ps1sonic project
- Shell 91.3%
- Dockerfile 8.7%
481656f36a
vm/sonic-vs.sh: rootless qemu+KVM harness for the official sonic-vs image
(download/start/wait/ssh/console/status/stop/reset), qcow2 overlay,
user-net SSH fwd to 127.0.0.1:5022. Inventory group sonic_vs (child of
sonic) + host_vars example.
Validated all playbooks against a live sonic-vs (SONiC.master.1127735,
Force10-S6000, 32 ports). Fixes from real CLI behaviour:
- sonic_config: idempotent hostname (compare current) and NTP (check
NTP_SERVER table); DNS guard matches 'already configured'
- sonic_interfaces: set description via CONFIG_DB (no 'config interface
description' on this build); idempotent admin state via admin_status
- sonic_vlan: strip L3 router-interface config from member ports before
'vlan member add' (sonic_vlan_force_l2), fixing 'is a router interface!'
config.yml + bootstrap.yml now converge: repeat runs change only 'config save'.
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| install-server | ||
| inventory | ||
| playbooks | ||
| roles | ||
| vm | ||
| .gitignore | ||
| ansible.cfg | ||
| README.md | ||
| requirements.yml | ||
ps1sonic
Ansible automation for SONiC (Software for Open Networking in the Cloud) on ONIE-based Broadcom whitebox switches, plus a podman-based ONIE install server (TFTP + HTTP) for bare-metal provisioning. Runs from ps1raf.
Layout
install-server/ Podman quadlets: TFTP (dnsmasq) + HTTP (nginx) for ONIE installs
deploy.sh Build image + (re)deploy both services
ansible.cfg Ansible config (inventory, ssh tuning)
requirements.yml Galaxy collections
inventory/
hosts.yml Switch inventory (EDIT: real mgmt IPs)
group_vars/ all.yml (install-server URLs), sonic.yml (connection + base config)
host_vars/ per-switch interfaces/VLANs (see leaf01.yml.example)
roles/
sonic_facts read version / platform / hostname
sonic_config hostname, mgmt IP, DNS, NTP
sonic_interfaces Ethernet description / speed / admin / L3 IP
sonic_vlan VLAN create + members + SVI
sonic_image in-NOS upgrade via sonic-installer
sonic_save config save -y (+ optional backup)
onie_stage stage a .bin on the install server (local)
playbooks/
ping.yml reachability/login check
facts.yml gather SONiC facts
onie-install.yml stage image + print ONIE install command
bootstrap.yml first-boot: hostname/mgmt/DNS/NTP + save
config.yml interfaces + VLANs + save
upgrade.yml rolling in-NOS image upgrade
Connection model
Community SONiC switches are managed over plain SSH as the admin user
(passwordless sudo) using the native SONiC CLI (config, show, sonic-cfggen,
sonic-installer) — works on any SONiC build regardless of ASIC. For Enterprise
SONiC you can instead enable the dellemc.enterprise_sonic collection in
requirements.yml.
Store the switch password in an Ansible vault, never in plaintext:
ansible-vault create inventory/group_vars/sonic_vault.yml # ansible_password: ...
Quick start
# 0. one-time: collections
ansible-galaxy collection install -r requirements.yml -p collections
# 1. install server (TFTP udp/69 + HTTP 8069)
cd install-server && ./deploy.sh && cd ..
# 2. stage a SONiC image + get the ONIE install command
ansible-playbook playbooks/onie-install.yml -e onie_image_src=/path/sonic-broadcom.bin
# 3. on each switch, from the ONIE prompt:
# onie-nos-install http://192.168.9.116:8069/sonic-broadcom.bin
# 4. after SONiC boots — edit inventory/hosts.yml with real IPs, then:
ansible-playbook playbooks/ping.yml
ansible-playbook playbooks/bootstrap.yml
ansible-playbook playbooks/config.yml # needs host_vars
ansible-playbook playbooks/upgrade.yml -e sonic_do_upgrade=true # later upgrades
ONIE install server
See install-server/README.md. TFTP udp/69
(host-net dnsmasq, no DHCP/DNS) + HTTP :8069 (nginx). Hosted on
192.168.9.116 (ps1raf). Forgejo: https://ps1raf.tn.ps1.at:3300/raf/ps1sonic.