servers/roles/debian/tasks/main.yml

- name: Set up management interface
  template:
    dest: /etc/network/interfaces
    src: interfaces.j2
    mode: 0644
  notify: reboot

- name: Set up loopback interface
  template:
    dest: /etc/network/interfaces.d/loopback.intf
    src: loopback.intf.j2
    mode: 0644
  notify: reboot

- name: Set up fabric interfaces
  template:
    dest: /etc/network/interfaces.d/fabric.intf
    src: fabric.intf.j2
    mode: 0644
  notify: reboot

- name: Install ifupdown2
  package: name=ifupdown2
  notify: reboot

- name: Create override directory for ssh service
  file:
    path: /etc/systemd/system/ssh.service.d
    state: directory

- name: Run ssh in mgmt VRF
  copy:
    dest: /etc/systemd/system/ssh.service.d/override.conf
    src: ssh.service-override.conf
  notify: reboot

# With PAM enabled, login shell would run in default VRF instead of mgmt.
- name: Disable PAM for ssh
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^UsePAM .*yes'
    state: absent
  notify: reboot

# Reboot here if anything changed to ensure the new VRF is up and sshd
# listens there.
- meta: flush_handlers

- name: Set up resolv.conf
  template:
    dest: /etc/resolv.conf
    src: resolv.conf.j2
    mode: 0644

- name: Install essential packages
  package: name=git,rsync,vim,tmux

- name: Install FRR
  package: name=frr,frr-pythontools

- name: Enable BGP and BFD
  lineinfile:
    path: /etc/frr/daemons
    regexp: "^{{ item }}="
    line: "{{ item }}=yes"
  loop:
    - bfdd
    - bgpd
  notify: restart frr

- name: Copy FRR config
  template:
    dest: /etc/frr/frr.conf
    src: frr.conf.j2
    mode: 0644
  notify: reload frr

- name: Enable FRR service
  service:
    name: frr
    enabled: yes
  notify: restart frr
Add role to set up base Debian server With sshd in separate management VRF and FRR to announce routes to self over unnumbered BGP. 2023-04-19 17:15:44 +00:00			`- name: Set up management interface`
			`template:`
			`dest: /etc/network/interfaces`
			`src: interfaces.j2`
			`mode: 0644`
			`notify: reboot`

			`- name: Set up loopback interface`
			`template:`
			`dest: /etc/network/interfaces.d/loopback.intf`
			`src: loopback.intf.j2`
			`mode: 0644`
			`notify: reboot`

			`- name: Set up fabric interfaces`
			`template:`
			`dest: /etc/network/interfaces.d/fabric.intf`
			`src: fabric.intf.j2`
			`mode: 0644`
			`notify: reboot`

			`- name: Install ifupdown2`
			`package: name=ifupdown2`
			`notify: reboot`

			`- name: Create override directory for ssh service`
			`file:`
			`path: /etc/systemd/system/ssh.service.d`
			`state: directory`

			`- name: Run ssh in mgmt VRF`
			`copy:`
			`dest: /etc/systemd/system/ssh.service.d/override.conf`
			`src: ssh.service-override.conf`
			`notify: reboot`

			`# With PAM enabled, login shell would run in default VRF instead of mgmt.`
			`- name: Disable PAM for ssh`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^UsePAM .*yes'`
			`state: absent`
			`notify: reboot`

			`# Reboot here if anything changed to ensure the new VRF is up and sshd`
			`# listens there.`
			`- meta: flush_handlers`

			`- name: Set up resolv.conf`
			`template:`
			`dest: /etc/resolv.conf`
			`src: resolv.conf.j2`
			`mode: 0644`

			`- name: Install essential packages`
			`package: name=git,rsync,vim,tmux`

			`- name: Install FRR`
			`package: name=frr,frr-pythontools`

			`- name: Enable BGP and BFD`
			`lineinfile:`
			`path: /etc/frr/daemons`
			`regexp: "^{{ item }}="`
			`line: "{{ item }}=yes"`
			`loop:`
			`- bfdd`
			`- bgpd`
			`notify: restart frr`

			`- name: Copy FRR config`
			`template:`
			`dest: /etc/frr/frr.conf`
			`src: frr.conf.j2`
			`mode: 0644`
			`notify: reload frr`

			`- name: Enable FRR service`
			`service:`
			`name: frr`
			`enabled: yes`
			`notify: restart frr`