Add tripleo_frr role
FRR daemons zebra, watchfrr, bgpd and bfdd can be enabled and configured. Change-Id: I0fe7f3e30e21ade3d556b2d88c422a742c3e3a21
This commit is contained in:
parent
037897775d
commit
751e794638
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Added a new role ``tripleo_frr`` to configure FRR service instances.
|
||||
FRR daemons ``zebra``, ``watchfrr``, ``bgpd`` and ``bfdd`` can be enabled.
|
34
tripleo_ansible/roles/tripleo_frr/defaults/main.yml
Normal file
34
tripleo_ansible/roles/tripleo_frr/defaults/main.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
# Copyright 2020 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
|
||||
# All variables intended for modification should be placed in this file.
|
||||
|
||||
# All variables within this role should have a prefix of "tripleo_frr"
|
||||
|
||||
tripleo_frr_bfd: false
|
||||
tripleo_frr_bgp: false
|
||||
tripleo_frr_bgp_ipv4: true
|
||||
tripleo_frr_bgp_ipv4_allowas_in: false
|
||||
tripleo_frr_bgp_ipv6: true
|
||||
tripleo_frr_bgp_ipv6_allowas_in: false
|
||||
tripleo_frr_bgp_uplinks_scope: internal
|
||||
tripleo_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr"
|
||||
tripleo_frr_hostname: "{{ ansible_hostname }}"
|
||||
tripleo_frr_log_level: informational
|
||||
tripleo_frr_watchfrr: true
|
||||
tripleo_frr_zebra: false
|
||||
tripleo_frr_bgp_ipv4_default_src_map: {}
|
42
tripleo_ansible/roles/tripleo_frr/meta/main.yml
Normal file
42
tripleo_ansible/roles/tripleo_frr/meta/main.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
# Copyright 2020 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
|
||||
galaxy_info:
|
||||
author: OpenStack
|
||||
description: TripleO OpenStack Role -- tripleo_frr
|
||||
company: Red Hat
|
||||
license: Apache-2.0
|
||||
min_ansible_version: 2.7
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
platforms:
|
||||
- name: CentOS
|
||||
versions:
|
||||
- 7
|
||||
- 8
|
||||
|
||||
galaxy_tags:
|
||||
- tripleo
|
||||
|
||||
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
dependencies: []
|
62
tripleo_ansible/roles/tripleo_frr/tasks/main.yml
Normal file
62
tripleo_ansible/roles/tripleo_frr/tasks/main.yml
Normal file
@ -0,0 +1,62 @@
|
||||
---
|
||||
# Copyright 2020 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
- name: create directory {{ tripleo_frr_config_basedir }}
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: "{{ tripleo_frr_config_basedir }}/etc/frr"
|
||||
recurse: true
|
||||
state: directory
|
||||
selevel: s0
|
||||
setype: container_file_t
|
||||
|
||||
- name: configure FRR
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: frr.conf.j2
|
||||
dest: "{{ tripleo_frr_config_basedir }}/etc/frr/frr.conf"
|
||||
mode: '640'
|
||||
selevel: s0
|
||||
setype: container_file_t
|
||||
register: _frr_config_result
|
||||
|
||||
- name: configure FRR daemons
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: daemons.j2
|
||||
dest: "{{ tripleo_frr_config_basedir }}/etc/frr/daemons"
|
||||
mode: '640'
|
||||
selevel: s0
|
||||
setype: container_file_t
|
||||
register: _frr_daemons_result
|
||||
|
||||
- name: restart FRR
|
||||
when:
|
||||
- _frr_config_result.changed or _frr_daemons_result.changed
|
||||
block:
|
||||
- name: check if tripleo_frr systemd service is active
|
||||
become: true
|
||||
shell: systemctl is-active --quiet tripleo_frr
|
||||
failed_when: false
|
||||
register: frr_active_service
|
||||
|
||||
- name: restart frr container
|
||||
become: true
|
||||
systemd:
|
||||
name: tripleo_frr
|
||||
state: restarted
|
||||
when:
|
||||
- frr_active_service.rc == 0
|
49
tripleo_ansible/roles/tripleo_frr/templates/daemons.j2
Normal file
49
tripleo_ansible/roles/tripleo_frr/templates/daemons.j2
Normal file
@ -0,0 +1,49 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
watchfrr_enable={{ 'yes' if tripleo_frr_watchfrr else 'no' }}
|
||||
{% if tripleo_frr_watchfrr %}
|
||||
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
|
||||
{% endif %}
|
||||
#
|
||||
zebra={{ 'yes' if tripleo_frr_zebra else 'no' }}
|
||||
bgpd={{ 'yes' if tripleo_frr_bgp else 'no' }}
|
||||
ospfd=no
|
||||
ospf6d=no
|
||||
ripd=no
|
||||
ripngd=no
|
||||
isisd=no
|
||||
pimd=no
|
||||
nhrpd=no
|
||||
eigrpd=no
|
||||
sharpd=no
|
||||
pbrd=no
|
||||
staticd=no
|
||||
bfdd={{ 'yes' if tripleo_frr_bfd else 'no' }}
|
||||
fabricd=no
|
||||
|
||||
#
|
||||
# Command line options for the daemons
|
||||
#
|
||||
zebra_options=("-A 127.0.0.1")
|
||||
bgpd_options=("-A 127.0.0.1")
|
||||
ospfd_options=("-A 127.0.0.1")
|
||||
ospf6d_options=("-A ::1")
|
||||
ripd_options=("-A 127.0.0.1")
|
||||
ripngd_options=("-A ::1")
|
||||
isisd_options=("-A 127.0.0.1")
|
||||
pimd_options=("-A 127.0.0.1")
|
||||
nhrpd_options=("-A 127.0.0.1")
|
||||
eigrpd_options=("-A 127.0.0.1")
|
||||
sharpd_options=("-A 127.0.0.1")
|
||||
pbrd_options=("-A 127.0.0.1")
|
||||
staticd_options=("-A 127.0.0.1")
|
||||
bfdd_options=("-A 127.0.0.1")
|
||||
fabricd_options=("-A 127.0.0.1")
|
||||
|
||||
#
|
||||
# If the vtysh_enable is yes, then the unified config is read
|
||||
# and applied if it exists. If no unified frr.conf exists
|
||||
# then the per-daemon <daemon>.conf files are used)
|
||||
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
|
||||
# it is highly suggested to have this set to yes
|
||||
vtysh_enable=yes
|
59
tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2
Normal file
59
tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2
Normal file
@ -0,0 +1,59 @@
|
||||
! {{ ansible_managed }}
|
||||
|
||||
hostname {{ tripleo_frr_hostname }}
|
||||
log file /var/log/frr/frr.log {{ tripleo_frr_log_level }}
|
||||
service integrated-vtysh-config
|
||||
line vty
|
||||
|
||||
router bgp {{ tripleo_frr_bgp_asn }}
|
||||
bgp log-neighbor-changes
|
||||
bgp graceful-shutdown
|
||||
|
||||
neighbor uplink peer-group
|
||||
neighbor uplink remote-as {{ tripleo_frr_bgp_uplinks_scope }}
|
||||
! neighbor uplink capability extended-nexthop
|
||||
{% if tripleo_frr_bfd %}
|
||||
neighbor uplink bfd
|
||||
{% endif %}
|
||||
{% for iface in tripleo_frr_bgp_uplinks %}
|
||||
neighbor {{ iface }} interface peer-group uplink
|
||||
{% endfor %}
|
||||
|
||||
{% if tripleo_frr_bgp_ipv4 %}
|
||||
address-family ipv4 unicast
|
||||
redistribute connected
|
||||
{% if tripleo_frr_bgp_ipv4_allowas_in %}
|
||||
neighbor uplink allowas-in origin
|
||||
{% endif %}
|
||||
neighbor uplink prefix-list only-host-prefixes out
|
||||
exit-address-family
|
||||
{% endif %}
|
||||
|
||||
{% if tripleo_frr_bgp_ipv6 %}
|
||||
address-family ipv6 unicast
|
||||
redistribute connected
|
||||
neighbor uplink activate
|
||||
{% if tripleo_frr_bgp_ipv6_allowas_in %}
|
||||
neighbor uplink allowas-in origin
|
||||
{% endif %}
|
||||
neighbor uplink prefix-list only-host-prefixes out
|
||||
exit-address-family
|
||||
{% endif %}
|
||||
|
||||
{% if tripleo_frr_bgp_ipv4 %}
|
||||
ip prefix-list only-default permit 0.0.0.0/0
|
||||
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32
|
||||
|
||||
{% if tripleo_frr_bgp_ipv4_default_src_map|length > 0 and tripleo_frr_hostname in tripleo_frr_bgp_ipv4_default_src_map %}
|
||||
route-map rm-only-default permit 10
|
||||
match ip address prefix-list only-default
|
||||
set src {{ tripleo_frr_bgp_ipv4_default_src_map[tripleo_frr_hostname] }}
|
||||
|
||||
ip protocol bgp route-map rm-only-default
|
||||
{% endif %} {# tripleo_frr_bgp_ipv4_default_src_map #}
|
||||
{% endif %} {# tripleo_frr_bgp_ipv4 #}
|
||||
|
||||
{% if tripleo_frr_bgp_ipv6 %}
|
||||
ipv6 prefix-list only-default permit ::/0
|
||||
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128
|
||||
{% endif %}
|
Loading…
x
Reference in New Issue
Block a user