diff --git a/.ansible-lint b/.ansible-lint index 6b90829..6f36609 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -26,6 +26,9 @@ mock_modules: - cisco.catalystwan.cli_templates - cisco.catalystwan.device_templates - cisco.catalystwan.devices_info + - cisco.catalystwan.feature_templates + - cisco.catalystwan.device_templates_info + - cisco.catalystwan.feature_templates_info # - zuul_return # # note the foo.bar is invalid as being neither a module or a collection # - fake_namespace.fake_collection.fake_module diff --git a/.gitignore b/.gitignore index 763bd1d..527f862 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ .vscode +ansible_catalystwan_module.log +ansible_catalystwan.log ansible.log poetry.lock run @@ -6,12 +8,8 @@ playbooks/shared/ playbooks/results/ playbooks/aws/results/ playbooks/azure/results/ -playbooks/ansible_catalystwan.log -playbooks/aws/ansible_catalystwan.log -playbooks/azure/ansible_catalystwan.log -playbooks/ansible_catalystwan_module.log -playbooks/azure/ansible_catalystwan_module.log -playbooks/aws/ansible_catalystwan_module.log vault-password.txt playbooks/catalystwan.log playbooks/sdwan_config_dev.yml +playbooks/templates_examples/output_backup_device_configuration +playbooks/templates_examples/output_backup_running_config diff --git a/playbooks/backup_restore/restore_running_config.yml b/playbooks/backup_restore/restore_running_config.yml index 5257be5..4498147 100644 --- a/playbooks/backup_restore/restore_running_config.yml +++ b/playbooks/backup_restore/restore_running_config.yml @@ -6,8 +6,6 @@ - name: Testing playbook to verify backup & restore operations hosts: localhost gather_facts: false - vars_files: - - configuration_file_dev_vars.yml vars: manager_authentication: &manager_authentication url: # your manager url diff --git a/playbooks/templates_examples/backup_workflow.yml b/playbooks/templates_examples/backup_workflow.yml new file mode 100644 index 0000000..c2db861 --- /dev/null +++ b/playbooks/templates_examples/backup_workflow.yml @@ -0,0 +1,75 @@ +# --- Backup device configuration workflow --- # + +# Scenario includes following operations: + +# Backup device configuration (device/feature templates and policies) +# Removal all Non-Default templates +# Restore all templates from backup directory + +--- + +- name: Backup device configuration workflow + hosts: localhost + gather_facts: false + vars_files: + - configuration_file.yml + vars: + manager_authentication: &manager_authentication + url: "{{ (vmanage_instances | first).mgmt_public_ip }}" + username: "{{ (vmanage_instances | first).admin_username }}" + password: "{{ (vmanage_instances | first).admin_password }}" + tasks: + - name: Perform backup of all non factory default Device Templates (no filters == backup non factory default) + cisco.catalystwan.device_templates_recovery: + mode: backup + backup_dir_path: ./output_backup_device_configuration + manager_credentials: + <<: *manager_authentication + + - name: Get all Device Templates that are not attached to any device and are Feature based + cisco.catalystwan.device_templates_info: + filters: + devices_attached: 0 + factory_default: false + config_type: template + manager_credentials: + <<: *manager_authentication + register: device_templates + + - name: Delete selected Device Templates from vManage + cisco.catalystwan.device_templates: + state: absent + template_name: "{{ device_template.name }}" + manager_credentials: + <<: *manager_authentication + loop: "{{ device_templates.templates_info | default([], True) }}" + loop_control: + loop_var: device_template + when: device_templates.templates_info | length > 0 + + - name: Get all Non-Default Feature Templates available + cisco.catalystwan.feature_templates_info: + filters: + factory_default: false + devices_attached: 0 + manager_credentials: + <<: *manager_authentication + register: feature_templates + + - name: Delete all Non-Default Feature templates + cisco.catalystwan.feature_templates: + state: absent + template_name: "{{ template.name }}" + manager_credentials: + <<: *manager_authentication + loop: "{{ feature_templates.templates_info | default([], true) }}" + loop_control: + loop_var: template + label: "template: {{ template.name }}" + + - name: Restore configuration from provided backup directory + cisco.catalystwan.device_templates_recovery: + mode: restore + backup_dir_path: ./output_backup_device_configuration + manager_credentials: + <<: *manager_authentication diff --git a/playbooks/templates_examples/configuration_file.yml b/playbooks/templates_examples/configuration_file.yml new file mode 100644 index 0000000..ab5e18d --- /dev/null +++ b/playbooks/templates_examples/configuration_file.yml @@ -0,0 +1,11 @@ +--- + +vmanage_instances: + - admin_password: # password + admin_username: # user + mgmt_public_ip: # mgmt_public_ip + +template_data: + admin_password: # admin_password + admin_username: # admin_username + vsmart_hostname: # vsmart_hostname diff --git a/playbooks/templates_examples/creation_workflow.yml b/playbooks/templates_examples/creation_workflow.yml new file mode 100644 index 0000000..bc31381 --- /dev/null +++ b/playbooks/templates_examples/creation_workflow.yml @@ -0,0 +1,180 @@ +# --- Templates creation and attachment - created from Feature Templates --- # + +# Scenario includes following operations: + +# Create Following templates for vSmart devices: +# - AAA +# - System +# - VPN - VPN 0 +# - VPN - VPN 512 +# - VPN Interface - VPN 0 +# - VPN Interface - VPN 512 +# Create Device Template for vSmart +# Attach Device Template for vSmart + + +- name: Workflow for Templates creation and attachment - created from Feature Templates + hosts: localhost + gather_facts: false + vars_files: + - configuration_file.yml + vars: + manager_authentication: &manager_authentication + url: "{{ (vmanage_instances | first).mgmt_public_ip }}" + username: "{{ (vmanage_instances | first).admin_username }}" + password: "{{ (vmanage_instances | first).admin_password }}" + tasks: + - name: Create AAA Template for vSmart devices + cisco.catalystwan.feature_templates: + state: present + template_name: "AAA_for_vSmart" + template_description: "AAA Template" + device_models: vsmart + aaa: + auth_fallback: false + admin_auth_order: false + accounting: false + usergroup: + - name: basic + task: + - mode: system + permission: + - read + - mode: interface + permission: + - read + - name: netadmin + task: [] + - name: operator + task: + - mode: system + permission: + - read + - mode: interface + permission: + - read + - mode: policy + permission: + - read + - mode: routing + permission: + - read + - mode: security + permission: + - read + user: + - name: "{{ template_data.admin_username }}" + password: "{{ template_data.admin_password }}" + manager_credentials: + <<: *manager_authentication + + - name: Create System Template for vSmart devices + cisco.catalystwan.feature_templates: + state: present + template_name: "System_for_vSmart" + template_description: "System Template" + device_specific_variables: + site_id: "side_id_variable" + device_models: vsmart + system_vsmart: + site_id: device_specific_variable + manager_credentials: + <<: *manager_authentication + + - name: Create VPN template for vSmart devices - VPN 0 + cisco.catalystwan.feature_templates: + state: present + template_name: "VPN_0_for_vSmart" + template_description: "VPN_0 Template" + device_models: vsmart + vpn_vsmart: + vpn_id: 0 + manager_credentials: + <<: *manager_authentication + + - name: Create VPN template for vSmart devices - VPN 512 + cisco.catalystwan.feature_templates: + state: present + template_name: "VPN_512_for_vSmart" + template_description: "VPN_512 Template" + device_models: vsmart + vpn_vsmart: + vpn_id: 512 + manager_credentials: + <<: *manager_authentication + + - name: Create VPN Interface template for vSmart devices - VPN 0 + cisco.catalystwan.feature_templates: + state: present + template_name: "VPN_0_Interface_for_vSmart" + template_description: "VPN_0 Interface Template" + device_models: vsmart + vpn_vsmart_interface: + if_name: eth1 + shutdown: false + dhcp_ipv4_client: true + dhcp: true + dns: true + icmp: true + sshd: true + netconf: true + ntp: false + stun: false + manager_credentials: + <<: *manager_authentication + + - name: Create VPN Interface template for vSmart devices - VPN 512 + cisco.catalystwan.feature_templates: + state: present + template_name: "VPN_512_Interface_for_vSmart" + template_description: "VPN_512 Interface Template" + device_models: vsmart + vpn_vsmart_interface: + if_name: eth0 + shutdown: false + dhcp_ipv4_client: true + manager_credentials: + <<: *manager_authentication + + - name: Create example Device Template for vSmart + cisco.catalystwan.device_templates: + state: present + template_name: "vSmart-test-device-template" + template_description: "vSmart-test-device-template" + device_type: vsmart + general_templates: + - name: "System_for_vSmart" + subtemplates: + - "Factory_Default_Logging_Template_V01" + - name: "AAA_for_vSmart" + - name: "Factory_Default_vSmart_OMP_Template" + - name: "Factory_Default_vSmart_vManage_Security_Template" + - name: "VPN_0_for_vSmart" + subtemplates: + - "VPN_0_Interface_for_vSmart" + - name: "VPN_512_for_vSmart" + subtemplates: + - "VPN_512_Interface_for_vSmart" + manager_credentials: + <<: *manager_authentication + + - name: Attach example Device Template to vSmart + cisco.catalystwan.device_templates: + state: attached + template_name: "vSmart-test-device-template" + device_type: vsmart + hostname: "{{ template_data.vsmart_hostname }}" + device_specific_vars: + - "//system/site-id": "333" + - "//system/host-name": "{{ template_data.vsmart_hostname }}" + - "//system/system-ip": "192.168.2.1" + - "//system/ipv6-strict-control": false + manager_credentials: + <<: *manager_authentication + + - name: Detach example Device Template from vSmart + cisco.catalystwan.device_templates: + state: detached + hostname: "{{ template_data.vsmart_hostname }}" + manager_credentials: + <<: *manager_authentication diff --git a/playbooks/templates_examples/running_config_workflow.yml b/playbooks/templates_examples/running_config_workflow.yml new file mode 100644 index 0000000..99c1d9a --- /dev/null +++ b/playbooks/templates_examples/running_config_workflow.yml @@ -0,0 +1,56 @@ +# --- Running config for cEdge devices workflow --- # + +# Scenario includes following operations: + +# Backup running config to CWD directory +# Reuse running configuration to create templates +# Attach backup templates + +--- + +- name: Running config workflow + hosts: localhost + gather_facts: false + vars_files: + - configuration_file.yml + vars: + manager_authentication: &manager_authentication + url: "{{ (vmanage_instances | first).mgmt_public_ip }}" + username: "{{ (vmanage_instances | first).admin_username }}" + password: "{{ (vmanage_instances | first).admin_password }}" + tasks: + - name: Backup running-config for all c8000V devices with default backup dir (in CWD) + cisco.catalystwan.devices_info: + backup: true + backup_dir_path: ./output_backup_running_config + filters: + personality: "vedge" + manager_credentials: + <<: *manager_authentication + register: backup_info + + - name: Using backup files, create CLI templates for each Edge device + cisco.catalystwan.cli_templates: + state: present + template_name: "backup-template-{{ device_item.filename }}" + template_description: "Template for {{ device_item.hostname }} created from backup file." + config_file: "{{ device_item.backup_path }}" + device_model: vedge-C8000V + manager_credentials: + <<: *manager_authentication + loop: "{{ backup_info.backup_paths }}" + loop_control: + loop_var: device_item + when: backup_info.backup_paths | length > 0 + + - name: Attach backup templates to the Edge devices + cisco.catalystwan.device_templates: + state: attached + template_name: "backup-template-{{ device_item.filename }}" + hostname: "{{ device_item.hostname }}" + manager_credentials: + <<: *manager_authentication + loop: "{{ backup_info.backup_paths }}" + loop_control: + loop_var: device_item + when: backup_info.backup_paths | length > 0