Merge tag 'v0.14.3' into fork-on-premise

control-plane/roles/gardener/README.md

@@ -38,6 +38,7 @@ Check out the Gardener project for further documentation on [gardener.cloud](htt
 | gardener_kube_api_server_kubeconfig                    |           | The kubeconfig for the Gardener Kubernetes API (virtual garden apiserver)                                                                                                                                   |
 | gardener_kube_apiserver_kubeconfig_path                |           | The acts on multiple Kubernetes APIs, this is where it puts the kubeconfig of the Gardener Kubernetes API                                                                                                   |
 | gardener_local_tmp_dir                                 |           | The acts on multiple Kubernetes APIs, this is a local folder in the deployment container to store the kubeconfigs (ephemeral)                                                                               |
+| gardener_logging_enabled                               |           | Specifies whether the logging Gardener logging stack should be activated in the Gardenlet                                                                                                                   |
 
 ### Virtual Garden
 

control-plane/roles/gardener/defaults/main/gardener.yaml

@@ -110,3 +110,5 @@ gardener_shooted_seed_rollout_delay_minutes:
 gardener_kube_api_server_kubeconfig: "{{ 'garden-kube-apiserver' | kubeconfig_from_cert(gardener_kube_api_server_ca, gardener_kube_api_server_client_cert, gardener_kube_api_server_client_key, prepend_https=true) }}"
 gardener_kube_apiserver_kubeconfig_path: "{{ gardener_local_tmp_dir }}/garden-kube-apiserver-kubeconfig"
 gardener_local_tmp_dir: "{{ playbook_dir }}/.ansible/tmp"
+
+gardener_logging_enabled: false

control-plane/roles/gardener/templates/gardenlet-values.j2

@@ -22,8 +22,10 @@ config:
       # allow setting shoot ignore annotation:
       respectSyncPeriodOverwrite: {{ gardener_gardenlet_shoot_respect_sync_period_overwrite }}
 
+{% if gardener_logging_enabled %}
   logging:
     enabled: true
+{% endif %}
 
   seedConfig:
     apiVersion: core.gardener.cloud/v1beta1
@@ -81,4 +83,4 @@ imageVectorOverwrite: |
 {% if gardener_component_image_vector_overwrite %}
 componentImageVectorOverwrites: |
     {{ gardener_component_image_vector_overwrite | to_yaml | indent(width=4, first=false) }}
-{% endif %}
+{% endif %}

control-plane/roles/gardener/templates/managed-seed.j2

@@ -40,8 +40,11 @@ spec:
               visible: {{ gardener_shooted_seed.visible | default(true) }}
             shootDNS:
               enabled: true
+{% if gardener_logging_enabled %}
       logging:
         enabled: true
+{% endif %}
+
     deployment:
       image:
         pullPolicy: IfNotPresent

control-plane/roles/gardener/templates/networking-cilium/controller-deployment.yaml

@@ -1,11 +1,10 @@
 ---
-apiVersion: core.gardener.cloud/v1beta1
+apiVersion: core.gardener.cloud/v1
 kind: ControllerDeployment
 metadata:
   name: networking-cilium
-type: helm
-providerConfig:
-  chart: "{{ (lookup('url', 'https://raw.githubusercontent.com/' + gardener_networking_cilium_repo_ref + '/example/controller-registration.yaml', split_lines=False) | from_yaml_all | list)[0].providerConfig.chart }}"
+helm:
+  rawChart: "{{ (lookup('url', 'https://raw.githubusercontent.com/' + gardener_networking_cilium_repo_ref + '/example/controller-registration.yaml', split_lines=False) | from_yaml_all | list)[0].helm.rawChart }}"
   values:
     image:
       repository: "{{ gardener_networking_cilium_image_name }}"

control-plane/roles/gardener/templates/os-metal-extension/controller-deployment.yaml

@@ -3,7 +3,6 @@ apiVersion: core.gardener.cloud/v1
 kind: ControllerDeployment
 metadata:
   name: os-metal
-type: helm
 helm:
   rawChart: "{{ (lookup('url', 'https://raw.githubusercontent.com/metal-stack/os-metal-extension/' + gardener_os_controller_repo_ref + '/example/controller-registration.yaml', split_lines=False) | from_yaml_all | list)[0].helm.rawChart }}"
   values:

partition/roles/metal-core/templates/metal-core-env.j2

@@ -5,7 +5,6 @@ METAL_CORE_CIDR: "{{ metal_core_cidr }}"
 METAL_CORE_PARTITION_ID: "{{ metal_partition_id }}"
 METAL_CORE_RACK_ID: "{{ metal_core_rack_id }}"
 METAL_CORE_BIND_ADDRESS: 0.0.0.0
-METAL_CORE_SWITCH_TOPIC: "{{ metal_partition_id }}-switch"
 METAL_CORE_METAL_API_IP: "{{ metal_partition_metal_api_addr }}"
 METAL_CORE_METAL_API_PORT: "{{ metal_partition_metal_api_port }}"
 METAL_CORE_METAL_API_PROTOCOL: "{{ metal_partition_metal_api_protocol }}"

partition/roles/mgmt-server/README.md

@@ -16,7 +16,9 @@ Configures a server to act as management server for a metal-stack partition.
 | mgmt_server_nameservers               |           | the nameservers to use (default is dns0.eu).                                         |
 | mgmt_server_router_id                 | yes       | the router-id to use for routing.                                                    |
 | mgmt_server_spine_facing_interface    | yes       | the interface where the management spine is connected at the management server.      |
+| mgmt_server_metal_ssh_key_filename    |           | the filename of the private ssh key                                                  |
 | mgmt_server_metal_ssh_groups          |           | the ansible group to include into the ssh config                                     |
+| mgmt_server_metal_ssh_options         |           | the options to add globally to the ssh config                                        |
 | mgmt_server_metal_ssh_privkey         | yes       | the private SSH key of the `metal` admin user for connecting to the other components |
 | mgmt_server_metal_ssh_pubkey          | yes       | the public SSH key of the `metal` admin user for connecting to the other components  |
 | mgmt_server_preserve_dhcp_route       | no        | preserve the dhcp (default) route the mgmt server got from the mgmt firewall         |

partition/roles/mgmt-server/defaults/main.yaml

@@ -22,4 +22,5 @@ mgmt_server_frr_repo: frr-8
 mgmt_server_provide_default_route: false
 
 mgmt_server_metal_ssh_groups: "{{ groups.all }}"
+mgmt_server_metal_ssh_options: []
 mgmt_server_metal_ssh_key_filename: id_rsa

partition/roles/mgmt-server/templates/ssh_config.j2

@@ -1,3 +1,6 @@
+{% for option in mgmt_server_metal_ssh_options %}
+{{ option}}
+{% endfor %}
 {% for host in mgmt_server_metal_ssh_groups %}
 {% if hostvars[host].ansible_host is defined %}
 {% if hostvars[host].ansible_user is defined %}

partition/roles/sonic/templates/metal.yaml.j2

@@ -1,5 +1,6 @@
 #jinja2: lstrip_blocks: "False", trim_blocks: "False"
 ---
+{% set vrfs = [] %}
 DEVICE_METADATA:
   localhost:
     docker_routing_config_mode: "{{ sonic_docker_routing_config_mode }}"
@@ -78,6 +79,7 @@ INTERFACE:
     ipv6_use_link_local_only: enable
     {% endif %}
     {% if port.vrf is defined %}
+    {% set vrfs = vrfs.append(port.vrf) %}
     vrf_name: "{{ port.vrf }}"
     {% endif %}
   {% elif port.ips is defined %}
@@ -169,6 +171,7 @@ VLAN:
 VLAN_INTERFACE:
   {% for vlan in sonic_vlans %}
   {% if vlan.vrf is defined %}
+  {% set vrfs = vrfs.append(vlan.vrf) %}
   Vlan{{ vlan.id }}:
   {% if vlan.sag is defined and vlan.sag %}
     static_anycast_gateway: "true"
@@ -220,9 +223,11 @@ VXLAN_TUNNEL_MAP:
 
 VRF:
 {% endif %}
+{% set defined_vrfs = [] %}
 {% if sonic_interconnects is defined and sonic_interconnects|length > 0 %}
 {% for k, i in sonic_interconnects.items() %}
   {% if i.vrf is defined %}
+  {% set defined_vrfs = defined_vrfs.append(i.vrf) %}
   {% if i.vni is defined %}
   {{ i.vrf }}:
     vni: "{{ i.vni }}"
@@ -232,6 +237,10 @@ VRF:
   {% endif %}
 {% endfor %}
 {% endif %}
+{% set vrfs_to_add = vrfs | difference(defined_vrfs) | unique %}
+{% for vrf in vrfs_to_add %}
+  {{ vrf }}: {}
+{% endfor %}
 {% if sonic_lldp_hello_timer is defined %}
 
 LLDP:

partition/roles/sonic/test/data/exit/input.yaml

@@ -15,6 +15,9 @@ sonic_ports_dict:
     vrf: VrfMpls
     ips:
     - 10.0.0.2/32
+  Ethernet1:
+    speed: 10000
+    vrf: VrfStorage
 # spine uplinks
   Ethernet112:
   Ethernet116:
@@ -75,7 +78,9 @@ sonic_bgp_ports:
 
 sonic_vlans:
 - id: 4000
-  vrf: vrfMpls
+  vrf: VrfMpls
+- id: 4001
+  vrf: VrfTest
 
 sonic_vteps:
 - comment: MPLS

partition/roles/sonic/test/data/exit/metal.yaml

@@ -38,6 +38,8 @@ INTERFACE:
   Ethernet0:
     vrf_name: "VrfMpls"
   Ethernet0|10.0.0.2/32: {}
+  Ethernet1:
+    vrf_name: "VrfStorage"
   Ethernet112:
     ipv6_use_link_local_only: enable
   Ethernet116:
@@ -70,6 +72,8 @@ PORT:
     parent_port: Ethernet0
     admin_status: up
     speed: "10000"
+    mtu: "9216"
+    fec: none
   Ethernet2:
     alias: Eth1/3(Port1)
     autoneg: "off"
@@ -110,10 +114,14 @@ PORT:
 VLAN:
   Vlan4000:
     vlanid: 4000
+  Vlan4001:
+    vlanid: 4001
 
 VLAN_INTERFACE:
   Vlan4000:
-    vrf_name: "vrfMpls"
+    vrf_name: "VrfMpls"
+  Vlan4001:
+    vrf_name: "VrfTest"
 
 VLAN_MEMBER:
 
@@ -134,6 +142,8 @@ VXLAN_TUNNEL_MAP:
 VRF:
   VrfMpls:
     vni: "104000"
+  VrfStorage: {}
+  VrfTest: {}
 
 LLDP:
   Global:

partition/roles/systemd-networkd/tasks/main.yaml

@@ -52,6 +52,13 @@
   loop_control:
     index_var: i
 
+- name: Update ansible facts
+  setup:
+
+- name: Reboot if interfaces were not renamed successfully
+  reboot:
+  when: "(systemd_networkd_nics | map(attribute='name')) is not subset(ansible_facts.interfaces)"
+
 - name: Render systemd-networkd vlan netdev config
   template:
     src: vlan.netdev.j2

partition/roles/systemd-networkd/templates/vlan.network.j2

@@ -5,5 +5,7 @@ Type=vlan
 [Link]
 MTUBytes={{ item.mtu | default(systemd_networkd_mtu) }}
 
+{% if item.address is defined %}
 [Network]
 Address={{ item.address }}
+{% endif %}