Staging FabricThe Ansible inventory file defines how Ansible will connect and authenticate with NDFC.
touch ~/workspace/ndfclab/ansible/hosts.stage.yml
cat << EOF > ~/workspace/ndfclab/ansible/hosts.stage.yml
---
# Connection Information For Staging Fabric
#
# This file defines how Ansible will connect to NDFC
ndfc:
children:
stage:
hosts:
10.15.0.11:
ansible_connection: ansible.netcommon.httpapi
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_python_interpreter: auto_silent
ansible_network_os: cisco.dcnm.dcnm
ansible_user: admin
ansible_password: cisco.123
EOF
The hosts.stage.yml file above defines how Ansible connects and authenticates with NDFC
ndfc:children:stage: This specifies the inventory data targeting the staging fabric
10.15.0.11: This is the IP Address of the NDFC Controller
ansible_connection: Defines the base Ansible plugin used for connecting to the NDFC REST Interface
ansible_httpapi_use_ssl: Indicates you want to use a secure SSL connection to the NDFC controller
ansible_network_os: The value cisco.dcnm.dcnm tells Ansible that you want to connect to NDFC/DCNM
ansible_user: The username used when connecting to NDFC
ansible_password: The password used when connecting to NDFC
For this lab you are using a clear text password but a best practice is to use Ansible Vault for encrypting passwords!
Reference: Ansible Vault Documentation
fabric.yml under group_vars/stage/A best practice in Ansible is to organize and store your variables that will be used by various playbooks. This file contains the variable data for the following:
This variable data and other variable files you create during this lab will be used in your playbooks throughout the lab.
stage
This data file is stored in the group_vars/stage directory as it is specific data configuration for your staging or test fabric.
When it comes time to deploy to production you will have a similar file in the group_vars/prod directory.
touch ~/workspace/ndfclab/ansible/group_vars/stage/fabric.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/stage/fabric.yml
---
# ---------------------------------------------------------------- #
# Fabric Settings #
# ---------------------------------------------------------------- #
fabric_settings:
DEPLOY: yes
FABRIC_NAME: fabric-stage
FABRIC_TYPE: VXLAN_EVPN
BGP_AS: 65001
GRFIELD_DEBUG_FLAG: Enable
AUTO_SYMMETRIC_VRF_LITE: true
AAA_REMOTE_IP_ENABLED: false
DCI_SUBNET_RANGE: 10.31.0.0/16
VRF_LITE_AUTOCONFIG: Back2Back&ToExternal
BOOTSTRAP_ENABLE: true
DHCP_ENABLE: true
DHCP_IPV6_ENABLE: DHCPv4
DHCP_START: 10.15.0.100
DHCP_END: 10.15.0.101
MGMT_GW: 10.15.0.1
MGMT_PREFIX: 24
BOOTSTRAP_MULTISUBNET: "10.15.1.100,10.15.1.101,10.15.1.1,24"
# ---------------------------------------------------------------- #
# Local Fabric Information #
# ---------------------------------------------------------------- #
fabric_inventory:
- seed_ip: 10.15.1.11
user_name: admin
password: cisco.123
max_hops: 0
role: spine
preserve_config: false
- seed_ip: 10.15.1.12
user_name: admin
password: cisco.123
max_hops: 0
role: leaf
preserve_config: false
- seed_ip: 10.15.1.13
user_name: admin
password: cisco.123
max_hops: 0
role: leaf
preserve_config: false
- seed_ip: 10.15.1.14
user_name: admin
password: cisco.123
role: border
poap:
- serial_number: 9IZOB1DARSA
model: N9K-C9300v
version: 9.3(8)
hostname: staging-leaf3
config_data:
modulesModel: [N9K-X9364v, N9K-vSUP]
gateway: 10.15.1.1/24
# ---------------------------------------------------------------- #
# External Fabric Information #
# ---------------------------------------------------------------- #
fabric_external_settings:
DEPLOY: yes
FABRIC_NAME: external-fabric-stage
BGP_AS: 65999
fabric_external_inventory:
- seed_ip: 10.15.1.15
auth_proto: MD5
user_name: admin
password: cisco.123
max_hops: 0
preserve_config: true
role: edge_router
EOF
Continue to the next section where you will put together a quick Ansible playbook to wipe and reset your NDFC instance in preparation for building out and managing your fabric end-to-end; all with Ansible!