access: add support for the FS S5800 switch

2025-09-19 10:56:20 +02:00 · 2025-09-19 10:56:20 +02:00 · 343fd0daad
commit 343fd0daad
parent 9ec6241e4a
4 changed files with 80 additions and 24 deletions
--- a/roles/access/tasks/fs-s5800-48t4s.yml
+++ b/roles/access/tasks/fs-s5800-48t4s.yml
@ -0,0 +1 @@
 fs.yml
--- a/roles/access/tasks/main.yml
+++ b/roles/access/tasks/main.yml
@ -34,7 +34,7 @@
    ansible_terminal_stderr_re: [] # some errors are not actually errors
  register: result
  # These lines are not displayed by 'sho ru' and always reported as different, so ignore them.
-  changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|no switchport trunk native vlan|no voice vlan.*|switchport mode access|switchport mode hybrid|interface .*|no enable service web-server https?|no ip dhcp snooping|no ip dhcp snooping trust|no switchport port-security.*)$')
+  changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|no switchport trunk native vlan|no voice vlan.*|switchport mode access|switchport mode hybrid|interface .*|service http disable|no enable service web-server https?|no ip dhcp snooping|no ip dhcp snooping trust|no switchport port-security.*)$')
  notify: write config
 - name: Run model-specific tasks
--- a/roles/access/templates/config-fs-s5800-48t4s.j2
+++ b/roles/access/templates/config-fs-s5800-48t4s.j2
@ -1,43 +1,41 @@
 hostname {{ inventory_hostname }}
-no netconf enable
+service http disable
-
+service telnet disable
 no enable service telnet-server
 no enable service web-server http
 no enable service web-server https
 vlan database
 {% for vlan in add_vlans %}
 vlan {{ vlan }}
 {% endfor %}
-{% for vlan in del_vlans | difference([1]) %} {# VLAN 1 can not be deleted #}
+{% for vlan in del_vlans %}
 no vlan {{ vlan }}
 {% endfor %}
 exit
-{% for iface in interfaces %}
+{# sort to ensure LAG interfaces are added last #}
-interface {{ iface.name }}
+{% for iface in interfaces | sort(attribute="type.value") | sort(attribute="mgmt_only") %}
-{% if iface.enabled %} no{% endif %} shutdown
+{% if iface.mgmt_only %}
 {% if iface.lag %}
 port-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active
 {% elif iface.mgmt_only %}
 {% for address in iface.ip_addresses %}
 {% set subnet = address.address | ipaddr('subnet') %}
 {% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
 {% if address.family.value == 4 %}
- ip address {{ address.address | ipaddr('address') }} {{ address.address | ipaddr('netmask') }}
+management ip address {{ address.address }}
 {% if prefix.custom_fields.gateway %}
- gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') }}
+management route add gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') }}
 {% endif %}
 {% else %}
- ipv6 address {{ address.address | upper }}
+management ipv6 address {{ address.address }}
 {% if prefix.custom_fields.gateway %}
 ipv6 gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') | upper }}
 {% endif %}
 {% endif %}
 {% endfor %}
 {% else %}
- mtu {{ iface.mtu | default('9216', true) }}
+
 interface {{ iface.name }}
 {% if iface.enabled %} no{% endif %} shutdown
 {% if iface.lag %}
 channel-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active
 {% else %}
 {% if iface.mode and iface.mode.value == 'access' %}
 switchport mode access
 {% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
@ -49,9 +47,10 @@ interface {{ iface.name }}
 switchport mode trunk
 switchport trunk allowed vlan only {{ (iface.tagged_vlans or vlans) | map(attribute='vid') | compact_numlist }}
 {%- elif iface.mode and iface.mode.value == 'tagged-all' %}
- switchport mode uplink
+ switchport mode trunk
- switchport trunk allowed vlan only 2-4094
+ switchport trunk allowed vlan all
 {% endif %}
 {% endif %}
 {% endif %}
 {% endfor %}
--- a/roles/access/templates/config-fs-s5860-48xmg-u.j2
+++ b/roles/access/templates/config-fs-s5860-48xmg-u.j2
@ -1 +0,0 @@
 config-fs.j2
--- a/roles/access/templates/config-fs-s5860-48xmg-u.j2
+++ b/roles/access/templates/config-fs-s5860-48xmg-u.j2
@ -0,0 +1,57 @@
 hostname {{ inventory_hostname }}
 no netconf enable
 no enable service telnet-server
 no enable service web-server http
 no enable service web-server https
 {% for vlan in add_vlans %}
 vlan {{ vlan }}
 {% endfor %}
 {% for vlan in del_vlans | difference([1]) %} {# VLAN 1 can not be deleted #}
 no vlan {{ vlan }}
 {% endfor %}
 {% for iface in interfaces %}
 interface {{ iface.name }}
 {% if iface.enabled %} no{% endif %} shutdown
 {% if iface.lag %}
 port-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active
 {% elif iface.mgmt_only %}
 {% for address in iface.ip_addresses %}
 {% set subnet = address.address | ipaddr('subnet') %}
 {% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
 {% if address.family.value == 4 %}
 ip address {{ address.address | ipaddr('address') }} {{ address.address | ipaddr('netmask') }}
 {% if prefix.custom_fields.gateway %}
 gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') }}
 {% endif %}
 {% else %}
 ipv6 address {{ address.address | upper }}
 {% if prefix.custom_fields.gateway %}
 ipv6 gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') | upper }}
 {% endif %}
 {% endif %}
 {% endfor %}
 {% else %}
 mtu {{ iface.mtu | default('9216', true) }}
 {% if iface.mode and iface.mode.value == 'access' %}
 switchport mode access
 {% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
 switchport access vlan {{ iface.untagged_vlan.vid }}
 {% else %}
 no switchport access vlan
 {% endif %}
 {%- elif iface.mode and iface.mode.value == 'tagged' %}
 switchport mode trunk
 switchport trunk allowed vlan only {{ (iface.tagged_vlans or vlans) | map(attribute='vid') | compact_numlist }}
 {%- elif iface.mode and iface.mode.value == 'tagged-all' %}
 switchport mode uplink
 switchport trunk allowed vlan only 2-4094
 {% endif %}
 {% endif %}
 {% endfor %}