• Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND Web interface
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • staging-spine1: 10.15.1.11
  • staging-leaf1: 10.15.1.12
  • staging-leaf2: 10.15.1.13
  • staging-leaf3: 10.15.1.14
  • staing-ext-rtr: 10.15.1.15
  • prod-spine1: 10.15.1.18
  • prod-leaf1: 10.15.1.19
  • prod-leaf2: 10.15.1.20
  • prod-leaf3: 10.15.1.21
  • prod-ext-rtr: 10.15.1.22
  • GitLab Server
  • USER: pod01
  • PASS: c1sco.123
  • Gitlab
  • Test VM Login
  • USER: cisco
  • PASS: cisco.123
  • staging-server1: 10.15.1.16
  • staging-server2: 10.15.1.17
  • prod-server1: 10.15.1.23
  • prod-server2: 10.15.1.24
  • Code-Server
  • address: https://10.15.0.161:8443/?folder=/home/pod01/workspace
Overlay
Ansible Role

Ansible Role - [add-overlay]

In this part of the lab you will add overlay VRFs and Networks

Step 1 - Add Variable File overlay.yml under group_vars/all/

To manage the overlay pieces, you will create a file that contains the VRFs and Networks variable data. This data will be used to create the VRF and Network objects in NDFC but the actual configuration will not be deployed to the devices until the deploy role is executed. 

touch ~/workspace/ndfclab/ansible/group_vars/all/overlay.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/all/overlay.yml
---

vrfs:
  - vrf_name: &refvrf_ansible AnsibleVRF
    vrf_id: 150001
    vlan_id: 2000
    attach_group: all_leaf
    deploy: false
networks:
  - net_name: AnsibleNet1
    vrf_name: *refvrf_ansible
    net_id: 130001
    vlan_id: 2301
    vlan_name: AnsibleNet1_vlan2301
    gw_ip_subnet: "192.168.11.1/24"
    attach_group: esxi
    deploy: false
  - net_name: AnsibleNet2
    vrf_name: *refvrf_ansible
    net_id: 130002
    vlan_id: 2302
    vlan_name: AnsibleNet2_vlan2302
    gw_ip_subnet: "192.168.12.1/24"
    attach_group: esxi
    deploy: false

EOF
YAML

YAML Anchors and Aliases

In the file to the left for your overlay variable data, there might be an unfamilair concept with the & and the * characters. These are called YAML Anchors and Aliases. In short, the & is used to create an anchor and the * is used to reference the anchor so that you do not have to repeat portions of your data or configuration.

Group Vars all

This data file is stored in the group_vars/all directory and is used to define variables that are common to all devices in your staging-fabric and will also later be used in your production-fabric. Using the all directory and/or file name is a specially reservered name in Ansible.


Step 2 - Open The Main Task File for the Role

For the overlay role tasks, ensure you are in your VSCode Terminal and open the main.yml file found in roles/manage_overlay/tasks/ using the VSCode code keyword as before. 

code-server -r ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/main.yml
Bash

Step 3 - Create Tasks To Add Overlay VRFs and Networks

Copy the below tasks into the roles/manage_overlay/tasks/main.yml file that uses various Ansible built-in modules to import task files for different aspects of a VXLAN overlay. The first tasks import is used to add VRFs and Networks to the fabric; add_vrfs_networks.yml. That is what you will focus on in this section. Subsequently, you will add tasks to resync the fabric and add VRF Lite when you get to the external connectivity secion of this lab. Like before, the tasks are tagged so that you can run specific tasks using the --tags option when executing the playbook. 


- ansible.builtin.debug:
    msg:
      - "----------------------------------------------------------------"
      - "+             Calling Role - [manage_overlay]                     +"
      - "----------------------------------------------------------------"
  tags:
    - mo_vrfs_nets
    - mo_vrf_lite
    - mo_resync
    - mo_networks
    - mo_policies
    - mo_all

- name: Include Tasks To Add Overlay VRFs and Networks
  ansible.builtin.import_tasks: add_vrfs_networks.yml
  tags:
    - mo_vrfs_nets
    - mo_all

- name: Include Tasks To Re-Sync Local and External Fabric Before Adding VRF Lite
  ansible.builtin.import_tasks: resync_fabric.yml
  tags:
    - mo_vrf_lite
    - mo_resync
    - mo_all

- name: Include Tasks To Add Overlay VRFs To VRF Lite Fabric Extensions
  ansible.builtin.import_tasks: add_vrf_lite_vrfs.yml
  tags:
    - mo_vrf_lite
    - mo_all

- name: Include Tasks To Manage Policies
  ansible.builtin.import_tasks: add_policies.yml
  tags:
    - mo_policies
    - mo_all
YAML

After successfully populating the file above, save the file using Ctrl+s on the Windows keyboard or by clicking File then Save.

Warning

Be sure to save your file! Not saving will result in your code not executing.

Step 4 - Add empty placeholder subtask files for other imported task files

Just like the previous sections, you need to add empty files for the following task import directives that will be filled in with tasks later in this lab

ansible.builtin.import_tasks: add_vrf_lite_vrfs.yml
ansible.builtin.import_tasks: resync_fabric.yml
ansible.builtin.import_tasks: add_policies.yml 

touch ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_vrf_lite_vrfs.yml
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_vrf_lite_vrfs.yml
---
EOF
touch ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/resync_fabric.yml
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/resync_fabric.yml
---
EOF
touch ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_policies.yml
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_policies.yml
---
EOF
YAML

Step 5 - Create Overlay Variables File for the Staging Fabric

This file contains the overlay specific variables for attaching VRF(s) to your border leaf switch in your staging fabric.

Group Vars stage

This data file is going back to being stored in the group_vars/stage directory like previous sections as it is specific data configuration for your staging or test fabric. When it comes to your production fabric, similar data specific to your production fabric will be stored in the group_vars/prod directory. 

touch ~/workspace/ndfclab/ansible/group_vars/stage/overlay.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/stage/overlay.yml
---

vrf_attach_group:
  all_leaf:
    - ip_address: 10.15.1.12
    - ip_address: 10.15.1.13

attach_group:
  esxi:
    - ip_address: 10.15.1.12
      ports:
        - Port-channel10
    - ip_address: 10.15.1.13
      ports:
        - Port-channel10
EOF
YAML

Step 6 - Create templates and files directories under the manage_overlay role

New Jinja2 Templating Method

In this part of the lab you are going to be using a new method to work with Jinja2 tempates. Earlier in the lab you created inline Jinja2 templates directly in the Ansible tasks. In this section you will use a different approach. You will create two new directories in the manage_overlay role directory to store the Jinja2 templates and rendered configuration files.

This use of Jinja2 templates makes roles highly reusable and allows for the separation of configuration data from the actual configuration files. This is a best practice in Ansible development. 

mkdir -p ~/workspace/ndfclab/ansible/roles/manage_overlay/templates
mkdir -p ~/workspace/ndfclab/ansible/roles/manage_overlay/files
Bash
  • roles/manage_overlay/templates - This directory will store the Jinja2 templates
  • roles/manage_overlay/files - This directory will store the rendered configuration files

The diagram below demonstrates how the main playbook tasks will call the Jinja2 templates to render the configuration files that will be used to deploy the VRFs and Networks to the fabric.

  1. The task on line 6 uses the ansible.builtin.template module
  2. This module calls the roles/manage_overlay/templates/attach_vrfs.j2 Jinja2 template
  3. This Jinja2 template renders the configuration to a file called roles/manage_overlay/files/attach_vrfs.yml using the VRF variable data defined in group_vars/all/overlay.yml
  4. The task on line 11 saves the rendered configuration to a variable called vrf_config which is then passed to the cisco.dcnm.dcnm_vrf module to create the VRF objects in NDFC

Step 7 - Create Jinja2 Templates for VRFs and Networks

This step will create the Jinja2 templates that will be used to render the VRF and Nework configuration files. 

touch ~/workspace/ndfclab/ansible/roles/manage_overlay/templates/attach_vrfs.j2
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/templates/attach_vrfs.j2
---
# This file is auto-generated
# DO NOT EDIT MANUALLY
#
{% for vrf in vrfs %}
- vrf_name: {{ vrf['vrf_name'] }}
{# ------------------------------------------------------ #}
{# Properties Section #}
{# ------------------------------------------------------ #}
  vrf_id: {{ vrf['vrf_id']  }}
  vlan_id: {{ vrf['vlan_id'] }}
{# ------------------------------------------------------ #}
{# Attach Group Section #}
{# ------------------------------------------------------ #}
  attach:
{% for switch in vrf_attach_group.all_leaf %}
    - ip_address: {{ switch['ip_address'] }}
{% endfor %}
  deploy: false
{% endfor %}
EOF

touch ~/workspace/ndfclab/ansible/roles/manage_overlay/templates/attach_networks.j2
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/templates/attach_networks.j2
---
# This file is auto-generated
# DO NOT EDIT MANUALLY
#
{% for net in networks %}
- net_name: {{ net['net_name'] }}
{# ------------------------------------------------------ #}
{# Properties Section #}
{# ------------------------------------------------------ #}
  vrf_name: {{ net['vrf_name'] }}
  net_id: {{ net['net_id'] }}
  vlan_id: {{ net['vlan_id'] }}
  vlan_name: {{ net['vlan_name'] }}
  gw_ip_subnet: {{ net['gw_ip_subnet'] }}
{# ------------------------------------------------------ #}
{# Attach Group Section #}
{# ------------------------------------------------------ #}
  attach:
{% for switch in attach_group.esxi %}
    - ip_address: {{ switch['ip_address'] }}
      ports: {{ switch['ports'] }}
{% endfor %}
  deploy: false
{% endfor %}
EOF
YAML

Step 8 - Add a subtask file called add_vrfs_networks.yml in the same directory

This file contains the subtasks used to add Overlay VRFs and Networks to the fabric 

touch ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_vrfs_networks.yml
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_vrfs_networks.yml
---
# -------------------
# CREATE VRF SECTION
# -------------------

- name: Create file to hold rendered VRF information
  ansible.builtin.template:
    src: attach_vrfs.j2
    dest: "{{ role_path }}/files/attach_vrfs.yml"

- name: Create and store generated VRF configuration
  ansible.builtin.set_fact:
    vrf_config: "{{ lookup('file', 'attach_vrfs.yml') | from_yaml }}"

# -----------------------
# CREATE NETWORK SECTION
# -----------------------

- name: Create file to hold rendered Network information
  ansible.builtin.template:
    src: attach_networks.j2
    dest: "{{ role_path }}/files/attach_nets.yml"

- name: Create and store generated Network configuration
  ansible.builtin.set_fact:
    net_config: "{{ lookup('file', 'attach_nets.yml') | from_yaml }}"

# --------------------------------------------------------------------
# Manage VRF Configuration on NDFC
# --------------------------------------------------------------------
- name: Manage NDFC Fabric VRFs
  cisco.dcnm.dcnm_vrf:
    fabric: "{{ fabric_settings.FABRIC_NAME  }}"
    state: replaced
    config: "{{ vrf_config }}"

# --------------------------------------------------------------------
# Manage Network Configuration on NDFC
# --------------------------------------------------------------------
- name: Manage NDFC Fabric Networks
  cisco.dcnm.dcnm_network:
    fabric: "{{ fabric_settings.FABRIC_NAME }}"
    state: replaced
    config: "{{ net_config }}"
EOF
YAML

Step 9 - Open the Top Level build_fabric.yml Ansible Playbook

Navigate back to your build_fabric.yml file by using the VSCode code command: 

code-server -r ~/workspace/ndfclab/ansible/build_fabric.yml
Bash

Step 10 - Add a line to call the manage_overlay role under the roles: section of the playbook

Your build_fabric.yml file should already be populated from the previous section. With the file open, you only need to add the highlighted line, which should be line number 13 in your file. You can do this by highlighting the text in the lab guide and copying then pasting in your file or typing the line in your file. After one of those actions, press the return key such that there is a new line after where you entered - manage_overlay.

Note:

Make sure you identation is correct and aligns with the previous item which should be:
- manage_interfaces 

---
# This is the top level build playbook that runs the various
# Ansible roles that will be used to build out the fabric

- name: Build VXLAN EVPN Fabric on NDFC
  hosts: ndfc
  gather_facts: false

  roles:
    - create_fabric
    - add_inventory
    - setup_vpc
    - manage_interfaces
    - manage_overlay # Add This Line Under The manage_interfaces role from the previous section
YAML

After successfully populating the file above, save the file using Ctrl+s on the Windows keyboard or by clicking File then Save.

Warning

Be sure to save your file! Not saving will result in your code not executing.


Step 11 - Execute Ansible Playbook

Make sure you are in the root Ansible directory 

cd ~/workspace/ndfclab/ansible
Bash

From the root ansible project directory execute the following command. 

ansible-playbook -i hosts.stage.yml build_fabric.yml --tags mo_vrfs_nets
Bash

Upon a successful run of the playbook your output should look as follows: 

  [WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/create_fabric/tasks/manage_external_fabric.yml is empty and had no tasks to include
  [WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/add_inventory/tasks/add_fabric_devices_poap.yml is empty and had no tasks to include
  [WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/add_inventory/tasks/add_fabric_external_devices.yml is empty and had no tasks to include
  [WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/manage_interfaces/tasks/loopback_interfaces.yml is empty and had no tasks to include
  [WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/manage_overlay/tasks/resync_fabric.yml is empty and had no tasks to include
  [WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/manage_overlay/tasks/add_vrf_lite_vrfs.yml is empty and had no tasks to include
  [WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/manage_overlay/tasks/add_policies.yml is empty and had no tasks to include

  PLAY [Build VXLAN EVPN Fabric on NDFC] ********************************************************************************************************************************************************************

  TASK [manage_overlay : ansible.builtin.debug] *************************************************************************************************************************************************************
  ok: [10.15.0.11] => {
      "msg": [
          "----------------------------------------------------------------",
          "+             Calling Role - [manage_overlay]                     +",
          "----------------------------------------------------------------"
      ]
  }

  TASK [manage_overlay : Create file to hold rendered VRF information] **************************************************************************************************************************************
  changed: [10.15.0.11]

  TASK [manage_overlay : Create and store generated VRF configuration] **************************************************************************************************************************************
  ok: [10.15.0.11]

  TASK [manage_overlay : Create file to hold rendered Network information] **********************************************************************************************************************************
  changed: [10.15.0.11]

  TASK [manage_overlay : Create and store generated Network configuration] **********************************************************************************************************************************
  ok: [10.15.0.11]

  TASK [manage_overlay : Manage NDFC Fabric VRFs] ***********************************************************************************************************************************************************
  changed: [10.15.0.11]

  TASK [manage_overlay : Manage NDFC Fabric Networks] *******************************************************************************************************************************************************
  changed: [10.15.0.11]

  PLAY RECAP ************************************************************************************************************************************************************************************************
  10.15.0.11                 : ok=7    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Step 12 - Return to NDFC & Verify Network and VRF Information

Return to your NDFC browser where you should be sitting on the Interfaces tab

  1. Click the VRFs tab in the top navigation bar

    2. Verify you see the VRF AnsibleVRF that was created by your Ansible playbook.

    Like previous sections, when reviewing the VRFs tab, it is expected to see VRFs in the Pending status since a deployment has not taken place yet. Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in NDFC.

  2. Double-click AnsibleVRF to review the VRF details



  3. Click VRF Attachments
  4. Confirm AnsibleVRF is pending deployment and attachment to your switches



  5. Click Networks
  6. Confirm AnsibleNet1 and AnsibleNet2 is associated to AnsibleVRF and pending deployment to your switches
  7. Click the close button



  8. Click the Networks tab in the top navigation bar

    9. Verify you see the Networks AnsibleNet1 and AnsibleNet2 that was created by your Ansible playbook.

    Like previous sections, when reviewing the Networks tab, it is expected to see VRFs in the Pending status since a deployment has not taken place yet. Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in NDFC.

  9. Double-click AnsibleNet1 to review the Network details



  10. Click Network Attachments
  11. Confirm AnsibleNet1 is pending deployment and attachment to your switches



  12. Click VRF
  13. Confirm AnsibleVRF is associated to AnsibleNet1 and pending deployment to your switches
  14. Click the close button




Step 13 - Return to VSCode & Close All Open Tabs

On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.



Continue to the next section to populate the deploy role with the necessary tasks to deploy all of your configuration to your staging fabric.