/ansible-collection-sdwan-deployment

This repository contains the necessary ansible modules for deploying SDWAN resources

Primary LanguageJinjaApache License 2.0Apache-2.0

Cisco SD-WAN Deployment on AWS and Azure using Ansible

Ansible roles and playbooks for deployment and teardown of Cisco SD-WAN on AWS and Azure.

Table of Contents


Overview

This repository includes:

  • aws_network_infrastructure
  • aws_controllers
  • aws_edges
  • aws_teardown
  • cisco.sdwan_deployment.common`
  • azure_controllers
  • azure_edges
  • azure_teardown
  • azure_controllers
  • template_cloudinit

Ansible roles, which can be used to automate the deployment (and teardown) of SD-WAN systems on the AWS cloud.

In order to have more convenient way of handling next onboarding processes, the aws and azure roles are generating files via:

  • roles/common/tasks/generate_deployment_facts_controllers.yml and

  • roles/common/tasks/generate_deployment_facts_edges.yml

Path of this output file customizable via results_dir results_path_controllers and results_path_edges variables in input config file.


Roadmap

Current coverage:

  • Deployment on AWS
  • Deployment on Azure
  • Deployment of:
    • vManage
    • vBond
    • vSmart
    • cEdge
  • Local installation via Ansible Galaxy
  • Installation via git repository link
  • Migration to CiscoDevNet/Cisco Open
  • Separate role for cloudinit templating
  • Share roles via Ansible Galaxy

Future Goals:

  • Support for cluster deployment
  • Provide AWX (web-based user interface)
  • Deployment on GCP
  • Enhance cloud-init configuration (complex bringup)

Requirements

This collection is based on ansible-core==2.16.6, see ansible-core-support-matrix.

Before you begin, ensure you have met the following requirements:

  • You have installed Python 3.10 - 3.12
  • You have an AWS or Azure account with the necessary permissions
  • You have access to a Cisco SD-WAN AMIs on AWS or images on Azure

Python dependencies

The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip:

pip install -r requirements.txt

Installing this collection

Using requirements.yml

In requirements.yml inside your project add:

- name: git@github.com:cisco-en-programmability/ansible-collection-sdwan-deployment.git
  type: git
  version: main

Note: If you are not using full ansible installation, you might install also aws.collection and azure.azcollection by adding:

  - name: amazon.aws
    version: 6.5.0
  - name: azure.azcollection
    version: 1.19.0

to requirements.yml inside your project.

At the end always run:

ansible-galaxy install -r requirements.yml

Using this collection

Prepare your configuration

Note: Current solution supports topology that consist of vManage, vBond, vSmart and C8000V edge device.

There are configuration files which has been initially filled with values:

  • .playbooks/aws_sdwan_config.yml
  • .playbooks/azure_sdwan_config.yml

Both files are supplemented by config defaults from all roles.

NOTE: You can call the variables file any name, but remember to choose one option:

  • include that name in playbook
- name: Deploy Cisco SD-WAN on AWS
  hosts: localhost
  roles:
    - aws_network_infrastructure
    - aws_controllers
  vars_files:
    - ./playbooks/aws_sdwan_config.yml
  • or pass the variables by directly including your configuration file with:
ansible-playbook playbooks/aws_deploy_controllers.yml -e "@./playbooks/aws_sdwan_config.yml"

(notice @ that suggest we are reffering to the file)

Deploying Cisco SD-WAN

To deploy Cisco SD-WAN on AWS or Azure, run the example playbook using roles:

For AWS:

  • aws_network_infrastructure
  • aws_controllers
  • aws_edges

For Azure:

  • azure_network_infrastructure
  • azure_controllers
  • azure_edges

Current version of this solution assumes that users will authenticate with their cloud providers in order to run ansible playbooks. See Useful Links.

We provided example playbooks that you can execute with:

ansible-playbook playbooks/aws_deploy_controllers.yml
ansible-playbook playbooks/aws_deploy_edges.yml

or

ansible-playbook playbooks/azure_deploy_controllers.yml
ansible-playbook playbooks/azure_deploy_edges.yml

For desired changes, please update configuration files.

Tearing down Cisco SD-WAN on AWS

To teardown the deployed system, run the example playbook using the aws_teardown role or azure_teardown.

ansible-playbook ./playbooks/aws_teardown.yml

or

ansible-playbook ./playbooks/azure_teardown.yml

If you want to teardown only specific ec2 instances (with their EiPs and NICs associated):

ansible-playbook ./playbooks/aws_teardown.yml -e "@instances_to_teardown.yml"

Where instances_to_teardown.yml is path to file with definition:

teardown_specific_instances:
  - "acich-ansible-cedge-111"
  - "acich-ansible-cedge-222"

Generating cloud-init configuration

Role template_cloudinit provide tasks that can generate cloudinit (also known as userdata) configuration, without deployment of any machines. Examples usage of template_cloudinit role can be taken from playbooks/template_cloudinit.yml. Note, that in this example playbook, configuration file is used from playbooks/template_cloudinit.yml.


Troubleshooting

1. Consol connectivity works, but cannot reach with SSH or ICMP

If your instances are up and running, and you can log to them via ec2 console, please verify that your ip address is "allow-listed". See aws_allowed_subnets in roles/aws_controllers/defaults/main.yml to verify.

2. Services status

If vManage is not starting NMS service:

  • check if your disk /opt/data is more than 20% free. Otherwise that case shutdown application as well
  • remember to make sure the sdwan manager and other sdwan virtual machines are right sized for your deployment needs - cisco's server recommendations are available here: server-requirements

Compatibility

Note that azure collection python requirements include package uamqp which can generate wheel issues. For MacOS you migth install cmake: brew install cmake and: pip install cmake. Then install working uamqp package (which is below v1.6.9) with: pip install uamqp==1.6.8.


Useful links

AWS CLI

AWS Authentication

Azure Authentication


Contact Information

For any questions or concerns, please open an issue on this repository.

License

See LICENSE file.

Contributing

See Contributing file.

Code of Conduct

See Code of Conduct file.

Releasing, Versioning and Deprecation

This collection follows Semantic Versioning. More details on versioning can be found in Understanding collection versioning.