Cedge adoption

.ansible-lint

@@ -27,7 +27,11 @@ exclude_paths:
 verbosity: 1
 
 # # Mock modules or roles in order to pass ansible-playbook --syntax-check
-# mock_modules:
+mock_modules:
+  - amazon.aws.ec2_instance_info
+  - amazon.aws.ec2_eip_info
+  - azure.azcollection.azure_rm_publicipaddress_info
+  - azure.azcollection.azure_rm_virtualmachine_info
 #   - zuul_return
 #   # note the foo.bar is invalid as being neither a module or a collection
 #   - fake_namespace.fake_collection.fake_module

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: cisco
 name: sdwan_deployment
-version: 0.3.3
+version: 0.3.4
 readme: README.md
 authors:
   - Arkadiusz Cichon <[email protected]>

roles/aws_device_params/README.md

@@ -0,0 +1,55 @@
+# Ansible Role: aws_device_params
+
+The `aws_device_params` Ansible role reads params from cEdge devices deployed on AWS, so that they can be used through other roles.
+
+## Role Description
+
+The `aws_device_params` role generates deployment facts for already deployed cEdge devices. For each cEdge deployment facts contain information about its:
+- `hostname`
+- `admin_username`
+- `admin_password`
+- `mgmt_public_ip`
+- `transport_public_ip`
+- `service_interfaces`
+Additionally the role sets the `manager_authentication` variable, which can be used for logging to vManage in other roles.
+
+## Requirements
+
+- The `cisco.sdwan_deployment` collection installed.
+- Ansible 2.16 or higher.
+- Ansible AWS modules (`amazon.aws` collection) installed.
+- AWS CLI configured with the appropriate permissions to create and manage AWS resources.
+
+## Dependencies
+
+There are no external role dependencies. Only `cisco.sdwan_deployment` collection is required.
+
+### Required Variables
+
+- `aws_tag_creator`: Tag for identifying the creator of AWS resources.
+- `aws_region`: AWS region to host the resources.
+- `admin_password`: The admin password for virtual machine access.
+
+## Example Playbook
+
+Including an example of how to use your role (for instance, with variables passed in as parameters):
+
+```yaml
+- name: Read deployed cEdge parameters
+  hosts: localhost
+  gather_facts: false
+  vars:
+    aws_region: "us-east-1"
+    aws_tag_creator: "tag-creator"
+    admin_password: "password"  # pragma: allowlist secret
+  roles:
+    - cisco.sdwan_deployment.aws_device_params
+```
+
+## License
+
+"GPL-3.0-only"
+
+## Author Information
+
+This role was created by Przemyslaw Susko <[email protected]>

roles/aws_device_params/meta/main.yml

@@ -0,0 +1,17 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+
+---
+
+galaxy_info:
+  author: Przemyslaw Susko <[email protected]>
+  description: Deploy Cisco SD-WAN cEdges (C8000V) on AWS
+  license: GPL-3.0-or-later
+  min_ansible_version: "2.16.6"
+
+  galaxy_tags:
+    - cisco
+    - sdwan
+    - catalystwan
+    - networking
+
+dependencies: []

roles/aws_device_params/tasks/aws_cedge_ec2_instance.yml

@@ -0,0 +1,48 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+---
+
+- name: Get EIPs associated with the cEdge instances
+  amazon.aws.ec2_eip_info:
+    region: "{{ aws_region }}"
+    filters:
+      "tag:Creator": "{{ aws_tag_creator }}"
+      tag:Machine: "*{{ hostname }}*"
+  register: eip_info
+
+- name: Extract management public IP
+  ansible.builtin.set_fact:
+    mgmt_public_ip: "{{ (eip_info.addresses | selectattr('tags.VPN', 'equalto', '512') | map(attribute='public_ip') | first) | default(None) }}"
+    transport_public_ip: "{{ (eip_info.addresses | selectattr('tags.VPN', 'equalto', '0') | map(attribute='public_ip') | first) | default(None) }}"
+
+- name: Set service_interfaces fact
+  ansible.builtin.set_fact:
+    service_interfaces: []
+    last_index: 2
+
+- name: Append to service_interfaces
+  ansible.builtin.set_fact:
+    service_interfaces: "{{ service_interfaces + [{'addr': eip.private_ip_address, 'index': last_index}] }}"
+    last_index: "{{ last_index | int + 1 }}"
+  loop: "{{ eip_info.addresses }}"
+  loop_control:
+    loop_var: eip
+  when:
+    - eip.tags.VPN != '512'
+    - eip.tags.VPN != '0'
+
+- name: Set instance fact
+  ansible.builtin.set_fact:
+    instance:
+      hostname: "{{ hostname }}"
+      admin_username: "admin"
+      admin_password: "{{ admin_password }}"
+      mgmt_public_ip: "{{ mgmt_public_ip }}"
+      transport_public_ip: "{{ transport_public_ip }}"
+      service_interfaces: "{{ service_interfaces }}"
+
+- name: Update deployment facts
+  ansible.builtin.set_fact:
+    deployment_facts:
+      deployed_edge_instances: "{{ deployment_facts.deployed_edge_instances + [instance] }}"

roles/aws_device_params/tasks/main.yml

@@ -0,0 +1,53 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+---
+
+- name: Gather network resources information
+  ansible.builtin.include_role:
+    name: cisco.sdwan_deployment.aws_network_infrastructure
+    tasks_from: aws_gather_network_resources.yml
+
+- name: Gather information about EC2 instances with 'cedge' in their name
+  amazon.aws.ec2_instance_info:
+    region: "{{ aws_region }}"
+    filters:
+      "tag:Creator": "{{ aws_tag_creator }}"
+      "tag:Name": "*vManage*"
+  register: vmanage_ec2_info
+
+- name: Get EIPs associated with the vManage instances
+  amazon.aws.ec2_eip_info:
+    region: "{{ aws_region }}"
+    filters:
+      "tag:Creator": "{{ aws_tag_creator }}"
+      tag:Machine: "*{{ vmanage_ec2_info.instances | map(attribute='tags.Name') | list | first }}*"
+  register: vmanage_eip_info
+
+- name: Set manager authentication fact
+  ansible.builtin.set_fact:
+    manager_authentication:
+      url: "{{ vmanage_eip_info.addresses | selectattr('tags.VPN', 'equalto', '512') | map(attribute='public_ip') | first }}"
+      username: "admin"
+      password: "{{ admin_password }}"
+
+- name: Define deployment facts
+  ansible.builtin.set_fact:
+    deployment_facts:
+      deployed_edge_instances: []
+
+- name: Gather information about EC2 instances with 'cedge' in their name
+  amazon.aws.ec2_instance_info:
+    region: "{{ aws_region }}"
+    filters:
+      "tag:Creator": "{{ aws_tag_creator }}"
+      "tag:Name": "*cedge*"
+  register: cedge_ec2_info
+
+- name: Get params for cEdge
+  ansible.builtin.include_tasks: aws_cedge_ec2_instance.yml
+  vars:
+    hostname: "{{ host }}"
+  loop: "{{ cedge_ec2_info.instances | map(attribute='tags.Name') | list }}"
+  loop_control:
+    loop_var: host

roles/azure_device_params/README.md

@@ -0,0 +1,53 @@
+_# Ansible Role: azure_device_params
+
+The `azure_device_params` Ansible role reads params from cEdge devices deployed on Azure, so that they can be used through other roles.
+
+## Role Description
+
+The `azure_device_params` role generates deployment facts for already deployed cEdge devices. For each cEdge deployment facts contain information about its:
+- `hostname`
+- `admin_username`
+- `admin_password`
+- `mgmt_public_ip`
+- `transport_public_ip`
+- `service_interfaces`
+Additionally the role sets the `manager_authentication` variable, which can be used for logging to vManage in other roles.
+
+## Requirements
+
+- The `cisco.sdwan_deployment` collection installed.
+- Ansible 2.16 or higher.
+- Ansible Azure modules (`azure.azcollection` collection) installed.
+- Azure CLI configured with the necessary permissions to manage Azure resources.
+
+## Dependencies
+
+There are no external role dependencies. Only `cisco.sdwan_deployment` collection is required.
+
+### Required Variables
+
+- `admin_password`: The admin password for virtual machine access.
+- `az_resource_group`: The name of the Azure resource group for the deployment.
+
+## Example Playbook
+
+Including an example of how to use your role (for instance, with variables passed in as parameters):
+
+```yaml
+- name: Read deployed cEdge parameters
+  hosts: localhost
+  gather_facts: false
+  vars:
+    az_resource_group: "resource-group"
+    admin_password: "password"  # pragma: allowlist secret
+  roles:
+    - cisco.sdwan_deployment.azure_device_params
+```
+
+## License
+
+"GPL-3.0-only"
+
+## Author Information
+
+This role was created by Przemyslaw Susko <[email protected]>_

roles/azure_device_params/meta/main.yml

@@ -0,0 +1,17 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+
+---
+
+galaxy_info:
+  author: Przemyslaw Susko <[email protected]>
+  description: Deploy Cisco SD-WAN cEdges (C8000V) on AWS
+  license: GPL-3.0-or-later
+  min_ansible_version: "2.16.6"
+
+  galaxy_tags:
+    - cisco
+    - sdwan
+    - catalystwan
+    - networking
+
+dependencies: []

roles/azure_device_params/tasks/az_cedge_ec2_instance.yml

@@ -0,0 +1,42 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+---
+
+- name: Set mgmt and transport IP address facts
+  ansible.builtin.set_fact:
+    mgmt_public_ip: "{{ (public_ips | selectattr('tags.type', 'equalto', 'mgmt') | list | first).ip_address }}"
+    transport_public_ip: "{{ (public_ips | selectattr('tags.type', 'equalto', 'transport') | list | first).ip_address }}"
+
+- name: Get service NICs
+  azure.azcollection.azure_rm_networkinterface_info:
+    resource_group: "{{ az_resource_group }}"
+    tags:
+      - type:service
+  register: service_nic_info
+
+- name: Set helper facts
+  ansible.builtin.set_fact:
+    service_interfaces: []
+    last_index: 2
+    cedge_service_nic_info: "{{ service_nic_info.networkinterfaces | selectattr('tags.Name', 'search', hostname) | list }}"
+
+- name: Append to service_interfaces fact
+  ansible.builtin.set_fact:
+    service_interfaces: "{{ service_interfaces + [{'addr': item.ip_configurations[0].private_ip_address, 'index': last_index}] }}"
+  loop: "{{ cedge_service_nic_info }}"
+
+- name: Set instance fact
+  ansible.builtin.set_fact:
+    instance:
+      hostname: "{{ hostname }}"
+      admin_username: "admin"
+      admin_password: "{{ admin_password }}"
+      mgmt_public_ip: "{{ mgmt_public_ip }}"
+      transport_public_ip: "{{ transport_public_ip }}"
+      service_interfaces: "{{ service_interfaces }}"
+
+- name: Update deployment facts
+  ansible.builtin.set_fact:
+    deployment_facts:
+      deployed_edge_instances: "{{ deployment_facts.deployed_edge_instances + [instance] }}"

roles/azure_device_params/tasks/main.yml

@@ -0,0 +1,46 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+---
+
+- name: Verify if user session with Azure is active
+  ansible.builtin.include_role:
+    name: common
+    tasks_from: az_user_session_probe
+
+- name: Gather public IP addresses
+  azure.azcollection.azure_rm_publicipaddress_info:
+    resource_group: "{{ az_resource_group }}"
+  register: public_ip_info
+
+- name: Set manager authentication fact
+  ansible.builtin.set_fact:
+    manager_authentication:
+      url: "{{ public_ip_info.publicipaddresses |
+            selectattr('tags.Machine', 'search', 'vManage') |
+            selectattr('tags.type', 'equalto', 'mgmt') |
+            map(attribute='ip_address') |
+            list | first }}"
+      username: "admin"
+      password: "{{ admin_password }}"
+
+- name: Get all VMs
+  azure.azcollection.azure_rm_virtualmachine_info:
+    resource_group: "{{ az_resource_group }}"
+  register: vm_info
+
+- name: Filter cedge VMs
+  ansible.builtin.set_fact:
+    cedge_vms: "{{ vm_info.vms | selectattr('name', 'search', 'cedge') | list }}"
+
+- name: Define deployment facts
+  ansible.builtin.set_fact:
+    deployment_facts:
+      deployed_edge_instances: []
+
+- name: Get params for cEdge
+  ansible.builtin.include_tasks: az_cedge_ec2_instance.yml
+  vars:
+    hostname: "{{ item.name }}"
+    public_ips: "{{ public_ip_info.publicipaddresses | selectattr('tags.Machine', 'equalto', item.name) | list }}"
+  loop: "{{ cedge_vms }}"