diff --git a/.github/changelog.sh b/.github/changelog.sh new file mode 100644 index 0000000..2d43826 --- /dev/null +++ b/.github/changelog.sh @@ -0,0 +1,435 @@ +#!/usr/bin/env zsh + +############################## +# CHANGELOG SCRIPT CONSTANTS # +############################## + +#* Holds the list of valid types recognized in a commit subject +#* and the display string of such type +local -A TYPES +TYPES=( + BUILD "Build system" + CHORE "Chore" + CI "CI" + CUT "Features removed" + DOC "Documentation" + FEAT "Features" + FIX "Bug fixes" + LICENSE "License update" + MAKE "Build system" + OPTIMIZE "Code optimization" + PERF "Performance" + REFACTOR "Code Refactoring" + REFORMAT "Code Reformating" + REVERT "Revert" + TEST "Testing" +) + +#* Types that will be displayed in their own section, +#* in the order specified here. +local -a MAIN_TYPES +MAIN_TYPES=(FEAT FIX PERF REFACTOR DOCS DOC) + +#* Types that will be displayed under the category of other changes +local -a OTHER_TYPES +OTHER_TYPES=(MAKE TEST STYLE CI OTHER) + +#* Commit types that don't appear in $MAIN_TYPES nor $OTHER_TYPES +#* will not be displayed and will simply be ignored. + + +############################ +# COMMIT PARSING UTILITIES # +############################ + +function parse-commit { + + # This function uses the following globals as output: commits (A), + # subjects (A), scopes (A) and breaking (A). All associative arrays (A) + # have $hash as the key. + # - commits holds the commit type + # - subjects holds the commit subject + # - scopes holds the scope of a commit + # - breaking holds the breaking change warning if a commit does + # make a breaking change + + function commit:type { + local commit_message="$1" + local type="$(sed -E 's/^([a-zA-Z_\-]+)(\(.+\))?!?: .+$/\1/' <<< "$commit_message"| tr '[:lower:]' '[:upper:]')" + # If $type doesn't appear in $TYPES array mark it as 'other' + if [[ -n "${(k)TYPES[(i)${type}]}" ]]; then + echo $type + else + echo other + fi + } + + function commit:scope { + local scope + + # Try to find scope in "type():" format + # Scope will be formatted in lower cases + scope=$(sed -nE 's/^[a-zA-Z_\-]+\((.+)\)!?: .+$/\1/p' <<< "$1") + if [[ -n "$scope" ]]; then + echo "$scope" | tr '[:upper:]' '[:lower:]' + return + fi + + # If no scope found, try to find it in ":" format + # Make sure it's not a type before printing it + scope=$(sed -nE 's/^([a-zA-Z_\-]+): .+$/\1/p' <<< "$1") + if [[ -z "${(k)TYPES[(i)$scope]}" ]]; then + echo "$scope" + fi + } + + function commit:subject { + # Only display the relevant part of the commit, i.e. if it has the format + # type[(scope)!]: subject, where the part between [] is optional, only + # displays subject. If it doesn't match the format, returns the whole string. + sed -E 's/^[a-zA-Z_\-]+(\(.+\))?!?: (.+)$/\2/' <<< "$1" + } + + # Return subject if the body or subject match the breaking change format + function commit:is-breaking { + local subject="$1" body="$2" message + + if [[ "$body" =~ "BREAKING CHANGE: (.*)" || \ + "$subject" =~ '^[^ :\)]+\)?!: (.*)$' ]]; then + message="${match[1]}" + # remove CR characters (might be inserted in GitHub UI commit description form) + message="${message//$'\r'/}" + # skip next paragraphs (separated by two newlines or more) + message="${message%%$'\n\n'*}" + # ... and replace newlines with spaces + echo "${message//$'\n'/ }" + else + return 1 + fi + } + + # Return truncated hash of the reverted commit + function commit:is-revert { + local subject="$1" body="$2" + + if [[ "$subject" = Revert* && \ + "$body" =~ "This reverts commit ([^.]+)\." ]]; then + echo "${match[1]:0:7}" + else + return 1 + fi + } + + # Parse commit with hash $1 + local hash="$1" subject body warning rhash + subject="$(command git show -s --format=%s $hash)" + body="$(command git show -s --format=%b $hash)" + + # Commits following Conventional Commits (https://www.conventionalcommits.org/) + # have the following format, where parts between [] are optional: + # + # type[(scope)][!]: subject + # + # commit body + # [BREAKING CHANGE: warning] + + # commits holds the commit type + commits[$hash]="$(commit:type "$subject")" + # scopes holds the commit scope + scopes[$hash]="$(commit:scope "$subject")" + # subjects holds the commit subject + subjects[$hash]="$(commit:subject "$subject")" + + # breaking holds whether a commit has breaking changes + # and its warning message if it does + if warning=$(commit:is-breaking "$subject" "$body"); then + breaking[$hash]="$warning" + fi + + # reverts holds commits reverted in the same release + if rhash=$(commit:is-revert "$subject" "$body"); then + reverts[$hash]=$rhash + fi +} + +############################# +# RELEASE CHANGELOG DISPLAY # +############################# + +function display-release { + + # This function uses the following globals: output, version, + # commits (A), subjects (A), scopes (A), breaking (A) and reverts (A). + # + # - output is the output format to use when formatting (raw|text|md) + # - version is the version in which the commits are made + # - commits, subjects, scopes, breaking, and reverts are associative arrays + # with commit hashes as keys + + # Remove commits that were reverted + local hash rhash + for hash rhash in ${(kv)reverts}; do + if (( ${+commits[$rhash]} )); then + # Remove revert commit + unset "commits[$hash]" "subjects[$hash]" "scopes[$hash]" "breaking[$hash]" + # Remove reverted commit + unset "commits[$rhash]" "subjects[$rhash]" "scopes[$rhash]" "breaking[$rhash]" + fi + done + + # If no commits left skip displaying the release + if (( $#commits == 0 )); then + return + fi + + ##* Formatting functions + + # Format the hash according to output format + # If no parameter is passed, assume it comes from `$hash` + function fmt:hash { + #* Uses $hash from outer scope + local hash="${1:-$hash}" + case "$output" in + raw) printf "$hash" ;; + text) printf "\e[33m$hash\e[0m" ;; # red + md) printf "[\`$hash\`](https://github.com/aristanetworks/ansible-avd/commit/$hash)" ;; + esac + } + + # Format headers according to output format + # Levels 1 to 2 are considered special, the rest are formatted + # the same, except in md output format. + function fmt:header { + local header="$1" level="$2" + case "$output" in + raw) + case "$level" in + 1) printf "$header\n$(printf '%.0s=' {1..${#header}})\n\n" ;; + 2) printf "$header\n$(printf '%.0s-' {1..${#header}})\n\n" ;; + *) printf "$header:\n\n" ;; + esac ;; + text) + case "$level" in + 1|2) printf "\e[1;4m$header\e[0m\n\n" ;; # bold, underlined + *) printf "\e[1m$header:\e[0m\n\n" ;; # bold + esac ;; + md) printf "$(printf '%.0s#' {1..${level}}) $header\n\n" ;; + esac + } + + function fmt:scope { + #* Uses $scopes (A) and $hash from outer scope + local scope="${1:-${scopes[$hash]}}" + + # Get length of longest scope for padding + local max_scope=0 padding=0 + for hash in ${(k)scopes}; do + max_scope=$(( max_scope < ${#scopes[$hash]} ? ${#scopes[$hash]} : max_scope )) + done + + # If no scopes, exit the function + if [[ $max_scope -eq 0 ]]; then + return + fi + + # Get how much padding is required for this scope + padding=$(( max_scope < ${#scope} ? 0 : max_scope - ${#scope} )) + padding="${(r:$padding:: :):-}" + + # If no scope, print padding and 3 spaces (equivalent to "[] ") + if [[ -z "$scope" ]]; then + printf "${padding} " + return + fi + + # Print [scope] + case "$output" in + raw|md) printf "[$scope]${padding} " ;; + text) printf "[\e[38;5;9m$scope\e[0m]${padding} " ;; # red 9 + esac + } + + # If no parameter is passed, assume it comes from `$subjects[$hash]` + function fmt:subject { + #* Uses $subjects (A) and $hash from outer scope + local subject="${1:-${subjects[$hash]}}" + + # Capitalize first letter of the subject + subject="${(U)subject:0:1}${subject:1}" + + case "$output" in + raw) printf "$subject" ;; + # In text mode, highlight (#) and dim text between `backticks` + text) sed -E $'s|#([0-9]+)|\e[32m#\\1\e[0m|g;s|`([^`]+)`|`\e[2m\\1\e[0m`|g' <<< "$subject" ;; + # In markdown mode, link to (#) issues + md) sed -E 's|#([0-9]+)|[#\1](https://github.com/aristanetworks/ansible-avd/issues/\1)|g' <<< "$subject" ;; + esac + } + + function fmt:type { + #* Uses $type from outer scope + local type="${1:-${TYPES[$type]:-${(C)type}}}" + [[ -z "$type" ]] && return 0 + case "$output" in + raw|md) printf "$type: " ;; + text) printf "\e[4m$type\e[24m: " ;; # underlined + esac + } + + ##* Section functions + + function display:version { + fmt:header "$version" 2 + } + + function display:breaking { + (( $#breaking != 0 )) || return 0 + + case "$output" in + raw) fmt:header "BREAKING CHANGES" 3 ;; + text|md) fmt:header "⚠ BREAKING CHANGES" 3 ;; + esac + + local hash subject + for hash message in ${(kv)breaking}; do + echo " - $(fmt:hash) $(fmt:scope)$(fmt:subject "${message}")" + done | sort + echo + } + + function display:type { + local hash type="$1" + + local -a hashes + hashes=(${(k)commits[(R)$type]}) + + # If no commits found of type $type, go to next type + (( $#hashes != 0 )) || return 0 + + fmt:header "${TYPES[$type]}" 3 + for hash in $hashes; do + echo " - $(fmt:hash) $(fmt:scope)$(fmt:subject)" + done | sort -k3 # sort by scope + echo + } + + function display:others { + local hash type + + # Commits made under types considered other changes + local -A changes + changes=(${(kv)commits[(R)${(j:|:)OTHER_TYPES}]}) + + # If no commits found under "other" types, don't display anything + (( $#changes != 0 )) || return 0 + + fmt:header "Other changes" 3 + for hash type in ${(kv)changes}; do + case "$type" in + other) echo " - $(fmt:hash) $(fmt:scope)$(fmt:subject)" ;; + *) echo " - $(fmt:hash) $(fmt:scope)$(fmt:type)$(fmt:subject)" ;; + esac + done | sort -k3 # sort by scope + echo + } + + ##* Release sections order + + # Display version header + display:version + + # Display breaking changes first + display:breaking + + # Display changes for commit types in the order specified + for type in $MAIN_TYPES; do + display:type "$type" + done + + # Display other changes + display:others +} + +function main { + # $1 = until commit, $2 = since commit + local until="$1" since="$2" + + # $3 = output format (--text|--raw|--md) + # --md: uses markdown formatting + # --raw: outputs without style + # --text: uses ANSI escape codes to style the output + local output=${${3:-"--text"}#--*} + + if [[ -z "$until" ]]; then + until=HEAD + fi + + if [[ -z "$since" ]]; then + # If $since is not specified: + # 1) try to find the version used before updating + # 2) try to find the first version tag before $until + since=$(command git config --get ansible-avd.lastVersion 2>/dev/null) || \ + since=$(command git describe --abbrev=0 --tags "$until^" 2>/dev/null) || \ + unset since + elif [[ "$since" = --all ]]; then + unset since + fi + + # Commit classification arrays + local -A commits subjects scopes breaking reverts + local truncate=0 read_commits=0 + local hash version tag + + # Get the first version name: + # 1) try tag-like version, or + # 2) try name-rev, or + # 3) try branch name, or + # 4) try short hash + version=$(command git describe --tags $until 2>/dev/null) \ + || version=$(command git name-rev --no-undefined --name-only --exclude="remotes/*" $until 2>/dev/null) \ + || version=$(command git symbolic-ref --quiet --short $until 2>/dev/null) \ + || version=$(command git rev-parse --short $until 2>/dev/null) + + # Get commit list from $until commit until $since commit, or until root + # commit if $since is unset, in short hash form. + # --first-parent is used when dealing with merges: it only prints the + # merge commit, not the commits of the merged branch. + command git rev-list --first-parent --abbrev-commit --abbrev=7 ${since:+$since..}$until | while read hash; do + # Truncate list on versions with a lot of commits + if [[ -z "$since" ]] && (( ++read_commits > 35 )); then + truncate=1 + break + fi + + # If we find a new release (exact tag) + if tag=$(command git describe --exact-match --tags $hash 2>/dev/null); then + # Output previous release + display-release + # Reinitialize commit storage + commits=() + subjects=() + scopes=() + breaking=() + reverts=() + # Start work on next release + version="$tag" + read_commits=1 + fi + + parse-commit "$hash" + done + + display-release + + if (( truncate )); then + echo " ...more commits omitted" + echo + fi +} + +# Use raw output if stdout is not a tty +if [[ ! -t 1 && -z "$3" ]]; then + main "$1" "$2" --raw +else + main "$@" +fi diff --git a/README.md b/README.md index a97848f..43122e6 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,8 @@ List of ansible roles & modules to integrate [__Arista AVD__](https://www.avd.sh ## List of available roles -- [__EOS Designs to Containerlab__](ansible_collections/titom73/avd_tools/roles/eos_designs_to_containerlab): Generate [containerlab](https://containerlab.srlinux.dev/) topology from Arista AVD eos_designs. +- [__EOS Designs to Containerlab__](ansible_collections/titom73/avd_tools/roles/avd_to_clab): Generate [containerlab](https://containerlab.srlinux.dev/) topology from Arista AVD eos_designs. +- [__iptables script to expose eAPI via a Jumphost__](ansible_collections/titom73/avd_tools/roles/eapi_jumphost): Role to generate an iptables script that expose Arista eAPI ports by using D-NAT. ## License diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/.travis.yml b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/README.md b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/defaults/main.yml b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/defaults/main.yml new file mode 100644 index 0000000..ce36c4c --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/defaults/main.yml @@ -0,0 +1,13 @@ +--- +# defaults file for eapi_jumphost + +eos_group: eos_devices + +# Ethernet Interface name to use +incoming_interface: "ens3" +eos_oob_interface: "ens4" + +# EAPI port to use as EOS destination +eapi_port: '443' + +iptables_script_name: "{{ inventory_dir }}/eapi.iptables.sh" \ No newline at end of file diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/handlers/main.yml b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/handlers/main.yml new file mode 100644 index 0000000..aceb661 --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for eapi_jumphost diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/meta/main.yml b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tasks/main.yml b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tasks/main.yml new file mode 100644 index 0000000..bc9c6ea --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# tasks file for eapi_jumphost +# tasks file for avd_to_containerlab +- name: Generate iptables configuration scrip + template: + src: expose_eapi.sh.j2 + dest: '{{ iptables_script_name }}' + delegate_to: localhost + run_once: true \ No newline at end of file diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/templates/expose_eapi.sh.j2 b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/templates/expose_eapi.sh.j2 new file mode 100644 index 0000000..509b226 --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/templates/expose_eapi.sh.j2 @@ -0,0 +1,37 @@ +#!/bin/bash + +echo "Jumphost Remote access configuration" + +_EAPI_PORT='{{ eapi_port }}' +_SRC_IF='{{ incoming_interface }}' +_DST_IF='{{ eos_oob_interface }}' + +echo '* Activate kernel routing' +sysctl -w net.ipv4.ip_forward=1 + +echo '* Flush Current IPTables settings' +iptables --flush +iptables --delete-chain +iptables --table nat --flush +iptables --table nat --delete-chain + +echo '* Activate default forwarding' + +iptables -P FORWARD ACCEPT +iptables -P INPUT ACCEPT +iptables -P OUTPUT ACCEPT + +echo '* Activate masquerading' + +iptables -t nat -A POSTROUTING -o {{ incoming_interface }} -j MASQUERADE +iptables -t nat -A POSTROUTING -o {{ eos_oob_interface }} -j MASQUERADE + +echo '* Activate eAPI forwarding with base port 800x' + +{% for host in groups[eos_group] %} +iptables -t nat -A PREROUTING -p tcp -i {{ incoming_interface }} --dport {{ hostvars[host]['ansible_port'] }} -j DNAT --to-destination {{ hostvars[host]['ansible_host'] }}:{{ eapi_port }} +{% endfor %} + +iptables -A FORWARD -p tcp -d 10.73.254.0/24 --dport ${_EAPI_PORT} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT + +echo "-> Configuration done" \ No newline at end of file diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tests/inventory b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tests/test.yml b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tests/test.yml new file mode 100644 index 0000000..aeebe36 --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - eapi_jumphost diff --git a/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/vars/main.yml b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/vars/main.yml new file mode 100644 index 0000000..1ee0a9a --- /dev/null +++ b/ansible_collections/titom73/avd_tools/roles/eapi_jumphost/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for eapi_jumphost