cisco-en-programmability · sashiv20 · Apr 16, 2024 · Apr 4, 2024 · Apr 4, 2024 · Apr 4, 2024
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,7 +1,7 @@
 ---
 # .ansible-lint
 
-profile: null # min, basic, moderate,safety, shared, production
+profile: production # min, basic, moderate, safety, shared, production
 
 # Allows dumping of results in SARIF format
 # sarif_file: result.sarif
@@ -13,8 +13,12 @@ exclude_paths:
   - .dev_dir/dev_vars.yml
   - .dev_dir/example_dev_vars.yml
   - playbooks/results/
-  - playbooks/sdwan_config*
+  - playbooks/aws_sdwan_config*
+  - playbooks/azure_sdwan_config*
+  - playbooks/template_cloudinit.yml
+  - playbooks/template_cloudinit_config.yml
   - playbooks/specific_edges_to_teardown.yml
+  - roles/aws_teardown/tasks/main.yml
 # parseable: true
 # quiet: true
 # strict: true

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -7,7 +7,7 @@ repos:
       - id: trailing-whitespace
 
   - repo: https://github.com/ansible-community/ansible-lint.git
-    rev: v24.2.0 # latest release tag from https://github.com/ansible-community/ansible-lint/releases/
+    rev: v24.2.1 # latest release tag from https://github.com/ansible-community/ansible-lint/releases/
     hooks:
       - id: ansible-lint
         files: \.(yaml|yml)$
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
-# Cisco SD-WAN Deployment on AWS using Ansible
+# Cisco SD-WAN Deployment on AWS and Azure using Ansible
 
-Ansible roles and playbooks for deployment and teardown of Cisco SD-WAN on AWS.
+Ansible roles and playbooks for deployment and teardown of Cisco SD-WAN on AWS and Azure.
 
 ## Table of Contents
 
@@ -9,6 +9,7 @@ Ansible roles and playbooks for deployment and teardown of Cisco SD-WAN on AWS.
 - [Prerequisites](#prerequisites)
 - [Getting Started](#getting-started)
 - [Troubleshooting](#troubleshooting)
+- [Useful Links](#useful-links)
 - [Contact Information](#contact-information)
 - [License](#license)
 - [Contributing](#contributing)
@@ -24,14 +25,19 @@ This repository includes:
 - `aws_edges`
 - `aws_teardown`
 - `common`
+- `azure_controllers`
+- `azure_edges`
+- `azure_teardown`
+- `azure_controllers`
+- `template_cloudinit`
 
 Ansible roles, which can be used to automate the deployment (and teardown) of SD-WAN systems on the AWS cloud.
 
-In order to have more convenient way of handling next onboarding processes, the `aws` role is generating files via:
+In order to have more convenient way of handling next onboarding processes, the `aws` and `azure` roles are generating files via:
 
-- `roles/aws_controllers/tasks/generate_deployment_facts.yml` and
+- `roles/common/tasks/generate_deployment_facts_controllers.yml` and
 
-- `roles/aws_edges/tasks/generate_deployment_facts.yml`
+- `roles/common/tasks/generate_deployment_facts_edges.yml`
 
 Path of this output file customizable via `results_dir` `results_path_controllers` and `results_path_edges` variables in input config file.
 
@@ -42,20 +48,21 @@ Path of this output file customizable via `results_dir` `results_path_controller
 Current coverage:
 
 - [x] Deployment on AWS
+- [x] Deployment on Azure
 - [x] Deployment of:
   - [x] vManage
   - [x] vBond
   - [x] vSmart
   - [x] cEdge
 - [x] Local installation via Ansible Galaxy
 - [x] Installation via git repository link
+- [x] Migration to CiscoDevNet/Cisco Open
+- [x] Separate role for cloudinit templating
 
 Future Goals:
 
 - [ ] Provide AWX (web-based user interface)
-- [ ] Migrate to CiscoDevNet/Cisco Open
 - [ ] Share roles via Ansible Galaxy
-- [ ] Deployment on Azure
 - [ ] Deployment on GCP
 - [ ] Support for cluster deployment
 - [ ] Enhance cloud-init configuration (complex bringup)
@@ -64,12 +71,13 @@ Future Goals:
 
 ## Prerequisites
 
+This collection is based on `ansible-core==2.16`, see [ansible-core-support-matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix).
+
 Before you begin, ensure you have met the following requirements:
 
-- You have installed Ansible
-- You have installed Python
-- You have an AWS account with the necessary permissions.
-- You have access to a Cisco SD-WAN AMIs on AWS.
+- You have installed Python 3.10 - 3.12
+- You have an AWS or Azure account with the necessary permissions
+- You have access to a Cisco SD-WAN AMIs on AWS or images on Azure
 
 ---
 
@@ -85,13 +93,13 @@ In `requirements.yml` inside your project add:
   version: main
 ```
 
-Note: If you are not using full ansible installation, you might install also aws.collection by adding:
+Note: If you are not using full ansible installation, you might install also `aws.collection` and `azure.azcollection` by adding:
 
 ```yml
-- name: amazon.aws
-  version: 6.5.0
-- name: azure.azcollection
-  version: 1.19.0
+  - name: amazon.aws
+    version: 6.5.0
+  - name: azure.azcollection
+    version: 1.19.0
 ```
 
 to `requirements.yml` inside your project.
@@ -116,11 +124,11 @@ pip install -r requirements.txt
 
 There are configuration files which has been initially filled with values:
 
-- `.playbooks/sdwan_config_20_12.yml`
-
-- `.playbooks/sdwan_config_20_13.yml`
+- `.playbooks/aws_sdwan_config_20_12.yml`
+- `.playbooks/aws_sdwan_config_20_13.yml`
+- `.playbooks/azure_sdwan_config.yml`
 
-Both files are supplemented by config from `roles/aws_*/vars/example_main.yml` and defaults from `roles/aws_*/defaults/main.yml`
+Both files are supplemented by config defaults from all roles.
 
 NOTE: You can call the variables file any name, but remember to choose one option:
 
@@ -133,59 +141,63 @@ NOTE: You can call the variables file any name, but remember to choose one optio
     - aws_network_infrastructure
     - aws_controllers
   vars_files:
-    - ./playbooks/sdwan_config_20_12.yml
+    - ./playbooks/aws_sdwan_config_20_12.yml
 ```
 
 - or pass the variables by directly including your configuration file with:
 
 ```bash
-ansible-playbook playbooks/deploy_controllers_20_12.yml -e "@./playbooks/sdwan_config_20_12.yml"
+ansible-playbook playbooks/aws_deploy_controllers_20_12.yml -e "@./playbooks/aws_sdwan_config_20_12.yml"
 ```
 
 (notice @ that suggest we are reffering to the file)
 
-### Deploying Cisco SD-WAN on AWS
+### Deploying Cisco SD-WAN
+
+To deploy Cisco SD-WAN on AWS or Azure, run the example playbook using roles:
 
-To deploy Cisco SD-WAN on AWS, run the example playbook using roles:
+For AWS:
 
 - `aws_network_infrastructure`
 - `aws_controllers`
 - `aws_edges`
 
+For Azure:
+
+- `azure_network_infrastructure`
+- `azure_controllers`
+- `azure_edges`
+
 </br>
 
-Current version of this solution assumes that you have used `aws configure` command (AWS CLI) to set your credentials. #TODO other auth methods
+Current version of this solution assumes that users will authenticate with their cloud providers in order to run ansible playbooks. See [Useful Links](#useful-links).
 
 We provided example playbooks that you can execute with:
 
 ```bash
-ansible-playbook playbooks/deploy_controllers_20_12.yml
+ansible-playbook playbooks/aws_deploy_controllers.yml
+ansible-playbook playbooks/aws_deploy_edges.yml
 ```
 
 or
 
 ```bash
-ansible-playbook playbooks/deploy_controllers_20_13.yml
-```
-
-and:
-
-```bash
-ansible-playbook deploy_edges_20_12.yml
+ansible-playbook playbooks/azure_deploy_controllers.yml
+ansible-playbook playbooks/azure_deploy_edges.yml
 ```
 
 For desired changes, please update configuration files.
 
 ### Tearing down Cisco SD-WAN on AWS
 
-To teardown the deployed system, run the example playbook using the `aws_teardown` role.
+To teardown the deployed system, run the example playbook using the `aws_teardown` role or `azure_teardown`.
 
 ```bash
-ansible-playbook ./playbooks/teardown_20_12.yml
+ansible-playbook ./playbooks/aws_teardown_20_12.yml
 
 or
 
-ansible-playbook ./playbooks/teardown_20_13.yml
+ansible-playbook ./playbooks/azure_teardown.yml
 ```
 
 If you want to teardown only specific ec2 instances (with their EiPs and NICs associated):
@@ -202,6 +214,12 @@ teardown_specific_instances:
   - "acich-ansible-cedge-222"
 ```
 
+### Generating cloud-init configuration
+
+Role `template_cloudinit` provide tasks that can generate `cloudinit` (also known as `userdata`) configuration, without deployment of any machines.
+Examples usage of `template_cloudinit` role can be taken from `playbooks/template_cloudinit.yml`. Note, that in this example playbook, configuration file
+is used from `playbooks/template_cloudinit.yml`.
+
 ---
 
 ## Troubleshooting
@@ -216,14 +234,33 @@ is "allow-listed". See `aws_allowed_subnets` in `roles/aws_controllers/defaults/
 If vManage is not starting NMS service:
 
 - check if your disk /opt/data is more than 20% free. Otherwise that case shutdown application as well
-- remember to use at least `c5.9xlarge` instance type for vManage in AWS
+- remember to make sure the sdwan manager and other sdwan virtual machines are right sized for your deployment needs - cisco's server recommendations are available here: [server-requirements](https://www.cisco.com/c/en/us/td/docs/routers/sdwan/release/notes/compatibility-and-server-recommendations/server-requirements.html)
 
 ---
 
 ## Compatibility
 
-We are supporting python3.8 currently.
-Ansible-lint is 6.11
+Note that azure collection python requirements include package `uamqp` which can generate wheel issues.
+For MacOS you migth install cmake: `brew install cmake` and: `pip install cmake`.
+Then install working `uamqp` package (which is below `v1.6.9`) with: `pip install uamqp==1.6.8`.
+
+---
+
+## Useful links
+
+### AWS CLI
+
+- [Installing AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
+- [Configuring the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)
+
+### AWS Authentication
+
+- [Understanding and Getting Your Security Credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html)
+- [Configuring AWS Credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)
+
+### Azure Authentication
+
+- [Authenticating with Azure](https://docs.ansible.com/ansible/latest/scenario_guides/guide_azure.html#authenticating-with-azure)
 
 ---
 

diff --git a/playbooks/deploy_controllers_20_12.yml → playbooks/aws_deploy_controllers.yml b/playbooks/deploy_controllers_20_12.yml → playbooks/aws_deploy_controllers.yml
@@ -6,4 +6,4 @@
     - aws_network_infrastructure
     - aws_controllers
   vars_files:
-    ./sdwan_config_20_12.yml
+    ./aws_sdwan_config_20_12.yml
diff --git a/playbooks/deploy_edges_20_12.yml → playbooks/aws_deploy_edges.yml b/playbooks/deploy_edges_20_12.yml → playbooks/aws_deploy_edges.yml
@@ -6,4 +6,4 @@
   roles:
     - aws_edges
   vars_files:
-    ./sdwan_config_20_12.yml
+    ./aws_sdwan_config_20_12.yml
diff --git a/playbooks/sdwan_config_20_12.yml → playbooks/aws_sdwan_config_20_12.yml b/playbooks/sdwan_config_20_12.yml → playbooks/aws_sdwan_config_20_12.yml
@@ -6,7 +6,14 @@
 
 organization_name: null
 
-
+# aws_allowed_subnets is list of subnets, that are allowed to access your instances via security group in AWS
+# See https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html to learn more
+#
+# example configuration is:
+# aws_allowed_subnets:
+#   - 15.15.0.0/16
+#   - 10.10.0.0/16
+aws_allowed_subnets: null
 
 #####################################
 #     General AWS configuration     #
@@ -51,6 +58,7 @@ aws_key_name: null
 
 
 
+
 ##########################################
 #     SD-WAN Instances configuration     #
 ##########################################
@@ -59,7 +67,8 @@ aws_key_name: null
 admin_username: admin
 admin_password: Cisco#123@Viptela
 vbond_port: 12346
-# vpn0_interface_color: default
+# vbond_transport_private_ip: null   # note that default: 192.168.1.199
+# vbond_transport_public_ip: null    # note that default: 192.168.1.199
 
 
 

diff --git a/playbooks/sdwan_config_20_13.yml → playbooks/aws_sdwan_config_20_13.yml b/playbooks/sdwan_config_20_13.yml → playbooks/aws_sdwan_config_20_13.yml
@@ -6,7 +6,14 @@
 
 organization_name: null
 
-
+# aws_allowed_subnets is list of subnets, that are allowed to access your instances via security group in AWS
+# See https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html to learn more
+#
+# example configuration is:
+# aws_allowed_subnets:
+#   - 15.15.0.0/16
+#   - 10.10.0.0/16
+aws_allowed_subnets: null
 
 #####################################
 #     General AWS configuration     #

diff --git a/playbooks/teardown_20_12.yml → playbooks/aws_teardown_20_12.yml b/playbooks/teardown_20_12.yml → playbooks/aws_teardown_20_12.yml
@@ -1,5 +1,5 @@
 ---
-- name: Teardown Cisco SD-WAN versions 20.13 on AWS
+- name: Teardown Cisco SD-WAN versions 20.12 on AWS
   hosts: localhost
   gather_facts: false
   roles:

diff --git a/playbooks/teardown_only_edges.yml → playbooks/aws_teardown_only_edges.yml b/playbooks/teardown_only_edges.yml → playbooks/aws_teardown_only_edges.yml
@@ -6,5 +6,5 @@
   roles:
     - aws_teardown
   vars_files:
-    - ./sdwan_config.yml
+    - ./aws_sdwan_config_20_12.yml
     - ./specific_edges_to_teardown.yml
diff --git a/playbooks/azure_deploy_controllers.yml b/playbooks/azure_deploy_controllers.yml
@@ -0,0 +1,12 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+---
+- name: Deploy Cisco SD-WAN controllers on Azure
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    ./azure_sdwan_config.yml
+  roles:
+    - azure_network_infrastructure
+    - azure_controllers
diff --git a/playbooks/azure_deploy_edges.yml b/playbooks/azure_deploy_edges.yml
@@ -0,0 +1,11 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+---
+- name: Deploy Cisco SD-WAN cEedge devices on Azure
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    ./azure_sdwan_config.yml
+  roles:
+    - azure_edges