Move frr setup steps to pre_deploy_step_tasks

Previously we managed to get away with starting FRR during deployment
tasks at step1. This worked because puppet config tasks (which need
all nodes to be reachable due to pacemaker) ran after deployment step
task 1. In our testing also TLS-E setups worked okay, but that was
likely mainly due to coincidence because the IPA registration tasks
were also run at step1 of the deployment tasks and came after FRR.
FRR is needed to be up in order to reach nodes like freeipa in a BGP
based deployment.

https://review.opendev.org/c/openstack/tripleo-heat-templates/+/771832
moved IPA role from deployment_step 1 to external_deployment_step 1 and
this broke TLS-E deployments with FRR, because FRR is not up already
during external deployment step 1 and so we fail to reach the freeipa
node.

We fix this by relying on newly introduced pre_deploy_step_tasks which
are run in a separate task after container_setup_task, which is where
podman gets configured and before any deployment task.

While we're at it we also remove the state: stopped line for kolla,
which makes no sense any longer. And we also remove the main block,
since a single bunch of tasks will do it and is a bit simpler.

Tested as follows:
- Deployed an FRR-enabled TLS-E environment from master (was previously
  failing 100%) a bunch of times.

Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>

Change-Id: I54531995fd180b3251901ff61296d6bd05fb85b2

deployment/frr/frr-container-ansible.yaml

@@ -159,13 +159,12 @@ outputs:
       docker_config:
         # NOTE: Create container-startup-config file in step 0 so that TripleO
         # does not auto-start the FRR container (it does so for containers in
-        # step 1-5). FRR needs to be started in step 1 but before any HA service.
+        # step 1-5). FRR will be started in the pre_deploy_step_tasks
         step_0:
           frr:
             start_order: 0
             image: {get_param: ContainerFrrImage}
             net: host
-            state: stopped
             restart: always
             healthcheck:
               test: /openstack/healthcheck
@@ -201,36 +200,34 @@ outputs:
           with_items:
             - { 'path': /var/log/containers/frr, 'setype': container_file_t, 'mode': '0750' }
             - { 'path': /var/lib/config-data/ansible-generated/frr, 'setype': container_file_t, 'mode': '0750' }
-      deploy_steps_tasks:
+      pre_deploy_step_tasks:
-        - name: Configure and start FRR before an HA service
+        - name: Configure FRR
-          when: step|int == 1
+          import_role:
-          block:
+            name: tripleo_frr
-            - name: Configure FRR
+          vars:
-              import_role:
+            tripleo_frr_config_basedir: /var/lib/config-data/ansible-generated/frr
-                name: tripleo_frr
+            tripleo_frr_bfd: {get_param: FrrBfdEnabled}
-              vars:
+            tripleo_frr_bgp: {get_param: FrrBgpEnabled}
-                tripleo_frr_config_basedir: /var/lib/config-data/ansible-generated/frr
+            tripleo_frr_bgp_asn: {get_param: FrrBgpAsn}
-                tripleo_frr_bfd: {get_param: FrrBfdEnabled}
+            tripleo_frr_bgp_ipv4: {get_param: FrrBgpIpv4Enabled}
-                tripleo_frr_bgp: {get_param: FrrBgpEnabled}
+            tripleo_frr_bgp_ipv4_allowas_in: {get_param: FrrBgpIpv4AllowASIn}
-                tripleo_frr_bgp_asn: {get_param: FrrBgpAsn}
+            tripleo_frr_bgp_ipv4_src_network: {get_param: FrrBgpIpv4SrcNetwork}
-                tripleo_frr_bgp_ipv4: {get_param: FrrBgpIpv4Enabled}
+            tripleo_frr_bgp_ipv6: {get_param: FrrBgpIpv6Enabled}
-                tripleo_frr_bgp_ipv4_allowas_in: {get_param: FrrBgpIpv4AllowASIn}
+            tripleo_frr_bgp_ipv6_allowas_in: {get_param: FrrBgpIpv6AllowASIn}
-                tripleo_frr_bgp_ipv4_src_network: {get_param: FrrBgpIpv4SrcNetwork}
+            tripleo_frr_bgp_ipv6_src_network: {get_param: FrrBgpIpv6SrcNetwork}
-                tripleo_frr_bgp_ipv6: {get_param: FrrBgpIpv6Enabled}
+            tripleo_frr_bgp_neighbor_ttl_security_hops: {get_param: FrrBgpNeighborTtlSecurityHops}
-                tripleo_frr_bgp_ipv6_allowas_in: {get_param: FrrBgpIpv6AllowASIn}
+            tripleo_frr_bgp_uplinks: {get_param: FrrBgpUplinks}
-                tripleo_frr_bgp_ipv6_src_network: {get_param: FrrBgpIpv6SrcNetwork}
+            tripleo_frr_bgp_uplinks_scope: {get_param: FrrBgpUplinksScope}
-                tripleo_frr_bgp_neighbor_ttl_security_hops: {get_param: FrrBgpNeighborTtlSecurityHops}
+            tripleo_frr_log_level: {get_param: FrrLogLevel}
-                tripleo_frr_bgp_uplinks: {get_param: FrrBgpUplinks}
+            tripleo_frr_zebra: {get_param: FrrZebraEnabled}
-                tripleo_frr_bgp_uplinks_scope: {get_param: FrrBgpUplinksScope}
+        - name: Start FRR
-                tripleo_frr_log_level: {get_param: FrrLogLevel}
+          include_role:
-                tripleo_frr_zebra: {get_param: FrrZebraEnabled}
+            name: tripleo_container_manage
-            - name: Start FRR
+          vars:
-              include_role:
+            tripleo_container_manage_config: "/var/lib/tripleo-config/container-startup-config/step_0"
-                name: tripleo_container_manage
+            tripleo_container_manage_config_id: "frr"
-              vars:
+            tripleo_container_manage_config_patterns: "frr.json"
-                tripleo_container_manage_config: "/var/lib/tripleo-config/container-startup-config/step_0"
+            tripleo_container_manage_systemd_order: true
-                tripleo_container_manage_config_id: "frr"
+            tripleo_container_manage_clean_orphans: false
-                tripleo_container_manage_config_patterns: "frr.json"
-                tripleo_container_manage_systemd_order: true
       update_tasks: []
       upgrade_tasks: []