osism 0.20250621.0__py3-none-any.whl → 0.20250628.0__py3-none-any.whl

osism/commands/manage.py

@@ -1,5 +1,8 @@
 # SPDX-License-Identifier: Apache-2.0
 
+import json
+import os
+from datetime import datetime
 from re import findall
 from urllib.parse import urljoin
 
@@ -7,10 +10,12 @@ from cliff.command import Command
 import docker
 from jinja2 import Template
 from loguru import logger
+import paramiko
 import requests
 
 from osism.data import TEMPLATE_IMAGE_CLUSTERAPI, TEMPLATE_IMAGE_OCTAVIA
 from osism.tasks import openstack, ansible, handle_task
+from osism import utils
 
 SUPPORTED_CLUSTERAPI_K8S_IMAGES = ["1.31", "1.32", "1.33"]
 
@@ -384,3 +389,249 @@ class Dnsmasq(Command):
             )
 
         return handle_task(task, wait, format="log", timeout=300)
+
+
+class Sonic(Command):
+    def get_parser(self, prog_name):
+        parser = super(Sonic, self).get_parser(prog_name)
+        parser.add_argument(
+            "hostname", type=str, help="Hostname of the SONiC switch to manage"
+        )
+        parser.add_argument(
+            "--reload",
+            action="store_true",
+            help="Execute config reload after config load to restart services",
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        hostname = parsed_args.hostname
+        reload_config = parsed_args.reload
+        today = datetime.now().strftime("%Y%m%d")
+
+        try:
+            # Get device from NetBox - try by name first, then by inventory_hostname
+            device = utils.nb.dcim.devices.get(name=hostname)
+            if not device:
+                # Try to find by inventory_hostname custom field
+                devices = utils.nb.dcim.devices.filter(cf_inventory_hostname=hostname)
+                if devices:
+                    device = devices[0]  # Take the first match
+                    logger.info(f"Device found by inventory_hostname: {device.name}")
+                else:
+                    logger.error(
+                        f"Device {hostname} not found in NetBox (searched by name and inventory_hostname)"
+                    )
+                    return 1
+
+            # Get device configuration from local_context_data
+            if (
+                not hasattr(device, "local_context_data")
+                or not device.local_context_data
+            ):
+                logger.error(f"Device {hostname} has no local_context_data in NetBox")
+                return 1
+
+            config_context = device.local_context_data
+
+            # Save config context to local /tmp directory
+            config_context_file = f"/tmp/config_db_{hostname}_{today}.json"
+            try:
+                with open(config_context_file, "w") as f:
+                    json.dump(config_context, f, indent=2)
+                logger.info(f"Config context saved to {config_context_file}")
+            except Exception as e:
+                logger.error(f"Failed to save config context: {e}")
+                return 1
+
+            # Extract SSH connection details
+            ssh_host = None
+            ssh_username = None
+
+            # Try to get SSH details from config context
+            if "management" in config_context:
+                mgmt = config_context["management"]
+                if "ip" in mgmt:
+                    ssh_host = mgmt["ip"]
+                if "username" in mgmt:
+                    ssh_username = mgmt["username"]
+
+            # Fallback: try to get OOB IP from NetBox
+            if not ssh_host:
+                from osism.tasks.conductor.netbox import get_device_oob_ip
+
+                oob_result = get_device_oob_ip(device)
+                if oob_result:
+                    ssh_host = oob_result[0]
+
+            if not ssh_host:
+                logger.error(f"No SSH host found for device {hostname}")
+                return 1
+
+            if not ssh_username:
+                ssh_username = "admin"  # Default SONiC username
+
+            # SSH private key path
+            ssh_key_path = "/ansible/secrets/id_rsa.operator"
+
+            if not os.path.exists(ssh_key_path):
+                logger.error(f"SSH private key not found at {ssh_key_path}")
+                return 1
+
+            logger.info(
+                f"Connecting to {hostname} ({ssh_host}) to backup SONiC configuration"
+            )
+
+            # Create SSH connection
+            ssh = paramiko.SSHClient()
+            ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+            try:
+                # Connect with private key
+                ssh.connect(
+                    hostname=ssh_host,
+                    username=ssh_username,
+                    key_filename=ssh_key_path,
+                    timeout=30,
+                )
+
+                # Generate backup filename with date and increment on switch
+                base_backup_path = f"/home/admin/config_db_{hostname}_{today}"
+                backup_filename = f"{base_backup_path}_1.json"
+
+                # Find next available filename on switch
+                x = 1
+                while True:
+                    check_cmd = f"ls {base_backup_path}_{x}.json 2>/dev/null"
+                    stdin, stdout, stderr = ssh.exec_command(check_cmd)
+                    if stdout.read().decode().strip() == "":
+                        backup_filename = f"{base_backup_path}_{x}.json"
+                        break
+                    x += 1
+
+                logger.info(
+                    f"Backing up current configuration on switch to {backup_filename}"
+                )
+
+                # Backup current configuration on switch
+                backup_cmd = f"sudo cp /etc/sonic/config_db.json {backup_filename}"
+                stdin, stdout, stderr = ssh.exec_command(backup_cmd)
+                exit_status = stdout.channel.recv_exit_status()
+
+                if exit_status != 0:
+                    error_msg = stderr.read().decode()
+                    logger.error(
+                        f"Failed to backup configuration on switch: {error_msg}"
+                    )
+                    return 1
+
+                logger.info("Configuration backed up successfully on switch")
+
+                # Upload local config context to switch /tmp directory
+                switch_config_file = f"/tmp/config_db_{hostname}_current.json"
+                logger.info(
+                    f"Uploading config context to {switch_config_file} on switch"
+                )
+
+                # Use SFTP to upload the config context file
+                sftp = ssh.open_sftp()
+                try:
+                    sftp.put(config_context_file, switch_config_file)
+                    logger.info(
+                        f"Config context successfully uploaded to {switch_config_file} on switch"
+                    )
+                except Exception as e:
+                    logger.error(f"Failed to upload config context to switch: {e}")
+                    return 1
+                finally:
+                    sftp.close()
+
+                # Load and apply the new configuration
+                logger.info("Loading and applying new configuration on switch")
+
+                load_cmd = f"sudo config load -y {switch_config_file}"
+                stdin, stdout, stderr = ssh.exec_command(load_cmd)
+                exit_status = stdout.channel.recv_exit_status()
+
+                if exit_status != 0:
+                    error_msg = stderr.read().decode()
+                    logger.error(f"Failed to load configuration: {error_msg}")
+                    return 1
+
+                logger.info("Configuration loaded and applied successfully")
+
+                # Optionally reload configuration to restart services
+                config_operations_successful = True
+                if reload_config:
+                    logger.info("Reloading configuration to restart services")
+
+                    reload_cmd = "sudo config reload -y"
+                    stdin, stdout, stderr = ssh.exec_command(reload_cmd)
+                    exit_status = stdout.channel.recv_exit_status()
+
+                    if exit_status != 0:
+                        error_msg = stderr.read().decode()
+                        logger.error(f"Failed to reload configuration: {error_msg}")
+                        config_operations_successful = False
+                    else:
+                        logger.info("Configuration reloaded successfully")
+
+                # Save configuration only if load (and optionally reload) were successful
+                if config_operations_successful:
+                    logger.info("Saving configuration to persist changes")
+
+                    save_cmd = "sudo config save -y"
+                    stdin, stdout, stderr = ssh.exec_command(save_cmd)
+                    exit_status = stdout.channel.recv_exit_status()
+
+                    if exit_status != 0:
+                        error_msg = stderr.read().decode()
+                        logger.error(f"Failed to save configuration: {error_msg}")
+                        return 1
+
+                    logger.info("Configuration saved successfully")
+                else:
+                    logger.warning("Skipping config save due to reload failure")
+
+                # Delete the temporary configuration file
+                logger.info(f"Cleaning up temporary file {switch_config_file}")
+
+                delete_cmd = f"rm {switch_config_file}"
+                stdin, stdout, stderr = ssh.exec_command(delete_cmd)
+                exit_status = stdout.channel.recv_exit_status()
+
+                if exit_status != 0:
+                    error_msg = stderr.read().decode()
+                    logger.warning(f"Failed to delete temporary file: {error_msg}")
+                else:
+                    logger.info("Temporary file deleted successfully")
+
+                logger.info("SONiC configuration management completed successfully")
+                logger.info(f"- Config context saved locally to: {config_context_file}")
+                if reload_config and config_operations_successful:
+                    logger.info("- Configuration loaded, reloaded, and saved on switch")
+                elif config_operations_successful:
+                    logger.info("- Configuration loaded and saved on switch")
+                else:
+                    logger.info(
+                        "- Configuration loaded on switch (save skipped due to reload failure)"
+                    )
+                logger.info(f"- Backup created on switch: {backup_filename}")
+
+                return 0
+
+            except paramiko.AuthenticationException:
+                logger.error(f"Authentication failed for {ssh_host}")
+                return 1
+            except paramiko.SSHException as e:
+                logger.error(f"SSH connection failed: {e}")
+                return 1
+            except Exception as e:
+                logger.error(f"Unexpected error during SSH operations: {e}")
+                return 1
+            finally:
+                ssh.close()
+
+        except Exception as e:
+            logger.error(f"Error managing SONiC device {hostname}: {e}")
+            return 1

osism/commands/reconciler.py

@@ -38,13 +38,20 @@ class Sync(Command):
             type=int,
             help="Timeout for a scheduled task that has not been executed yet",
         )
+        parser.add_argument(
+            "--flush-cache",
+            default=False,
+            help="Flush cache before running sync",
+            action="store_true",
+        )
         return parser
 
     def take_action(self, parsed_args):
         wait = not parsed_args.no_wait
         task_timeout = parsed_args.task_timeout
+        flush_cache = parsed_args.flush_cache
 
-        t = reconciler.run.delay(publish=wait)
+        t = reconciler.run.delay(publish=wait, flush_cache=flush_cache)
         if wait:
             logger.info(
                 f"Task {t.task_id} (sync inventory) is running in background. Output coming soon."

osism/commands/validate.py

@@ -5,7 +5,7 @@ import argparse
 from cliff.command import Command
 from loguru import logger
 
-from osism.core.enums import VALIDATE_PLAYBOOKS
+from osism.data.enums import VALIDATE_PLAYBOOKS
 from osism.tasks import ansible, ceph, kolla
 from osism import utils
 

osism/tasks/conductor/ironic.py

@@ -235,23 +235,21 @@ def sync_ironic(request_id, get_ironic_parameters, force_update=False):
                     details=False, attributes=dict(node_uuid=node["uuid"])
                 )
                 # NOTE: Baremetal ports are only required for (i)pxe boot
-                if node["boot_interface"] in ["pxe", "ipxe"]:
-                    for port_attributes in ports_attributes:
-                        port_attributes.update({"node_id": node["uuid"]})
-                        port = [
-                            port
-                            for port in node_ports
-                            if port_attributes["address"].upper()
-                            == port["address"].upper()
-                        ]
-                        if not port:
-                            osism_utils.push_task_output(
-                                request_id,
-                                f"Creating baremetal port with MAC address {port_attributes['address']} for {device.name}\n",
-                            )
-                            openstack.baremetal_port_create(port_attributes)
-                        else:
-                            node_ports.remove(port[0])
+                for port_attributes in ports_attributes:
+                    port_attributes.update({"node_id": node["uuid"]})
+                    port = [
+                        port
+                        for port in node_ports
+                        if port_attributes["address"].upper() == port["address"].upper()
+                    ]
+                    if not port:
+                        osism_utils.push_task_output(
+                            request_id,
+                            f"Creating baremetal port with MAC address {port_attributes['address']} for {device.name}\n",
+                        )
+                        openstack.baremetal_port_create(port_attributes)
+                    else:
+                        node_ports.remove(port[0])
                 for node_port in node_ports:
                     # NOTE: Delete remaining ports not found in NetBox
                     osism_utils.push_task_output(

osism/tasks/conductor/sonic/config_generator.py

@@ -29,7 +29,6 @@ from .interface import (
 from .connections import (
     get_connected_interfaces,
     get_connected_device_for_sonic_interface,
-    get_device_bgp_neighbors_via_loopback,
 )
 from .cache import get_cached_device_interfaces
 
@@ -305,7 +304,7 @@ def _add_port_configurations(
         interface_speed = int(port_speed) if port_speed else None
         is_breakout_port = port_name in breakout_info["breakout_ports"]
         correct_alias = convert_sonic_interface_to_alias(
-            port_name, interface_speed, is_breakout_port
+            port_name, interface_speed, is_breakout_port, port_config
         )
 
         # Use master port index for breakout ports
@@ -457,7 +456,7 @@ def _add_missing_breakout_ports(
             # Generate correct alias (breakout port always gets subport notation)
             interface_speed = int(port_speed)
             correct_alias = convert_sonic_interface_to_alias(
-                port_name, interface_speed, is_breakout=True
+                port_name, interface_speed, is_breakout=True, port_config=port_config
             )
 
             # Use master port index for breakout ports
@@ -608,11 +607,6 @@ def _add_bgp_configurations(
             "v6only": "true",
         }
 
-    # Add additional BGP_NEIGHBOR configuration using Loopback0 IP addresses
-    _add_loopback_bgp_neighbors(
-        config, device, portchannel_info, connected_interfaces, device_as_mapping
-    )
-
 
 def _get_connected_device_for_interface(device, interface_name):
     """Get the connected device for a given interface name.
@@ -652,10 +646,40 @@ def _determine_peer_type(local_device, connected_device, device_as_mapping=None)
         connected_as = None
         if device_as_mapping and connected_device.id in device_as_mapping:
             connected_as = device_as_mapping[connected_device.id]
-        elif connected_device.primary_ip4:
-            connected_as = calculate_local_asn_from_ipv4(
-                str(connected_device.primary_ip4.address)
-            )
+        else:
+            # If connected device is not in device_as_mapping, check if it's a spine/superspine
+            # and calculate AS for its group
+            if connected_device.role and connected_device.role.slug in [
+                "spine",
+                "superspine",
+            ]:
+                # Import here to avoid circular imports
+                from .bgp import calculate_minimum_as_for_group
+                from .connections import find_interconnected_devices
+
+                # Get all devices to find the group
+                all_devices = list(
+                    utils.nb.dcim.devices.filter(role=["spine", "superspine"])
+                )
+                spine_groups = find_interconnected_devices(
+                    all_devices, ["spine", "superspine"]
+                )
+
+                # Find which group the connected device belongs to
+                for group in spine_groups:
+                    if any(dev.id == connected_device.id for dev in group):
+                        connected_as = calculate_minimum_as_for_group(group)
+                        if connected_as:
+                            logger.debug(
+                                f"Calculated AS {connected_as} for connected spine/superspine device {connected_device.name}"
+                            )
+                        break
+
+            # Fallback to calculating from IPv4 if still no AS
+            if not connected_as and connected_device.primary_ip4:
+                connected_as = calculate_local_asn_from_ipv4(
+                    str(connected_device.primary_ip4.address)
+                )
 
         # Compare AS numbers
         if local_as and connected_as and local_as == connected_as:
@@ -670,30 +694,91 @@ def _determine_peer_type(local_device, connected_device, device_as_mapping=None)
         return "external"  # Default to external on error
 
 
-def _add_loopback_bgp_neighbors(
-    config, device, portchannel_info, connected_interfaces, device_as_mapping=None
-):
-    """Add BGP_NEIGHBOR configuration using Loopback0 IP addresses from connected devices."""
+def _get_ntp_server_for_device(device):
+    """Get single NTP server IP for a SONiC device based on OOB connection to metalbox.
+
+    Returns the IP address of the metalbox device interface that is connected to the
+    OOB switch. If VLANs are used, returns the IP of the VLAN interface where the
+    SONiC switch management interface (eth0) has access.
+
+    Args:
+        device: SONiC device object
+
+    Returns:
+        str: IP address of the NTP server or None if not found
+    """
     try:
-        # Get BGP neighbors via loopback using the new connections module
-        bgp_neighbors = get_device_bgp_neighbors_via_loopback(
-            device, portchannel_info, connected_interfaces, config["PORT"]
-        )
+        # Get the OOB IP configuration for this SONiC device
+        oob_ip_result = get_device_oob_ip(device)
+        if not oob_ip_result:
+            logger.debug(f"No OOB IP found for device {device.name}")
+            return None
 
-        for neighbor_info in bgp_neighbors:
-            neighbor_key = f"default|{neighbor_info['ip']}"
+        oob_ip, prefix_len = oob_ip_result
+        logger.debug(f"Device {device.name} has OOB IP {oob_ip}/{prefix_len}")
 
-            # Determine peer_type based on AS comparison
-            peer_type = _determine_peer_type(
-                device,
-                neighbor_info["device"],
-                device_as_mapping,
-            )
+        # Find the network/subnet that contains this OOB IP
+        from ipaddress import IPv4Network, IPv4Address
+
+        device_network = IPv4Network(f"{oob_ip}/{prefix_len}", strict=False)
 
-            config["BGP_NEIGHBOR"][neighbor_key] = {"peer_type": peer_type}
+        # Get all metalbox devices
+        metalbox_devices = utils.nb.dcim.devices.filter(role="metalbox")
+
+        for metalbox in metalbox_devices:
+            logger.debug(f"Checking metalbox device {metalbox.name} for NTP server")
+
+            # Get all interfaces on this metalbox
+            interfaces = utils.nb.dcim.interfaces.filter(device_id=metalbox.id)
+
+            for interface in interfaces:
+                # Skip management-only interfaces
+                if hasattr(interface, "mgmt_only") and interface.mgmt_only:
+                    continue
+
+                # Check both physical interfaces and VLAN interfaces (SVIs)
+                # VLAN interfaces are typically named "Vlan123" for VLAN ID 123
+                is_vlan_interface = (
+                    hasattr(interface, "type")
+                    and interface.type
+                    and interface.type.value == "virtual"
+                    and interface.name.startswith("Vlan")
+                )
+
+                # Get IP addresses for this interface
+                ip_addresses = utils.nb.ipam.ip_addresses.filter(
+                    assigned_object_id=interface.id,
+                )
+
+                for ip_addr in ip_addresses:
+                    if ip_addr.address:
+                        # Extract IP address without prefix
+                        ip_only = ip_addr.address.split("/")[0]
+
+                        # Check if it's IPv4 and in the same network as the SONiC device
+                        try:
+                            metalbox_ip = IPv4Address(ip_only)
+                            if metalbox_ip in device_network:
+                                interface_type = (
+                                    "VLAN interface"
+                                    if is_vlan_interface
+                                    else "interface"
+                                )
+                                logger.info(
+                                    f"Found NTP server {ip_only} on metalbox {metalbox.name} "
+                                    f"{interface_type} {interface.name} for SONiC device {device.name}"
+                                )
+                                return ip_only
+                        except ValueError:
+                            # Skip non-IPv4 addresses
+                            continue
+
+        logger.warning(f"No suitable NTP server found for SONiC device {device.name}")
+        return None
 
     except Exception as e:
-        logger.warning(f"Could not process BGP neighbors for device {device.name}: {e}")
+        logger.warning(f"Could not determine NTP server for device {device.name}: {e}")
+        return None
 
 
 def _get_ntp_servers():
@@ -755,20 +840,27 @@ def _get_ntp_servers():
 
 
 def _add_ntp_configuration(config, device):
-    """Add NTP_SERVER configuration to device config."""
-    try:
-        ntp_servers = _get_ntp_servers()
+    """Add NTP_SERVER configuration to device config.
 
-        # Add NTP servers to this device's configuration
-        for ip, ntp_config in ntp_servers.items():
-            config["NTP_SERVER"][ip] = copy.deepcopy(ntp_config)
-
-        if ntp_servers:
-            logger.debug(
-                f"Added {len(ntp_servers)} NTP servers to device {device.name}"
+    Each SONiC switch gets exactly one NTP server - the IP address of the
+    metalbox device interface connected to the OOB switch.
+    """
+    try:
+        # Get the specific NTP server for this device
+        ntp_server_ip = _get_ntp_server_for_device(device)
+
+        if ntp_server_ip:
+            # Add single NTP server configuration
+            config["NTP_SERVER"][ntp_server_ip] = {
+                "maxpoll": "10",
+                "minpoll": "6",
+                "prefer": "false",
+            }
+            logger.info(
+                f"Added NTP server {ntp_server_ip} to SONiC device {device.name}"
             )
         else:
-            logger.debug(f"No NTP servers found for device {device.name}")
+            logger.warning(f"No NTP server found for SONiC device {device.name}")
 
     except Exception as e:
         logger.warning(f"Could not add NTP configuration to device {device.name}: {e}")

osism/tasks/conductor/sonic/constants.py

@@ -71,6 +71,7 @@ PORT_CONFIG_PATH = "/etc/sonic/port_config"
 
 # List of supported HWSKUs
 SUPPORTED_HWSKUS = [
+    "Accton-AS4625-54T",
     "Accton-AS5835-54T",
     "Accton-AS5835-54X",
     "Accton-AS7326-56X",