Merge tag 'refs/tags/v0.11.15' into fork-on-premise

control-plane/roles/gardener/templates/kube-apiserver-values.j2

@@ -8,12 +8,10 @@ apiServer:
   serviceName: garden-kube-apiserver
 
 oidc:
-{% if gardener_virtual_api_oidc_issuer_url %}
-  issuerURL: {{ gardener_virtual_api_oidc_issuer_url }}
-{% endif %}
-{% if gardener_virtual_api_oidc_client_id %}
-  clientID: {{ gardener_virtual_api_oidc_client_id }}
-{% endif %}
+  issuerURL: {% if gardener_virtual_api_oidc_issuer_url %}{{ gardener_virtual_api_oidc_issuer_url }}{% endif %}
+
+  clientID: {% if gardener_virtual_api_oidc_client_id %}{{ gardener_virtual_api_oidc_client_id }}{% endif %}
+
 {% if gardener_virtual_api_oidc_username_claim %}
   usernameClaim: {{ gardener_virtual_api_oidc_username_claim }}
 {% endif %}

partition/roles/docker-on-cumulus/tasks/main.yaml

@@ -2,11 +2,13 @@
 - name: ensure dependencies are installed
   apt:
     update_cache: yes
+    allow_unauthenticated: yes
     name:
       - apt-transport-https
       - ca-certificates
       - curl
       - gnupg2
+      - libltdl7
   when: ansible_distribution_major_version == "3"
 
 - name: setup key for docker

partition/roles/sonic/defaults/main.yaml

@@ -7,7 +7,6 @@ sonic_timezone: Europe/Berlin
 sonic_config_action: load
 
 ## Physical settings
-sonic_breakouts: {}
 sonic_ports: []
 sonic_ports_dict: {}
 sonic_ports_default_fec: none
@@ -38,6 +37,10 @@ sonic_vteps: []
 # LLDP Hello timer is 30s by default on the switch, but metal-hammer expects 10s or so
 sonic_lldp_hello_timer: 10
 
+# BGP container configuration
+sonic_docker_routing_config_mode: split
+sonic_frr_mgmt_framework_config: true
+
 sonic_frr_static_routes_mgmt: []
 sonic_interconnects: {}
 

partition/roles/sonic/tasks/main.yaml

@@ -84,12 +84,18 @@
 - name: Fail if running configuration doesn't contain required information
   ansible.builtin.assert:
     that:
-      - sonic_running_cfg_breakouts
       - sonic_running_cfg_hwsku
       - sonic_running_cfg_mac
       - sonic_running_cfg_platform
       - sonic_running_cfg_ports
-    fail_msg: The running configuration is incomplete because it does not contain 'BREAKOUT_CFG', 'PORT', or complete 'DEVICE_METADATA'.
+    fail_msg: The running configuration is incomplete because it does not contain 'PORT' or complete 'DEVICE_METADATA'.
+
+- name: Fail if running configuration doesn't contain breakout configuration
+  ansible.builtin.assert:
+    that:
+      - sonic_running_cfg_breakouts
+    fail_msg: The running configuration is incomplete because it does not contain 'BREAKOUT_CFG'.
+  when: sonic_breakouts is defined
 
 - name: Render config_db
   set_fact:

partition/roles/sonic/templates/metal.yaml.j2

@@ -2,13 +2,15 @@
 ---
 DEVICE_METADATA:
   localhost:
-    docker_routing_config_mode: split
+    docker_routing_config_mode: "{{ sonic_docker_routing_config_mode }}"
     hostname: "{{ inventory_hostname }}"
     hwsku: "{{ sonic_running_cfg_hwsku }}"
     mac: "{{ sonic_running_cfg_mac }}"
     platform: "{{ sonic_running_cfg_platform }}"
     type: "LeafRouter"
+    {% if sonic_frr_mgmt_framework_config %}
     frr_mgmt_framework_config: "true"
+    {% endif %}
 
 FEATURE:
   dhcp_relay:
@@ -67,12 +69,14 @@ INTERFACE:
   {% endfor %}
   {% endfor %}
 {% endif %}
+{% if sonic_running_cfg_breakouts %}
 
 BREAKOUT_CFG:
   {% for name, cfg in sonic_running_cfg_breakouts.items() %}
   {{ name }}:
     brkout_mode: "{{ cfg.brkout_mode }}"
   {% endfor %}
+{% endif %}
 
 PORT:
   {% for name, running_cfg in sonic_running_cfg_ports.items() %}
@@ -81,7 +85,9 @@ PORT:
     autoneg: "{{ running_cfg.autoneg|default("off")|string|lower }}"
     index: "{{ running_cfg.index }}"
     lanes: "{{ running_cfg.lanes }}"
+    {% if 'parent_port' in running_cfg %}
     parent_port: {{ running_cfg.parent_port }}
+    {% endif %}
     {% if sonic_ports_dict[name] is defined %}
     {% set port = sonic_ports_dict[name] %}
     admin_status: up

partition/roles/sonic/test/data/exit/metal.yaml

@@ -1,7 +1,7 @@
 ---
 DEVICE_METADATA:
   localhost:
-    docker_routing_config_mode: split
+    docker_routing_config_mode: "split"
     hostname: "exit01"
     hwsku: "Accton-AS7726-32X"
     mac: "e0:01:a6:e3:29:3c"

partition/roles/sonic/test/data/mgmtleaf/metal.yaml

@@ -1,7 +1,7 @@
 ---
 DEVICE_METADATA:
   localhost:
-    docker_routing_config_mode: split
+    docker_routing_config_mode: "split"
     hostname: "r01mgmtleaf"
     hwsku: "Accton-AS7726-32X"
     mac: "e0:01:a6:e3:29:3c"

partition/roles/sonic/test/data/sonic-vs/frr.conf

@@ -0,0 +1,29 @@
+frr defaults datacenter
+hostname sonic-vs
+!
+service integrated-vtysh-config
+!
+log syslog informational
+!
+interface Ethernet0
+ ipv6 nd ra-interval 6
+ no ipv6 nd suppress-ra
+!
+router bgp 4200000000
+ bgp router-id 10.0.0.1
+ bgp bestpath as-path multipath-relax
+ neighbor FABRIC peer-group
+ neighbor FABRIC remote-as external
+ neighbor FABRIC timers 1 3
+ neighbor Ethernet0 interface peer-group FABRIC
+ !
+ address-family ipv4 unicast
+  redistribute connected route-map DENY_MGMT
+ exit-address-family
+!
+route-map DENY_MGMT deny 10
+  match interface eth0
+route-map DENY_MGMT permit 20
+!
+line vty
+!

partition/roles/sonic/test/data/sonic-vs/input.yaml

@@ -0,0 +1,46 @@
+---
+inventory_hostname: sonic-vs
+sonic_asn: 4200000000
+sonic_loopback_address: 10.0.0.1
+
+sonic_mgmtif_ip: 172.17.0.2/16
+sonic_mgmtif_gateway: 172.17.0.1
+sonic_mgmt_vrf: false
+
+sonic_docker_routing_config_mode: split-unified
+sonic_frr_mgmt_framework_config: false
+
+sonic_ports_default_mtu: 9000
+sonic_ports_default_speed: 40000
+sonic_ports_dict:
+  Ethernet0:
+
+sonic_running_cfg_breakouts:
+sonic_running_cfg_hwsku: Force10-S6000
+sonic_running_cfg_mac: e0:01:a6:e3:29:3c
+sonic_running_cfg_platform: x86_64-kvm_x86_64-r0
+
+sonic_running_cfg_ports:
+  Ethernet0:
+    alias: fortyGigE0/0
+    index: "0"
+    lanes: "25,26,27,28"
+    speed: "40000"
+  Ethernet4:
+    alias: fortyGigE0/4
+    index: "1"
+    lanes: "29,30,31,32"
+    speed: "40000"
+
+sonic_bgp_ports:
+  Ethernet0:
+
+sonic_vlans:
+  - id: 4000
+    ip: 10.0.1.1/25
+
+# Dummy VTEP so that basic VXLAN config will be deployed by sonic role:
+sonic_vteps:
+- comment: Dummy
+  vlan: Vlan3999
+  vni: 103999

partition/roles/sonic/test/data/sonic-vs/metal.yaml

@@ -0,0 +1,87 @@
+---
+DEVICE_METADATA:
+  localhost:
+    docker_routing_config_mode: "split-unified"
+    hostname: "sonic-vs"
+    hwsku: "Force10-S6000"
+    mac: "e0:01:a6:e3:29:3c"
+    platform: "x86_64-kvm_x86_64-r0"
+    type: "LeafRouter"
+
+FEATURE:
+  dhcp_relay:
+    auto_restart: enabled
+    state: enabled
+
+NTP:
+  global:
+    src_intf: "eth0"
+
+NTP_SERVER:
+
+LOOPBACK_INTERFACE:
+  Loopback0: {}
+  Loopback0|10.0.0.1/32: {}
+
+MGMT_INTERFACE:
+  eth0|172.17.0.2/16:
+    gwaddr: "172.17.0.1"
+
+MGMT_PORT:
+  eth0:
+    alias: "eth0"
+    admin_status: "up"
+    description: "Management Port"
+
+MGMT_VRF_CONFIG:
+  vrf_global:
+    mgmtVrfEnabled: "false"
+
+INTERFACE:
+  Ethernet0:
+    ipv6_use_link_local_only: enable
+
+PORT:
+  Ethernet0:
+    alias: fortyGigE0/0
+    autoneg: "off"
+    index: "0"
+    lanes: "25,26,27,28"
+    admin_status: up
+    speed: "40000"
+    mtu: "9000"
+    fec: "none"
+  Ethernet4:
+    alias: fortyGigE0/4
+    autoneg: "off"
+    index: "1"
+    lanes: "29,30,31,32"
+    speed: "40000"
+
+VLAN:
+  Vlan4000:
+    vlanid: 4000
+
+VLAN_INTERFACE:
+  Vlan4000: {}
+  Vlan4000|10.0.1.1/25: {}
+
+VLAN_MEMBER:
+
+VXLAN_EVPN_NVO:
+  nvo:
+    source_vtep: vtep
+
+VXLAN_TUNNEL:
+  vtep:
+    src_ip: "10.0.0.1"
+
+VXLAN_TUNNEL_MAP:
+  # Dummy
+  "vtep|map_103999_Vlan3999":
+    vlan: "Vlan3999"
+    vni: "103999"
+
+LLDP:
+  Global:
+    hello_timer: 10

partition/roles/sonic/test/data/spine/metal.yaml

@@ -1,7 +1,7 @@
 ---
 DEVICE_METADATA:
   localhost:
-    docker_routing_config_mode: split
+    docker_routing_config_mode: "split"
     hostname: "spine01"
     hwsku: "Accton-AS7726-32X"
     mac: "e0:01:a6:e3:29:3c"