diff --git a/.ansible-lint b/.ansible-lint index 26566d4..527d251 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -51,6 +51,8 @@ mock_roles: - cisco.catalystwan.activate_edges - cisco.catalystwan.vmanage_mode - cisco.catalystwan.health_checks + - cisco.catalystwan.config_groups + - cisco.catalystwan.feature_profile_builder # - mocked_role diff --git a/galaxy.yml b/galaxy.yml index 8e21241..f3a8aa9 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: cisco name: sdwan -version: 0.3.3 +version: 0.3.4 readme: README.md authors: - Arkadiusz Cichon diff --git a/playbooks/aws/aws_sdwan_config.yml b/playbooks/aws/aws_sdwan_config.yml index 4918f48..6ac2666 100644 --- a/playbooks/aws/aws_sdwan_config.yml +++ b/playbooks/aws/aws_sdwan_config.yml @@ -28,11 +28,17 @@ aws_resources_prefix: "{{ organization_name }}" # - 10.10.0.0/16 aws_allowed_subnets: null +####################################### +# Deployment configuration # +####################################### + +ux20_deployment: true # NOTE remove or set to false for UX1.0 deployment ############################### # Controllers # ############################### +# do not use 'admin' as password since it will cause the playbooks to fail admin_password: null # vManage @@ -43,7 +49,7 @@ vmanage_instances: - hostname: "{{ aws_resources_prefix }}-vManage" system_ip: 192.168.1.1 site_id: 111 -# uncomment for cluster deployment +# NOTE uncomment for cluster deployment # - hostname: "{{ aws_resources_prefix }}-vManage2" # system_ip: 192.168.4.1 # site_id: 112 diff --git a/playbooks/aws/feature_profile_config.yml b/playbooks/aws/feature_profile_config.yml new file mode 100644 index 0000000..32f4ce3 --- /dev/null +++ b/playbooks/aws/feature_profile_config.yml @@ -0,0 +1,97 @@ +### TRANSPORT PARCELS + +wan_interface_ethernet_parcel: + template: ethernet + config: + data: + interfaceName: + optionType: variable + value: "{{ '{{vpn_0_transport_if}}' }}" + description: + optionType: global + value: WAN VPN 0 Interface + name: TRANSPORT + description: WAN VPN 0 Feature + +wan_vpn_parcel: + template: vpn + config: + name: VPN0 + description: SDWAN Transport Wan Vpn Feature config + sub_parcels: + - "{{ wan_interface_ethernet_parcel }}" + +### SERVICE PARCELS + +lan_interface_ethernet_parcel: + template: ethernet + config: + name: VPN_Service_10_Interface + description: LAN Interface + data: + interfaceName: + optionType: variable + value: "{{ '{{vpn_10_if_0}}' }}" + intfIpAddress: + static: + staticIpV4AddressPrimary: + ipAddress: + optionType: variable + value: "{{ '{{vpn_10_if_0_static_ipaddr}}' }}" + subnetMask: + optionType: variable + value: "{{ '{{vpn_10_if_0_static_subnet}}' }}" + +lan_vpn_parcel: + template: vpn + config: + name: Service_Network + description: LAN VPN + data: + vpnId: + optionType: global + value: 10 + name: + optionType: global + value: SERVICE + sub_parcels: + - "{{ lan_interface_ethernet_parcel }}" + +### FEATURE PROFILES + +name_prefix: "{{ config_group_name | default('ansible-generated') }}" + +system_profile: + name: "{{ name_prefix }}_Basic" + description: "{{ name_prefix }} Basic Profile" + parcels: + - template: banner + - template: basic + - template: bfd + - template: omp + - template: logging + - template: ntp + - template: global + - template: aaa + - template: mrf + +transport_profile: + name: "{{ name_prefix }}_WAN" + description: "{{ name_prefix }} Transport Profile" + parcels: + - "{{ wan_vpn_parcel }}" + +service_profile: + name: "{{ name_prefix }}_LAN" + description: "{{ name_prefix }} Service Profile" + parcels: + - "{{ lan_vpn_parcel }}" + +system_profiles: + - "{{ system_profile }}" + +transport_profiles: + - "{{ transport_profile }}" + +service_profiles: + - "{{ service_profile }}" diff --git a/playbooks/aws/ux2_full_deploy_and_configure.yml b/playbooks/aws/ux2_full_deploy_and_configure.yml new file mode 100644 index 0000000..478572c --- /dev/null +++ b/playbooks/aws/ux2_full_deploy_and_configure.yml @@ -0,0 +1,108 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + + +# Deploy Cisco SD-WAN on AWS +- name: Deploy Cisco SD-WAN versions 20.13 on AWS + hosts: localhost + gather_facts: false + vars_files: + ./dev_config_aws.yml + tasks: + roles: + - cisco.sdwan_deployment.aws_network_infrastructure + - cisco.sdwan_deployment.aws_controllers + + +- name: Verify server connectivity, set initial configuration, onboard controllers + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - ./pnp_credentials.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.api_ready + - cisco.catalystwan.administration_settings + - cisco.catalystwan.onboarding_controllers + + +- name: Generate bootstrap configuration for synced edges + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - ./pnp_credentials.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.sync_pnp_edges + + +# Deploying edges requires vbond_mgmt_public_ip, otp and uuid! +- name: Deploy Edge devices based on generated boostrap configuration + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ results_path_controllers }}" + - "{{ deployment_edges_config }}" + roles: + - cisco.sdwan_deployment.aws_edges + + +# Onboard edge devices and wait for their reachability +- name: Activate and validate edge devices + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.activate_edges + + +# Attach templates with running-config for all devices +- name: Set vmanage mode for all devices + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ results_path_controllers }}" + vars: + edge_instances: "{{ deployed_edge_instances }}" + roles: + - cisco.catalystwan.vmanage_mode + +- name: Build feature profile data + hosts: localhost + gather_facts: false + vars_files: + - ./feature_profile_config.yml + roles: + - cisco.catalystwan.feature_profile_builder + +- name: Create Config Groups + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ playbook_dir }}/results/generated_feature_profiles.yml" + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.config_groups + +# After assigning templates, we should add check there to verify that device is managed by templates +# add to vmanage_mode role. + +# Health checks +- name: Verify control connections and BFD, OMP + hosts: localhost + gather_facts: false + vars_files: + - ./dev_config_aws.yml + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.health_checks diff --git a/playbooks/azure/azure_sdwan_config.yml b/playbooks/azure/azure_sdwan_config.yml index ff7996d..b25a8e4 100644 --- a/playbooks/azure/azure_sdwan_config.yml +++ b/playbooks/azure/azure_sdwan_config.yml @@ -24,6 +24,11 @@ az_resources_prefix: "{{ organization_name }}" # example configuration is: az_allowed_subnets: null +####################################### +# Deployment configuration # +####################################### + +ux20_deployment: true # NOTE remove or set to false for UX1.0 deployment ############################### # Controllers # @@ -77,7 +82,8 @@ vsmart_instances: ################################ # cedge C8000K -az_cedge_vm_size: "Standard_D2_v2" +az_cedge_vm_size: "Standard_D4_v2" +# az_cedge_vm_size: "Standard_D2_v2" # NOTE optionally uncomment for UX1.0 deployment az_cedge_image_offer: "cisco-c8000v-byol" az_cedge_image_publisher: "cisco" diff --git a/playbooks/azure/feature_profile_config.yml b/playbooks/azure/feature_profile_config.yml new file mode 100644 index 0000000..32f4ce3 --- /dev/null +++ b/playbooks/azure/feature_profile_config.yml @@ -0,0 +1,97 @@ +### TRANSPORT PARCELS + +wan_interface_ethernet_parcel: + template: ethernet + config: + data: + interfaceName: + optionType: variable + value: "{{ '{{vpn_0_transport_if}}' }}" + description: + optionType: global + value: WAN VPN 0 Interface + name: TRANSPORT + description: WAN VPN 0 Feature + +wan_vpn_parcel: + template: vpn + config: + name: VPN0 + description: SDWAN Transport Wan Vpn Feature config + sub_parcels: + - "{{ wan_interface_ethernet_parcel }}" + +### SERVICE PARCELS + +lan_interface_ethernet_parcel: + template: ethernet + config: + name: VPN_Service_10_Interface + description: LAN Interface + data: + interfaceName: + optionType: variable + value: "{{ '{{vpn_10_if_0}}' }}" + intfIpAddress: + static: + staticIpV4AddressPrimary: + ipAddress: + optionType: variable + value: "{{ '{{vpn_10_if_0_static_ipaddr}}' }}" + subnetMask: + optionType: variable + value: "{{ '{{vpn_10_if_0_static_subnet}}' }}" + +lan_vpn_parcel: + template: vpn + config: + name: Service_Network + description: LAN VPN + data: + vpnId: + optionType: global + value: 10 + name: + optionType: global + value: SERVICE + sub_parcels: + - "{{ lan_interface_ethernet_parcel }}" + +### FEATURE PROFILES + +name_prefix: "{{ config_group_name | default('ansible-generated') }}" + +system_profile: + name: "{{ name_prefix }}_Basic" + description: "{{ name_prefix }} Basic Profile" + parcels: + - template: banner + - template: basic + - template: bfd + - template: omp + - template: logging + - template: ntp + - template: global + - template: aaa + - template: mrf + +transport_profile: + name: "{{ name_prefix }}_WAN" + description: "{{ name_prefix }} Transport Profile" + parcels: + - "{{ wan_vpn_parcel }}" + +service_profile: + name: "{{ name_prefix }}_LAN" + description: "{{ name_prefix }} Service Profile" + parcels: + - "{{ lan_vpn_parcel }}" + +system_profiles: + - "{{ system_profile }}" + +transport_profiles: + - "{{ transport_profile }}" + +service_profiles: + - "{{ service_profile }}" diff --git a/playbooks/azure/ux2_full_deploy_and_configure.yml b/playbooks/azure/ux2_full_deploy_and_configure.yml new file mode 100644 index 0000000..b47b7fc --- /dev/null +++ b/playbooks/azure/ux2_full_deploy_and_configure.yml @@ -0,0 +1,106 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + + +# Deploy Cisco SD-WAN version 20.13 on Azure +- name: Deploy Cisco SD-WAN versions 20.13 on Azure + hosts: localhost + gather_facts: false + vars_files: + azure_sdwan_config.yml + tasks: + roles: + - cisco.sdwan_deployment.azure_network_infrastructure + - cisco.sdwan_deployment.azure_controllers + + +- name: Verify server connectivity, set initial configuration, onboard controllers + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - ./pnp_credentials.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.api_ready + - cisco.catalystwan.administration_settings + - cisco.catalystwan.onboarding_controllers + + +- name: Generate bootstrap configuration for synced edges + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - ./pnp_credentials.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.sync_pnp_edges + + +# Deploying edges requires vbond_mgmt_public_ip, otp and uuid! +- name: Deploy Edge devices based on generated boostrap configuration + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ results_path_controllers }}" + - "{{ deployment_edges_config }}" + roles: + - cisco.sdwan_deployment.azure_edges + + +# Onboard edge devices and wait for their reachability +- name: Activate and validate edge devices + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.activate_edges + + +# Attach templates with running-config for all devices +- name: Set vmanage mode for all devices + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ results_path_controllers }}" + roles: + - cisco.catalystwan.vmanage_mode + +- name: Build feature profile data + hosts: localhost + gather_facts: false + vars_files: + - ./feature_profile_config.yml + roles: + - cisco.catalystwan.feature_profile_builder + +- name: Create Config Groups + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ playbook_dir }}/results/generated_feature_profiles.yml" + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.config_groups + +# After assigning templates, we should add check there to verify that device is managed by templates +# add to vmanage_mode role. + +# Health checks +- name: Verify control connections and BFD, OMP + hosts: localhost + gather_facts: false + vars_files: + - azure_sdwan_config.yml + - "{{ results_path_controllers }}" + - "{{ results_path_edges }}" + roles: + - cisco.catalystwan.health_checks diff --git a/requirements.yml b/requirements.yml index b696904..e8f033b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,6 +4,6 @@ collections: - name: azure.azcollection version: 1.19.0 - name: cisco.catalystwan - version: 0.3.0 + version: 0.3.1 - name: cisco.sdwan_deployment - version: 0.3.2 + version: 0.3.3