Merge branch 'feature/nat-697-sbp' into 'develop'

FW role finishing

See merge request !200

geant/gap_ansible/playbooks/l3_core_service.yaml

+- name: Manage GEANT IP instance
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Generate an ID for this run
+      ansible.builtin.set_fact:
+        opid: "{{ lookup('community.general.random_string', length=18, special=false) }}"
+
+    - name: Print the ID
+      ansible.builtin.debug:
+        msg: "{{ opid }}"
+
+    - name: Create a folder for all compiled output
+      ansible.builtin.file:
+        path: "/var/tmp/ansible_run_{{ opid }}"
+        state: directory
+        mode: '0755'
+      delegate_to: localhost
+
+    - name: Import group_vars/all
+      ansible.builtin.include_vars:
+        dir: /opt/ansible_inventory/group_vars/all
+
+    - name: Import standard variables for "{{ subscription.product.product_type }}/{{ subscription.l3_core_service_type | replace(' ', '_') }}"
+      ansible.builtin.include_vars:
+        dir: /opt/ansible_inventory/geant_services/{{ subscription.product.product_type }}/{{ subscription.l3_core_service_type | replace(' ', '_') }}
+
+    - name: Import partner specific variables for "{{ partner_name | upper }}"
+      ansible.builtin.include_vars:
+        dir: /opt/ansible_inventory/geant_partners/{{ partner_name | upper }}
+
+
+    - name: Compile SBP-related config
+      when: object == 'sbp'
+      block:
+        - name: Include Filter role
+          ansible.builtin.include_role:
+            name: fw_filters
+          loop:
+            "{{ subscription.l3_core_service.ap_list }}"
+          loop_control:
+            loop_var: ap
+
+        - name: Include SBP role
+          ansible.builtin.include_role:
+            name: sbp
+          loop:
+            "{{ subscription.l3_core_service.ap_list }}"
+          loop_control:
+            loop_var: ap
+
+    # - name: Compile SBP config
+    #   block:
+    #     - name: Include SBP role
+    #       ansible.builtin.include_role:
+    #         name: sbp
+    #       loop:
+    #         "{{ subscription.l3_core_service.ap_list }}"
+    #       loop_control:
+    #         loop_var: ap
+    #
+    - name: Compile BGP-related config
+      when: object == "bgp"
+      block:
+        - name: Include Prefix-list role
+          ansible.builtin.include_role:
+            name: prefix_lists
+          loop:
+            "{{ subscription.l3_core_service.ap_list }}"
+          loop_control:
+            loop_var: ap
+
+        - name: Include BGP policies
+          ansible.builtin.include_role:
+            name: policy_options
+          loop:
+            "{{ subscription.l3_core_service.ap_list }}"
+          loop_control:
+            loop_var: ap
+
+        - name: Include BGP session
+          ansible.builtin.include_role:
+            name: bgp_config
+          loop:
+            "{{ subscription.l3_core_service.ap_list }}"
+          loop_control:
+            loop_var: ap
+
+    # - name: Compile BGP policies
+    #   block:
+    #     - name: Include BGP policies
+    #       ansible.builtin.include_role:
+    #         name: policy_options
+    #       loop:
+    #         "{{ subscription.l3_core_service.ap_list }}"
+    #       loop_control:
+    #         loop_var: ap
+    #
+    # - name: Compile BGP sesssions config
+    #   block:
+    #     - name: Include BGP session
+    #       ansible.builtin.include_role:
+    #         name: bgp_config
+    #       loop:
+    #         "{{ subscription.l3_core_service.ap_list }}"
+    #       loop_control:
+    #         loop_var: ap
+
+    - name: Deploy
+      # when: verb == deploy
+      block:
+        - name: Include deployment role
+          ansible.builtin.include_role:
+            name: deploy_service_config
+          loop:
+            "{{ subscription.l3_core_service.ap_list }}"
+          loop_control:
+            loop_var: ap

geant/gap_ansible/roles/bgp_config/README.md

+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

geant/gap_ansible/roles/bgp_config/defaults/main.yml

+---
+# defaults file for bgp_config

geant/gap_ansible/roles/bgp_config/handlers/main.yml

+---
+# handlers file for bgp_config

geant/gap_ansible/roles/bgp_config/meta/main.yml

+galaxy_info:
+  author: A. Kurbatov
+  description: GEANT Orchestration and Automation Team
+  company: GEANT
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: MIT
+
+  min_ansible_version: '2.10'
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags:
+    - network
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

geant/gap_ansible/roles/bgp_config/tasks/compile.yaml

+---
+- name: Set ansible host to localhost to compile template
+  ansible.builtin.set_fact:
+    ansible_host: "localhost"
+    ansible_connection: local
+
+- name: Print the template in "/var/tmp/ansible_run_{{ opid }}/{{ partner_name }}_bgp.conf"
+  # when: verb in ["deploy", "update", "terminate"]
+  ansible.builtin.template:
+    src: "bgp.j2"
+    dest: "/var/tmp/ansible_run_{{ opid }}/{{ partner_name }}_bgp.conf"
+    lstrip_blocks: true
+    trim_blocks: true
+    mode: '0755'
+  delegate_to: localhost

geant/gap_ansible/roles/bgp_config/tasks/deploy_bgp.yaml

+---
+- name: Import variables from 'all'
+  ansible.builtin.include_vars:
+    dir: /opt/ansible_inventory/group_vars/all
+
+- name: Set ansible_host to terminal server when router is offline
+  when: ap.sbp.edge_port.node.router_access_via_ts | ansible.builtin.bool
+  ansible.builtin.set_fact:
+    ansible_host: "{{ ap.sbp.edge_port.node.router_site.site_ts_address }}"
+    ansible_port: "{{ ap.sbp.edge_port.node.router_ts_port }}"
+
+- name: Load netconf connection config
+  ansible.builtin.set_fact:
+    ansible_connection: "{{ netconf_access[ap.sbp.edge_port.node.vendor].ansible_connection }}"
+    ansible_network_os: "{{ netconf_access[ap.sbp.edge_port.node.vendor].ansible_network_os }}"
+
+- name: Deploy BGP config on "{{ inventory_hostname }}" [CHECK ONLY][NOKIA]
+  when: dry_run | ansible.builtin.bool
+  geant.gap_ansible.nokia_netconf_config:
+    format: xml
+    default_operation: merge
+    content: "{{ lookup('ansible.builtin.file', '/var/tmp/ansible_run_{{ opid }}/{{ partner_name }}_bgp.conf') }}"
+    commit: true
+    validate: true
+    config_mode: private
+  diff: true
+  register: output
+  check_mode: true
+
+- name: Deploy BGP config on "{{ inventory_hostname }}" [COMMIT][NOKIA]
+  when: not (dry_run | ansible.builtin.bool)
+  geant.gap_ansible.nokia_netconf_config:
+    format: xml
+    default_operation: merge
+    content: "{{ lookup('ansible.builtin.file', '/var/tmp/ansible_run_{{ opid }}/{{ partner_name }}_bgp.conf') }}"
+    commit: true
+    commit_comment: "{{ commit_comment }}"
+    config_mode: private
+  diff: true
+  register: output
+  check_mode: false

geant/gap_ansible/roles/bgp_config/tasks/main.yml

+---
+# tasks file for bgp_config
+- name: Load Standard Policy Statements vars
+  ansible.builtin.include_tasks: merge_vars.yaml
+
+# - name: Debug bgp_session_list
+#   ansible.builtin.debug:
+#     var: bgp_obj
+#
+- name: Compile templates
+  ansible.builtin.include_tasks: compile.yaml
+
+- name: Deploy templates if standalone run
+  when: is_standalone_run | ansible.builtin.bool
+  ansible.builtin.include_tasks: deploy_bgp.yaml

geant/gap_ansible/roles/bgp_config/tasks/merge_vars.yaml

+---
+- name: Set Standard Import and export policies names
+  ansible.builtin.set_fact:
+    import_policies_v4: "{{ bgp.policies.import.v4 }}"
+    import_policies_v6: "{{ bgp.policies.import.v6 }}"
+    export_policies_v4: "{{ bgp.policies.export.v4 }}"
+    export_policies_v6: "{{ bgp.policies.export.v6 }}"

geant/gap_ansible/roles/bgp_config/templates/bgp.j2

+
+        <router xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+            <router-name>Base</router-name>
+            <bgp xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+            {% include 'bgp_neighbor.j2' %}
+            </bgp>
+
+       </router>
+

geant/gap_ansible/roles/bgp_config/templates/bgp_neighbor.j2

+                {% for neighbor in bgp_obj %}
+                <neighbor alu:operation="replace">
+                    <ip-address>{{ neighbor.peer_address }}</ip-address>
+                    <admin-state>enable</admin-state>
+                    {% if neighbor.bfd_enabled %}
+                    <bfd-liveness>true</bfd-liveness>
+                    {% endif %}
+                    <description>{{ partner_name | upper }}_{{ partner.type }}</description>
+
+                    {% if neighbor.ip_type == 'ipv4' %}
+                    <group>{{ bgp.group.ipv4 }}</group>
+                    {% elif neighbor.ip_type == 'ipv6' %}
+                    <group>{{ bgp.group.ipv6 }}</group>
+                    {% endif %}
+                    <peer-as>{{ partner.asn }}</peer-as>
+                  {% if neighbor.authentication_key is not none %}
+                    <authentication-key>{{ neighbor.authentication_key }}</authentication-key>
+                  {% endif %}
+                  {% if neighbor.hold_time is defined %}
+                    <hold-time>
+                      <seconds>{{ neighbor.hold_time }}</seconds>
+                    </hold-time>
+                  {% endif %}
+                  {% if neighbor.multipath_enabled %}
+                  <multipath-eligible>true</multipath-eligible>
+                  {% endif %}
+
+                    <family>
+                      {% for family in neighbor.families %}
+                        <{{ family }}>true</{{ family }}>
+                      {% endfor %}
+                    </family>
+                    <import>
+                      {% if neighbor.ip_type == 'ipv4' %}
+                        {% for pol in import_policies_v4 %}
+                        <policy>{{ pol }}</policy>
+                        {% endfor %}
+                      {% elif neighbor.ip_type == 'ipv6' %}
+                        {% for pol in import_policies_v6 %}
+                        <policy>{{ pol }}</policy>
+                        {% endfor %}
+                      {% endif %}
+                    </import>
+                    <export>
+                      {% if neighbor.ip_type == 'ipv4' %}
+                        {% for pol in export_policies_v4 %}
+                        <policy>{{ pol }}</policy>
+                        {% endfor %}
+                      {% elif neighbor.ip_type == 'ipv6' %}
+                        {% for pol in export_policies_v6 %}
+                        <policy>{{ pol }}</policy>
+                        {% endfor %}
+                      {% endif %}
+                    </export>
+                    {% if neighbor.is_passive %}
+                    <passive>true</passive>
+                    {% endif %}
+                </neighbor>
+                {% endfor %}
+ 

geant/gap_ansible/roles/bgp_config/vars/main.yml

+---
+# vars file for bgp_config
+is_standalone_run: false
+
+bgp_obj: "{{ ap.sbp.bgp_session_list }}"

geant/gap_ansible/roles/deploy_service_config/README.md

+Role Name
+=========
+
+The role identifies the vendor of the target walking through the subscription that it receives as an extra-var. The position in the subscription of this information dependes by the product type. 
+If nokia, then nokia netconf and nokia config modules, the same goes for Juniper. 
+First of all it should collect all the config files contained in the /var/tmp/$ops_id directory and assemble a single configuration file. 
+Then it should do a dry run and finally, when dry_run is false, a commit run .
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

geant/gap_ansible/roles/deploy_service_config/defaults/main.yml

+---
+# defaults file for deploy_service_config

geant/gap_ansible/roles/deploy_service_config/files/nokia/footer

+  </configure>
+</config>

geant/gap_ansible/roles/deploy_service_config/files/nokia/header

+<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:alu="urn:ietf:params:xml:ns:netconf:base:1.0">
+    <configure xmlns="urn:nokia.com:sros:ns:yang:sr:conf">

geant/gap_ansible/roles/deploy_service_config/handlers/main.yml

+---
+# handlers file for deploy_service_config

geant/gap_ansible/roles/deploy_service_config/meta/main.yml

+galaxy_info:
+  author: Milos Zdravkovic
+  description: GOAT
+  company: GEANT
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: MIT
+
+  min_ansible_version: '2.10'
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags:
+    - network
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

geant/gap_ansible/roles/deploy_service_config/tasks/assemble_config.yml

+---
+# Although I was working on a separate branch, I had
+# to resist the temptation of not modifying the entry
+# playbook in order to introduce the opid_dir variable
+# and avoid it's use all over the place.
+
+- name: Locally-delegated assemble block
+  delegate_to: localhost
+  block:
+  # Because ansible.builtin.assemble works with a single directory
+    - name: Create a subdirectory for the assembled output
+      ansible.builtin.file:
+        path: "/var/tmp/ansible_run_{{ opid }}/assembled/"
+        state: directory
+        mode: '0755'
+
+    # Enumeration prefix is needed to impact the order of assembly
+    - name: Copy Nokia SR OS header for assembly
+      ansible.builtin.copy:
+        src: "{{ vendor }}/header"
+        dest: "/var/tmp/ansible_run_{{ opid }}/assembled/00_header"
+        mode: '0644'
+
+    # Enumeration prefix is needed to impact the order of assembly
+    - name: Copy Nokia SR OS footer for assembly
+      ansible.builtin.copy:
+        src: "{{ vendor }}/footer"
+        dest: "/var/tmp/ansible_run_{{ opid }}/assembled/02_footer"
+        mode: '0644'
+
+    # Enumeration prefix is needed to impact the order of assembly
+    - name: Assemble body of the config
+      ansible.builtin.assemble:
+        src: "/var/tmp/ansible_run_{{ opid }}/"
+        dest: "/var/tmp/ansible_run_{{ opid }}/assembled/01-body"
+        mode: '0644'
+
+    # Use the enumeration prefixes to assemble fragments in the right order
+    - name: Merge header, body and footer to get the final config
+      ansible.builtin.assemble:
+        src: "/var/tmp/ansible_run_{{ opid }}/assembled"
+        dest: "/var/tmp/ansible_run_{{ opid }}/assembled/for_deployment"
+        mode: '0644'
+
+    - name: Clean up the fragments
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: absent
+        mode: '0755'
+      with_fileglob:
+        - "/var/tmp/ansible_run_{{ opid }}/assembled/0*"

geant/gap_ansible/roles/deploy_service_config/tasks/connection_tasks.yml

+---
+- name: Set ansible_host to terminal server when router is offline
+  ansible.builtin.set_fact:
+    ansible_host: "{{ router.router_site.site_ts_address }}"
+    ansible_port: "{{ router.router_ts_port }}"
+  when: router.router_access_via_ts | ansible.builtin.bool
+
+- name: Load netconf connection config
+  ansible.builtin.set_fact:
+    ansible_connection: "{{ netconf_access[router.vendor].ansible_connection }}"
+    ansible_network_os: "{{ netconf_access[router.vendor].ansible_network_os }}"