From accb2520ea7dc8a6f5b84276fd38dc4ecd5109bc Mon Sep 17 00:00:00 2001 From: John Arnold Date: Mon, 29 Aug 2016 18:02:26 +0000 Subject: [PATCH] Added: ansible/roles/sonicv2 --- ansible/roles/sonicv2/files/bin/bcmcmd.v2 | 2 + ansible/roles/sonicv2/files/bin/vtysh | 2 + ansible/roles/sonicv2/files/docker_clean.sh | 16 ++ .../files/ssw/ACS-MSN2700/port_config.ini | 33 ++++ .../files/ssw/ACS-S6000/port_config.ini | 33 ++++ .../files/ssw/Force10-S6000/port_config.ini | 33 ++++ ansible/roles/sonicv2/files/ssw/knet.soc | 65 +++++++ ansible/roles/sonicv2/handlers/main.yml | 5 + ansible/roles/sonicv2/tasks/main.yml | 35 ++++ ansible/roles/sonicv2/tasks/quagga.yml | 80 ++++++++ ansible/roles/sonicv2/tasks/sonic-brcm.yml | 55 ++++++ ansible/roles/sonicv2/tasks/sonic-mlnx.yml | 51 +++++ ansible/roles/sonicv2/tasks/sonicdocker.yml | 179 ++++++++++++++++++ .../roles/sonicv2/tasks/sonicdocker_clean.yml | 5 + .../templates/etc/systemd/system/bgp.j2 | 12 ++ .../templates/etc/systemd/system/orchagent.j2 | 14 ++ .../templates/etc/systemd/system/syncd.j2 | 19 ++ .../sonicv2/templates/quagga/bgpd.conf.j2 | 48 +++++ .../roles/sonicv2/templates/quagga/daemons | 32 ++++ .../roles/sonicv2/templates/quagga/isolate.j2 | 20 ++ .../sonicv2/templates/quagga/unisolate.j2 | 20 ++ .../sonicv2/templates/quagga/zebra.conf.j2 | 42 ++++ .../sonicv2/templates/vlan_interfaces.j2 | 18 ++ 23 files changed, 819 insertions(+) create mode 100755 ansible/roles/sonicv2/files/bin/bcmcmd.v2 create mode 100755 ansible/roles/sonicv2/files/bin/vtysh create mode 100644 ansible/roles/sonicv2/files/docker_clean.sh create mode 100644 ansible/roles/sonicv2/files/ssw/ACS-MSN2700/port_config.ini create mode 100644 ansible/roles/sonicv2/files/ssw/ACS-S6000/port_config.ini create mode 100644 ansible/roles/sonicv2/files/ssw/Force10-S6000/port_config.ini create mode 100644 ansible/roles/sonicv2/files/ssw/knet.soc create mode 100644 ansible/roles/sonicv2/handlers/main.yml create mode 100644 ansible/roles/sonicv2/tasks/main.yml create mode 100644 ansible/roles/sonicv2/tasks/quagga.yml create mode 100644 ansible/roles/sonicv2/tasks/sonic-brcm.yml create mode 100644 ansible/roles/sonicv2/tasks/sonic-mlnx.yml create mode 100644 ansible/roles/sonicv2/tasks/sonicdocker.yml create mode 100644 ansible/roles/sonicv2/tasks/sonicdocker_clean.yml create mode 100644 ansible/roles/sonicv2/templates/etc/systemd/system/bgp.j2 create mode 100644 ansible/roles/sonicv2/templates/etc/systemd/system/orchagent.j2 create mode 100644 ansible/roles/sonicv2/templates/etc/systemd/system/syncd.j2 create mode 100644 ansible/roles/sonicv2/templates/quagga/bgpd.conf.j2 create mode 100644 ansible/roles/sonicv2/templates/quagga/daemons create mode 100755 ansible/roles/sonicv2/templates/quagga/isolate.j2 create mode 100755 ansible/roles/sonicv2/templates/quagga/unisolate.j2 create mode 100644 ansible/roles/sonicv2/templates/quagga/zebra.conf.j2 create mode 100644 ansible/roles/sonicv2/templates/vlan_interfaces.j2 diff --git a/ansible/roles/sonicv2/files/bin/bcmcmd.v2 b/ansible/roles/sonicv2/files/bin/bcmcmd.v2 new file mode 100755 index 0000000000..ec263e6d54 --- /dev/null +++ b/ansible/roles/sonicv2/files/bin/bcmcmd.v2 @@ -0,0 +1,2 @@ +#!/bin/bash +docker exec -i syncd bcmcmd "$@" diff --git a/ansible/roles/sonicv2/files/bin/vtysh b/ansible/roles/sonicv2/files/bin/vtysh new file mode 100755 index 0000000000..359101c06c --- /dev/null +++ b/ansible/roles/sonicv2/files/bin/vtysh @@ -0,0 +1,2 @@ +#!/bin/bash +docker exec -i bgp vtysh "$@" diff --git a/ansible/roles/sonicv2/files/docker_clean.sh b/ansible/roles/sonicv2/files/docker_clean.sh new file mode 100644 index 0000000000..d384b06f5a --- /dev/null +++ b/ansible/roles/sonicv2/files/docker_clean.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Clean up untagged docker images, ie. ':' +docker images -q --filter "dangling=true" | xargs --no-run-if-empty docker rmi + +# Clean up unused docker images, but ignore untagged docker images +# Note: +# if there is no tag or repository for one image, it will shows as 'repository:' +# or ':TAG' or ':' +# docker ps ...: +# list all used image +# docker images ...: +# list all images by tag and by digest +# grep -xvf A B: +# exclude all lines from file B matching any whole line in file A +grep -xvf <(docker ps -a --format {{.Image}}) <(docker images --format '{{.Repository}}:{{.Tag}}\n{{.Repository}}@{{.Digest}}' | grep -v '') | xargs --no-run-if-empty docker rmi diff --git a/ansible/roles/sonicv2/files/ssw/ACS-MSN2700/port_config.ini b/ansible/roles/sonicv2/files/ssw/ACS-MSN2700/port_config.ini new file mode 100644 index 0000000000..ae703f020d --- /dev/null +++ b/ansible/roles/sonicv2/files/ssw/ACS-MSN2700/port_config.ini @@ -0,0 +1,33 @@ +# alias lanes +Ethernet0 0,1,2,3 +Ethernet4 4,5,6,7 +Ethernet8 8,9,10,11 +Ethernet12 12,13,14,15 +Ethernet16 16,17,18,19 +Ethernet20 20,21,22,23 +Ethernet24 24,25,26,27 +Ethernet28 28,29,30,31 +Ethernet32 32,33,34,35 +Ethernet36 36,37,38,39 +Ethernet40 40,41,42,43 +Ethernet44 44,45,46,47 +Ethernet48 48,49,50,51 +Ethernet52 52,53,54,55 +Ethernet56 56,57,58,59 +Ethernet60 60,61,62,63 +Ethernet64 64,65,66,67 +Ethernet68 68,69,70,71 +Ethernet72 72,73,74,75 +Ethernet76 76,77,78,79 +Ethernet80 80,81,82,83 +Ethernet84 84,85,86,87 +Ethernet88 88,89,90,91 +Ethernet92 92,93,94,95 +Ethernet96 96,97,98,99 +Ethernet100 100,101,102,103 +Ethernet104 104,105,106,107 +Ethernet108 108,109,110,111 +Ethernet112 112,113,114,115 +Ethernet116 116,117,118,119 +Ethernet120 120,121,122,123 +Ethernet124 124,125,126,127 diff --git a/ansible/roles/sonicv2/files/ssw/ACS-S6000/port_config.ini b/ansible/roles/sonicv2/files/ssw/ACS-S6000/port_config.ini new file mode 100644 index 0000000000..7161416e4d --- /dev/null +++ b/ansible/roles/sonicv2/files/ssw/ACS-S6000/port_config.ini @@ -0,0 +1,33 @@ +# alias lanes +Ethernet0 29,30,31,32 +Ethernet4 25,26,27,28 +Ethernet8 37,38,39,40 +Ethernet12 33,34,35,36 +Ethernet16 41,42,43,44 +Ethernet20 45,46,47,48 +Ethernet24 5,6,7,8 +Ethernet28 1,2,3,4 +Ethernet32 9,10,11,12 +Ethernet36 13,14,15,16 +Ethernet40 21,22,23,24 +Ethernet44 17,18,19,20 +Ethernet48 49,50,51,52 +Ethernet52 53,54,55,56 +Ethernet56 61,62,63,64 +Ethernet60 57,58,59,60 +Ethernet64 65,66,67,68 +Ethernet68 69,70,71,72 +Ethernet72 77,78,79,80 +Ethernet76 73,74,75,76 +Ethernet80 105,106,107,108 +Ethernet84 109,110,111,112 +Ethernet88 117,118,119,120 +Ethernet92 113,114,115,116 +Ethernet96 121,122,123,124 +Ethernet100 125,126,127,128 +Ethernet104 85,86,87,88 +Ethernet108 81,82,83,84 +Ethernet112 89,90,91,92 +Ethernet116 93,94,95,96 +Ethernet120 97,98,99,100 +Ethernet124 101,102,103,104 diff --git a/ansible/roles/sonicv2/files/ssw/Force10-S6000/port_config.ini b/ansible/roles/sonicv2/files/ssw/Force10-S6000/port_config.ini new file mode 100644 index 0000000000..7161416e4d --- /dev/null +++ b/ansible/roles/sonicv2/files/ssw/Force10-S6000/port_config.ini @@ -0,0 +1,33 @@ +# alias lanes +Ethernet0 29,30,31,32 +Ethernet4 25,26,27,28 +Ethernet8 37,38,39,40 +Ethernet12 33,34,35,36 +Ethernet16 41,42,43,44 +Ethernet20 45,46,47,48 +Ethernet24 5,6,7,8 +Ethernet28 1,2,3,4 +Ethernet32 9,10,11,12 +Ethernet36 13,14,15,16 +Ethernet40 21,22,23,24 +Ethernet44 17,18,19,20 +Ethernet48 49,50,51,52 +Ethernet52 53,54,55,56 +Ethernet56 61,62,63,64 +Ethernet60 57,58,59,60 +Ethernet64 65,66,67,68 +Ethernet68 69,70,71,72 +Ethernet72 77,78,79,80 +Ethernet76 73,74,75,76 +Ethernet80 105,106,107,108 +Ethernet84 109,110,111,112 +Ethernet88 117,118,119,120 +Ethernet92 113,114,115,116 +Ethernet96 121,122,123,124 +Ethernet100 125,126,127,128 +Ethernet104 85,86,87,88 +Ethernet108 81,82,83,84 +Ethernet112 89,90,91,92 +Ethernet116 93,94,95,96 +Ethernet120 97,98,99,100 +Ethernet124 101,102,103,104 diff --git a/ansible/roles/sonicv2/files/ssw/knet.soc b/ansible/roles/sonicv2/files/ssw/knet.soc new file mode 100644 index 0000000000..60bbfbea61 --- /dev/null +++ b/ansible/roles/sonicv2/files/ssw/knet.soc @@ -0,0 +1,65 @@ +knet netif create port=xe0 rcpu=no ifname=et0_0 +knet filter create desttype=netif destid=1 ingport=xe0 desc="et0_0" +knet netif create port=xe1 rcpu=no ifname=et0_4 +knet filter create desttype=netif destid=2 ingport=xe1 desc="et0_0" +knet netif create port=xe2 rcpu=no ifname=et0_8 +knet filter create desttype=netif destid=3 ingport=xe2 desc="et0_8" +knet netif create port=xe3 rcpu=no ifname=et0_12 +knet filter create desttype=netif destid=4 ingport=xe3 desc="et0_12" +knet netif create port=xe4 rcpu=no ifname=et0_16 +knet filter create desttype=netif destid=5 ingport=xe4 desc="et0_16" +knet netif create port=xe5 rcpu=no ifname=et0_20 +knet filter create desttype=netif destid=6 ingport=xe5 desc="et0_20" +knet netif create port=xe6 rcpu=no ifname=et0_24 +knet filter create desttype=netif destid=7 ingport=xe6 desc="et0_24" +knet netif create port=xe7 rcpu=no ifname=et0_28 +knet filter create desttype=netif destid=8 ingport=xe7 desc="et0_28" +knet netif create port=xe8 rcpu=no ifname=et0_32 +knet filter create desttype=netif destid=9 ingport=xe8 desc="et0_32" +knet netif create port=xe9 rcpu=no ifname=et0_36 +knet filter create desttype=netif destid=10 ingport=xe9 desc="et0_36" +knet netif create port=xe10 rcpu=no ifname=et0_40 +knet filter create desttype=netif destid=11 ingport=xe10 desc="et0_40" +knet netif create port=xe11 rcpu=no ifname=et0_44 +knet filter create desttype=netif destid=12 ingport=xe11 desc="et0_44" +knet netif create port=xe12 rcpu=no ifname=et0_48 +knet filter create desttype=netif destid=13 ingport=xe12 desc="et0_48" +knet netif create port=xe13 rcpu=no ifname=et0_52 +knet filter create desttype=netif destid=14 ingport=xe13 desc="et0_52" +knet netif create port=xe14 rcpu=no ifname=et0_56 +knet filter create desttype=netif destid=15 ingport=xe14 desc="et0_56" +knet netif create port=xe15 rcpu=no ifname=et0_60 +knet filter create desttype=netif destid=16 ingport=xe15 desc="et0_60" +knet netif create port=xe16 rcpu=no ifname=et0_64 +knet filter create desttype=netif destid=17 ingport=xe16 desc="et0_64" +knet netif create port=xe17 rcpu=no ifname=et0_68 +knet filter create desttype=netif destid=18 ingport=xe17 desc="et0_68" +knet netif create port=xe18 rcpu=no ifname=et0_72 +knet filter create desttype=netif destid=19 ingport=xe18 desc="et0_72" +knet netif create port=xe19 rcpu=no ifname=et0_76 +knet filter create desttype=netif destid=20 ingport=xe19 desc="et0_76" +knet netif create port=xe20 rcpu=no ifname=et0_80 +knet filter create desttype=netif destid=21 ingport=xe20 desc="et0_80" +knet netif create port=xe21 rcpu=no ifname=et0_84 +knet filter create desttype=netif destid=22 ingport=xe21 desc="et0_84" +knet netif create port=xe22 rcpu=no ifname=et0_88 +knet filter create desttype=netif destid=23 ingport=xe22 desc="et0_88" +knet netif create port=xe23 rcpu=no ifname=et0_92 +knet filter create desttype=netif destid=24 ingport=xe23 desc="et0_92" +knet netif create port=xe24 rcpu=no ifname=et0_96 +knet filter create desttype=netif destid=25 ingport=xe24 desc="et0_96" +knet netif create port=xe25 rcpu=no ifname=et0_100 +knet filter create desttype=netif destid=26 ingport=xe25 desc="et0_100" +knet netif create port=xe26 rcpu=no ifname=et0_104 +knet filter create desttype=netif destid=27 ingport=xe26 desc="et0_104" +knet netif create port=xe27 rcpu=no ifname=et0_108 +knet filter create desttype=netif destid=28 ingport=xe27 desc="et0_108" +knet netif create port=xe28 rcpu=no ifname=et0_112 +knet filter create desttype=netif destid=29 ingport=xe28 desc="et0_112" +knet netif create port=xe29 rcpu=no ifname=et0_116 +knet filter create desttype=netif destid=30 ingport=xe29 desc="et0_116" +knet netif create port=xe30 rcpu=no ifname=et0_120 +knet filter create desttype=netif destid=31 ingport=xe30 desc="et0_120" +knet netif create port=xe31 rcpu=no ifname=et0_124 +knet filter create desttype=netif destid=32 ingport=xe31 desc="et0_124" +pw start diff --git a/ansible/roles/sonicv2/handlers/main.yml b/ansible/roles/sonicv2/handlers/main.yml new file mode 100644 index 0000000000..39cd77610d --- /dev/null +++ b/ansible/roles/sonicv2/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart Quagga Daemon + become: true + service: name=bgp + state=restarted diff --git a/ansible/roles/sonicv2/tasks/main.yml b/ansible/roles/sonicv2/tasks/main.yml new file mode 100644 index 0000000000..98e9fae3d5 --- /dev/null +++ b/ansible/roles/sonicv2/tasks/main.yml @@ -0,0 +1,35 @@ +# Setup VLAN Interfaces +- name: Copy VLAN Interfaces File. + become: true + template: src=vlan_interfaces.j2 + dest=/etc/network/interfaces.d/vlan_interfaces + owner=root + group=root + mode=0644 + register: if_copy + tags: network,unsafe + when: sonic_version == "v2" + +# SSW +- name: Copy SSW files. + become: true + copy: directory_mode=0755 + src=ssw/{{ sonic_hwsku }} + dest=/etc/ssw + owner=root + group=root + mode=0644 + tags: ssw + + +# SONiC +- include: sonic-brcm.yml + when: sonic_asic_type == 'broadcom' + tags: swss,unsafe + +- include: sonic-mlnx.yml + when: sonic_asic_type == 'mellanox' + tags: swss,unsafe + +- include: quagga.yml + tags: quagga,unsafe diff --git a/ansible/roles/sonicv2/tasks/quagga.yml b/ansible/roles/sonicv2/tasks/quagga.yml new file mode 100644 index 0000000000..cc3c0c5a13 --- /dev/null +++ b/ansible/roles/sonicv2/tasks/quagga.yml @@ -0,0 +1,80 @@ +- name: Clean up old container + include: sonicdocker.yml + vars: + docker_container: docker-bgp + docker_image: "{{ image_id_bgp }}" + docker_privileged: yes + docker_state: absent + + +- name: Start the BGP docker container (Quagga) + include: sonicdocker.yml + vars: + docker_container: bgp + docker_image: "{{ image_id_fpm }}" + docker_privileged: yes + docker_state: reloaded + +- block: + - name: Copy Device Specific Quagga Zebra Configuration File. + become: true + template: src=quagga/zebra.conf.j2 + dest=/etc/quagga/zebra.conf + owner=root + group=root + mode=0644 + notify: + - Restart Quagga Daemon + + - name: Copy Device Specific Quagga BGP Configuration File. + become: true + template: src=quagga/bgpd.conf.j2 + dest=/etc/quagga/bgpd.conf + owner=root + group=root + mode=0644 + notify: + - Restart Quagga Daemon + + # TODO: already in container, remove this template after stable version updated + - name: Copy Device Specific Quagga Daemons Configuration File. + become: true + template: src=quagga/daemons + dest=/etc/quagga/daemons + owner=root + group=root + mode=0644 + notify: + - Restart Quagga Daemon + + # Force handler flush to trigger daemon restarts + - meta: flush_handlers + + - name: Ensure Quagga Daemon running and enabled + become: true + service: name=quagga + state=running + enabled=yes + + - name: Copy BGP Isolating Scripts + become: true + template: src=quagga/{{item}}.j2 + dest=/usr/sbin/bgp-{{item}} + owner=root + group=root + mode=0755 + with_items: + - isolate + - unisolate + + vars: + ansible_shell_type: docker + ansible_python_interpreter: docker exec -i bgp python + +- name: Copy vtysh helper script + become: true + copy: src=bin/vtysh + dest=/usr/bin/vtysh + owner=root + group=root + mode=0755 diff --git a/ansible/roles/sonicv2/tasks/sonic-brcm.yml b/ansible/roles/sonicv2/tasks/sonic-brcm.yml new file mode 100644 index 0000000000..f1a1baf59f --- /dev/null +++ b/ansible/roles/sonicv2/tasks/sonic-brcm.yml @@ -0,0 +1,55 @@ +# SONiC + +# FIXME: de-dup with sonic-common/tasks/main.yml? +# Setup Platform +#- include: platform.yml + +# Remove v1 docker containers +- name: Remove sswsyncd docker container + docker: + name: docker-sswsyncd + image: "{{docker_registry_host}}/{{image_id_sswsyncd}}" + state: absent + +# Ensure newer version of BCM OpenNSL +- name: Remove old version of BCM OpenNSL Linux Module + become: yes + apt: pkg={{ opennsl.name }}={{ opennsl.version }} + state=absent + force=yes + +- name: Install new version of BCM OpenNSL Linux Module + become: yes + apt: pkg={{ opennslv2.name }}={{ opennslv2.version }} + state=present + default_release=trusty + force=yes + +# Install docker containers +- name: Start syncd docker container + include: ../../sonic-common/tasks/sonicdocker.yml + vars: + docker_container: syncd + docker_image: "{{ image_id_syncd }}" + docker_privileged: yes + docker_state: reloaded + docker_volumes: "{{ syncd_docker_volumes }}" + tags: syncd + +- name: Copy bcmcmd helper script + become: true + copy: src=bin/bcmcmd.v2 + dest=/usr/bin/bcmcmd + owner=root + group=root + mode=0755 + +- name: Start orchagent docker container + include: ../../sonic-common/tasks/sonicdocker.yml + vars: + docker_container: orchagent + docker_image: "{{ image_id_orchagent }}" + docker_privileged: yes + docker_state: reloaded + docker_volumes: "{{ orchagent_docker_volumes }}" + tags: orchagent diff --git a/ansible/roles/sonicv2/tasks/sonic-mlnx.yml b/ansible/roles/sonicv2/tasks/sonic-mlnx.yml new file mode 100644 index 0000000000..a5f503d2dc --- /dev/null +++ b/ansible/roles/sonicv2/tasks/sonic-mlnx.yml @@ -0,0 +1,51 @@ +# SONiC + +# Setup Platform +- include: platform-mlnx.yml + +# Remove v1 docker containers +- name: Remove sswsyncd docker container + docker: + name: docker-sswsyncd + image: "{{docker_registry_host}}/{{image_id_sswsyncd}}" + state: absent + +- name: Ensure MLNX Linux Module is installed + become: true + apt: pkg=sx-kernel={{ version_sx_kernel }} + state=present + default_release=trusty + force=yes + +# Install docker containers +- name: Start syncd docker container + include: ../../sonic-common/tasks/sonicdocker.yml + vars: + docker_container: syncd + docker_image: "{{ image_id_syncd_mlnx }}" + docker_privileged: yes + docker_state: reloaded + docker_volumes: "{{ syncd_docker_volumes }}" + when: host_saithrift is not defined + tags: syncd + +- name: Start syncd docker container with rpc + include: ../../sonic-common/tasks/sonicdocker.yml + vars: + docker_container: syncd + docker_image: "{{ image_id_syncd_mlnx_rpc }}" + docker_privileged: yes + docker_state: reloaded + docker_volumes: "{{ syncd_docker_volumes }}" + when: host_saithrift is defined + tags: syncd + +- name: Start orchagent docker container + include: ../../sonic-common/tasks/sonicdocker.yml + vars: + docker_container: orchagent + docker_image: "{{ image_id_orchagent_mlnx }}" + docker_privileged: yes + docker_state: reloaded + docker_volumes: "{{ orchagent_docker_volumes }}" + tags: orchagent diff --git a/ansible/roles/sonicv2/tasks/sonicdocker.yml b/ansible/roles/sonicv2/tasks/sonicdocker.yml new file mode 100644 index 0000000000..d7299318b7 --- /dev/null +++ b/ansible/roles/sonicv2/tasks/sonicdocker.yml @@ -0,0 +1,179 @@ +## +## Encapsulate docker module with private docker registry, manage the container service +## by systemd on host, so it has full featured depdency control and restart policy +## +## The encapsulated module - sonicdocker +## docker_state: emulate the behavior of docker module +## ref: http://docs.ansible.com/ansible/docker_module.html +## +## +-----------+------+--------------+----------+---------------------+----------------+-------------+ +## | sonicdocker | pull | stop service | docker | post service | enable service | clean image | +## +-----------+------+--------------+----------+---------------------+----------------+-------------+ +## | present | | | present | | y | | +## | started | | | present | started | y | | +## | reloaded | y | pulled? | reloaded | restarted if pulled | y | if pulled | +## | restarted | | | present | restarted | y | | +## | stopped | | y | stopped | | n | | +## | killed | | y | killed | | n | | +## | absent | | y | absent | | n | y | +## +-------------+------+--------------+----------+---------------------+----------------+-------------+ +## + +## Set default values for the module variables, emulating local variable definition +## Note: must be consistent with tail part +- name: "{{docker_container}} - Set docker variable - docker_net" + set_fact: + docker_net: host + when: docker_net is undefined +- name: "{{docker_container}} - Set docker variable - docker_state" + set_fact: + docker_state: reloaded + when: docker_state is undefined +- name: "{{docker_container}} - Set docker variable - docker_volumes" + set_fact: + docker_volumes: [] + when: docker_volumes is undefined +- name: "{{docker_container}} - Set docker variable - docker_privileged" + set_fact: + docker_privileged: no + when: docker_privileged is undefined +- name: "{{docker_container}} - Set docker variable - docker_log_driver" + set_fact: + docker_log_driver: json-file + when: docker_log_driver is undefined +- name: "{{docker_container}} - Set docker variable - docker_env" + set_fact: + docker_env: {} + when: docker_env is undefined +- name: "{{docker_container}} - Set docker variable - docker_tty" + set_fact: + docker_tty: yes + when: docker_tty is undefined +- name: "{{docker_container}} - Set docker variable - docker_log_opt" + set_fact: + docker_log_opt: {} + when: docker_log_driver != "syslog" +- name: "{{docker_container}} - Set docker variable - docker_log_opt" + set_fact: + docker_log_opt: + ## TRICK! TRICK! TRICK! + ## in ansible 2.0.0.2, reference set_fact varialbe will introduce recursive templating + ## so double escape by {{'...'}} and {%raw%}...{%endraw%} + tag: "{{'{%raw%}{{.ID}}({{.Name}}{%endraw%}'}})" + when: docker_log_driver == "syslog" + +## Local variables +- name: "{{docker_container}} - Set docker variable - sonicdocker_container_state" + set_fact: + sonicdocker_container_state: "{{docker_state}}" +- name: "{{docker_container}} - Set docker variable - sonicdocker_container_state" + set_fact: + sonicdocker_container_state: present + when: docker_state in ['present', 'started', 'restarted'] + +## Copy systemd config files for docker container +- name: "{{docker_container}} - Copy systemd config files for docker container" + become: true + template: + src="etc/systemd/system/{{docker_container}}.j2" + dest="/etc/systemd/system/{{docker_container}}.service" + owner=root + group=root + mode=0644 + register: configfile_result + when: "docker_state not in ['absent']" + +- name: "{{docker_container}} - Reload systemd" + command: systemctl daemon-reload + when: configfile_result.changed + +- block: + ## Clean up images before pulling + - name: "{{docker_container}} - Clean up images before pulling" + include: ../../sonic-common/tasks/sonicdocker_clean.yml + + ## Pull docker image from registry + - name: "{{docker_container}} - Pull docker image from registry" + shell: docker login -u {{docker_registry_username}} -p {{docker_registry_password}} -e "@" {{docker_registry_host}}; docker pull {{docker_registry_host}}/{{docker_image}} + register: pull_result + changed_when: "'Status: Downloaded newer image' in pull_result.stdout" + when: docker_state == 'reloaded' + +## Stop container service after pulled +- name: "{{docker_container}} - Stop container service after pulled" + become: true + service: name="{{docker_container}}" + state=stopped + when: "(docker_state == 'reloaded' and 'Status: Downloaded newer image' in pull_result.stdout) \ + or docker_state in ['stopped', 'killed']" + +## Clean up systemd config files for docker container +- name: "{{docker_container}} - Delete systemd config file for docker container" + become: true + file: + path="/etc/systemd/system/{{docker_container}}.service" + state=absent + when: "docker_state in ['absent']" + register: configfile_remove + +- name: "{{docker_container}} - Reload systemd" + command: systemctl daemon-reload + when: configfile_remove.changed + + +- name: "{{docker_container}} - Control docker container" + docker: + name: "{{docker_container}}" + image: "{{docker_registry_host}}/{{docker_image}}" + state: "{{sonicdocker_container_state}}" + ## Already pulled by upper task + pull: missing + detach: yes + net: "{{docker_net}}" + tty: "{{docker_tty}}" + stdin_open: yes + registry: "https://{{docker_registry_host}}" + username: "{{docker_registry_username}}" + password: "{{docker_registry_password}}" + email: "@" + volumes: "{{docker_volumes}}" + privileged: "{{docker_privileged}}" + env: "{{docker_env}}" + log_driver: "{{docker_log_driver}}" + log_opt: "{{docker_log_opt}}" + +## Container service operation +- name: "{{docker_container}} - Post docker - start container service" + become: true + service: name="{{docker_container}}" + state=started + when: docker_state == 'started' +- name: "{{docker_container}} - Post docker - restart container service" + become: true + service: name="{{docker_container}}" + state=restarted + when: "docker_state == 'restarted' or \ + docker_state == 'reloaded' and 'Status: Downloaded newer image' in pull_result.stdout" +- name: "{{docker_container}} - Post docker - enable container service" + become: true + service: name="{{docker_container}}" + enabled={{docker_state in ['present', 'started', 'reloaded', 'restarted']}} + +## Clean up images after pulled and running +- name: "{{docker_container}} - Clean up images after pulled and running" + include: ../../sonic-common/tasks/sonicdocker_clean.yml + when: "(docker_state == 'reloaded' and 'Status: Downloaded newer image' in pull_result.stdout) or \ + docker_state == 'absent'" + +## Reset the module variables to default values to prevent global side-effect +## Note: must be consistent with header part +- name: "{{docker_container}} - Clean up sonicdocker variables" + set_fact: + docker_image: '' + docker_net: host + docker_state: reloaded + docker_volumes: [] + docker_privileged: no + docker_log_driver: json-file + docker_env: {} + docker_tty: yes diff --git a/ansible/roles/sonicv2/tasks/sonicdocker_clean.yml b/ansible/roles/sonicv2/tasks/sonicdocker_clean.yml new file mode 100644 index 0000000000..05632a38b2 --- /dev/null +++ b/ansible/roles/sonicv2/tasks/sonicdocker_clean.yml @@ -0,0 +1,5 @@ +- name: Clean up unused docker images + script: "files/docker_clean.sh" + register: rmi_result + changed_when: rmi_result.stdout != "" + failed_when: rmi_result.stderr != "" or rmi_result.rc != 0 diff --git a/ansible/roles/sonicv2/templates/etc/systemd/system/bgp.j2 b/ansible/roles/sonicv2/templates/etc/systemd/system/bgp.j2 new file mode 100644 index 0000000000..e3ae8c2ac9 --- /dev/null +++ b/ansible/roles/sonicv2/templates/etc/systemd/system/bgp.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=BGP container +Requires=database.service +After=database.service + +[Service] +User=acsadmin +ExecStart=/usr/bin/docker start -a bgp +ExecStop=/usr/bin/docker stop bgp + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/sonicv2/templates/etc/systemd/system/orchagent.j2 b/ansible/roles/sonicv2/templates/etc/systemd/system/orchagent.j2 new file mode 100644 index 0000000000..f7131aa41e --- /dev/null +++ b/ansible/roles/sonicv2/templates/etc/systemd/system/orchagent.j2 @@ -0,0 +1,14 @@ +[Unit] +Description=orchagent container +Requires=database.service +After=database.service + +[Service] +User=acsadmin +ExecStart=/usr/bin/docker start -a orchagent +ExecStop=/usr/bin/docker stop orchagent +ExecStopPost=/usr/bin/docker stop syncd +ExecStopPost=/usr/bin/docker exec database redis-cli FLUSHALL + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/sonicv2/templates/etc/systemd/system/syncd.j2 b/ansible/roles/sonicv2/templates/etc/systemd/system/syncd.j2 new file mode 100644 index 0000000000..d5c1846c72 --- /dev/null +++ b/ansible/roles/sonicv2/templates/etc/systemd/system/syncd.j2 @@ -0,0 +1,19 @@ +[Unit] +Description=syncd container +Requires=database.service +After=database.service + +[Service] +User=root +{% if minigraph_hwsku == 'ACS-MSN2700' %} +ExecStopPost=/etc/init.d/sxdkernel start +{% endif %} +ExecStart=/usr/bin/docker start -a syncd +ExecStop=/usr/bin/docker stop syncd +{% if minigraph_hwsku == 'ACS-MSN2700' %} +ExecStopPost=/etc/init.d/sxdkernel stop +{% endif %} +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/sonicv2/templates/quagga/bgpd.conf.j2 b/ansible/roles/sonicv2/templates/quagga/bgpd.conf.j2 new file mode 100644 index 0000000000..1c6131b052 --- /dev/null +++ b/ansible/roles/sonicv2/templates/quagga/bgpd.conf.j2 @@ -0,0 +1,48 @@ +! +{% block banner %} +! =========== Managed by Ansible DO NOT EDIT! ======================== +! generated by templates/quagga/bgpd.conf.j2 using minigraph_facts.py +! file: bgpd.conf +! +{% endblock banner %} +! +{% block system_init %} +hostname {{ inventory_hostname }} +password zebra +log syslog informational +log facility local4 +! enable password {# {{ en_passwd }} TODO: param needed #} +{% endblock system_init %} +! +{% block bgp_init %} +! +! bgp multiple-instance +! +router bgp {{ minigraph_bgp_asn }} + bgp log-neighbor-changes + bgp bestpath as-path multipath-relax + bgp router-id {{ minigraph_lo_interface['addr'] }} +{# advertise loopback #} + network {{ minigraph_lo_interface['addr'] }}/32 +{% endblock bgp_init %} +{% block vlan_advertisement %} +{% for interface in minigraph_interfaces %} +{% if interface['name'].startswith('Vlan') %} + network {{ interface['subnet'] }} +{% endif %} +{% endfor %} +{% endblock vlan_advertisement %} +{% block bgp_sessions %} +{% for bgp_session in minigraph_bgp %} +{% if bgp_session['asn'] != 0 %} + neighbor {{ bgp_session['addr'] }} remote-as {{ bgp_session['asn'] }} + neighbor {{ bgp_session['addr'] }} description {{ bgp_session['name'] }} +{% endif %} +{% endfor %} +{% endblock bgp_sessions %} +! +maximum-paths 64 +! +route-map ISOLATE permit 10 +set as-path prepend {{ minigraph_bgp_asn }} +! diff --git a/ansible/roles/sonicv2/templates/quagga/daemons b/ansible/roles/sonicv2/templates/quagga/daemons new file mode 100644 index 0000000000..9ab9de312d --- /dev/null +++ b/ansible/roles/sonicv2/templates/quagga/daemons @@ -0,0 +1,32 @@ +# =========== Managed by Ansible DO NOT EDIT! ======================== +# This file tells the quagga package which daemons to start. +# +# Entries are in the format: =(yes|no|priority) +# 0, "no" = disabled +# 1, "yes" = highest priority +# 2 .. 10 = lower priorities +# Read /usr/share/doc/quagga/README.Debian for details. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/quagga/examples/. +# +# ATTENTION: +# +# When activation a daemon at the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "quagga", else +# the daemon will not be started by /etc/init.d/quagga. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "quaggavty" and set to ug=rw,o= though. Check /etc/pam.d/quagga, too. +# +# The watchquagga daemon is always started. Per default in monitoring-only but +# that can be changed via /etc/quagga/debian.conf. +# +zebra=yes +bgpd=yes +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +babeld=no diff --git a/ansible/roles/sonicv2/templates/quagga/isolate.j2 b/ansible/roles/sonicv2/templates/quagga/isolate.j2 new file mode 100755 index 0000000000..35ef5bbc02 --- /dev/null +++ b/ansible/roles/sonicv2/templates/quagga/isolate.j2 @@ -0,0 +1,20 @@ +#!/bin/bash +## vtysh only accepts script in stdin, so cannot be directly used in shebang +## Cut the tail of this script and feed vtysh stdin +sed -n -e '9,$p' < "$0" | vtysh "$@" +## Exit with vtysh return code +exit $? + +## vtysh script start from next line, which line number MUST eqaul in 'sed' command above + +configure terminal + router bgp {{ minigraph_bgp_asn }} +{% for bgp_session in minigraph_bgp %} + neighbor {{ bgp_session['addr'] }} route-map ISOLATE out +{% endfor %} + exit +exit + +{% for bgp_session in minigraph_bgp %} +clear ip bgp {{ bgp_session['addr'] }} soft out +{% endfor %} diff --git a/ansible/roles/sonicv2/templates/quagga/unisolate.j2 b/ansible/roles/sonicv2/templates/quagga/unisolate.j2 new file mode 100755 index 0000000000..c113a74fab --- /dev/null +++ b/ansible/roles/sonicv2/templates/quagga/unisolate.j2 @@ -0,0 +1,20 @@ +#!/bin/bash +## vtysh only accepts script in stdin, so cannot be directly used in shebang +## Cut the tail of this script and feed vtysh stdin +sed -n -e '9,$p' < "$0" | vtysh "$@" +## Exit with vtysh return code +exit $? + +## vtysh script start from next line, which line number MUST eqaul in 'sed' command above + +configure terminal + router bgp {{ minigraph_bgp_asn }} +{% for bgp_session in minigraph_bgp %} + no neighbor {{ bgp_session['addr'] }} route-map ISOLATE out +{% endfor %} + exit +exit + +{% for bgp_session in minigraph_bgp %} +clear ip bgp {{ bgp_session['addr'] }} soft out +{% endfor %} diff --git a/ansible/roles/sonicv2/templates/quagga/zebra.conf.j2 b/ansible/roles/sonicv2/templates/quagga/zebra.conf.j2 new file mode 100644 index 0000000000..50c6f408b4 --- /dev/null +++ b/ansible/roles/sonicv2/templates/quagga/zebra.conf.j2 @@ -0,0 +1,42 @@ +! +{% block banner %} +! =========== Managed by Ansible DO NOT EDIT! ======================== +! generated by templates/quagga/zebra.conf.j2 using minigraph_facts.py +! file: zebra.conf +! +{% endblock banner %} +! +{% block sys_init %} +hostname {{ inventory_hostname }} +password zebra +enable password zebra +{% endblock sys_init %} +! +{% block interfaces %} +! Enable link-detect (default disabled) +{% for interface in minigraph_interfaces %} +interface {{ interface['alias'] }} +link-detect +! +{% endfor %} +{% endblock interfaces %} +! +{% block default_route %} +! set static default route to mgmt gateway as a backup to learned default +ip route 0.0.0.0/0 {{ minigraph_mgmt_interface['gwaddr'] }} 200 +{% endblock default_route %} +! +{% block source_loopback %} +! Set ip source to loopback for bgp learned routes +route-map RM_SET_SRC permit 10 + set src {{ minigraph_lo_interface['addr'] }} +! +ip protocol bgp route-map RM_SET_SRC +{% endblock source_loopback %} +! +{% block logging %} +log syslog informational +log facility local4 +{% endblock logging %} +! + diff --git a/ansible/roles/sonicv2/templates/vlan_interfaces.j2 b/ansible/roles/sonicv2/templates/vlan_interfaces.j2 new file mode 100644 index 0000000000..14aeca3597 --- /dev/null +++ b/ansible/roles/sonicv2/templates/vlan_interfaces.j2 @@ -0,0 +1,18 @@ +# +{% block banner %} +# =========== Managed by Ansible DO NOT EDIT! ======================== +# generated by templates/interfaces.j2 using minigraph_facts.py +# file: vlan_interfaces +{% endblock %} +# +{% block vlan_interface %} +# The switch VLAN interfaces +{% for interface in minigraph_vlan_interfaces %} +auto {{ interface['name'] }} +iface {{ interface['name'] }} inet static + bridge_ports {{ interface['members'] }} + address {{ interface['addr'] }} + netmask {{ interface['mask'] }} +{% endfor %} +{% endblock vlan_interface %} +#