Factor frr role from debian, ceph and proxmox
Consolidate base system and networking setup into debian role and BGP configuration into frr role. Add facts role to collect data from NetBox once to avoid many slow lookups. Also many other tweaks and cleanups.
This commit is contained in:
parent
256dae2955
commit
25bcddede1
31 changed files with 167 additions and 312 deletions
|
|
@ -1,5 +1,4 @@
|
|||
# This is for sshd in management VRF, for ansible and other not-really-OOB stuff.
|
||||
|
||||
PidFile none
|
||||
UsePAM no
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
|
|
|||
|
|
@ -1,14 +1,7 @@
|
|||
- name: reboot
|
||||
reboot:
|
||||
when: "'handler' not in ansible_skip_tags"
|
||||
|
||||
- name: reload interfaces
|
||||
command: ifreload -a
|
||||
|
||||
- name: reload frr
|
||||
command: /usr/lib/frr/frr-reload.py --reload /etc/frr/frr.conf
|
||||
|
||||
- name: restart frr
|
||||
service: name=frr state=restarted
|
||||
|
||||
- name: update package cache
|
||||
apt: update_cache=true
|
||||
when: "'handler' not in ansible_skip_tags"
|
||||
|
|
|
|||
|
|
@ -1,19 +1,3 @@
|
|||
- include_tasks: mgmt.yml
|
||||
|
||||
- name: Set up loopback interface
|
||||
template:
|
||||
dest: /etc/network/interfaces.d/loopback.intf
|
||||
src: loopback.intf.j2
|
||||
mode: 0644
|
||||
notify: reload interfaces
|
||||
|
||||
- name: Set up fabric interfaces
|
||||
template:
|
||||
dest: /etc/network/interfaces.d/fabric.intf
|
||||
src: fabric.intf.j2
|
||||
mode: 0644
|
||||
notify: reload interfaces
|
||||
|
||||
- name: Set hostname
|
||||
hostname:
|
||||
name: '{{ inventory_hostname }}'
|
||||
|
|
@ -32,33 +16,65 @@
|
|||
notify: update package cache
|
||||
when: debian_release is defined
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Install essential packages
|
||||
package: name=git,rsync,vim,tmux
|
||||
package:
|
||||
name:
|
||||
- git
|
||||
- ifupdown2
|
||||
- rsync
|
||||
- vim
|
||||
- tmux
|
||||
|
||||
- name: Install FRR
|
||||
package: name=frr,frr-pythontools
|
||||
|
||||
- name: Enable BGP and BFD
|
||||
lineinfile:
|
||||
path: /etc/frr/daemons
|
||||
regexp: "^{{ item }}="
|
||||
line: "{{ item }}=yes"
|
||||
loop:
|
||||
- bfdd
|
||||
- bgpd
|
||||
notify: restart frr
|
||||
|
||||
- name: Copy FRR config
|
||||
- name: Add rules to rename network interfaces
|
||||
template:
|
||||
dest: /etc/frr/frr.conf
|
||||
src: frr.conf.j2
|
||||
dest: /etc/udev/rules.d/10-network.rules
|
||||
src: 10-network.rules.j2
|
||||
mode: 0644
|
||||
notify: reload frr
|
||||
notify: reboot
|
||||
|
||||
- name: Enable FRR service
|
||||
service:
|
||||
name: frr
|
||||
enabled: yes
|
||||
notify: restart frr
|
||||
# we don’t want to template this file because it gets overwritten by proxmox
|
||||
# so just try removing anything that messes with our definitions in interfaces.d
|
||||
- name: Remove interface definitions added by installer
|
||||
lineinfile:
|
||||
path: /etc/network/interfaces
|
||||
regexp: '^iface [^ ]* inet'
|
||||
state: absent
|
||||
notify: reload interfaces
|
||||
|
||||
- name: Include interfaces.d definitions
|
||||
lineinfile:
|
||||
path: /etc/network/interfaces
|
||||
line: 'source /etc/network/interfaces.d/*'
|
||||
notify: reload interfaces
|
||||
|
||||
- name: Set up interfaces
|
||||
template:
|
||||
dest: /etc/network/interfaces.d/ansible.intf
|
||||
src: ansible.intf.j2
|
||||
mode: 0644
|
||||
notify: reload interfaces
|
||||
|
||||
- name: Run SSH instance in management VRF
|
||||
when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt')
|
||||
block:
|
||||
- name: Configure SSH instance in management VRF
|
||||
copy:
|
||||
dest: /etc/ssh/
|
||||
src: sshd_config.mgmt
|
||||
mode: 0644
|
||||
notify: reboot
|
||||
|
||||
- name: Set up a SSH instance in management VRF
|
||||
copy:
|
||||
dest: /etc/systemd/system/
|
||||
src: sshd@mgmt.service
|
||||
mode: 0644
|
||||
notify: reboot
|
||||
|
||||
- name: Enable management SSH
|
||||
service:
|
||||
name: sshd@mgmt
|
||||
enabled: yes
|
||||
notify: reboot
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
|||
|
|
@ -1,39 +0,0 @@
|
|||
- name: Add rules to rename network interfaces
|
||||
template:
|
||||
dest: /etc/udev/rules.d/10-network.rules
|
||||
src: 10-network.rules.j2
|
||||
mode: 0644
|
||||
notify: reboot
|
||||
|
||||
- name: Set up management interface
|
||||
template:
|
||||
dest: /etc/network/interfaces
|
||||
src: interfaces.j2
|
||||
mode: 0644
|
||||
notify: reboot
|
||||
|
||||
- name: Install ifupdown2
|
||||
package: name=ifupdown2
|
||||
notify: reboot
|
||||
|
||||
- name: Configure SSH instance in management VRF
|
||||
copy:
|
||||
dest: /etc/ssh/sshd_config.mgmt
|
||||
src: sshd_config.mgmt
|
||||
mode: 0644
|
||||
notify: reboot
|
||||
|
||||
- name: Set up a SSH instance in management VRF
|
||||
copy:
|
||||
dest: /etc/systemd/system/
|
||||
src: sshd@mgmt.service
|
||||
mode: 0644
|
||||
notify: reboot
|
||||
|
||||
- name: Enable management SSH
|
||||
service:
|
||||
name: sshd@mgmt
|
||||
enabled: yes
|
||||
notify: reboot
|
||||
|
||||
- meta: flush_handlers
|
||||
3
roles/debian/templates/10-network.rules.j2
Normal file
3
roles/debian/templates/10-network.rules.j2
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
{% for iface in hostvars[inventory_hostname].interfaces | selectattr('mac_address') %}
|
||||
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="{{ iface.mac_address|lower }}", NAME="{{ iface.name }}"
|
||||
{% endfor %}
|
||||
31
roles/debian/templates/ansible.intf.j2
Normal file
31
roles/debian/templates/ansible.intf.j2
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
{% for vrf in interfaces | selectattr('vrf') | map(attribute='vrf.name') | sort | unique %}
|
||||
auto {{ vrf }}
|
||||
iface {{ vrf }}
|
||||
vrf-table auto
|
||||
address 127.0.0.1/8
|
||||
address ::1/128
|
||||
|
||||
{%+ endfor %}
|
||||
|
||||
{%- for iface in interfaces | selectattr('enabled') %}
|
||||
{% if iface.mgmt_only is not defined or not iface.mgmt_only %}
|
||||
auto {{ iface.name }}
|
||||
iface {{ iface.name }}{% if iface.name == 'lo' %} inet loopback{% endif +%}
|
||||
{% if iface.mtu %}
|
||||
mtu {{ iface.mtu }}
|
||||
{% endif %}
|
||||
{% if iface.vrf %}
|
||||
vrf {{ iface.vrf.name }}
|
||||
{% endif %}
|
||||
{% for ip in iface.ip_addresses %}
|
||||
address {{ ip.address }}
|
||||
{% set subnet = ip.address | ipaddr('subnet') %}
|
||||
{% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
|
||||
{% set gateway = prefix.custom_fields.gateway.address %}
|
||||
{% if gateway is defined %}
|
||||
gateway {{ gateway | ipaddr('address') }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
frr defaults datacenter
|
||||
service integrated-vtysh-config
|
||||
log syslog
|
||||
|
||||
router bgp {{ asn.asn }}
|
||||
bgp bestpath as-path multipath-relax
|
||||
|
||||
neighbor fabric peer-group
|
||||
neighbor fabric remote-as external
|
||||
neighbor fabric capability extended-nexthop
|
||||
|
||||
{% for iface in interfaces | selectattr('name', 'match', '^lan') %}
|
||||
neighbor {{ iface.name }} interface peer-group fabric
|
||||
neighbor {{ iface.name }} bfd
|
||||
{% endfor %}
|
||||
|
||||
address-family ipv4 unicast
|
||||
redistribute connected route-map loopback
|
||||
neighbor fabric activate
|
||||
neighbor fabric route-map local out
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
redistribute connected route-map loopback
|
||||
neighbor fabric activate
|
||||
neighbor fabric route-map local out
|
||||
exit-address-family
|
||||
|
||||
bgp as-path access-list local permit ^$
|
||||
|
||||
route-map loopback permit 1
|
||||
match interface lo
|
||||
|
||||
route-map local permit 1
|
||||
match as-path local
|
||||
Loading…
Add table
Add a link
Reference in a new issue