || { echo "failed to get host1 ip" >&2; return 1; }
-    host2_ip=$(get_vm_property host2 ip) || { echo "failed to get host2 ip" >&2; return 1; }
-    host3_ip=$(get_vm_property host3 ip) || { echo "failed to get host3 ip" >&2; return 1; }
+    host1_ip=$(get_host_ip host1) || return 1
+    host2_ip=$(get_host_ip host2) || return 1
+    host3_ip=$(get_host_ip host3) || return 1
     readonly host1_ip host2_ip host3_ip
 
     wait_for_greenboot_on_hosts "${pre_junit_label}"
@@ -289,9 +294,9 @@ wait_for_ipsec_tunnels() {
 
 configure_ipsec() {
     local host1_ip host2_ip host3_ip
-    host1_ip=$(get_vm_property host1 ip) || { echo "failed to get host1 ip" >&2; return 1; }
-    host2_ip=$(get_vm_property host2 ip) || { echo "failed to get host2 ip" >&2; return 1; }
-    host3_ip=$(get_vm_property host3 ip) || { echo "failed to get host3 ip" >&2; return 1; }
+    host1_ip=$(get_host_ip host1) || return 1
+    host2_ip=$(get_host_ip host2) || return 1
+    host3_ip=$(get_host_ip host3) || return 1
     readonly host1_ip host2_ip host3_ip
 
     local psk

From 8fdb3be2cfd64db6d39cea8ffd47ff6d1d678a80 Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Tue, 9 Jun 2026 13:39:15 +0000
Subject: [PATCH 08/10] Fix shellcheck

---
 test/bin/c2cc_common.sh                                     | 2 +-
 test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh | 1 +
 test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh      | 1 +
 test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh   | 1 +
 test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh        | 1 +
 5 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
index 692709c12b..17e9c2fd53 100644
--- a/test/bin/c2cc_common.sh
+++ b/test/bin/c2cc_common.sh
@@ -321,4 +321,4 @@ configure_ipsec() {
             return 1
         fi
     done
-}
\ No newline at end of file
+}
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
index aa2f5bdc04..250dd129d2 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc-ipv6.sh
@@ -41,6 +41,7 @@ scenario_remove_vms() {
 }
 
 scenario_run_tests() {
+    # shellcheck disable=SC2119
     configure_c2cc_hosts
     c2cc_run_tests "suites/c2cc/" "2001:db8::/64" ipv6
 }
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
index ca97c219a7..37c747c3d8 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
@@ -14,6 +14,7 @@ scenario_remove_vms() {
 }
 
 scenario_run_tests() {
+    # shellcheck disable=SC2119
     configure_c2cc_hosts
     c2cc_run_tests "suites/c2cc/" "192.0.2.0/24"
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
index 6b7445ab25..50a781ee25 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc-ipv6.sh
@@ -41,6 +41,7 @@ scenario_remove_vms() {
 }
 
 scenario_run_tests() {
+    # shellcheck disable=SC2119
     configure_c2cc_hosts
     c2cc_run_tests "suites/c2cc/" "2001:db8::/64" ipv6
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
index bc5a46e36b..9d756b5e81 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
@@ -14,6 +14,7 @@ scenario_remove_vms() {
 }
 
 scenario_run_tests() {
+    # shellcheck disable=SC2119
     configure_c2cc_hosts
     c2cc_run_tests "suites/c2cc/" "192.0.2.0/24"
 }

From 1e9bad92805d950e3a2ae6566ee8c0349f58fd5a Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Tue, 9 Jun 2026 13:59:37 +0000
Subject: [PATCH 09/10] Appease the rabbit

---
 test/bin/c2cc_common.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
index 17e9c2fd53..d889b5aca6 100644
--- a/test/bin/c2cc_common.sh
+++ b/test/bin/c2cc_common.sh
@@ -172,12 +172,15 @@ c2cc_run_tests() {
         ip_family_var="--variable IP_FAMILY:${ip_family}"
     fi
 
+    local host2_ip host3_ip
+    host2_ip=$(get_host_ip host2) || return 1
+    host3_ip=$(get_host_ip host3) || return 1
+    readonly host2_ip host3_ip
+
     # Retrieve host2's kubeconfig
-    local -r host2_ip=$(get_vm_property host2 ip)
     local -r kubeconfig_b="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-b"
     
     # Retrieve host3's kubeconfig
-    local -r host3_ip=$(get_vm_property host3 ip)
     local -r kubeconfig_c="${SCENARIO_INFO_DIR}/${SCENARIO}/kubeconfig-c"
 
     # Wait for host2 and host3 to be fully ready (run_tests only waits for host1)

From 7ec884e3bd4d50fd96ef44259f73a9ee9ca84d49 Mon Sep 17 00:00:00 2001
From: vanhalenar <thalenar@redhat.com>
Date: Wed, 10 Jun 2026 07:30:03 +0000
Subject: [PATCH 10/10] Make params in c2cc_run_tests truly optional

---
 test/bin/c2cc_common.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/bin/c2cc_common.sh b/test/bin/c2cc_common.sh
index d889b5aca6..a319e9d2a9 100644
--- a/test/bin/c2cc_common.sh
+++ b/test/bin/c2cc_common.sh
@@ -159,8 +159,8 @@ c2cc_remove_vms() {
 
 c2cc_run_tests() {
     local -r suites_dir="${1}"
-    local -r foreign_cidr="${2}"
-    local -r ip_family="${3}"
+    local -r foreign_cidr="${2:-}"
+    local -r ip_family="${3:-}"
 
     local foreign_cidr_var=""
     if [ -n "${foreign_cidr}" ]; then