Add ebgp policy definition for tests

According to RFC-8212 policies must be described in order to allow
announce/accept routes. Without policies being described, no routes
will be announced/recieved by default.

This patch fixes current CI failures.

Change-Id: Ia033cc7c3ed3146860ab96452bec988f3c3069bf

.ansible-lint

@@ -0,0 +1,7 @@
+---
+mock_roles:
+  - multi-node-bridge
+  - clear-firewall
+
+skip_list:
+  - fqcn

handlers/main.yml

@@ -19,4 +19,4 @@
   service:
     name: frr
     state: restarted
-    enabled: yes
+    enabled: true

meta/main.yml

@@ -0,0 +1,9 @@
+---
+galaxy_info:
+  author: vexxhost
+  description: Installation and setup of FRRouting
+  company: Vexxhost
+  license: Apache2
+  role_name: frrouting
+  namespace: vexxhost
+  min_ansible_version: "2.10"

tasks/frr_install_apt.yml

@@ -42,15 +42,15 @@
     repo: "{{ repo.repo }}"
     state: "{{ repo.state | default('present') }}"
     filename: "{{ repo.filename | default(omit) }}"
-    update_cache: no
+    update_cache: false
   with_items: "{{ frr_repos }}"
   loop_control:
     loop_var: repo
   register: _adding_apt_repo
 
-- name: Update Apt cache
+- name: Update Apt cache  # noqa: no-handler
   apt:
-    update_cache: yes
+    update_cache: true
   when:
     - _adding_apt_repo is changed
   register: _update_apt_cache

tasks/frr_post_install.yml

@@ -19,10 +19,11 @@
   block:
     - name: Enable integrated config
       lineinfile:
-        create: yes
+        create: true
         path: /etc/frr/vtysh.conf
         regexp: '^(no)?\s?service integrated-vtysh-config$'
         line: "service integrated-vtysh-config"
+        mode: "0640"
       notify: Restart frr
 
     - name: Write down integrated config

tasks/frr_vlans.yml

@@ -26,7 +26,7 @@
       retries: 5
       delay: 2
 
-    - name: Load vlan modules
+    - name: Load vlan modules  # noqa: no-handler
       modprobe:
         name: 8021q
         state: present
@@ -36,16 +36,17 @@
       template:
         src: vlans.cfg.j2
         dest: "/etc/network/interfaces.d/vlan-{{ item.id }}.cfg"
+        mode: "0644"
       with_items: "{{ frr_vlans }}"
       register: distribute_vlans
 
-    - name: Stop interface
+    - name: Stop interface  # noqa: no-handler
       command: "ifdown {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
       with_items: "{{ distribute_vlans.results }}"
       when: item is changed
       changed_when: false
 
-    - name: Start interface
+    - name: Start interface  # noqa: no-handler
       command: "ifup {{ item.item['vlan-raw-device'] }}.{{ item.item.id }}"
       with_items: "{{ distribute_vlans.results }}"
       when: item is changed

tests/host_vars/primary

@@ -11,6 +11,11 @@ frr_staticd_routes:
 
 frr_bgpd_config:
   - router bgp 1234
-  - "bgp router-id {{ hostvars['primary']['ansible_br_infra']['ipv4']['address'] }}"
-  - "neighbor {{ hostvars['secondary']['ansible_br_infra']['ipv4']['address'] }} remote-as 5678"
+  - "bgp router-id {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }}"
+  - "neighbor {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 5678"
   - network 192.168.1.0/24
+  - address-family ipv4 unicast
+  - "  neighbor {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv out"
+  - "exit-address-family"
+  - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
+  - ip prefix-list pl-allowed-adv seq 10 deny any

tests/host_vars/secondary

@@ -1,4 +1,9 @@
 frr_bgpd_config:
   - router bgp 5678
-  - "bgp router-id {{ hostvars['secondary']['ansible_br_infra']['ipv4']['address'] }}"
-  - "neighbor {{ hostvars['primary']['ansible_br_infra']['ipv4']['address'] }} remote-as 1234"
+  - "bgp router-id {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }}"
+  - "neighbor {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 1234"
+  - address-family ipv4 unicast
+  - "  neighbor {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv in"
+  - exit-address-family
+  - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
+  - ip prefix-list pl-allowed-adv seq 10 deny any

tests/test.yml

@@ -15,6 +15,8 @@
 
 - name: Installing frr
   hosts: all
+  vars:
+    bridge_name: br-infra
 
   roles:
     - multi-node-bridge
@@ -22,7 +24,7 @@
     - frrouting
 
   post_tasks:
-    - name: wait after service restart
+    - name: Wait after service restart
       pause:
         seconds: 10
 
@@ -46,6 +48,13 @@
         msg: frr is not up
       when: ansible_facts.services['frr'].state != 'running'
 
+    - name: Get summary
+      become: true
+      become_user: root
+      command: "vtysh -c 'show bgp summary'"
+      register: _frr_get_summary
+      changed_when: false
+
     - name: Get routes
       become: true
       become_user: root
@@ -53,7 +62,6 @@
       register: _frr_get_routes
       changed_when: false
 
-
     - name: Fail if we're missing static routes
       fail:
         msg: "We can't find route {{ item }}"

tox.ini

@@ -23,7 +23,7 @@ passenv =
     TESTING_BRANCH
     TESTING_HOME
     USER
-whitelist_externals =
+allowlist_externals =
     bash
 setenv =
     PYTHONUNBUFFERED=1
@@ -32,5 +32,10 @@ setenv =
     WORKING_DIR={toxinidir}
 
 [testenv:linters]
+setenv =
+    {[testenv]setenv}
+    ANSIBLE_ROLES_PATH={envdir}
 commands =
+    bash -c 'printf -- "- name: frrouting\n  src: git+file://{toxinidir}\n" > {envdir}/test-requirements.yml'
+    ansible-galaxy install -r {envdir}/test-requirements.yml --roles-path {envdir} --force
     ansible-lint {toxinidir}/tests/test.yml