From 970fab180c7de60e4eccf13e7eaa4ccec1a53ea0 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 2 Apr 2025 09:52:10 +0200 Subject: [PATCH] Remove become blocks from tasks As become is applied to most of the tasks in the role, let's remove them and suggest applying become on the playbook level instead. We do not have become applied on task level in any other managed role. This also helps to workaround PAM/apparmor issue with CentOS in Docker for molecule test. We also deal with an intermittent failures in Docker, as interface naming/ordering is random and non-deterministic with no way of controlling it. Thus, instead of detecting an IP address by interface, we hardcode the IP address both for containers and in FRR configurations. Change-Id: I73471dd895eea5c6abfbec24681c796d5e7d813d --- examples/playbook.yml | 2 ++ handlers/main.yml | 4 --- molecule/default/molecule.yml | 17 ++++++---- molecule/default/playbook.yml | 3 -- molecule/default/verify.yml | 7 ---- tasks/frr_install.yml | 26 ++++++-------- tasks/frr_post_install.yml | 52 +++++++++++++--------------- tasks/frr_vlans.yml | 64 ++++++++++++++++------------------- 8 files changed, 78 insertions(+), 97 deletions(-) diff --git a/examples/playbook.yml b/examples/playbook.yml index 8a5be9f..4c74a60 100644 --- a/examples/playbook.yml +++ b/examples/playbook.yml @@ -2,5 +2,7 @@ - name: Installing frr hosts: frr + become: true + become_user: root roles: - role: "frrouting" diff --git a/handlers/main.yml b/handlers/main.yml index 4dd7364..9574bb7 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -14,8 +14,6 @@ # limitations under the License. - name: Restart frr - become: true - become_user: root service: name: frr state: restarted @@ -23,8 +21,6 @@ register: frr_restart - name: Reload frr - become: true - become_user: root service: name: frr state: reloaded diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index b3d69f4..0cfa1c0 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -16,8 +16,12 @@ platforms: pre_build_image: true networks: - name: frr + ipv4_address: 172.18.0.2 - name: noop docker_networks: + - name: frr + ipam_config: + - subnet: 172.18.0.0/16 - name: noop ipam_config: - subnet: 192.168.1.0/24 @@ -30,6 +34,7 @@ platforms: pre_build_image: true networks: - name: frr + ipv4_address: 172.18.0.3 provisioner: name: ansible lint: @@ -41,21 +46,21 @@ provisioner: - ip route 10.0.0.0/24 192.168.1.10 frr_bgpd_config: - router bgp 1234 - - "bgp router-id {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }}" - - "neighbor {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 5678" + - "bgp router-id 172.18.0.2" + - "neighbor 172.18.0.3 remote-as 5678" - network 192.168.1.0/24 - address-family ipv4 unicast - - " neighbor {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv out" + - " neighbor 172.18.0.3 prefix-list pl-allowed-adv out" - "exit-address-family" - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24 - ip prefix-list pl-allowed-adv seq 10 deny any secondary: frr_bgpd_config: - router bgp 5678 - - "bgp router-id {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }}" - - "neighbor {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 1234" + - "bgp router-id 172.18.0.3" + - "neighbor 172.18.0.2 remote-as 1234" - address-family ipv4 unicast - - " neighbor {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv in" + - " neighbor 172.18.0.2 prefix-list pl-allowed-adv in" - exit-address-family - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24 - ip prefix-list pl-allowed-adv seq 10 deny any diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 0c26914..f3a55ef 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,8 +2,5 @@ - name: Installing frr hosts: frr - vars: - bridge_name: eth0 - roles: - role: "{{ playbook_dir | dirname | dirname | basename }}" diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 9730946..b53a58a 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -15,9 +15,6 @@ - name: Installing frr hosts: all - vars: - bridge_name: default - tasks: - name: Wait after service restart pause: @@ -43,15 +40,11 @@ when: ansible_facts.services['frr.service'].state != 'running' - name: Get summary - become: true - become_user: root command: "vtysh -c 'show bgp summary'" register: _frr_get_summary changed_when: false - name: Get routes - become: true - become_user: root command: "vtysh -c 'show ip route'" register: _frr_get_routes changed_when: false diff --git a/tasks/frr_install.yml b/tasks/frr_install.yml index 7b3a33e..d84d0ec 100644 --- a/tasks/frr_install.yml +++ b/tasks/frr_install.yml @@ -13,19 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Install frr - become: true - become_user: root - block: - - name: Apply package management distro specific configuration - include_tasks: "frr_install_{{ ansible_facts['pkg_mgr'] | lower }}.yml" +- name: Apply package management distro specific configuration + include_tasks: "frr_install_{{ ansible_facts['pkg_mgr'] | lower }}.yml" - - name: Install required distro packages - package: - name: "{{ frr_distro_packages }}" - state: present - register: install_packages - until: install_packages is success - retries: 5 - delay: 2 - notify: Restart frr +- name: Install required distro packages + package: + name: "{{ frr_distro_packages }}" + state: present + register: install_packages + until: install_packages is success + retries: 5 + delay: 2 + notify: Restart frr diff --git a/tasks/frr_post_install.yml b/tasks/frr_post_install.yml index 639ca7c..d1e270b 100644 --- a/tasks/frr_post_install.yml +++ b/tasks/frr_post_install.yml @@ -13,33 +13,29 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Configure frr - become: true - become_user: root - block: - - name: Enable integrated config - lineinfile: - create: true - path: /etc/frr/vtysh.conf - regexp: '^(no)?\s?service integrated-vtysh-config$' - line: "service integrated-vtysh-config" - mode: "0640" - notify: Reload frr +- name: Enable integrated config + lineinfile: + create: true + path: /etc/frr/vtysh.conf + regexp: '^(no)?\s?service integrated-vtysh-config$' + line: "service integrated-vtysh-config" + mode: "0640" + notify: Reload frr - - name: Write down integrated config - template: - src: frr.conf.j2 - dest: "{{ frr_integrated_config_path }}" - owner: frr - group: frr - mode: "0640" - validate: /usr/bin/vtysh -C -f %s - notify: Reload frr +- name: Write down integrated config + template: + src: frr.conf.j2 + dest: "{{ frr_integrated_config_path }}" + owner: frr + group: frr + mode: "0640" + validate: /usr/bin/vtysh -C -f %s + notify: Reload frr - - name: Configure supported daemons - lineinfile: - path: /etc/frr/daemons - line: "{{ item.key }}={{ item.value | bool | ternary('yes', 'no') }}" - regexp: "^{{ item.key }}" - with_dict: "{{ frr_daemons }}" - notify: Restart frr +- name: Configure supported daemons + lineinfile: + path: /etc/frr/daemons + line: "{{ item.key }}={{ item.value | bool | ternary('yes', 'no') }}" + regexp: "^{{ item.key }}" + with_dict: "{{ frr_daemons }}" + notify: Restart frr diff --git a/tasks/frr_vlans.yml b/tasks/frr_vlans.yml index 2b5ba82..75ad1a8 100644 --- a/tasks/frr_vlans.yml +++ b/tasks/frr_vlans.yml @@ -13,41 +13,37 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Add required vlans - become: true - become_user: root - block: - - name: Install vlan package - package: - name: vlan - state: present - register: install_vlan - until: install_vlan is success - retries: 5 - delay: 2 +- name: Install vlan package + package: + name: vlan + state: present + register: install_vlan + until: install_vlan is success + retries: 5 + delay: 2 - - name: Load vlan modules # noqa: no-handler - modprobe: - name: 8021q - state: present - when: install_vlan is changed +- name: Load vlan modules # noqa: no-handler + modprobe: + name: 8021q + state: present + when: install_vlan is changed - - name: Copy vlans config - template: - src: vlans.cfg.j2 - dest: "/etc/network/interfaces.d/vlan-{{ item.id }}.cfg" - mode: "0644" - with_items: "{{ frr_vlans }}" - register: distribute_vlans +- name: Copy vlans config + template: + src: vlans.cfg.j2 + dest: "/etc/network/interfaces.d/vlan-{{ item.id }}.cfg" + mode: "0644" + with_items: "{{ frr_vlans }}" + register: distribute_vlans - - name: Stop interface # noqa: no-handler - command: "ifdown {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}" - with_items: "{{ distribute_vlans.results }}" - when: item is changed - changed_when: false +- name: Stop interface # noqa: no-handler + command: "ifdown {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}" + with_items: "{{ distribute_vlans.results }}" + when: item is changed + changed_when: false - - name: Start interface # noqa: no-handler - command: "ifup {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}" - with_items: "{{ distribute_vlans.results }}" - when: item is changed - changed_when: false +- name: Start interface # noqa: no-handler + command: "ifup {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}" + with_items: "{{ distribute_vlans.results }}" + when: item is changed + changed_when: false