API tools faq
paste
Guest User

Untitled

a guest
Oct 24th, 2017
115
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.67 KB | None | 0 0
raw download clone embed print report
  1. ---
  2. # Playbook for creating access vlans on fabric leaf switches
  3. - name: NXOS fabric
  4. hosts: n9k:&leaf_fabric
  5. pre_tasks:
  6. - name: check vault - fail if not unlocked
  7. debug: msg="{{ lookup('hashi_vault', 'secret=secret/unlock') }}"
  8. gather_facts: false
  9.  
  10. vars:
  11. cli:
  12. username: admin
  13. password: "{{ lookup('hashi_vault', 'secret=secret/switches/admin') }}"
  14. host: "{{ inventory_hostname }}"
  15. transport: cli
  16. ansible_connection: local
  17.  
  18. tasks:
  19. - name: Ensure VRFs are present
  20. nxos_vrf:
  21. provider: "{{ cli }}"
  22. state: present
  23. vrf: "{{ item }}"
  24. with_items:
  25. "{{ vrf_list }}"
  26.  
  27. #########################################
  28. # later 2 vlans and interfaces should exist
  29. - name: Ensure all vlans are present
  30. nxos_vlan:
  31. provider: "{{ cli }}"
  32. vlan_id: "{{ item.vlan_id }}"
  33. state: present
  34. with_items:
  35. - "{{ vlan_list }}"
  36.  
  37. - name: Ensure all vlan interfaces are present
  38. nxos_interface:
  39. provider: "{{ cli }}"
  40. interface: "{{ item.interface }}"
  41. admin_state: up
  42. #this seems to be changed always when setting a descr on a vlan interface
  43. #description: "{{ item.description|default('') }}"
  44. with_items:
  45. - "{{ vlan_list }}"
  46. when: item.interface is defined
  47.  
  48. - name: Ensure all layer 2 interfaces are up
  49. nxos_interface:
  50. provider: "{{ cli }}"
  51. interface: "{{ item.interface }}"
  52. description: "{{ item.description|default('') }}"
  53. mode: layer2
  54. admin_state: up
  55. with_items:
  56. - "{{ access_port_list }}"
  57. - "{{ trunk_port_list }}"
  58. - "{{ portchannel_list }}"
  59.  
  60. #########################################
  61. # set up vlan interfaces
  62. - name: Ensure SVI are in the correct VRF
  63. nxos_vrf_interface:
  64. provider: "{{ cli }}"
  65. vrf: "{{ item.vrf }}"
  66. interface: "{{ item.interface }}"
  67. with_items:
  68. - "{{ vlan_list }}"
  69. when: item.interface is defined
  70.  
  71. - name: Set ip addresses on SVI
  72. nxos_ip_interface:
  73. provider: "{{ cli }}"
  74. interface: "{{ item.interface }}"
  75. addr: "{{ item.address | ipaddr('address') }}"
  76. mask: "{{ item.address | ipaddr('prefix') }}"
  77. with_items:
  78. - "{{ vlan_list }}"
  79. when: item.interface is defined
  80.  
  81. #########################################
  82. # Set up access ports and trunks
  83. - name: Set access port vlan
  84. nxos_switchport:
  85. provider: "{{ cli }}"
  86. interface: "{{ item.interface }}"
  87. mode: access
  88. access_vlan: "{{ item.vlan }}"
  89. with_items:
  90. - "{{ access_port_list }}"
  91. when: item.vlan is defined
  92.  
  93. - name: Set allowed vlans on trunk ports
  94. nxos_switchport:
  95. provider: "{{ cli }}"
  96. interface: "{{ item.interface }}"
  97. mode: trunk
  98. trunk_allowed_vlans: "{{ item.vlan_allowed }}"
  99. native_vlan: "{{ item.native_vlan }}"
  100. with_items:
  101. - "{{ trunk_port_list }}"
  102. when: item.vlan_allowed is defined
  103.  
  104. #########################################
  105. # Set up portchannels
  106. - name: Enable LACP when portchannels exist
  107. nxos_feature:
  108. provider: "{{ cli }}"
  109. state: enabled
  110. feature: lacp
  111. when: portchannel_list
  112.  
  113. - name: Add members to portchannels
  114. nxos_portchannel:
  115. provider: "{{ cli }}"
  116. members: "{{ item.members }}"
  117. group: "{{ item.channel_group }}"
  118. mode: active
  119. force: true
  120. with_items:
  121. - "{{ portchannel_list }}"
  122.  
  123. - name: Set allowed vlans on portchannels
  124. nxos_switchport:
  125. provider: "{{ cli }}"
  126. interface: "{{ item.interface }}"
  127. mode: trunk
  128. trunk_allowed_vlans: "{{ item.vlan_allowed }}"
  129. native_vlan: "{{ item.native_vlan }}"
  130. with_items:
  131. - "{{ portchannel_list }}"
  132. when: item.vlan_allowed is defined
  133.  
  134. #########################################
  135. # spanning tree - port type
  136. - name: Ensure all ports are STP edge ports unless overridden
  137. nxos_config:
  138. provider: "{{ cli }}"
  139. parents: "interface {{ item.interface }}"
  140. lines: "{{ 'spanning-tree port type ' + item.stp_port_type|default('edge') }}"
  141. with_items:
  142. - "{{ trunk_port_list }}"
  143. - "{{ access_port_list }}"
  144. - "{{ portchannel_list }}"
  145.  
  146. #########################################
  147. # arbitrary extra config lines
  148. - name: Ensure any extra config options are applied to interfaces
  149. nxos_config:
  150. provider: "{{ cli }}"
  151. lines: "{{ item.extra_lines }}"
  152. parents: interface {{ item.interface }}
  153. with_items:
  154. - "{{ trunk_port_list }}"
  155. - "{{ access_port_list }}"
  156. - "{{ portchannel_list }}"
  157. - "{{ vlan_list }}"
  158. when: item.extra_lines is defined and item.interface is defined
  159. tags: extra_lines
  160.  
  161. #########################################
  162. # vrrpv3
  163.  
  164. # FIXME - this will check for each vlan, rather than just do it once
  165. - name: Enable vrrpv3 feature when a vlan uses it
  166. nxos_feature:
  167. provider: "{{ cli }}"
  168. state: enabled
  169. feature: vrrpv3
  170. when: item.vrrpv3 is defined
  171. with_items:
  172. - "{{ vlan_list }}"
  173. tags: vrrpv3
  174.  
  175. - name: Ensure vrrpv3 is applied for vlans that need it
  176. nxos_config:
  177. provider: "{{ cli }}"
  178. parents: "interface {{ item.interface }}"
  179. lines:
  180. - "vrrpv3 {{ item.vrrpv3.group_id|string + ' address-family ' + item.vrrpv3.address_family }}"
  181. when: item.vrrpv3 is defined
  182. with_items:
  183. - "{{ vlan_list }}"
  184. tags: vrrpv3
  185.  
  186. - name: Ensure vrrpv3 options are applied
  187. nxos_config:
  188. provider: "{{ cli }}"
  189. parents:
  190. - "interface {{ item.interface }}"
  191. - "vrrpv3 {{ item.vrrpv3.group_id|string + ' address-family ' + item.vrrpv3.address_family }}"
  192. lines:
  193. - "description {{ item.vrrpv3.description }}"
  194. - "address {{ item.vrrpv3.address }} primary"
  195. - "priority {{ item.vrrpv3.priority }}" #priority 100 is default, and doesnt show in the running config
  196. when: item.vrrpv3 is defined
  197. with_items:
  198. - "{{ vlan_list }}"
  199. tags: vrrpv3
  200.  
  201. #########################################
  202. # clobber vlan 1
  203. - name: Ensure vlan 1 is down
  204. nxos_interface:
  205. provider: "{{ cli }}"
  206. interface: Vlan1
  207. admin_state: down
  208. description: 'Vlan1 is not used'
  209.  
  210. #########################################
  211. # clobber vlan 999
  212. - name: Ensure vlan 999 is down
  213. nxos_interface:
  214. provider: "{{ cli }}"
  215. interface: Vlan999
  216. admin_state: down
  217. description: 'Vlan999 should blackhole native vlans'
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!