Add tripleo_frr role

FRR daemons zebra, watchfrr, bgpd and bfdd can be enabled and
configured.

Change-Id: I0fe7f3e30e21ade3d556b2d88c422a742c3e3a21

releasenotes/notes/add_tripleo_frr_role-793d53d11eded3bf.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Added a new role ``tripleo_frr`` to configure FRR service instances.
+    FRR daemons ``zebra``, ``watchfrr``, ``bgpd`` and ``bfdd`` can be enabled.

tripleo_ansible/roles/tripleo_frr/defaults/main.yml

@@ -0,0 +1,34 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should be placed in this file.
+
+# All variables within this role should have a prefix of "tripleo_frr"
+
+tripleo_frr_bfd: false
+tripleo_frr_bgp: false
+tripleo_frr_bgp_ipv4: true
+tripleo_frr_bgp_ipv4_allowas_in: false
+tripleo_frr_bgp_ipv6: true
+tripleo_frr_bgp_ipv6_allowas_in: false
+tripleo_frr_bgp_uplinks_scope: internal
+tripleo_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr"
+tripleo_frr_hostname: "{{ ansible_hostname }}"
+tripleo_frr_log_level: informational
+tripleo_frr_watchfrr: true
+tripleo_frr_zebra: false
+tripleo_frr_bgp_ipv4_default_src_map: {}

tripleo_ansible/roles/tripleo_frr/meta/main.yml

@@ -0,0 +1,42 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: OpenStack
+  description: TripleO OpenStack Role -- tripleo_frr
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: 2.7
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: CentOS
+      versions:
+        - 7
+        - 8
+
+  galaxy_tags:
+    - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []

tripleo_ansible/roles/tripleo_frr/tasks/main.yml

@@ -0,0 +1,62 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: create directory {{ tripleo_frr_config_basedir }}
+  become: true
+  ansible.builtin.file:
+    path: "{{ tripleo_frr_config_basedir }}/etc/frr"
+    recurse: true
+    state: directory
+    selevel: s0
+    setype: container_file_t
+
+- name: configure FRR
+  become: true
+  ansible.builtin.template:
+    src: frr.conf.j2
+    dest: "{{ tripleo_frr_config_basedir }}/etc/frr/frr.conf"
+    mode: '640'
+    selevel: s0
+    setype: container_file_t
+  register: _frr_config_result
+
+- name: configure FRR daemons
+  become: true
+  ansible.builtin.template:
+    src: daemons.j2
+    dest: "{{ tripleo_frr_config_basedir }}/etc/frr/daemons"
+    mode: '640'
+    selevel: s0
+    setype: container_file_t
+  register: _frr_daemons_result
+
+- name: restart FRR
+  when:
+    - _frr_config_result.changed or _frr_daemons_result.changed
+  block:
+    - name: check if tripleo_frr systemd service is active
+      become: true
+      shell: systemctl is-active --quiet tripleo_frr
+      failed_when: false
+      register: frr_active_service
+
+    - name: restart frr container
+      become: true
+      systemd:
+        name: tripleo_frr
+        state: restarted
+      when:
+        - frr_active_service.rc == 0

tripleo_ansible/roles/tripleo_frr/templates/daemons.j2

@@ -0,0 +1,49 @@
+# {{ ansible_managed }}
+
+watchfrr_enable={{ 'yes' if tripleo_frr_watchfrr else 'no' }}
+{% if tripleo_frr_watchfrr %}
+watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
+{% endif %}
+#
+zebra={{ 'yes' if tripleo_frr_zebra else 'no' }}
+bgpd={{ 'yes' if tripleo_frr_bgp else 'no' }}
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+pimd=no
+nhrpd=no
+eigrpd=no
+sharpd=no
+pbrd=no
+staticd=no
+bfdd={{ 'yes' if tripleo_frr_bfd else 'no' }}
+fabricd=no
+
+#
+# Command line options for the daemons
+#
+zebra_options=("-A 127.0.0.1")
+bgpd_options=("-A 127.0.0.1")
+ospfd_options=("-A 127.0.0.1")
+ospf6d_options=("-A ::1")
+ripd_options=("-A 127.0.0.1")
+ripngd_options=("-A ::1")
+isisd_options=("-A 127.0.0.1")
+pimd_options=("-A 127.0.0.1")
+nhrpd_options=("-A 127.0.0.1")
+eigrpd_options=("-A 127.0.0.1")
+sharpd_options=("-A 127.0.0.1")
+pbrd_options=("-A 127.0.0.1")
+staticd_options=("-A 127.0.0.1")
+bfdd_options=("-A 127.0.0.1")
+fabricd_options=("-A 127.0.0.1")
+
+#
+# If the vtysh_enable is yes, then the unified config is read
+# and applied if it exists.  If no unified frr.conf exists
+# then the per-daemon <daemon>.conf files are used)
+# If vtysh_enable is no or non-existant, the frr.conf is ignored.
+# it is highly suggested to have this set to yes
+vtysh_enable=yes

tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2

@@ -0,0 +1,59 @@
+! {{ ansible_managed }}
+
+hostname {{ tripleo_frr_hostname }}
+log file /var/log/frr/frr.log {{ tripleo_frr_log_level }}
+service integrated-vtysh-config
+line vty
+
+router bgp {{ tripleo_frr_bgp_asn }}
+  bgp log-neighbor-changes
+  bgp graceful-shutdown
+
+  neighbor uplink peer-group
+  neighbor uplink remote-as {{ tripleo_frr_bgp_uplinks_scope }}
+  ! neighbor uplink capability extended-nexthop
+{% if tripleo_frr_bfd %}
+  neighbor uplink bfd
+{% endif %}
+{% for iface in tripleo_frr_bgp_uplinks %}
+  neighbor {{ iface }} interface peer-group uplink
+{% endfor %}
+
+{% if tripleo_frr_bgp_ipv4 %}
+  address-family ipv4 unicast
+    redistribute connected
+{% if tripleo_frr_bgp_ipv4_allowas_in %}
+    neighbor uplink allowas-in origin
+{% endif %}
+    neighbor uplink prefix-list only-host-prefixes out
+  exit-address-family
+{% endif %}
+
+{% if tripleo_frr_bgp_ipv6 %}
+  address-family ipv6 unicast
+    redistribute connected
+    neighbor uplink activate
+{% if tripleo_frr_bgp_ipv6_allowas_in %}
+    neighbor uplink allowas-in origin
+{% endif %}
+    neighbor uplink prefix-list only-host-prefixes out
+  exit-address-family
+{% endif %}
+
+{% if tripleo_frr_bgp_ipv4 %}
+ip prefix-list only-default permit 0.0.0.0/0
+ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32
+
+{% if tripleo_frr_bgp_ipv4_default_src_map|length > 0 and tripleo_frr_hostname in tripleo_frr_bgp_ipv4_default_src_map %}
+route-map rm-only-default permit 10
+  match ip address prefix-list only-default
+  set src {{ tripleo_frr_bgp_ipv4_default_src_map[tripleo_frr_hostname] }}
+
+ip protocol bgp route-map rm-only-default
+{% endif %} {# tripleo_frr_bgp_ipv4_default_src_map #}
+{% endif %} {# tripleo_frr_bgp_ipv4 #}
+
+{% if tripleo_frr_bgp_ipv6 %}
+ipv6 prefix-list only-default permit ::/0
+ipv6 prefix-list only-host-prefixes permit ::/0 ge 128
+{% endif %}