From 76d2ba51d28702116c25e7dc1f480fafba41ef6d Mon Sep 17 00:00:00 2001 From: iljarotar Date: Wed, 13 Nov 2024 14:05:55 +0100 Subject: [PATCH] setup sonic via ztp only --- partition/roles/ztp/README.md | 22 +++++++++------- partition/roles/ztp/defaults/main/main.yaml | 5 ++++ partition/roles/ztp/files/config_db.json | 7 ----- partition/roles/ztp/files/reload.sh | 3 --- partition/roles/ztp/tasks/main.yaml | 29 ++++++--------------- partition/roles/ztp/templates/ztp.json.j2 | 25 +++++++++++++----- 6 files changed, 44 insertions(+), 47 deletions(-) delete mode 100644 partition/roles/ztp/files/config_db.json delete mode 100644 partition/roles/ztp/files/reload.sh diff --git a/partition/roles/ztp/README.md b/partition/roles/ztp/README.md index f49ae6f1..bb5055cb 100644 --- a/partition/roles/ztp/README.md +++ b/partition/roles/ztp/README.md @@ -4,16 +4,18 @@ Configures a server for providing zero-touch-provisioning scripts for switches. ## Variables -| Name | Mandatory | Description | -| -------------------- | --------- | ----------------------------------------------------------- | -| ztp_nginx_image_name | yes | the docker image to use to serve ztp scripts. | -| ztp_nginx_image_tag | yes | the tag of the docker image to use to serve ztp scripts. | -| ztp_host_dir_path | | the path to serve ztp scripts from. | -| ztp_listen_address | | the address used to serve ztp requests | -| ztp_port | | the port to serve ztp scripts on. | -| ztp_authorized_keys | yes | the authorized keys that should be installed by ztp. | -| ztp_admin_user | | the user for which the authorized keys will be provisioned. | -| ztp_additional_files | | puts additional files into serve directory. | +| Name | Mandatory | Description | +| ----------------------- | --------- | ------------------------------------------------------------ | +| ztp_nginx_image_name | yes | the docker image to use to serve ztp scripts. | +| ztp_nginx_image_tag | yes | the tag of the docker image to use to serve ztp scripts. | +| ztp_host_dir_path | | the path to serve ztp scripts from. | +| ztp_listen_address | | the address used to serve ztp requests | +| ztp_port | | the port to serve ztp scripts on. | +| ztp_authorized_keys | yes | the authorized keys that should be installed by ztp. | +| ztp_admin_user | | the user for which the authorized keys will be provisioned. | +| ztp_additional_files | | puts additional files into serve directory. | +| ztp_sonic_nameservers | | the nameservers to put into resolv.conf for sonic | +| ztp_sonic_extended_cacl | | used to populate /etc/sonic/iptables.json for sonic switches | ## Provisioning SONiC Switches via ztp.json diff --git a/partition/roles/ztp/defaults/main/main.yaml b/partition/roles/ztp/defaults/main/main.yaml index 01dfafc3..1e49003d 100644 --- a/partition/roles/ztp/defaults/main/main.yaml +++ b/partition/roles/ztp/defaults/main/main.yaml @@ -10,3 +10,8 @@ ztp_port: 8080 ztp_additional_files: [] # - name: foo.sh # data: echo + +ztp_sonic_nameservers: [] +ztp_sonic_extended_cacl: + ipv4: [] + ipv6: [] diff --git a/partition/roles/ztp/files/config_db.json b/partition/roles/ztp/files/config_db.json deleted file mode 100644 index 0d7ecddd..00000000 --- a/partition/roles/ztp/files/config_db.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "DEVICE_METADATA": { - "localhost": { - "docker_routing_config_mode": "split" - } - } -} \ No newline at end of file diff --git a/partition/roles/ztp/files/reload.sh b/partition/roles/ztp/files/reload.sh deleted file mode 100644 index 4712145e..00000000 --- a/partition/roles/ztp/files/reload.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -sudo systemctl restart bgp diff --git a/partition/roles/ztp/tasks/main.yaml b/partition/roles/ztp/tasks/main.yaml index 1f17f311..f46ecbf4 100644 --- a/partition/roles/ztp/tasks/main.yaml +++ b/partition/roles/ztp/tasks/main.yaml @@ -17,29 +17,16 @@ path: "{{ ztp_host_dir_path }}/config" state: directory -- name: render ztp script +- name: render templates template: - src: "ztp.sh.j2" - dest: "{{ ztp_host_dir_path }}/config/ztp.sh" - mode: 0644 - -- name: copy config_db.json - copy: - src: "config_db.json" - dest: "{{ ztp_host_dir_path }}/config/config_db.json" - mode: 0644 - -- name: copy reload script - copy: - src: "reload.sh" - dest: "{{ ztp_host_dir_path }}/config/reload.sh" - mode: 0644 - -- name: render ztp.json - template: - src: "ztp.json.j2" - dest: "{{ ztp_host_dir_path }}/config/ztp.json" + src: "{{ item }}" + dest: "{{ ztp_host_dir_path }}/config/{{ item | splitext | first }}" mode: 0644 + loop: + - iptables.json.j2 + - resolv.conf.j2 + - ztp.json.j2 + - ztp.sh.j2 - name: copy additional contents copy: diff --git a/partition/roles/ztp/templates/ztp.json.j2 b/partition/roles/ztp/templates/ztp.json.j2 index 29da1d14..6930ca30 100644 --- a/partition/roles/ztp/templates/ztp.json.j2 +++ b/partition/roles/ztp/templates/ztp.json.j2 @@ -5,17 +5,30 @@ "url": "http://{{ ztp_listen_address }}:{{ ztp_port }}/ztp.sh" } }, - "03-configdb-json": { + "03-additional-files": { "url": { - "source": "http://{{ ztp_listen_address }}:{{ ztp_port }}/config_db.json" + "source": "http://{{ ztp_listen_address }}:{{ ztp_port }}/resolv.conf", + "destination": "/etc/resolv.conf" }, + "url": { + "source": "http://{{ ztp_listen_address }}:{{ ztp_port }}/iptables.json", + "destination": "/etc/sonic/iptables.json" + } + }, + "04-configdb-json": { + "dynamic-url": { + "source": { + "prefix": "http://{{ ztp_listen_address }}:{{ ztp_port }}/", + "identifier": "hostname", + "suffix": "_config_db.json" + }, "clear-config": false }, - "04-reload": { - "plugin": { - "url": "http://{{ ztp_listen_address }}:{{ ztp_port }}/reload.sh" - } +{% if ztp_additional_files | selectattr('name', 'equalto', 'ztp-additional-script.sh') %} + "05-ztp-additional-script": { + "plugin": "http://{{ ztp_listen_address }}:{{ ztp_port }}/ztp-additional-script.sh", }, +{% endif %} "restart-ztp-no-config": false } }