feat: add frrouting module (#208)

- add frrouting module - enable ospf daemon on nomad agents - enable docker volumes Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/208
2024-12-27 23:39:03 +11:00 · 2024-12-27 23:39:03 +11:00 · 4400456519
commit 4400456519
parent d37fb5d7e1
5 changed files with 140 additions and 1 deletions
--- a/hieradata/roles/infra/nomad/agent.yaml
+++ b/hieradata/roles/infra/nomad/agent.yaml
@ -3,6 +3,7 @@
 hiera_include:
  - docker
  - docker::networks
+  - frrouting
  - profiles::nomad::node

 docker::version: latest
@ -10,7 +11,17 @@ docker::curl_ensure: false
 docker::root_dir: /data/docker
 docker::ip_forward: true
 docker::ip_masq: false
-docker::iptables: true
+docker::iptables: false
+
+frrouting::ospfd_redistribute:
+  - connected
+frrouting::ospfd_interfaces:
+  eth0:
+    area: 0.0.0.0
+  ens19:
+    passive: true
+  docker0:
+    area: 0.0.0.1

 profiles::yum::global::repos:
  ceph-reef:
@ -27,6 +38,7 @@ profiles::ceph::client::keyrings:

 profiles::packages::include:
  nomad: {}
+  cni-plugins: {}

 profiles::nomad::node::client: true

--- a/modules/frrouting/manifests/init.pp
+++ b/modules/frrouting/manifests/init.pp
@ -0,0 +1,65 @@
+class frrouting (
+  Boolean $manage_package           = true,
+  Boolean $manage_config            = true,
+  Boolean $manage_service           = true,
+  String  $package_name             = 'frr',
+  String  $service_name             = 'frr',
+  Hash    $daemons                  = {},
+  Hash    $ospfd_interfaces         = {},
+  String  $ospfd_router_id          = $facts['networking']['ip'],
+  Array[String] $ospfd_redistribute = [],
+  Array[String] $ospfd_networks     = [],
+  Boolean $ospfd_default_originate_always = false,
+) {
+
+  $daemons_defaults = {
+    'bgpd'    => false,
+    'ospfd'   => true,
+    'ospf6d'  => false,
+    'ripd'    => false,
+    'ripngd'  => false,
+    'isisd'   => false,
+    'pimd'    => false,
+    'pim6d'   => false,
+    'nhrpd'   => false,
+    'eigrpd'  => false,
+    'sharpd'  => false,
+    'pbrd'    => false,
+    'bfdd'    => false,
+    'fabricd' => false,
+    'vrrpd'   => false,
+    'pathd'   => false,
+    'staticd' => false,
+  }
+
+  $daemons_merged = merge($daemons, $daemons_defaults)
+
+  if $manage_package {
+    package { $package_name:
+      ensure => installed,
+    }
+  }
+
+  if $manage_config {
+    file { '/etc/frr/frr.conf':
+      ensure  => file,
+      content => template('frrouting/frr.conf.erb'),
+      notify  => Service[$service_name],
+    }
+
+    file { '/etc/frr/daemons':
+      ensure  => file,
+      content => template('frrouting/daemons.erb'),
+      notify  => Service[$service_name],
+    }
+  }
+
+  if $manage_service {
+    service { $service_name:
+      ensure     => running,
+      enable     => true,
+      hasstatus  => true,
+      hasrestart => true,
+    }
+  }
+}
--- a/modules/frrouting/templates/daemons.erb
+++ b/modules/frrouting/templates/daemons.erb
@ -0,0 +1,28 @@
+# THIS FILE IS MANAGED BY PUPPET
+<% @daemons_merged.each do |daemon, status| -%>
+<% if status -%>
+<%= daemon %>=yes
+<% else -%>
+<%= daemon %>=no
+<% end -%>
+<% end -%>
+
+vtysh_enable=yes
+zebra_options="  -A 127.0.0.1 -s 90000000"
+bgpd_options="   -A 127.0.0.1"
+ospfd_options="  -A 127.0.0.1"
+ospf6d_options=" -A ::1"
+ripd_options="   -A 127.0.0.1"
+ripngd_options=" -A ::1"
+isisd_options="  -A 127.0.0.1"
+pimd_options="   -A 127.0.0.1"
+pim6d_options="  -A ::1"
+nhrpd_options="  -A 127.0.0.1"
+eigrpd_options=" -A 127.0.0.1"
+sharpd_options=" -A 127.0.0.1"
+pbrd_options="   -A 127.0.0.1"
+staticd_options="-A 127.0.0.1"
+bfdd_options="   -A 127.0.0.1"
+fabricd_options="-A 127.0.0.1"
+vrrpd_options="  -A 127.0.0.1"
+pathd_options="  -A 127.0.0.1"
--- a/modules/frrouting/templates/frr.conf.erb
+++ b/modules/frrouting/templates/frr.conf.erb
@ -0,0 +1,27 @@
+# THIS FILE IS MANAGED BY PUPPET
+frr defaults traditional
+hostname <%= @hostname %>
+no ipv6 forwarding
+<% @ospfd_interfaces.each do |iface, params| -%>
+interface <%= iface %>
+<% if params['area'] -%>
+ ip ospf area <%= params['area'] %>
+<% end -%>
+<% if params['passive'] == true -%>
+ ip ospf passive
+<% end -%>
+exit
+<% end -%>
+router ospf
+ ospf router-id <%= @ospfd_router_id %>
+ log-adjacency-changes detail
+<% @ospfd_redistribute.each do |type| -%>
+ redistribute <%= type %>
+<% end -%>
+<% @ospfd_networks.each do |network| -%>
+ network <%= network %>
+<% end -%>
+<% if @ospfd_default_originate_always -%>
+ default-information originate always
+<% end -%>
+exit
--- a/site/profiles/templates/nomad/config.hcl.erb
+++ b/site/profiles/templates/nomad/config.hcl.erb
@ -22,6 +22,13 @@ server {
 client {
  enabled = true
 }
+plugin "docker" {
+  config {
+    volumes {
+      enabled = true
+    }
+  }
+}
 <% end -%>

 # Require TLS