/ansible-viptela

An Ansible Role for automating a Viptela Overlay Network

Primary LanguagePythonOtherNOASSERTION

ansible-viptela

An Ansible Role for automating a Viptela Overlay Network. This is a hybrid role that provided both role tasks and modules.

This role can perform the following functions:

  • Add Controllers
  • Set Organization Name
  • Set vBond
  • Set Enterprise Root CA
  • Get Controller CSR
  • Install Controller Certificate
  • Install Serial File
  • Export Templates
  • Import Templates
  • Add/Change/Delete Templates
  • Attach Templates
  • Export Policy
  • Import Policy
  • Add/Change/Delete Policy
  • Activate Policy
  • Get Template facts
  • Get Device facts

Common Attributes

  • host: IP address or FQDN of vManage
  • user: Username used to log in to vManage
  • password: Password used to log into vManage

Set vManage Setting

  - name: vManage Settings
    vmanage_settings:
      host: "{{ vmanage_ip }}"
      user: "{{ vmanage_user }}"
      password: "{{ vmanage_password }}"
      organization: "{{ organization_name }}"
      vbond: 1.2.3.4
      ca_type: enterprise
      root_cert: "{{lookup('file', '{{ viptela_cert_dir }}/myCA.pem')}}"

Arguments:

  • organization: Organization name
  • vbond: vBond
  • vbond_port: vBond port
  • ca_type: CA type
  • root_cert: CA root certificate

Add device

- vmanage_device:
    host: "{{ vmanage_ip }}"
    user: "{{ vmanage_user }}"
    password: "{{ vmanage_pass }}"
    device_username: admin
    device_password: admin
    name: "{{ item }}"
    personality: "{{ hostvars[item].viptela.personality }}"
    system_ip: "{{ hostvars[item].viptela.transport_ip }}"

Arguments:

  • device_username: Username of the device being added
  • device_password: Password of the user specified
  • name: Name of the device being added
  • system_ip: The System IP of the device
  • personality: Personality of the device
  • state: present or absent (default: present)

Generate device CSR

- name: vmanage_device_certificate:
    host: "{{ vmanage_ip }}"
    user: "{{ vmanage_user }}"
    password: "{{ vmanage_pass }}"
    name: "{{ item }}"
    system_ip: "{{ hostvars[item].viptela.transport_ip }}"
    state: csr
  register: control_devices

Arguments:

  • name: Name of the device being added (required for present and csr)
  • system_ip: The System IP of the device
  • cert: The certificate to install when state is present
  • state:
    • present: Add certificate vmanage
    • csr: Generate CSR (CSR passed in results)
    • push: Push certificates to controllers

Get device bootstrap information

- vmanage_device_bootstrap:
    host: "{{ vmanage_ip }}"
    user: "{{ vmanage_user }}"
    password: "{{ vmanage_pass }}"
    uuid: "{{ viptela.uuid }}"
  register: result

Arguments:

  • uuid: UUID of the device

Get Device Template Facts

- vmanage_device_template_facts:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    factory_default: no

Retrieves device template facts from vManange

Arguments:

  • factory_default: Include factory default templates

Returns:

  • device_templates: The device templates defined in vManage
  • attached_devices: The devices current attached to the template
  • input: Variables required by template

Feature Template Facts:

- vmanage_feature_template_facts:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    factory_default: no

Retrieves feature template facts from vManange

Arguments:

  • factory_default: Include factory default templates

Returns:

  • feature_templates: The feature templates defined in vManage

Feature template operations

- vmanage_feature_template:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    state: present
    aggregate: "{{ vmanage_templates.feature_templates }}"

Create or delete a feature template

Arguments

  • name: Name of the feature template
  • description: Description of the feature template
  • definition: Feature template definition
  • type: Type of feature temaplate
  • device_type: Device type to which the the template can be applied
  • template_min_version: Minimum version of vManage required for template
  • factory_default: Factory default template
  • aggregate: A list of items composed of the arguments above

Device template operations

- vmanage_device_template:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    state: present
    aggregate: "{{ vmanage_templates.device_templates }}"

Create or delete a device template

Arguments

  • name: Name of the device template
  • description: Description of the device template
  • templates: Feature templates includes in the device template
  • config_type: Template type: template or cli
  • device_type: Device type to which the the template can be applied
  • template_min_version: Minimum version of vManage required for template
  • factory_default: Factory default template
  • aggregate: A list of items composed of the arguments above

Attach template to device:

- vmanage_device_attachment:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    device: site1-vedge1
    template: colo_vedge
    variables:
      vpn11_ipv4_address: 172.22.2.1/24
      vpn10_ipv4_address: 172.22.1.1/24
      vpn0_internet_ipv4_address: 172.16.22.2/24
      vpn0_default_gateway: 172.16.22.1
    wait: yes
    state: "{{ state }}"

Attach/Detach template to/from device

Arguments:

  • state: The state of the attachment: absent or present
  • device: The name of the device to which
  • template: The name of the template to apply
  • variables: The variable required by the template. (See vmanage_device_template_facts for required variables)
  • wait: Wait for the application of the template to succeed or fail.

Policy Lists

- vmanage_policy_list:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    name: blocked_prefixes
    description: Blocked Prefixes
    type: dataPrefix
    entries:
      - ipPrefix: 10.0.1.0/24
      - ipPrefix: 10.0.2.0/24
      - ipPrefix: 10.0.3.0/24
    state: present
    aggregate: "{{ item.value }}"

Arguments:

  • name: Policy List name
  • description: Policy List description
  • type: Policy List type
  • entries: The list entries appropriate to the type
  • state: absent or present
  • aggregate: A list of items composed of the arguments above

Policy List Facts:

- vmanage_policy_list_facts:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
  register: policy_list_facts

Retrieve policy list facts

Returns:

  • policy_lists: The policy lists currently defined in vManage

Policy definition

- vmanage_policy_definition:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    type: "{{ item.key }}"
    state: present
    aggregate: "{{ item.value }}"

Arguments:

  • state: absent or present
  • name: Policy List name
  • description: Policy List description
  • type: Policy List type (cflowd, dnssecurity, control, hubandspoke, acl, vpnmembershipgroup, mesh, rewriterule, data,rewriterule, aclv6)
  • sequences: Policy definition sequences
  • default_action: Default policy action (e.g. drop)
  • aggregate: A list of items composed of the arguments above

Policy Definition Facts:

- vmanage_policy_definition_facts:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
  register: policy_definition_facts

Retrieve policy definition facts

Returns:

  • policy_definitions: The policy definitions currently defined in vManage

Central Policy

Add Central Policy

- vmanage_central_policy:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    state: present
    aggregate: "{{ vmanage_policy.vmanage_central_policies }}"

Activate Central Policy

- vmanage_central_policy:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    state: activated
    name: central_policy
    wait: yes
  register: policy_facts

Arguments:

  • state: State (absent, present, activated, deactivated)

Note: activated, deactivated must be separate invocations of the module

  • name: Central Policy name
  • description: Central Policy description
  • type: Policy type
  • definition: Policy definition
  • wait: Wait for the application of the template to succeed or fail.

Central Policy Facts:

- vmanage_central_policy_facts:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
  register: central_policy_facts

Retrieve policy definition facts

Returns:

  • policy_definitions: The policy definitions currently defined in vManage

Get status of a device action:

- vmanage_device_action_status:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    id: "{{ attachment_results.action_id }}"

Retrieve status of device action

Get device facts:

- vmanage_device_facts:
    user: "{{ ansible_user }}"
    host: "{{ ansible_host }}"
    password: "{{ ansible_password }}"

Retrieve device facts

Upload serial number file:

- vmanage_fileupload:
    host: "{{ vmanage_ip }}"
    user: "{{ ansible_user }}"
    password: "{{ ansible_password }}"
    file: 'licenses/serialFile.viptela'

Arguments:

  • file: name of the serial file

Ping from vEdge

- vmanage_nping:
    user: "{{ ansible_user }}"
    host: "{{ vmanage_ip }}"
    password: "{{ ansible_password }}"
    dst_ip: 1.2.3.4
    vedge: site1-vedge1
    vpn: 10

Arguments:

  • vedge: Name of the vedge from which to ping
  • dst_ip: The IP to ping
  • vpn: The VPN number in which to ping
  • src_interface: The source interface on the vedge from which to ping
  • count: The number of packets to send
  • rapid: Whether to do a rapid ping

License

CISCO SAMPLE CODE LICENSE