From 2650acd46893b64d94968e2d11bebc10ca646682 Mon Sep 17 00:00:00 2001 From: iljarotar Date: Mon, 14 Oct 2024 16:38:58 +0200 Subject: [PATCH 01/11] add config db to ztp --- partition/roles/ztp/config_db.json | 7 +++++++ partition/roles/ztp/tasks/main.yaml | 12 ++++++++++++ partition/roles/ztp/ztp.json.j2 | 15 +++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 partition/roles/ztp/config_db.json create mode 100644 partition/roles/ztp/ztp.json.j2 diff --git a/partition/roles/ztp/config_db.json b/partition/roles/ztp/config_db.json new file mode 100644 index 00000000..0d7ecddd --- /dev/null +++ b/partition/roles/ztp/config_db.json @@ -0,0 +1,7 @@ +{ + "DEVICE_METADATA": { + "localhost": { + "docker_routing_config_mode": "split" + } + } +} \ No newline at end of file diff --git a/partition/roles/ztp/tasks/main.yaml b/partition/roles/ztp/tasks/main.yaml index 780c2956..9bc65c70 100644 --- a/partition/roles/ztp/tasks/main.yaml +++ b/partition/roles/ztp/tasks/main.yaml @@ -23,6 +23,18 @@ dest: "{{ ztp_host_dir_path }}/config/ztp.sh" mode: 0644 +- name: render config_db.json + template: + src: "config_db.json.j2" + dest: "{{ ztp_host_dir_path }}/config/config_db.json" + mode: 0644 + +- name: render ztp.json + template: + src: "ztp.json.j2" + dest: "{{ ztp_host_dir_path }}/config/ztp.json" + mode: 0644 + - name: copy additional contents copy: dest: "{{ ztp_host_dir_path }}/config/{{ item.name }}" diff --git a/partition/roles/ztp/ztp.json.j2 b/partition/roles/ztp/ztp.json.j2 new file mode 100644 index 00000000..cb048b22 --- /dev/null +++ b/partition/roles/ztp/ztp.json.j2 @@ -0,0 +1,15 @@ +{ + "ztp": { + "02-user": { + "plugin": { + "url": "http://{{ ztp_host_dir_path }}/ztp.sh" + } + }, + "03-configdb-json": { + "url": { + "source": "http://{{ ztp_host_dir_path }}/config_db.json" + }, + "clear-config": false + } + } +} From 64dec5500748403e1b309f46a420736e82697c12 Mon Sep 17 00:00:00 2001 From: iljarotar Date: Tue, 15 Oct 2024 09:08:05 +0200 Subject: [PATCH 02/11] move templates into templates dir --- partition/roles/ztp/{ => templates}/config_db.json | 0 partition/roles/ztp/{ => templates}/ztp.json.j2 | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename partition/roles/ztp/{ => templates}/config_db.json (100%) rename partition/roles/ztp/{ => templates}/ztp.json.j2 (100%) diff --git a/partition/roles/ztp/config_db.json b/partition/roles/ztp/templates/config_db.json similarity index 100% rename from partition/roles/ztp/config_db.json rename to partition/roles/ztp/templates/config_db.json diff --git a/partition/roles/ztp/ztp.json.j2 b/partition/roles/ztp/templates/ztp.json.j2 similarity index 100% rename from partition/roles/ztp/ztp.json.j2 rename to partition/roles/ztp/templates/ztp.json.j2 From 74d28eec31389a8342715d319b5fb0ce310ed0a5 Mon Sep 17 00:00:00 2001 From: iljarotar Date: Tue, 15 Oct 2024 09:14:21 +0200 Subject: [PATCH 03/11] configdb was not a template --- partition/roles/ztp/{templates => files}/config_db.json | 0 partition/roles/ztp/tasks/main.yaml | 6 +++--- 2 files changed, 3 insertions(+), 3 deletions(-) rename partition/roles/ztp/{templates => files}/config_db.json (100%) diff --git a/partition/roles/ztp/templates/config_db.json b/partition/roles/ztp/files/config_db.json similarity index 100% rename from partition/roles/ztp/templates/config_db.json rename to partition/roles/ztp/files/config_db.json diff --git a/partition/roles/ztp/tasks/main.yaml b/partition/roles/ztp/tasks/main.yaml index 9bc65c70..ed7f1d15 100644 --- a/partition/roles/ztp/tasks/main.yaml +++ b/partition/roles/ztp/tasks/main.yaml @@ -23,9 +23,9 @@ dest: "{{ ztp_host_dir_path }}/config/ztp.sh" mode: 0644 -- name: render config_db.json - template: - src: "config_db.json.j2" +- name: copy config_db.json + copy: + src: "config_db.json" dest: "{{ ztp_host_dir_path }}/config/config_db.json" mode: 0644 From 035213278416046014d8d2b3380bc1067b533aa7 Mon Sep 17 00:00:00 2001 From: iljarotar Date: Tue, 15 Oct 2024 13:16:49 +0200 Subject: [PATCH 04/11] use correct address for ztp --- partition/roles/ztp/README.md | 1 + partition/roles/ztp/defaults/main/main.yaml | 1 + partition/roles/ztp/templates/ztp.json.j2 | 4 ++-- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/partition/roles/ztp/README.md b/partition/roles/ztp/README.md index 2de4b68a..fe7e548d 100644 --- a/partition/roles/ztp/README.md +++ b/partition/roles/ztp/README.md @@ -9,6 +9,7 @@ Configures a server for providing zero-touch-provisioning scripts for switches. | ztp_nginx_image_name | yes | the docker image to use to serve ztp scripts. | | ztp_nginx_image_tag | yes | the tag of the docker image to use to serve ztp scripts. | | ztp_host_dir_path | | the path to serve ztp scripts from. | +| ztp_listen_address | | the address used to serve ztp requests | | ztp_port | | the port to serve ztp scripts on. | | ztp_authorized_keys | yes | the authorized keys that should be installed by ztp. | | ztp_admin_user | | the user for which the authorized keys will be provisioned. | diff --git a/partition/roles/ztp/defaults/main/main.yaml b/partition/roles/ztp/defaults/main/main.yaml index 8cff09c2..01dfafc3 100644 --- a/partition/roles/ztp/defaults/main/main.yaml +++ b/partition/roles/ztp/defaults/main/main.yaml @@ -4,6 +4,7 @@ ztp_host_dir_path: /ztp ztp_authorized_keys: ztp_admin_user: admin +ztp_listen_address: "{{ ansible_host }}" ztp_port: 8080 ztp_additional_files: [] diff --git a/partition/roles/ztp/templates/ztp.json.j2 b/partition/roles/ztp/templates/ztp.json.j2 index cb048b22..ac2c7b86 100644 --- a/partition/roles/ztp/templates/ztp.json.j2 +++ b/partition/roles/ztp/templates/ztp.json.j2 @@ -2,12 +2,12 @@ "ztp": { "02-user": { "plugin": { - "url": "http://{{ ztp_host_dir_path }}/ztp.sh" + "url": "http://{{ ztp_listen_address }}:{{ ztp_port }}/ztp.sh" } }, "03-configdb-json": { "url": { - "source": "http://{{ ztp_host_dir_path }}/config_db.json" + "source": "http://{{ ztp_listen_address }}:{{ ztp_port }}/config_db.json" }, "clear-config": false } From e562fc2254cef67eca883b5b6efd24be626bdfa4 Mon Sep 17 00:00:00 2001 From: iljarotar Date: Tue, 15 Oct 2024 15:34:22 +0200 Subject: [PATCH 05/11] change back ztp urls --- partition/roles/ztp/templates/ztp.json.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/partition/roles/ztp/templates/ztp.json.j2 b/partition/roles/ztp/templates/ztp.json.j2 index ac2c7b86..325e7bf4 100644 --- a/partition/roles/ztp/templates/ztp.json.j2 +++ b/partition/roles/ztp/templates/ztp.json.j2 @@ -2,12 +2,12 @@ "ztp": { "02-user": { "plugin": { - "url": "http://{{ ztp_listen_address }}:{{ ztp_port }}/ztp.sh" + "url": "http://{{ ansible_host }}:{{ ztp_port }}/ztp.sh" } }, "03-configdb-json": { "url": { - "source": "http://{{ ztp_listen_address }}:{{ ztp_port }}/config_db.json" + "source": "http://{{ ansible_host }}:{{ ztp_port }}/config_db.json" }, "clear-config": false } From fda53ef84704c9a81a04b3633b199154839f8e7b Mon Sep 17 00:00:00 2001 From: iljarotar Date: Tue, 15 Oct 2024 15:55:39 +0200 Subject: [PATCH 06/11] save config --- partition/roles/ztp/templates/ztp.json.j2 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/partition/roles/ztp/templates/ztp.json.j2 b/partition/roles/ztp/templates/ztp.json.j2 index 325e7bf4..c219bb19 100644 --- a/partition/roles/ztp/templates/ztp.json.j2 +++ b/partition/roles/ztp/templates/ztp.json.j2 @@ -2,14 +2,15 @@ "ztp": { "02-user": { "plugin": { - "url": "http://{{ ansible_host }}:{{ ztp_port }}/ztp.sh" + "url": "http://{{ ztp_listen_address }}:{{ ztp_port }}/ztp.sh" } }, "03-configdb-json": { "url": { - "source": "http://{{ ansible_host }}:{{ ztp_port }}/config_db.json" + "source": "http://{{ ztp_listen_address }}:{{ ztp_port }}/config_db.json" }, - "clear-config": false + "clear-config": false, + "save-config": true } } } From 93d81b5906d47f6e883772fe21ac5138dcc7ae4b Mon Sep 17 00:00:00 2001 From: iljarotar Date: Tue, 15 Oct 2024 16:21:32 +0200 Subject: [PATCH 07/11] add reload bgp script --- partition/roles/ztp/files/reload.sh | 3 +++ partition/roles/ztp/tasks/main.yaml | 6 ++++++ partition/roles/ztp/templates/ztp.json.j2 | 11 ++++++++--- 3 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 partition/roles/ztp/files/reload.sh diff --git a/partition/roles/ztp/files/reload.sh b/partition/roles/ztp/files/reload.sh new file mode 100644 index 00000000..4712145e --- /dev/null +++ b/partition/roles/ztp/files/reload.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sudo systemctl restart bgp diff --git a/partition/roles/ztp/tasks/main.yaml b/partition/roles/ztp/tasks/main.yaml index ed7f1d15..1f17f311 100644 --- a/partition/roles/ztp/tasks/main.yaml +++ b/partition/roles/ztp/tasks/main.yaml @@ -29,6 +29,12 @@ dest: "{{ ztp_host_dir_path }}/config/config_db.json" mode: 0644 +- name: copy reload script + copy: + src: "reload.sh" + dest: "{{ ztp_host_dir_path }}/config/reload.sh" + mode: 0644 + - name: render ztp.json template: src: "ztp.json.j2" diff --git a/partition/roles/ztp/templates/ztp.json.j2 b/partition/roles/ztp/templates/ztp.json.j2 index c219bb19..9a7350ac 100644 --- a/partition/roles/ztp/templates/ztp.json.j2 +++ b/partition/roles/ztp/templates/ztp.json.j2 @@ -9,8 +9,13 @@ "url": { "source": "http://{{ ztp_listen_address }}:{{ ztp_port }}/config_db.json" }, - "clear-config": false, - "save-config": true - } + "clear-config": false + }, + "04-reload": { + "plugin": { + "url": "http://{{ ztp_listen_address }}:{{ ztp_port }}/reload.sh" + } + }, + "restart-ztp-no-config": true } } From ff438fcdcf855084bc6bb95fb6cc08d68a9332f3 Mon Sep 17 00:00:00 2001 From: iljarotar Date: Wed, 16 Oct 2024 07:58:06 +0200 Subject: [PATCH 08/11] restart zpt no config true --- partition/roles/ztp/templates/ztp.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/partition/roles/ztp/templates/ztp.json.j2 b/partition/roles/ztp/templates/ztp.json.j2 index 9a7350ac..29da1d14 100644 --- a/partition/roles/ztp/templates/ztp.json.j2 +++ b/partition/roles/ztp/templates/ztp.json.j2 @@ -16,6 +16,6 @@ "url": "http://{{ ztp_listen_address }}:{{ ztp_port }}/reload.sh" } }, - "restart-ztp-no-config": true + "restart-ztp-no-config": false } } From c68829e0892a69dde97709ac97300ee7f1a792c3 Mon Sep 17 00:00:00 2001 From: iljarotar Date: Wed, 16 Oct 2024 15:33:30 +0200 Subject: [PATCH 09/11] document ztp.json --- partition/roles/ztp/README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/partition/roles/ztp/README.md b/partition/roles/ztp/README.md index fe7e548d..f49ae6f1 100644 --- a/partition/roles/ztp/README.md +++ b/partition/roles/ztp/README.md @@ -14,3 +14,23 @@ Configures a server for providing zero-touch-provisioning scripts for switches. | ztp_authorized_keys | yes | the authorized keys that should be installed by ztp. | | ztp_admin_user | | the user for which the authorized keys will be provisioned. | | ztp_additional_files | | puts additional files into serve directory. | + +## Provisioning SONiC Switches via ztp.json + +On SONiC switches it is possible to describe the ZTP procedure in a file called `ztp.json`. +It contains all steps that should be performed during ZTP along with some additional options. +We use `ztp.json` to trigger a restart of the BGP service after the initial switch provisioning. +To use the `ztp.json` file, add a DHCP option with code 67 to the DHCP server that serves the file. +For example, add a section like the following to `/etc/dhcp/dhcpd.conf`: + +``` +option sonic_ztp code 67 = text; + +host leaf01 { + hardware ethernet aa:aa:aa:aa:aa:aa; + fixed-address 10.1.253.154; + option sonic_ztp "http://10.1.253.13:8080/ztp.json"; +} +``` + +For more information on the `ztp.json` format refer to the [documentation](https://github.com/sonic-net/SONiC/blob/master/doc/ztp/ztp.md). From 7d8d29cf91d1e61979e50d741decd734b609b89b Mon Sep 17 00:00:00 2001 From: iljarotar Date: Mon, 21 Oct 2024 15:29:55 +0200 Subject: [PATCH 10/11] set hostname in sonic role --- partition/roles/sonic/tasks/main.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/partition/roles/sonic/tasks/main.yaml b/partition/roles/sonic/tasks/main.yaml index 1bae92e4..df5647ee 100644 --- a/partition/roles/sonic/tasks/main.yaml +++ b/partition/roles/sonic/tasks/main.yaml @@ -15,6 +15,10 @@ - sonic_nameservers is defined - metal_stack_switch_os_is_sonic +- name: set hostname + hostname: + name: "{{ inventory_hostname }}" + - name: Check mandatory variables on non-empty sonic_ports are set assert: fail_msg: "default port configuration is necessary on non-empty sonic_ports" From bae9d3ce742f5526b26d3a87b8808db629ceaf17 Mon Sep 17 00:00:00 2001 From: iljarotar Date: Mon, 21 Oct 2024 16:20:12 +0200 Subject: [PATCH 11/11] Revert "set hostname in sonic role" This reverts commit 7d8d29cf91d1e61979e50d741decd734b609b89b. --- partition/roles/sonic/tasks/main.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/partition/roles/sonic/tasks/main.yaml b/partition/roles/sonic/tasks/main.yaml index df5647ee..1bae92e4 100644 --- a/partition/roles/sonic/tasks/main.yaml +++ b/partition/roles/sonic/tasks/main.yaml @@ -15,10 +15,6 @@ - sonic_nameservers is defined - metal_stack_switch_os_is_sonic -- name: set hostname - hostname: - name: "{{ inventory_hostname }}" - - name: Check mandatory variables on non-empty sonic_ports are set assert: fail_msg: "default port configuration is necessary on non-empty sonic_ports"