Details

Reviewers

dereckson
Duranzed

Maniphest Tasks

T2264: Implement CARP configuration for router-002 and router-003

Commits

rOPS8ca64297f9df: Configure CARP on routers

Summary

Add router CARP configuration using Jinja template and Salt state to deploy with Salt the CARP configuration.

Ref T2264

Test Plan

Apply state on router-002 and router-003 and verify CARP alias is configured.

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Skipped

Unit

No Test Coverage

Branch

role-router

Build Status

Buildable 6433
Build 6717: arc lint + arc unit

Event Timeline

yousra requested review of this revision.Mon, Mar 2, 15:52

yousra created this revision.

Harbormaster completed remote builds in B6387: Diff 10339.Mon, Mar 2, 15:52

yousra added a reviewer: dereckson.Mon, Mar 2, 15:54

yousra mentioned this in T2264: Implement CARP configuration for router-002 and router-003 .Mon, Mar 2, 16:01

Using a separate file like /etc/rc.conf.d/netif/carp keeps the CARP configuration isolated,
avoids modifying the main /etc/rc.conf, and makes the setup cleaner and safer.
It improves maintainability, reduces the risk of conflicts, and ensures a more modular infrastructure design.

Harbormaster completed remote builds in B6388: Diff 10340.Mon, Mar 2, 16:24

yousra edited the summary of this revision. (Show Details)Tue, Mar 3, 08:57

yousra added a task: T2264: Implement CARP configuration for router-002 and router-003 .

dereckson edited the summary of this revision. (Show Details)Wed, Mar 4, 07:14

dereckson edited the test plan for this revision. (Show Details)

dereckson retitled this revision from Add CARP configuration in role/router/carp/carp.sls to Add CARP configuration.

dereckson retitled this revision from Add CARP configuration to Configure CARP on routers.

Configuration logic. Looks good to me.

Style: tiny bits of styling comments to help to maintain the configuration.

roles/router/carp/carp.jinja
6 ↗	(On Diff #10340)	Move this file to a subdirectory Perhaps we can use "carp.rc" as filename, so we know it's to configure rc? .jinja extension is only useful to avoid linters on .sh .py etc. to analyse jinja templates as shell script or Python script. For configuration file, that's a problem we don't have Add here the path to that file Example of header: `# Source file: roles/router/carp/files/carp.rc` (so source_path won't be useful, as (1) currently, we can focus on FreeBSD-only for CARP implementation (2) other OS would have received another configuration file as source, so it would have received the source from that file)
9 ↗	(On Diff #10340)	You can merge the two blocks.
23 ↗	(On Diff #10340)	ops/secrets/ is addded automatically by credentials.get_password (that's the prefix shared by all the secrets provisioned through Salt).
29 ↗	(On Diff #10340)	Extra blank line, you can use pre-commit (`make` in your repository) to catch them.
roles/router/carp/carp.sls
8	One extra line

Added some changes :

no "ops/secrets/" because it is the prefixe for secrets that salt knows
no extrat blank line
Source file: roles/router/carp/files/carp.rc
carp.jinja ==> carp.rc into a new subfolder /files

Harbormaster completed remote builds in B6416: Diff 10371.Wed, Mar 4, 14:00

Changed the source path in carp.sls into : source: salt://roles/router/carp/files/carp.rc

Harbormaster completed remote builds in B6417: Diff 10372.Wed, Mar 4, 15:08

Fix : we need to use context to call the function get_carp_entries on carp.sls
in place of calling this function on the template carp.rc

Harbormaster completed remote builds in B6430: Diff 10387.Thu, Mar 5, 15:04

OK, nice work, ready.

We now need to indicate to Salt how to find carp unit if we do salt router-002 state.apply roles/router or salt router-002 state.highstate.

To include router role in the highstate
Declare the two new nodes in top.sls, and add router role there.

To fix router role logic

Include logic is currently:
(1) For roles/router, it reads roles/router/init.sls -> OK
(2) In roles/router/init.sls, it includes carp -> it will try to go in carp/init.sls

If you rename roles/router/carp/carp.sls to roles/router/carp/init.sls that works.

(If you needed a more complex logic, you could have created roles/router/carp/init.sls and do an include there, but for one file, init is enough.)

vmx0 is not always releated to the network intranought, so I add entry["interface_name"] = interface_name
in output of get_carp_entries(), so then in carp.rc the prefixe is based on that.

Harbormaster completed remote builds in B6433: Diff 10392.Sun, Mar 8, 13:55

Add routers on top.sls to be able to do a command like sudo salt 'router-002' state.apply roles/router

We must then fix role routeur logic by renaming roles/router/carp/carp.sls to roles/router/carp/init.sls that works.

Include logic is currently:
(1) For roles/router, it reads roles/router/init.sls -> OK
(2) In roles/router/init.sls, it includes carp -> it will try to go in carp/init.sls

Harbormaster completed remote builds in B6434: Diff 10393.Sun, Mar 8, 14:46