Add tripleo_frr role
FRR daemons zebra, watchfrr, bgpd and bfdd can be enabled and configured. Change-Id: I0fe7f3e30e21ade3d556b2d88c422a742c3e3a21
This commit is contained in:
parent
037897775d
commit
751e794638
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added a new role ``tripleo_frr`` to configure FRR service instances.
|
||||||
|
FRR daemons ``zebra``, ``watchfrr``, ``bgpd`` and ``bfdd`` can be enabled.
|
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
# Copyright 2020 Red Hat, Inc.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
# All variables intended for modification should be placed in this file.
|
||||||
|
|
||||||
|
# All variables within this role should have a prefix of "tripleo_frr"
|
||||||
|
|
||||||
|
tripleo_frr_bfd: false
|
||||||
|
tripleo_frr_bgp: false
|
||||||
|
tripleo_frr_bgp_ipv4: true
|
||||||
|
tripleo_frr_bgp_ipv4_allowas_in: false
|
||||||
|
tripleo_frr_bgp_ipv6: true
|
||||||
|
tripleo_frr_bgp_ipv6_allowas_in: false
|
||||||
|
tripleo_frr_bgp_uplinks_scope: internal
|
||||||
|
tripleo_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr"
|
||||||
|
tripleo_frr_hostname: "{{ ansible_hostname }}"
|
||||||
|
tripleo_frr_log_level: informational
|
||||||
|
tripleo_frr_watchfrr: true
|
||||||
|
tripleo_frr_zebra: false
|
||||||
|
tripleo_frr_bgp_ipv4_default_src_map: {}
|
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
# Copyright 2020 Red Hat, Inc.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: OpenStack
|
||||||
|
description: TripleO OpenStack Role -- tripleo_frr
|
||||||
|
company: Red Hat
|
||||||
|
license: Apache-2.0
|
||||||
|
min_ansible_version: 2.7
|
||||||
|
#
|
||||||
|
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||||
|
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||||
|
# To view available platforms and versions (or releases), visit:
|
||||||
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
|
#
|
||||||
|
platforms:
|
||||||
|
- name: CentOS
|
||||||
|
versions:
|
||||||
|
- 7
|
||||||
|
- 8
|
||||||
|
|
||||||
|
galaxy_tags:
|
||||||
|
- tripleo
|
||||||
|
|
||||||
|
|
||||||
|
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||||
|
# if you add dependencies to this list.
|
||||||
|
dependencies: []
|
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
# Copyright 2020 Red Hat, Inc.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
- name: create directory {{ tripleo_frr_config_basedir }}
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ tripleo_frr_config_basedir }}/etc/frr"
|
||||||
|
recurse: true
|
||||||
|
state: directory
|
||||||
|
selevel: s0
|
||||||
|
setype: container_file_t
|
||||||
|
|
||||||
|
- name: configure FRR
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: frr.conf.j2
|
||||||
|
dest: "{{ tripleo_frr_config_basedir }}/etc/frr/frr.conf"
|
||||||
|
mode: '640'
|
||||||
|
selevel: s0
|
||||||
|
setype: container_file_t
|
||||||
|
register: _frr_config_result
|
||||||
|
|
||||||
|
- name: configure FRR daemons
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: daemons.j2
|
||||||
|
dest: "{{ tripleo_frr_config_basedir }}/etc/frr/daemons"
|
||||||
|
mode: '640'
|
||||||
|
selevel: s0
|
||||||
|
setype: container_file_t
|
||||||
|
register: _frr_daemons_result
|
||||||
|
|
||||||
|
- name: restart FRR
|
||||||
|
when:
|
||||||
|
- _frr_config_result.changed or _frr_daemons_result.changed
|
||||||
|
block:
|
||||||
|
- name: check if tripleo_frr systemd service is active
|
||||||
|
become: true
|
||||||
|
shell: systemctl is-active --quiet tripleo_frr
|
||||||
|
failed_when: false
|
||||||
|
register: frr_active_service
|
||||||
|
|
||||||
|
- name: restart frr container
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: tripleo_frr
|
||||||
|
state: restarted
|
||||||
|
when:
|
||||||
|
- frr_active_service.rc == 0
|
|
@ -0,0 +1,49 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
watchfrr_enable={{ 'yes' if tripleo_frr_watchfrr else 'no' }}
|
||||||
|
{% if tripleo_frr_watchfrr %}
|
||||||
|
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
|
||||||
|
{% endif %}
|
||||||
|
#
|
||||||
|
zebra={{ 'yes' if tripleo_frr_zebra else 'no' }}
|
||||||
|
bgpd={{ 'yes' if tripleo_frr_bgp else 'no' }}
|
||||||
|
ospfd=no
|
||||||
|
ospf6d=no
|
||||||
|
ripd=no
|
||||||
|
ripngd=no
|
||||||
|
isisd=no
|
||||||
|
pimd=no
|
||||||
|
nhrpd=no
|
||||||
|
eigrpd=no
|
||||||
|
sharpd=no
|
||||||
|
pbrd=no
|
||||||
|
staticd=no
|
||||||
|
bfdd={{ 'yes' if tripleo_frr_bfd else 'no' }}
|
||||||
|
fabricd=no
|
||||||
|
|
||||||
|
#
|
||||||
|
# Command line options for the daemons
|
||||||
|
#
|
||||||
|
zebra_options=("-A 127.0.0.1")
|
||||||
|
bgpd_options=("-A 127.0.0.1")
|
||||||
|
ospfd_options=("-A 127.0.0.1")
|
||||||
|
ospf6d_options=("-A ::1")
|
||||||
|
ripd_options=("-A 127.0.0.1")
|
||||||
|
ripngd_options=("-A ::1")
|
||||||
|
isisd_options=("-A 127.0.0.1")
|
||||||
|
pimd_options=("-A 127.0.0.1")
|
||||||
|
nhrpd_options=("-A 127.0.0.1")
|
||||||
|
eigrpd_options=("-A 127.0.0.1")
|
||||||
|
sharpd_options=("-A 127.0.0.1")
|
||||||
|
pbrd_options=("-A 127.0.0.1")
|
||||||
|
staticd_options=("-A 127.0.0.1")
|
||||||
|
bfdd_options=("-A 127.0.0.1")
|
||||||
|
fabricd_options=("-A 127.0.0.1")
|
||||||
|
|
||||||
|
#
|
||||||
|
# If the vtysh_enable is yes, then the unified config is read
|
||||||
|
# and applied if it exists. If no unified frr.conf exists
|
||||||
|
# then the per-daemon <daemon>.conf files are used)
|
||||||
|
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
|
||||||
|
# it is highly suggested to have this set to yes
|
||||||
|
vtysh_enable=yes
|
|
@ -0,0 +1,59 @@
|
||||||
|
! {{ ansible_managed }}
|
||||||
|
|
||||||
|
hostname {{ tripleo_frr_hostname }}
|
||||||
|
log file /var/log/frr/frr.log {{ tripleo_frr_log_level }}
|
||||||
|
service integrated-vtysh-config
|
||||||
|
line vty
|
||||||
|
|
||||||
|
router bgp {{ tripleo_frr_bgp_asn }}
|
||||||
|
bgp log-neighbor-changes
|
||||||
|
bgp graceful-shutdown
|
||||||
|
|
||||||
|
neighbor uplink peer-group
|
||||||
|
neighbor uplink remote-as {{ tripleo_frr_bgp_uplinks_scope }}
|
||||||
|
! neighbor uplink capability extended-nexthop
|
||||||
|
{% if tripleo_frr_bfd %}
|
||||||
|
neighbor uplink bfd
|
||||||
|
{% endif %}
|
||||||
|
{% for iface in tripleo_frr_bgp_uplinks %}
|
||||||
|
neighbor {{ iface }} interface peer-group uplink
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% if tripleo_frr_bgp_ipv4 %}
|
||||||
|
address-family ipv4 unicast
|
||||||
|
redistribute connected
|
||||||
|
{% if tripleo_frr_bgp_ipv4_allowas_in %}
|
||||||
|
neighbor uplink allowas-in origin
|
||||||
|
{% endif %}
|
||||||
|
neighbor uplink prefix-list only-host-prefixes out
|
||||||
|
exit-address-family
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if tripleo_frr_bgp_ipv6 %}
|
||||||
|
address-family ipv6 unicast
|
||||||
|
redistribute connected
|
||||||
|
neighbor uplink activate
|
||||||
|
{% if tripleo_frr_bgp_ipv6_allowas_in %}
|
||||||
|
neighbor uplink allowas-in origin
|
||||||
|
{% endif %}
|
||||||
|
neighbor uplink prefix-list only-host-prefixes out
|
||||||
|
exit-address-family
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if tripleo_frr_bgp_ipv4 %}
|
||||||
|
ip prefix-list only-default permit 0.0.0.0/0
|
||||||
|
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32
|
||||||
|
|
||||||
|
{% if tripleo_frr_bgp_ipv4_default_src_map|length > 0 and tripleo_frr_hostname in tripleo_frr_bgp_ipv4_default_src_map %}
|
||||||
|
route-map rm-only-default permit 10
|
||||||
|
match ip address prefix-list only-default
|
||||||
|
set src {{ tripleo_frr_bgp_ipv4_default_src_map[tripleo_frr_hostname] }}
|
||||||
|
|
||||||
|
ip protocol bgp route-map rm-only-default
|
||||||
|
{% endif %} {# tripleo_frr_bgp_ipv4_default_src_map #}
|
||||||
|
{% endif %} {# tripleo_frr_bgp_ipv4 #}
|
||||||
|
|
||||||
|
{% if tripleo_frr_bgp_ipv6 %}
|
||||||
|
ipv6 prefix-list only-default permit ::/0
|
||||||
|
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128
|
||||||
|
{% endif %}
|
Loading…
Reference in New Issue