Remove become blocks from tasks

As become is applied to most of the tasks in the role, let's remove them and suggest applying become on the playbook level instead. We do not have become applied on task level in any other managed role. This also helps to workaround PAM/apparmor issue with CentOS in Docker for molecule test. We also deal with an intermittent failures in Docker, as interface naming/ordering is random and non-deterministic with no way of controlling it. Thus, instead of detecting an IP address by interface, we hardcode the IP address both for containers and in FRR configurations. Change-Id: I73471dd895eea5c6abfbec24681c796d5e7d813d
2025-04-02 09:52:10 +02:00 · 2025-04-02 09:52:10 +02:00 · 970fab180c
commit 970fab180c
parent 7583efdafa
8 changed files with 78 additions and 97 deletions
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@ -2,5 +2,7 @@

 - name: Installing frr
  hosts: frr
+  become: true
+  become_user: root
  roles:
    - role: "frrouting"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -14,8 +14,6 @@
 # limitations under the License.

 - name: Restart frr
-  become: true
-  become_user: root
  service:
    name: frr
    state: restarted
@ -23,8 +21,6 @@
  register: frr_restart

 - name: Reload frr
-  become: true
-  become_user: root
  service:
    name: frr
    state: reloaded
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -16,8 +16,12 @@ platforms:
    pre_build_image: true
    networks:
      - name: frr
+        ipv4_address: 172.18.0.2
      - name: noop
    docker_networks:
+      - name: frr
+        ipam_config:
+          - subnet: 172.18.0.0/16
      - name: noop
        ipam_config:
          - subnet: 192.168.1.0/24
@ -30,6 +34,7 @@ platforms:
    pre_build_image: true
    networks:
      - name: frr
+        ipv4_address: 172.18.0.3
 provisioner:
  name: ansible
  lint:
@ -41,21 +46,21 @@ provisioner:
          - ip route 10.0.0.0/24 192.168.1.10
        frr_bgpd_config:
          - router bgp 1234
-          - "bgp router-id {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }}"
-          - "neighbor {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 5678"
+          - "bgp router-id 172.18.0.2"
+          - "neighbor 172.18.0.3 remote-as 5678"
          - network 192.168.1.0/24
          - address-family ipv4 unicast
-          - "  neighbor {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv out"
+          - "  neighbor 172.18.0.3 prefix-list pl-allowed-adv out"
          - "exit-address-family"
          - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
          - ip prefix-list pl-allowed-adv seq 10 deny any
      secondary:
        frr_bgpd_config:
          - router bgp 5678
-          - "bgp router-id {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }}"
-          - "neighbor {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 1234"
+          - "bgp router-id 172.18.0.3"
+          - "neighbor 172.18.0.2 remote-as 1234"
          - address-family ipv4 unicast
-          - "  neighbor {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv in"
+          - "  neighbor 172.18.0.2 prefix-list pl-allowed-adv in"
          - exit-address-family
          - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
          - ip prefix-list pl-allowed-adv seq 10 deny any
--- a/molecule/default/playbook.yml
+++ b/molecule/default/playbook.yml
@ -2,8 +2,5 @@

 - name: Installing frr
  hosts: frr
-  vars:
-    bridge_name: eth0
-
  roles:
    - role: "{{ playbook_dir | dirname | dirname | basename }}"
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@ -15,9 +15,6 @@

 - name: Installing frr
  hosts: all
-  vars:
-    bridge_name: default
-
  tasks:
    - name: Wait after service restart
      pause:
@ -43,15 +40,11 @@
      when: ansible_facts.services['frr.service'].state != 'running'

    - name: Get summary
-      become: true
-      become_user: root
      command: "vtysh -c 'show bgp summary'"
      register: _frr_get_summary
      changed_when: false

    - name: Get routes
-      become: true
-      become_user: root
      command: "vtysh -c 'show ip route'"
      register: _frr_get_routes
      changed_when: false
--- a/tasks/frr_install.yml
+++ b/tasks/frr_install.yml
@ -13,19 +13,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Install frr
-  become: true
-  become_user: root
-  block:
-    - name: Apply package management distro specific configuration
-      include_tasks: "frr_install_{{ ansible_facts['pkg_mgr'] | lower }}.yml"
+- name: Apply package management distro specific configuration
+  include_tasks: "frr_install_{{ ansible_facts['pkg_mgr'] | lower }}.yml"

-    - name: Install required distro packages
-      package:
-        name: "{{ frr_distro_packages }}"
-        state: present
-      register: install_packages
-      until: install_packages is success
-      retries: 5
-      delay: 2
-      notify: Restart frr
+- name: Install required distro packages
+  package:
+    name: "{{ frr_distro_packages }}"
+    state: present
+  register: install_packages
+  until: install_packages is success
+  retries: 5
+  delay: 2
+  notify: Restart frr
--- a/tasks/frr_post_install.yml
+++ b/tasks/frr_post_install.yml
@ -13,33 +13,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Configure frr
-  become: true
-  become_user: root
-  block:
-    - name: Enable integrated config
-      lineinfile:
-        create: true
-        path: /etc/frr/vtysh.conf
-        regexp: '^(no)?\s?service integrated-vtysh-config$'
-        line: "service integrated-vtysh-config"
-        mode: "0640"
-      notify: Reload frr
+- name: Enable integrated config
+  lineinfile:
+    create: true
+    path: /etc/frr/vtysh.conf
+    regexp: '^(no)?\s?service integrated-vtysh-config$'
+    line: "service integrated-vtysh-config"
+    mode: "0640"
+  notify: Reload frr

-    - name: Write down integrated config
-      template:
-        src: frr.conf.j2
-        dest: "{{ frr_integrated_config_path }}"
-        owner: frr
-        group: frr
-        mode: "0640"
-        validate: /usr/bin/vtysh -C -f %s
-      notify: Reload frr
+- name: Write down integrated config
+  template:
+    src: frr.conf.j2
+    dest: "{{ frr_integrated_config_path }}"
+    owner: frr
+    group: frr
+    mode: "0640"
+    validate: /usr/bin/vtysh -C -f %s
+  notify: Reload frr

-    - name: Configure supported daemons
-      lineinfile:
-        path: /etc/frr/daemons
-        line: "{{ item.key }}={{ item.value | bool | ternary('yes', 'no') }}"
-        regexp: "^{{ item.key }}"
-      with_dict: "{{ frr_daemons }}"
-      notify: Restart frr
+- name: Configure supported daemons
+  lineinfile:
+    path: /etc/frr/daemons
+    line: "{{ item.key }}={{ item.value | bool | ternary('yes', 'no') }}"
+    regexp: "^{{ item.key }}"
+  with_dict: "{{ frr_daemons }}"
+  notify: Restart frr
--- a/tasks/frr_vlans.yml
+++ b/tasks/frr_vlans.yml
@ -13,41 +13,37 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Add required vlans
-  become: true
-  become_user: root
-  block:
-    - name: Install vlan package
-      package:
-        name: vlan
-        state: present
-      register: install_vlan
-      until: install_vlan is success
-      retries: 5
-      delay: 2
+- name: Install vlan package
+  package:
+    name: vlan
+    state: present
+  register: install_vlan
+  until: install_vlan is success
+  retries: 5
+  delay: 2

-    - name: Load vlan modules  # noqa: no-handler
-      modprobe:
-        name: 8021q
-        state: present
-      when: install_vlan is changed
+- name: Load vlan modules  # noqa: no-handler
+  modprobe:
+    name: 8021q
+    state: present
+  when: install_vlan is changed

-    - name: Copy vlans config
-      template:
-        src: vlans.cfg.j2
-        dest: "/etc/network/interfaces.d/vlan-{{ item.id }}.cfg"
-        mode: "0644"
-      with_items: "{{ frr_vlans }}"
-      register: distribute_vlans
+- name: Copy vlans config
+  template:
+    src: vlans.cfg.j2
+    dest: "/etc/network/interfaces.d/vlan-{{ item.id }}.cfg"
+    mode: "0644"
+  with_items: "{{ frr_vlans }}"
+  register: distribute_vlans

-    - name: Stop interface  # noqa: no-handler
-      command: "ifdown {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
-      with_items: "{{ distribute_vlans.results }}"
-      when: item is changed
-      changed_when: false
+- name: Stop interface  # noqa: no-handler
+  command: "ifdown {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
+  with_items: "{{ distribute_vlans.results }}"
+  when: item is changed
+  changed_when: false

-    - name: Start interface  # noqa: no-handler
-      command: "ifup {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
-      with_items: "{{ distribute_vlans.results }}"
-      when: item is changed
-      changed_when: false
+- name: Start interface  # noqa: no-handler
+  command: "ifup {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
+  with_items: "{{ distribute_vlans.results }}"
+  when: item is changed
+  changed_when: false