Support SONiC (#153)

metal-stack · Apr 18, 2024 · a204bca · a204bca
1 parent 7ee38bc
commit a204bca
Show file tree

Hide file tree

Showing 20 changed files with 595 additions and 239 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,7 @@
 clab-mini-lab
 .mini-lab.clab.yml
 .mini-lab.cumulus.yml
+.mini-lab.sonic.yml
 ansible-common
 metal-hammer*
 requirements.yaml

diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 .EXPORT_ALL_VARIABLES:
 
 # Commands
-YQ=docker run --rm -i -v $(shell pwd):/workdir mikefarah/yq:3 /bin/sh -c
+YQ=docker run --rm -i -v $(shell pwd):/workdir mikefarah/yq:4
 
 KINDCONFIG := $(or $(KINDCONFIG),control-plane/kind.yaml)
 KUBECONFIG := $(shell pwd)/.kubeconfig
@@ -19,7 +19,8 @@ MINI_LAB_VM_IMAGE := $(or $(MINI_LAB_VM_IMAGE),ghcr.io/metal-stack/mini-lab-vms:
 
 MACHINE_OS=ubuntu-22.04
 
-SONIC_REMOTE_IMG := https://sonic-build.azurewebsites.net/api/sonic/artifacts?branchName=master&platform=vs&buildId=125016&target=target%2Fsonic-vs.img.gz
+# Check: https://sonic-build.azurewebsites.net/ui/sonic/pipelines
+SONIC_REMOTE_IMG := https://sonic-build.azurewebsites.net/api/sonic/artifacts?branchName=202211&platform=vs&target=target%2Fsonic-vs.img.gz
 
 # Machine flavors
 ifeq ($(MINI_LAB_FLAVOR),default)
@@ -94,8 +95,8 @@ env:
 
 .PHONY: _ips
 _ips:
-	$(eval ipL1 = $(shell ${YQ} "yq r clab-mini-lab/ansible-inventory.yml 'all.children.cvx.hosts.leaf01.ansible_host'"))
-	$(eval ipL2 = $(shell ${YQ} "yq r clab-mini-lab/ansible-inventory.yml 'all.children.cvx.hosts.leaf02.ansible_host'"))
+	$(eval ipL1 = $(shell ${YQ} --unwrapScalar=true '.nodes.leaf01."mgmt-ipv4-address"' clab-mini-lab/topology-data.json))
+	$(eval ipL2 = $(shell ${YQ} --unwrapScalar=true '.nodes.leaf02."mgmt-ipv4-address"' clab-mini-lab/topology-data.json))
 	$(eval staticR = "100.255.254.0/24 nexthop via $(ipL1) dev docker0 nexthop via $(ipL2) dev docker0")
 
 .PHONY: route

diff --git a/deploy_partition.yaml b/deploy_partition.yaml
@@ -1,12 +1,30 @@
 ---
-- name: deploy leaves
-  hosts: leaves
+- name: Configure SONiC switches
+  hosts: leaves:&sonic
+  gather_facts: no
+  pre_tasks:
+    - name: Wait for system to become reachable
+      ansible.builtin.wait_for_connection:
+        delay: 10
+        timeout: 50
+  roles:
+    - name: ansible-common
+      tags: always
+    - name: metal-roles/partition/roles/sonic
+      tags: sonic
+    - name: sonic
+      tags: sonic
+
+- name: Configure Cumulus switches
+  hosts: leaves:&cumulus
   roles:
     - name: metal-roles/partition/roles/leaf
       tags: leaf
+    - name: internet
+      tags: internet
 
-- name: deploy docker
-  hosts: leaves
+- name: Deploy docker on Cumulus switches
+  hosts: leaves:&cumulus
   pre_tasks:
     # the following task is not required as long as we do not install something from the cumulus repositories, for which all the keys are expired now
     # the one from here has also expired on 9th Apr 2024: https://docs.nvidia.com/networking-ethernet-software/knowledge-base/Installing-and-Upgrading/Upgrading/Update-Expired-GPG-Keys/#package-upgrade-from-cumulus-linux-37x-to-3716
@@ -23,7 +41,7 @@
     - name: metal-roles/partition/roles/docker-on-cumulus
       tags: docker-on-cumulus
 
-- name: deploy dhcp server and pixiecore
+- name: Deploy dhcp server and pixiecore on leaf01
   hosts: leaf01
   vars:
     setup_yaml:
@@ -37,7 +55,7 @@
     - name: metal-roles/partition/roles/pixiecore
       tags: pixiecore
 
-- name: deploy metal-core
+- name: Deploy metal-core
   hosts: leaves
   vars:
     setup_yaml:
@@ -46,12 +64,10 @@
   roles:
     - name: ansible-common
       tags: always
-    - name: internet
-      tags: internet
     - name: metal-roles/partition/roles/metal-core
       tags: metal-core
 
-- name: wait for switches
+- name: Wait for switches
   hosts: localhost
   connection: local
   gather_facts: no

diff --git a/files/inet/daemons b/files/inet/daemons
@@ -0,0 +1,41 @@
+bgpd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+pimd=no
+pim6d=no
+ldpd=no
+nhrpd=no
+eigrpd=no
+babeld=no
+sharpd=no
+pbrd=no
+bfdd=no
+fabricd=no
+vrrpd=no
+pathd=no
+
+vtysh_enable=yes
+zebra_options="  -A 127.0.0.1 -s 90000000"
+mgmtd_options="  -A 127.0.0.1"
+bgpd_options="   -A 127.0.0.1"
+ospfd_options="  -A 127.0.0.1"
+ospf6d_options=" -A ::1"
+ripd_options="   -A 127.0.0.1"
+ripngd_options=" -A ::1"
+isisd_options="  -A 127.0.0.1"
+pimd_options="   -A 127.0.0.1"
+pim6d_options="  -A ::1"
+ldpd_options="   -A 127.0.0.1"
+nhrpd_options="  -A 127.0.0.1"
+eigrpd_options=" -A 127.0.0.1"
+babeld_options=" -A 127.0.0.1"
+sharpd_options=" -A 127.0.0.1"
+pbrd_options="   -A 127.0.0.1"
+staticd_options="-A 127.0.0.1"
+bfdd_options="   -A 127.0.0.1"
+fabricd_options="-A 127.0.0.1"
+vrrpd_options="  -A 127.0.0.1"
+pathd_options="  -A 127.0.0.1"
diff --git a/files/inet/frr.conf b/files/inet/frr.conf
@@ -0,0 +1,57 @@
+frr defaults datacenter
+hostname inet
+!
+log syslog informational
+!
+vrf vrfInternet
+ vni 104009
+ ip route 0.0.0.0/0 172.17.0.1
+exit-vrf
+!
+interface eth2
+ ipv6 nd ra-interval 6
+ no ipv6 nd suppress-ra
+!
+interface eth3
+ ipv6 nd ra-interval 6
+ no ipv6 nd suppress-ra
+!
+interface lo
+ ip address 10.0.0.21/32
+!
+router bgp 4200000021
+ bgp router-id 10.0.0.21
+ bgp bestpath as-path multipath-relax
+ neighbor FABRIC peer-group
+ neighbor FABRIC remote-as external
+ neighbor FABRIC timers 1 3
+ neighbor eth1 interface peer-group FABRIC
+ neighbor eth2 interface peer-group FABRIC
+ !
+ address-family ipv4 unicast
+  redistribute connected route-map LOOPBACKS
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  advertise-all-vni
+  neighbor FABRIC activate
+  neighbor FABRIC allowas-in 2
+ exit-address-family
+!
+router bgp 4200000021 vrf vrfInternet
+ bgp router-id 10.0.0.21
+ bgp bestpath as-path multipath-relax
+ !
+ address-family ipv4 unicast
+  redistribute static
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  advertise ipv4 unicast
+ exit-address-family
+!
+route-map LOOPBACKS permit 10
+  match interface lo
+!
+line vty
+!
diff --git a/files/inet/network.sh b/files/inet/network.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+set -o errexit -o xtrace
+
+ip link add vrfInternet type vrf table 1000
+ip link set dev vrfInternet up
+ip link set dev eth0 master vrfInternet
+
+ip link add name bridge type bridge stp_state 0
+ip link set dev bridge type bridge vlan_filtering 1
+ip link set dev bridge mtu 9000
+ip link set dev bridge up
+
+ip link add link bridge up name vlanInternet type vlan id 1000
+ip link set dev vlanInternet mtu 9000
+ip link set dev vlanInternet master vrfInternet
+bridge vlan del vid 1 dev bridge self
+bridge vlan add vid 1000 dev bridge self
+ip link set dev vlanInternet up
+
+ip link add vniInternet type vxlan id 104009 dstport 4789 local 10.0.0.21 nolearning
+ip link set dev vlanInternet mtu 9000
+ip link set dev vniInternet master bridge
+bridge vlan del vid 1 dev vniInternet
+bridge vlan del vid 1 untagged pvid dev vniInternet
+bridge vlan add vid 1000 dev vniInternet
+bridge vlan add vid 1000 untagged pvid dev vniInternet
+ip link set up dev vniInternet
+
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
diff --git a/files/inet/vtysh.conf b/files/inet/vtysh.conf
@@ -0,0 +1 @@
+service integrated-vtysh-config
diff --git a/images/sonic/Dockerfile b/images/sonic/Dockerfile
@@ -0,0 +1,20 @@
+FROM ubuntu:22.04
+
+ENV LIBGUESTFS_BACKEND=direct
+
+RUN apt-get update && \
+    apt-get --no-install-recommends install --yes \
+        linux-image-5.15.0-102-generic \
+        net-tools \
+        ovmf \
+        python3 \
+        python3-guestfs \
+        qemu-system-x86 \
+        telnet \
+        tini
+
+ENTRYPOINT ["/usr/bin/tini", "--"]
+
+COPY config_db.json mirror_tap_to_eth.sh sonic_entrypoint.py /
+
+CMD ["/usr/bin/python3", "-u", "/sonic_entrypoint.py"]
diff --git a/images/sonic/config_db.json b/images/sonic/config_db.json
@@ -0,0 +1,72 @@
+{
+  "AUTO_TECHSUPPORT": {
+    "GLOBAL": {
+      "state": "disabled"
+    }
+  },
+  "DEVICE_METADATA": {
+    "localhost": {
+      "docker_routing_config_mode": "split-unified",
+      "hostname": "{{ hostname }}",
+      "hwsku": "Force10-S6000",
+      "mac": "{{ mac }}",
+      "platform": "x86_64-kvm_x86_64-r0",
+      "type": "LeafRouter"
+    }
+  },
+  "FEATURE": {
+    "mgmt-framework": {
+      "state": "disabled"
+    },
+    "pmon": {
+      "state": "disabled"
+    },
+    "snmp": {
+      "state": "disabled"
+    },
+    "telemetry": {
+      "state": "disabled"
+    }
+  },
+  "MGMT_INTERFACE": null,
+  "MGMT_PORT": {
+    "eth0": {
+      "alias": "eth0",
+      "admin_status": "up"
+    }
+  },
+  "PORT": {
+    "Ethernet0": {
+      "lanes": "25,26,27,28",
+      "alias": "fortyGigE0/0",
+      "index": "0",
+      "speed": "40000",
+      "admin_status": "up",
+      "mtu": "9100"
+    },
+    "Ethernet4": {
+      "lanes": "29,30,31,32",
+      "alias": "fortyGigE0/4",
+      "index": "1",
+      "speed": "40000",
+      "admin_status": "up",
+      "mtu": "9100"
+    },
+    "Ethernet8": {
+      "lanes": "33,34,35,36",
+      "alias": "fortyGigE0/8",
+      "index": "2",
+      "speed": "40000",
+      "admin_status": "up",
+      "mtu": "9100"
+    },
+    "Ethernet12": {
+      "lanes": "37,38,39,40",
+      "alias": "fortyGigE0/12",
+      "index": "3",
+      "speed": "40000",
+      "admin_status": "up",
+      "mtu": "9100"
+    }
+  }
+}
diff --git a/scripts/mirror_tap_to_eth.sh → images/sonic/mirror_tap_to_eth.sh b/scripts/mirror_tap_to_eth.sh → images/sonic/mirror_tap_to_eth.sh