• Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • staging-spine1: 10.15.6.11
  • staging-leaf1: 10.15.6.12
  • staging-leaf2: 10.15.6.13
  • staging-leaf3: 10.15.6.14
  • staging-ext-rtr: 10.15.6.15
  • prod-spine1: 10.15.6.18
  • prod-leaf1: 10.15.6.19
  • prod-leaf2: 10.15.6.20
  • prod-leaf3: 10.15.6.21
  • prod-ext-rtr: 10.15.6.22
  • GitLab
  • USER: pod06
  • PASS: c1sco.123
  • Gitlab
  • Test VM Login
  • USER: cisco
  • PASS: cisco.123
  • staging-server1: 10.15.6.16
  • staging-server2: 10.15.6.17
  • prod-server1: 10.15.6.23
  • prod-server2: 10.15.6.24
  • Code-Server
  • Code-Server
  • Serials
  • Get Serial Numbers
Tests
Pipeline

When managing your network with NaC/IaC, adding good test cases is critical. Your test code should be equal to or better than the production code. The main objective is to validate the code and configuration on a staging environment before deploying it to the production environment. This validation can reduce the chance of an outage drastically.

In this lab, we will use Ansible validation playbooks for the following:

  • Verify that all VRFs are deployed and in the correct state
  • Verify that all Networks are deployed and in the correct state

Note

The validation we do as part of this lab is just a simple example. The validation needed in a real staging and production environment should include as many tests as required in order to ensure that what you are deploying to the production environment will not break your system.


Step 1 - Create Validate Playbook Used in the Lint Stage (Pre-Validation)


touch ~/workspace/ndfclab/nac/validate.yml
cat << EOF > ~/workspace/ndfclab/nac/validate.yml
---

- name: Validate Playbook
  hosts: ndfc
  any_errors_fatal: true
  gather_facts: false

  roles:
    - role: cisco.nac_dc_vxlan.validate
EOF

Step 2 - Create Test Playbook Used in the Test Stage (Post-Deployment)


touch ~/workspace/ndfclab/nac/test.yml
cat << EOF > ~/workspace/ndfclab/nac/test.yml
---

- name: Test Playbook
  hosts: fabric-stage, fabric-prod
  any_errors_fatal: true
  gather_facts: false

  roles:
    - role: cisco.nac_dc_vxlan.validate

  tasks:
    - name: Validate | Check if All VRFs are Deployed
      block:
        - name: Validate | Query all VRFs from {{ MD.vxlan.fabric.name }}
          cisco.dcnm.dcnm_rest:
            method: GET
            path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/top-down/fabrics/{{ MD.vxlan.fabric.name }}/vrfs"
          register: result
        - name: Validate | Check if status is DEPLOYED
          ansible.builtin.assert:
            that:
              - item.vrfStatus != "OUT-OF-SYNC"
            quiet: true
          loop: "{{ result.response.DATA }}"

    - name: Validate | Check if All Networks are Deployed
      block:
        - name: Validate | Query All Networks from {{ MD.vxlan.fabric.name }}
          cisco.dcnm.dcnm_rest:
            method: GET
            path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/top-down/fabrics/{{ MD.vxlan.fabric.name }}/networks"
          register: result
        - name: Validate | Check if Status is DEPLOYED
          ansible.builtin.assert:
            that:
              - item.networkStatus != "OUT-OF-SYNC"
            quiet: true
          loop: "{{ result.response.DATA }}"
EOF

Continue to the next section to learn how to trigger the CI/CD pipeline using the code/configuration changes developed in your staging environment to your prod environment.