search

netascode / ansible-dc-vxlan

Ansible Collection for configuring a VXLAN Fabric using Direct to Controller (DTC) or Direct To Device (DTD) workflows.
https://galaxy.ansible.com/ui/repo/published/cisco/nac_dc_vxlan/
MIT License
7 stars 9 forks source link

Full data profile - Inventory #95

Closed devegupt closed 5 months ago

juburnet commented 5 months ago

Make sure all combinations of the ndfc_inventory are tested:

ndfc_inventory.j2

---
# This NDFC switch inventory config data structure is auto-generated
# DO NOT EDIT MANUALLY
#
{% for switch in MD_Extended.vxlan.topology.switches %}
{% if switch.management.management_ipv4_address is defined %}
- seed_ip: {{ switch['management']['management_ipv4_address'] }}
{% elif switch.management.management_ipv6_address is defined %}
- seed_ip: {{ switch['management']['management_ipv6_address'] }}
{% endif %}
  auth_proto: {{ MD['vxlan']['global']['auth_proto'] | default(defaults.vxlan.global.auth_proto) }}
  user_name: PLACE_HOLDER_USERNAME
  password: PLACE_HOLDER_PASSWORD
  max_hops: 0 # this is the default value as it is not defined into the data model
  role: {{ switch['role'] }}
  preserve_config: false
{% endfor %}

To be tested:

 auth_proto: enum('MD5', 'SHA', 'MD5_DES', 'MD5_AES', 'SHA_DES', 'SHA_AES', required=False)

role: enum('spine', 'leaf', 'border', 'boder_spine', 'border_gateway', 'border_gateway_spine', 'super_spine', 'border_super_spine', 'border_gateway_super_spine', 'tor', required=False)
juburnet commented 5 months ago

With our current lab configurations only the MD5 authproto, and the spine, leaf, border seem to be available to confirm the configurations are valid. Will check with the team to see if we need to test all options changing or expanding the lab.

juburnet commented 5 months ago

Currently all devices are created with MD5 /type 5 creds, so none of the other authprotos work for our current lab setup.

username admin password 5 $5$GA……
 role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 205F…..

I suppose we could change these or add new additional devices with different auth methods.

As for the roles, if we could get some assistance with the lab setup for those other roles, we can create configs and test all of those in our schema. @dsx1123

juburnet commented 5 months ago

Issue is resolved with the following PRs: Updates for border gateway role for integration tests https://github.com/netascode/ansible-dc-vxlan/pull/124

updates for border_spine for full integration tests #129 https://github.com/netascode/ansible-dc-vxlan/pull/129

updates for SHA auth_proto for integration tests #130 https://github.com/netascode/ansible-dc-vxlan/pull/130