forked from suse-edge/Factory
Merge pull request 'add frr image' (#29) from import-frr into main
Reviewed-on: suse-edge/Factory#29 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
This commit is contained in:
commit
ee82509ce9
@ -218,3 +218,7 @@ staging_build:
|
|||||||
source_package: release-manifest-image
|
source_package: release-manifest-image
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: frr-image
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
58
frr-image/Dockerfile
Normal file
58
frr-image/Dockerfile
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%frr:8.4
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
|
||||||
|
#!BuildVersion: 15.5
|
||||||
|
ARG SLE_VERSION
|
||||||
|
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||||
|
|
||||||
|
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||||
|
COPY --from=micro / /installroot/
|
||||||
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
|
||||||
|
|
||||||
|
FROM micro AS final
|
||||||
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
|
# labelprefix=com.suse.application.frr
|
||||||
|
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||||
|
LABEL org.opencontainers.image.title="FRR Container Image"
|
||||||
|
LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
|
||||||
|
LABEL org.opencontainers.image.version="8.4"
|
||||||
|
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||||
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
|
||||||
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
|
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||||
|
LABEL com.suse.image-type="application"
|
||||||
|
LABEL com.suse.release-stage="released"
|
||||||
|
# endlabelprefix
|
||||||
|
|
||||||
|
COPY --from=base /installroot /
|
||||||
|
|
||||||
|
#Install frr
|
||||||
|
USER root
|
||||||
|
|
||||||
|
ENV PYTHONDONTWRITEBYTECODE yes
|
||||||
|
|
||||||
|
# frr.sh is the entry point. This script examines environment
|
||||||
|
# variables to direct operation and configure ovn
|
||||||
|
ADD frr.sh /root/
|
||||||
|
ADD daemons /etc/frr
|
||||||
|
ADD frr.conf /etc/frr
|
||||||
|
ADD vtysh.conf /etc/frr
|
||||||
|
|
||||||
|
RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
|
||||||
|
|
||||||
|
RUN ln -s /usr/bin/catatonit /sbin/tini
|
||||||
|
RUN usermod -a -G frrvty frr
|
||||||
|
|
||||||
|
COPY docker-start /usr/libexec/frr/docker-start
|
||||||
|
RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
|
||||||
|
|
||||||
|
WORKDIR /root
|
||||||
|
ENTRYPOINT ["/sbin/tini", "--"]
|
||||||
|
|
||||||
|
COPY docker-start /usr/lib/frr/docker-start
|
||||||
|
RUN chmod +x /usr/lib/frr/docker-start
|
||||||
|
CMD ["/usr/lib/frr/docker-start"]
|
13
frr-image/_service
Normal file
13
frr-image/_service
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
<services>
|
||||||
|
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||||
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
|
<service name="replace_using_env" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||||
|
<param name="var">IMG_PREFIX</param>
|
||||||
|
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||||
|
<param name="var">IMG_REPO</param>
|
||||||
|
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||||
|
<param name="var">SUPPORT_LEVEL</param>
|
||||||
|
</service>
|
||||||
|
</services>
|
82
frr-image/daemons
Normal file
82
frr-image/daemons
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
# This file tells the frr package which daemons to start.
|
||||||
|
#
|
||||||
|
# Entries are in the format: <daemon>=(yes|no|priority)
|
||||||
|
# 0, "no" = disabled
|
||||||
|
# 1, "yes" = highest priority
|
||||||
|
# 2 .. 10 = lower priorities
|
||||||
|
#
|
||||||
|
# For daemons which support multiple instances, a 2nd line listing
|
||||||
|
# the instances can be added. Eg for ospfd:
|
||||||
|
# ospfd=yes
|
||||||
|
# ospfd_instances="1,2"
|
||||||
|
#
|
||||||
|
# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
|
||||||
|
# They're used to start the FRR daemons in more than one step
|
||||||
|
# (for example start one or two at network initialization and the
|
||||||
|
# rest later). The number of FRR daemons being small, priorities
|
||||||
|
# must be between 1 and 9, inclusive (or the initscript has to be
|
||||||
|
# changed). /etc/init.d/frr then can be started as
|
||||||
|
#
|
||||||
|
# /etc/init.d/frr <start|stop|restart|<priority>>
|
||||||
|
#
|
||||||
|
# where priority 0 is the same as 'stop', priority 10 or 'start'
|
||||||
|
# means 'start all'
|
||||||
|
#
|
||||||
|
# Sample configurations for these daemons can be found in
|
||||||
|
# /usr/share/doc/frr/examples/.
|
||||||
|
#
|
||||||
|
# ATTENTION:
|
||||||
|
#
|
||||||
|
# When activation a daemon at the first time, a config file, even if it is
|
||||||
|
# empty, has to be present *and* be owned by the user and group "frr", else
|
||||||
|
# the daemon will not be started by /etc/init.d/frr. The permissions should
|
||||||
|
# be u=rw,g=r,o=.
|
||||||
|
# When using "vtysh" such a config file is also needed. It should be owned by
|
||||||
|
# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
|
||||||
|
#
|
||||||
|
watchfrr_enable=yes
|
||||||
|
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
|
||||||
|
#
|
||||||
|
zebra=yes
|
||||||
|
bgpd=yes
|
||||||
|
ospfd=no
|
||||||
|
ospf6d=no
|
||||||
|
ripd=no
|
||||||
|
ripngd=no
|
||||||
|
isisd=no
|
||||||
|
pimd=no
|
||||||
|
nhrpd=no
|
||||||
|
eigrpd=no
|
||||||
|
sharpd=no
|
||||||
|
pbrd=no
|
||||||
|
staticd=yes
|
||||||
|
bfdd=yes
|
||||||
|
fabricd=no
|
||||||
|
|
||||||
|
#
|
||||||
|
# Command line options for the daemons
|
||||||
|
#
|
||||||
|
zebra_options=("-A 127.0.0.1")
|
||||||
|
bgpd_options=("-A 127.0.0.1")
|
||||||
|
ospfd_options=("-A 127.0.0.1")
|
||||||
|
ospf6d_options=("-A ::1")
|
||||||
|
ripd_options=("-A 127.0.0.1")
|
||||||
|
ripngd_options=("-A ::1")
|
||||||
|
isisd_options=("-A 127.0.0.1")
|
||||||
|
pimd_options=("-A 127.0.0.1")
|
||||||
|
nhrpd_options=("-A 127.0.0.1")
|
||||||
|
eigrpd_options=("-A 127.0.0.1")
|
||||||
|
sharpd_options=("-A 127.0.0.1")
|
||||||
|
pbrd_options=("-A 127.0.0.1")
|
||||||
|
staticd_options=("-A 127.0.0.1")
|
||||||
|
bfdd_options=("-A 127.0.0.1")
|
||||||
|
fabricd_options=("-A 127.0.0.1")
|
||||||
|
|
||||||
|
#
|
||||||
|
# If the vtysh_enable is yes, then the unified config is read
|
||||||
|
# and applied if it exists. If no unified frr.conf exists
|
||||||
|
# then the per-daemon <daemon>.conf files are used)
|
||||||
|
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
|
||||||
|
# it is highly suggested to have this set to yes
|
||||||
|
vtysh_enable=yes
|
||||||
|
|
4
frr-image/docker-start
Normal file
4
frr-image/docker-start
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
source /usr/lib/frr/frrcommon.sh
|
||||||
|
/usr/lib/frr/watchfrr $(daemon_list)
|
53
frr-image/frr.conf
Normal file
53
frr-image/frr.conf
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
frr defaults traditional
|
||||||
|
log file /var/log/frr/frr.log
|
||||||
|
log syslog informational
|
||||||
|
log stdout debugging
|
||||||
|
ipv6 forwarding
|
||||||
|
service integrated-vtysh-config
|
||||||
|
!
|
||||||
|
debug bgp updates in
|
||||||
|
debug bgp updates out
|
||||||
|
debug bgp zebra
|
||||||
|
!
|
||||||
|
interface eth0
|
||||||
|
no ipv6 nd suppress-ra
|
||||||
|
ipv6 nd ra-interval 10
|
||||||
|
!
|
||||||
|
router bgp OCPASN
|
||||||
|
bgp router-id OCPROUTERID
|
||||||
|
bgp bestpath as-path multipath-relax
|
||||||
|
bgp bestpath compare-routerid
|
||||||
|
!
|
||||||
|
neighbor OCPnodes peer-group
|
||||||
|
neighbor OCPnodes description Internal OCP Nodes
|
||||||
|
neighbor OCPnodes remote-as OCPASN
|
||||||
|
neighbor OCPnodes bfd
|
||||||
|
neighbor OCPnodes capability extended-nexthop
|
||||||
|
!neighbor eth0 interface peer-group OCPnodes
|
||||||
|
!neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
|
||||||
|
neighbor OCPPEER peer-group OCPnodes
|
||||||
|
!
|
||||||
|
address-family ipv4 unicast
|
||||||
|
redistribute connected
|
||||||
|
neighbor OCPnodes activate
|
||||||
|
exit-address-family
|
||||||
|
!
|
||||||
|
address-family ipv6 unicast
|
||||||
|
redistribute connected
|
||||||
|
neighbor OCPnodes activate
|
||||||
|
neighbor OCPnodes nexthop-local unchanged
|
||||||
|
exit-address-family
|
||||||
|
!
|
||||||
|
!
|
||||||
|
bfd
|
||||||
|
peer OCPPEER vrf default interface eth0
|
||||||
|
receive-interval 2000
|
||||||
|
transmit-interval 2000
|
||||||
|
echo-mode
|
||||||
|
echo-interval 3000
|
||||||
|
no shutdown
|
||||||
|
exit
|
||||||
|
!
|
||||||
|
line vty
|
||||||
|
!
|
||||||
|
|
124
frr-image/frr.sh
Normal file
124
frr-image/frr.sh
Normal file
@ -0,0 +1,124 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#set -euo pipefail
|
||||||
|
|
||||||
|
# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
|
||||||
|
if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
|
||||||
|
# The argument to the command is the operation to be performed
|
||||||
|
# frr-node display display_env
|
||||||
|
# a cmd must be provided, there is no default
|
||||||
|
cmd=${1:-""}
|
||||||
|
|
||||||
|
# The frr user id, by default it is going to be frr:frr
|
||||||
|
frr_user_id=${FRR_USER_ID:-""}
|
||||||
|
|
||||||
|
# frr options
|
||||||
|
frr_options=${FRR_OPTIONS:-""}
|
||||||
|
|
||||||
|
# This script is the entrypoint to the image.
|
||||||
|
# frr.sh version (update when API between daemonset and script changes - v.x.y)
|
||||||
|
frr_version="3"
|
||||||
|
|
||||||
|
# The daemonset version must be compatible with this script.
|
||||||
|
# The default when FRR_DAEMONSET_VERSION is not set is version 3
|
||||||
|
frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
|
||||||
|
|
||||||
|
# hostname is the host's hostname when using host networking,
|
||||||
|
# This is useful on the master
|
||||||
|
# otherwise it is the container ID (useful for debugging).
|
||||||
|
frr_pod_host=${K8S_NODE:-$(hostname)}
|
||||||
|
|
||||||
|
# The ovs user id, by default it is going to be root:root
|
||||||
|
frr_user_id=${FRR_USER_ID:-""}
|
||||||
|
|
||||||
|
# frr options
|
||||||
|
frr_options=${FRR_OPTIONS:-""}
|
||||||
|
|
||||||
|
# frr.conf variables
|
||||||
|
ocp_asn=${OCPASN:-65000}
|
||||||
|
ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
|
||||||
|
ocp_peer=${OCPPEER:-"10.10.10.1"}
|
||||||
|
|
||||||
|
FRR_ETCDIR=/etc/frr
|
||||||
|
FRR_RUNDIR=/var/run/frr
|
||||||
|
FRR_LOGDIR=/var/log/frr
|
||||||
|
|
||||||
|
# =========================================
|
||||||
|
|
||||||
|
setup_frr_permissions() {
|
||||||
|
chown -R ${frr_user_id} ${FRR_RUNDIR}
|
||||||
|
chown -R ${frr_user_id} ${FRR_LOGDIR}
|
||||||
|
chown -R ${frr_user_id} ${FRR_ETCDIR}
|
||||||
|
}
|
||||||
|
|
||||||
|
# =========================================
|
||||||
|
|
||||||
|
display_version() {
|
||||||
|
echo " =================== hostname: ${frr_pod_host}"
|
||||||
|
echo " =================== daemonset version ${frr_daemonset_version}"
|
||||||
|
if [[ -f /root/git_info ]]; then
|
||||||
|
disp_ver=$(cat /root/git_info)
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
display_env() {
|
||||||
|
echo FRR_USER_ID ${frr_user_id}
|
||||||
|
echo FRR_OPTIONS ${frr_options}
|
||||||
|
echo frr.sh version ${frr_version}
|
||||||
|
echo ocp_asn ${ocp_asn}
|
||||||
|
echo ocp_routerid ${ocp_routerid}
|
||||||
|
echo ocp_peer ${ocp_peer}
|
||||||
|
}
|
||||||
|
|
||||||
|
# frr-node - all nodes
|
||||||
|
frr-node() {
|
||||||
|
trap 'kill $(jobs -p) ; exit 0' TERM
|
||||||
|
rm -f ${FRR_RUNDIR}/frr.pid
|
||||||
|
echo "=============== frr-node ========== update frr.conf"
|
||||||
|
sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
|
||||||
|
sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
|
||||||
|
sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
|
||||||
|
|
||||||
|
#chown -R frr:frr /etc/frr
|
||||||
|
chown -R frr:frr ${FRR_RUNDIR}
|
||||||
|
echo "=============== frr-node ========== starting"
|
||||||
|
# /usr/lib/frr/frrinit.sh start
|
||||||
|
# bash -x /usr/lib/frr/frrinit.sh start
|
||||||
|
bash -x
|
||||||
|
/usr/lib/frr/frrinit.sh start
|
||||||
|
frrResult=$?
|
||||||
|
echo "=============== frrinit result is ${frrResult} "
|
||||||
|
|
||||||
|
# Sleep forever
|
||||||
|
exec tail -f /dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "================== frr.sh --- version: ${frr_version} ================"
|
||||||
|
|
||||||
|
display_version
|
||||||
|
|
||||||
|
display_env
|
||||||
|
|
||||||
|
case ${cmd} in
|
||||||
|
"frr-node")
|
||||||
|
frr-node
|
||||||
|
;;
|
||||||
|
"display_env")
|
||||||
|
display_env
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
"display")
|
||||||
|
display
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "invalid command ${cmd}"
|
||||||
|
echo "valid v3 commands: frr-node display_env display "
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit 0
|
0
frr-image/vtysh.conf
Normal file
0
frr-image/vtysh.conf
Normal file
Loading…
Reference in New Issue
Block a user