Add FRR service

This adds support for BGP via the OS::TripleO::Services::Frr service.
Spec: https://review.opendev.org/c/openstack/tripleo-specs/+/758249

We create the frr configuration via the corresponding tripleo_frr
ansible role at step0. We start the FRR container at deployment step
1 before pacemaker gets configured as the routing to all the other nodes
needs to be functional before setting up the cluster.

Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>

Change-Id: I7cef73c57e7b69f4d031e220c954803afd5e0b8c

deployment/frr/frr-container-ansible.yaml

@@ -0,0 +1,236 @@
+heat_template_version: rocky
+
+description: >
+  Configures FRR on the host
+
+parameters:
+  ContainerFrrImage:
+    description: The container image for Frr
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  FrrBfdEnabled:
+    default: false
+    description: Enable Bidirectional Forwarding Detection
+    type: boolean
+  FrrBgpEnabled:
+    default: true
+    description: Enable BGP
+    type: boolean
+  FrrBgpAsn:
+    default: 65000
+    description: Default ASN to be used within FRR
+    type: number
+  FrrBgpIpv4Enabled:
+    default: true
+    description: Enable BGP advertisement of IPv4 routes
+    type: boolean
+  FrrBgpIpv4AllowASIn:
+    default: false
+    description: Allow for IPv4 routes to be received and processed even if the
+                 router detects its own ASN in the AS-Path.
+    type: boolean
+  FrrBgpIpv4SrcNetwork:
+    default: ctlplane
+    description: The name of the Neutron network from where the IP address of
+                 the node will be taken and set as source IPv4 address on the
+                 default route.
+    type: string
+  FrrBgpIpv6Enabled:
+    default: true
+    description: Enable BGP advertisement of IPv6 routes
+    type: boolean
+  FrrBgpIpv6AllowASIn:
+    default: false
+    description: Allow for IPv6 routes to be received and processed even if the
+                 router detects its own ASN in the AS-Path.
+    type: boolean
+  FrrBgpIpv6SrcNetwork:
+    default: ctlplane
+    description: The name of the Neutron network from where the IP address of
+                 the node will be taken and set as source IPv6 address on the
+                 default route.
+    type: string
+  FrrBgpUplinks:
+    default: ['nic1', 'nic2']
+    description: List of uplink network interfaces.
+    type: comma_delimited_list
+  FrrBgpUplinksScope:
+    default: 'internal'
+    type: string
+    description: Either peer with internal (iBGP) or external (eBGP) neighbors.
+    constraints:
+      - allowed_values: ['internal', 'external']
+  FrrLoggingSource:
+    type: json
+    default:
+      tag: system.frr
+      file: /var/log/containers/frr/frr.log
+  FrrLogLevel:
+    default: 'informational'
+    type: string
+    description: log level
+    constraints:
+      - allowed_values: ['emergencies', 'alerts', 'critical', 'errors',
+                         'warnings', 'notifications', 'informational',
+                         'debugging']
+  FrrZebraEnabled:
+    default: true
+    description: enable Zebra
+    type: boolean
+  FrrPacemakerVipNic:
+    default: 'lo'
+    description: Name of the nic that the pacemaker VIPs will be added to when
+                 runninng with FRR.
+    type: string
+  FrrBgpNeighborTtlSecurityHops:
+    default: 1
+    description: Enforce Generalized TTL Security Mechanism (GTSM) where only
+                 neighbors that are the specified number of hops away will be
+                 allowed to become neighbors. Setting value to zero or less
+                 will disable GTSM.
+    type: number
+
+outputs:
+  role_data:
+    description: Role data for the FRR service
+    value:
+      service_name: frr
+      config_settings:
+        tripleo::pacemaker::force_nic: {get_param: FrrPacemakerVipNic}
+      service_config_settings:
+        rsyslog:
+          tripleo_logging_sources_frr:
+            - {get_param: FrrLoggingSource}
+      firewall_rules:
+        map_merge:
+          - if:
+            - {get_param: FrrBgpEnabled}
+            - '156 bgp tcp':
+                proto: 'tcp'
+                dport: 179
+            - {}
+          - if:
+            - {get_param: FrrBfdEnabled}
+            - '156 bfd udp':
+                 proto: 'udp'
+                 dport:
+                 - 3784
+                 - 3785
+            - {}
+      kolla_config:
+        /var/lib/kolla/config_files/frr.json:
+          # Note: This is currently needed because watchfrr *always* demonizes
+          command: bash -c $* -- eval /usr/lib/frr/frr start && /bin/sleep infinity
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+          permissions:
+            - path: /etc/frr
+              owner: frr:frr
+              recurse: true
+            - path: /var/log/frr
+              owner: frr:frr
+              recurse: true
+
+      docker_config:
+        # NOTE: Create container-startup-config file in step 0 so that TripleO
+        # does not auto-start the FRR container (it does so for containers in
+        # step 1-5). FRR needs to be started in step 1 but before any HA service.
+        step_0:
+          frr:
+            start_order: 0
+            image: {get_param: ContainerFrrImage}
+            net: host
+            state: stopped
+            restart: always
+            healthcheck:
+              test: /openstack/healthcheck
+            cap_add:
+              - NET_BIND_SERVICE
+              - NET_RAW
+              - NET_ADMIN
+              - SYS_ADMIN
+            # We cannot bind mount the InternalTLSCAFile as freeipa might not
+            # be reachable without frr
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /dev/log:/dev/log
+              # OpenSSL trusted CAs
+              - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
+              - /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro
+              - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
+              - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
+              - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
+              - /var/lib/kolla/config_files/frr.json:/var/lib/kolla/config_files/config.json:ro
+              - /var/lib/config-data/ansible-generated/frr:/var/lib/kolla/config_files/src:ro
+              - /var/log/containers/frr:/var/log/frr:z
+            environment:
+              KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent directories
+          file:
+            path: "{{ item.path }}"
+            state: directory
+            setype: "{{ item.setype }}"
+            mode: "{{ item.mode }}"
+          with_items:
+            - { 'path': /var/log/containers/frr, 'setype': container_file_t, 'mode': '0750' }
+            - { 'path': /var/lib/config-data/ansible-generated/frr, 'setype': container_file_t, 'mode': '0750' }
+      deploy_steps_tasks:
+        - name: Configure and start FRR before an HA service
+          when: step|int == 1
+          block:
+            - name: Configure FRR
+              import_role:
+                name: tripleo_frr
+              vars:
+                tripleo_frr_config_basedir: /var/lib/config-data/ansible-generated/frr
+                tripleo_frr_bfd: {get_param: FrrBfdEnabled}
+                tripleo_frr_bgp: {get_param: FrrBgpEnabled}
+                tripleo_frr_bgp_asn: {get_param: FrrBgpAsn}
+                tripleo_frr_bgp_ipv4: {get_param: FrrBgpIpv4Enabled}
+                tripleo_frr_bgp_ipv4_allowas_in: {get_param: FrrBgpIpv4AllowASIn}
+                tripleo_frr_bgp_ipv4_src_network: {get_param: FrrBgpIpv4SrcNetwork}
+                tripleo_frr_bgp_ipv6: {get_param: FrrBgpIpv6Enabled}
+                tripleo_frr_bgp_ipv6_allowas_in: {get_param: FrrBgpIpv6AllowASIn}
+                tripleo_frr_bgp_ipv6_src_network: {get_param: FrrBgpIpv6SrcNetwork}
+                tripleo_frr_bgp_neighbor_ttl_security_hops: {get_param: FrrBgpNeighborTtlSecurityHops}
+                tripleo_frr_bgp_uplinks: {get_param: FrrBgpUplinks}
+                tripleo_frr_bgp_uplinks_scope: {get_param: FrrBgpUplinksScope}
+                tripleo_frr_log_level: {get_param: FrrLogLevel}
+                tripleo_frr_zebra: {get_param: FrrZebraEnabled}
+            - name: Start FRR
+              include_role:
+                name: tripleo_container_manage
+              vars:
+                tripleo_container_manage_config: "/var/lib/tripleo-config/container-startup-config/step_0"
+                tripleo_container_manage_config_id: "frr"
+                tripleo_container_manage_config_patterns: "frr.json"
+                tripleo_container_manage_systemd_order: true
+      update_tasks: []
+      upgrade_tasks: []

environments/hyperconverged-ceph.yaml

@@ -60,3 +60,4 @@ parameter_defaults:
     - OS::TripleO::Services::Rear
     - OS::TripleO::Services::Rhsm
     - OS::TripleO::Services::Podman
+    - OS::TripleO::Services::Frr

environments/services/frr.yaml

@@ -0,0 +1,9 @@
+resource_registry:
+  OS::TripleO::Services::Frr: ../../deployment/frr/frr-container-ansible.yaml
+
+parameter_defaults:
+  # These need to be disabled by default when using FRR/BGP because
+  # the gateways and other controllers are very unlikely to be reachable
+  # that early in the deployment (i.e. BGP needs to be up and functional for that to work)
+  ValidateControllersIcmp: false
+  ValidateGatewaysIcmp: false

overcloud-resource-registry-puppet.j2.yaml

@@ -323,6 +323,7 @@ resource_registry:
   OS::TripleO::Services::Multipathd: OS::Heat::None
   OS::TripleO::Services::GlanceApiEdge: OS::Heat::None
   OS::TripleO::Services::HAproxyEdge: OS::Heat::None
+  OS::TripleO::Services::Frr: OS::Heat::None
 
   # Logging
   OS::TripleO::Services::Tmpwatch: deployment/logrotate/tmpwatch-install.yaml

releasenotes/notes/frr-support-21648d0660a810ac.yaml

@@ -0,0 +1,15 @@
+---
+features:
+  - |
+    Added FRR as a new TripleO service. This service allows cloud operators to
+    deploy pure L3 control plane via BGP protocol. This has the following
+    benefits:
+
+    * Obtain multiple routes on multiple uplinks
+    * BGP used for ECMP load balancing and BFD for resiliency
+    * Advertise routes to API endpoints
+    * Less L2 traffic
+
+    Please refer to `Install and Configure FRRouter specification
+    <https://specs.openstack.org/openstack/tripleo-specs/specs/wallaby/triplo-bgp-frrouter.html>`_
+    for more information.

roles/BlockStorage.yaml

@@ -24,6 +24,7 @@
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::CinderBackendVRTSHyperScale
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/CellController.yaml

@@ -31,6 +31,7 @@
     - OS::TripleO::Services::Clustercheck
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::ContainerImagePrepare
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::HAproxy
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/CephAll.yaml

@@ -28,6 +28,7 @@
     - OS::TripleO::Services::CephRgw
     - OS::TripleO::Services::CephOSD
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/CephFile.yaml

@@ -25,6 +25,7 @@
     - OS::TripleO::Services::CephMds
     - OS::TripleO::Services::CephOSD
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/CephObject.yaml

@@ -25,6 +25,7 @@
     - OS::TripleO::Services::CephRgw
     - OS::TripleO::Services::CephOSD
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/CephStorage.yaml

@@ -24,6 +24,7 @@
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::CephOSD
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/Compute.yaml

@@ -45,6 +45,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeAlt.yaml

@@ -30,6 +30,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgentAlt
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::IscsidAlt
     - OS::TripleO::Services::Kernel

roles/ComputeDVR.yaml

@@ -32,6 +32,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeHCI.yaml

@@ -34,6 +34,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeHCIOvsDpdk.yaml

@@ -38,6 +38,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsDpdk
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeHCISriov.yaml

@@ -34,6 +34,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeInstanceHA.yaml

@@ -32,6 +32,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeLiquidio.yaml

@@ -33,6 +33,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeLocalEphemeral.yaml

@@ -34,6 +34,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeOvsDpdk.yaml

@@ -35,6 +35,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsDpdk
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeOvsDpdkRT.yaml

@@ -37,6 +37,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsDpdk
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeOvsDpdkSriov.yaml

@@ -31,6 +31,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsDpdk
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeOvsDpdkSriovRT.yaml

@@ -34,6 +34,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsDpdk
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputePPC64LE.yaml

@@ -32,6 +32,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeRBDEphemeral.yaml

@@ -34,6 +34,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeRealTime.yaml

@@ -42,6 +42,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeSriov.yaml

@@ -30,6 +30,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeSriovIB.yaml

@@ -30,6 +30,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/ComputeSriovRT.yaml

@@ -33,6 +33,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/Controller.yaml

@@ -91,6 +91,7 @@
     - OS::TripleO::Services::DesignateSink
     - OS::TripleO::Services::Etcd
     - OS::TripleO::Services::ExternalSwiftProxy
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi
     - OS::TripleO::Services::GnocchiMetricd

roles/ControllerAllNovaStandalone.yaml

@@ -56,6 +56,7 @@
     - OS::TripleO::Services::DesignateMDNS
     - OS::TripleO::Services::DesignateSink
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::GlanceApi

roles/ControllerNoCeph.yaml

@@ -78,6 +78,7 @@
     - OS::TripleO::Services::DesignateMDNS
     - OS::TripleO::Services::DesignateSink
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::ExternalSwiftProxy
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi

roles/ControllerNovaStandalone.yaml

@@ -64,6 +64,7 @@
     - OS::TripleO::Services::Clustercheck
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::ExternalSwiftProxy
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi

roles/ControllerOpenstack.yaml

@@ -61,6 +61,7 @@
     - OS::TripleO::Services::DesignateMDNS
     - OS::TripleO::Services::DesignateSink
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::GlanceApi

roles/ControllerSriov.yaml

@@ -83,6 +83,7 @@
     - OS::TripleO::Services::DesignateSink
     - OS::TripleO::Services::Docker
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::ExternalSwiftProxy
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi

roles/ControllerStorageDashboard.yaml

@@ -88,6 +88,7 @@
     - OS::TripleO::Services::DesignateMDNS
     - OS::TripleO::Services::DesignateSink
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::ExternalSwiftProxy
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi

roles/ControllerStorageNfs.yaml

@@ -89,6 +89,7 @@
     - OS::TripleO::Services::DesignateMDNS
     - OS::TripleO::Services::DesignateSink
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::ExternalSwiftProxy
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi

roles/Database.yaml

@@ -16,6 +16,7 @@
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::Clustercheck
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/DistributedCompute.yaml

@@ -33,6 +33,7 @@
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GlanceApiEdge
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec

roles/DistributedComputeHCI.yaml

@@ -42,6 +42,7 @@
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GlanceApiEdge
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec

roles/DistributedComputeHCIDashboard.yaml

@@ -44,6 +44,7 @@
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Etcd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GlanceApiEdge
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec

roles/DistributedComputeHCIScaleOut.yaml

@@ -34,6 +34,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::HAproxyEdge
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec

roles/DistributedComputeScaleOut.yaml

@@ -31,6 +31,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::HAproxyEdge
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec

roles/HciCephAll.yaml

@@ -40,6 +40,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/HciCephFile.yaml

@@ -35,6 +35,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/HciCephMon.yaml

@@ -36,6 +36,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/HciCephObject.yaml

@@ -35,6 +35,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid

roles/IronicConductor.yaml

@@ -17,6 +17,7 @@
     - OS::TripleO::Services::BootParams
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::IronicConductor

roles/Messaging.yaml

@@ -15,6 +15,7 @@
     - OS::TripleO::Services::BootParams
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/Networker.yaml

@@ -19,6 +19,7 @@
     - OS::TripleO::Services::BootParams
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::IronicNeutronAgent

roles/NetworkerSriov.yaml

@@ -20,6 +20,7 @@
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::IronicNeutronAgent

roles/NovaManager.yaml

@@ -15,6 +15,7 @@
     - OS::TripleO::Services::BootParams
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/Novacontrol.yaml

@@ -16,6 +16,7 @@
     - OS::TripleO::Services::BootParams
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/ObjectStorage.yaml

@@ -30,6 +30,7 @@
     - OS::TripleO::Services::BootParams
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles/Standalone.yaml

@@ -89,6 +89,7 @@
     - OS::TripleO::Services::DockerRegistry
     - OS::TripleO::Services::Etcd
     - OS::TripleO::Services::ExternalSwiftProxy
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi
     - OS::TripleO::Services::GnocchiMetricd

roles/Telemetry.yaml

@@ -26,6 +26,7 @@
     - OS::TripleO::Services::CephExternal
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::ContainersLogrotateCrond
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GnocchiApi
     - OS::TripleO::Services::GnocchiMetricd
     - OS::TripleO::Services::GnocchiStatsd

roles/Undercloud.yaml

@@ -38,6 +38,7 @@
     - OS::TripleO::Services::ContainerImagePrepare
     - OS::TripleO::Services::ContainersLogrotateCrond
     - OS::TripleO::Services::DockerRegistry
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi
     - OS::TripleO::Services::GnocchiMetricd

roles_data.yaml

@@ -94,6 +94,7 @@
     - OS::TripleO::Services::DesignateSink
     - OS::TripleO::Services::Etcd
     - OS::TripleO::Services::ExternalSwiftProxy
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi
     - OS::TripleO::Services::GnocchiMetricd
@@ -232,6 +233,7 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid
@@ -291,6 +293,7 @@
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::CinderBackendVRTSHyperScale
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Iscsid
@@ -345,6 +348,7 @@
     - OS::TripleO::Services::BootParams
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel
@@ -394,6 +398,7 @@
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::CephOSD
     - OS::TripleO::Services::Collectd
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::IpaClient
     - OS::TripleO::Services::Ipsec
     - OS::TripleO::Services::Kernel

roles_data_undercloud.yaml

@@ -41,6 +41,7 @@
     - OS::TripleO::Services::ContainerImagePrepare
     - OS::TripleO::Services::ContainersLogrotateCrond
     - OS::TripleO::Services::DockerRegistry
+    - OS::TripleO::Services::Frr
     - OS::TripleO::Services::GlanceApi
     - OS::TripleO::Services::GnocchiApi
     - OS::TripleO::Services::GnocchiMetricd