DO457 - ch03s11

It is important to label interfaces appropriately. This is an opportunity to see how playbooks make use of variables that are set at an appropriate level. In this Lab, interface descriptions are provided by way of group variables. Layer 3 addresses will be mapped to interfaces later.

The interface descriptions used in this lab exercise are based on the following Layer 2 diagram:

Table 3.1. Interface Descriptions for Spine Devices

Interface name	Description
eth0	management
eth1	leaf01
eth2	leaf02
eth3	peer-link1
eth4	peer-link2
eth5	cloud-services

Table 3.2. Interface Descriptions for Leaf Devices

Interface name	Description
eth0	management
eth1	server01
eth2	server02
eth3	peer-link1
eth4	peer-link2
eth5	spine01
eth5	spine02

In this lab you will write a play that uses roles to apply different sets of interface descriptions to different classes of devices.

Outcomes

You should be able to:

Define interface data using variables.
Create a playbook with plays that set interface descriptions for two host groups.
- One play must use the spine_interfaces variable to set interface descriptions for the spines group.
- The other play must use the leaf_interfaces variable to set interface descriptions for the leafs group.
Convert each play into a role.
Create a playbook that uses the new roles.
Verify that the roles work as desired.

Open a terminal window on the workstation VM and change to your ~/proj/ directory.

Procedure 3.6. Instructions

Define interface data using variables. Define interface data for spine and leaf devices using group variables named spine_interfaces and leaf_interfaces that map interfaces by name to descriptions.

To save typing, the files can be downloaded using wget. Download the spines and leafs group variable files:

[student@workstation proj]$ cd group_vars
[student@workstation group_vars]$ wget \
> http://materials.example.com/content/ch3/lab3/group_vars/spines
[student@workstation group_vars]$ wget \
> http://materials.example.com/content/ch3/lab3/group_vars/leafs
[student@workstation group_vars]$ cd ..

[student@workstation proj]$ cat group_vars/spines
spine_interfaces:
- { name: eth0, description: mgmt }
- { name: eth1, description: leaf01 }
- { name: eth2, description: leaf02 }
- { name: eth3, description: peer-link1 }
- { name: eth4, description: peer-link2 }
- { name: eth5, description: cloud-services }

[student@workstation proj]$ cat group_vars/leafs
leaf_interfaces:
- { name: eth0, description: mgmt }
- { name: eth1, description: server01 }
- { name: eth2, description: server02 }
- { name: eth3, description: peer-link1 }
- { name: eth4, description: peer-link2 }
- { name: eth5, description: spine01 }
- { name: eth6, description: spine02 }

Create a playbook named spine-leaf-ifdescr.yml with plays that set interface descriptions for two host groups.

A play that uses the spine_interface variable to set interface descriptions for the spines group.
A play that uses the leaf_interface variable to set interface descriptions for the leafs group.

[student@workstation proj]$ cat spine-leaf-ifdescr.yml
---
- name: set interface descriptions for spine devices
  hosts: spines
  # interface description data is in group variables file

  tasks:

  - name: set interface description
    vyos_interface:
      aggregate: "{{ spine_interfaces }}"

- name: set interface descriptions for leaf devices
  hosts: leafs
  gather_facts: no
  # interface description data is in group variables file

  tasks:

  - name: set interface description
    vyos_interface:
      aggregate: "{{ leaf_interfaces }}"

The spine and leaf devices use the same authentication credentials, so you could optionally model this using a when statement.

[student@workstation proj]$ cat spine-leaf-ifdescr2.yml
---
- name: set interface descriptions for spine and leaf devices
  hosts: vyos
  # interface description data is in group variables file

  tasks:

  - name: set interface description
    vyos_interface:
      aggregate: "{{ spine_interfaces }}"
    when: inventory_hostname in groups['spines']

  - name: set interface description
    vyos_interface:
      aggregate: "{{ leaf_interfaces }}"
    when: inventory_hostname in groups['leafs']

Check the plays in the playbook to determine if they do what they are intended to do.

[student@workstation proj]$ ansible-playbook --syntax-check spine-leaf-ifdescr.yml
...output omitted...
[student@workstation proj]$ ansible-playbook --check spine-leaf-ifdescr.yml
SSH password: vyos
...output omitted...
[student@workstation proj]$ ansible-playbook --syntax-check spine-leaf-ifdescr2.yml
...output omitted...
[student@workstation proj]$ ansible-playbook --check spine-leaf-ifdescr2.yml
SSH password: vyos
...output omitted...

Convert the plays into roles named vyos-spine and vyos-leaf.

Create appropriate directory structures.
Create the ~/proj/roles/ directory if it does not already exist:
[student@workstation proj]$ mkdir -p roles
Create vyos-spine and vyos-leaf role directory structures in the ~/proj/roles/ directory using ansible-galaxy:
[student@workstation proj]$ ansible-galaxy init roles/vyos-spine [student@workstation proj]$ ansible-galaxy init roles/vyos-leaf

Describe the new roles and take credit for them by populating their meta/main.yml files.

Preserve the original meta/main.yml files:

[student@workstation proj]$ mv roles/vyos-spine/meta/main.yml \
>  roles/vyos-spine/meta/main.yml.orig
[student@workstation proj]$ mv roles/vyos-leaf/meta/main.yml \
>  roles/vyos-leaf/meta/main.yml.orig

Create new meta/main.yml files that describe the roles:

[student@workstation proj]$ $ cat roles/vyos-spine/meta/main.yml
---
galaxy_info:
  author: DO457 Student
  description: Interface descriptions for example.com VyOS spines
  company: Example, Ltd.
  license: ASL 2.0
  min_ansible_version: 2.5
  galaxy_tags:
    - acme
    - network
    - interface
dependencies: []

[student@workstation proj]$ $ cat roles/vyos-leaf/meta/main.yml
---
galaxy_info:
  author: DO457 Student
  description: Interface descriptions for example.com VyOS leafs
  company: Example, Ltd.
  license: ASL 2.0
  min_ansible_version: 2.5
  galaxy_tags:
    - acme
    - network
    - interface
dependencies: []

Reproduce the play tasks as corresponding role tasks.

Populate the roles/vyos-spine/tasks/main.yml file with tasks from the corresponding play:

[student@workstation proj]$ cat roles/vyos-spine/tasks/main.yml
---
# tasks file for vyos-spine
- name: set interface description
  vyos_interface:
    aggregate: "{{ spine_interfaces }}"

Populate the roles/vyos-leaf/tasks/main.yml file with tasks from the corresponding play:

[student@workstation proj]$ cat roles/vyos-leaf/tasks/main.yml
---
# tasks file for vyos-leaf
- name: set interface description
  vyos_interface:
    aggregate: "{{ leaf_interfaces }}"

Create a playbook named spine-leaf-roles.yml that uses the new roles. It should contains two plays:

A play that maps the vyos-spine role to spines.
A play that maps the vyos-leaf role to leafs.

[student@workstation proj]$ cat spine-leaf-roles.yml
---
- name: Map roles to spines and leafs
  hosts: vyos

  tasks:

  - name: apply vyos-spine role to spines
    include_role:
      name: vyos-spine
    when: inventory_hostname in groups['spines']

  - name: apply vyos-leaf role to leafs
    include_role:
      name: vyos-leaf
    when: inventory_hostname in groups['leafs']

Verify that the roles work as desired.

Execute ansible-playbook with the new playbook to perform the new role-based plays.

[student@workstation proj]$ ansible-playbook spine-leaf-roles.yml
SSH password: vyos
...output omitted...

Execute ad hoc commands to verify that all went as expected.

[student@workstation proj]$ ansible -m vyos_command -a "commands='sh int'" vyos
SSH password: vyos
...output omitted...

This concludes the lab.

Discuss Red Hat Ansible for Network Automation

Go to community

Welcome to the Red Hat Ansible for Network Automation (DO457) group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Ansible for Network Automation! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO457.Read more about Red Hat Ansible for Network Automation here.

3120

Revision: do457-2.5-4693601