Add tripleo_frr role

FRR daemons zebra, watchfrr, bgpd and bfdd can be enabled and
configured.

Change-Id: I0fe7f3e30e21ade3d556b2d88c422a742c3e3a21
This commit is contained in:
Carlos Goncalves 2020-11-20 14:21:09 +00:00
parent 037897775d
commit 751e794638
6 changed files with 251 additions and 0 deletions

View File

@ -0,0 +1,5 @@
---
features:
- |
Added a new role ``tripleo_frr`` to configure FRR service instances.
FRR daemons ``zebra``, ``watchfrr``, ``bgpd`` and ``bfdd`` can be enabled.

View File

@ -0,0 +1,34 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_frr"
tripleo_frr_bfd: false
tripleo_frr_bgp: false
tripleo_frr_bgp_ipv4: true
tripleo_frr_bgp_ipv4_allowas_in: false
tripleo_frr_bgp_ipv6: true
tripleo_frr_bgp_ipv6_allowas_in: false
tripleo_frr_bgp_uplinks_scope: internal
tripleo_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr"
tripleo_frr_hostname: "{{ ansible_hostname }}"
tripleo_frr_log_level: informational
tripleo_frr_watchfrr: true
tripleo_frr_zebra: false
tripleo_frr_bgp_ipv4_default_src_map: {}

View File

@ -0,0 +1,42 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo_frr
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: CentOS
versions:
- 7
- 8
galaxy_tags:
- tripleo
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

View File

@ -0,0 +1,62 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: create directory {{ tripleo_frr_config_basedir }}
become: true
ansible.builtin.file:
path: "{{ tripleo_frr_config_basedir }}/etc/frr"
recurse: true
state: directory
selevel: s0
setype: container_file_t
- name: configure FRR
become: true
ansible.builtin.template:
src: frr.conf.j2
dest: "{{ tripleo_frr_config_basedir }}/etc/frr/frr.conf"
mode: '640'
selevel: s0
setype: container_file_t
register: _frr_config_result
- name: configure FRR daemons
become: true
ansible.builtin.template:
src: daemons.j2
dest: "{{ tripleo_frr_config_basedir }}/etc/frr/daemons"
mode: '640'
selevel: s0
setype: container_file_t
register: _frr_daemons_result
- name: restart FRR
when:
- _frr_config_result.changed or _frr_daemons_result.changed
block:
- name: check if tripleo_frr systemd service is active
become: true
shell: systemctl is-active --quiet tripleo_frr
failed_when: false
register: frr_active_service
- name: restart frr container
become: true
systemd:
name: tripleo_frr
state: restarted
when:
- frr_active_service.rc == 0

View File

@ -0,0 +1,49 @@
# {{ ansible_managed }}
watchfrr_enable={{ 'yes' if tripleo_frr_watchfrr else 'no' }}
{% if tripleo_frr_watchfrr %}
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
{% endif %}
#
zebra={{ 'yes' if tripleo_frr_zebra else 'no' }}
bgpd={{ 'yes' if tripleo_frr_bgp else 'no' }}
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
nhrpd=no
eigrpd=no
sharpd=no
pbrd=no
staticd=no
bfdd={{ 'yes' if tripleo_frr_bfd else 'no' }}
fabricd=no
#
# Command line options for the daemons
#
zebra_options=("-A 127.0.0.1")
bgpd_options=("-A 127.0.0.1")
ospfd_options=("-A 127.0.0.1")
ospf6d_options=("-A ::1")
ripd_options=("-A 127.0.0.1")
ripngd_options=("-A ::1")
isisd_options=("-A 127.0.0.1")
pimd_options=("-A 127.0.0.1")
nhrpd_options=("-A 127.0.0.1")
eigrpd_options=("-A 127.0.0.1")
sharpd_options=("-A 127.0.0.1")
pbrd_options=("-A 127.0.0.1")
staticd_options=("-A 127.0.0.1")
bfdd_options=("-A 127.0.0.1")
fabricd_options=("-A 127.0.0.1")
#
# If the vtysh_enable is yes, then the unified config is read
# and applied if it exists. If no unified frr.conf exists
# then the per-daemon <daemon>.conf files are used)
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
# it is highly suggested to have this set to yes
vtysh_enable=yes

View File

@ -0,0 +1,59 @@
! {{ ansible_managed }}
hostname {{ tripleo_frr_hostname }}
log file /var/log/frr/frr.log {{ tripleo_frr_log_level }}
service integrated-vtysh-config
line vty
router bgp {{ tripleo_frr_bgp_asn }}
bgp log-neighbor-changes
bgp graceful-shutdown
neighbor uplink peer-group
neighbor uplink remote-as {{ tripleo_frr_bgp_uplinks_scope }}
! neighbor uplink capability extended-nexthop
{% if tripleo_frr_bfd %}
neighbor uplink bfd
{% endif %}
{% for iface in tripleo_frr_bgp_uplinks %}
neighbor {{ iface }} interface peer-group uplink
{% endfor %}
{% if tripleo_frr_bgp_ipv4 %}
address-family ipv4 unicast
redistribute connected
{% if tripleo_frr_bgp_ipv4_allowas_in %}
neighbor uplink allowas-in origin
{% endif %}
neighbor uplink prefix-list only-host-prefixes out
exit-address-family
{% endif %}
{% if tripleo_frr_bgp_ipv6 %}
address-family ipv6 unicast
redistribute connected
neighbor uplink activate
{% if tripleo_frr_bgp_ipv6_allowas_in %}
neighbor uplink allowas-in origin
{% endif %}
neighbor uplink prefix-list only-host-prefixes out
exit-address-family
{% endif %}
{% if tripleo_frr_bgp_ipv4 %}
ip prefix-list only-default permit 0.0.0.0/0
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32
{% if tripleo_frr_bgp_ipv4_default_src_map|length > 0 and tripleo_frr_hostname in tripleo_frr_bgp_ipv4_default_src_map %}
route-map rm-only-default permit 10
match ip address prefix-list only-default
set src {{ tripleo_frr_bgp_ipv4_default_src_map[tripleo_frr_hostname] }}
ip protocol bgp route-map rm-only-default
{% endif %} {# tripleo_frr_bgp_ipv4_default_src_map #}
{% endif %} {# tripleo_frr_bgp_ipv4 #}
{% if tripleo_frr_bgp_ipv6 %}
ipv6 prefix-list only-default permit ::/0
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128
{% endif %}