Merge pull request #28 from cisco-open/config_groups

UX 2.0 deployment

.ansible-lint

@@ -51,6 +51,8 @@ mock_roles:
   - cisco.catalystwan.activate_edges
   - cisco.catalystwan.vmanage_mode
   - cisco.catalystwan.health_checks
+  - cisco.catalystwan.config_groups
+  - cisco.catalystwan.feature_profile_builder
 
 
 #   - mocked_role

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: cisco
 name: sdwan
-version: 0.3.3
+version: 0.3.4
 readme: README.md
 authors:
   - Arkadiusz Cichon <acichon@cisco.com>

playbooks/aws/aws_sdwan_config.yml

@@ -28,11 +28,17 @@ aws_resources_prefix: "{{ organization_name }}"
 #   - 10.10.0.0/16
 aws_allowed_subnets: null
 
+#######################################
+#     Deployment configuration        #
+#######################################
+
+ux20_deployment: true  # NOTE remove or set to false for UX1.0 deployment
 
 ###############################
 #          Controllers        #
 ###############################
 
+# do not use 'admin' as password since it will cause the playbooks to fail
 admin_password: null
 
 # vManage
@@ -43,7 +49,7 @@ vmanage_instances:
   - hostname: "{{ aws_resources_prefix }}-vManage"
     system_ip: 192.168.1.1
     site_id: 111
-# uncomment for cluster deployment
+# NOTE uncomment for cluster deployment
 #  - hostname: "{{ aws_resources_prefix }}-vManage2"
 #    system_ip: 192.168.4.1
 #    site_id: 112

playbooks/aws/feature_profile_config.yml

@@ -0,0 +1,97 @@
+### TRANSPORT PARCELS
+
+wan_interface_ethernet_parcel:
+  template: ethernet
+  config:
+    data:
+      interfaceName:
+        optionType: variable
+        value: "{{ '{{vpn_0_transport_if}}' }}"
+      description:
+        optionType: global
+        value: WAN VPN 0 Interface
+    name: TRANSPORT
+    description: WAN VPN 0 Feature
+
+wan_vpn_parcel:
+  template: vpn
+  config:
+    name: VPN0
+    description: SDWAN Transport Wan Vpn Feature config
+  sub_parcels:
+    - "{{ wan_interface_ethernet_parcel }}"
+
+### SERVICE PARCELS
+
+lan_interface_ethernet_parcel:
+  template: ethernet
+  config:
+    name: VPN_Service_10_Interface
+    description: LAN Interface
+    data:
+      interfaceName:
+        optionType: variable
+        value: "{{ '{{vpn_10_if_0}}' }}"
+      intfIpAddress:
+        static:
+          staticIpV4AddressPrimary:
+            ipAddress:
+              optionType: variable
+              value: "{{ '{{vpn_10_if_0_static_ipaddr}}' }}"
+            subnetMask:
+              optionType: variable
+              value: "{{ '{{vpn_10_if_0_static_subnet}}' }}"
+
+lan_vpn_parcel:
+  template: vpn
+  config:
+    name: Service_Network
+    description: LAN VPN
+    data:
+      vpnId:
+        optionType: global
+        value: 10
+      name:
+        optionType: global
+        value: SERVICE
+  sub_parcels:
+    - "{{ lan_interface_ethernet_parcel }}"
+
+### FEATURE PROFILES
+
+name_prefix: "{{ config_group_name | default('ansible-generated') }}"
+
+system_profile:
+  name: "{{ name_prefix }}_Basic"
+  description: "{{ name_prefix }} Basic Profile"
+  parcels:
+    - template: banner
+    - template: basic
+    - template: bfd
+    - template: omp
+    - template: logging
+    - template: ntp
+    - template: global
+    - template: aaa
+    - template: mrf
+
+transport_profile:
+  name: "{{ name_prefix }}_WAN"
+  description: "{{ name_prefix }} Transport Profile"
+  parcels:
+    - "{{ wan_vpn_parcel }}"
+
+service_profile:
+  name: "{{ name_prefix }}_LAN"
+  description: "{{ name_prefix }} Service Profile"
+  parcels:
+    - "{{ lan_vpn_parcel }}"
+
+system_profiles:
+  - "{{ system_profile }}"
+
+transport_profiles:
+  - "{{ transport_profile }}"
+
+service_profiles:
+  - "{{ service_profile }}"

playbooks/aws/ux2_full_deploy_and_configure.yml

@@ -0,0 +1,108 @@
+# Copyright 2024 Cisco Systems, Inc. and its affiliates
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+
+# Deploy Cisco SD-WAN on AWS
+- name: Deploy Cisco SD-WAN versions 20.13 on AWS
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    ./dev_config_aws.yml
+  tasks:
+  roles:
+    - cisco.sdwan_deployment.aws_network_infrastructure
+    - cisco.sdwan_deployment.aws_controllers
+
+
+- name: Verify server connectivity, set initial configuration, onboard controllers
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ./dev_config_aws.yml
+    - ./pnp_credentials.yml
+    - "{{ results_path_controllers }}"
+  roles:
+    - cisco.catalystwan.api_ready
+    - cisco.catalystwan.administration_settings
+    - cisco.catalystwan.onboarding_controllers
+
+
+- name: Generate bootstrap configuration for synced edges
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ./dev_config_aws.yml
+    - ./pnp_credentials.yml
+    - "{{ results_path_controllers }}"
+  roles:
+    - cisco.catalystwan.sync_pnp_edges
+
+
+# Deploying edges requires vbond_mgmt_public_ip, otp and uuid!
+- name: Deploy Edge devices based on generated boostrap configuration
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ./dev_config_aws.yml
+    - "{{ results_path_controllers }}"
+    - "{{ deployment_edges_config }}"
+  roles:
+    - cisco.sdwan_deployment.aws_edges
+
+
+# Onboard edge devices and wait for their reachability
+- name: Activate and validate edge devices
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ./dev_config_aws.yml
+    - "{{ results_path_controllers }}"
+    - "{{ results_path_edges }}"
+  roles:
+    - cisco.catalystwan.activate_edges
+
+
+# Attach templates with running-config for all devices
+- name: Set vmanage mode for all devices
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ./dev_config_aws.yml
+    - "{{ results_path_controllers }}"
+  vars:
+    edge_instances: "{{ deployed_edge_instances }}"
+  roles:
+    - cisco.catalystwan.vmanage_mode
+
+- name: Build feature profile data
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ./feature_profile_config.yml
+  roles:
+    - cisco.catalystwan.feature_profile_builder
+
+- name: Create Config Groups
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ./dev_config_aws.yml
+    - "{{ playbook_dir }}/results/generated_feature_profiles.yml"
+    - "{{ results_path_controllers }}"
+    - "{{ results_path_edges }}"
+  roles:
+    - cisco.catalystwan.config_groups
+
+# After assigning templates, we should add check there to verify that device is managed by templates
+# add to vmanage_mode role.
+
+# Health checks
+- name: Verify control connections and BFD, OMP
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ./dev_config_aws.yml
+    - "{{ results_path_controllers }}"
+    - "{{ results_path_edges }}"
+  roles:
+    - cisco.catalystwan.health_checks

playbooks/azure/azure_sdwan_config.yml

@@ -24,6 +24,11 @@ az_resources_prefix: "{{ organization_name }}"
 # example configuration is:
 az_allowed_subnets: null
 
+#######################################
+#     Deployment configuration        #
+#######################################
+
+ux20_deployment: true  # NOTE remove or set to false for UX1.0 deployment
 
 ###############################
 #          Controllers        #
@@ -77,7 +82,8 @@ vsmart_instances:
 ################################
 
 # cedge C8000K
-az_cedge_vm_size: "Standard_D2_v2"
+az_cedge_vm_size: "Standard_D4_v2"
+# az_cedge_vm_size: "Standard_D2_v2"  # NOTE optionally uncomment for UX1.0 deployment
 
 az_cedge_image_offer: "cisco-c8000v-byol"
 az_cedge_image_publisher: "cisco"

playbooks/azure/feature_profile_config.yml

@@ -0,0 +1,97 @@
+### TRANSPORT PARCELS
+
+wan_interface_ethernet_parcel:
+  template: ethernet
+  config:
+    data:
+      interfaceName:
+        optionType: variable
+        value: "{{ '{{vpn_0_transport_if}}' }}"
+      description:
+        optionType: global
+        value: WAN VPN 0 Interface
+    name: TRANSPORT
+    description: WAN VPN 0 Feature
+
+wan_vpn_parcel:
+  template: vpn
+  config:
+    name: VPN0
+    description: SDWAN Transport Wan Vpn Feature config
+  sub_parcels:
+    - "{{ wan_interface_ethernet_parcel }}"
+
+### SERVICE PARCELS
+
+lan_interface_ethernet_parcel:
+  template: ethernet
+  config:
+    name: VPN_Service_10_Interface
+    description: LAN Interface
+    data:
+      interfaceName:
+        optionType: variable
+        value: "{{ '{{vpn_10_if_0}}' }}"
+      intfIpAddress:
+        static:
+          staticIpV4AddressPrimary:
+            ipAddress:
+              optionType: variable
+              value: "{{ '{{vpn_10_if_0_static_ipaddr}}' }}"
+            subnetMask:
+              optionType: variable
+              value: "{{ '{{vpn_10_if_0_static_subnet}}' }}"
+
+lan_vpn_parcel:
+  template: vpn
+  config:
+    name: Service_Network
+    description: LAN VPN
+    data:
+      vpnId:
+        optionType: global
+        value: 10
+      name:
+        optionType: global
+        value: SERVICE
+  sub_parcels:
+    - "{{ lan_interface_ethernet_parcel }}"
+
+### FEATURE PROFILES
+
+name_prefix: "{{ config_group_name | default('ansible-generated') }}"
+
+system_profile:
+  name: "{{ name_prefix }}_Basic"
+  description: "{{ name_prefix }} Basic Profile"
+  parcels:
+    - template: banner
+    - template: basic
+    - template: bfd
+    - template: omp
+    - template: logging
+    - template: ntp
+    - template: global
+    - template: aaa
+    - template: mrf
+
+transport_profile:
+  name: "{{ name_prefix }}_WAN"
+  description: "{{ name_prefix }} Transport Profile"
+  parcels:
+    - "{{ wan_vpn_parcel }}"
+
+service_profile:
+  name: "{{ name_prefix }}_LAN"
+  description: "{{ name_prefix }} Service Profile"
+  parcels:
+    - "{{ lan_vpn_parcel }}"
+
+system_profiles:
+  - "{{ system_profile }}"
+
+transport_profiles:
+  - "{{ transport_profile }}"
+
+service_profiles:
+  - "{{ service_profile }}"