From 4bbb1372f62c805b9cef4b92440a1fdbc96d2534 Mon Sep 17 00:00:00 2001 From: Robert Volkmann Date: Sat, 13 Jul 2024 01:55:21 +0200 Subject: [PATCH 1/3] Remove unused stuff for cumulus --- inventories/partition.yaml | 5 -- roles/cumulus/defaults/main.yaml | 5 -- .../files/99control_plane_catch_all.rules | 36 ------------ roles/cumulus/handlers/main.yaml | 25 -------- roles/cumulus/tasks/router.yaml | 30 ---------- roles/cumulus/tasks/switch_plane.yaml | 1 - roles/cumulus/templates/frr.conf.j2 | 41 ------------- roles/cumulus/templates/interfaces.j2 | 57 ------------------- 8 files changed, 200 deletions(-) delete mode 100644 roles/cumulus/defaults/main.yaml delete mode 100644 roles/cumulus/files/99control_plane_catch_all.rules delete mode 100644 roles/cumulus/templates/frr.conf.j2 delete mode 100644 roles/cumulus/templates/interfaces.j2 diff --git a/inventories/partition.yaml b/inventories/partition.yaml index b1734a81..23c0490e 100644 --- a/inventories/partition.yaml +++ b/inventories/partition.yaml @@ -38,8 +38,3 @@ leaves: ansible_python_interpreter: /usr/bin/python ansible_user: root ansible_ssh_private_key_file: "{{ playbook_dir }}/files/ssh/id_rsa" - -cumulus: - vars: - router_enable_static_route_leak: true -sonic: diff --git a/roles/cumulus/defaults/main.yaml b/roles/cumulus/defaults/main.yaml deleted file mode 100644 index 8d7b1500..00000000 --- a/roles/cumulus/defaults/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -router_enable_mgmt_vrf: true -router_enable_static_route_leak: false - -router_nameservers: [] diff --git a/roles/cumulus/files/99control_plane_catch_all.rules b/roles/cumulus/files/99control_plane_catch_all.rules deleted file mode 100644 index d469ae8e..00000000 --- a/roles/cumulus/files/99control_plane_catch_all.rules +++ /dev/null @@ -1,36 +0,0 @@ -# -# Note: These are catch-all rules that shall be last in the over all rule set. -# - -INGRESS_INTF = swp+ - -INGRESS_CHAIN = INPUT - - - -[iptables] - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -m addrtype --dst-type LOCAL -j POLICE --set-mode pkt --set-rate 1000 --set-burst 10000 --set-class 2 - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -m addrtype --dst-type IPROUTER -j POLICE --set-mode pkt --set-rate 30000 --set-burst 70000 --set-class 2 - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -j SETCLASS --class 0 - - -[ip6tables] - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -m addrtype --dst-type LOCAL -j POLICE --set-mode pkt --set-rate 1000 --set-burst 1000 --set-class 2 - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -m addrtype --dst-type IPROUTER -j POLICE --set-mode pkt --set-rate 400 --set-burst 100 --set-class 2 - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -j SETCLASS --class 0 - - -[ebtables] - --A $INGRESS_CHAIN -p ipv4 --in-interface $INGRESS_INTF -j ACCEPT --A $INGRESS_CHAIN -p ipv6 --in-interface $INGRESS_INTF -j ACCEPT --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -j setclass --class 0 -# ipv4 multicast misses --A $INGRESS_CHAIN -p ipv4 -d 01:00:5e:00:00:00/ff:ff:ff:80:00:00 -j police --set-mode pkt --set-rate 100 --set-burst 100 --A $INGRESS_CHAIN -j police --set-mode pkt --set-rate 100 --set-burst 100 diff --git a/roles/cumulus/handlers/main.yaml b/roles/cumulus/handlers/main.yaml index 7732c61d..b355d495 100644 --- a/roles/cumulus/handlers/main.yaml +++ b/roles/cumulus/handlers/main.yaml @@ -25,25 +25,6 @@ enabled: true state: restarted -- name: reload interfaces - shell: sleep 3; ifreload -a - async: 1 - poll: 0 - notify: wait for new connection - -- name: wait for new connection - wait_for_connection: - connect_timeout: 20 - sleep: 5 - delay: 5 - timeout: 300 - -- name: reload frr - service: - name: frr - enabled: true - state: reloaded - - name: restart frr service: name: frr @@ -55,9 +36,3 @@ name: lldpd enabled: true state: restarted - -- name: restart ntp@mgmt - service: - name: ntp@mgmt - enabled: true - state: restarted diff --git a/roles/cumulus/tasks/router.yaml b/roles/cumulus/tasks/router.yaml index 734a48d6..7e1c4325 100644 --- a/roles/cumulus/tasks/router.yaml +++ b/roles/cumulus/tasks/router.yaml @@ -1,7 +1,6 @@ --- - name: configure mgmt vrf import_tasks: mgmt_vrf.yaml - when: router_enable_mgmt_vrf - name: configure switch plane import_tasks: switch_plane.yaml @@ -37,25 +36,6 @@ state: restarted when: ("macaddress" not in lldpd_subtype_check.stdout) -- name: populate service facts - service_facts: - -- name: render interfaces configuration - template: - src: interfaces.j2 - dest: /etc/network/interfaces - validate: '/sbin/ifup --syntax-check --all --interfaces %s' - notify: reload interfaces - when: "ansible_facts.services['metal-core.service'] is not defined" - -- name: render custom interfaces configuration section - copy: - content: "{{ custom_interface_section }}" - dest: /etc/network/interfaces.d/99_custom.intf - validate: '/sbin/ifup --syntax-check --all --interfaces %s' - notify: reload interfaces - when: custom_interface_section is defined - - name: render resolv.conf template: src: resolv.conf.j2 @@ -68,16 +48,6 @@ dest: /etc/frr/daemons notify: restart frr -- name: render frr configuration - template: - src: frr.conf.j2 - dest: /etc/frr/frr.conf - validate: '/usr/bin/vtysh --dryrun --inputfile %s' - tags: frr - register: frr_rendered - notify: reload frr - when: "ansible_facts.services['metal-core.service'] is not defined" - - name: set hostname nclu: commands: diff --git a/roles/cumulus/tasks/switch_plane.yaml b/roles/cumulus/tasks/switch_plane.yaml index 6ccb1203..2c247ded 100644 --- a/roles/cumulus/tasks/switch_plane.yaml +++ b/roles/cumulus/tasks/switch_plane.yaml @@ -10,5 +10,4 @@ path: /etc/cumulus/switchd.conf regexp: '#vrf_route_leak_enable = FALSE' replace: 'vrf_route_leak_enable = TRUE' - when: router_enable_static_route_leak notify: restart switchd diff --git a/roles/cumulus/templates/frr.conf.j2 b/roles/cumulus/templates/frr.conf.j2 deleted file mode 100644 index 384314af..00000000 --- a/roles/cumulus/templates/frr.conf.j2 +++ /dev/null @@ -1,41 +0,0 @@ -#jinja2: lstrip_blocks: "True", trim_blocks: "True" -frr version 4.0+cl3u9 -frr defaults datacenter -hostname {{ ansible_hostname }} -username cumulus nopassword -! -service integrated-vtysh-config -! -log syslog informational -! -vrf mgmt - ip route 10.0.1.0/24 {{ ansible_host }} nexthop-vrf default - exit-vrf -! -router bgp {{ asn }} - bgp router-id {{ lo }} - neighbor FABRIC peer-group - neighbor FABRIC remote-as external - {% for iface in uplinks %} - neighbor {{ iface.name }} interface peer-group FABRIC - {% endfor %} - ! - address-family ipv4 unicast - neighbor FABRIC activate - redistribute connected route-map LOOPBACKS - exit-address-family - ! - address-family l2vpn evpn - neighbor FABRIC activate - advertise-all-vni - exit-address-family -! -route-map LOOPBACKS permit 10 - match interface lo -! -{% if metal_partition_mgmt_gateway %} -ip route 0.0.0.0/0 {{ metal_partition_mgmt_gateway }} nexthop-vrf mgmt -! -{% endif %} -line vty -! diff --git a/roles/cumulus/templates/interfaces.j2 b/roles/cumulus/templates/interfaces.j2 deleted file mode 100644 index b65f7590..00000000 --- a/roles/cumulus/templates/interfaces.j2 +++ /dev/null @@ -1,57 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/*.intf - -# The loopback network interface -auto lo -iface lo inet loopback - address {{ lo }}/32 - -# The primary network interface -auto eth0 -iface eth0 inet dhcp - vrf mgmt - -auto mgmt -iface mgmt - address 127.0.0.1/8 - vrf-table auto - -{% for iface in interfaces %} -auto {{ iface.name }} -iface {{ iface.name }} - mtu {{ mtu.default }} - bridge-access 4000 - -{% endfor %} -{% for iface in uplinks %} -auto {{ iface.name }} -iface {{ iface.name }} - mtu {{ mtu.vxlan }} - -{% endfor %} - -auto bridge -iface bridge - bridge-ports {% for iface in interfaces %}{{ iface.name }} {% endfor %}vni104000 - bridge-vids 4000 - bridge-vlan-aware yes - -auto vlan4000 -iface vlan4000 - mtu {{ mtu.default }} - address {{ metal_core_cidr }} - vlan-id 4000 - vlan-raw-device bridge - -auto vni104000 -iface vni104000 - mtu {{ mtu.default }} - bridge-access 4000 - bridge-learning off - mstpctl-bpduguard yes - mstpctl-portbpdufilter yes - vxlan-id 104000 - vxlan-local-tunnelip {{ lo }} - From a04652bd290d8c91a17cf19f029c8bdc9857aa98 Mon Sep 17 00:00:00 2001 From: Robert Volkmann Date: Wed, 17 Jul 2024 07:52:57 +0200 Subject: [PATCH 2/3] Remove obsolete variables for metal core --- inventories/group_vars/partition/metal_core.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/inventories/group_vars/partition/metal_core.yaml b/inventories/group_vars/partition/metal_core.yaml index cb206949..f16b7b95 100644 --- a/inventories/group_vars/partition/metal_core.yaml +++ b/inventories/group_vars/partition/metal_core.yaml @@ -1,9 +1,4 @@ --- -metal_core_change_boot_order: false - -metal_core_nsqd_ca_cert: "{{ lookup('file', 'certs/ca.pem') }}" -metal_core_nsqd_client_cert: "{{ lookup('file', 'certs/nsq/client.crt') }}" - metal_core_rack_id: test-rack metal_core_log_level: debug From e12da4e51e71c29bee26a35c1f33f92986c2b8a8 Mon Sep 17 00:00:00 2001 From: Robert Volkmann Date: Wed, 17 Jul 2024 07:53:46 +0200 Subject: [PATCH 3/3] Move apt transport fix into defaults --- mini-lab.cumulus.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/mini-lab.cumulus.yaml b/mini-lab.cumulus.yaml index a686ea3d..19bcee10 100644 --- a/mini-lab.cumulus.yaml +++ b/mini-lab.cumulus.yaml @@ -13,19 +13,15 @@ topology: labels: ansible-group: cumulus binds: + - apt-transport-https.tar.gz:/root/jessie-apt-transport-fix.tar.gz - files/ssh/id_rsa.pub:/root/.ssh/authorized_keys linux: image: ${MINI_LAB_VM_IMAGE} - nodes: leaf01: kind: cvx - binds: - - apt-transport-https.tar.gz:/root/jessie-apt-transport-fix.tar.gz leaf02: kind: cvx - binds: - - apt-transport-https.tar.gz:/root/jessie-apt-transport-fix.tar.gz vms: kind: linux binds: