In this final section for Ansible you are going to use your newly built pipeline to add two new Networks. This demonstrates how easy it is to make changes to your Network stored in GitLab as code and validate those changes against your staging fabric before pushing the changes to your production fabric.
Since you have a central variable file for all of your VRFs and Networks, all you need to do is modify the file to add the new data. Normally you would open this file and add the new Networks but to make it easy we are going to replace the file you created ealier with the new Networks added in.
overlay.yml
for Committing to the GitLab Repo
The following file is staged for commit. Make sure your list matches the output below!
On branch stage Your branch is up to date with 'origin/stage'. Changes to be committed: (use "git restore --staged <file>..." to unstage) modified: host_vars/fabric-prod/networks.nac.yml modified: host_vars/fabric-stage/networks.nac.yml
[stage b78ca4e] Add new Networks in Overlay 2 files changed, 15 insertions(+)
stage
BranchEnumerating objects: 64, done. Counting objects: 100% (64/64), done. Delta compression using up to 8 threads Compressing objects: 100% (62/62), done. Writing objects: 100% (64/64), 9.62 KiB | 615.00 KiB/s, done. Total 64 (delta 24), reused 0 (delta 0), pack-reused 0 remote: remote: To create a merge request for stage, visit: remote: http://10.15.0.159/Pod01_2025_01/LTRDCN-3439/-/merge_requests/new?merge_request%5Bsource_branch%5D=stage remote: To 10.15.0.159:Pod01_2025_01/LTRDCN-3439.git * [new branch] stage -> stage Branch 'stage' set up to track remote branch 'stage' from 'origin'.
As soon as the code was committed to the stage branch, Ansible Lint validation was triggered. Return to your GitLab and navigate to Pipelines:
From the detailed logs of the nac_validate
job, you can see the following error:
Semantic error, rule 401: Cross Reference VRFs and Networks items in the Service Model (['Network (NaC-Net03) is referencing VRF (NaC-VRF02) which is not defined in the service model. Add the VRF to the service model or remove the network from the service model and re-run the playbook.'])
This means that the NaC-Net03
Network is referencing a VRF that does not exist in the service model. To fix this, we need to comment out the vrf_name: NaC-VRF02
and replace it with vrf_name: NaC-VRF01
in the networks.nac.yml
file.
stage 33f123a] Fix semantic error in new Network 1 file changed, 2 insertions(+), 2 deletions(-)
stage
BranchEnumerating objects: 9, done. Counting objects: 100% (9/9), done. Delta compression using up to 8 threads Compressing objects: 100% (5/5), done. Writing objects: 100% (5/5), 430 bytes | 430.00 KiB/s, done. Total 5 (delta 4), reused 0 (delta 0), pack-reused 0 remote: remote: To create a merge request for stage, visit: remote: http://10.15.0.159/Pod01_2025_01/LTRDCN-3439/-/merge_requests/new?merge_request%5Bsource_branch%5D=stage remote: To 10.15.0.159:Pod01_2025_01/LTRDCN-3439.git b78ca4e..33f123a stage -> stage Branch 'stage' set up to track remote branch 'stage' from 'origin'.
As soon as the code was committed to the stage branch, Ansible Lint validation was triggered. Return to your GitLab and navigate to Pipelines:
Now you need to create a merge request to verify/test the new Networks configuration against the NDFC staging environment fabric.
Wait until your pipeline completes against staging. In the mean time, feel free to checkout what is going on in your NDFC instance by following the next step.
Staging
FabricIn your browser, navigate back to your NDFC instance.
You may need to wait for the pipeline for some of the Networks to show up in the NDFC GUI.
When your pipeline is done, open the merge request page:
Related merge request !# to merge stage
(The link is !2 in the screenshot below)To open the merge request page:
Wait until the pipeline is finished:
You have now modifed your Fabric by updating your source code and then using the CI and CD pipelines to deploy the changes!
Wait until the pipeline is finished:
Production
FabricIn your browser, return to NDFC and navigate to your prod-fabric:
This time open the fabric page and check fabric-prod, NOT fabric-stage. Remember the CD pipeline pushes changes to the production fabric and you may need to wait to see the new Networks as the pipeline runs.
Thank you for attending Cisco Live 2025!!