From d7127aaa6d5311e67505d84445cd59d84a2e888d Mon Sep 17 00:00:00 2001 From: acichon Date: Tue, 21 May 2024 21:37:44 +0200 Subject: [PATCH 01/11] release preparation --- .github/workflows/galaxy-importer.yml | 59 ++++++++++++++++++++++ .github/workflows/linters.yml | 43 ++++++++++++++++ .github/workflows/release-from-tag.yml | 70 ++++++++++++++++++++++++++ .pre-commit-config.yaml | 18 +++++++ README.md | 26 +++++++--- galaxy.yml | 29 +++++++++++ meta/runtime.yml | 3 ++ 7 files changed, 241 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/galaxy-importer.yml create mode 100644 .github/workflows/linters.yml create mode 100644 .github/workflows/release-from-tag.yml create mode 100644 .pre-commit-config.yaml create mode 100644 galaxy.yml create mode 100644 meta/runtime.yml diff --git a/.github/workflows/galaxy-importer.yml b/.github/workflows/galaxy-importer.yml new file mode 100644 index 0000000..29a959c --- /dev/null +++ b/.github/workflows/galaxy-importer.yml @@ -0,0 +1,59 @@ +# Its role is to performe the same checks that would be performed when publishing to galaxy +# Running them earlier helps to detect issues locally + +name: galaxy-importer + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + pull_request: + branches: + - main + +jobs: + galaxy-importer: + runs-on: + - ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Get collection namespace and name from galaxy.yml + id: collection-name + run: | + NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then + echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml" + exit 1 + fi + echo "Collection namespace is $NAMESPACE" + echo "Collection name is $NAME" + echo "Collection version is $VERSION" + echo "COLLECTION_NAMESPACE=$NAMESPACE" >> $GITHUB_ENV + echo "COLLECTION_NAME=$NAME" >> $GITHUB_ENV + echo "COLLECTION_VERSION=$VERSION" >> $GITHUB_ENV + + - name: Install Ansible and importer + run: | + pip install ansible==9.4.0 + pip install ansible-importer + pip install galaxy-importer + + - name: Build and install the collection + run: | + ansible-galaxy collection build $GITHUB_WORKSPACE --force + ansible-galaxy collection install $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz + + - name: Run ac-galaxy-importer + run: | + python -m galaxy_importer.main $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml new file mode 100644 index 0000000..d4ab32c --- /dev/null +++ b/.github/workflows/linters.yml @@ -0,0 +1,43 @@ +name: Static Code Analyzer + +on: + pull_request: + + push: + branches: + - main + +jobs: + analyze-code: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ['3.10'] + defaults: + run: + shell: sh + + steps: + - name: Check out the repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - uses: isort/isort-action@master + with: + requirementsFiles: "requirements.txt" + + - name: Run check-yaml, end-of-file-fixer, trailing-whitespace + uses: pre-commit/action@v3.0.0 + + - name: Run ansible-lint + uses: ansible/ansible-lint@main + + - name: Install detect-secrets + run: pip install detect-secrets==1.4.0 + + - name: Run detect-secrets + run: detect-secrets scan \ No newline at end of file diff --git a/.github/workflows/release-from-tag.yml b/.github/workflows/release-from-tag.yml new file mode 100644 index 0000000..65ab392 --- /dev/null +++ b/.github/workflows/release-from-tag.yml @@ -0,0 +1,70 @@ +name: Release to ansible-galaxy from tag + +on: + push: + tags: + - 'v*.*.*' + +jobs: + publish-release: + runs-on: + - ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Get collection version from galaxy.yml + id: collection-version + run: | + NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then + echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml" + exit 1 + fi + echo "Collection namespace is $NAMESPACE" + echo "Collection name is $NAME" + echo "Collection version is $VERSION" + echo "AC_NAMESPACE=$NAMESPACE" >> "$GITHUB_ENV" + echo "AC_NAME=$NAME" >> "$GITHUB_ENV" + echo "AC_VERSION=$VERSION" >> "$GITHUB_ENV" + + - name: Get Git tag + id: git-tag + run: | + TAG=${GITHUB_REF#refs/tags/} + echo "Git tag is $TAG" + echo "GIT_TAG=$TAG" >> "$GITHUB_ENV" + + - name: Compare collection version and Git tag + shell: bash + run: | + if [[ "v$AC_VERSION" == "$GIT_TAG" ]]; then + echo "The collection version matches the Git tag." + else + echo "Error: The collection version ($AC_VERSION) does not match the Git tag ($GIT_TAG)." + exit 1 + fi + + - name: Install Ansible + run: | + pip install ansible==9.4.0 + + - name: Build collection + run: | + ansible-galaxy collection build $GITHUB_WORKSPACE --force + + - name: Check collection install locally to verify tar.gz correctness + run: | + ansible-galaxy collection install $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz + + - name: Publish Collection to Ansible-Galaxy + run: | + ansible-galaxy collection publish $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz --api-key "${{ secrets.ANSIBLE_GALAXY_API_KEY }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..26c5838 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,18 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: check-yaml + - id: end-of-file-fixer + - id: trailing-whitespace + + - repo: https://github.com/ansible-community/ansible-lint.git + rev: v24.2.1 # latest release tag from https://github.com/ansible-community/ansible-lint/releases/ + hooks: + - id: ansible-lint + files: \.(yaml|yml)$ + + - repo: https://github.com/Yelp/detect-secrets + rev: v1.4.0 + hooks: + - id: detect-secrets diff --git a/README.md b/README.md index 71fd1d8..01cb9da 100644 --- a/README.md +++ b/README.md @@ -22,14 +22,16 @@ Let users to fully deploy, onboard and upgrade their SD-WAN topology. ## Table of Contents - [Overview](#overview) -- [Prerequisites](#prerequisites) -- [Installation](#installation) -- [Usage](#usage) +- [Requirements](#requirements) +- [Installing this collection](#installing-this-collection) +- [Using this collection](#using-this-collection) - [Troubleshooting](#troubleshooting) - [Containerized variant WIP](#containerized-variant-wip) +- [Contributing](#contributing) - [Useful links and Getting Started](#useful-links-and-getting-started) - [License](#license) -- [Contributing](#contributing) +- [Code of Conduct](#code-of-conduct) +- [Releasing, Versioning and Depracation](#releasing-versioning-and-deprecation) --- @@ -44,7 +46,7 @@ By leveraging these Ansible resources, [ansible-collection-sdwan](https://github [ansible-collection-sdwan](https://github.com/cisco-open/ansible-collection-sdwan) illustrates the power of Ansible's modularity and the significant benefits of using roles, custom modules, and collections for automating network operations. It stands as an indispensable resource for organizations looking to implement Infrastructure as Code (IaC) within their network infrastructure and embrace a more agile and DevOps-oriented approach to network management. -## Prerequisites +## Requirements This project utilizes a tech stack that includes Python, Ansible (and Ansible Galaxy), AWS cloud (Boto/Boto3, authentication with AWS CLI) Azure cloud (ansible azure collection) and finally Cisco SD-WAN. @@ -90,7 +92,7 @@ Current version of the full workflow for bringup SD-WAN assumes that users are f --- -## Installation +## Installing this collection With supported version of Python (>=3.10) installed, you can first set up your environment with: @@ -126,7 +128,7 @@ If playbook finished without any failed tasks, environment is ready for next tas If requirements have been installed and tasks returned information about missing packages, please see [Troubleshooting](#troubleshooting) -## Usage +## Using this collection ### Ansible Vault prerequisite @@ -320,3 +322,13 @@ See [LICENSE](./LICENSE) file. ## Contributing See [Contributing](./docs/CONTRIBUTING.md) file. + +## Code of Conduct + +See [Code of Conduct](./docs/CODE_OF_CONDUCT.md) file. + +## Releasing, Versioning and Deprecation + +This collection follows Semantic Versioning. More details on versioning can be found in [Understanding collection versioning](https://docs.ansible.com/ansible/latest/dev_guide/developing_collections_distributing.html#understanding-collection-versioning). + +New minor and major releases as well as deprecations will follow new releases and deprecations of the Cisco Catalystwan SDK, a Python SDK, which this project relies on. diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 0000000..cea24ab --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,29 @@ +namespace: cisco +name: sdwan +version: 0.1.0 +readme: README.md +authors: + - Arkadiusz Cichon +description: Ansible collection to provide full workflows for deployment, upgrades and configuration + +repository: https://github.com/cisco-open/ansible-collection-sdwan +documentation: https://github.com/cisco-open/ansible-collection-sdwan/blob/main/README.md +homepage: https://github.com/cisco-open/ansible-collection-sdwan +issues: https://github.com/cisco-open/ansible-collection-sdwan/issues + +license: + - "GPL-3.0-only" + +tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: + "cisco.sdwan_deployment": ">=0.1.0" + "cisco.catalystwan": ">=0.1.1" + "amazon.aws": ">=6.5.0" + "azure.azcollection": ">=1.19.0" + +build_ignore: [] diff --git a/meta/runtime.yml b/meta/runtime.yml new file mode 100644 index 0000000..0a00844 --- /dev/null +++ b/meta/runtime.yml @@ -0,0 +1,3 @@ +# meta/runtime.yml +--- +requires_ansible: '>=2.16.6' From d51deb748073105c545f8283a23a13799f1d5d23 Mon Sep 17 00:00:00 2001 From: acichon Date: Tue, 21 May 2024 22:08:59 +0200 Subject: [PATCH 02/11] release preparation --- .github/workflows/linters.yml | 2 +- .pre-commit-config.yaml | 4 ++++ playbooks/aws/test_variables.yml | 2 +- playbooks/azure/full_deploy_and_configure.yml | 1 - playbooks/azure/test_variables.yml | 2 +- playbooks/software_upgrades_with_remote_server.yml | 2 +- 6 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index d4ab32c..5b2cd98 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -40,4 +40,4 @@ jobs: run: pip install detect-secrets==1.4.0 - name: Run detect-secrets - run: detect-secrets scan \ No newline at end of file + run: detect-secrets scan diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 26c5838..d9d74af 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,3 +1,5 @@ +exclude: 'playbooks/aws/results/*' + repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 @@ -11,6 +13,8 @@ repos: hooks: - id: ansible-lint files: \.(yaml|yml)$ + exclude: + - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 diff --git a/playbooks/aws/test_variables.yml b/playbooks/aws/test_variables.yml index 049af53..558066a 100644 --- a/playbooks/aws/test_variables.yml +++ b/playbooks/aws/test_variables.yml @@ -63,4 +63,4 @@ - name: Assert that required `pnp_username` and `pnp_password` variables are provided ansible.builtin.fail: msg: "Required variables: `pnp_username` and `pnp_password` variables are missing" - when: pnp_vars is defined and (pnp_vars.failed|default(False)) + when: pnp_vars is defined and (pnp_vars.failed | default(False)) diff --git a/playbooks/azure/full_deploy_and_configure.yml b/playbooks/azure/full_deploy_and_configure.yml index ee157bd..23dcda1 100644 --- a/playbooks/azure/full_deploy_and_configure.yml +++ b/playbooks/azure/full_deploy_and_configure.yml @@ -50,7 +50,6 @@ - cisco.sdwan_deployment.azure_edges - # Onboard edge devices and wait for their reachability - name: Activate and validate edge devices hosts: localhost diff --git a/playbooks/azure/test_variables.yml b/playbooks/azure/test_variables.yml index b8183c3..a6b2ddf 100644 --- a/playbooks/azure/test_variables.yml +++ b/playbooks/azure/test_variables.yml @@ -65,4 +65,4 @@ - name: Assert that required `pnp_username` and `pnp_password` variables are provided ansible.builtin.fail: msg: "Required variables: `pnp_username` and `pnp_password` variables are missing" - when: pnp_vars is defined and (pnp_vars.failed|default(False)) \ No newline at end of file + when: pnp_vars is defined and (pnp_vars.failed | default(False)) diff --git a/playbooks/software_upgrades_with_remote_server.yml b/playbooks/software_upgrades_with_remote_server.yml index f9ef542..994c21c 100644 --- a/playbooks/software_upgrades_with_remote_server.yml +++ b/playbooks/software_upgrades_with_remote_server.yml @@ -15,7 +15,7 @@ remote_server_password: null remote_server_image_location_prefix: null vmanage_remote_software_filename: null - viptela_remote_software_filename: null + viptela_remote_software_filename: null cedge_remote_software_filename: null controller_software_version_to_activate: null # For Remote Images that don't report its version in repository, we have to provide that value directly edge_software_version_to_activate: null # For Remote Images that don't report its version in repository, we have to provide that value directly From 1017063e13f817afbc0a8999049e6907b3d32d03 Mon Sep 17 00:00:00 2001 From: acichon Date: Tue, 21 May 2024 22:20:39 +0200 Subject: [PATCH 03/11] trailing whitespaces --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- .pre-commit-config.yaml | 2 -- README.md | 24 ++++++++++++------------ playbooks/aws/test_env.yml | 2 +- playbooks/azure/test_env.yml | 2 +- 5 files changed, 15 insertions(+), 17 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index f70c877..0619f25 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -8,4 +8,4 @@ - [ ] PR description is clear and comprehensive - [ ] Mentioned the issue that this PR solves (if applicable) -- [ ] Make sure you test the changes \ No newline at end of file +- [ ] Make sure you test the changes diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d9d74af..ad60f63 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,5 +1,3 @@ -exclude: 'playbooks/aws/results/*' - repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 diff --git a/README.md b/README.md index 01cb9da..afb4754 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@ # Cisco SDWAN aaC ```text - - ┌───────────────────────────────┐ - │ cisco.sdwan │ - └───────▲───────────────▲───────┘ - │ │ - ┌──────┘ └──────┐ - │ │ - ┌───────────┴──────────────┐ ┌─────────┴──────────┐ - │ cisco.sdwan_deployment │ │ cisco.catalystwan │ - └──────────────────────────┘ └────────────────────┘ - + + ┌───────────────────────────────┐ + │ cisco.sdwan │ + └───────▲───────────────▲───────┘ + │ │ + ┌──────┘ └──────┐ + │ │ + ┌───────────┴──────────────┐ ┌─────────┴──────────┐ + │ cisco.sdwan_deployment │ │ cisco.catalystwan │ + └──────────────────────────┘ └────────────────────┘ + ``` [ansible-collection-sdwan](https://github.com/cisco-open/ansible-collection-sdwan) combine [SDWAN Deployment](https://github.com/cisco-open/ansible-collection-sdwan-deployment) and @@ -153,7 +153,7 @@ and for aws `playbooks/aws/pnp_credentials.yml`. Encrypt the pnp credentials file with your valut password by running: ```bash -ansible-vault encrypt --vault-password-file=vault-password.txt playbooks/azure/pnp_credentials.yml +ansible-vault encrypt --vault-password-file=vault-password.txt playbooks/azure/pnp_credentials.yml ``` From now, `playbooks/azure/pnp_credentials.yml` or `playbooks/aws/pnp_credentials.yml` file will be encrypted. diff --git a/playbooks/aws/test_env.yml b/playbooks/aws/test_env.yml index 5b8a68e..3419024 100644 --- a/playbooks/aws/test_env.yml +++ b/playbooks/aws/test_env.yml @@ -17,5 +17,5 @@ manager_authentication: url: "dummy" username: "dummy" - password: "dummy" + password: "dummy" # pragma: allowlist secret check_mode: true diff --git a/playbooks/azure/test_env.yml b/playbooks/azure/test_env.yml index 9342b50..655486e 100644 --- a/playbooks/azure/test_env.yml +++ b/playbooks/azure/test_env.yml @@ -27,5 +27,5 @@ manager_authentication: url: "dummy" username: "dummy" - password: "dummy" + password: "dummy" # pragma: allowlist secret check_mode: true From 3557cfea24d2cdc0dd0ec1333b21022b21ff4e5d Mon Sep 17 00:00:00 2001 From: acichon Date: Tue, 21 May 2024 22:28:18 +0200 Subject: [PATCH 04/11] # allowlist secrets --- playbooks/aws/pnp_credentials.yml | 2 +- playbooks/azure/pnp_credentials.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/aws/pnp_credentials.yml b/playbooks/aws/pnp_credentials.yml index 914586d..aa13287 100644 --- a/playbooks/aws/pnp_credentials.yml +++ b/playbooks/aws/pnp_credentials.yml @@ -1,4 +1,4 @@ --- pnp_username: null -pnp_password: null +pnp_password: null # pragma: allowlist secret diff --git a/playbooks/azure/pnp_credentials.yml b/playbooks/azure/pnp_credentials.yml index 914586d..aa13287 100644 --- a/playbooks/azure/pnp_credentials.yml +++ b/playbooks/azure/pnp_credentials.yml @@ -1,4 +1,4 @@ --- pnp_username: null -pnp_password: null +pnp_password: null # pragma: allowlist secret From 470ee816b9fa63aded4867d5c13a2c641f86d4f5 Mon Sep 17 00:00:00 2001 From: acichon Date: Wed, 22 May 2024 09:02:29 +0200 Subject: [PATCH 05/11] include ansiblelint config file --- .ansible-lint | 126 ++++++++++++++++++++++++++++++++++++++++ .pre-commit-config.yaml | 2 - 2 files changed, 126 insertions(+), 2 deletions(-) create mode 100644 .ansible-lint diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..2803a08 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,126 @@ +--- +# .ansible-lint + +profile: production + +# Allows dumping of results in SARIF format +# sarif_file: result.sarif + +# exclude_paths included in this file are parsed relative to this file's location +# and not relative to the CWD of execution. CLI arguments passed to the --exclude +# option are parsed relative to the CWD of execution. +exclude_paths: + - playbooks/aws/results/* + - playbooks/azure/results/* +# parseable: true +# quiet: true +# strict: true +verbosity: 1 + +# # Mock modules or roles in order to pass ansible-playbook --syntax-check +# mock_modules: +# - zuul_return +# # note the foo.bar is invalid as being neither a module or a collection +# - fake_namespace.fake_collection.fake_module +# - fake_namespace.fake_collection.fake_module.fake_submodule +# mock_roles: +# - mocked_role +# - author.role_name # old standalone galaxy role +# - fake_namespace.fake_collection.fake_role # role within a collection + +# Enable checking of loop variable prefixes in roles +loop_var_prefix: "^(__|{role}_)" + +# Enforce variable names to follow pattern below, in addition to Ansible own +# requirements, like avoiding python identifiers. To disable add `var-naming` +# to skip_list. +var_naming_pattern: "^[a-z_][a-z0-9_]*$" + +use_default_rules: true +# Load custom rules from this specific folder +# rulesdir: +# - ./rule/directory/ + +# Ansible-lint is able to recognize and load skip rules stored inside +# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files. +# To skip a rule just enter filename and tag, like "playbook.yml package-latest" +# on a new line. +# Optionally you can add comments after the tag, prefixed by "#". We discourage +# the use of skip_list below because that will hide violations from the output. +# When putting ignores inside the ignore file, they are marked as ignored, but +# still visible, making it easier to address later. +skip_list: + - skip_this_tag + - name[prefix] + - var-naming[no-role-prefix] + - loop-var-prefix[wrong] + - galaxy[no-changelog] # FIXME after release + - galaxy[version-incorrect] # FIXME after release + - meta-runtime[unsupported-version] # FIXME after release + +# Ansible-lint does not automatically load rules that have the 'opt-in' tag. +# You must enable opt-in rules by listing each rule 'id' below. +enable_list: + - args + - empty-string-compare # opt-in + - no-log-password # opt-in + - no-same-owner # opt-in + - name[prefix] # opt-in + # add yaml here if you want to avoid ignoring yaml checks when yamllint + # library is missing. Normally its absence just skips using that rule. + - yaml +# Report only a subset of tags and fully ignore any others +# tags: +# - jinja[spacing] + +# Ansible-lint does not fail on warnings from the rules or tags listed below +warn_list: + - skip_this_tag + - experimental # experimental is included in the implicit list + + # - role-name + # - yaml[document-start] # you can also use sub-rule matches + +# Some rules can transform files to fix (or make it easier to fix) identified +# errors. `ansible-lint --fix` will reformat YAML files and run these transforms. +# By default it will run all transforms (effectively `write_list: ["all"]`). +# You can disable running transforms by setting `write_list: ["none"]`. +# Or only enable a subset of rule transforms by listing rules/tags here. +# write_list: +# - all + +# Offline mode disables installation of requirements.yml and schema refreshing +offline: true + +# Define required Ansible's variables to satisfy syntax check +extra_vars: + foo: bar + multiline_string_variable: | + line1 + line2 + complex_variable: ":{;\t$()" + +# Uncomment to enforce action validation with tasks, usually is not +# needed as Ansible syntax check also covers it. +# skip_action_validation: false + +# List of additional kind:pattern to be added at the top of the default +# match list, first match determines the file kind. +kinds: + # - playbook: "**/examples/*.{yml,yaml}" + # - galaxy: "**/folder/galaxy.yml" + # - tasks: "**/tasks/*.yml" + # - vars: "**/vars/*.yml" + # - meta: "**/meta/main.yml" + - yaml: "**/*.yaml-too" + +# List of additional collections to allow in only-builtins rule. +# only_builtins_allow_collections: +# - example_ns.example_collection + +# List of additions modules to allow in only-builtins rule. +# only_builtins_allow_modules: +# - example_module + +# Allow setting custom prefix for name[prefix] rule +task_name_prefix: "{stem} | " diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ad60f63..26c5838 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,8 +11,6 @@ repos: hooks: - id: ansible-lint files: \.(yaml|yml)$ - exclude: - - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 From 38c45e3ed936cf2acf26fc67961173177b6c32fb Mon Sep 17 00:00:00 2001 From: acichon Date: Wed, 22 May 2024 09:15:34 +0200 Subject: [PATCH 06/11] enhance linting with mocked roles and modules --- .ansible-lint | 11 +++++++++-- meta/requirements.yml | 13 +++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 meta/requirements.yml diff --git a/.ansible-lint b/.ansible-lint index 2803a08..37d8ff8 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -18,12 +18,19 @@ exclude_paths: verbosity: 1 # # Mock modules or roles in order to pass ansible-playbook --syntax-check -# mock_modules: +mock_modules: + - cisco.catalystwan.wait_for_api_server + - azure.azcollection.azure_rm_account_info # - zuul_return # # note the foo.bar is invalid as being neither a module or a collection # - fake_namespace.fake_collection.fake_module # - fake_namespace.fake_collection.fake_module.fake_submodule -# mock_roles: +mock_roles: + - cisco.sdwan_deployment.aws_network_infrastructure + - cisco.sdwan_deployment.aws_teardown + - cisco.sdwan_deployment.azure_network_infrastructure + - cisco.sdwan_deployment.azure_teardown + - cisco.catalystwan.software_upgrades_remote # - mocked_role # - author.role_name # old standalone galaxy role # - fake_namespace.fake_collection.fake_role # role within a collection diff --git a/meta/requirements.yml b/meta/requirements.yml new file mode 100644 index 0000000..f62e2b1 --- /dev/null +++ b/meta/requirements.yml @@ -0,0 +1,13 @@ +--- + +collections: + - name: amazon.aws + version: 6.5.0 + - name: azure.azcollection + version: 1.19.0 + - name: git@github.com:cisco-open/ansible-collection-catalystwan.git + type: git + version: main + - name: git@github.com:cisco-open/ansible-collection-sdwan-deployment.git + type: git + version: main From 2f0a27d516f4d3c893b92c83e655fcc6563fe1db Mon Sep 17 00:00:00 2001 From: acichon Date: Wed, 22 May 2024 09:21:20 +0200 Subject: [PATCH 07/11] enhance ansible lint config --- .ansible-lint | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.ansible-lint b/.ansible-lint index 37d8ff8..b55af87 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -28,9 +28,21 @@ mock_modules: mock_roles: - cisco.sdwan_deployment.aws_network_infrastructure - cisco.sdwan_deployment.aws_teardown + - cisco.sdwan_deployment.aws_controllers + - cisco.sdwan_deployment.aws_edges - cisco.sdwan_deployment.azure_network_infrastructure - cisco.sdwan_deployment.azure_teardown + - cisco.sdwan_deployment.azure_controllers + - cisco.sdwan_deployment.azure_edges - cisco.catalystwan.software_upgrades_remote + - cisco.catalystwan.api_ready + - cisco.catalystwan.administration_settings + - cisco.catalystwan.onboarding_controllers + - cisco.catalystwan.sync_pnp_edges + - cisco.catalystwan.activate_edges + - cisco.catalystwan.vmanage_mode + - cisco.catalystwan.health_checks + # - mocked_role # - author.role_name # old standalone galaxy role # - fake_namespace.fake_collection.fake_role # role within a collection From 6b14a344594bc732a337b65c79a062614fdfd023 Mon Sep 17 00:00:00 2001 From: acichon Date: Wed, 22 May 2024 09:29:40 +0200 Subject: [PATCH 08/11] trailing whitespaces --- playbooks/aws/aws_sdwan_config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/playbooks/aws/aws_sdwan_config.yml b/playbooks/aws/aws_sdwan_config.yml index 9f708a1..6eaca93 100644 --- a/playbooks/aws/aws_sdwan_config.yml +++ b/playbooks/aws/aws_sdwan_config.yml @@ -63,8 +63,6 @@ vsmart_instances: site_id: 333 - - ################################ # Edge devices # ################################ From 6ce6908e79611d7fedee8ec742eaff4da41c86a3 Mon Sep 17 00:00:00 2001 From: acichon Date: Wed, 22 May 2024 11:14:33 +0200 Subject: [PATCH 09/11] update README --- README.md | 43 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index afb4754..2c8df24 100644 --- a/README.md +++ b/README.md @@ -94,21 +94,56 @@ Current version of the full workflow for bringup SD-WAN assumes that users are f ## Installing this collection -With supported version of Python (>=3.10) installed, you can first set up your environment with: +### Install by cloning this repostiory - recommended way + +You can install collection by first cloning this repository: + +```bash +git clone git@github.com:cisco-open/ansible-collection-sdwan.git +``` + +Then setting your python environment. +Recommended way: use supported version of Python (>=3.10) and set up your environment with: ```bash python3 -m venv source /bin/activate +pip install -r requirements.txt --no-deps ``` -And then install python and ansible requirements: +And then install ansible requirements: ```bash -pip install -r requirements.txt --no-deps ansible-galaxy install -r requirements.yml ``` -Note: For python packages installation troubleshooting see [python-packages-installation](#5-python-packages-installation) +### Install with Ansible Galaxy + +***Note*** that when installing this collection with `ansible-galaxy` command, it will be placed inside your system collections path. That migth introduce additional complexity for using configuration files etc. + +You can install this collection with the Ansible Galaxy CLI (requires `ansible` package installed) + +```bash +ansible-galaxy collection install cisco.sdwan +``` + +The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip. +Recommended way: use supported version of Python (>=3.10) and set up your environment with: + +```bash +python3 -m venv +source /bin/activate +``` + +And then install python requirements: + +```bash +pip install -r requirements.txt --no-deps +``` + +

+ +***Note***: For python packages installation troubleshooting see [python-packages-installation](#5-python-packages-installation) Verify that your ansible version is using python modules from vevn by using test playbook: From 61512ea81b59d3680043374f83ce89d3e41b54cb Mon Sep 17 00:00:00 2001 From: acichon Date: Wed, 22 May 2024 21:37:17 +0200 Subject: [PATCH 10/11] required vars --- README.md | 2 +- playbooks/aws/aws_sdwan_config.yml | 2 ++ playbooks/aws/test_variables.yml | 1 + playbooks/azure/azure_sdwan_config.yml | 7 ++++--- playbooks/azure/test_variables.yml | 1 + 5 files changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2c8df24..4476d8d 100644 --- a/README.md +++ b/README.md @@ -197,7 +197,7 @@ In order to run playbook that requires pnp_credentials, users have to specify pa Example: ```bash -ansible-playbook playbooks/azure/test_vault_usage.yml --vault-password-file=vault-password.txt +ansible-playbook playbooks/azure/non-existing-exmple.yml --vault-password-file=vault-password.txt ``` ### Configuration file diff --git a/playbooks/aws/aws_sdwan_config.yml b/playbooks/aws/aws_sdwan_config.yml index 6eaca93..d273ded 100644 --- a/playbooks/aws/aws_sdwan_config.yml +++ b/playbooks/aws/aws_sdwan_config.yml @@ -33,6 +33,8 @@ aws_allowed_subnets: null # Controllers # ############################### +admin_password: null + # vManage aws_vmanage_ami_id: null aws_vmanage_instance_type: "c5.9xlarge" diff --git a/playbooks/aws/test_variables.yml b/playbooks/aws/test_variables.yml index 558066a..27df34f 100644 --- a/playbooks/aws/test_variables.yml +++ b/playbooks/aws/test_variables.yml @@ -20,6 +20,7 @@ aws_vbond_ami_id: "{{ aws_vbond_ami_id | default() }}" aws_vsmart_ami_id: "{{ aws_vsmart_ami_id | default() }}" aws_cedge_ami_id: "{{ aws_cedge_ami_id | default() }}" + admin_password: "{{ admin_password | default() }}" tasks: - name: Assert that required variables are provided ansible.builtin.assert: diff --git a/playbooks/azure/azure_sdwan_config.yml b/playbooks/azure/azure_sdwan_config.yml index 00faee3..c8a8b97 100644 --- a/playbooks/azure/azure_sdwan_config.yml +++ b/playbooks/azure/azure_sdwan_config.yml @@ -22,14 +22,15 @@ az_resources_prefix: "{{ organization_name }}" # az_allowed_subnets: is list of subnets, that are allowed to access your instances # # example configuration is: -# az_allowed_subnets: -# - 15.15.0.0/16 -# - 10.10.0.0/16 +az_allowed_subnets: null + ############################### # Controllers # ############################### +admin_password: null + # vManage az_vmanage_image_vhd_source: null az_vmanage_vm_size: "Standard_F16s_v2" diff --git a/playbooks/azure/test_variables.yml b/playbooks/azure/test_variables.yml index a6b2ddf..457c594 100644 --- a/playbooks/azure/test_variables.yml +++ b/playbooks/azure/test_variables.yml @@ -22,6 +22,7 @@ az_cedge_image_publisher: "{{ az_cedge_image_publisher | default() }}" az_cedge_image_sku: "{{ az_cedge_image_sku | default() }}" az_cedge_image_version: "{{ az_cedge_image_version | default() }}" + admin_password: "{{ admin_password | default() }}" tasks: - name: Assert that required variables are provided ansible.builtin.assert: From 24fa4319124cd7b0d4ff4d3d07c3e4ac76e38789 Mon Sep 17 00:00:00 2001 From: acichon Date: Wed, 22 May 2024 21:51:21 +0200 Subject: [PATCH 11/11] use newest sdwan deployment collection --- galaxy.yml | 2 +- playbooks/azure/azure_sdwan_config.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index cea24ab..27ccdb8 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -21,7 +21,7 @@ tags: - networking dependencies: - "cisco.sdwan_deployment": ">=0.1.0" + "cisco.sdwan_deployment": ">=0.1.1" "cisco.catalystwan": ">=0.1.1" "amazon.aws": ">=6.5.0" "azure.azcollection": ">=1.19.0" diff --git a/playbooks/azure/azure_sdwan_config.yml b/playbooks/azure/azure_sdwan_config.yml index c8a8b97..0fd1953 100644 --- a/playbooks/azure/azure_sdwan_config.yml +++ b/playbooks/azure/azure_sdwan_config.yml @@ -22,7 +22,7 @@ az_resources_prefix: "{{ organization_name }}" # az_allowed_subnets: is list of subnets, that are allowed to access your instances # # example configuration is: -az_allowed_subnets: null +az_allowed_subnets: null ###############################