We run into the following issue relatively frequently in CI:

ansible/ansible#59306

Ansible should be updated to the latest 2.9 or 2.10 to get the fix.

Policy import for hq1 topology is broken.

Currently, export-templates.yml exports the device and feature templates with the variable names device_templates and feature_templates, while import-templates.yml is looking for vmanage_device_templates and vmanage_feature_templates. We should modify export-templates.yml to use the vmanage_ naming convention so that import-templates.yml can directly use templates exported with export-templates.yml without modification.

We should probably have an example local policy built in to the reference templates.

Hi, I am working through how to run the code in this repo. I am given to understand that the starting point is in sdwan_config_builder. In that directory, the README says:

By default sdwan_config_build looks for a 'metadata.yaml' file in the directory where it is run.

The only metadata.yaml file that is in the repo is in the config dir, alongside a config.example.yaml.

The minimal_env.sh has:

export CONFIG_BUILDER_METADATA="../config/metadata.yaml"

This implies, then, that the overall starting point must be to run the minimal_env.sh from the bin directory first. I think that step should be documented in the top level README then.

The metadata.yaml refers to:

top_level_config: "../config/config.yaml"

Whereas we have a config.example.yaml in the repo. I think, then, that the config.example.yaml should be copied to a config.yaml and suitably edited.

If this is correct so far, then I can add suitable documentation updates and submit a PR.

Thanks

Nathan

There are a lot of old and out-of-date files in the docs directory that need to either be updated or deleted.

Hello

When I tried export attachments from the box, all the time it exported just last variable
vManage code 20.1.1
Will try it again on production vManage where I have 19.2.2

Example of such attachments
{
"vmanage_attachments": [
{
"host_name": "vEdge1kupperOld",
"device_type": "vedge",
"uuid": "11OG637181517",
"system_ip": "198.18.6.2",
"site_id": "11000000",
"template": "vEdge1k_upper_template",
"variables": {
"null": "vEdge1kupperOld"
}
}
]
}

I have CLI templates and for sure more variables, in this example I had 3 variables.

Right now this script is broken when used with this repo. The issue is with bind mounted volumes in Docker Desktop for Windows. Due to the way Docker Desktop does the bind mount (CIFS volume share), the permissions of files in the repo get set inappropriately and things like dynamic inventory don't work due to not being executable, etc.

Cisco SD-WAN v20.7 takes longer to boot up and the API is sometimes not accessible before the limit is reached in check-vmanage.yml.

Defining the control plane addressing statically in the inventory/hq2/sdwan.yml file is not ideal for deployment into various test/validation systems. Using environment variables to define the IP addressing of the control plane components would allow more flexibility when deploying the automation for test/validation.

In the bin/config_build.sh we have:

# Uncomment the line below if you want to enforce the OPA rules in `config/policy/config.rego`
#set -e

That probably needs some additional explanation, but I am not sure how to explain that. Any ideas please?

The current j2 templates for creating terraform vars require the latest terraform-sdwan code.

CML v2.1 requires an updated python client library for API access. The virl2_client should be updated in the Dockerfile:

virl2_client>=2.1.0

Now that we have the ansible-sdwan container being built in Docker Hub, we should consider using it in play.sh so that building the container locally is not required. We can create a play-dev.sh that uses a local container or modify play.sh so that it allows a user to specifying the container at runtime.

The following output is from vManage without "Rapid" enabled:

Output:

Nping in VPN 1
Starting Nping 0.7.60 ( https://nmap.org/nping ) at 2020-02-20 21:39 UTC
SENT (0.0154s) ICMP [192.168.1.1 > 192.168.2.1 Echo request (type=8/code=0) id=27995 seq=1] IP [ttl=64 id=61444 iplen=28 ]
SENT (1.0155s) ICMP [192.168.1.1 > 192.168.2.1 Echo request (type=8/code=0) id=27995 seq=2] IP [ttl=64 id=61444 iplen=28 ]
RCVD (1.0155s) ICMP [127.1.0.2 > 192.168.1.1 Network 192.168.2.1 unreachable (type=3/code=0) ] IP [ttl=64 id=0 iplen=56 ]
SENT (2.0162s) ICMP [192.168.1.1 > 192.168.2.1 Echo request (type=8/code=0) id=27995 seq=3] IP [ttl=64 id=61444 iplen=28 ]
RCVD (2.0163s) ICMP [127.1.0.2 > 192.168.1.1 Network 192.168.2.1 unreachable (type=3/code=0) ] IP [ttl=64 id=0 iplen=56 ]
SENT (3.0172s) ICMP [192.168.1.1 > 192.168.2.1 Echo request (type=8/code=0) id=27995 seq=4] IP [ttl=64 id=61444 iplen=28 ]
RCVD (3.0173s) ICMP [127.1.0.2 > 192.168.1.1 Network 192.168.2.1 unreachable (type=3/code=0) ] IP [ttl=64 id=0 iplen=56 ]
SENT (4.0182s) ICMP [192.168.1.1 > 192.168.2.1 Echo request (type=8/code=0) id=27995 seq=5] IP [ttl=64 id=61444 iplen=28 ]
RCVD (4.0183s) ICMP [127.1.0.2 > 192.168.1.1 Network 192.168.2.1 unreachable (type=3/code=0) ] IP [ttl=64 id=0 iplen=56 ]
Max rtt: 0.042ms | Min rtt: 0.018ms | Avg rtt: 0.026ms
Raw packets sent: 5 (140B) | Rcvd: 4 (224B) | Lost: 1 (20.00%)
Nping done: 1 IP address pinged in 4.03 seconds

And this is with "Rapid" enabled:

Output:

Nping in VPN 1
!!!!!
Raw packets sent: 5 (0B) | Rcvd: 5 (0B) | Lost: 0 (0%)

Right now only static IP address assignment works for VMware automation. This enhancement would add the dynamic inventory bits required to pull IP addressing from terraform.

In the scenario where we specify static addressing for control plane components and we specify the mgmt_interface, we should always use that static address as the host address for Ansible and not rely on dynamic inventory to supply that info (because it may pickup some other address.) In order to do this, we need to set ansible_host appropriately anytime we use the netconf or network_cli connection types.

Currently the export-templates.yml playbook exports the device and feature templates under the headings device_templates and feature_templates in the YAML while the import-templates.yml playbook is looking for vmanage_device_templates and vmanage_feature_templates. This requires user intervention to make exported template files consumable by the import playbook. This is less than desirable.

We could use a way to specify which CML client library version to use when running playbooks. Currently it is set statically in the requirements.txt file and will break when targeting different CML 2.x minor versions (like we do in CI currently).

hq1 is the easiest inventory to get working because it does not require the static IP addressing changes that hq2 does. It should be the default.

In ansible.cfg change:

inventory = ./inventory/hq2

to:

inventory = ./inventory/hq1