Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only add no bgp enforce-first-as on frr >= 10 #194

Merged
merged 2 commits into from
Jan 15, 2025
+70 −9
Merged

Only add no bgp enforce-first-as on frr >= 10 #194

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0a83a82
Only add no bgp enforce-first-as on frr >= 10
majst01 Jan 15, 2025
5df4970
Pin metal-networker
majst01 Jan 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion controllers/firewall_controller.go
View file
Original file line number Diff line number Diff line change
@@ -9,6 +9,7 @@ import (
"strings"
"time"

"github.com/Masterminds/semver/v3"
"github.com/go-logr/logr"
mn "github.com/metal-stack/metal-lib/pkg/net"
corev1 "k8s.io/api/core/v1"
@@ -49,6 +50,8 @@ type FirewallReconciler struct {
recordFirewallEvent func(f *firewallv2.Firewall, eventtype, reason, message string)

SeedUpdatedFunc func()

FrrVersion *semver.Version
}

const (
@@ -115,7 +118,7 @@ func (r *FirewallReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
r.Log.Info("reconciling network settings")

var errs []error
changed, err := network.ReconcileNetwork(f)
changed, err := network.ReconcileNetwork(f, r.FrrVersion)
if changed && err == nil {
r.recordFirewallEvent(f, corev1.EventTypeNormal, "Network settings", "reconciliation succeeded (frr.conf)")
} else if changed && err != nil {
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -5,6 +5,7 @@ go 1.23.0
toolchain go1.23.4

require (
github.com/Masterminds/semver/v3 v3.3.1
github.com/coreos/go-systemd/v22 v22.5.0
github.com/fatih/color v1.18.0
github.com/go-logr/logr v1.4.2
@@ -14,7 +15,7 @@ require (
github.com/metal-stack/firewall-controller-manager v0.4.3
github.com/metal-stack/metal-go v0.39.4
github.com/metal-stack/metal-lib v0.19.0
github.com/metal-stack/metal-networker v0.46.0
github.com/metal-stack/metal-networker v0.46.1
github.com/metal-stack/v v1.0.3
github.com/miekg/dns v1.1.62
github.com/txn2/txeh v1.5.5
@@ -31,7 +32,6 @@ require (
replace k8s.io/apimachinery => k8s.io/apimachinery v0.29.3

require (
github.com/Masterminds/semver/v3 v3.3.1 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
@@ -117,8 +117,8 @@ github.com/metal-stack/metal-hammer v0.13.10 h1:p1L2rGeABbjv8jRnua7dYF8nDjLZ+Boh
github.com/metal-stack/metal-hammer v0.13.10/go.mod h1:cOdArIOW1VBICPX3dlpyg1Wf3PsMeGjyw7mJJmCTqeU=
github.com/metal-stack/metal-lib v0.19.0 h1:4yBnp/jPGgX9KeCje3A4MFL2oDjgjOjgsIK391LltRI=
github.com/metal-stack/metal-lib v0.19.0/go.mod h1:fCMaWwVGA/xAoGvBk72/nfzqBkHly0iOzrWpc55Fau4=
github.com/metal-stack/metal-networker v0.46.0 h1:fRC+LHRWvvYK9ernI6Wasr9wPseVS1s9q7PAVV3JZKc=
github.com/metal-stack/metal-networker v0.46.0/go.mod h1:C2bsFq4o6p6GwGS2j14/r+nwKGpGSl3uIISzPrhO8+A=
github.com/metal-stack/metal-networker v0.46.1 h1:X4UKEom7ZU9sY0ndrqWhtfUDR0jShGauCpBXVSzAocY=
github.com/metal-stack/metal-networker v0.46.1/go.mod h1:FyG88QowtyZ7J2bBf36HRZsdm7JK1HCNVNrCMU7THQA=
github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs=
github.com/metal-stack/v v1.0.3/go.mod h1:YTahEu7/ishwpYKnp/VaW/7nf8+PInogkfGwLcGPdXg=
github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
13 changes: 11 additions & 2 deletions main.go
View file
Original file line number Diff line number Diff line change
@@ -29,6 +29,7 @@ import (

firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1"
"github.com/metal-stack/firewall-controller/v2/controllers"
"github.com/metal-stack/firewall-controller/v2/pkg/frr"
"github.com/metal-stack/firewall-controller/v2/pkg/sysctl"
"github.com/metal-stack/firewall-controller/v2/pkg/updater"
// +kubebuilder:scaffold:imports
@@ -211,8 +212,6 @@ func main() {
panic(err)
}

updater := updater.New(ctrl.Log.WithName("updater"), shootMgr.GetEventRecorderFor("FirewallController"))

fwmReconciler := &controllers.FirewallMonitorReconciler{
ShootClient: shootMgr.GetClient(),
Log: ctrl.Log.WithName("controllers").WithName("FirewallMonitorReconciler"),
@@ -222,6 +221,15 @@ func main() {
Namespace: firewallv2.FirewallShootNamespace,
}

frrVersion, err := frr.DetectVersion()
if err != nil {
l.Error("frr version detection", "error", err)
panic(err)
}
l.Info("detected frr", "version", frrVersion.String())

updater := updater.New(ctrl.Log.WithName("updater"), shootMgr.GetEventRecorderFor("FirewallController"))

// Firewall Reconciler
if err = (&controllers.FirewallReconciler{
SeedClient: seedMgr.GetClient(),
@@ -234,6 +242,7 @@ func main() {
Updater: updater,
SeedUpdatedFunc: fwmReconciler.SeedUpdated,
TokenUpdater: accessTokenUpdater,
FrrVersion: frrVersion,
}).SetupWithManager(seedMgr); err != nil {
l.Error("unable to create firewall controller", "error", err)
panic(err)
48 changes: 48 additions & 0 deletions pkg/frr/frr.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package frr

import (
"fmt"
"os/exec"
"strings"

"github.com/Masterminds/semver/v3"
)

func DetectVersion() (*semver.Version, error) {

vtysh, err := exec.LookPath("vtysh")
if err != nil {
return nil, fmt.Errorf("unable to detect path to vtysh: %w", err)
}
// $ vtysh -c "show version"|grep FRRouting
// FRRouting 10.2.1 (shoot--pz9cjf--mwen-fel-firewall-dcedd) on Linux(6.6.60-060660-generic).
c := exec.Command(vtysh, "-c", "show version")
out, err := c.CombinedOutput()
if err != nil {
return nil, fmt.Errorf("unable to detect frr version with dpkg: %w", err)
}

var frrVersion string
for _, line := range strings.Split(string(out), "\n") {
if !strings.Contains(line, "FRRouting") {
continue
}

fields := strings.Fields(line)
if len(fields) < 2 {
continue
}

frrVersion = fields[1]
break
}
if frrVersion == "" {
return nil, fmt.Errorf("unable to detect frr version")
}

ver, err := semver.NewVersion(frrVersion)
if err != nil {
return nil, fmt.Errorf("unable to parse frr version to semver: %w", err)
}
return ver, nil
}
5 changes: 3 additions & 2 deletions pkg/network/network.go
View file
Original file line number Diff line number Diff line change
@@ -6,6 +6,7 @@ import (
"os"
"path/filepath"

"github.com/Masterminds/semver/v3"
firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2"
"github.com/metal-stack/metal-go/api/models"
"github.com/metal-stack/metal-networker/pkg/netconf"
@@ -55,7 +56,7 @@ func GetNewNetworks(f *firewallv2.Firewall, oldNetworks []*models.V1MachineNetwo

// ReconcileNetwork reconciles the network settings for a firewall
// Changes both the FRR-Configuration and Nftable rules when network prefixes or FRR template changes
func ReconcileNetwork(f *firewallv2.Firewall) (changed bool, err error) {
func ReconcileNetwork(f *firewallv2.Firewall, frrVersion *semver.Version) (changed bool, err error) {
tmpFile, err := tmpFile(frrConfig)
if err != nil {
return false, fmt.Errorf("error during network reconciliation %v: %w", tmpFile, err)
@@ -70,7 +71,7 @@ func ReconcileNetwork(f *firewallv2.Firewall) (changed bool, err error) {
}
c.Networks = GetNewNetworks(f, c.Networks)

a := netconf.NewFrrConfigApplier(netconf.Firewall, *c, tmpFile)
a := netconf.NewFrrConfigApplier(netconf.Firewall, *c, tmpFile, frrVersion)
tpl := netconf.MustParseTpl(netconf.TplFirewallFRR)

changed, err = a.Apply(*tpl, tmpFile, frrConfig, true)