From 6bfee95af86100d200f88d60b3906efa2079dfd2 Mon Sep 17 00:00:00 2001 From: przsus <101723670+przsus@users.noreply.github.com> Date: Thu, 21 Nov 2024 12:44:30 +0100 Subject: [PATCH 1/4] UX2.0 playbook --- .ansible-lint | 2 + playbooks/aws/aws_sdwan_config.yml | 17 ++- playbooks/aws/feature_profile_config.yml | 97 ++++++++++++++++ .../aws/ux2_full_deploy_and_configure.yml | 108 ++++++++++++++++++ 4 files changed, 223 insertions(+), 1 deletion(-) create mode 100644 playbooks/aws/feature_profile_config.yml create mode 100644 playbooks/aws/ux2_full_deploy_and_configure.yml diff --git a/.ansible-lint b/.ansible-lint index 26566d4..527d251 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -51,6 +51,8 @@ mock_roles: - cisco.catalystwan.activate_edges - cisco.catalystwan.vmanage_mode - cisco.catalystwan.health_checks + - cisco.catalystwan.config_groups + - cisco.catalystwan.feature_profile_builder # - mocked_role diff --git a/playbooks/aws/aws_sdwan_config.yml b/playbooks/aws/aws_sdwan_config.yml index 4918f48..ba44f3a 100644 --- a/playbooks/aws/aws_sdwan_config.yml +++ b/playbooks/aws/aws_sdwan_config.yml @@ -28,11 +28,26 @@ aws_resources_prefix: "{{ organization_name }}" # - 10.10.0.0/16 aws_allowed_subnets: null +# NOTE uncomment for UX2.0 deployment +# aws_subnets: +# - name: "{{ aws_resources_prefix }}-mgmt-subnet-512" +# subnet_cidr: "10.0.1.0/24" # default ips from official Cisco guides +# VPN: 512 +# type: mgmt +# - name: "{{ aws_resources_prefix }}-transport-subnet-0" +# subnet_cidr: "10.0.2.0/24" # default ips from official Cisco guides +# VPN: 0 +# type: transport +# - name: "{{ aws_resources_prefix }}-service-subnet-10" +# subnet_cidr: "10.0.3.0/24" # default ips from official Cisco guides +# VPN: 10 +# type: service ############################### # Controllers # ############################### +# do not use 'admin' as password since it will cause the playbooks to fail admin_password: null # vManage @@ -43,7 +58,7 @@ vmanage_instances: - hostname: "{{ aws_resources_prefix }}-vManage" system_ip: 192.168.1.1 site_id: 111 -# uncomment for cluster deployment +# NOTE uncomment for cluster deployment # - hostname: "{{ aws_resources_prefix }}-vManage2" # system_ip: 192.168.4.1 # site_id: 112 diff --git a/playbooks/aws/feature_profile_config.yml b/playbooks/aws/feature_profile_config.yml new file mode 100644 index 0000000..32f4ce3 --- /dev/null +++ b/playbooks/aws/feature_profile_config.yml @@ -0,0 +1,97 @@ +### TRANSPORT PARCELS + +wan_interface_ethernet_parcel: + template: ethernet + config: + data: + interfaceName: + optionType: variable + value: "{{ '{{vpn_0_transport_if}}' }}" + description: + optionType: global + value: WAN VPN 0 Interface + name: TRANSPORT + description: WAN VPN 0 Feature + +wan_vpn_parcel: + template: vpn + config: + name: VPN0 + description: SDWAN Transport Wan Vpn Feature config + sub_parcels: + - "{{ wan_interface_ethernet_parcel }}" + +### SERVICE PARCELS + +lan_interface_ethernet_parcel: + template: ethernet + config: + name: VPN_Service_10_Interface + description: LAN Interface + data: + interfaceName: + optionType: variable + value: "{{ '{{vpn_10_if_0}}' }}" + intfIpAddress: + static: + staticIpV4AddressPrimary: + ipAddress: + optionType: variable + value: "{{ '{{vpn_10_if_0_static_ipaddr}}' }}" + subnetMask: + optionType: variable + value: "{{ '{{vpn_10_if_0_static_subnet}}' }}" + +lan_vpn_parcel: + template: vpn + config: + name: Service_Network + description: LAN VPN + data: + vpnId: + optionType: global + value: 10 + name: + optionType: global + value: SERVICE + sub_parcels: + - "{{ lan_interface_ethernet_parcel }}" + +### FEATURE PROFILES + +name_prefix: "{{ config_group_name | default('ansible-generated') }}" + +system_profile: + name: "{{ name_prefix }}_Basic" + description: "{{ name_prefix }} Basic Profile" + parcels: + - template: banner + - template: basic + - template: bfd + - template: omp + - template: logging + - template: ntp + - template: global + - template: aaa + - template: mrf + +transport_profile: + name: "{{ name_prefix }}_WAN" + description: "{{ name_prefix }} Transport Profile" + parcels: + - "{{ wan_vpn_parcel }}" + +service_profile: + name: "{{ name_prefix }}_LAN" + description: "{{ name_prefix }} Service Profile" + parcels: + - "{{ lan_vpn_parcel }}" + +system_profiles: + - "{{ system_profile }}" + +transport_profiles: + - "{{ transport_profile }}" + +service_profiles: + - "{{ service_profile }}" diff --git a/playbooks/aws/ux2_full_deploy_and_configure.yml b/playbooks/aws/ux2_full_deploy_and_configure.yml new file mode 100644 index 0000000..478572c --- /dev/null +++ b/playbooks/aws/ux2_full_deploy_and_configure.yml @@ -0,0 +1,108 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + + +# Deploy Cisco SD-WAN on AWS +- name: Deploy Cisco SD-WAN versions 20.13 on AWS + hosts: localhost + gather_facts: false + vars_files: + ./dev_config_aws.yml + tasks: + roles: + - cisco.sdwan_deployment.aws_network_infrastructure + - cisco.sdwan_deployment.aws_controllers + + +- name: Verify server connectivity, set initial configuration, onboard controllers + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - ./pnp_credentials.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.api_ready + - cisco.catalystwan.administration_settings + - cisco.catalystwan.onboarding_controllers + + +- name: Generate bootstrap configuration for synced edges + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - ./pnp_credentials.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.sync_pnp_edges + + +# Deploying edges requires vbond_mgmt_public_ip, otp and uuid! +- name: Deploy Edge devices based on generated boostrap configuration + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ results_path_controllers }}" + - "{{ deployment_edges_config }}" + roles: + - cisco.sdwan_deployment.aws_edges + + +# Onboard edge devices and wait for their reachability +- name: Activate and validate edge devices + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.activate_edges + + +# Attach templates with running-config for all devices +- name: Set vmanage mode for all devices + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ results_path_controllers }}" + vars: + edge_instances: "{{ deployed_edge_instances }}" + roles: + - cisco.catalystwan.vmanage_mode + +- name: Build feature profile data + hosts: localhost + gather_facts: false + vars_files: + - ./feature_profile_config.yml + roles: + - cisco.catalystwan.feature_profile_builder + +- name: Create Config Groups + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ playbook_dir }}/results/generated_feature_profiles.yml" + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.config_groups + +# After assigning templates, we should add check there to verify that device is managed by templates +# add to vmanage_mode role. + +# Health checks +- name: Verify control connections and BFD, OMP + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.health_checks From 700e6752f74a8be06d280afdd069e7da7295513c Mon Sep 17 00:00:00 2001 From: przsus <101723670+przsus@users.noreply.github.com> Date: Tue, 26 Nov 2024 10:38:07 +0100 Subject: [PATCH 2/4] UX2.0 playbook for azure --- playbooks/azure/azure_sdwan_config.yml | 2 +- playbooks/azure/feature_profile_config.yml | 97 ++++++++++++++++ .../azure/ux2_full_deploy_and_configure.yml | 106 ++++++++++++++++++ 3 files changed, 204 insertions(+), 1 deletion(-) create mode 100644 playbooks/azure/feature_profile_config.yml create mode 100644 playbooks/azure/ux2_full_deploy_and_configure.yml diff --git a/playbooks/azure/azure_sdwan_config.yml b/playbooks/azure/azure_sdwan_config.yml index ff7996d..a784abe 100644 --- a/playbooks/azure/azure_sdwan_config.yml +++ b/playbooks/azure/azure_sdwan_config.yml @@ -77,7 +77,7 @@ vsmart_instances: ################################ # cedge C8000K -az_cedge_vm_size: "Standard_D2_v2" +az_cedge_vm_size: "Standard_D4_v2" az_cedge_image_offer: "cisco-c8000v-byol" az_cedge_image_publisher: "cisco" diff --git a/playbooks/azure/feature_profile_config.yml b/playbooks/azure/feature_profile_config.yml new file mode 100644 index 0000000..32f4ce3 --- /dev/null +++ b/playbooks/azure/feature_profile_config.yml @@ -0,0 +1,97 @@ +### TRANSPORT PARCELS + +wan_interface_ethernet_parcel: + template: ethernet + config: + data: + interfaceName: + optionType: variable + value: "{{ '{{vpn_0_transport_if}}' }}" + description: + optionType: global + value: WAN VPN 0 Interface + name: TRANSPORT + description: WAN VPN 0 Feature + +wan_vpn_parcel: + template: vpn + config: + name: VPN0 + description: SDWAN Transport Wan Vpn Feature config + sub_parcels: + - "{{ wan_interface_ethernet_parcel }}" + +### SERVICE PARCELS + +lan_interface_ethernet_parcel: + template: ethernet + config: + name: VPN_Service_10_Interface + description: LAN Interface + data: + interfaceName: + optionType: variable + value: "{{ '{{vpn_10_if_0}}' }}" + intfIpAddress: + static: + staticIpV4AddressPrimary: + ipAddress: + optionType: variable + value: "{{ '{{vpn_10_if_0_static_ipaddr}}' }}" + subnetMask: + optionType: variable + value: "{{ '{{vpn_10_if_0_static_subnet}}' }}" + +lan_vpn_parcel: + template: vpn + config: + name: Service_Network + description: LAN VPN + data: + vpnId: + optionType: global + value: 10 + name: + optionType: global + value: SERVICE + sub_parcels: + - "{{ lan_interface_ethernet_parcel }}" + +### FEATURE PROFILES + +name_prefix: "{{ config_group_name | default('ansible-generated') }}" + +system_profile: + name: "{{ name_prefix }}_Basic" + description: "{{ name_prefix }} Basic Profile" + parcels: + - template: banner + - template: basic + - template: bfd + - template: omp + - template: logging + - template: ntp + - template: global + - template: aaa + - template: mrf + +transport_profile: + name: "{{ name_prefix }}_WAN" + description: "{{ name_prefix }} Transport Profile" + parcels: + - "{{ wan_vpn_parcel }}" + +service_profile: + name: "{{ name_prefix }}_LAN" + description: "{{ name_prefix }} Service Profile" + parcels: + - "{{ lan_vpn_parcel }}" + +system_profiles: + - "{{ system_profile }}" + +transport_profiles: + - "{{ transport_profile }}" + +service_profiles: + - "{{ service_profile }}" diff --git a/playbooks/azure/ux2_full_deploy_and_configure.yml b/playbooks/azure/ux2_full_deploy_and_configure.yml new file mode 100644 index 0000000..b47b7fc --- /dev/null +++ b/playbooks/azure/ux2_full_deploy_and_configure.yml @@ -0,0 +1,106 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + + +# Deploy Cisco SD-WAN version 20.13 on Azure +- name: Deploy Cisco SD-WAN versions 20.13 on Azure + hosts: localhost + gather_facts: false + vars_files: + azure_sdwan_config.yml + tasks: + roles: + - cisco.sdwan_deployment.azure_network_infrastructure + - cisco.sdwan_deployment.azure_controllers + + +- name: Verify server connectivity, set initial configuration, onboard controllers + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - ./pnp_credentials.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.api_ready + - cisco.catalystwan.administration_settings + - cisco.catalystwan.onboarding_controllers + + +- name: Generate bootstrap configuration for synced edges + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - ./pnp_credentials.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.sync_pnp_edges + + +# Deploying edges requires vbond_mgmt_public_ip, otp and uuid! +- name: Deploy Edge devices based on generated boostrap configuration + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ results_path_controllers }}" + - "{{ deployment_edges_config }}" + roles: + - cisco.sdwan_deployment.azure_edges + + +# Onboard edge devices and wait for their reachability +- name: Activate and validate edge devices + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.activate_edges + + +# Attach templates with running-config for all devices +- name: Set vmanage mode for all devices + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.vmanage_mode + +- name: Build feature profile data + hosts: localhost + gather_facts: false + vars_files: + - ./feature_profile_config.yml + roles: + - cisco.catalystwan.feature_profile_builder + +- name: Create Config Groups + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ playbook_dir }}/results/generated_feature_profiles.yml" + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.config_groups + +# After assigning templates, we should add check there to verify that device is managed by templates +# add to vmanage_mode role. + +# Health checks +- name: Verify control connections and BFD, OMP + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.health_checks From 5b3e5a53e676ced3907e6529f298c5d2ce4f41ef Mon Sep 17 00:00:00 2001 From: przsus <101723670+przsus@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:47:37 +0100 Subject: [PATCH 3/4] subnets --- playbooks/aws/aws_sdwan_config.yml | 19 +++++-------------- playbooks/azure/azure_sdwan_config.yml | 6 ++++++ 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/playbooks/aws/aws_sdwan_config.yml b/playbooks/aws/aws_sdwan_config.yml index ba44f3a..6ac2666 100644 --- a/playbooks/aws/aws_sdwan_config.yml +++ b/playbooks/aws/aws_sdwan_config.yml @@ -28,20 +28,11 @@ aws_resources_prefix: "{{ organization_name }}" # - 10.10.0.0/16 aws_allowed_subnets: null -# NOTE uncomment for UX2.0 deployment -# aws_subnets: -# - name: "{{ aws_resources_prefix }}-mgmt-subnet-512" -# subnet_cidr: "10.0.1.0/24" # default ips from official Cisco guides -# VPN: 512 -# type: mgmt -# - name: "{{ aws_resources_prefix }}-transport-subnet-0" -# subnet_cidr: "10.0.2.0/24" # default ips from official Cisco guides -# VPN: 0 -# type: transport -# - name: "{{ aws_resources_prefix }}-service-subnet-10" -# subnet_cidr: "10.0.3.0/24" # default ips from official Cisco guides -# VPN: 10 -# type: service +####################################### +# Deployment configuration # +####################################### + +ux20_deployment: true # NOTE remove or set to false for UX1.0 deployment ############################### # Controllers # diff --git a/playbooks/azure/azure_sdwan_config.yml b/playbooks/azure/azure_sdwan_config.yml index a784abe..b25a8e4 100644 --- a/playbooks/azure/azure_sdwan_config.yml +++ b/playbooks/azure/azure_sdwan_config.yml @@ -24,6 +24,11 @@ az_resources_prefix: "{{ organization_name }}" # example configuration is: az_allowed_subnets: null +####################################### +# Deployment configuration # +####################################### + +ux20_deployment: true # NOTE remove or set to false for UX1.0 deployment ############################### # Controllers # @@ -78,6 +83,7 @@ vsmart_instances: # cedge C8000K az_cedge_vm_size: "Standard_D4_v2" +# az_cedge_vm_size: "Standard_D2_v2" # NOTE optionally uncomment for UX1.0 deployment az_cedge_image_offer: "cisco-c8000v-byol" az_cedge_image_publisher: "cisco" From e0f2aa53c8f6a7a26059b0f58f52c542558d7fce Mon Sep 17 00:00:00 2001 From: przsus <101723670+przsus@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:47:23 +0100 Subject: [PATCH 4/4] bump versions --- galaxy.yml | 2 +- requirements.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index 8e21241..f3a8aa9 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: cisco name: sdwan -version: 0.3.3 +version: 0.3.4 readme: README.md authors: - Arkadiusz Cichon diff --git a/requirements.yml b/requirements.yml index b696904..e8f033b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,6 +4,6 @@ collections: - name: azure.azcollection version: 1.19.0 - name: cisco.catalystwan - version: 0.3.0 + version: 0.3.1 - name: cisco.sdwan_deployment - version: 0.3.2 + version: 0.3.3