Feat(eos_designs): Support for L3 Inband ZTP (#4304)

Co-authored-by: Alexey Gorbunov <[email protected]>
Co-authored-by: Claus Holbech <[email protected]>

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-dualstack-ips.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-dualstack-ips
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 vlan 105
    name INBAND_MGMT
@@ -52,4 +58,7 @@ ip route 0.0.0.0/0 192.168.105.1
 !
 ipv6 route ::/0 2a00:105::1
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-dualstack-subnets.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-dualstack-subnets
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 vlan 104
    name INBAND_MGMT
@@ -52,4 +58,7 @@ ip route 0.0.0.0/0 192.168.104.1
 !
 ipv6 route ::/0 2a00:104::1
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-ip.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-ip
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 vlan 103
    name MYVLANNAME
@@ -49,4 +55,7 @@ interface Vlan103
    ip address 192.168.103.22/24
 no ip routing vrf MGMT
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-ipv6-only-vrf.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-ipv6-only-vrf
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 vlan 107
    name INBAND_MGMT
@@ -50,4 +56,7 @@ no ip routing vrf MGMT
 !
 ipv6 route vrf INBANDMGMT ::/0 2a00:107::1
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-ipv6-only.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-ipv6-only
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 vlan 106
    name INBAND_MGMT
@@ -49,4 +55,7 @@ no ip routing vrf MGMT
 !
 ipv6 route ::/0 2a00:106::1
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-mlag-a.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-mlag-a
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 no spanning-tree vlan-id 4094
 !
@@ -159,4 +165,7 @@ mlag configuration
 !
 ip route 0.0.0.0/0 192.168.101.21
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-mlag-b.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-mlag-b
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 no spanning-tree vlan-id 4094
 !
@@ -159,4 +165,7 @@ mlag configuration
 !
 ip route 0.0.0.0/0 192.168.101.21
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-parent-dualstack1.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-parent-dualstack1
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 no spanning-tree vlan-id 4093-4094
 !
@@ -222,6 +228,9 @@ mlag configuration
    reload-delay mlag 300
    reload-delay non-mlag 330
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 !

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-parent-dualstack2.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-parent-dualstack2
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 no spanning-tree vlan-id 4093-4094
 !
@@ -222,6 +228,9 @@ mlag configuration
    reload-delay mlag 300
    reload-delay non-mlag 330
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 !

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-parent-ipv6-1.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-parent-ipv6-1
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 no spanning-tree vlan-id 4093-4094
 !
@@ -196,6 +202,9 @@ mlag configuration
    reload-delay mlag 300
    reload-delay non-mlag 330
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 !

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-parent-ipv6-2.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-parent-ipv6-2
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 no spanning-tree vlan-id 4093-4094
 !
@@ -196,6 +202,9 @@ mlag configuration
    reload-delay mlag 300
    reload-delay non-mlag 330
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 !

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/inband-mgmt-parent-vrf.cfg

@@ -2,13 +2,19 @@
 no enable password
 no aaa root
 !
+daemon TerminAttr
+   exec /usr/bin/TerminAttr -cvaddr=apiserver.arista.io:443 -cvauth=token-secure,/tmp/cv-onboarding-token -cvvrf=MGMT -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent -taillogs
+   no shutdown
+!
 vlan internal order ascending range 1006 1199
 !
 transceiver qsfp default-mode 4x10G
 !
 service routing protocols model multi-agent
 !
 hostname inband-mgmt-parent-vrf
+ip name-server vrf MGMT 1.1.1.1
+ip name-server vrf MGMT 8.8.8.8
 !
 vlan 101
    name INBAND_MGMT
@@ -64,6 +70,13 @@ interface Port-Channel101
    port-channel lacp fallback individual
    port-channel lacp fallback timeout 30
 !
+interface Ethernet1
+   description P2P_inband-mgmt-spine1-ztp_Ethernet2
+   no shutdown
+   mtu 9214
+   no switchport
+   ip address 172.16.255.3/31
+!
 interface Ethernet21
    description INBAND-MGMT-SUBNET_Ethernet2
    no shutdown
@@ -151,6 +164,9 @@ ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
    seq 10 permit 10.0.255.0/24 eq 32
    seq 20 permit 10.0.254.0/24 eq 32
 !
+ntp server 2.2.2.55 prefer
+ntp server pool.ntp.org
+!
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 !
@@ -171,6 +187,12 @@ router bgp 65001
    neighbor IPv4-UNDERLAY-PEERS peer group
    neighbor IPv4-UNDERLAY-PEERS send-community
    neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000
+   neighbor 10.0.254.1 peer group EVPN-OVERLAY-PEERS
+   neighbor 10.0.254.1 remote-as 64999
+   neighbor 10.0.254.1 description inband-mgmt-spine1-ztp_Loopback0
+   neighbor 172.16.255.2 peer group IPv4-UNDERLAY-PEERS
+   neighbor 172.16.255.2 remote-as 64999
+   neighbor 172.16.255.2 description inband-mgmt-spine1-ztp_Ethernet2
    redistribute connected route-map RM-CONN-2-BGP
    !
    address-family evpn