-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfinal.yml
300 lines (243 loc) · 7.23 KB
/
final.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
---
- hosts: apic
any_errors_fatal: true
gather_facts: no
vars:
ansible_connection: local
ansible_python_interpreter: /usr/bin/python3
l3out_name: 'L3_Out_Device'
epg_4: 'External_EPG'
L3_domain: 'ISR3945'
vars_prompt:
- name: "apic_ip"
prompt: "Enter APIC IP"
default: '10.10.20.14'
private: no
- name: "user"
prompt: "Enter your APIC Username"
default: 'admin'
unsafe: yes
- name: "pass"
prompt: "Enter your APIC Password"
default: 'C1sco12345'
private: yes
unsafe: yes
vars_files:
- coding_challenge_ansible.yml
tasks:
- name: Set Credentials
set_fact:
cred: &cred
host: "{{ inventory_hostname }}"
username: "{{ user }}"
password: "{{ pass }}"
validate_certs: false
- name: Create a tenant
tags: always
aci_tenant:
tenant: "{{ item.name }}"
description: "{{ item.description }}"
<<: *cred
with_items:
- "{{ tenants }}"
- name: Create ap
tags: ap
aci_ap:
tenant: "{{ item.0.name }}"
name: "{{ item.1.name }}"
description: "{{ item.1.description }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: create VRF
tags: vrf
aci_vrf:
vrf: "{{ item.1.name }}"
tenant: "{{ item.0.name }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "vrfs"
- name: Create three Bridge-Domains
tags: bd
aci_bd:
tenant: "{{ item.0.name }}"
bd: "{{ item.1.name }}"
vrf: "{{ item.1.vrf }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "bridge_domains"
- name: Create three Subnets
tags: subs
aci_bd_subnet:
tenant: "{{ item.0.name }}"
name: "{{ item.1.subnets.0.name }}"
bd: "{{ item.1.name }}"
gateway_ip: "{{ item.1.subnets.0.name }}"
subnet_mask: "{{ item.1.subnets.0.mask }}"
scope: "{{ item.1.subnets.0.scope }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "bridge_domains"
- name: Create EPG_Web_Server
tags: epg
aci_epg:
tenant: "{{ item.0.name }}"
ap: "{{ item.1.name }}"
epg: "{{ item.1.epgs.0.name }}"
bd: "{{ item.1.epgs.0.bd }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: Create EPG_App_Server
tags: epg
aci_epg:
tenant: "{{ item.0.name }}"
ap: "{{ item.1.name }}"
epg: "{{ item.1.epgs.1.name }}"
bd: "{{ item.1.epgs.1.bd }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: Create EPG_Data_Base
tags: epg
aci_epg:
tenant: "{{ item.0.name }}"
ap: "{{ item.1.name }}"
epg: "{{ item.1.epgs.2.name }}"
bd: "{{ item.1.epgs.2.bd }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: Create three Contracts
tags: cont
aci_contract:
tenant: "{{ item.0.name }}"
contract: "{{ item.1.name }}"
scope: "{{ item.1.scope }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "contracts"
- name: Configure Contracts' Subjetcs
tags: subj
aci_contract_subject:
tenant: "{{ item.0.name }}"
contract: "{{ item.1.name }}"
subject: "{{ item.1.subject.0.name }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "contracts"
- name: Configure EPG_Web_Server as provider in contract C_internet
tags: cont
aci_epg_to_contract:
tenant: "{{ item.0.name }}"
ap: "{{ item.1.name }}"
epg: "{{ item.1.epgs.0.name }}"
contract: "{{ item.1.epgs.0.contracts.0.name }}"
contract_type: "{{ item.1.epgs.0.contracts.0.type }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: Configure EPG_Web_Server as Consumer in contract C_appserver
tags: cont
aci_epg_to_contract:
tenant: "{{ item.0.name }}"
ap: "{{ item.1.name }}"
epg: "{{ item.1.epgs.0.name }}"
contract: "{{ item.1.epgs.0.contracts.1.name }}"
contract_type: "{{ item.1.epgs.0.contracts.1.type }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: Configure EPG_appserver as provider in contract C_appserver
tags: cont
aci_epg_to_contract:
tenant: "{{ item.0.name }}"
ap: "{{ item.1.name }}"
epg: "{{ item.1.epgs.1.name }}"
contract: "{{ item.1.epgs.1.contracts.0.name }}"
contract_type: "{{ item.1.epgs.1.contracts.0.type }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: Configure EPG_appserver as consumer in contract C_database
tags: cont
aci_epg_to_contract:
tenant: "{{ item.0.name }}"
ap: "{{ item.1.name }}"
epg: "{{ item.1.epgs.1.name }}"
contract: "{{ item.1.epgs.1.contracts.1.name }}"
contract_type: "{{ item.1.epgs.1.contracts.1.type }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: Configure EPG_database as provider in contract C_database
tags: cont
aci_epg_to_contract:
tenant: "{{ item.0.name }}"
ap: "{{ item.1.name }}"
epg: "{{ item.1.epgs.2.name }}"
contract: "{{ item.1.epgs.2.contracts.0.name }}"
contract_type: "{{ item.1.epgs.2.contracts.0.type }}"
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
- name: Create L3-Out
tags: L3
aci_l3out:
tenant: "{{ item.0.name }}"
l3out: "{{ l3out_name }}"
description: L3_Out for Production tenant
domain: "{{ L3_domain }}"
vrf: "{{ item.1.name }}"
l3protocol: ospf
route_control: export
<<: *cred
with_subelements:
- "{{ tenants }}"
- "vrfs"
- name: Create External_EPG (EPG_4)
tags: L3,extepg
aci_l3out_extepg:
extepg: "{{ epg_4 }}"
tenant: "{{ item.name }}"
l3out: "{{ l3out_name }}"
description: External EPG which to be associated with the L3-out
<<: *cred
with_items:
- "{{ tenants }}"
- name: Configure external EPG_4 as consumer in contract C_internet
tags: cont,L3,extepg
cisco.aci.aci_l3out_extepg_to_contract:
tenant: "{{ item.0.name }}"
extepg: "{{ epg_4 }}"
l3out: "{{ l3out_name }}"
contract: "{{ item.1.epgs.0.contracts.0.name }}"
contract_type: consumer
<<: *cred
with_subelements:
- "{{ tenants }}"
- "application_profiles"
# The below configuration will fail if the nodes are already pr-econfigured to be part of VPC group
- name: Add vPC Protection Group
tags: vpc
aci_switch_policy_vpc_protection_group:
protection_group: vpc_group
protection_group_id: 6
switch_1_id: 101
switch_2_id: 102
# Switches 101 & 102 are already pre-discovered by APIC
<<: *cred