Add ebgp policy definition for tests
According to RFC-8212 policies must be described in order to allow announce/accept routes. Without policies being described, no routes will be announced/recieved by default. This patch fixes current CI failures. Change-Id: Ia033cc7c3ed3146860ab96452bec988f3c3069bf
This commit is contained in:
parent
00534ccaf8
commit
b04bf138e4
7
.ansible-lint
Normal file
7
.ansible-lint
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
mock_roles:
|
||||
- multi-node-bridge
|
||||
- clear-firewall
|
||||
|
||||
skip_list:
|
||||
- fqcn
|
@ -19,4 +19,4 @@
|
||||
service:
|
||||
name: frr
|
||||
state: restarted
|
||||
enabled: yes
|
||||
enabled: true
|
||||
|
9
meta/main.yml
Normal file
9
meta/main.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: vexxhost
|
||||
description: Installation and setup of FRRouting
|
||||
company: Vexxhost
|
||||
license: Apache2
|
||||
role_name: frrouting
|
||||
namespace: vexxhost
|
||||
min_ansible_version: "2.10"
|
@ -42,15 +42,15 @@
|
||||
repo: "{{ repo.repo }}"
|
||||
state: "{{ repo.state | default('present') }}"
|
||||
filename: "{{ repo.filename | default(omit) }}"
|
||||
update_cache: no
|
||||
update_cache: false
|
||||
with_items: "{{ frr_repos }}"
|
||||
loop_control:
|
||||
loop_var: repo
|
||||
register: _adding_apt_repo
|
||||
|
||||
- name: Update Apt cache
|
||||
- name: Update Apt cache # noqa: no-handler
|
||||
apt:
|
||||
update_cache: yes
|
||||
update_cache: true
|
||||
when:
|
||||
- _adding_apt_repo is changed
|
||||
register: _update_apt_cache
|
||||
|
@ -19,10 +19,11 @@
|
||||
block:
|
||||
- name: Enable integrated config
|
||||
lineinfile:
|
||||
create: yes
|
||||
create: true
|
||||
path: /etc/frr/vtysh.conf
|
||||
regexp: '^(no)?\s?service integrated-vtysh-config$'
|
||||
line: "service integrated-vtysh-config"
|
||||
mode: "0640"
|
||||
notify: Restart frr
|
||||
|
||||
- name: Write down integrated config
|
||||
|
@ -26,7 +26,7 @@
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Load vlan modules
|
||||
- name: Load vlan modules # noqa: no-handler
|
||||
modprobe:
|
||||
name: 8021q
|
||||
state: present
|
||||
@ -36,16 +36,17 @@
|
||||
template:
|
||||
src: vlans.cfg.j2
|
||||
dest: "/etc/network/interfaces.d/vlan-{{ item.id }}.cfg"
|
||||
mode: "0644"
|
||||
with_items: "{{ frr_vlans }}"
|
||||
register: distribute_vlans
|
||||
|
||||
- name: Stop interface
|
||||
- name: Stop interface # noqa: no-handler
|
||||
command: "ifdown {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
|
||||
with_items: "{{ distribute_vlans.results }}"
|
||||
when: item is changed
|
||||
changed_when: false
|
||||
|
||||
- name: Start interface
|
||||
- name: Start interface # noqa: no-handler
|
||||
command: "ifup {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
|
||||
with_items: "{{ distribute_vlans.results }}"
|
||||
when: item is changed
|
||||
|
@ -11,6 +11,11 @@ frr_staticd_routes:
|
||||
|
||||
frr_bgpd_config:
|
||||
- router bgp 1234
|
||||
- "bgp router-id {{ hostvars['primary']['ansible_br_infra']['ipv4']['address'] }}"
|
||||
- "neighbor {{ hostvars['secondary']['ansible_br_infra']['ipv4']['address'] }} remote-as 5678"
|
||||
- "bgp router-id {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }}"
|
||||
- "neighbor {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 5678"
|
||||
- network 192.168.1.0/24
|
||||
- address-family ipv4 unicast
|
||||
- " neighbor {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv out"
|
||||
- "exit-address-family"
|
||||
- ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
|
||||
- ip prefix-list pl-allowed-adv seq 10 deny any
|
||||
|
@ -1,4 +1,9 @@
|
||||
frr_bgpd_config:
|
||||
- router bgp 5678
|
||||
- "bgp router-id {{ hostvars['secondary']['ansible_br_infra']['ipv4']['address'] }}"
|
||||
- "neighbor {{ hostvars['primary']['ansible_br_infra']['ipv4']['address'] }} remote-as 1234"
|
||||
- "bgp router-id {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }}"
|
||||
- "neighbor {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 1234"
|
||||
- address-family ipv4 unicast
|
||||
- " neighbor {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv in"
|
||||
- exit-address-family
|
||||
- ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
|
||||
- ip prefix-list pl-allowed-adv seq 10 deny any
|
||||
|
@ -15,6 +15,8 @@
|
||||
|
||||
- name: Installing frr
|
||||
hosts: all
|
||||
vars:
|
||||
bridge_name: br-infra
|
||||
|
||||
roles:
|
||||
- multi-node-bridge
|
||||
@ -22,7 +24,7 @@
|
||||
- frrouting
|
||||
|
||||
post_tasks:
|
||||
- name: wait after service restart
|
||||
- name: Wait after service restart
|
||||
pause:
|
||||
seconds: 10
|
||||
|
||||
@ -46,6 +48,13 @@
|
||||
msg: frr is not up
|
||||
when: ansible_facts.services['frr'].state != 'running'
|
||||
|
||||
- name: Get summary
|
||||
become: true
|
||||
become_user: root
|
||||
command: "vtysh -c 'show bgp summary'"
|
||||
register: _frr_get_summary
|
||||
changed_when: false
|
||||
|
||||
- name: Get routes
|
||||
become: true
|
||||
become_user: root
|
||||
@ -53,7 +62,6 @@
|
||||
register: _frr_get_routes
|
||||
changed_when: false
|
||||
|
||||
|
||||
- name: Fail if we're missing static routes
|
||||
fail:
|
||||
msg: "We can't find route {{ item }}"
|
||||
|
7
tox.ini
7
tox.ini
@ -23,7 +23,7 @@ passenv =
|
||||
TESTING_BRANCH
|
||||
TESTING_HOME
|
||||
USER
|
||||
whitelist_externals =
|
||||
allowlist_externals =
|
||||
bash
|
||||
setenv =
|
||||
PYTHONUNBUFFERED=1
|
||||
@ -32,5 +32,10 @@ setenv =
|
||||
WORKING_DIR={toxinidir}
|
||||
|
||||
[testenv:linters]
|
||||
setenv =
|
||||
{[testenv]setenv}
|
||||
ANSIBLE_ROLES_PATH={envdir}
|
||||
commands =
|
||||
bash -c 'printf -- "- name: frrouting\n src: git+file://{toxinidir}\n" > {envdir}/test-requirements.yml'
|
||||
ansible-galaxy install -r {envdir}/test-requirements.yml --roles-path {envdir} --force
|
||||
ansible-lint {toxinidir}/tests/test.yml
|
||||
|
Loading…
x
Reference in New Issue
Block a user