Now that we have successfully deployed the staging fabric using Ansible we will use GitLab and a CI/CD Pipeline to deploy the production fabric and then any additional changes we need to make to the production Fabric will first be tested in our safe staging fabric before pushing them to the production fabric.
First we need to create the same variable files for the production fabric just like we did for the staging fabric.
Production Fabric
Like you did back in the NDFC Ansible section, create an inventory file for your production fabric. When this is used in the pipeline,
it will be the inventory used with ansible-playbook -i. Since this file uses the same ndfc group name, your
previously developed playbooks remain unchanged and can be reused.
touch ~/workspace/ndfclab/ansible/hosts.prod.yml
cat << EOF > ~/workspace/ndfclab/ansible/hosts.prod.yml
---
# Connection Information For Production Fabric
#
# This file defines how Ansible will connect to the NDFC controller
ndfc:
children:
prod:
hosts:
10.15.0.11:
ansible_connection: ansible.netcommon.httpapi
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_python_interpreter: auto_silent
ansible_network_os: cisco.dcnm.dcnm
ansible_user: admin
ansible_password: cisco.123
EOF
fabric.yml under group_vars/prod
This file contains the topology data for the production fabric
touch ~/workspace/ndfclab/ansible/group_vars/prod/fabric.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/prod/fabric.yml
---
# ---------------------------------------------------------------- #
# Fabric Settings #
# ---------------------------------------------------------------- #
fabric_settings:
DEPLOY: yes
FABRIC_NAME: fabric-prod
FABRIC_TYPE: VXLAN_EVPN
BGP_AS: 65001
GRFIELD_DEBUG_FLAG: Enable
AUTO_SYMMETRIC_VRF_LITE: true
AAA_REMOTE_IP_ENABLED: false
DCI_SUBNET_RANGE: 10.31.0.0/16
VRF_LITE_AUTOCONFIG: Back2Back&ToExternal
# ---------------------------------------------------------------- #
# Local Fabric Information #
# ---------------------------------------------------------------- #
fabric_inventory:
- seed_ip: 10.15.1.18
user_name: admin
password: cisco.123
max_hops: 0
role: spine
preserve_config: false
- seed_ip: 10.15.1.19
user_name: admin
password: cisco.123
max_hops: 0
role: leaf
preserve_config: false
- seed_ip: 10.15.1.20
user_name: admin
password: cisco.123
max_hops: 0
role: leaf
preserve_config: false
- seed_ip: 10.15.1.21
user_name: admin
password: cisco.123
max_hops: 0
role: border
preserve_config: false
# ---------------------------------------------------------------- #
# External Fabric Information #
# ---------------------------------------------------------------- #
fabric_external_settings:
DEPLOY: yes
FABRIC_NAME: external-fabric-prod
BGP_AS: 65999
fabric_external_inventory:
- seed_ip: 10.15.1.22
auth_proto: MD5
user_name: admin
password: cisco.123
max_hops: 0
preserve_config: true
role: edge_router
EOF
Like in your staging environment, you need to define interface details for your prod fabric.
touch ~/workspace/ndfclab/ansible/group_vars/prod/interface.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/prod/interface.yml
---
interfaces:
# --------------------
# VCP Interface List
# --------------------
vpc:
- name: vpc10
type: vpc
switch:
- 10.15.1.19
- 10.15.1.20
deploy: false
profile:
admin_state: true
mode: trunk
peer1_members:
- e1/5
peer2_members:
- e1/5
pc_mode: active
bpdu_guard: true
port_type_fast: true
mtu: jumbo
- name: vpc20
type: vpc
switch:
- 10.15.1.19
- 10.15.1.20
deploy: false
profile:
admin_state: true
mode: trunk
peer1_members:
- e1/6
peer2_members:
- e1/6
pc_mode: active
bpdu_guard: true
port_type_fast: true
mtu: jumbo
# ----------------------
# Access Interface List
# ----------------------
access:
- name: eth1/1
type: eth
switch:
- 10.15.1.19
deploy: false
profile:
admin_state: true
mode: access
speed: auto
bpdu_guard: false
port_type_fast: true
mtu: jumbo
access_vlan: 2301
cmds:
- no shutdown
description: "VLAN 2301 Access Interface"
- name: eth1/1
type: eth
switch:
- 10.15.1.20
deploy: false
profile:
admin_state: true
mode: access
speed: auto
bpdu_guard: false
port_type_fast: true
mtu: jumbo
access_vlan: 2302
cmds:
- no shutdown
description: "VLAN 2302 Access Interface"
EOF
Like in your staging environment, you need to define the overlay specific details for your prod fabric.
touch ~/workspace/ndfclab/ansible/group_vars/prod/overlay.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/prod/overlay.yml
---
vrf_attach_group:
all_leaf:
- ip_address: 10.15.1.19
- ip_address: 10.15.1.20
attach_group:
esxi:
- ip_address: 10.15.1.19
ports:
- Port-channel10
- ip_address: 10.15.1.20
ports:
- Port-channel10
EOF
Like in your staging environment, you need to define the VRF Lite specific details for your prod fabric.
touch ~/workspace/ndfclab/ansible/group_vars/prod/vrf_lite.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/prod/vrf_lite.yml
---
vrf_lite_attach_group:
all_leaf:
- ip_address: 10.15.1.21
vrf_lite:
- peer_vrf: AnsibleVRF # optional
interface: Ethernet1/1 # mandatory
ipv4_addr: 10.31.0.1/30 # optional
neighbor_ipv4: 10.31.0.2 # optional
dot1q: 2 # dot1q can be got from dcnm/optional
EOF
Perform a git add to move your configuration intent for your prod fabric to git staging.
git add .
Review what is staged to be committed to your git repo.
git status .
The following files are staged for commit. Make sure your list matches the output below!
On branch main
Your branch is up to date with 'origin/main'.
Changes to be committed:
(use "git restore --staged ..." to unstage)
new file: group_vars/prod/fabric.yml
new file: group_vars/prod/interface.yml
new file: group_vars/prod/overlay.yml
new file: group_vars/prod/vrf_lite.yml
new file: hosts.prod.yml
Commit your prod configuration intent with a meaningful message.
git commit -m "Add Ansible Production Files"
Finally, push your commit to your remote repo in GitLab.
git push -u origin main