From a8bd38569b3187c4bd824a2cfac8a2a1b560dde0c46e5dcb0dfc21be8918b276 Mon Sep 17 00:00:00 2001
From: Denislav Prodanov <denislav.prodanov@suse.com>
Date: Wed, 20 Nov 2024 16:16:11 +0200
Subject: [PATCH] add frr image

---
 frr-image/Dockerfile   |  59 ++++++++++++++++++++
 frr-image/_service     |  13 +++++
 frr-image/daemons      |  82 +++++++++++++++++++++++++++
 frr-image/docker-start |   4 ++
 frr-image/frr.conf     |  53 ++++++++++++++++++
 frr-image/frr.sh       | 124 +++++++++++++++++++++++++++++++++++++++++
 frr-image/vtysh.conf   |   0
 7 files changed, 335 insertions(+)
 create mode 100644 frr-image/Dockerfile
 create mode 100644 frr-image/_service
 create mode 100644 frr-image/daemons
 create mode 100644 frr-image/docker-start
 create mode 100644 frr-image/frr.conf
 create mode 100644 frr-image/frr.sh
 create mode 100644 frr-image/vtysh.conf

diff --git a/frr-image/Dockerfile b/frr-image/Dockerfile
new file mode 100644
index 0000000..673046d
--- /dev/null
+++ b/frr-image/Dockerfile
@@ -0,0 +1,59 @@
+# SPDX-License-Identifier: MIT
+#!BuildTag: %%IMG_PREFIX%%frr:8.4
+#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%frr:latest
+#!BuildVersion: 15.5
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.frr
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="FRR Container Image"
+LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="8.4"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+
+#Install frr
+USER root
+
+ENV PYTHONDONTWRITEBYTECODE yes
+
+# frr.sh is the entry point. This script examines environment
+# variables to direct operation and configure ovn
+ADD frr.sh /root/
+ADD daemons /etc/frr
+ADD frr.conf /etc/frr
+ADD vtysh.conf /etc/frr
+
+RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
+
+RUN ln -s /usr/bin/catatonit /sbin/tini
+RUN usermod -a -G frrvty frr
+
+COPY docker-start /usr/libexec/frr/docker-start
+RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
+
+WORKDIR /root
+ENTRYPOINT ["/sbin/tini", "--"]
+
+COPY docker-start /usr/lib/frr/docker-start
+RUN chmod +x /usr/lib/frr/docker-start
+CMD ["/usr/lib/frr/docker-start"]
diff --git a/frr-image/_service b/frr-image/_service
new file mode 100644
index 0000000..355a193
--- /dev/null
+++ b/frr-image/_service
@@ -0,0 +1,13 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>
diff --git a/frr-image/daemons b/frr-image/daemons
new file mode 100644
index 0000000..81057fa
--- /dev/null
+++ b/frr-image/daemons
@@ -0,0 +1,82 @@
+# This file tells the frr package which daemons to start.
+#
+# Entries are in the format: <daemon>=(yes|no|priority)
+#   0, "no"  = disabled
+#   1, "yes" = highest priority
+#   2 .. 10  = lower priorities
+#
+# For daemons which support multiple instances, a 2nd line listing
+# the instances can be added. Eg for ospfd:
+#   ospfd=yes
+#   ospfd_instances="1,2"
+#
+# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
+# They're used to start the FRR daemons in more than one step
+# (for example start one or two at network initialization and the
+# rest later). The number of FRR daemons being small, priorities
+# must be between 1 and 9, inclusive (or the initscript has to be
+# changed). /etc/init.d/frr then can be started as
+#
+#   /etc/init.d/frr <start|stop|restart|<priority>>
+#
+# where priority 0 is the same as 'stop', priority 10 or 'start'
+# means 'start all'
+#
+# Sample configurations for these daemons can be found in
+# /usr/share/doc/frr/examples/.
+#
+# ATTENTION:
+#
+# When activation a daemon at the first time, a config file, even if it is
+# empty, has to be present *and* be owned by the user and group "frr", else
+# the daemon will not be started by /etc/init.d/frr. The permissions should
+# be u=rw,g=r,o=.
+# When using "vtysh" such a config file is also needed. It should be owned by
+# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
+#
+watchfrr_enable=yes
+watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
+#
+zebra=yes
+bgpd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+pimd=no
+nhrpd=no
+eigrpd=no
+sharpd=no
+pbrd=no
+staticd=yes
+bfdd=yes
+fabricd=no
+
+#
+# Command line options for the daemons
+#
+zebra_options=("-A 127.0.0.1")
+bgpd_options=("-A 127.0.0.1")
+ospfd_options=("-A 127.0.0.1")
+ospf6d_options=("-A ::1")
+ripd_options=("-A 127.0.0.1")
+ripngd_options=("-A ::1")
+isisd_options=("-A 127.0.0.1")
+pimd_options=("-A 127.0.0.1")
+nhrpd_options=("-A 127.0.0.1")
+eigrpd_options=("-A 127.0.0.1")
+sharpd_options=("-A 127.0.0.1")
+pbrd_options=("-A 127.0.0.1")
+staticd_options=("-A 127.0.0.1")
+bfdd_options=("-A 127.0.0.1")
+fabricd_options=("-A 127.0.0.1")
+
+#
+# If the vtysh_enable is yes, then the unified config is read
+# and applied if it exists.  If no unified frr.conf exists
+# then the per-daemon <daemon>.conf files are used)
+# If vtysh_enable is no or non-existant, the frr.conf is ignored.
+# it is highly suggested to have this set to yes
+vtysh_enable=yes
+
diff --git a/frr-image/docker-start b/frr-image/docker-start
new file mode 100644
index 0000000..eaa7d74
--- /dev/null
+++ b/frr-image/docker-start
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)
diff --git a/frr-image/frr.conf b/frr-image/frr.conf
new file mode 100644
index 0000000..58aa59d
--- /dev/null
+++ b/frr-image/frr.conf
@@ -0,0 +1,53 @@
+frr defaults traditional
+log file /var/log/frr/frr.log
+log syslog informational
+log stdout debugging
+ipv6 forwarding
+service integrated-vtysh-config
+!
+debug bgp updates in
+debug bgp updates out
+debug bgp zebra
+!
+interface eth0
+ no ipv6 nd suppress-ra
+ ipv6 nd ra-interval 10
+!
+router bgp OCPASN
+ bgp router-id OCPROUTERID
+ bgp bestpath as-path multipath-relax
+ bgp bestpath compare-routerid
+!
+ neighbor OCPnodes peer-group
+ neighbor OCPnodes description Internal OCP Nodes
+ neighbor OCPnodes remote-as OCPASN
+ neighbor OCPnodes bfd
+ neighbor OCPnodes capability extended-nexthop 
+ !neighbor eth0 interface peer-group OCPnodes
+ !neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
+ neighbor OCPPEER peer-group OCPnodes
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  neighbor OCPnodes activate
+ exit-address-family
+ !
+ address-family ipv6 unicast
+  redistribute connected
+  neighbor OCPnodes activate
+  neighbor OCPnodes nexthop-local unchanged
+ exit-address-family
+ !
+!
+bfd
+ peer OCPPEER vrf default interface eth0
+   receive-interval 2000
+   transmit-interval 2000
+   echo-mode
+   echo-interval 3000
+   no shutdown
+ exit
+!
+line vty
+!
+
diff --git a/frr-image/frr.sh b/frr-image/frr.sh
new file mode 100644
index 0000000..ff154b2
--- /dev/null
+++ b/frr-image/frr.sh
@@ -0,0 +1,124 @@
+#!/bin/bash
+#set -euo pipefail
+
+# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
+if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
+  set -x
+fi
+
+# The argument to the command is the operation to be performed
+# frr-node display display_env 
+# a cmd must be provided, there is no default
+cmd=${1:-""}
+
+# The frr user id, by default it is going to be frr:frr
+frr_user_id=${FRR_USER_ID:-""}
+
+# frr options
+frr_options=${FRR_OPTIONS:-""}
+
+# This script is the entrypoint to the image.
+# frr.sh version (update when API between daemonset and script changes - v.x.y)
+frr_version="3"
+
+# The daemonset version must be compatible with this script.
+# The default when FRR_DAEMONSET_VERSION is not set is version 3
+frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
+
+# hostname is the host's hostname when using host networking,
+# This is useful on the master
+# otherwise it is the container ID (useful for debugging).
+frr_pod_host=${K8S_NODE:-$(hostname)}
+
+# The ovs user id, by default it is going to be root:root
+frr_user_id=${FRR_USER_ID:-""}
+
+# frr options
+frr_options=${FRR_OPTIONS:-""}
+
+# frr.conf variables
+ocp_asn=${OCPASN:-65000}
+ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
+ocp_peer=${OCPPEER:-"10.10.10.1"}
+
+FRR_ETCDIR=/etc/frr
+FRR_RUNDIR=/var/run/frr
+FRR_LOGDIR=/var/log/frr
+
+# =========================================
+
+setup_frr_permissions() {
+    chown -R ${frr_user_id} ${FRR_RUNDIR}
+    chown -R ${frr_user_id} ${FRR_LOGDIR}
+    chown -R ${frr_user_id} ${FRR_ETCDIR}
+}
+
+# =========================================
+
+display_version() {
+  echo " =================== hostname: ${frr_pod_host}"
+  echo " =================== daemonset version ${frr_daemonset_version}"
+  if [[ -f /root/git_info ]]; then
+    disp_ver=$(cat /root/git_info)
+    return
+  fi
+}
+
+display_env() {
+  echo FRR_USER_ID ${frr_user_id}
+  echo FRR_OPTIONS ${frr_options}
+  echo frr.sh version ${frr_version}
+  echo ocp_asn ${ocp_asn}
+  echo ocp_routerid ${ocp_routerid}
+  echo ocp_peer ${ocp_peer}
+}
+
+# frr-node - all nodes
+frr-node() {
+  trap 'kill $(jobs -p) ; exit 0' TERM
+  rm -f ${FRR_RUNDIR}/frr.pid
+  echo "=============== frr-node ========== update frr.conf"
+  sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
+  sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
+  sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
+
+  #chown -R frr:frr /etc/frr
+  chown -R frr:frr ${FRR_RUNDIR}
+  echo "=============== frr-node ========== starting"
+  # /usr/lib/frr/frrinit.sh start
+  # bash -x /usr/lib/frr/frrinit.sh start
+  bash -x 
+  /usr/lib/frr/frrinit.sh start
+  frrResult=$?
+  echo "=============== frrinit result is ${frrResult} " 
+ 
+  # Sleep forever
+  exec tail -f /dev/null
+}
+
+echo "================== frr.sh --- version: ${frr_version} ================"
+
+display_version
+
+display_env
+
+case ${cmd} in
+"frr-node") 
+  frr-node
+  ;;
+"display_env")
+  display_env
+  exit 0
+  ;;
+"display")
+  display
+  exit 0
+  ;;
+*)
+  echo "invalid command ${cmd}"
+  echo "valid v3 commands: frr-node display_env display " 
+  exit 0
+  ;;
+esac
+
+exit 0
diff --git a/frr-image/vtysh.conf b/frr-image/vtysh.conf
new file mode 100644
index 0000000..473a0f4