mini-lab/deploy_partition.yaml at master · metal-stack/mini-lab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
---
- name: Configure leaves (Community SONiC)
  hosts: leaves:!dell_sonic
  any_errors_fatal: true
  gather_facts: false
  pre_tasks:
    - name: Wait for system to become reachable
      ansible.builtin.wait_for_connection:
        delay: 10
        timeout: 50
  roles:
    - name: ansible-common
      tags: always
    - name: metal-roles/partition/roles/sonic-config
      tags: sonic
    - name: sonic
      tags: sonic

- name: Configure leaves (Enterprise SONiC)
  hosts: dell_sonic
  any_errors_fatal: true
  become: true
  handlers:
    - name: reload systemd daemon
      systemd:
        daemon_reload: true
  tasks:
    - name: Check for bgpd.conf presence
      ansible.builtin.stat:
        path: /etc/sonic/frr/bgpd.conf
      register: bgpd_conf_stat

    - name: Restart bgp service when non-split docker_routing_config_mode is still active
      ansible.builtin.service:
        name: bgp
        state: restarted
      when: bgpd_conf_stat.stat.exists

    - name: Ensure root has authorized_key
      ansible.builtin.authorized_key:
        user: root
        state: present
        key: "{{ lookup('file', 'ssh/id_ed25519.pub') }}"

    - name: Install frr-reload.service
      copy:
        src: /root/.ansible/roles/metal-roles/partition/roles/sonic-config/files/frr-reload.service
        dest: /etc/systemd/system/frr-reload.service
        remote_src: false
      notify:
        - reload systemd daemon
      changed_when: true

    - name: Activate IP MASQUERADE on eth0
      ansible.builtin.iptables:
        chain: POSTROUTING
        jump: MASQUERADE
        out_interface: eth0
        table: nat

    - name: Activate IPv4 forwarding on eth0
      ansible.posix.sysctl:
        name: net.ipv4.conf.eth0.forwarding
        reload: no
        sysctl_set: yes
        value: "1"

- name: Deploy dhcp server on leaf01 (Community SONiC)
  hosts: leaf01:!dell_sonic
  pre_tasks:
    - name: Temporary workaround for EOL debian bullseye backports repository (using archive.debian.org)
      lineinfile:
        path: /etc/apt/sources.list
        search_string: deb [arch=amd64] http://deb.debian.org/debian/ bullseye-backports main contrib non-free
        line: deb [arch=amd64] http://archive.debian.org/debian/ bullseye-backports main contrib non-free
  roles:
    - name: ansible-common
      tags: always
    - name: metal-roles/partition/roles/dhcp
      tags: dhcp

# FIXME: For some reason, the first docker pull always fails on dell_sonic but succeeds on second attempt.
# Investigate the cause and remove this play
- name: Intentionally fail on first docker pull
  hosts: dell_sonic
  tasks:
    - community.docker.docker_container:
        name: hello-world
        image: library/hello-world:latest
        cleanup: true
        pull: true
      failed_when: false

- name: Deploy pixiecore on leaf01
  hosts: leaf01
  become: true
  roles:
    - name: ansible-common
      tags: always
    - name: metal-roles/partition/roles/pixiecore
      tags: pixiecore

- name: Deploy monitoring on leaf01
  hosts: leaf01
  become: true
  roles:
    - name: ansible-common
      tags: always
    - name: metal-roles/partition/roles/monitoring/prometheus
      when: monitoring_enabled
      tags: prometheus
    - name: metal-roles/partition/roles/monitoring/ipmi-exporter
      when: monitoring_enabled
      tags: ipmi-exporter

- name: Deploy monitoring on leaves
  hosts: leaves
  become: true
  roles:
    - name: ansible-common
      tags: always
    - name: metal-roles/partition/roles/promtail
      when: monitoring_enabled
      tags: promtail
    - name: metal-roles/partition/roles/monitoring/node-exporter
      when: monitoring_enabled
      tags: node-exporter
    - name: metal-roles/partition/roles/monitoring/blackbox-exporter
      when: monitoring_enabled
      tags: blackbox-exporter
    - name: metal-roles/partition/roles/monitoring/sonic-exporter
      when: monitoring_enabled
      tags: sonic-exporter

- name: Deploy metal-core
  hosts: leaves
  any_errors_fatal: true
  become: true
  pre_tasks:
    - name: Wait some time
      pause:
        seconds: 120
  roles:
    - name: ansible-common
      tags: always
    - name: metal-roles/partition/roles/metal-core
      tags: metal-core

- name: Wait for switches
  hosts: localhost
  connection: local
  gather_facts: false
  roles:
    - name: ansible-common
      tags: always
    - name: metal-roles
      tags: always
    - name: metal-ansible-modules
      tags: always
    - name: metal-roles/control-plane/roles/metal-python
      tags: metal-python
  post_tasks:
    - name: Wait for switches to register
      command: echo
      changed_when: false
      retries: 100
      delay: 3
      until:
        - lookup('metal', 'search', 'switch', api_url=metal_partition_metal_api_protocol+'://'+metal_partition_metal_api_addr+':'+metal_partition_metal_api_port|string+metal_partition_metal_api_basepath, api_hmac=metal_partition_metal_api_hmac_edit_key) | length == 2
        - lookup('metal', 'search', 'switch', api_url=metal_partition_metal_api_protocol+'://'+metal_partition_metal_api_addr+':'+metal_partition_metal_api_port|string+metal_partition_metal_api_basepath, api_hmac=metal_partition_metal_api_hmac_edit_key)[0]["last_sync"] != None
        - lookup('metal', 'search', 'switch', api_url=metal_partition_metal_api_protocol+'://'+metal_partition_metal_api_addr+':'+metal_partition_metal_api_port|string+metal_partition_metal_api_basepath, api_hmac=metal_partition_metal_api_hmac_edit_key)[1]["last_sync"] != None

- name: Wait for underlay (Community SONiC)
  hosts: leaves:!dell_sonic
  any_errors_fatal: true
  gather_facts: false
  pre_tasks:
    - name: Wait until no route entries have "queued"
      include_tasks: tasks/check_queued.yaml

- name: Configure IPv6 and LLDP ports (Enterprise SONiC)
  hosts: dell_sonic
  any_errors_fatal: true
  become: true
  tasks:
    - name: Enable IPv6 to also have LLA at VLAN interfaces
      sysctl:
        name: net.ipv6.conf.default.disable_ipv6
        value: "0"
        state: present
        sysctl_file: /etc/sysctl.conf
    - name: Configure LLDP port IDs and descriptions
      ansible.builtin.command: "{{ item }}"
      with_items:
        - lldpcli configure ports Ethernet0 lldp portidsubtype local Eth1/1
        - lldpcli configure ports Ethernet1 lldp portidsubtype local Eth1/2
        - lldpcli configure ports Ethernet2 lldp portidsubtype local Eth1/3
        - lldpcli configure ports Ethernet3 lldp portidsubtype local Eth1/4