Merge branch 'feature/nat-904-lhcone-access' into 'develop'

Update `vrf` role See merge request !208

Merge branch 'feature/nat-904-lhcone-access' into 'develop'
a326440f · Aleksandr Kurbatov · a50c0623 · bc4fde00 · a326440f · a326440f
Commit a326440f authored 4 months ago by Aleksandr Kurbatov
--- a/geant/gap_ansible/playbooks/l3_core_service.yaml
+++ b/geant/gap_ansible/playbooks/l3_core_service.yaml
@@ -3,13 +3,16 @@
  gather_facts: false
  tasks:
    - name: Check SBP
+      # FIX: rewrite
      when: verb == 'check'
-      ansible.builtin.include_role:
-        name: service_checks
-      loop:
-        "{{ subscription.l3_core_service.ap_list }}"
-      loop_control:
-        loop_var: ap
+      ansible.builtin.meta: end_play
+
+      # ansible.builtin.include_role:
+      #   name: service_checks
+      # loop:
+      #   "{{ subscription.l3_core_service.ap_list }}"
+      # loop_control:
+      #   loop_var: ap

    # - name: Check BGP
    #   # FIX: rewrite
@@ -42,10 +45,13 @@
      ansible.builtin.include_vars:
        dir: /opt/ansible_inventory/geant_services/{{ subscription.product.product_type }}/{{ subscription.l3_core_service_type | replace(' ', '_') }}

-    - name: Import partner specific variables for "{{ partner_name | upper }}"
+    - name: Import {{ partner_name | upper }} general variables
      ansible.builtin.include_vars:
-        dir: /opt/ansible_inventory/geant_partners/{{ partner_name | upper }}
+        file: /opt/ansible_inventory/geant_partners/{{ partner_name | upper }}/general.yaml

+    - name: Import {{ partner_name | upper }} specific variables for {{ subscription.l3_core_service_type | replace(' ', '_') }}
+      ansible.builtin.include_vars:
+        dir: /opt/ansible_inventory/geant_partners/{{ partner_name | upper }}/{{ subscription.l3_core_service_type | replace(' ', '_') }}

    - name: Compile SBP-related config
      when: object == 'sbp'
@@ -66,20 +72,11 @@
          loop_control:
            loop_var: ap

-    # - name: Compile SBP config
-    #   block:
-    #     - name: Include SBP role
-    #       ansible.builtin.include_role:
-    #         name: sbp
-    #       loop:
-    #         "{{ subscription.l3_core_service.ap_list }}"
-    #       loop_control:
-    #         loop_var: ap
-    #
    - name: Compile BGP-related config
      when: object == "bgp"
      block:
        - name: Include Prefix-list role
+          when: subscription.l3_core_service_type in ["GÉANT IP", "GEANT IP", "GEANT_IP"]
          ansible.builtin.include_role:
            name: po_prefix_lists
          loop:
@@ -103,25 +100,6 @@
          loop_control:
            loop_var: ap

-    # - name: Compile BGP policies
-    #   block:
-    #     - name: Include BGP policies
-    #       ansible.builtin.include_role:
-    #         name: policy_options
-    #       loop:
-    #         "{{ subscription.l3_core_service.ap_list }}"
-    #       loop_control:
-    #         loop_var: ap
-    #
-    # - name: Compile BGP sesssions config
-    #   block:
-    #     - name: Include BGP session
-    #       ansible.builtin.include_role:
-    #         name: bgp_config
-    #       loop:
-    #         "{{ subscription.l3_core_service.ap_list }}"
-    #       loop_control:
-    #         loop_var: ap

    - name: Deploy
      # when: verb == deploy

--- a/geant/gap_ansible/playbooks/vrf_update.yaml
+++ b/geant/gap_ansible/playbooks/vrf_update.yaml
@@ -41,7 +41,3 @@
    - name: Assemble and deploy generated config
      ansible.builtin.include_role:
        name: deploy_service_config
-      loop:
-        "{{ subscription.vrf.vrf_router_list }}"
-      loop_control:
-        loop_var: router
--- a/geant/gap_ansible/roles/bgp_config/tasks/main.yml
+++ b/geant/gap_ansible/roles/bgp_config/tasks/main.yml
 ---
 # tasks file for bgp_config
+- name: Set BGP V4 session object to check for custom policies
+  ansible.builtin.set_fact:
+    bgp_session_v4: "{{ ap.sbp | json_query(query) }}"
+  vars:
+    query: "bgp_session_list[?ip_type == 'ipv4'] | [0]"
+
+- name: Set BGP V6 session object to check for custom policies
+  ansible.builtin.set_fact:
+    bgp_session_v6: "{{ ap.sbp | json_query(query) }}"
+  vars:
+    query: "bgp_session_list[?ip_type == 'ipv6'] | [0]"
+
 - name: Load Standard Policy Statements vars
  ansible.builtin.include_tasks: merge_vars.yaml


--- a/geant/gap_ansible/roles/bgp_config/tasks/merge_vars.yaml
+++ b/geant/gap_ansible/roles/bgp_config/tasks/merge_vars.yaml
 ---
- name: Set Standard Import and export policies names
+- name: Set Standard BGP import and export policy names for GEANT_IP
+  when: >
+    subscription.l3_core_service_type in ["GEANT_IP", "GEANT IP"]
  ansible.builtin.set_fact:
    import_policies_v4: "{{ bgp.policies.import.v4 }}"
    import_policies_v6: "{{ bgp.policies.import.v6 }}"
    export_policies_v4: "{{ bgp.policies.export.v4 }}"
    export_policies_v6: "{{ bgp.policies.export.v6 }}"
+
+- name: Set standard BGP import and export policy names for LHCONE
+  when: >
+    subscription.l3_core_service_type in ["LHCONE"]
+    and
+    not bgp_session_v4.has_custom_policies | ansible.builtin.bool
+    or
+    not bgp_session_v4.has_custom_policies | ansible.builtin.bool
+  ansible.builtin.set_fact:
+    import_policies_v4: "{{ bgp.policies.import.v4 }}"
+    import_policies_v6: "{{ bgp.policies.import.v6 }}"
+    export_policies_v4: "{{ bgp.policies.export.v4 }}"
+    export_policies_v6: "{{ bgp.policies.export.v6 }}"
+
+- name: Set custom BGP import and export policy names for LHCONE
+  when: >
+    subscription.l3_core_service_type in ["LHCONE"]
+    and
+    bgp_session_v4.has_custom_policies | ansible.builtin.bool
+    or
+    bgp_session_v4.has_custom_policies | ansible.builtin.bool
+  ansible.builtin.set_fact:
+    import_policies_v4: "{{ bgp_custom.policies.import.v4 }}"
+    import_policies_v6: "{{ bgp_custom.policies.import.v6 }}"
+    export_policies_v4: "{{ bgp_custom.policies.export.v4 }}"
+    export_policies_v6: "{{ bgp_custom.policies.export.v6 }}"
--- a/geant/gap_ansible/roles/bgp_config/templates/bgp.j2
+++ b/geant/gap_ansible/roles/bgp_config/templates/bgp.j2
-
+  {% if subscription.l3_core_service_type in ['GEANT_IP', 'GEANT IP'] %}
        <router xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
            <router-name>Base</router-name>
            <bgp xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
            {% include 'bgp_neighbor.j2' %}
            </bgp>
-
       </router>
-
+  {% elif subscription.l3_core_service_type in ['LHCONE'] %}
+        <service xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+            <vprn xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+            <service-name>{{ vprn_name }}</service-name>
+                <bgp xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+                {% include 'bgp_neighbor.j2' %}
+                </bgp>
+            </vprn>
+        </service>
+  {% endif %}
--- a/geant/gap_ansible/roles/deploy_service_config/tasks/main.yml
+++ b/geant/gap_ansible/roles/deploy_service_config/tasks/main.yml
@@ -9,7 +9,20 @@
  when: subscription.product.product_type == 'L3CoreService'
  ansible.builtin.set_fact:
    router: "{{ ap.sbp.edge_port.node }}"
-    vendor: "{{ router.vendor }}"
+    vendor: "{{ ap.sbp.edge_port.node.vendor }}"
+
+- name: Extract current inventory router from "vrf_router_list"
+  when: subscription.product.product_type == 'VRF'
+  ansible.builtin.set_fact:
+    current_router: "{{ vrf_router_list | community.general.json_query(query) }}"
+  vars:
+    query: "[?router.router_fqdn == '{{ inventory_hostname }}'] | [0]"
+
+- name: Set router and vendor for the use with VRF update
+  when: subscription.product.product_type == 'VRF'
+  ansible.builtin.set_fact:
+    router: "{{ current_router.router }}"
+    vendor: "{{ current_router.router.vendor }}"

 - name: Assemble the config from fragments in previous roles
  ansible.builtin.include_tasks: assemble_config.yml

--- a/geant/gap_ansible/roles/deploy_service_config/vars/main.yml
+++ b/geant/gap_ansible/roles/deploy_service_config/vars/main.yml
@@ -2,6 +2,6 @@
 # vars file for deploy_service_config
 dry_run: true
 is_verification_workflow: false
-
-router: "{{ ap.sbp.edge_port.node }}"
-vendor: "{{ router.vendor }}"
+#
+# router: "{{ ap.sbp.edge_port.node }}"
+# vendor: "{{ router.vendor }}"
--- a/geant/gap_ansible/roles/fw_filters/tasks/merge_variables.yaml
+++ b/geant/gap_ansible/roles/fw_filters/tasks/merge_variables.yaml
@@ -4,7 +4,7 @@
  when: >-
    subscription.product.product_type == "L3CoreService"
    and
-    subscription.l3_core_service_type == "GÉANT IP"
+    subscription.l3_core_service_type in ["GÉANT IP", "GEANT IP", "GEANT_IP"]
    and
    ap.sbp.custom_firewall_filters | ansible.builtin.bool
  block:
@@ -21,7 +21,7 @@
  when: >-
    subscription.product.product_type == "L3CoreService"
    and
-    subscription.l3_core_service_type == "GÉANT IP"
+    subscription.l3_core_service_type in ["GÉANT IP", "GEANT IP", "GEANT_IP", "LHCONE"]
    and
    not ap.sbp.custom_firewall_filters | ansible.builtin.bool
  block:

--- a/geant/gap_ansible/roles/policy_options/tasks/main.yml
+++ b/geant/gap_ansible/roles/policy_options/tasks/main.yml
 ---
 # tasks file for policy_options
+- name: Set BGP V4 session object to check for custom policies
+  when: >
+    subscription.product.product_type == "L3CoreService"
+  ansible.builtin.set_fact:
+    bgp_session_v4: "{{ ap.sbp | json_query(query) }}"
+  vars:
+    query: "bgp_session_list[?ip_type == 'ipv4'] | [0]"
+
+- name: Set BGP V6 session object to check for custom policies
+  when: >
+    subscription.product.product_type == "L3CoreService"
+  ansible.builtin.set_fact:
+    bgp_session_v6: "{{ ap.sbp | json_query(query) }}"
+  vars:
+    query: "bgp_session_list[?ip_type == 'ipv6'] | [0]"
+
 - name: Load Standard Policy Statements vars
  when: >
    subscription.product.product_type == "L3CoreService"
@@ -7,10 +23,21 @@
    subscription.l3_core_service_type in ["GÉANT IP", "GEANT IP", "GEANT_IP"]
  ansible.builtin.include_tasks: merge_geant_ip_vars.yaml

+- name: Load NREN custom VRF policies
+  when: >
+    subscription.product.product_type == "L3CoreService"
+    and
+    subscription.l3_core_service_type in ["LHCONE"]
+    and
+    (bgp_session_v4.has_custom_policies | ansible.builtin.bool
+    or
+    bgp_session_v6.has_custom_policies | ansible.builtin.bool)
+  ansible.builtin.include_tasks: merge_vrf_custom_vars.yaml
+
 - name: Load Standard Policy Options for VRF {{ subscription.vrf.vrf_name }}
  when: >
    subscription.product.product_type == "VRF"
-  ansible.builtin.include_tasks: merge_vrf_vars.yaml
+  ansible.builtin.include_tasks: merge_vrf_standard_vars.yaml

 - name: Compile templates
  ansible.builtin.include_tasks: compile.yaml

--- a/geant/gap_ansible/roles/policy_options/tasks/merge_vrf_custom_vars.yaml
+++ b/geant/gap_ansible/roles/policy_options/tasks/merge_vrf_custom_vars.yaml
+---
+- name: Set custom PO vars
+  # when: >
+  #   bgp_session_v6.has_custom_policies | ansible.builtin.bool
+  block:
+    - name: Set NREN custom communities
+      ansible.builtin.set_fact:
+        po_final_communities: "{{ lookup('community.general.merge_variables', 'CUSTOM_COMMUNITIES') }}"
+
+    # - name: Set NREN custom AS paths
+    #   ansible.builtin.set_fact:
+    #     po_final_aspath: "{{ lookup('community.general.merge_variables', 'CUSTOM_ASPATH') }}"
+
+    - name: Set NREN custom policies
+      ansible.builtin.set_fact:
+        po_final_policies: "{{ lookup('community.general.merge_variables', 'CUSTOM_PO_POL_STATEMENTS') }}"
--- a/geant/gap_ansible/roles/policy_options/tasks/merge_vrf_vars.yaml
+++ b/geant/gap_ansible/roles/policy_options/tasks/merge_vrf_vars.yaml
@@ -3,6 +3,10 @@
  ansible.builtin.set_fact:
    po_final_prefix_lists: "{{ lookup('community.general.merge_variables', 'STANDARD_VRF_PO_PREFIX_LISTS') }}"

+- name: Load Standard Policy Options prefix lists for VRF {{ subscription.vrf.vrf_name }}
+  ansible.builtin.set_fact:
+    po_final_communities: "{{ lookup('community.general.merge_variables', 'STANDARD_VRF_COMMUNITIES') }}"
+
 - name: Load Standard Policy Options policies for VRF {{ subscription.vrf.vrf_name }}
  ansible.builtin.set_fact:
    po_final_policies: "{{ lookup('community.general.merge_variables', 'STANDARD_VRF_PO_POLICIES') }}"
--- a/geant/gap_ansible/roles/policy_options/templates/policy_statements.j2
+++ b/geant/gap_ansible/roles/policy_options/templates/policy_statements.j2
@@ -57,6 +57,11 @@
                <add>{{ community }}</add>
            </community>
                  {% endfor %}
+                {% elif act_k == "as_path_prepend" %}
+            <as-path-prepend>
+              <as-path>{{ act_v.as_path }}</as-path>
+              <repeat>{{ act_v.repeat }}</repeat>
+            </as-path-prepend>
                {% elif act_k == "bgp_med" %}
            <bgp-med>
                <set>{{ act_v | default(bgp.standard_metric.med[ap_type]) }}</set>

--- a/geant/gap_ansible/roles/sbp/templates/deploy_sbp.j2
+++ b/geant/gap_ansible/roles/sbp/templates/deploy_sbp.j2
@@ -4,11 +4,20 @@
 {% endif %}

        <service xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+  {% if subscription.l3_core_service_type in ['GEANT_IP', 'GEANT IP'] %}
            <ies xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
-                <service-name>{{ ies_re_name }}</service-name>
+            <service-name>{{ ies_re_name }}</service-name>
+  {% elif subscription.l3_core_service_type in ['LHCONE'] %}
+            <vprn xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+            <service-name>{{ vprn_name }}</service-name>
+  {% endif %}
                <interface alu:operation="replace">
                    <interface-name>{{ lag_name }}.{{ ap.sbp.vlan_id }}</interface-name>
+                {% if subscription.l3_core_service_type in ['GEANT_IP', 'GEANT IP'] %}
                    <description>SRV_GLOBAL CUSTOMER {{ partner_name }} #{{ partner_name }}-{{ ap.ap_type }} ${{ ap.sbp.gs_id }} | ASN{{ partner.asn }} | </description>
+                {% elif subscription.l3_core_service_type in ['LHCONE'] %}
+                    <description>SRV_L3VPN CUSTOMER {{ partner_name }} #{{ partner_name }}-{{ ap.ap_type }} ${{ ap.sbp.gs_id }} | ASN{{ partner.asn }} | </description>
+                {% endif %}
                    <ip-mtu>{{ sbp_params.ip_mtu }}</ip-mtu>
                    <sap>
                      {% if ap.sbp.is_tagged %}
@@ -19,14 +28,24 @@
                        <admin-state>enable</admin-state>
                        <ingress>
                            <filter>
+                {% if subscription.l3_core_service_type in ['GEANT_IP', 'GEANT IP'] %}
                                <ip>{{ partner_name | upper }}_EDGE_IN</ip>
                                <ipv6>{{ partner_name | upper }}_EDGE_IN_V6</ipv6>
+                {% elif subscription.l3_core_service_type in ['LHCONE'] %}
+                                <ip>LHCONE_{{ partner_name | upper }}_IN</ip>
+                                <ipv6>LHCONE_{{ partner_name | upper }}_IN_V6</ipv6>
+                {% endif %}
                            </filter>
                        </ingress>
                        <egress>
                            <filter>
+                {% if subscription.l3_core_service_type in ['GEANT_IP', 'GEANT IP'] %}
                                <ip>{{ partner_name | upper }}_EDGE_OUT</ip>
                                <ipv6>{{ partner_name | upper }}_EDGE_OUT_V6</ipv6>
+                {% elif subscription.l3_core_service_type in ['LHCONE'] %}
+                                <ip>LHCONE_{{ partner_name | upper }}_OUT</ip>
+                                <ipv6>LHCONE_{{ partner_name | upper }}_OUT_V6</ipv6>
+                {% endif %}
                            </filter>
                        </egress>
                    </sap>
@@ -83,7 +102,11 @@
                        </address>
                    </ipv6>
                </interface>
+      {% if subscription.l3_core_service_type in ['GEANT_IP', 'GEANT IP'] %}
            </ies>
+      {% elif subscription.l3_core_service_type in ['LHCONE'] %}
+            </vprn>
+      {% endif %}
        </service>

 {% if is_standalone_run %}

--- a/geant/gap_ansible/roles/service_checks/tasks/main.yml
+++ b/geant/gap_ansible/roles/service_checks/tasks/main.yml
 ---
 # tasks file for service_checks
+- name: Import group_vars/all
+  ansible.builtin.include_vars:
+    dir: /opt/ansible_inventory/group_vars/all
+
+- name: Load netconf connection config
+  ansible.builtin.set_fact:
+    ansible_connection: "{{ netconf_access[ap.sbp.edge_port.node.vendor].ansible_connection }}"
+    ansible_network_os: "{{ netconf_access[ap.sbp.edge_port.node.vendor].ansible_network_os }}"
+
 - name: Ping peer via SBP
  when: object == 'sbp'
  ansible.builtin.include_tasks: sbp_checks.yaml

--- a/geant/gap_ansible/roles/vrf/templates/service.j2
+++ b/geant/gap_ansible/roles/vrf/templates/service.j2

 <service xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
-{% with pe_vprns=LHCONE_VPRN %}
+{% with pe_vprns=VPRN %}
 {% include 'router/vprn.j2' %}
 {% endwith %}
 </service>