Browse Source
FRR daemons zebra, watchfrr, bgpd and bfdd can be enabled and configured. Change-Id: I0fe7f3e30e21ade3d556b2d88c422a742c3e3a21changes/72/763572/13
6 changed files with 251 additions and 0 deletions
@ -0,0 +1,5 @@
|
||||
--- |
||||
features: |
||||
- | |
||||
Added a new role ``tripleo_frr`` to configure FRR service instances. |
||||
FRR daemons ``zebra``, ``watchfrr``, ``bgpd`` and ``bfdd`` can be enabled. |
@ -0,0 +1,34 @@
|
||||
--- |
||||
# Copyright 2020 Red Hat, Inc. |
||||
# All Rights Reserved. |
||||
# |
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may |
||||
# not use this file except in compliance with the License. You may obtain |
||||
# a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
||||
# License for the specific language governing permissions and limitations |
||||
# under the License. |
||||
|
||||
|
||||
# All variables intended for modification should be placed in this file. |
||||
|
||||
# All variables within this role should have a prefix of "tripleo_frr" |
||||
|
||||
tripleo_frr_bfd: false |
||||
tripleo_frr_bgp: false |
||||
tripleo_frr_bgp_ipv4: true |
||||
tripleo_frr_bgp_ipv4_allowas_in: false |
||||
tripleo_frr_bgp_ipv6: true |
||||
tripleo_frr_bgp_ipv6_allowas_in: false |
||||
tripleo_frr_bgp_uplinks_scope: internal |
||||
tripleo_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr" |
||||
tripleo_frr_hostname: "{{ ansible_hostname }}" |
||||
tripleo_frr_log_level: informational |
||||
tripleo_frr_watchfrr: true |
||||
tripleo_frr_zebra: false |
||||
tripleo_frr_bgp_ipv4_default_src_map: {} |
@ -0,0 +1,42 @@
|
||||
--- |
||||
# Copyright 2020 Red Hat, Inc. |
||||
# All Rights Reserved. |
||||
# |
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may |
||||
# not use this file except in compliance with the License. You may obtain |
||||
# a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
||||
# License for the specific language governing permissions and limitations |
||||
# under the License. |
||||
|
||||
|
||||
galaxy_info: |
||||
author: OpenStack |
||||
description: TripleO OpenStack Role -- tripleo_frr |
||||
company: Red Hat |
||||
license: Apache-2.0 |
||||
min_ansible_version: 2.7 |
||||
# |
||||
# Provide a list of supported platforms, and for each platform a list of versions. |
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'. |
||||
# To view available platforms and versions (or releases), visit: |
||||
# https://galaxy.ansible.com/api/v1/platforms/ |
||||
# |
||||
platforms: |
||||
- name: CentOS |
||||
versions: |
||||
- 7 |
||||
- 8 |
||||
|
||||
galaxy_tags: |
||||
- tripleo |
||||
|
||||
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above, |
||||
# if you add dependencies to this list. |
||||
dependencies: [] |
@ -0,0 +1,62 @@
|
||||
--- |
||||
# Copyright 2020 Red Hat, Inc. |
||||
# All Rights Reserved. |
||||
# |
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may |
||||
# not use this file except in compliance with the License. You may obtain |
||||
# a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
||||
# License for the specific language governing permissions and limitations |
||||
# under the License. |
||||
|
||||
- name: create directory {{ tripleo_frr_config_basedir }} |
||||
become: true |
||||
ansible.builtin.file: |
||||
path: "{{ tripleo_frr_config_basedir }}/etc/frr" |
||||
recurse: true |
||||
state: directory |
||||
selevel: s0 |
||||
setype: container_file_t |
||||
|
||||
- name: configure FRR |
||||
become: true |
||||
ansible.builtin.template: |
||||
src: frr.conf.j2 |
||||
dest: "{{ tripleo_frr_config_basedir }}/etc/frr/frr.conf" |
||||
mode: '640' |
||||
selevel: s0 |
||||
setype: container_file_t |
||||
register: _frr_config_result |
||||
|
||||
- name: configure FRR daemons |
||||
become: true |
||||
ansible.builtin.template: |
||||
src: daemons.j2 |
||||
dest: "{{ tripleo_frr_config_basedir }}/etc/frr/daemons" |
||||
mode: '640' |
||||
selevel: s0 |
||||
setype: container_file_t |
||||
register: _frr_daemons_result |
||||
|
||||
- name: restart FRR |
||||
when: |
||||
- _frr_config_result.changed or _frr_daemons_result.changed |
||||
block: |
||||
- name: check if tripleo_frr systemd service is active |
||||
become: true |
||||
shell: systemctl is-active --quiet tripleo_frr |
||||
failed_when: false |
||||
register: frr_active_service |
||||
|
||||
- name: restart frr container |
||||
become: true |
||||
systemd: |
||||
name: tripleo_frr |
||||
state: restarted |
||||
when: |
||||
- frr_active_service.rc == 0 |
@ -0,0 +1,49 @@
|
||||
# {{ ansible_managed }} |
||||
|
||||
watchfrr_enable={{ 'yes' if tripleo_frr_watchfrr else 'no' }} |
||||
{% if tripleo_frr_watchfrr %} |
||||
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'" |
||||
{% endif %} |
||||
# |
||||
zebra={{ 'yes' if tripleo_frr_zebra else 'no' }} |
||||
bgpd={{ 'yes' if tripleo_frr_bgp else 'no' }} |
||||
ospfd=no |
||||
ospf6d=no |
||||
ripd=no |
||||
ripngd=no |
||||
isisd=no |
||||
pimd=no |
||||
nhrpd=no |
||||
eigrpd=no |
||||
sharpd=no |
||||
pbrd=no |
||||
staticd=no |
||||
bfdd={{ 'yes' if tripleo_frr_bfd else 'no' }} |
||||
fabricd=no |
||||
|
||||
# |
||||
# Command line options for the daemons |
||||
# |
||||
zebra_options=("-A 127.0.0.1") |
||||
bgpd_options=("-A 127.0.0.1") |
||||
ospfd_options=("-A 127.0.0.1") |
||||
ospf6d_options=("-A ::1") |
||||
ripd_options=("-A 127.0.0.1") |
||||
ripngd_options=("-A ::1") |
||||
isisd_options=("-A 127.0.0.1") |
||||
pimd_options=("-A 127.0.0.1") |
||||
nhrpd_options=("-A 127.0.0.1") |
||||
eigrpd_options=("-A 127.0.0.1") |
||||
sharpd_options=("-A 127.0.0.1") |
||||
pbrd_options=("-A 127.0.0.1") |
||||
staticd_options=("-A 127.0.0.1") |
||||
bfdd_options=("-A 127.0.0.1") |
||||
fabricd_options=("-A 127.0.0.1") |
||||
|
||||
# |
||||
# If the vtysh_enable is yes, then the unified config is read |
||||
# and applied if it exists. If no unified frr.conf exists |
||||
# then the per-daemon <daemon>.conf files are used) |
||||
# If vtysh_enable is no or non-existant, the frr.conf is ignored. |
||||
# it is highly suggested to have this set to yes |
||||
vtysh_enable=yes |
@ -0,0 +1,59 @@
|
||||
! {{ ansible_managed }} |
||||
|
||||
hostname {{ tripleo_frr_hostname }} |
||||
log file /var/log/frr/frr.log {{ tripleo_frr_log_level }} |
||||
service integrated-vtysh-config |
||||
line vty |
||||
|
||||
router bgp {{ tripleo_frr_bgp_asn }} |
||||
bgp log-neighbor-changes |
||||
bgp graceful-shutdown |
||||
|
||||
neighbor uplink peer-group |
||||
neighbor uplink remote-as {{ tripleo_frr_bgp_uplinks_scope }} |
||||
! neighbor uplink capability extended-nexthop |
||||
{% if tripleo_frr_bfd %} |
||||
neighbor uplink bfd |
||||
{% endif %} |
||||
{% for iface in tripleo_frr_bgp_uplinks %} |
||||
neighbor {{ iface }} interface peer-group uplink |
||||
{% endfor %} |
||||
|
||||
{% if tripleo_frr_bgp_ipv4 %} |
||||
address-family ipv4 unicast |
||||
redistribute connected |
||||
{% if tripleo_frr_bgp_ipv4_allowas_in %} |
||||
neighbor uplink allowas-in origin |
||||
{% endif %} |
||||
neighbor uplink prefix-list only-host-prefixes out |
||||
exit-address-family |
||||
{% endif %} |
||||
|
||||
{% if tripleo_frr_bgp_ipv6 %} |
||||
address-family ipv6 unicast |
||||
redistribute connected |
||||
neighbor uplink activate |
||||
{% if tripleo_frr_bgp_ipv6_allowas_in %} |
||||
neighbor uplink allowas-in origin |
||||
{% endif %} |
||||
neighbor uplink prefix-list only-host-prefixes out |
||||
exit-address-family |
||||
{% endif %} |
||||
|
||||
{% if tripleo_frr_bgp_ipv4 %} |
||||
ip prefix-list only-default permit 0.0.0.0/0 |
||||
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32 |
||||
|
||||
{% if tripleo_frr_bgp_ipv4_default_src_map|length > 0 and tripleo_frr_hostname in tripleo_frr_bgp_ipv4_default_src_map %} |
||||
route-map rm-only-default permit 10 |
||||
match ip address prefix-list only-default |
||||
set src {{ tripleo_frr_bgp_ipv4_default_src_map[tripleo_frr_hostname] }} |
||||
|
||||
ip protocol bgp route-map rm-only-default |
||||
{% endif %} {# tripleo_frr_bgp_ipv4_default_src_map #} |
||||
{% endif %} {# tripleo_frr_bgp_ipv4 #} |
||||
|
||||
{% if tripleo_frr_bgp_ipv6 %} |
||||
ipv6 prefix-list only-default permit ::/0 |
||||
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128 |
||||
{% endif %} |
Loading…
Reference in new issue