openstack/ansible-role-frrouting
Code Issues Proposed changes

Remove become blocks from tasks

Browse Source 
As become is applied to most of the tasks in the role, let's remove
them and suggest applying become on the playbook level instead.
We do not have become applied on task level in any other managed
role.

This also helps to workaround PAM/apparmor issue with CentOS
in Docker for molecule test.

We also deal with an intermittent failures in Docker, as interface
naming/ordering is random and non-deterministic with no way of
controlling it.

Thus, instead of detecting an IP address by interface, we hardcode the
IP address both for containers and in FRR configurations.

Change-Id: I73471dd895eea5c6abfbec24681c796d5e7d813d
This commit is contained in:
Dmitriy Rabotyagov 2025-04-02 09:52:10 +02:00
parent 7583efdafa
commit 970fab180c
8 changed files with 78 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/playbook.yml
View File

@ -2,5 +2,7 @@
- name: Installing frr - name: Installing frr
hosts: frr hosts: frr
become: true
become_user: root
roles: roles:
- role: "frrouting" - role: "frrouting"

4
handlers/main.yml
View File

@ -14,8 +14,6 @@
# limitations under the License. # limitations under the License.
- name: Restart frr - name: Restart frr
become: true
become_user: root
service: service:
name: frr name: frr
state: restarted state: restarted
@ -23,8 +21,6 @@
register: frr_restart register: frr_restart
- name: Reload frr - name: Reload frr
become: true
become_user: root
service: service:
name: frr name: frr
state: reloaded state: reloaded

17
molecule/default/molecule.yml
View File

@ -16,8 +16,12 @@ platforms:
pre_build_image: true pre_build_image: true
networks: networks:
- name: frr - name: frr
ipv4_address: 172.18.0.2
- name: noop - name: noop
docker_networks: docker_networks:
- name: frr
ipam_config:
- subnet: 172.18.0.0/16
- name: noop - name: noop
ipam_config: ipam_config:
- subnet: 192.168.1.0/24 - subnet: 192.168.1.0/24
@ -30,6 +34,7 @@ platforms:
pre_build_image: true pre_build_image: true
networks: networks:
- name: frr - name: frr
ipv4_address: 172.18.0.3
provisioner: provisioner:
name: ansible name: ansible
lint: lint:
@ -41,21 +46,21 @@ provisioner:
- ip route 10.0.0.0/24 192.168.1.10 - ip route 10.0.0.0/24 192.168.1.10
frr_bgpd_config: frr_bgpd_config:
- router bgp 1234 - router bgp 1234
- "bgp router-id {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }}" - "bgp router-id 172.18.0.2"
- "neighbor {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 5678" - "neighbor 172.18.0.3 remote-as 5678"
- network 192.168.1.0/24 - network 192.168.1.0/24
- address-family ipv4 unicast - address-family ipv4 unicast
- " neighbor {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv out" - " neighbor 172.18.0.3 prefix-list pl-allowed-adv out"
- "exit-address-family" - "exit-address-family"
- ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24 - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
- ip prefix-list pl-allowed-adv seq 10 deny any - ip prefix-list pl-allowed-adv seq 10 deny any
secondary: secondary:
frr_bgpd_config: frr_bgpd_config:
- router bgp 5678 - router bgp 5678
- "bgp router-id {{ hostvars['secondary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }}" - "bgp router-id 172.18.0.3"
- "neighbor {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 1234" - "neighbor 172.18.0.2 remote-as 1234"
- address-family ipv4 unicast - address-family ipv4 unicast
- " neighbor {{ hostvars['primary']['ansible_facts'][bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv in" - " neighbor 172.18.0.2 prefix-list pl-allowed-adv in"
- exit-address-family - exit-address-family
- ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24 - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
- ip prefix-list pl-allowed-adv seq 10 deny any - ip prefix-list pl-allowed-adv seq 10 deny any

3
molecule/default/playbook.yml
View File

@ -2,8 +2,5 @@
- name: Installing frr - name: Installing frr
hosts: frr hosts: frr
vars:
bridge_name: eth0
roles: roles:
- role: "{{ playbook_dir | dirname | dirname | basename }}" - role: "{{ playbook_dir | dirname | dirname | basename }}"

7
molecule/default/verify.yml
View File

@ -15,9 +15,6 @@
- name: Installing frr - name: Installing frr
hosts: all hosts: all
vars:
bridge_name: default
tasks: tasks:
- name: Wait after service restart - name: Wait after service restart
pause: pause:
@ -43,15 +40,11 @@
when: ansible_facts.services['frr.service'].state != 'running' when: ansible_facts.services['frr.service'].state != 'running'
- name: Get summary - name: Get summary
become: true
become_user: root
command: "vtysh -c 'show bgp summary'" command: "vtysh -c 'show bgp summary'"
register: _frr_get_summary register: _frr_get_summary
changed_when: false changed_when: false
- name: Get routes - name: Get routes
become: true
become_user: root
command: "vtysh -c 'show ip route'" command: "vtysh -c 'show ip route'"
register: _frr_get_routes register: _frr_get_routes
changed_when: false changed_when: false

26
tasks/frr_install.yml
View File

@ -13,19 +13,15 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Install frr - name: Apply package management distro specific configuration
become: true include_tasks: "frr_install_{{ ansible_facts['pkg_mgr'] | lower }}.yml"
become_user: root
block:
- name: Apply package management distro specific configuration
include_tasks: "frr_install_{{ ansible_facts['pkg_mgr'] | lower }}.yml"
- name: Install required distro packages - name: Install required distro packages
package: package:
name: "{{ frr_distro_packages }}" name: "{{ frr_distro_packages }}"
state: present state: present
register: install_packages register: install_packages
until: install_packages is success until: install_packages is success
retries: 5 retries: 5
delay: 2 delay: 2
notify: Restart frr notify: Restart frr

52
tasks/frr_post_install.yml
View File

@ -13,33 +13,29 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Configure frr - name: Enable integrated config
become: true lineinfile:
become_user: root create: true
block: path: /etc/frr/vtysh.conf
- name: Enable integrated config regexp: '^(no)?\s?service integrated-vtysh-config$'
lineinfile: line: "service integrated-vtysh-config"
create: true mode: "0640"
path: /etc/frr/vtysh.conf notify: Reload frr
regexp: '^(no)?\s?service integrated-vtysh-config$'
line: "service integrated-vtysh-config"
mode: "0640"
notify: Reload frr
- name: Write down integrated config - name: Write down integrated config
template: template:
src: frr.conf.j2 src: frr.conf.j2
dest: "{{ frr_integrated_config_path }}" dest: "{{ frr_integrated_config_path }}"
owner: frr owner: frr
group: frr group: frr
mode: "0640" mode: "0640"
validate: /usr/bin/vtysh -C -f %s validate: /usr/bin/vtysh -C -f %s
notify: Reload frr notify: Reload frr
- name: Configure supported daemons - name: Configure supported daemons
lineinfile: lineinfile:
path: /etc/frr/daemons path: /etc/frr/daemons
line: "{{ item.key }}={{ item.value | bool | ternary('yes', 'no') }}" line: "{{ item.key }}={{ item.value | bool | ternary('yes', 'no') }}"
regexp: "^{{ item.key }}" regexp: "^{{ item.key }}"
with_dict: "{{ frr_daemons }}" with_dict: "{{ frr_daemons }}"
notify: Restart frr notify: Restart frr

64
tasks/frr_vlans.yml
View File

@ -13,41 +13,37 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Add required vlans - name: Install vlan package
become: true package:
become_user: root name: vlan
block: state: present
- name: Install vlan package register: install_vlan
package: until: install_vlan is success
name: vlan retries: 5
state: present delay: 2
register: install_vlan
until: install_vlan is success
retries: 5
delay: 2
- name: Load vlan modules # noqa: no-handler - name: Load vlan modules # noqa: no-handler
modprobe: modprobe:
name: 8021q name: 8021q
state: present state: present
when: install_vlan is changed when: install_vlan is changed
- name: Copy vlans config - name: Copy vlans config
template: template:
src: vlans.cfg.j2 src: vlans.cfg.j2
dest: "/etc/network/interfaces.d/vlan-{{ item.id }}.cfg" dest: "/etc/network/interfaces.d/vlan-{{ item.id }}.cfg"
mode: "0644" mode: "0644"
with_items: "{{ frr_vlans }}" with_items: "{{ frr_vlans }}"
register: distribute_vlans register: distribute_vlans
- name: Stop interface # noqa: no-handler - name: Stop interface # noqa: no-handler
command: "ifdown {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}" command: "ifdown {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
with_items: "{{ distribute_vlans.results }}" with_items: "{{ distribute_vlans.results }}"
when: item is changed when: item is changed
changed_when: false changed_when: false
- name: Start interface # noqa: no-handler - name: Start interface # noqa: no-handler
command: "ifup {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}" command: "ifup {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
with_items: "{{ distribute_vlans.results }}" with_items: "{{ distribute_vlans.results }}"
when: item is changed when: item is changed
changed_when: false changed_when: false