Merge pull request #1580 from stdweird/cumulus_init

metaconfig: cumulus: basic initialisation script and bgp frr support
quattor · Oct 4, 2023 · 197939f · 197939f
2 parents ca060d2 + 008e1a8
commit 197939f
Show file tree

Hide file tree

Showing 9 changed files with 202 additions and 1 deletion.
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/bgp.tt b/ncm-metaconfig/src/main/metaconfig/cumulus/bgp.tt
@@ -0,0 +1,13 @@
+router bgp [% bgp.asn %] [% vrf %]
+[%  FILTER indent(' ') -%]
+bgp router-id [% bgp.routerid %]
+neighbor [% bgp.external %] remote-as external
+!
+address-family ipv4 unicast
+[%      FILTER indent(' ') -%]
+[%          FOREACH network IN bgp.ipv4 -%]
+network [% network %]
+[%          END -%]
+[%      END -%]
+exit-address-family
+[% END -%]
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/frr.tt b/ncm-metaconfig/src/main/metaconfig/cumulus/frr.tt
@@ -7,3 +7,8 @@ ip route [%     route.network %]/[% route.mask %] [% route.nexthop %]
 [%          END -%]
 [%      END -%]
 [%- END %]
+[% FOREACH vrfbgp IN CCM.contents.bgp -%]
+[%-     FOREACH bgp IN vrfbgp.value -%]
+[%-         INCLUDE 'metaconfig/cumulus/bgp.tt'  vrf=vrfbgp.key bgp=bgp %]
+[%      END -%]
+[%- END %]
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/initialise_sh.tt b/ncm-metaconfig/src/main/metaconfig/cumulus/initialise_sh.tt
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -x
+
+[% fqdn = CCM.contents.hostname _ "." _ CCM.contents.domainname -%]
+
+hostnamectl set-hostname [% fqdn %]
+sed -i '/[% CCM.contents.ip %]/d;/[% fqdn %]/d' /etc/hosts
+echo "[% CCM.contents.ip %] [% fqdn %] [% CCM.contents.hostname %]" >> /etc/hosts
+
+timedatectl set-timezone '[% CCM.contents.timezone %]'
+dpkg-reconfigure --frontend noninteractive tzdata
+
+apt-get -o "Dpkg::Options::=--force-confold" update -y --force-yes
+apt-get -o "Dpkg::Options::=--force-confold" dist-upgrade -y --force-yes
+
+[% IF CCM.contents.defined('root_keys') %]
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+
+rm -f /root/.ssh/authorized_keys
+cat > /root/.ssh/authorized_keys <<EOF
+[% CCM.contents.root_keys.join("\n") %]
+EOF
+chmod 600 /root/.ssh/authorized_keys
+chown root.root /root/.ssh
+chown root.root /root/.ssh/authorized_keys
+[% END %]
+
+[% IF CCM.contents.defined('cumulus_keys') %]
+mkdir -p /home/cumulus/.ssh
+chmod 700 /home/cumulus/.ssh
+
+rm -f /home/cumulus/.ssh/authorized_keys
+cat > /home/cumulus/.ssh/authorized_keys <<EOF
+[% CCM.contents.cumulus_keys.join("\n") %]
+EOF
+chmod 600 /home/cumulus/.ssh/authorized_keys
+chown cumulus.cumulus /home/cumulus/.ssh
+chown cumulus.cumulus /home/cumulus/.ssh/authorized_keys
+[% END %]
+
+
+echo "If all went fine, please reboot"
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/pan/initialise.pan b/ncm-metaconfig/src/main/metaconfig/cumulus/pan/initialise.pan
@@ -0,0 +1,8 @@
+unique template metaconfig/cumulus/initialise;
+
+include 'metaconfig/cumulus/schema';
+
+bind "/software/components/metaconfig/services/{/home/cumulus/initialise.sh}/contents" = cumulus_initialise;
+
+prefix "/software/components/metaconfig/services/{/home/cumulus/initialise.sh}";
+"module" = "cumulus/initialise_sh";
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/pan/schema.pan b/ncm-metaconfig/src/main/metaconfig/cumulus/pan/schema.pan
@@ -227,10 +227,23 @@ type cumulus_frr_route = {
     'nexthop' : string with is_ipv4(SELF) || SELF == 'null0'
 };
 
+type cumulus_bgp_router = {
+    @{AS number}
+    'asn' : long(1..65535)
+    @{router ID}
+    'routerid' : type_ipv4
+    @{external neighbor}
+    'external' : type_ipv4
+    @{ipv4 networks}
+    'ipv4' : type_ipv4_netmask_pair[]
+};
+
 @{Simple/minimal FRRouting config file, useful for static routing in VRF setup}
 type cumulus_frr = {
     @{Routes per VRF (key is VRF name)}
-    'vrf' : cumulus_frr_route[]{}
+    'vrf' ? cumulus_frr_route[]{}
+    @{List of bgp routers per VRF (VRF is the key)}
+    'bgp' ? cumulus_bgp_router[]{}
 };
 
 type cumulus_acl_rule_tcp_flag = choice('SYN', 'ACK', 'FIN', 'RST', 'URG', 'PSH', 'ALL', 'NONE');
@@ -287,3 +300,13 @@ type cumulus_acl_rule = {
 type cumulus_acl = {
     'iptables' ? cumulus_acl_rule[]
 };
+
+@{Some metadata for the initialisation script}
+type cumulus_initialise = {
+    'domainname' : type_fqdn
+    'hostname' : type_shorthostname
+    'ip' : type_ipv4
+    'timezone' : string
+    'root_keys' ? string[]
+    'cumulus_keys' ? string[]
+};
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/tests/profiles/frr.pan b/ncm-metaconfig/src/main/metaconfig/cumulus/tests/profiles/frr.pan
@@ -18,3 +18,23 @@ prefix "/software/components/metaconfig/services/{/etc/frr/frr.conf}/contents/vr
     "mask", 20,
     "nexthop", "12.13.14.15",
     );
+
+prefix "/software/components/metaconfig/services/{/etc/frr/frr.conf}/contents/bgp";
+"vrf1/0" = dict(
+    "asn", 12345,
+    "routerid", "1.2.3.4",
+    "external", "4.5.6.7",
+    "ipv4", list("10.1.0.0/24", "172.20.0.0/16"),
+    );
+"vrf1/1" = dict(
+    "asn", 12346,
+    "routerid", "1.2.3.5",
+    "external", "4.5.6.8",
+    "ipv4", list("10.2.0.0/24", "172.21.0.0/16"),
+    );
+"vrf2/0" = dict(
+    "asn", 12346,
+    "routerid", "1.2.3.6",
+    "external", "4.5.6.8",
+    "ipv4", list("10.3.0.0/24", "172.22.0.0/16"),
+    );
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/tests/profiles/initialise.pan b/ncm-metaconfig/src/main/metaconfig/cumulus/tests/profiles/initialise.pan
@@ -0,0 +1,11 @@
+object template initialise;
+
+include 'metaconfig/cumulus/initialise';
+
+prefix "/software/components/metaconfig/services/{/home/cumulus/initialise.sh}/contents";
+"domainname" = "bb.cc.dd";
+"hostname" = "aa";
+"ip" = "1.2.3.4";
+"timezone" = "Europe/Brussels";
+"root_keys" = list("root key 1", "root key 2");
+"cumulus_keys" = list("cumulus key 1", "cumulus key 2");
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/tests/regexps/frr/base b/ncm-metaconfig/src/main/metaconfig/cumulus/tests/regexps/frr/base
@@ -10,3 +10,30 @@ vrf vrf1
     ip route 1.2.3.4/24 11.12.13.14
     ip route 0.0.0.0/0 null0
 
+router bgp 12345 vrf1
+ bgp router-id 1.2.3.4
+ neighbor 4.5.6.7 remote-as external
+ !
+ address-family ipv4 unicast
+  network 10.1.0.0/24
+  network 172.20.0.0/16
+ exit-address-family
+
+router bgp 12346 vrf1
+ bgp router-id 1.2.3.5
+ neighbor 4.5.6.8 remote-as external
+ !
+ address-family ipv4 unicast
+  network 10.2.0.0/24
+  network 172.21.0.0/16
+ exit-address-family
+
+router bgp 12346 vrf2
+ bgp router-id 1.2.3.6
+ neighbor 4.5.6.8 remote-as external
+ !
+ address-family ipv4 unicast
+  network 10.3.0.0/24
+  network 172.22.0.0/16
+ exit-address-family
+
diff --git a/ncm-metaconfig/src/main/metaconfig/cumulus/tests/regexps/initialise/base b/ncm-metaconfig/src/main/metaconfig/cumulus/tests/regexps/initialise/base
@@ -0,0 +1,50 @@
+Cumulus initialisation script
+---
+/home/cumulus/initialise.sh
+quote
+---
+#!/bin/bash
+
+set -x
+
+
+hostnamectl set-hostname aa.bb.cc.dd
+sed -i '/1.2.3.4/d;/aa.bb.cc.dd/d' /etc/hosts
+echo "1.2.3.4 aa.bb.cc.dd aa" >> /etc/hosts
+
+timedatectl set-timezone 'Europe/Brussels'
+dpkg-reconfigure --frontend noninteractive tzdata
+
+apt-get -o "Dpkg::Options::=--force-confold" update -y --force-yes
+apt-get -o "Dpkg::Options::=--force-confold" dist-upgrade -y --force-yes
+
+
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+
+rm -f /root/.ssh/authorized_keys
+cat > /root/.ssh/authorized_keys <<EOF
+root key 1
+root key 2
+EOF
+chmod 600 /root/.ssh/authorized_keys
+chown root.root /root/.ssh
+chown root.root /root/.ssh/authorized_keys
+
+
+
+mkdir -p /home/cumulus/.ssh
+chmod 700 /home/cumulus/.ssh
+
+rm -f /home/cumulus/.ssh/authorized_keys
+cat > /home/cumulus/.ssh/authorized_keys <<EOF
+cumulus key 1
+cumulus key 2
+EOF
+chmod 600 /home/cumulus/.ssh/authorized_keys
+chown cumulus.cumulus /home/cumulus/.ssh
+chown cumulus.cumulus /home/cumulus/.ssh/authorized_keys
+
+
+
+echo "If all went fine, please reboot"