Merge branch 'devel' into vtep_diagnostic_eos_designs

aristanetworks · Nov 13, 2024 · 3342327 · 3342327
2 parents 38912f6 + 241b400
commit 3342327
Show file tree

Hide file tree

Showing 56 changed files with 296 additions and 188 deletions.
diff --git a/.github/requirements-ci.txt b/.github/requirements-ci.txt
@@ -1,7 +1,3 @@
 # Installing PyAVD from source.
 # The package path below is relative to the repo root and will only work if the pip install is executed from there.
-./python-avd
-# The -r path is relative to this file.
--r ../ansible_collections/arista/avd/requirements.txt
-# Needed for molecule
-jsonschema-rs>=0.24
+./python-avd[ansible-collection]
diff --git a/.github/workflows/new-cvp-integration.yml b/.github/workflows/new-cvp-integration.yml
@@ -6,6 +6,13 @@ on: workflow_dispatch
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref }}
+
+env:
+  # Set -vvv is ACTIONS_STEP_DEBUG is set
+  # Apparently it is set in secrets when running with debug
+  ANSIBLE_VERBOSITY: ${{ secrets.ACTIONS_STEP_DEBUG && 3 || 0 }}
+  AVD_NEVER_RUN_FROM_SOURCE: 1
+
 jobs:
   # ----------------------------------------------- #
   # CV INTEGRATION MOLECULE TEST FOR CV_WORKFLOW    #

diff --git a/.github/workflows/pull-request-management.yml b/.github/workflows/pull-request-management.yml
@@ -11,6 +11,7 @@ env:
   # Set -vvv is ACTIONS_STEP_DEBUG is set
   # Apparently it is set in secrets when running with debug
   ANSIBLE_VERBOSITY: ${{ secrets.ACTIONS_STEP_DEBUG && 3 || 0 }}
+  AVD_NEVER_RUN_FROM_SOURCE: 1
 
 jobs:
   file-changes:
@@ -111,7 +112,7 @@ jobs:
           python-version: ${{ matrix.python_version }}
       - name: 'Install Python requirements'
         run: |
-          pip install -r ansible_collections/arista/avd/requirements-dev.txt  -r ansible_collections/arista/avd/requirements.txt --upgrade
+          pip install -r .github/requirements-ci.txt -r ansible_collections/arista/avd/requirements-dev.txt --upgrade
 
   # ----------------------------------- #
   # EOS CLI CONFIG GEN MOLECULE
@@ -432,7 +433,7 @@ jobs:
             3.13
       - name: 'Install Python & Ansible requirements'
         run: |
-          pip install -r ansible_collections/arista/avd/requirements-dev.txt -r ansible_collections/arista/avd/requirements.txt --upgrade
+          pip install -r .github/requirements-ci.txt -r ansible_collections/arista/avd/requirements-dev.txt --upgrade
           ansible-galaxy collection install -r ansible_collections/arista/avd/collections.yml
       - name: 'Run ansible-test integration test cases'
         run: |

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -75,7 +75,7 @@ repos:
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.7.2
+    rev: v0.7.3
     hooks:
       # Run the linter.
       - id: ruff

diff --git a/ansible_collections/arista/avd/docs/contribution/development-tooling.md b/ansible_collections/arista/avd/docs/contribution/development-tooling.md
@@ -56,7 +56,7 @@ Developing with your local Python environment requires you to configure and inst
 Recommended steps with Python virtual environment:
 
 1. Create and activate a Python virtual environment.
-2. Install Python requirements located in the AVD repository: [requirements-dev.txt](https://github.com/aristanetworks/avd/blob/devel/ansible_collections/arista/avd/requirements-dev.txt) and [requirements.txt](https://github.com/aristanetworks/avd/blob/devel/ansible_collections/arista/avd/requirements.txt).
+2. Install Python requirements located in the AVD repository: [requirements-dev.txt](https://github.com/aristanetworks/avd/blob/devel/ansible_collections/arista/avd/requirements-dev.txt).
 
 !!! note
     Ensure the virtual environment is located outside of the AVD project directory.
@@ -72,7 +72,7 @@ source avd-venv/bin/activate
 # The installation _must_ be performed from the root of the cloned avd repository.
 cd avd
 # Requirements files are located in `ansible_collections/arista/avd` of the avd repository.
-pip3 install -r ansible_collections/arista/avd/requirements-dev.txt -r ansible_collections/arista/avd/requirements.txt --upgrade
+pip3 install -r ansible_collections/arista/avd/requirements-dev.txt --upgrade
 ```
 
 !!! note

diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe1.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe1.yml
@@ -241,9 +241,9 @@ router_ospf:
   - id: 10
     vrf: C1_VRF1
     passive_interface_default: true
-    router_id: 10.255.1.1
     no_passive_interfaces:
     - Ethernet3.10
+    router_id: 10.255.1.1
     redistribute:
       bgp:
         enabled: true

diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe2.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe2.yml
@@ -241,9 +241,9 @@ router_ospf:
   - id: 10
     vrf: C1_VRF1
     passive_interface_default: true
-    router_id: 10.255.1.2
     no_passive_interfaces:
     - Ethernet4.10
+    router_id: 10.255.1.2
     redistribute:
       bgp:
         enabled: true

diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe3.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe3.yml
@@ -236,9 +236,9 @@ router_ospf:
   - id: 10
     vrf: C1_VRF1
     passive_interface_default: true
-    router_id: 10.255.1.3
     no_passive_interfaces:
     - Ethernet2
+    router_id: 10.255.1.3
     redistribute:
       bgp:
         enabled: true

diff --git a/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md b/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md
@@ -8,6 +8,7 @@
   - [IP Domain-list](#ip-domain-list)
   - [Clock Settings](#clock-settings)
   - [NTP](#ntp)
+  - [System Control-Plane](#system-control-plane)
   - [Management SSH](#management-ssh)
   - [Management Tech-Support](#management-tech-support)
 - [CVX](#cvx)
@@ -153,6 +154,9 @@
 - [Virtual Source NAT](#virtual-source-nat)
   - [Virtual Source NAT Summary](#virtual-source-nat-summary)
   - [Virtual Source NAT Configuration](#virtual-source-nat-configuration)
+- [System L1](#system-l1)
+  - [Unsupported Interface Configurations](#unsupported-interface-configurations)
+  - [System L1 Device Configuration](#system-l1-device-configuration)
 - [Application Traffic Recognition](#application-traffic-recognition)
   - [Applications](#applications)
   - [Application Profiles](#application-profiles)
@@ -331,6 +335,48 @@ ntp server 20.20.20.1 key <removed>
 ntp server ie.pool.ntp.org iburst key <removed>
 ```
 
+### System Control-Plane
+
+#### TCP MSS Ceiling
+
+| Protocol | Segment Size |
+| -------- | -------------|
+| IPv4 | 1344 |
+| IPv6 | 1366 |
+
+#### Control-Plane Access-Groups
+
+| Protocol | VRF | Access-list |
+| -------- | --- | ------------|
+| IPv4 Ingress default | All | ingress_ipv4_acl |
+| IPv4 | default | acl4_1 |
+| IPv4 | red | acl4_2 |
+| IPv4 | red_1 | acl4_2 |
+| IPv4 | default | acl4_3 |
+| IPv6 Ingress default | All | ingress_ipv6_acl |
+| IPv6 | default | acl6_1 |
+| IPv6 | blue | acl6_2 |
+| IPv6 | blue_1 | acl6_2 |
+| IPv6 | default | acl6_3 |
+
+#### System Control-Plane Device Configuration
+
+```eos
+!
+system control-plane
+   tcp mss ceiling ipv4 1344 ipv6 1366
+   ip access-group ingress default ingress_ipv4_acl
+   ip access-group acl4_1 in
+   ip access-group acl4_3 vrf default in
+   ip access-group acl4_2 vrf red in
+   ip access-group acl4_2 vrf red_1 in
+   ipv6 access-group ingress default ingress_ipv6_acl
+   ipv6 access-group acl6_1 in
+   ipv6 access-group acl6_3 vrf default in
+   ipv6 access-group acl6_2 vrf blue in
+   ipv6 access-group acl6_2 vrf blue_1 in
+```
+
 ### Management SSH
 
 #### Authentication Settings
@@ -6123,6 +6169,24 @@ ipv6 address virtual source-nat vrf TEST_03 address 2001:db8:85a3::8a2e:370:7334
 ipv6 address virtual source-nat vrf TEST_04 address 2001:db8:85a3::8a2e:370:7335
 ```
 
+## System L1
+
+### Unsupported Interface Configurations
+
+| Unsupported Configuration | action |
+| ---------------- | -------|
+| Speed | warn |
+| Error correction | error |
+
+### System L1 Device Configuration
+
+```eos
+!
+system l1
+   unsupported speed action warn
+   unsupported error-correction action error
+```
+
 ## Application Traffic Recognition
 
 ### Applications

diff --git a/...lections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/system.md b/...lections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/system.md
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg
@@ -500,6 +500,10 @@ no sflow hardware acceleration module Linecard3
 !
 service unsupported-transceiver test dsafDSFfvadskjh3424
 !
+system l1
+   unsupported speed action warn
+   unsupported error-correction action error
+!
 tap aggregation
    mode exclusive profile tap-aggregation-extended
    encapsulation dot1br strip
@@ -3071,6 +3075,19 @@ mac access-list TEST4
    permit any 02:00:00:12:34:56 00:00:00:00:00:00
    deny any 02:00:00:ab:cd:ef 00:00:00:00:00:00
 !
+system control-plane
+   tcp mss ceiling ipv4 1344 ipv6 1366
+   ip access-group ingress default ingress_ipv4_acl
+   ip access-group acl4_1 in
+   ip access-group acl4_3 vrf default in
+   ip access-group acl4_2 vrf red in
+   ip access-group acl4_2 vrf red_1 in
+   ipv6 access-group ingress default ingress_ipv6_acl
+   ipv6 access-group acl6_1 in
+   ipv6 access-group acl6_3 vrf default in
+   ipv6 access-group acl6_2 vrf blue in
+   ipv6 access-group acl6_2 vrf blue_1 in
+!
 mac address-table notification host-flap logging
 mac address-table notification host-flap detection window 10
 mac address-table notification host-flap detection moves 2

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/system.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/system.cfg
diff --git a/...config_gen/inventory/host_vars/system.yml → ..._gen/inventory/host_vars/host1/system.yml b/...config_gen/inventory/host_vars/system.yml → ..._gen/inventory/host_vars/host1/system.yml
@@ -3,6 +3,7 @@ system:
     tcp_mss:
       ipv4: 1344
       ipv6: 1366
+    ipv4_access_group_ingress_default: ingress_ipv4_acl
     ipv4_access_groups:
       - acl_name: "acl4_1"
       - acl_name: "acl4_2"
@@ -11,6 +12,7 @@ system:
         vrf: red_1
       - acl_name: "acl4_3"
         vrf: default
+    ipv6_access_group_ingress_default: ingress_ipv6_acl
     ipv6_access_groups:
       - acl_name: "acl6_1"
       - acl_name: "acl6_2"

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.yml
@@ -85,7 +85,6 @@ test_hosts:
     spanning-tree-rapid-pvst:
     sync-e:
     tcam-profile:
-    system:
     terminattr-cloud:
     terminattr-extra-flags:
     terminattr-multi-cluster-certs:

diff --git a/...ista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER1.yml b/...ista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER1.yml
@@ -470,10 +470,10 @@ router_ospf:
   - id: 19
     vrf: TENANT_B_INTRA
     passive_interface_default: true
-    router_id: 10.123.1.0
     no_passive_interfaces:
     - Ethernet6.10
     max_lsa: 10000
+    router_id: 10.123.1.0
     redistribute:
       bgp:
         enabled: true

diff --git a/...ista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LER1.yml b/...ista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LER1.yml
@@ -583,10 +583,10 @@ router_ospf:
   - id: 99
     vrf: TENANT_B_WAN
     passive_interface_default: true
-    router_id: 192.168.48.4
     no_passive_interfaces:
     - Ethernet6.100
     max_lsa: 10000
+    router_id: 192.168.48.4
     redistribute:
       bgp:
         enabled: true