diff --git a/partition/README.md b/partition/README.md index be05f469..d61154e8 100644 --- a/partition/README.md +++ b/partition/README.md @@ -38,11 +38,9 @@ You can look up all the default values [here](partition-defaults/main.yaml). | [dhcp-relay](roles/dhcp-relay) | Deploys a dhcp-relay | | [docker-on-cumulus](roles/docker-on-cumulus) | Deploys docker on cumulus | | [metal-bmc](roles/metal-bmc) | Deploys metal-bmc | -| [leaf](roles/leaf) | Deploys network config for cumulus switches | | [metal-core](roles/metal-core) | Deploys metal-core | | [pixiecore](roles/pixiecore) | Deploys pixiecore | | [promtail](roles/promtail) | Deploys promtail | -| [router](roles/router) | Deploys router config on cumulus switches | ## Examples diff --git a/partition/roles/leaf/files/bridgemac.json b/partition/roles/leaf/files/bridgemac.json deleted file mode 100644 index 14b83eda..00000000 --- a/partition/roles/leaf/files/bridgemac.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "bridge": { - "module_globals": { - "bridge_mac_iface": ["eth0", "eth1"] - } - } -} diff --git a/partition/roles/leaf/handlers/main.yaml b/partition/roles/leaf/handlers/main.yaml deleted file mode 100644 index 86eca2de..00000000 --- a/partition/roles/leaf/handlers/main.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: reload interfaces - shell: sleep 3; ifreload -a - async: 1 - poll: 0 - notify: wait for new connection - -- name: wait for new connection - wait_for_connection: - connect_timeout: 20 - sleep: 5 - delay: 5 - timeout: 300 diff --git a/partition/roles/leaf/tasks/main.yaml b/partition/roles/leaf/tasks/main.yaml deleted file mode 100644 index c7af3fb3..00000000 --- a/partition/roles/leaf/tasks/main.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: configure leaf - include_role: - name: metal-roles/partition/roles/router - vars: - router_enable_static_route_leak: true - -- name: flush handlers - meta: flush_handlers - -- name: masquerade for eth0 - iptables: - table: nat - chain: POSTROUTING - out_interface: eth0 - jump: MASQUERADE - -- name: check for static route in mgmt vrf - command: ip r s vrf mgmt - register: route_check - changed_when: false - -- name: ensure that static route for return path to pxe network is present - command: "ip r a 10.0.1.0/24 vrf mgmt via {{ dhcp_server_ip }} dev vlan4000" - when: - - '"10.0.1.0/24" not in route_check.stdout' - - dhcp_server_ip is defined - -- name: create bridgemac.json - copy: - src: bridgemac.json - dest: /etc/network/ifupdown2/policy.d/bridgemac.json - notify: reload interfaces diff --git a/partition/roles/leaf/templates/bak/frr.conf.j2.bak b/partition/roles/leaf/templates/bak/frr.conf.j2.bak deleted file mode 100644 index 8b137891..00000000 --- a/partition/roles/leaf/templates/bak/frr.conf.j2.bak +++ /dev/null @@ -1 +0,0 @@ - diff --git a/partition/roles/leaf/templates/bak/interfaces.j2.bak b/partition/roles/leaf/templates/bak/interfaces.j2.bak deleted file mode 100644 index 8b137891..00000000 --- a/partition/roles/leaf/templates/bak/interfaces.j2.bak +++ /dev/null @@ -1 +0,0 @@ - diff --git a/partition/roles/leaf/templates/frr.conf.j2 b/partition/roles/leaf/templates/frr.conf.j2 deleted file mode 100644 index 384314af..00000000 --- a/partition/roles/leaf/templates/frr.conf.j2 +++ /dev/null @@ -1,41 +0,0 @@ -#jinja2: lstrip_blocks: "True", trim_blocks: "True" -frr version 4.0+cl3u9 -frr defaults datacenter -hostname {{ ansible_hostname }} -username cumulus nopassword -! -service integrated-vtysh-config -! -log syslog informational -! -vrf mgmt - ip route 10.0.1.0/24 {{ ansible_host }} nexthop-vrf default - exit-vrf -! -router bgp {{ asn }} - bgp router-id {{ lo }} - neighbor FABRIC peer-group - neighbor FABRIC remote-as external - {% for iface in uplinks %} - neighbor {{ iface.name }} interface peer-group FABRIC - {% endfor %} - ! - address-family ipv4 unicast - neighbor FABRIC activate - redistribute connected route-map LOOPBACKS - exit-address-family - ! - address-family l2vpn evpn - neighbor FABRIC activate - advertise-all-vni - exit-address-family -! -route-map LOOPBACKS permit 10 - match interface lo -! -{% if metal_partition_mgmt_gateway %} -ip route 0.0.0.0/0 {{ metal_partition_mgmt_gateway }} nexthop-vrf mgmt -! -{% endif %} -line vty -! diff --git a/partition/roles/leaf/templates/interfaces.j2 b/partition/roles/leaf/templates/interfaces.j2 deleted file mode 100644 index b65f7590..00000000 --- a/partition/roles/leaf/templates/interfaces.j2 +++ /dev/null @@ -1,57 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/*.intf - -# The loopback network interface -auto lo -iface lo inet loopback - address {{ lo }}/32 - -# The primary network interface -auto eth0 -iface eth0 inet dhcp - vrf mgmt - -auto mgmt -iface mgmt - address 127.0.0.1/8 - vrf-table auto - -{% for iface in interfaces %} -auto {{ iface.name }} -iface {{ iface.name }} - mtu {{ mtu.default }} - bridge-access 4000 - -{% endfor %} -{% for iface in uplinks %} -auto {{ iface.name }} -iface {{ iface.name }} - mtu {{ mtu.vxlan }} - -{% endfor %} - -auto bridge -iface bridge - bridge-ports {% for iface in interfaces %}{{ iface.name }} {% endfor %}vni104000 - bridge-vids 4000 - bridge-vlan-aware yes - -auto vlan4000 -iface vlan4000 - mtu {{ mtu.default }} - address {{ metal_core_cidr }} - vlan-id 4000 - vlan-raw-device bridge - -auto vni104000 -iface vni104000 - mtu {{ mtu.default }} - bridge-access 4000 - bridge-learning off - mstpctl-bpduguard yes - mstpctl-portbpdufilter yes - vxlan-id 104000 - vxlan-local-tunnelip {{ lo }} - diff --git a/partition/roles/router/defaults/main.yaml b/partition/roles/router/defaults/main.yaml deleted file mode 100644 index 8d7b1500..00000000 --- a/partition/roles/router/defaults/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -router_enable_mgmt_vrf: true -router_enable_static_route_leak: false - -router_nameservers: [] diff --git a/partition/roles/router/files/99control_plane_catch_all.rules b/partition/roles/router/files/99control_plane_catch_all.rules deleted file mode 100644 index d469ae8e..00000000 --- a/partition/roles/router/files/99control_plane_catch_all.rules +++ /dev/null @@ -1,36 +0,0 @@ -# -# Note: These are catch-all rules that shall be last in the over all rule set. -# - -INGRESS_INTF = swp+ - -INGRESS_CHAIN = INPUT - - - -[iptables] - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -m addrtype --dst-type LOCAL -j POLICE --set-mode pkt --set-rate 1000 --set-burst 10000 --set-class 2 - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -m addrtype --dst-type IPROUTER -j POLICE --set-mode pkt --set-rate 30000 --set-burst 70000 --set-class 2 - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -j SETCLASS --class 0 - - -[ip6tables] - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -m addrtype --dst-type LOCAL -j POLICE --set-mode pkt --set-rate 1000 --set-burst 1000 --set-class 2 - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -m addrtype --dst-type IPROUTER -j POLICE --set-mode pkt --set-rate 400 --set-burst 100 --set-class 2 - --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -j SETCLASS --class 0 - - -[ebtables] - --A $INGRESS_CHAIN -p ipv4 --in-interface $INGRESS_INTF -j ACCEPT --A $INGRESS_CHAIN -p ipv6 --in-interface $INGRESS_INTF -j ACCEPT --A $INGRESS_CHAIN --in-interface $INGRESS_INTF -j setclass --class 0 -# ipv4 multicast misses --A $INGRESS_CHAIN -p ipv4 -d 01:00:5e:00:00:00/ff:ff:ff:80:00:00 -j police --set-mode pkt --set-rate 100 --set-burst 100 --A $INGRESS_CHAIN -j police --set-mode pkt --set-rate 100 --set-burst 100 diff --git a/partition/roles/router/files/daemons b/partition/roles/router/files/daemons deleted file mode 100644 index c86f9822..00000000 --- a/partition/roles/router/files/daemons +++ /dev/null @@ -1,2 +0,0 @@ -bgpd=yes -zebra=yes \ No newline at end of file diff --git a/partition/roles/router/files/frr-validation@.service b/partition/roles/router/files/frr-validation@.service deleted file mode 100644 index d2e9e276..00000000 --- a/partition/roles/router/files/frr-validation@.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Trigger a validation run of a frr configuration file %I - -[Service] -Type=oneshot -ExecStart=/usr/bin/vtysh --dryrun --inputfile %I -StandardOutput=journal - -[Install] -WantedBy=multi-user.target diff --git a/partition/roles/router/files/ifreload.service b/partition/roles/router/files/ifreload.service deleted file mode 100644 index a71205a4..00000000 --- a/partition/roles/router/files/ifreload.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Trigger Interface Reload with ifreload - -[Service] -Type=oneshot -ExecStart=/sbin/ifreload -v -a -StandardOutput=journal - -[Install] -WantedBy=multi-user.target diff --git a/partition/roles/router/files/interfaces-validation@.service b/partition/roles/router/files/interfaces-validation@.service deleted file mode 100644 index 9df7795b..00000000 --- a/partition/roles/router/files/interfaces-validation@.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Trigger a validation of a network interfaces file %I - -[Service] -Type=oneshot -ExecStart=/sbin/ifup --syntax-check --verbose --all --interfaces %I -StandardOutput=journal - -[Install] -WantedBy=multi-user.target diff --git a/partition/roles/router/files/lldpd.d/portsubtype.conf b/partition/roles/router/files/lldpd.d/portsubtype.conf deleted file mode 100644 index c54ba139..00000000 --- a/partition/roles/router/files/lldpd.d/portsubtype.conf +++ /dev/null @@ -1,2 +0,0 @@ -configure lldp portidsubtype macaddress - diff --git a/partition/roles/router/files/lldpd.d/tx-interval.conf b/partition/roles/router/files/lldpd.d/tx-interval.conf deleted file mode 100644 index 44c7ec2b..00000000 --- a/partition/roles/router/files/lldpd.d/tx-interval.conf +++ /dev/null @@ -1 +0,0 @@ -configure lldp tx-interval 10 diff --git a/partition/roles/router/handlers/main.yaml b/partition/roles/router/handlers/main.yaml deleted file mode 100644 index b4c228f3..00000000 --- a/partition/roles/router/handlers/main.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: reload systemd - systemd: - daemon_reload: yes - -- name: reload sysctl - command: sysctl --system - -- name: restart switchd - service: - name: switchd.service - enabled: true - state: restarted - -- name: reload interfaces - shell: sleep 3; ifreload -a - async: 1 - poll: 0 - notify: wait for new connection - -- name: wait for new connection - wait_for_connection: - connect_timeout: 20 - sleep: 5 - delay: 5 - timeout: 300 - -- name: reload frr - service: - name: frr - enabled: true - state: reloaded - -- name: restart frr - service: - name: frr - enabled: true - state: restarted - -- name: lldpd restart - service: - name: lldpd - enabled: true - state: restarted - -- name: restart ntp@mgmt - service: - name: ntp@mgmt - enabled: true - state: restarted diff --git a/partition/roles/router/tasks/main.yaml b/partition/roles/router/tasks/main.yaml deleted file mode 100644 index 734a48d6..00000000 --- a/partition/roles/router/tasks/main.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -- name: configure mgmt vrf - import_tasks: mgmt_vrf.yaml - when: router_enable_mgmt_vrf - -- name: configure switch plane - import_tasks: switch_plane.yaml - when: ports is defined - -- name: flush handlers - meta: flush_handlers - -- name: install services - copy: - src: "{{ item }}" - dest: "/etc/systemd/system/{{ item }}" - notify: reload systemd - with_items: - - frr-validation@.service - - interfaces-validation@.service - - ifreload.service - -- name: copy lldpd configs - copy: - src: lldpd.d/ - dest: /etc/lldpd.d/ - notify: lldpd restart - -- name: check if lldpd has the correct portidsubtype setting - shell: lldpcli show configuration | grep subtype - register: lldpd_subtype_check - changed_when: false - -- name: trigger lldpd restart if portidsubtype setting is wrong - service: - name: lldpd - state: restarted - when: ("macaddress" not in lldpd_subtype_check.stdout) - -- name: populate service facts - service_facts: - -- name: render interfaces configuration - template: - src: interfaces.j2 - dest: /etc/network/interfaces - validate: '/sbin/ifup --syntax-check --all --interfaces %s' - notify: reload interfaces - when: "ansible_facts.services['metal-core.service'] is not defined" - -- name: render custom interfaces configuration section - copy: - content: "{{ custom_interface_section }}" - dest: /etc/network/interfaces.d/99_custom.intf - validate: '/sbin/ifup --syntax-check --all --interfaces %s' - notify: reload interfaces - when: custom_interface_section is defined - -- name: render resolv.conf - template: - src: resolv.conf.j2 - dest: /etc/resolv.conf - notify: reload interfaces - -- name: enable frr daemons - copy: - src: daemons - dest: /etc/frr/daemons - notify: restart frr - -- name: render frr configuration - template: - src: frr.conf.j2 - dest: /etc/frr/frr.conf - validate: '/usr/bin/vtysh --dryrun --inputfile %s' - tags: frr - register: frr_rendered - notify: reload frr - when: "ansible_facts.services['metal-core.service'] is not defined" - -- name: set hostname - nclu: - commands: - - add hostname {{ metal_partition_id }}-{{ inventory_hostname }} - commit: true diff --git a/partition/roles/router/tasks/mgmt_vrf.yaml b/partition/roles/router/tasks/mgmt_vrf.yaml deleted file mode 100644 index 5451e7bd..00000000 --- a/partition/roles/router/tasks/mgmt_vrf.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: check if mgmt vrf is active - shell: vrf list | grep mgmt - changed_when: false - failed_when: false - register: mgmt_vrf_exists - -- name: activate mgmt vrf; drops connections - nclu: - commands: - - add vrf mgmt - commit: true - async: 1 - poll: 0 - when: mgmt_vrf_exists.rc != 0 - -- name: wait for new connection - wait_for_connection: - connect_timeout: 20 - sleep: 2 - delay: 6 - timeout: 60 diff --git a/partition/roles/router/tasks/switch_plane.yaml b/partition/roles/router/tasks/switch_plane.yaml deleted file mode 100644 index 6ccb1203..00000000 --- a/partition/roles/router/tasks/switch_plane.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: render ports.conf - template: - src: ports.conf.j2 - dest: /etc/cumulus/ports.conf - notify: restart switchd - -- name: enable static route leak to apply hardware support - replace: - path: /etc/cumulus/switchd.conf - regexp: '#vrf_route_leak_enable = FALSE' - replace: 'vrf_route_leak_enable = TRUE' - when: router_enable_static_route_leak - notify: restart switchd diff --git a/partition/roles/router/templates/ports.conf.j2 b/partition/roles/router/templates/ports.conf.j2 deleted file mode 100644 index 238f4970..00000000 --- a/partition/roles/router/templates/ports.conf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# ports.conf -- -# = [4x10G|4x25G|2x50G|40G|50G|100G] -{% for key, value in ports|dictsort %} -{{ key }}={{ value }} -{% endfor %} diff --git a/partition/roles/router/templates/resolv.conf.j2 b/partition/roles/router/templates/resolv.conf.j2 deleted file mode 100644 index 41c31ff2..00000000 --- a/partition/roles/router/templates/resolv.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for ns in router_nameservers %} -nameserver {{ ns }} -{% endfor %}