In this part of the lab you will add overlay VRFs and Networks
overlay.yml under group_vars/all/
To manage the overlay pieces, you will create a file that contains the VRFs and Networks variable data. This data will be used to create the VRF and Network objects in NDFC but the actual configuration will not be deployed to the devices until the deploy role is executed.
touch ~/workspace/ndfclab/ansible/group_vars/all/overlay.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/all/overlay.yml
---
vrfs:
- vrf_name: &refvrf_ansible AnsibleVRF
vrf_id: 150001
vlan_id: 2000
attach_group: all_leaf
deploy: false
networks:
- net_name: AnsibleNet1
vrf_name: *refvrf_ansible
net_id: 130001
vlan_id: 2301
vlan_name: AnsibleNet1_vlan2301
gw_ip_subnet: "192.168.11.1/24"
attach_group: esxi
deploy: false
- net_name: AnsibleNet2
vrf_name: *refvrf_ansible
net_id: 130002
vlan_id: 2302
vlan_name: AnsibleNet2_vlan2302
gw_ip_subnet: "192.168.12.1/24"
attach_group: esxi
deploy: false
EOF
In the file to the left for your overlay variable data, there might be an unfamilair concept with the & and the * characters.
These are called YAML Anchors and Aliases.
In short, the & is used to create an anchor and the * is used to reference the anchor so that you do not have to repeat portions of your data or configuration.
all
This data file is stored in the group_vars/all directory and is used to define variables that are common to all devices in your staging-fabric and will also later be used in your production-fabric.
Using the all directory and/or file name is a specially reservered name in Ansible.
For the overlay role tasks, ensure you are in your VSCode Terminal and open the main.yml file found in roles/manage_overlay/tasks/ using the VSCode code keyword as before.
code-server -r ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/main.yml
Copy the below tasks into the roles/manage_overlay/tasks/main.yml file that uses various Ansible built-in modules to import task files for different aspects of a VXLAN overlay.
The first tasks import is used to add VRFs and Networks to the fabric; add_vrfs_networks.yml. That is what you will focus on in this section. Subsequently, you will add tasks to resync the fabric and add VRF Lite when you get to the external connectivity secion of this lab.
Like before, the tasks are tagged so that you can run specific tasks using the --tags option when executing the playbook.
- ansible.builtin.debug:
msg:
- "----------------------------------------------------------------"
- "+ Calling Role - [manage_overlay] +"
- "----------------------------------------------------------------"
tags:
- mo_vrfs_nets
- mo_vrf_lite
- mo_resync
- mo_networks
- mo_policies
- mo_all
- name: Include Tasks To Add Overlay VRFs and Networks
ansible.builtin.import_tasks: add_vrfs_networks.yml
tags:
- mo_vrfs_nets
- mo_all
- name: Include Tasks To Re-Sync Local and External Fabric Before Adding VRF Lite
ansible.builtin.import_tasks: resync_fabric.yml
tags:
- mo_vrf_lite
- mo_resync
- mo_all
- name: Include Tasks To Add Overlay VRFs To VRF Lite Fabric Extensions
ansible.builtin.import_tasks: add_vrf_lite_vrfs.yml
tags:
- mo_vrf_lite
- mo_all
- name: Include Tasks To Manage Policies
ansible.builtin.import_tasks: add_policies.yml
tags:
- mo_policies
- mo_all
After successfully populating the file above, save the file using Ctrl+s on the Windows keyboard or by clicking File then Save.
Be sure to save your file! Not saving will result in your code not executing.
Just like the previous sections, you need to add empty files for the following task import directives that will be filled in with tasks later in this lab
ansible.builtin.import_tasks: add_vrf_lite_vrfs.yml
ansible.builtin.import_tasks: resync_fabric.yml
ansible.builtin.import_tasks: add_policies.yml
touch ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_vrf_lite_vrfs.yml
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_vrf_lite_vrfs.yml
---
EOF
touch ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/resync_fabric.yml
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/resync_fabric.yml
---
EOF
touch ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_policies.yml
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_policies.yml
---
EOF
Staging FabricThis file contains the overlay specific variables for attaching VRF(s) to your border leaf switch in your staging fabric.
stage
This data file is going back to being stored in the group_vars/stage directory like previous sections as it is specific data configuration for your staging or test fabric.
When it comes to your production fabric, similar data specific to your production fabric will be stored in the group_vars/prod directory.
touch ~/workspace/ndfclab/ansible/group_vars/stage/overlay.yml
cat << EOF > ~/workspace/ndfclab/ansible/group_vars/stage/overlay.yml
---
vrf_attach_group:
all_leaf:
- ip_address: 10.15.30.12
- ip_address: 10.15.30.13
attach_group:
esxi:
- ip_address: 10.15.30.12
ports:
- Port-channel10
- ip_address: 10.15.30.13
ports:
- Port-channel10
EOF
templates and files directories under the manage_overlay role
In this part of the lab you are going to be using a new method to work with Jinja2 tempates.
Earlier in the lab you created inline Jinja2 templates directly in the Ansible tasks.
In this section you will use a different approach.
You will create two new directories in the manage_overlay role directory to store the Jinja2 templates and rendered configuration files.
This use of Jinja2 templates makes roles highly reusable and allows for the separation of configuration data from the actual configuration files. This is a best practice in Ansible development.
mkdir -p ~/workspace/ndfclab/ansible/roles/manage_overlay/templates
mkdir -p ~/workspace/ndfclab/ansible/roles/manage_overlay/files
roles/manage_overlay/templates - This directory will store the Jinja2 templatesroles/manage_overlay/files - This directory will store the rendered configuration filesThe diagram below demonstrates how the main playbook tasks will call the Jinja2 templates to render the configuration files that will be used to deploy the VRFs and Networks to the fabric.
ansible.builtin.template moduleroles/manage_overlay/templates/attach_vrfs.j2 Jinja2 templateroles/manage_overlay/files/attach_vrfs.yml using the VRF variable data defined in group_vars/all/overlay.ymlvrf_config which is then passed to the cisco.dcnm.dcnm_vrf module to create the VRF objects in NDFC
This step will create the Jinja2 templates that will be used to render the VRF and Nework configuration files.
touch ~/workspace/ndfclab/ansible/roles/manage_overlay/templates/attach_vrfs.j2
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/templates/attach_vrfs.j2
---
# This file is auto-generated
# DO NOT EDIT MANUALLY
#
{% for vrf in vrfs %}
- vrf_name: {{ vrf['vrf_name'] }}
{# ------------------------------------------------------ #}
{# Properties Section #}
{# ------------------------------------------------------ #}
vrf_id: {{ vrf['vrf_id'] }}
vlan_id: {{ vrf['vlan_id'] }}
{# ------------------------------------------------------ #}
{# Attach Group Section #}
{# ------------------------------------------------------ #}
attach:
{% for switch in vrf_attach_group.all_leaf %}
- ip_address: {{ switch['ip_address'] }}
{% endfor %}
deploy: false
{% endfor %}
EOF
touch ~/workspace/ndfclab/ansible/roles/manage_overlay/templates/attach_networks.j2
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/templates/attach_networks.j2
---
# This file is auto-generated
# DO NOT EDIT MANUALLY
#
{% for net in networks %}
- net_name: {{ net['net_name'] }}
{# ------------------------------------------------------ #}
{# Properties Section #}
{# ------------------------------------------------------ #}
vrf_name: {{ net['vrf_name'] }}
net_id: {{ net['net_id'] }}
vlan_id: {{ net['vlan_id'] }}
vlan_name: {{ net['vlan_name'] }}
gw_ip_subnet: {{ net['gw_ip_subnet'] }}
{# ------------------------------------------------------ #}
{# Attach Group Section #}
{# ------------------------------------------------------ #}
attach:
{% for switch in attach_group.esxi %}
- ip_address: {{ switch['ip_address'] }}
ports: {{ switch['ports'] }}
{% endfor %}
deploy: false
{% endfor %}
EOF
add_vrfs_networks.yml in the same directoryThis file contains the subtasks used to add Overlay VRFs and Networks to the fabric
touch ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_vrfs_networks.yml
cat << EOF > ~/workspace/ndfclab/ansible/roles/manage_overlay/tasks/add_vrfs_networks.yml
---
# -------------------
# CREATE VRF SECTION
# -------------------
- name: Create file to hold rendered VRF information
ansible.builtin.template:
src: attach_vrfs.j2
dest: "{{ role_path }}/files/attach_vrfs.yml"
- name: Create and store generated VRF configuration
ansible.builtin.set_fact:
vrf_config: "{{ lookup('file', 'attach_vrfs.yml') | from_yaml }}"
# -----------------------
# CREATE NETWORK SECTION
# -----------------------
- name: Create file to hold rendered Network information
ansible.builtin.template:
src: attach_networks.j2
dest: "{{ role_path }}/files/attach_nets.yml"
- name: Create and store generated Network configuration
ansible.builtin.set_fact:
net_config: "{{ lookup('file', 'attach_nets.yml') | from_yaml }}"
# --------------------------------------------------------------------
# Manage VRF Configuration on NDFC
# --------------------------------------------------------------------
- name: Manage NDFC Fabric VRFs
cisco.dcnm.dcnm_vrf:
fabric: "{{ fabric_settings.FABRIC_NAME }}"
state: replaced
config: "{{ vrf_config }}"
# --------------------------------------------------------------------
# Manage Network Configuration on NDFC
# --------------------------------------------------------------------
- name: Manage NDFC Fabric Networks
cisco.dcnm.dcnm_network:
fabric: "{{ fabric_settings.FABRIC_NAME }}"
state: replaced
config: "{{ net_config }}"
EOF
build_fabric.yml Ansible PlaybookNavigate back to your build_fabric.yml file by using the VSCode code command:
code-server -r ~/workspace/ndfclab/ansible/build_fabric.yml
manage_overlay role under the roles: section of the playbook
Your build_fabric.yml file should already be populated from the previous section. With the file open, you only need to add the highlighted line, which should be line number 13
in your file. You can do this by highlighting the text in the lab guide and copying then pasting in your file or typing the line in your file. After one of those actions, press the
return key such that there is a new line after where you entered - manage_overlay.
- manage_interfaces
---
# This is the top level build playbook that runs the various
# Ansible roles that will be used to build out the fabric
- name: Build VXLAN EVPN Fabric on NDFC
hosts: ndfc
gather_facts: false
roles:
- create_fabric
- add_inventory
- setup_vpc
- manage_interfaces
- manage_overlay # Add This Line Under The manage_interfaces role from the previous section
After successfully populating the file above, save the file using Ctrl+s on the Windows keyboard or by clicking File then Save.
Be sure to save your file! Not saving will result in your code not executing.
Make sure you are in the root Ansible directory
cd ~/workspace/ndfclab/ansible
From the root ansible project directory execute the following command.
ansible-playbook -i hosts.stage.yml build_fabric.yml --tags mo_vrfs_nets
Upon a successful run of the playbook your output should look as follows:
[WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/create_fabric/tasks/manage_external_fabric.yml is empty and had no tasks to include
[WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/add_inventory/tasks/add_fabric_devices_poap.yml is empty and had no tasks to include
[WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/add_inventory/tasks/add_fabric_external_devices.yml is empty and had no tasks to include
[WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/manage_interfaces/tasks/loopback_interfaces.yml is empty and had no tasks to include
[WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/manage_overlay/tasks/resync_fabric.yml is empty and had no tasks to include
[WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/manage_overlay/tasks/add_vrf_lite_vrfs.yml is empty and had no tasks to include
[WARNING]: file /home/cisco/Documents/ndfclab/ansible/roles/manage_overlay/tasks/add_policies.yml is empty and had no tasks to include
PLAY [Build VXLAN EVPN Fabric on NDFC] ********************************************************************************************************************************************************************
TASK [manage_overlay : ansible.builtin.debug] *************************************************************************************************************************************************************
ok: [10.15.0.98] => {
"msg": [
"----------------------------------------------------------------",
"+ Calling Role - [manage_overlay] +",
"----------------------------------------------------------------"
]
}
TASK [manage_overlay : Create file to hold rendered VRF information] **************************************************************************************************************************************
changed: [10.15.0.98]
TASK [manage_overlay : Create and store generated VRF configuration] **************************************************************************************************************************************
ok: [10.15.0.98]
TASK [manage_overlay : Create file to hold rendered Network information] **********************************************************************************************************************************
changed: [10.15.0.98]
TASK [manage_overlay : Create and store generated Network configuration] **********************************************************************************************************************************
ok: [10.15.0.98]
TASK [manage_overlay : Manage NDFC Fabric VRFs] ***********************************************************************************************************************************************************
changed: [10.15.0.98]
TASK [manage_overlay : Manage NDFC Fabric Networks] *******************************************************************************************************************************************************
changed: [10.15.0.98]
PLAY RECAP ************************************************************************************************************************************************************************************************
10.15.0.98 : ok=7 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Return to your NDFC browser where you should be sitting on the Interfaces tab
Verify you see the VRF AnsibleVRF that was created by your Ansible playbook.
Like previous sections, when reviewing the VRFs tab, it is expected to see VRFs in the Pending status since a deployment has not taken place yet.
Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in NDFC.
Verify you see the Networks AnsibleNet1 and AnsibleNet2 that was created by your Ansible playbook.
Like previous sections, when reviewing the Networks tab, it is expected to see VRFs in the Pending status since a deployment has not taken place yet.
Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in NDFC.
On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.
Continue to the next section to populate the deploy role with the necessary tasks to deploy all of your configuration to your staging fabric.