diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml deleted file mode 100644 index 4c796c1..0000000 --- a/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,15 +0,0 @@ -# .github/workflows/ansible-lint.yml -name: Ansible Lint - -on: [pull_request, push] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Run ansible-lint - uses: ansible/ansible-lint@main # or version tag instead of 'main' diff --git a/.github/workflows/galaxy-importer.yml b/.github/workflows/galaxy-importer.yml new file mode 100644 index 0000000..29a959c --- /dev/null +++ b/.github/workflows/galaxy-importer.yml @@ -0,0 +1,59 @@ +# Its role is to performe the same checks that would be performed when publishing to galaxy +# Running them earlier helps to detect issues locally + +name: galaxy-importer + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + pull_request: + branches: + - main + +jobs: + galaxy-importer: + runs-on: + - ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Get collection namespace and name from galaxy.yml + id: collection-name + run: | + NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then + echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml" + exit 1 + fi + echo "Collection namespace is $NAMESPACE" + echo "Collection name is $NAME" + echo "Collection version is $VERSION" + echo "COLLECTION_NAMESPACE=$NAMESPACE" >> $GITHUB_ENV + echo "COLLECTION_NAME=$NAME" >> $GITHUB_ENV + echo "COLLECTION_VERSION=$VERSION" >> $GITHUB_ENV + + - name: Install Ansible and importer + run: | + pip install ansible==9.4.0 + pip install ansible-importer + pip install galaxy-importer + + - name: Build and install the collection + run: | + ansible-galaxy collection build $GITHUB_WORKSPACE --force + ansible-galaxy collection install $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz + + - name: Run ac-galaxy-importer + run: | + python -m galaxy_importer.main $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml new file mode 100644 index 0000000..b5487ce --- /dev/null +++ b/.github/workflows/linters.yml @@ -0,0 +1,38 @@ +# .github/workflows/ansible-lint.yml +name: Ansible Lint + +on: + pull_request: + + push: + branches: + - main + +jobs: + analyze-code: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ['3.10'] + defaults: + run: + shell: sh + + + steps: + - name: Check out the repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Run ansible-lint + uses: ansible/ansible-lint@main # or version tag instead of 'main' + + - name: Install detect-secrets + run: pip install detect-secrets==1.4.0 + + - name: Run detect-secrets + run: detect-secrets scan diff --git a/.github/workflows/release-from-tag.yml b/.github/workflows/release-from-tag.yml new file mode 100644 index 0000000..65ab392 --- /dev/null +++ b/.github/workflows/release-from-tag.yml @@ -0,0 +1,70 @@ +name: Release to ansible-galaxy from tag + +on: + push: + tags: + - 'v*.*.*' + +jobs: + publish-release: + runs-on: + - ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Get collection version from galaxy.yml + id: collection-version + run: | + NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then + echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml" + exit 1 + fi + echo "Collection namespace is $NAMESPACE" + echo "Collection name is $NAME" + echo "Collection version is $VERSION" + echo "AC_NAMESPACE=$NAMESPACE" >> "$GITHUB_ENV" + echo "AC_NAME=$NAME" >> "$GITHUB_ENV" + echo "AC_VERSION=$VERSION" >> "$GITHUB_ENV" + + - name: Get Git tag + id: git-tag + run: | + TAG=${GITHUB_REF#refs/tags/} + echo "Git tag is $TAG" + echo "GIT_TAG=$TAG" >> "$GITHUB_ENV" + + - name: Compare collection version and Git tag + shell: bash + run: | + if [[ "v$AC_VERSION" == "$GIT_TAG" ]]; then + echo "The collection version matches the Git tag." + else + echo "Error: The collection version ($AC_VERSION) does not match the Git tag ($GIT_TAG)." + exit 1 + fi + + - name: Install Ansible + run: | + pip install ansible==9.4.0 + + - name: Build collection + run: | + ansible-galaxy collection build $GITHUB_WORKSPACE --force + + - name: Check collection install locally to verify tar.gz correctness + run: | + ansible-galaxy collection install $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz + + - name: Publish Collection to Ansible-Galaxy + run: | + ansible-galaxy collection publish $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz --api-key "${{ secrets.ANSIBLE_GALAXY_API_KEY }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2b575ce..26c5838 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,3 +11,8 @@ repos: hooks: - id: ansible-lint files: \.(yaml|yml)$ + + - repo: https://github.com/Yelp/detect-secrets + rev: v1.4.0 + hooks: + - id: detect-secrets diff --git a/README.md b/README.md index 8a8903a..4bb5d10 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,16 @@ Ansible roles and playbooks for deployment and teardown of Cisco SD-WAN on AWS a - [Overview](#overview) - [Roadmap](#roadmap) -- [Prerequisites](#prerequisites) -- [Getting Started](#getting-started) +- [Requirements](#requirements) +- [Installing this collection](#installing-this-collection) +- [Using this collection](#using-this-collection) - [Troubleshooting](#troubleshooting) - [Useful Links](#useful-links) - [Contact Information](#contact-information) - [License](#license) - [Contributing](#contributing) +- [Code of Conduct](#code-of-conduct) +- [Releasing, Versioning and Deprecation](#releasing-versioning-and-deprecation) --- @@ -24,7 +27,7 @@ This repository includes: - `aws_controllers` - `aws_edges` - `aws_teardown` -- `common` +- cisco.sdwan_deployment.common` - `azure_controllers` - `azure_edges` - `azure_teardown` @@ -69,9 +72,9 @@ Future Goals: --- -## Prerequisites +## Requirements -This collection is based on `ansible-core==2.16`, see [ansible-core-support-matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix). +This collection is based on `ansible-core==2.16.6`, see [ansible-core-support-matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix). Before you begin, ensure you have met the following requirements: @@ -79,11 +82,19 @@ Before you begin, ensure you have met the following requirements: - You have an AWS or Azure account with the necessary permissions - You have access to a Cisco SD-WAN AMIs on AWS or images on Azure +### Python dependencies + +The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip: + +```bash +pip install -r requirements.txt +``` + --- -## Getting started +## Installing this collection -### Using collection in your playbooks +### Using `requirements.yml` In `requirements.yml` inside your project add: @@ -110,13 +121,7 @@ At the end always run: ansible-galaxy install -r requirements.yml ``` -### Python dependencies - -The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip: - -```bash -pip install -r requirements.txt -``` +## Using this collection ### Prepare your configuration @@ -274,3 +279,11 @@ See [LICENSE](./LICENSE) file. ## Contributing See [Contributing](./docs/CONTRIBUTING.md) file. + +## Code of Conduct + +See [Code of Conduct](./docs/CODE_OF_CONDUCT.md) file. + +## Releasing, Versioning and Deprecation + +This collection follows Semantic Versioning. More details on versioning can be found in [Understanding collection versioning](https://docs.ansible.com/ansible/latest/dev_guide/developing_collections_distributing.html#understanding-collection-versioning). diff --git a/galaxy.yml b/galaxy.yml index a7e1628..9cc5810 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,70 +1,24 @@ -# The namespace of the collection. This can be a company/brand/organization or product namespace under which all -# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with -# underscores or numbers and cannot contain consecutive underscores namespace: cisco - -# The name of the collection. Has the same character restrictions as 'namespace' name: sdwan_deployment - -# The version of the collection. Must be compatible with semantic versioning version: 0.1.0 - -# The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md - -# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) -# @nicks:irc/im.site#channel' authors: - Arkadiusz Cichon +description: Ansible collection to deploy Cisco SD-WAN on AWS and Azure -### OPTIONAL but strongly recommended -# A short summary description of the collection -description: Ansible collection to deploy Cisco SD-WAN on AWS (Azure in roadmap) +repository: https://github.com/cisco-open/ansible-collection-sdwan-deployment +documentation: https://github.com/cisco-open/ansible-collection-sdwan-deployment/blob/main/README.md +homepage: https://github.com/cisco-open/ansible-collection-sdwan-deployment +issues: https://github.com/cisco-open/ansible-collection-sdwan-deployment/issues -# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only -# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' license: - - "Apache-2.0" + - "GPL-3.0-only" -# The path to the license file for the collection. This path is relative to the root of the collection. This key is -# mutually exclusive with 'license' -# license_file: '' #TODO - -# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character -# requirements as 'namespace' and 'name' tags: - - demo - - collection - - cloud - - infrastructure + - cisco + - sdwan + - catalystwan + - networking -# Collections that this collection requires to be installed for it to be usable. The key of the dict is the -# collection label 'namespace.name'. The value is a version range -# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version -# range specifiers can be set and are separated by ',' dependencies: {} - -# The URL of the originating SCM repository -repository: https://github.com/cisco-open/ansible-collection-sdwan-deployment - -# The URL to any online docs -documentation: https://github.com/cisco-open/ansible-collection-sdwan-deployment/blob/main/README.md - -# The URL to the homepage of the collection/project -homepage: http://cisco.com - -# The URL to the collection issue tracker -issues: https://github.com/cisco-open/ansible-collection-sdwan-deployment/issues - -# A list of file glob-like patterns used to filter any files or directories that should not be included in the build -# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This -# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', -# and '.git' are always filtered. Mutually exclusive with 'manifest' build_ignore: [] - -# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a -# list of MANIFEST.in style -# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key -# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive -# with 'build_ignore' -# manifest: null diff --git a/meta/runtime.yml b/meta/runtime.yml index 1add115..f3a037e 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,2 +1,3 @@ --- -requires_ansible: ">=2.15.6" + +requires_ansible: '>=2.16.6' diff --git a/playbooks/aws_sdwan_config.yml b/playbooks/aws_sdwan_config.yml index 9c1d527..63abecf 100644 --- a/playbooks/aws_sdwan_config.yml +++ b/playbooks/aws_sdwan_config.yml @@ -65,7 +65,7 @@ aws_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 # vbond_transport_private_ip: null # note that default: 192.168.1.199 # vbond_transport_public_ip: null # note that default: 192.168.1.199 diff --git a/playbooks/template_cloudinit_config.yml b/playbooks/template_cloudinit_config.yml index 8130b47..86c7f28 100644 --- a/playbooks/template_cloudinit_config.yml +++ b/playbooks/template_cloudinit_config.yml @@ -18,7 +18,7 @@ cloud_provider: null # can be either aws or azure # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 vbond_transport_private_ip: null vbond_transport_public_ip: null diff --git a/roles/aws_controllers/README.md b/roles/aws_controllers/README.md new file mode 100644 index 0000000..c6461da --- /dev/null +++ b/roles/aws_controllers/README.md @@ -0,0 +1,75 @@ +# Ansible Role: aws_controllers + +The `aws_controllers` Ansible role is designed to deploy a Cisco SD-WAN controller topology on AWS cloud infrastructure. It follows the topology outlined in the official Cisco documentation and currently supports the deployment of vManage, vBond, and vSmart instances. + +NOTE: Role must be used on localhost - API requests to AWS via boto are done from local machine. + +## Role description + +The `aws_controllers` role automates the deployment of Cisco SD-WAN controllers (vManage, vBond, and vSmart) in AWS. Key functionalities include: + +- Validating AWS dependencies and user sessions. +- Discovering or using provided network infrastructure settings. +- Ensuring all required deployment variables are set. +- Creating EC2 instances for each controller type and managing deployment order. +- Storing deployment data and verifying instance reachability post-setup. + +## Requirements + +- `cisco.sdwan_deployment` collection installed +- Ansible 2.16 or higher. +- Ansible AWS modules (`amazon.aws` collection) installed. +- Boto3 and Botocore Python libraries installed on the controlling machine to interact with AWS APIs. +- AWS CLI configured with the appropriate permissions to create and manage AWS resources. +- AWS EC2 AMIs for vManage, vBond, and vSmart instances must be available in your AWS account. + +## Dependencies + +- A role named `cisco.sdwan_deployment.common` that provides tasks for checking AWS boto3 requirements, probing user sessions, and asserting required variables. +- A role named `aws_network_infrastructure` that gathers information about the network resources if not already provided by the user. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `organization_name`: Name of the organization deploying the controllers. Must be defined by the user. +- `aws_region`: AWS region where resources will be deployed (default: `us-east-1`). +- `aws_vpc_name`, `aws_security_group_name`: Default naming convention for VPC and security group. +- `aws_tag_creator`: Tag used to mark resources created in AWS. +- `aws_key_name`: AWS SSH key pair name. +- `admin_username`, `admin_password`: Default credentials for controllers. +- `vbond_port`, `default_vbond_ip`: Default port and IP for vBond. +- `aws_vmanage_ami_id`, `aws_vmanage_instance_type`: AMI ID and instance type for vManage. +- `aws_vbond_ami_id`, `aws_vbond_instance_type`: AMI ID and instance type for vBond. +- `aws_vsmart_ami_id`, `aws_vsmart_instance_type`: AMI ID and instance type for vSmart. +- `site_id_vmanage`, `site_id_vbond`, `site_id_vsmart`: Default site IDs for each controller. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory to store deployment results. +- `aws_deployed_controllers_data`: File to store data of deployed controllers. +- `userdata_vmanage_path`, `userdata_vbond_path`, `userdata_vsmart_path`: Paths to user data configurations for each controller type. + +### Required Variables + +The following variables must be set prior to executing the role: + +- `organization_name`: The name of your organization, used as a prefix for Azure resources. +- `az_location`: The Azure region where resources will be deployed. +- `az_resource_group`: The name of the Azure resource group for the deployment. +- `az_network_security_group`: The name of the Azure Network Security Group. +- `az_subnets`: A list of subnet definitions for the Azure Virtual Network. +- `admin_username`: Administrator username for the SD-WAN controller instances. +- `admin_password`: Administrator password for the SD-WAN controller instances. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/aws_controllers/defaults/main.yml b/roles/aws_controllers/defaults/main.yml index fc61fa4..4f1926b 100644 --- a/roles/aws_controllers/defaults/main.yml +++ b/roles/aws_controllers/defaults/main.yml @@ -28,7 +28,7 @@ aws_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # default ips from official Cisco guides # vpn0_interface_color: default diff --git a/roles/aws_controllers/meta/main.yml b/roles/aws_controllers/meta/main.yml index ed97d53..ca86a3f 100644 --- a/roles/aws_controllers/meta/main.yml +++ b/roles/aws_controllers/meta/main.yml @@ -1 +1,17 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates + --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Cisco SD-WAN Controllers on AWS + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/aws_edges/README.md b/roles/aws_edges/README.md new file mode 100644 index 0000000..7748d87 --- /dev/null +++ b/roles/aws_edges/README.md @@ -0,0 +1,77 @@ +# AWS Edges Ansible Role Documentation + +## Overview + +The `aws_edges` role, part of the `cisco.sdwan_deployment` collection, facilitates the deployment of Cisco SD-WAN edge devices (cEdges) within an AWS environment. + +NOTE: Role must be used on localhost - API requests to AWS via boto are done from local machine. + +## Role description + +The `aws_edges` role is an essential component of the `cisco.sdwan_deployment` collection and focuses on the automated deployment of Cisco SD-WAN edge devices (cEdges) in the AWS cloud. Key functionalities include: + +- Validating dependencies on boto3 and botocore for AWS interactions. +- Confirming the presence of an active AWS user session. +- Discovering or incorporating provided network configurations such as VPC, security groups, and subnets. +- Asserting the availability of all necessary variables for the deployment of edge devices. +- Deploying EC2 instances for cEdge devices and configuring them according to specified parameters. +- Organizing deployment results and confirming the operational status of the instances through SSH reachability checks. + +## Requirements + +- `cisco.sdwan_deployment` collection installed +- Ansible 2.16 or higher. +- Ansible AWS modules (`amazon.aws` collection) installed. +- Boto3 and Botocore Python libraries installed on the controlling machine to interact with AWS APIs. +- AWS CLI configured with the appropriate permissions to create and manage AWS resources. +- AWS EC2 AMIs for vManage, vBond, and vSmart instances must be available in your AWS account. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that provides tasks for AWS boto3 requirements, user session checks, variable verifications, instance checks, and deployment fact gathering. +- Prepared network infrastructure used to deploy instances to (VPC, subnets etc.) + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `organization_name`: Name of the organization. Must be defined by the user. +- `aws_region`: AWS region where resources will be deployed (default: `us-east-1`). +- `aws_vpc_name`, `aws_security_group_name`: Defaults for naming VPC and security group resources. +- `aws_tag_creator`: Tag for identifying the creator of AWS resources. +- `aws_key_name`: AWS SSH key pair name for EC2 instances. +- `admin_username`, `admin_password`: Default admin credentials for edge devices. +- `vbond_port`, `default_vbond_ip`: Default vBond communication settings. +- `aws_cedge_ami_id`, `aws_cedge_instance_type`: AMI ID and instance type for cEdge devices. +- `edge_instances`: List of edge device instances to be deployed. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory where deployment results will be stored. +- `aws_deployed_edges_data`: File to store data of deployed edge devices. +- `userdata_cedge_path`: Path to the user data configuration for cEdge devices. + +### Required variables + +The following variables must be set prior to executing the role: + +- `organization_name`: Identifier for your organization, used for naming AWS resources. +- `aws_region`: AWS region to host the resources. +- `aws_availibility_zone`: Specific AWS availability zone within the selected region. +- `admin_password`: Password for administrative access to controller instances. +- `aws_vpc_config`: Configuration details for the AWS VPC. +- `aws_security_group_config`: Settings for the AWS security group. +- `aws_subnets_config`: Specifications for the AWS subnets. +- `aws_cedge_ami_id`: AMI ID for the Cisco Edge compute instances. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/aws_edges/defaults/main.yml b/roles/aws_edges/defaults/main.yml index 4bb0343..410f11d 100644 --- a/roles/aws_edges/defaults/main.yml +++ b/roles/aws_edges/defaults/main.yml @@ -28,7 +28,7 @@ aws_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # default ips from official Cisco guides # vpn0_interface_color: default diff --git a/roles/aws_edges/meta/main.yml b/roles/aws_edges/meta/main.yml index ed97d53..5ad3eb1 100644 --- a/roles/aws_edges/meta/main.yml +++ b/roles/aws_edges/meta/main.yml @@ -1 +1,17 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates + --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Cisco SD-WAN cEdges (C8000V) on AWS + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/aws_network_infrastructure/README.md b/roles/aws_network_infrastructure/README.md new file mode 100644 index 0000000..d21be6b --- /dev/null +++ b/roles/aws_network_infrastructure/README.md @@ -0,0 +1,70 @@ +# AWS Network Infrastructure Ansible Role Documentation + +## Overview + +The role provided here is designed to establish foundational network infrastructure within an AWS environment as a prerequisite for deploying other resources. + +NOTE: This role should be executed on localhost as it performs API requests to AWS via boto from the local machine. + +## Role Description + +This role focuses on creating and configuring the necessary network components in AWS, such as VPCs, subnets, security groups, and internet gateways. The key functionalities include: + +- Validating boto3 and botocore dependencies, ensuring that AWS SDKs are available for Python. +- Confirming the user's AWS session is active for making API requests. +- Asserting that all required variables are provided to configure the network infrastructure. +- Preparing a results directory to store infrastructure deployment information. +- Creating and managing AWS network infrastructure elements using the provided configurations. + +## Requirements + +- `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible AWS modules (`amazon.aws` collection) installed. +- Boto3 and Botocore Python libraries installed on the controlling machine to interact with AWS APIs. +- AWS CLI configured with the appropriate permissions to create and manage AWS resources. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that includes tasks for checking AWS boto3 requirements, probing the user's AWS session, and verifying required variables. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `aws_allowed_subnets`: VPN subnets allowed to connect to AWS Elastic IPs. +- `organization_name`: Name of the organization. Must be defined by the user. +- `aws_region`: AWS region where resources will be deployed (default: `us-east-1`). +- `aws_availibility_zone`: AWS availability zone for resource deployment (default: `us-east-1a`). +- `aws_vpc_name`, `aws_vpc_cidr`: Defaults for naming and CIDR of the VPC. +- `aws_igw_name`: Name for the AWS Internet Gateway. +- `aws_subnets`: List of subnet configurations for the VPC. +- `aws_route_table_name`: Name for the VPC's route table. +- `aws_security_group_name`: Name for the security group. +- `aws_vpn_name`, `aws_eip_name`, `aws_nacl_name`: Names for VPN, Elastic IP, and network ACL. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory where deployment results will be stored. +- `aws_deployed_network_data`: File to store data of deployed network components. + +### Required Variables + +Before running the role, define the following variables: + +- `organization_name`: The name of your organization, influencing AWS resource naming. +- `aws_region`: The AWS region for deploying resources. +- `aws_availibility_zone`: The desired AWS availability zone within the region. +- `aws_allowed_subnets`: List of subnets allowed to interact with the AWS resources. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/aws_network_infrastructure/meta/main.yml b/roles/aws_network_infrastructure/meta/main.yml index aa997b8..aadbb9c 100644 --- a/roles/aws_network_infrastructure/meta/main.yml +++ b/roles/aws_network_infrastructure/meta/main.yml @@ -1,4 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Network resource (VPCs, IGws, subnets etc.) required for Cisco SD-WAN Infrastructure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/aws_teardown/README.md b/roles/aws_teardown/README.md new file mode 100644 index 0000000..e81f2eb --- /dev/null +++ b/roles/aws_teardown/README.md @@ -0,0 +1,55 @@ +# AWS Teardown Ansible Role Documentation + +## Overview + +The `aws_teardown` role is designed to safely decommission and remove AWS resources that were previously deployed, ensuring that all associated components are properly cleaned up. + +NOTE: This role should be executed on localhost as it performs API requests to AWS via boto from the local machine. + +## Role Description + +This role provides a systematic approach to tearing down AWS resources, with a strong emphasis on safety and confirmation. Key functionalities include: + +- Prompting the user for confirmation before proceeding with the teardown to avoid accidental deletions. +- Verifying that the user's AWS session is active to ensure API call capability. +- Retrieving details of the VPC created by the user and confirming its existence. +- Gathering information about all subnets associated with the VPC. +- Conditionally terminating specific EC2 instances or removing all resources within the VPC, including subnets, route tables, internet gateways, and the VPC itself. + +## Requirements + +- `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible AWS modules (`amazon.aws` collection) installed. +- Boto3 and Botocore Python libraries installed on the controlling machine to interact with AWS APIs. +- AWS CLI configured with the appropriate permissions to delete AWS resources. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that includes tasks for probing the user's AWS session. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `organization_name`: Name of the organization. Must be defined by the user. +- `teardown_resources_data_path`: Path where the teardown data JSON file will be stored. +- `teardown_only_instances`: Boolean value to indicate if only EC2 instances should be torn down. +- `teardown_specific_instances`: Boolean value to indicate if specific EC2 instances should be torn down. +- `aws_region`: AWS region where resources were deployed (default: `us-east-1`). +- `aws_availibility_zone`: AWS availability zone used for resource deployment (default: `us-east-1a`). +- `aws_vpc_name`, `aws_security_group_name`: Names for the VPC and security group to be removed. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/aws_teardown/meta/main.yml b/roles/aws_teardown/meta/main.yml new file mode 100644 index 0000000..8ed81d1 --- /dev/null +++ b/roles/aws_teardown/meta/main.yml @@ -0,0 +1,17 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates + +--- + +galaxy_info: + author: Arkadiusz Cichon + description: Teardown Cisco SD-WAN devices and required network resources from AWS + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/azure_controllers/README.md b/roles/azure_controllers/README.md new file mode 100644 index 0000000..e1830d7 --- /dev/null +++ b/roles/azure_controllers/README.md @@ -0,0 +1,82 @@ +# Ansible Role: azure_controllers + +The `azure_controllers` role is designed to deploy SD-WAN controller instances, specifically vManage, vBond, and vSmart, on the Azure cloud platform. It ensures that instances are deployed according to specific configurations. + +NOTE: This role should be executed on localhost as it performs API requests to Azure via the Ansible Azure modules from the local machine. + +## Role Description + +The `azure_controllers` role automates the deployment of Cisco SD-WAN controllers (vManage, vBond, and vSmart) in Azure. Key functionalities include: + +- Verifying the active Azure user session. +- Asserting that all required variables for Azure controller deployment are set. +- Validating the hostname length for each instance to comply with Azure naming constraints. +- Ensuring that Azure resource prefixes contain hyphens instead of underscores. +- Preparing a directory to store results and deployment data. +- Checking for existing instances in the specified Azure Virtual Network (VN) to avoid conflicts. +- Defining the deployment facts for Ansible to consume. +- Creating Azure VMs for vBond, vSmart, and vManage instances. +- Extracting deployment facts post-deployment. +- Checking the reachability of the vManage instance via SSH to confirm deployment success. + +## Requirements + +- `cisco.sdwan_deployment` collection installed +- Ansible 2.16 or higher. +- Azure CLI installed and configured with appropriate permissions. +- Ansible Azure modules (`azure.azcollection`) installed. +- VM images for Cisco controller devices should be available in your Azure account. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that includes tasks for probing the Azure user session, verifying required variables, and checking for existing instances. +- A role named `azure_network_infrastructure` (if applicable) for managing network resource information. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +- `organization_name`: User-defined organization name, used as a prefix for Azure resources. +- `az_location`: Azure location where resources will be deployed. Must be defined by the user. +- `az_resources_prefix`: Prefix for Azure resources, defaults to the organization name. +- `az_resource_group`: Name of the Azure resource group. +- `az_virtual_network`: Name of the Azure Virtual Network. +- `az_vn_address_prefixes_cidr`: CIDR block for the Azure Virtual Network. +- `az_subnets`: Definitions for Azure subnets within the Virtual Network. +- `az_network_security_group`: Name of the Azure Network Security Group. +- `az_allowed_subnets`: VPN subnets allowed to connect to Azure public IPs. +- `azure_key_name`: Name of the Azure key for VM access. +- `admin_username`: Default admin username for deployed VMs. +- `admin_password`: Default admin password for deployed VMs. +- `az_vmanage_vm_size`, `az_vbond_vm_size`, `az_vsmart_vm_size`: Azure VM sizes for vManage, vBond, and vSmart instances. +- `site_id_vmanage`, `site_id_vbond`, `site_id_vsmart`: Default site IDs for vManage, vBond, and vSmart instances. +- `vmanage_instances`, `vbond_instances`, `vsmart_instances`: Lists for instance configurations. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory where deployment results are stored. +- `userdata_vmanage_path`, `userdata_vbond_path`, `userdata_vsmart_path`: Paths to templated userdata configurations for each controller type. + +### Required Variables + +- `organization_name`: Your organization's name for resource naming in Azure. +- `az_location`: The Azure region for resource deployment. +- `az_resource_group`: The Azure resource group name for organizing resources. +- `az_network_security_group`: The name of the Azure Network Security Group. +- `az_subnets`: Definitions of Azure subnets within the Virtual Network. +- `admin_username`: Admin username for the deployed VMs. +- `admin_password`: Admin password for the deployed VMs. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration. + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/azure_controllers/defaults/main.yml b/roles/azure_controllers/defaults/main.yml index 520ec66..3304180 100644 --- a/roles/azure_controllers/defaults/main.yml +++ b/roles/azure_controllers/defaults/main.yml @@ -48,7 +48,7 @@ azure_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # vpn0_interface_color: default diff --git a/roles/azure_controllers/meta/main.yml b/roles/azure_controllers/meta/main.yml index c192ecb..6b3086e 100644 --- a/roles/azure_controllers/meta/main.yml +++ b/roles/azure_controllers/meta/main.yml @@ -1,3 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Cisco SD-WAN Controllers on Azure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/azure_edges/README.md b/roles/azure_edges/README.md new file mode 100644 index 0000000..fb669cf --- /dev/null +++ b/roles/azure_edges/README.md @@ -0,0 +1,82 @@ +# Ansible Role: azure_edges + +The `azure_edges` Ansible role is specifically designed for deploying Cisco SD-WAN edge devices, known as Cloud Edge or cEdge, on the Azure cloud platform. It ensures that these instances are deployed following specific configurations and adheres to Azure's best practices. + +NOTE: This role is intended to be executed on localhost as it involves making API requests to Azure via Ansible modules from the local machine. + +## Role Description + +The `azure_edges` role facilitates the deployment of Cisco SD-WAN cEdge instances in Azure. The main tasks include: + +- Verifying an active Azure user session. +- Checking hostname constraints to meet Azure specifications. +- Ensuring the presence of all necessary deployment variables. +- Converting resource prefixes to be Azure-compliant. +- Preparing a directory for storing deployment results. +- Confirming that no conflicting instances exist within the designated Azure Virtual Network. +- Creating Azure VM instances for cEdge devices and managing their deployment sequence. +- Recording deployment data and ensuring post-deployment instance accessibility. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible Azure modules (`azure.azcollection` collection) installed. +- Azure CLI configured with the necessary permissions to create and manage Azure resources. +- VM images for Cisco Cloud Edge devices should be available in your Azure account. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that includes tasks for verifying Azure dependencies, user sessions, and required variables. +- A role named `azure_network_infrastructure` (if applicable) for managing network resource information. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +Variables with default values that can be overridden by the user: + +- `organization_name`: Mandatory field to be defined by the user, used as a prefix for resource naming. +- `az_location`: The Azure location for resource deployment. Must be specified by the user. +- `az_tag_creator`: Tag for identifying resource creator, defaults to the organization name. +- `az_resources_prefix`: Prefix for resources, can be customized by the user. +- `az_resource_group`, `az_virtual_network`, `az_vn_address_prefixes_cidr`, `az_subnets`, `az_network_security_group`: Default configurations for Azure networking resources. +- `az_allowed_subnets`: VPN subnets allowed for Azure public IP connections. Should be defined by the user. +- `azure_key_name`: The Azure key for VM access, to be provided by the user. +- `admin_username`, `admin_password`: Default admin credentials for cEdge instances. +- `vbond_port`, `default_vbond_ip`: Default configurations for vBond. +- `az_cedge_vm_size`: Default Azure VM size for cEdge instances. +- `edge_instances`: List of cEdge instance configurations. If not provided, instances will be created based on PnP Portal information. + +### Vars (`vars/main.yml`) + +- `results_dir`: Directory to store deployment results. +- `userdata_cedge_path`: Path to the templated userdata configuration for cEdge devices. + +### Required Variables + +- `organization_name`: The identifier for your organization, used for Azure resource naming. +- `az_location`: The Azure location where resources will be provisioned. +- `az_resource_group`: The name of the Azure resource group for the deployment. +- `az_network_security_group`: The name of the Azure network security group. +- `az_subnets`: The list of subnets to be configured in the Azure Virtual Network. +- `az_cedge_image_offer`: The offer information of the Cisco Edge compute image. +- `az_cedge_image_publisher`: The publisher of the Cisco Edge compute image. +- `az_cedge_image_sku`: The stock-keeping unit (SKU) for the Cisco Edge compute image. +- `az_cedge_image_version`: The version of the Cisco Edge compute image. +- `admin_username`: The admin username for virtual machine access. +- `admin_password`: The admin password for virtual machine access. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/azure_edges/defaults/main.yml b/roles/azure_edges/defaults/main.yml index 5296342..bf01002 100644 --- a/roles/azure_edges/defaults/main.yml +++ b/roles/azure_edges/defaults/main.yml @@ -48,7 +48,7 @@ azure_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # vpn0_interface_color: default diff --git a/roles/azure_edges/meta/main.yml b/roles/azure_edges/meta/main.yml index c192ecb..1c7f236 100644 --- a/roles/azure_edges/meta/main.yml +++ b/roles/azure_edges/meta/main.yml @@ -1,3 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Cisco SD-WAN cEdges (C8000V) on Azure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/azure_network_infrastructure/README.md b/roles/azure_network_infrastructure/README.md new file mode 100644 index 0000000..712ec63 --- /dev/null +++ b/roles/azure_network_infrastructure/README.md @@ -0,0 +1,66 @@ +# Ansible Role: azure_network_infrastructure + +The `azure_network_infrastructure` Ansible role is designed to configure and deploy the necessary network infrastructure for Cisco SD-WAN services in the Azure cloud environment. It includes creating and managing the resource group, virtual network, subnets, and network security groups required for a secure and operational SD-WAN deployment. + +NOTE: This role should be executed on localhost since it involves making API requests to Azure directly from the control machine. + +## Role Description + +The `azure_network_infrastructure` role performs the following actions to set up the Azure network infrastructure for SD-WAN: + +- Verifies if the user session with Azure is active. +- Ensures that all required variables for the network infrastructure deployment are provided. +- Adjusts the resource prefix to comply with Azure naming conventions. +- Prepares a directory to store the results of the network infrastructure setup. +- Includes tasks to create and manage network resources such as virtual networks, subnets, and security groups. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible Azure modules (`azure.azcollection` collection) installed. +- Azure CLI configured with the necessary permissions to manage Azure network resources. + +## Dependencies + +- A role named cisco.sdwan_deployment.common` that contains tasks for verifying Azure dependencies, user sessions, and asserting required variables. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +Variables with default values that the user may need to override: + +- `organization_name`: The name of the organization deploying the infrastructure. This must be defined by the user. +- `az_location`: The Azure location where the network resources will be deployed. Must be specified by the user. +- `az_tag_creator`: Tag used to identify the creator of the resources, defaults to the organization name. +- `az_resources_prefix`: Prefix for the Azure resources, defaulting to the organization name but customizable by the user. +- `az_resource_group`: Default name for the Azure resource group. +- `az_virtual_network`, `az_vn_address_prefixes_cidr`, `az_subnets`: Default configurations for the Azure virtual network and subnets. +- `az_network_security_group`: Default name for the Azure network security group. +- `az_allowed_subnets`: VPN subnets allowed to connect to Azure External IPs. Should be defined by the user. + +### Vars (`vars/main.yml`) + +- `results_dir`: The directory where the results of the network deployment will be stored. + +### Required Variables + +- `organization_name`: The organization's name, used as a prefix for naming Azure resources. +- `az_location`: The geographical location in Azure where the resources will be deployed. +- `az_subnets`: A list of subnet configurations within the Azure Virtual Network. +- `az_allowed_subnets`: Subnets permitted to access the Azure resources. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/azure_network_infrastructure/meta/main.yml b/roles/azure_network_infrastructure/meta/main.yml index c192ecb..aadbb9c 100644 --- a/roles/azure_network_infrastructure/meta/main.yml +++ b/roles/azure_network_infrastructure/meta/main.yml @@ -1,3 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates --- + +galaxy_info: + author: Arkadiusz Cichon + description: Deploy Network resource (VPCs, IGws, subnets etc.) required for Cisco SD-WAN Infrastructure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/azure_network_infrastructure/tasks/main.yml b/roles/azure_network_infrastructure/tasks/main.yml index cdae880..bce2125 100644 --- a/roles/azure_network_infrastructure/tasks/main.yml +++ b/roles/azure_network_infrastructure/tasks/main.yml @@ -22,6 +22,5 @@ state: directory mode: "0755" -# Add task to verify if images name or image id have been provided - name: "Network resources for SD-WAN machines" ansible.builtin.include_tasks: azure_network_infrastructure.yml diff --git a/roles/azure_teardown/README.md b/roles/azure_teardown/README.md new file mode 100644 index 0000000..799a590 --- /dev/null +++ b/roles/azure_teardown/README.md @@ -0,0 +1,52 @@ +# Ansible Role: azure_teardown + +The `azure_teardown` Ansible role is designed to dismantle the Azure cloud infrastructure associated with a particular organization's deployment. This role primarily focuses on removing Azure resource groups and their contained resources, which is an essential step for clean-up operations or decommissioning environments. + +NOTE: This role is to be executed on localhost as it requires direct API interactions with Azure services from the control machine. + +## Role Description + +The `azure_teardown` role performs the necessary actions to de-provision and remove Azure resources created during the SD-WAN deployment or other Azure-based projects. Its primary functions are: + +- Verifying that an active user session with Azure exists. +- Standardizing the Azure resource prefix to comply with Azure naming restrictions. +- Removing the specified Azure Resource Group and its associated resources. +- Optionally waiting for the entire teardown process to complete before exiting the playbook. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Ansible Azure modules (`azure.azcollection` collection) installed. +- Azure CLI configured with the necessary permissions to delete Azure resources. + +## Dependencies + +- A role named `cisco.sdwan_deployment.common` that includes tasks for verifying Azure dependencies and user sessions. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +Variables with default values that may need to be overridden by the user: + +- `organization_name`: The name of the organization associated with the resources being torn down. It must be defined by the user. +- `wait_for_teardown`: Boolean flag to indicate whether the playbook should wait for the teardown process to complete (default: `true`). +- `az_location`: The Azure location where the network resources are deployed. Must be specified by the user if needed for teardown. +- `az_tag_creator`: Tag used to identify the creator of the resources, defaults to the organization name. +- `az_resources_prefix`: Prefix for the Azure resources, defaulting to the organization name but customizable by the user. +- `az_resource_group`: Default name for the Azure resource group to be removed. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration. + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/azure_teardown/meta/main.yml b/roles/azure_teardown/meta/main.yml index c192ecb..3eb5694 100644 --- a/roles/azure_teardown/meta/main.yml +++ b/roles/azure_teardown/meta/main.yml @@ -1,3 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates --- + +galaxy_info: + author: Arkadiusz Cichon + description: Teardown Cisco SD-WAN devices and required network resources from Azure + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/common/README.md b/roles/common/README.md new file mode 100644 index 0000000..9514ebb --- /dev/null +++ b/roles/common/README.md @@ -0,0 +1,37 @@ +# Ansible Role: cisco.sdwan_deployment.common + +The `cisco.sdwan_deployment.common` Ansible role is a utility role that provides common tasks used by other roles within the `cisco.sdwan_deployment` collection. These tasks include checking user sessions, probing for existing instances, ensuring necessary requirements are met, and preparing for SD-WAN deployment on cloud platforms like AWS and Azure. + +## Role Description + +The `common` role includes the following key tasks: + +- Verifying that the necessary `boto3` library is installed for AWS deployments. +- Probing the current user session for AWS and Azure to ensure that API calls can be made successfully. +- Checking for existing instances on AWS and Azure to prevent resource conflicts. +- Generating deployment facts for Cisco SD-WAN controllers and edge devices. +- Waiting for SSH readiness to ensure that instances are accessible for further configuration. +- Asserting that all required variables for different stages of SD-WAN deployment are present. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- For AWS deployments: Python `boto3` library and AWS CLI configured with necessary permissions. +- For Azure deployments: Ansible Azure modules (`azure.azcollection` collection) installed and Azure CLI configured with necessary permissions. + +## Dependencies + +This role does not have dependencies on other roles but is a dependency for other roles within the `cisco.sdwan_deployment` collection. + +## Role Variables + +The `common` role does not directly define variables but instead checks for variables required by other roles. Examples of such variables include cloud provider credentials, SD-WAN instance specifications, and deployment settings which should be provided by the user or defined in other roles that include the `common` tasks. + +## License + +"GPL-3.0-only" + +## Author Information + +This role is provided as part of the `cisco.sdwan_deployment` collection, role was created by Arkadiusz Cichon diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml index aa997b8..e2db3c0 100644 --- a/roles/common/meta/main.yml +++ b/roles/common/meta/main.yml @@ -1,4 +1,17 @@ # Copyright 2024 Cisco Systems, Inc. and its affiliates -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- + +galaxy_info: + author: Arkadiusz Cichon + description: Common tasks reusable in cisco.sdwan_deployment collection + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: [] diff --git a/roles/template_cloudinit/README.md b/roles/template_cloudinit/README.md new file mode 100644 index 0000000..45e7778 --- /dev/null +++ b/roles/template_cloudinit/README.md @@ -0,0 +1,64 @@ +# Ansible Role: template_cloudinit + +The `template_cloudinit` Ansible role is created to generate cloud-init configuration files for different types of Cisco SD-WAN controllers and edge devices. The role supports cloud providers such as AWS and Azure and prepares userdata scripts that are used to bootstrap these instances upon creation. + +## Role Description + +The `template_cloudinit` role executes the following tasks: + +- Prompts the user for the cloud provider or reads it from the configuration. +- Validates the cloud provider input. +- Asserts the presence of all required variables for cloudinit generation. +- Prepares a directory to store the generated cloudinit files. +- Generates cloudinit templates for vBond, vManage, vSmart, and cEdge instances. +- Displays the location and list of generated cloudinit files to the user. + +## Requirements + +- The `cisco.sdwan_deployment` collection installed. +- Ansible 2.16 or higher. +- Jinja2 templates for cloud-init userdata scripts corresponding to each type of device (vBond, vManage, vSmart, cEdge). + +## Dependencies + +- A role named `common` that contains tasks for verifying required variables. + +## Role Variables + +### Defaults (`defaults/main.yml`) + +Variables with default values that the user may need to override: + +- `organization_name`: Mandatory for identifying the organization; used in naming conventions. +- `aws_key_name`: AWS key name for SSH access to instances, to be provided by the user. +- `results_dir`: Directory to store generated cloudinit files. +- `userdata_vmanage_path`, `userdata_vbond_path`, `userdata_vsmart_path`: Paths to templated userdata configurations for respective SD-WAN controllers. +- `admin_username`, `admin_password`: Default admin credentials used in userdata scripts. +- `vbond_port`, `default_vbond_ip`: Default configurations for vBond. +- `vbond_transport_private_ip`, `vbond_transport_public_ip`: IPs for vBond, to be defined by the user if static IPs are used. +- `site_id_vmanage`, `vmanage_instances`: Site ID and list of vManage instances. +- `site_id_vbond`, `vbond_instances`: Site ID and list of vBond instances. +- `site_id_vsmart`, `vsmart_instances`: Site ID and list of vSmart instances. +- `edge_instances`: List of cEdge instances. + +### Required Variables + +- `organization_name`: The name of your organization, referenced in the cloud init configuration. +- `admin_username`: The administrative username for initial server setup. +- `admin_password`: The administrative password for initial server setup. +- `vbond_transport_private_ip`: The private IP address for vBond's transport interface. +- `vbond_transport_public_ip`: The public IP address for vBond's transport interface. + +## Example Playbook + +See [Example playbooks](https://github.com/cisco-open/ansible-collection-sdwan-deployment/tree/main/playbooks). + +These playbook reuse configuration files that might be used as example for your configuration. + +## License + +"GPL-3.0-only" + +## Author Information + +This role was created by Arkadiusz Cichon diff --git a/roles/template_cloudinit/defaults/main.yml b/roles/template_cloudinit/defaults/main.yml index e4f48f7..9d8e9ad 100644 --- a/roles/template_cloudinit/defaults/main.yml +++ b/roles/template_cloudinit/defaults/main.yml @@ -22,7 +22,7 @@ userdata_vsmart_path: "{{ results_dir }}/.userdata_vsmart" # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # default ips from official Cisco guides vbond_transport_private_ip: null diff --git a/roles/template_cloudinit/meta/main.yml b/roles/template_cloudinit/meta/main.yml index ed97d53..bc29826 100644 --- a/roles/template_cloudinit/meta/main.yml +++ b/roles/template_cloudinit/meta/main.yml @@ -1 +1,17 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates + --- + +galaxy_info: + author: Arkadiusz Cichon + description: Role dedicated to template cloudinit configuration for Cisco SD-WAN devices + license: GPL-3.0-or-later + min_ansible_version: "2.16.6" + + galaxy_tags: + - cisco + - sdwan + - catalystwan + - networking + +dependencies: []