diff --git a/README.md b/README.md index a691eda..4bb5d10 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ This repository includes: - `aws_controllers` - `aws_edges` - `aws_teardown` -- `common` +- cisco.sdwan_deployment.common` - `azure_controllers` - `azure_edges` - `azure_teardown` diff --git a/roles/aws_controllers/README.md b/roles/aws_controllers/README.md new file mode 100644 index 0000000..c6461da --- /dev/null +++ b/roles/aws_controllers/README.md @@ -0,0 +1,75 @@ +# Ansible Role: aws_controllers + +The `aws_controllers` Ansible role is designed to deploy a Cisco SD-WAN controller topology on AWS cloud infrastructure. It follows the topology outlined in the official Cisco documentation and currently supports the deployment of vManage, vBond, and vSmart instances. + +NOTE: Role must be used on localhost - API requests to AWS via boto are done from local machine. + +## Role description + +The `aws_controllers` role automates the deployment of Cisco SD-WAN controllers (vManage, vBond, and vSmart) in AWS. Key functionalities include: + +- Validating AWS dependencies and user sessions. +- Discovering or using provided network infrastructure settings. +- Ensuring all required deployment variables are set. +- Creating EC2 instances for each controller type and managing deployment order. +- Storing deployment data and verifying instance reachability post-setup. + +## Requirements + +- `cisco.sdwan_deployment` collection installed +- Ansible 2.16 or higher. +- Ansible AWS modules (`amazon.aws` collection) installed. +- Boto3 and Botocore Python libraries installed on the controlling machine to interact with AWS APIs. +- AWS CLI configured with the appropriate permissions to create and manage AWS resources. +- AWS EC2 AMIs for vManage, vBond, and vSmart instances must be available in your AWS account. + +## Dependencies + +- A role named `cisco.sdwan_deployment.common` that provides tasks for checking AWS boto3 requirements, probing user sessions, and asserting required variables. +- A role named `aws_network_infrastructure` that gathers information about the network resources if not already provided by the user. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `organization_name`: Name of the organization deploying the controllers. Must be defined by the user. +- `aws_region`: AWS region where resources will be deployed (default: `us-east-1`). +- `aws_vpc_name`, `aws_security_group_name`: Default naming convention for VPC and security group. +- `aws_tag_creator`: Tag used to mark resources created in AWS. +- `aws_key_name`: AWS SSH key pair name. +- `admin_username`, `admin_password`: Default credentials for controllers. +- `vbond_port`, `default_vbond_ip`: Default port and IP for vBond. +- `aws_vmanage_ami_id`, `aws_vmanage_instance_type`: AMI ID and instance type for vManage. +- `aws_vbond_ami_id`, `aws_vbond_instance_type`: AMI ID and instance type for vBond. +- `aws_vsmart_ami_id`, `aws_vsmart_instance_type`: AMI ID and instance type for vSmart. +- `site_id_vmanage`, `site_id_vbond`, `site_id_vsmart`: Default site IDs for each controller. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory to store deployment results. +- `aws_deployed_controllers_data`: File to store data of deployed controllers. +- `userdata_vmanage_path`, `userdata_vbond_path`, `userdata_vsmart_path`: Paths to user data configurations for each controller type. + +### Required Variables + +The following variables must be set prior to executing the role: + +- `organization_name`: The name of your organization, used as a prefix for Azure resources. +- `az_location`: The Azure region where resources will be deployed. +- `az_resource_group`: The name of the Azure resource group for the deployment. +- `az_network_security_group`: The name of the Azure Network Security Group. +- `az_subnets`: A list of subnet definitions for the Azure Virtual Network. +- `admin_username`: Administrator username for the SD-WAN controller instances. +- `admin_password`: Administrator password for the SD-WAN controller instances. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/aws_controllers/meta/main.yml b/roles/aws_controllers/meta/main.yml index ed97d53..ca86a3f 100644 --- a/roles/aws_controllers/meta/main.yml +++ b/roles/aws_controllers/meta/main.yml @@ -1 +1,17 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates + --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Cisco SD-WAN Controllers on AWS + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/aws_edges/README.md b/roles/aws_edges/README.md new file mode 100644 index 0000000..7748d87 --- /dev/null +++ b/roles/aws_edges/README.md @@ -0,0 +1,77 @@ +# AWS Edges Ansible Role Documentation + +## Overview + +The `aws_edges` role, part of the `cisco.sdwan_deployment` collection, facilitates the deployment of Cisco SD-WAN edge devices (cEdges) within an AWS environment. + +NOTE: Role must be used on localhost - API requests to AWS via boto are done from local machine. + +## Role description + +The `aws_edges` role is an essential component of the `cisco.sdwan_deployment` collection and focuses on the automated deployment of Cisco SD-WAN edge devices (cEdges) in the AWS cloud. Key functionalities include: + +- Validating dependencies on boto3 and botocore for AWS interactions. +- Confirming the presence of an active AWS user session. +- Discovering or incorporating provided network configurations such as VPC, security groups, and subnets. +- Asserting the availability of all necessary variables for the deployment of edge devices. +- Deploying EC2 instances for cEdge devices and configuring them according to specified parameters. +- Organizing deployment results and confirming the operational status of the instances through SSH reachability checks. + +## Requirements + +- `cisco.sdwan_deployment` collection installed +- Ansible 2.16 or higher. +- Ansible AWS modules (`amazon.aws` collection) installed. +- Boto3 and Botocore Python libraries installed on the controlling machine to interact with AWS APIs. +- AWS CLI configured with the appropriate permissions to create and manage AWS resources. +- AWS EC2 AMIs for vManage, vBond, and vSmart instances must be available in your AWS account. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that provides tasks for AWS boto3 requirements, user session checks, variable verifications, instance checks, and deployment fact gathering. +- Prepared network infrastructure used to deploy instances to (VPC, subnets etc.) + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `organization_name`: Name of the organization. Must be defined by the user. +- `aws_region`: AWS region where resources will be deployed (default: `us-east-1`). +- `aws_vpc_name`, `aws_security_group_name`: Defaults for naming VPC and security group resources. +- `aws_tag_creator`: Tag for identifying the creator of AWS resources. +- `aws_key_name`: AWS SSH key pair name for EC2 instances. +- `admin_username`, `admin_password`: Default admin credentials for edge devices. +- `vbond_port`, `default_vbond_ip`: Default vBond communication settings. +- `aws_cedge_ami_id`, `aws_cedge_instance_type`: AMI ID and instance type for cEdge devices. +- `edge_instances`: List of edge device instances to be deployed. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory where deployment results will be stored. +- `aws_deployed_edges_data`: File to store data of deployed edge devices. +- `userdata_cedge_path`: Path to the user data configuration for cEdge devices. + +### Required variables + +The following variables must be set prior to executing the role: + +- `organization_name`: Identifier for your organization, used for naming AWS resources. +- `aws_region`: AWS region to host the resources. +- `aws_availibility_zone`: Specific AWS availability zone within the selected region. +- `admin_password`: Password for administrative access to controller instances. +- `aws_vpc_config`: Configuration details for the AWS VPC. +- `aws_security_group_config`: Settings for the AWS security group. +- `aws_subnets_config`: Specifications for the AWS subnets. +- `aws_cedge_ami_id`: AMI ID for the Cisco Edge compute instances. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/aws_edges/meta/main.yml b/roles/aws_edges/meta/main.yml index ed97d53..5ad3eb1 100644 --- a/roles/aws_edges/meta/main.yml +++ b/roles/aws_edges/meta/main.yml @@ -1 +1,17 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates + --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Cisco SD-WAN cEdges (C8000V) on AWS + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/aws_network_infrastructure/README.md b/roles/aws_network_infrastructure/README.md new file mode 100644 index 0000000..d21be6b --- /dev/null +++ b/roles/aws_network_infrastructure/README.md @@ -0,0 +1,70 @@ +# AWS Network Infrastructure Ansible Role Documentation + +## Overview + +The role provided here is designed to establish foundational network infrastructure within an AWS environment as a prerequisite for deploying other resources. + +NOTE: This role should be executed on localhost as it performs API requests to AWS via boto from the local machine. + +## Role Description + +This role focuses on creating and configuring the necessary network components in AWS, such as VPCs, subnets, security groups, and internet gateways. The key functionalities include: + +- Validating boto3 and botocore dependencies, ensuring that AWS SDKs are available for Python. +- Confirming the user's AWS session is active for making API requests. +- Asserting that all required variables are provided to configure the network infrastructure. +- Preparing a results directory to store infrastructure deployment information. +- Creating and managing AWS network infrastructure elements using the provided configurations. + +## Requirements + +- `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible AWS modules (`amazon.aws` collection) installed. +- Boto3 and Botocore Python libraries installed on the controlling machine to interact with AWS APIs. +- AWS CLI configured with the appropriate permissions to create and manage AWS resources. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that includes tasks for checking AWS boto3 requirements, probing the user's AWS session, and verifying required variables. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `aws_allowed_subnets`: VPN subnets allowed to connect to AWS Elastic IPs. +- `organization_name`: Name of the organization. Must be defined by the user. +- `aws_region`: AWS region where resources will be deployed (default: `us-east-1`). +- `aws_availibility_zone`: AWS availability zone for resource deployment (default: `us-east-1a`). +- `aws_vpc_name`, `aws_vpc_cidr`: Defaults for naming and CIDR of the VPC. +- `aws_igw_name`: Name for the AWS Internet Gateway. +- `aws_subnets`: List of subnet configurations for the VPC. +- `aws_route_table_name`: Name for the VPC's route table. +- `aws_security_group_name`: Name for the security group. +- `aws_vpn_name`, `aws_eip_name`, `aws_nacl_name`: Names for VPN, Elastic IP, and network ACL. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory where deployment results will be stored. +- `aws_deployed_network_data`: File to store data of deployed network components. + +### Required Variables + +Before running the role, define the following variables: + +- `organization_name`: The name of your organization, influencing AWS resource naming. +- `aws_region`: The AWS region for deploying resources. +- `aws_availibility_zone`: The desired AWS availability zone within the region. +- `aws_allowed_subnets`: List of subnets allowed to interact with the AWS resources. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/aws_network_infrastructure/meta/main.yml b/roles/aws_network_infrastructure/meta/main.yml index aa997b8..aadbb9c 100644 --- a/roles/aws_network_infrastructure/meta/main.yml +++ b/roles/aws_network_infrastructure/meta/main.yml @@ -1,4 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Network resource (VPCs, IGws, subnets etc.) required for Cisco SD-WAN Infrastructure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/aws_teardown/README.md b/roles/aws_teardown/README.md new file mode 100644 index 0000000..e81f2eb --- /dev/null +++ b/roles/aws_teardown/README.md @@ -0,0 +1,55 @@ +# AWS Teardown Ansible Role Documentation + +## Overview + +The `aws_teardown` role is designed to safely decommission and remove AWS resources that were previously deployed, ensuring that all associated components are properly cleaned up. + +NOTE: This role should be executed on localhost as it performs API requests to AWS via boto from the local machine. + +## Role Description + +This role provides a systematic approach to tearing down AWS resources, with a strong emphasis on safety and confirmation. Key functionalities include: + +- Prompting the user for confirmation before proceeding with the teardown to avoid accidental deletions. +- Verifying that the user's AWS session is active to ensure API call capability. +- Retrieving details of the VPC created by the user and confirming its existence. +- Gathering information about all subnets associated with the VPC. +- Conditionally terminating specific EC2 instances or removing all resources within the VPC, including subnets, route tables, internet gateways, and the VPC itself. + +## Requirements + +- `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible AWS modules (`amazon.aws` collection) installed. +- Boto3 and Botocore Python libraries installed on the controlling machine to interact with AWS APIs. +- AWS CLI configured with the appropriate permissions to delete AWS resources. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that includes tasks for probing the user's AWS session. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `organization_name`: Name of the organization. Must be defined by the user. +- `teardown_resources_data_path`: Path where the teardown data JSON file will be stored. +- `teardown_only_instances`: Boolean value to indicate if only EC2 instances should be torn down. +- `teardown_specific_instances`: Boolean value to indicate if specific EC2 instances should be torn down. +- `aws_region`: AWS region where resources were deployed (default: `us-east-1`). +- `aws_availibility_zone`: AWS availability zone used for resource deployment (default: `us-east-1a`). +- `aws_vpc_name`, `aws_security_group_name`: Names for the VPC and security group to be removed. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/aws_teardown/meta/main.yml b/roles/aws_teardown/meta/main.yml new file mode 100644 index 0000000..8ed81d1 --- /dev/null +++ b/roles/aws_teardown/meta/main.yml @@ -0,0 +1,17 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates + +--- + +galaxy_info: + author: Arkadiusz Cichon + description: Teardown Cisco SD-WAN devices and required network resources from AWS + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/azure_controllers/README.md b/roles/azure_controllers/README.md new file mode 100644 index 0000000..e1830d7 --- /dev/null +++ b/roles/azure_controllers/README.md @@ -0,0 +1,82 @@ +# Ansible Role: azure_controllers + +The `azure_controllers` role is designed to deploy SD-WAN controller instances, specifically vManage, vBond, and vSmart, on the Azure cloud platform. It ensures that instances are deployed according to specific configurations. + +NOTE: This role should be executed on localhost as it performs API requests to Azure via the Ansible Azure modules from the local machine. + +## Role Description + +The `azure_controllers` role automates the deployment of Cisco SD-WAN controllers (vManage, vBond, and vSmart) in Azure. Key functionalities include: + +- Verifying the active Azure user session. +- Asserting that all required variables for Azure controller deployment are set. +- Validating the hostname length for each instance to comply with Azure naming constraints. +- Ensuring that Azure resource prefixes contain hyphens instead of underscores. +- Preparing a directory to store results and deployment data. +- Checking for existing instances in the specified Azure Virtual Network (VN) to avoid conflicts. +- Defining the deployment facts for Ansible to consume. +- Creating Azure VMs for vBond, vSmart, and vManage instances. +- Extracting deployment facts post-deployment. +- Checking the reachability of the vManage instance via SSH to confirm deployment success. + +## Requirements + +- `cisco.sdwan_deployment` collection installed +- Ansible 2.16 or higher. +- Azure CLI installed and configured with appropriate permissions. +- Ansible Azure modules (`azure.azcollection`) installed. +- VM images for Cisco controller devices should be available in your Azure account. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that includes tasks for probing the Azure user session, verifying required variables, and checking for existing instances. +- A role named `azure_network_infrastructure` (if applicable) for managing network resource information. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `organization_name`: User-defined organization name, used as a prefix for Azure resources. +- `az_location`: Azure location where resources will be deployed. Must be defined by the user. +- `az_resources_prefix`: Prefix for Azure resources, defaults to the organization name. +- `az_resource_group`: Name of the Azure resource group. +- `az_virtual_network`: Name of the Azure Virtual Network. +- `az_vn_address_prefixes_cidr`: CIDR block for the Azure Virtual Network. +- `az_subnets`: Definitions for Azure subnets within the Virtual Network. +- `az_network_security_group`: Name of the Azure Network Security Group. +- `az_allowed_subnets`: VPN subnets allowed to connect to Azure public IPs. +- `azure_key_name`: Name of the Azure key for VM access. +- `admin_username`: Default admin username for deployed VMs. +- `admin_password`: Default admin password for deployed VMs. +- `az_vmanage_vm_size`, `az_vbond_vm_size`, `az_vsmart_vm_size`: Azure VM sizes for vManage, vBond, and vSmart instances. +- `site_id_vmanage`, `site_id_vbond`, `site_id_vsmart`: Default site IDs for vManage, vBond, and vSmart instances. +- `vmanage_instances`, `vbond_instances`, `vsmart_instances`: Lists for instance configurations. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory where deployment results are stored. +- `userdata_vmanage_path`, `userdata_vbond_path`, `userdata_vsmart_path`: Paths to templated userdata configurations for each controller type. + +### Required Variables + +- `organization_name`: Your organization's name for resource naming in Azure. +- `az_location`: The Azure region for resource deployment. +- `az_resource_group`: The Azure resource group name for organizing resources. +- `az_network_security_group`: The name of the Azure Network Security Group. +- `az_subnets`: Definitions of Azure subnets within the Virtual Network. +- `admin_username`: Admin username for the deployed VMs. +- `admin_password`: Admin password for the deployed VMs. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration. + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/azure_controllers/meta/main.yml b/roles/azure_controllers/meta/main.yml index c192ecb..6b3086e 100644 --- a/roles/azure_controllers/meta/main.yml +++ b/roles/azure_controllers/meta/main.yml @@ -1,3 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Cisco SD-WAN Controllers on Azure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/azure_edges/README.md b/roles/azure_edges/README.md new file mode 100644 index 0000000..fb669cf --- /dev/null +++ b/roles/azure_edges/README.md @@ -0,0 +1,82 @@ +# Ansible Role: azure_edges + +The `azure_edges` Ansible role is specifically designed for deploying Cisco SD-WAN edge devices, known as Cloud Edge or cEdge, on the Azure cloud platform. It ensures that these instances are deployed following specific configurations and adheres to Azure's best practices. + +NOTE: This role is intended to be executed on localhost as it involves making API requests to Azure via Ansible modules from the local machine. + +## Role Description + +The `azure_edges` role facilitates the deployment of Cisco SD-WAN cEdge instances in Azure. The main tasks include: + +- Verifying an active Azure user session. +- Checking hostname constraints to meet Azure specifications. +- Ensuring the presence of all necessary deployment variables. +- Converting resource prefixes to be Azure-compliant. +- Preparing a directory for storing deployment results. +- Confirming that no conflicting instances exist within the designated Azure Virtual Network. +- Creating Azure VM instances for cEdge devices and managing their deployment sequence. +- Recording deployment data and ensuring post-deployment instance accessibility. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible Azure modules (`azure.azcollection` collection) installed. +- Azure CLI configured with the necessary permissions to create and manage Azure resources. +- VM images for Cisco Cloud Edge devices should be available in your Azure account. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that includes tasks for verifying Azure dependencies, user sessions, and required variables. +- A role named `azure_network_infrastructure` (if applicable) for managing network resource information. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +Variables with default values that can be overridden by the user: + +- `organization_name`: Mandatory field to be defined by the user, used as a prefix for resource naming. +- `az_location`: The Azure location for resource deployment. Must be specified by the user. +- `az_tag_creator`: Tag for identifying resource creator, defaults to the organization name. +- `az_resources_prefix`: Prefix for resources, can be customized by the user. +- `az_resource_group`, `az_virtual_network`, `az_vn_address_prefixes_cidr`, `az_subnets`, `az_network_security_group`: Default configurations for Azure networking resources. +- `az_allowed_subnets`: VPN subnets allowed for Azure public IP connections. Should be defined by the user. +- `azure_key_name`: The Azure key for VM access, to be provided by the user. +- `admin_username`, `admin_password`: Default admin credentials for cEdge instances. +- `vbond_port`, `default_vbond_ip`: Default configurations for vBond. +- `az_cedge_vm_size`: Default Azure VM size for cEdge instances. +- `edge_instances`: List of cEdge instance configurations. If not provided, instances will be created based on PnP Portal information. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory to store deployment results. +- `userdata_cedge_path`: Path to the templated userdata configuration for cEdge devices. + +### Required Variables + +- `organization_name`: The identifier for your organization, used for Azure resource naming. +- `az_location`: The Azure location where resources will be provisioned. +- `az_resource_group`: The name of the Azure resource group for the deployment. +- `az_network_security_group`: The name of the Azure network security group. +- `az_subnets`: The list of subnets to be configured in the Azure Virtual Network. +- `az_cedge_image_offer`: The offer information of the Cisco Edge compute image. +- `az_cedge_image_publisher`: The publisher of the Cisco Edge compute image. +- `az_cedge_image_sku`: The stock-keeping unit (SKU) for the Cisco Edge compute image. +- `az_cedge_image_version`: The version of the Cisco Edge compute image. +- `admin_username`: The admin username for virtual machine access. +- `admin_password`: The admin password for virtual machine access. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/azure_edges/meta/main.yml b/roles/azure_edges/meta/main.yml index c192ecb..1c7f236 100644 --- a/roles/azure_edges/meta/main.yml +++ b/roles/azure_edges/meta/main.yml @@ -1,3 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Cisco SD-WAN cEdges (C8000V) on Azure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/azure_network_infrastructure/README.md b/roles/azure_network_infrastructure/README.md new file mode 100644 index 0000000..712ec63 --- /dev/null +++ b/roles/azure_network_infrastructure/README.md @@ -0,0 +1,66 @@ +# Ansible Role: azure_network_infrastructure + +The `azure_network_infrastructure` Ansible role is designed to configure and deploy the necessary network infrastructure for Cisco SD-WAN services in the Azure cloud environment. It includes creating and managing the resource group, virtual network, subnets, and network security groups required for a secure and operational SD-WAN deployment. + +NOTE: This role should be executed on localhost since it involves making API requests to Azure directly from the control machine. + +## Role Description + +The `azure_network_infrastructure` role performs the following actions to set up the Azure network infrastructure for SD-WAN: + +- Verifies if the user session with Azure is active. +- Ensures that all required variables for the network infrastructure deployment are provided. +- Adjusts the resource prefix to comply with Azure naming conventions. +- Prepares a directory to store the results of the network infrastructure setup. +- Includes tasks to create and manage network resources such as virtual networks, subnets, and security groups. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible Azure modules (`azure.azcollection` collection) installed. +- Azure CLI configured with the necessary permissions to manage Azure network resources. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that contains tasks for verifying Azure dependencies, user sessions, and asserting required variables. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +Variables with default values that the user may need to override: + +- `organization_name`: The name of the organization deploying the infrastructure. This must be defined by the user. +- `az_location`: The Azure location where the network resources will be deployed. Must be specified by the user. +- `az_tag_creator`: Tag used to identify the creator of the resources, defaults to the organization name. +- `az_resources_prefix`: Prefix for the Azure resources, defaulting to the organization name but customizable by the user. +- `az_resource_group`: Default name for the Azure resource group. +- `az_virtual_network`, `az_vn_address_prefixes_cidr`, `az_subnets`: Default configurations for the Azure virtual network and subnets. +- `az_network_security_group`: Default name for the Azure network security group. +- `az_allowed_subnets`: VPN subnets allowed to connect to Azure External IPs. Should be defined by the user. + +### Vars (`vars/main.yml`) + +- `results_dir`: The directory where the results of the network deployment will be stored. + +### Required Variables + +- `organization_name`: The organization's name, used as a prefix for naming Azure resources. +- `az_location`: The geographical location in Azure where the resources will be deployed. +- `az_subnets`: A list of subnet configurations within the Azure Virtual Network. +- `az_allowed_subnets`: Subnets permitted to access the Azure resources. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/azure_network_infrastructure/meta/main.yml b/roles/azure_network_infrastructure/meta/main.yml index c192ecb..aadbb9c 100644 --- a/roles/azure_network_infrastructure/meta/main.yml +++ b/roles/azure_network_infrastructure/meta/main.yml @@ -1,3 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Network resource (VPCs, IGws, subnets etc.) required for Cisco SD-WAN Infrastructure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/azure_network_infrastructure/tasks/main.yml b/roles/azure_network_infrastructure/tasks/main.yml index cdae880..bce2125 100644 --- a/roles/azure_network_infrastructure/tasks/main.yml +++ b/roles/azure_network_infrastructure/tasks/main.yml @@ -22,6 +22,5 @@ state: directory mode: "0755" -# Add task to verify if images name or image id have been provided - name: "Network resources for SD-WAN machines" ansible.builtin.include_tasks: azure_network_infrastructure.yml diff --git a/roles/azure_teardown/README.md b/roles/azure_teardown/README.md new file mode 100644 index 0000000..799a590 --- /dev/null +++ b/roles/azure_teardown/README.md @@ -0,0 +1,52 @@ +# Ansible Role: azure_teardown + +The `azure_teardown` Ansible role is designed to dismantle the Azure cloud infrastructure associated with a particular organization's deployment. This role primarily focuses on removing Azure resource groups and their contained resources, which is an essential step for clean-up operations or decommissioning environments. + +NOTE: This role is to be executed on localhost as it requires direct API interactions with Azure services from the control machine. + +## Role Description + +The `azure_teardown` role performs the necessary actions to de-provision and remove Azure resources created during the SD-WAN deployment or other Azure-based projects. Its primary functions are: + +- Verifying that an active user session with Azure exists. +- Standardizing the Azure resource prefix to comply with Azure naming restrictions. +- Removing the specified Azure Resource Group and its associated resources. +- Optionally waiting for the entire teardown process to complete before exiting the playbook. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible Azure modules (`azure.azcollection` collection) installed. +- Azure CLI configured with the necessary permissions to delete Azure resources. + +## Dependencies + +- A role named `cisco.sdwan_deployment.common` that includes tasks for verifying Azure dependencies and user sessions. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +Variables with default values that may need to be overridden by the user: + +- `organization_name`: The name of the organization associated with the resources being torn down. It must be defined by the user. +- `wait_for_teardown`: Boolean flag to indicate whether the playbook should wait for the teardown process to complete (default: `true`). +- `az_location`: The Azure location where the network resources are deployed. Must be specified by the user if needed for teardown. +- `az_tag_creator`: Tag used to identify the creator of the resources, defaults to the organization name. +- `az_resources_prefix`: Prefix for the Azure resources, defaulting to the organization name but customizable by the user. +- `az_resource_group`: Default name for the Azure resource group to be removed. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration. + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/azure_teardown/meta/main.yml b/roles/azure_teardown/meta/main.yml index c192ecb..3eb5694 100644 --- a/roles/azure_teardown/meta/main.yml +++ b/roles/azure_teardown/meta/main.yml @@ -1,3 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates --- + +galaxy_info: + author: Arkadiusz Cichon + description: Teardown Cisco SD-WAN devices and required network resources from Azure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/common/README.md b/roles/common/README.md new file mode 100644 index 0000000..9514ebb --- /dev/null +++ b/roles/common/README.md @@ -0,0 +1,37 @@ +# Ansible Role: cisco.sdwan_deployment.common + +The `cisco.sdwan_deployment.common` Ansible role is a utility role that provides common tasks used by other roles within the `cisco.sdwan_deployment` collection. These tasks include checking user sessions, probing for existing instances, ensuring necessary requirements are met, and preparing for SD-WAN deployment on cloud platforms like AWS and Azure. + +## Role Description + +The `common` role includes the following key tasks: + +- Verifying that the necessary `boto3` library is installed for AWS deployments. +- Probing the current user session for AWS and Azure to ensure that API calls can be made successfully. +- Checking for existing instances on AWS and Azure to prevent resource conflicts. +- Generating deployment facts for Cisco SD-WAN controllers and edge devices. +- Waiting for SSH readiness to ensure that instances are accessible for further configuration. +- Asserting that all required variables for different stages of SD-WAN deployment are present. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- For AWS deployments: Python `boto3` library and AWS CLI configured with necessary permissions. +- For Azure deployments: Ansible Azure modules (`azure.azcollection` collection) installed and Azure CLI configured with necessary permissions. + +## Dependencies + +This role does not have dependencies on other roles but is a dependency for other roles within the `cisco.sdwan_deployment` collection. + +## Role Variables + +The `common` role does not directly define variables but instead checks for variables required by other roles. Examples of such variables include cloud provider credentials, SD-WAN instance specifications, and deployment settings which should be provided by the user or defined in other roles that include the `common` tasks. + +## License + +"GPL-3.0-only" + +## Author Information + +This role is provided as part of the `cisco.sdwan_deployment` collection, role was created by Arkadiusz Cichon diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml index aa997b8..e2db3c0 100644 --- a/roles/common/meta/main.yml +++ b/roles/common/meta/main.yml @@ -1,4 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- + +galaxy_info: + author: Arkadiusz Cichon + description: Common tasks reusable in cisco.sdwan_deployment collection + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/template_cloudinit/README.md b/roles/template_cloudinit/README.md new file mode 100644 index 0000000..45e7778 --- /dev/null +++ b/roles/template_cloudinit/README.md @@ -0,0 +1,64 @@ +# Ansible Role: template_cloudinit + +The `template_cloudinit` Ansible role is created to generate cloud-init configuration files for different types of Cisco SD-WAN controllers and edge devices. The role supports cloud providers such as AWS and Azure and prepares userdata scripts that are used to bootstrap these instances upon creation. + +## Role Description + +The `template_cloudinit` role executes the following tasks: + +- Prompts the user for the cloud provider or reads it from the configuration. +- Validates the cloud provider input. +- Asserts the presence of all required variables for cloudinit generation. +- Prepares a directory to store the generated cloudinit files. +- Generates cloudinit templates for vBond, vManage, vSmart, and cEdge instances. +- Displays the location and list of generated cloudinit files to the user. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Jinja2 templates for cloud-init userdata scripts corresponding to each type of device (vBond, vManage, vSmart, cEdge). + +## Dependencies + +- A role named `common` that contains tasks for verifying required variables. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +Variables with default values that the user may need to override: + +- `organization_name`: Mandatory for identifying the organization; used in naming conventions. +- `aws_key_name`: AWS key name for SSH access to instances, to be provided by the user. +- `results_dir`: Directory to store generated cloudinit files. +- `userdata_vmanage_path`, `userdata_vbond_path`, `userdata_vsmart_path`: Paths to templated userdata configurations for respective SD-WAN controllers. +- `admin_username`, `admin_password`: Default admin credentials used in userdata scripts. +- `vbond_port`, `default_vbond_ip`: Default configurations for vBond. +- `vbond_transport_private_ip`, `vbond_transport_public_ip`: IPs for vBond, to be defined by the user if static IPs are used. +- `site_id_vmanage`, `vmanage_instances`: Site ID and list of vManage instances. +- `site_id_vbond`, `vbond_instances`: Site ID and list of vBond instances. +- `site_id_vsmart`, `vsmart_instances`: Site ID and list of vSmart instances. +- `edge_instances`: List of cEdge instances. + +### Required Variables + +- `organization_name`: The name of your organization, referenced in the cloud init configuration. +- `admin_username`: The administrative username for initial server setup. +- `admin_password`: The administrative password for initial server setup. +- `vbond_transport_private_ip`: The private IP address for vBond's transport interface. +- `vbond_transport_public_ip`: The public IP address for vBond's transport interface. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration. + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/template_cloudinit/meta/main.yml b/roles/template_cloudinit/meta/main.yml index ed97d53..bc29826 100644 --- a/roles/template_cloudinit/meta/main.yml +++ b/roles/template_cloudinit/meta/main.yml @@ -1 +1,17 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates + --- + +galaxy_info: + author: Arkadiusz Cichon + description: Role dedicated to template cloudinit configuration for Cisco SD-WAN devices + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: []