From 1a10df4c8a456d096cf3c5923c6f653ac540f804 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Thu, 25 Aug 2022 09:37:05 -0700 Subject: [PATCH 01/27] Create nita-ansible-ee.yml Ansible Execution Environment Setup File --- ansible-ee/nita-ansible-ee.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 ansible-ee/nita-ansible-ee.yml diff --git a/ansible-ee/nita-ansible-ee.yml b/ansible-ee/nita-ansible-ee.yml new file mode 100644 index 0000000..d844ae8 --- /dev/null +++ b/ansible-ee/nita-ansible-ee.yml @@ -0,0 +1,15 @@ +--- +version: 1 +dependencies: + galaxy: ../requirements.yml + python: ../requirements.txt + +additional_build_steps: + append: + - COPY ../network-roles network-roles + - RUN cd ../network-roles/ebgp-ip-fabric && bash install.sh + - RUN cd ../network-roles/evpn-vxlan-common && bash install.sh + - RUN cd ../network-roles/evpn-vxlan-fi && bash install.sh + - RUN cd ../network-roles/evpn-vxlan-erb && bash install.sh + - RUN cd ../network-roles/evpn-vxlan-hb && bash install.sh + - RUN cd ../network-roles/evpn-vxlan-sb && bash install.sh From 48fefbe2ae703cbabd3c35cc1f7bb87dc0a255fb Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Thu, 25 Aug 2022 10:33:26 -0700 Subject: [PATCH 02/27] Create ansible.cfg --- ansible-ee/ansible.cfg | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ansible-ee/ansible.cfg diff --git a/ansible-ee/ansible.cfg b/ansible-ee/ansible.cfg new file mode 100644 index 0000000..a41a34c --- /dev/null +++ b/ansible-ee/ansible.cfg @@ -0,0 +1,7 @@ +[galaxy] +server_list = automation_hub + +[galaxy_server.automation_hub] +url=https://cloud.redhat.com/api/automation-hub/ +auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token +token=my_ah_token From ab42951ba786eed454b82d1960f55dc956d1eadf Mon Sep 17 00:00:00 2001 From: wildsubnet Date: Thu, 25 Aug 2022 15:36:31 -0700 Subject: [PATCH 03/27] Ansible Execution Environment for AWX --- ansible-ee/build_container.sh | 17 +++ ansible-ee/context/Dockerfile | 35 +++++ ansible-ee/context/_build/requirements.txt | 4 + ansible-ee/context/_build/requirements.yml | 17 +++ .../network-roles/ebgp-ip-fabric/.gitignore | 129 ++++++++++++++++++ .../network-roles/ebgp-ip-fabric/README.md | 2 + .../network-roles/ebgp-ip-fabric/install.sh | 8 ++ .../roles/ebgp_ip_fabric/tasks/main.yaml | 16 +++ .../templates/forwarding-options.j2 | 19 +++ .../ebgp_ip_fabric/templates/interfaces.j2 | 42 ++++++ .../templates/policy-options.j2 | 45 ++++++ .../ebgp_ip_fabric/templates/protocols.j2 | 47 +++++++ .../templates/routing-options.j2 | 20 +++ .../evpn-vxlan-common/.gitignore | 129 ++++++++++++++++++ .../network-roles/evpn-vxlan-common/README.md | 2 + .../evpn-vxlan-common/install.sh | 8 ++ .../roles/evpn_vxlan_common/tasks/main.yaml | 7 + .../templates/evpn_routing_options.j2 | 23 ++++ .../templates/policy_options.j2 | 71 ++++++++++ .../roles/junos_commit_config/meta/main.yaml | 5 + .../roles/junos_commit_config/tasks/main.yaml | 42 ++++++ .../roles/junos_common/meta/main.yaml | 3 + .../roles/junos_common/tasks/main.yaml | 15 ++ .../roles/junos_common/templates/chassis.j2 | 21 +++ .../junos_common/templates/common_system.j2 | 35 +++++ .../templates/management_interface.j2 | 28 ++++ .../junos_common/templates/routing_options.j2 | 32 +++++ .../roles/junos_common/templates/snmp.j2 | 23 ++++ .../roles/junos_qfx_common/meta/main.yaml | 3 + .../roles/junos_qfx_common/tasks/main.yaml | 7 + .../junos_qfx_common/templates/system.j2 | 74 ++++++++++ .../templates/vqfx_pfe_interface.j2 | 24 ++++ .../network-roles/evpn-vxlan-erb/README.md | 2 + .../network-roles/evpn-vxlan-erb/install.sh | 8 ++ .../roles/evpn_vxlan_erb_leaf/tasks/main.yaml | 3 + .../templates/ibgp_leaf.j2 | 54 ++++++++ .../evpn_vxlan_erb_spine/tasks/main.yaml | 3 + .../templates/ibgp_spine_rr.j2 | 34 +++++ .../roles/evpn_vxlan_policy/tasks/main.yaml | 3 + .../templates/evpn_policy.j2 | 55 ++++++++ .../roles/evpn_vxlan_port/tasks/main.yaml | 3 + .../evpn_vxlan_port/templates/evpn_port.j2 | 74 ++++++++++ .../roles/evpn_vxlan_vni/tasks/main.yaml | 4 + .../evpn_vxlan_vni/templates/evpn_vni.j2 | 40 ++++++ .../roles/evpn_vxlan_vrf/tasks/main.yaml | 3 + .../evpn_vxlan_vrf/templates/evpn_vrf.j2 | 93 +++++++++++++ .../network-roles/evpn-vxlan-fi/.gitignore | 129 ++++++++++++++++++ .../network-roles/evpn-vxlan-fi/README.md | 2 + .../network-roles/evpn-vxlan-fi/install.sh | 8 ++ .../roles/evpn_vxlan_dci/tasks/main.yaml | 3 + .../templates/evpn_vxlan_dci.j2 | 48 +++++++ .../network-roles/evpn-vxlan-hb/.gitignore | 129 ++++++++++++++++++ .../network-roles/evpn-vxlan-hb/README.md | 2 + .../network-roles/evpn-vxlan-hb/install.sh | 8 ++ .../files/commit_config.expect | 18 +++ .../roles/healthbot_commit/tasks/main.yaml | 24 ++++ .../roles/healthbot_config/tasks/main.yaml | 16 +++ .../healthbot_config/templates/device.j2 | 36 +++++ .../templates/device_group.j2 | 19 +++ .../network-roles/evpn-vxlan-sb/.gitignore | 129 ++++++++++++++++++ .../network-roles/evpn-vxlan-sb/README.md | 2 + .../network-roles/evpn-vxlan-sb/install.sh | 8 ++ .../roles/srx_common/meta/main.yaml | 3 + .../roles/srx_common/tasks/main.yaml | 10 ++ .../roles/srx_common/templates/lldp.j2 | 19 +++ .../roles/srx_common/templates/security.j2 | 84 ++++++++++++ .../roles/srx_common/templates/system.j2 | 69 ++++++++++ .../roles/srx_firewall/meta/main.yaml | 3 + .../roles/srx_firewall/tasks/main.yaml | 16 +++ .../roles/srx_firewall/templates/fabric.j2 | 43 ++++++ .../srx_firewall/templates/firewall_port.j2 | 74 ++++++++++ .../roles/srx_firewall/templates/ospf.j2 | 23 ++++ .../templates/security_policies.j2 | 34 +++++ .../roles/srx_firewall/templates/zones.j2 | 39 ++++++ ansible-ee/nita-ansible-ee.yml | 20 +-- ansible-ee/requirements.txt | 4 + ansible-ee/requirements.yml | 17 +++ 77 files changed, 2362 insertions(+), 9 deletions(-) create mode 100755 ansible-ee/build_container.sh create mode 100644 ansible-ee/context/Dockerfile create mode 100644 ansible-ee/context/_build/requirements.txt create mode 100644 ansible-ee/context/_build/requirements.yml create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/README.md create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 create mode 100644 ansible-ee/requirements.txt create mode 100644 ansible-ee/requirements.yml diff --git a/ansible-ee/build_container.sh b/ansible-ee/build_container.sh new file mode 100755 index 0000000..fafa542 --- /dev/null +++ b/ansible-ee/build_container.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-ansible +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** + +cp -R ../network-roles context/ +ansible-builder build --tag "juniper/nita-ansible-ee" --container-runtime docker -f nita-ansible-ee.yml diff --git a/ansible-ee/context/Dockerfile b/ansible-ee/context/Dockerfile new file mode 100644 index 0000000..fa46636 --- /dev/null +++ b/ansible-ee/context/Dockerfile @@ -0,0 +1,35 @@ +ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:latest +ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest + +FROM $EE_BASE_IMAGE as galaxy +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=-vvv +USER root + +ADD _build /build +WORKDIR /build + +RUN ansible-galaxy role install -r requirements.yml --roles-path "/usr/share/ansible/roles" +RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections" + +FROM $EE_BUILDER_IMAGE as builder + +COPY --from=galaxy /usr/share/ansible /usr/share/ansible + +ADD _build/requirements.txt requirements.txt +RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt +RUN assemble + +FROM $EE_BASE_IMAGE +USER root + +COPY --from=galaxy /usr/share/ansible /usr/share/ansible + +COPY --from=builder /output/ /output/ +RUN /output/install-from-bindep && rm -rf /output/wheels +COPY network-roles network-roles +RUN cd network-roles/ebgp-ip-fabric && bash install.sh +RUN cd network-roles/evpn-vxlan-common && bash install.sh +RUN cd network-roles/evpn-vxlan-fi && bash install.sh +RUN cd network-roles/evpn-vxlan-erb && bash install.sh +RUN cd network-roles/evpn-vxlan-hb && bash install.sh +RUN cd network-roles/evpn-vxlan-sb && bash install.sh diff --git a/ansible-ee/context/_build/requirements.txt b/ansible-ee/context/_build/requirements.txt new file mode 100644 index 0000000..c894174 --- /dev/null +++ b/ansible-ee/context/_build/requirements.txt @@ -0,0 +1,4 @@ +junos-eznc +pynetbox +jxmlease +xmltodict diff --git a/ansible-ee/context/_build/requirements.yml b/ansible-ee/context/_build/requirements.yml new file mode 100644 index 0000000..4f5eeb4 --- /dev/null +++ b/ansible-ee/context/_build/requirements.yml @@ -0,0 +1,17 @@ +--- + roles: + # Install a role from Ansible Galaxy. + - name: juniper.junos + version: '2.4.3' + + collections: + # Install a collection from Ansible Galaxy. + - name: netbox.netbox + version: '3.1.1' + # Install juniper.device collection from Ansible Galaxy. + - name: juniper.device + version: '1.0.1' + # Install junipernetworks collection from Ansible Galaxy. + - name: junipernetworks.junos + version: '3.1.0' + diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore b/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md b/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md new file mode 100644 index 0000000..a459657 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md @@ -0,0 +1,2 @@ +# ebgp-ip-fabric +Ansible roles to configure a Juniper QFX with an EBGP based IP fabric diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh b/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml new file mode 100644 index 0000000..5c929e3 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml @@ -0,0 +1,16 @@ +--- +- name: Creating base interfaces config + template: src="interfaces.j2" dest="{{ tmp_dir }}/interfaces.cfg" + +- name: Creating protocols config + template: src="protocols.j2" dest="{{ tmp_dir }}/protocols.cfg" + +- name: Creating policy-options config + template: src="policy-options.j2" dest="{{ tmp_dir }}/policy-options.cfg" + +- name: Creating forwarding-options config + template: src="forwarding-options.j2" dest="{{ tmp_dir }}/forwarding-options.cfg" + +- name: Creating routing-options config + template: src="routing-options.j2" dest="{{ tmp_dir }}/routing-options.cfg" + diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 new file mode 100644 index 0000000..69a4692 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 @@ -0,0 +1,19 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +forwarding-options { + storm-control-profiles default { + all; + } +} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 new file mode 100644 index 0000000..9e9ed29 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 @@ -0,0 +1,42 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +interfaces { +{% for intf in core_interfaces %} + {{ intf.int }} { +{% if intf.desc is defined %} + description "{{ intf.desc }}"; +{% endif %} +{% if intf.mac is defined %} + mac {{ intf.mac }}; +{% endif %} +{% if intf.ip is defined %} + unit 0 { + family inet { + address {{ intf.ip }}/{{ intf.mask }}; + } + } +{% endif %} + } +{% endfor %} + + lo0 { + unit 0 { + description "*** loopback ***"; + family inet { + address {{ loopback_ip }}/32; + } + } + } +} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 new file mode 100644 index 0000000..d601f9a --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 @@ -0,0 +1,45 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +policy-options { + policy-statement IPCLOS_BGP_EXP { + term loopback { + from protocol [ direct bgp ]; + then { + community add "{{ inventory_hostname }}"; + accept; + } + } + term default { + then reject; + } + } + policy-statement IPCLOS_BGP_IMP { + term loopback { + from protocol [ bgp direct ]; + then accept; + } + term default { + then reject; + } + } + policy-statement PFE-LB { + then { + load-balance per-packet; + } + } +{% for bgp in underlay_ebgp %} + community "{{ inventory_hostname }}" members "{{ bgp.autonomous_system }}:1"; +{% endfor %} +} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 new file mode 100644 index 0000000..7fe0536 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 @@ -0,0 +1,47 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +protocols { + bgp { +{% for bgp in underlay_ebgp %} + group {{ bgp.group }} { + bfd-liveness-detection minimum-interval 1000; + bfd-liveness-detection multiplier 3; + export IPCLOS_BGP_EXP; + import IPCLOS_BGP_IMP; + type external; + mtu-discovery; + vpn-apply-export; + local-as "{{ bgp.autonomous_system }}"; + multipath { + multiple-as; + } +{% for neighbor in bgp.neighbors %} + neighbor {{ neighbor.name }} { + description "EBGP peering to {{ neighbor.name }}"; + peer-as {{ neighbor.asn }}; + } +{% endfor %} + } +{% endfor %} + } + + igmp-snooping { + vlan default; + } + + lldp { + interface all; + } +} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 new file mode 100644 index 0000000..c390064 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 @@ -0,0 +1,20 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +routing-options { + forwarding-table { + export PFE-LB; + ecmp-fast-reroute; + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/README.md b/ansible-ee/context/network-roles/evpn-vxlan-common/README.md new file mode 100644 index 0000000..178160e --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-common +Common ansible roles for deploying an EVPN VXLAN fabric diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml new file mode 100644 index 0000000..61b70e2 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- name: Creating common evpn routing options config + template: src=evpn_routing_options.j2 dest={{ tmp_dir }}/evpn_routing_options.cfg + +- name: Creating common evpn policy options config + template: src=policy_options.j2 dest={{ tmp_dir }}/evpn_policy_options.cfg + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 new file mode 100644 index 0000000..174baa5 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 @@ -0,0 +1,23 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +routing-options { + forwarding-table { + chained-composite-next-hop { + ingress { + evpn; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 new file mode 100644 index 0000000..17fb130 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 @@ -0,0 +1,71 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +policy-options { + policy-statement EVPN_T5_EXPORT { + term fm_direct { + from protocol direct; + then accept; + } + term fm_static { + from protocol static; + then accept; + } +{% if collapsed_spine is defined %} +{% if collapsed_spine %} + term fm_v4_default { + from { + protocol evpn; + protocol ospf; + route-filter 0.0.0.0/0 exact; + } + then accept; + } + term fm_v4_host { + from { + protocol evpn; + route-filter 0.0.0.0/0 prefix-length-range /32-/32; + } + then accept; + } +{% endif %} +{% else %} +{% if leaf_type == "border" %} + term fm_v4_default { + from { + protocol evpn; + protocol ospf; + route-filter 0.0.0.0/0 exact; + } + then accept; + } +{% else %} + term fm_v4_host { + from { + protocol evpn; + route-filter 0.0.0.0/0 prefix-length-range /32-/32; + } + then accept; + } +{% endif %} +{% endif %} + term fm_v6_host { + from { + protocol evpn; + route-filter 0::0/0 prefix-length-range /128-/128; + } + then accept; + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml new file mode 100644 index 0000000..3aea705 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml @@ -0,0 +1,5 @@ +--- +dependencies: + - { role: Juniper.junos } +collections: + - juniper.device diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml new file mode 100644 index 0000000..143b9da --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml @@ -0,0 +1,42 @@ +--- +- name: Assembling configurations + assemble: + src={{ tmp_dir }} + dest={{ junos_conf }} + mode={{ conf_file_mode | default('666') }} + regexp=.+\.cfg +# Use for Ansible 2.9 and lower +# - name: Pushing config ... please wait +# juniper_junos_config: +# user: "{{ netconf_user }}" +# passwd: "{{ netconf_passwd }}" +# load: 'override' +# src: "{{ junos_conf }}" +# commit: true +# diffs_file: "{{build_dir}}/log/{{ inventory_hostname }}-diff.log" +# logfile: "{{ log }}" +# comment: "Committed using NITA" +# timeout: "{{ netconf_timeout | default('300') }}" +# register: response +# - name: Commit response +# debug: +# var: response +# +# +# Use section below for device collection use for Ansible 2.10 and greater... +# +- name: Pushing config ... please wait + config: + user: "{{ netconf_user }}" + passwd: "{{ netconf_passwd }}" + load: 'override' + src: "{{ junos_conf }}" + commit: true + diffs_file: "{{build_dir}}/log/{{ inventory_hostname }}-diff.log" + logfile: "{{ log }}" + comment: "Committed using NITA" + timeout: "{{ netconf_timeout | default('300') }}" + register: response +- name: Commit response + debug: + var: response diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml new file mode 100644 index 0000000..d1dbae8 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: Juniper.junos } diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml new file mode 100644 index 0000000..18bc799 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml @@ -0,0 +1,15 @@ +--- +- name: Creating management interface + template: src=management_interface.j2 dest={{ tmp_dir }}/management_interface.cfg + +- name: Creating common SNMP config + template: src=snmp.j2 dest={{ tmp_dir }}/snmp.cfg + +- name: Creating common routing config + template: src=routing_options.j2 dest={{ tmp_dir }}/routing_options.cfg + +- name: Creating chassis config + template: src=chassis.j2 dest={{ tmp_dir }}/chassis.cfg + +- name: Enable grpc support + template: src=common_system.j2 dest={{ tmp_dir }}/common_system.cfg diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 new file mode 100644 index 0000000..2353017 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 @@ -0,0 +1,21 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +chassis { + aggregated-devices { + ethernet { + device-count 24; + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 new file mode 100644 index 0000000..e97ab0b --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 @@ -0,0 +1,35 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +system { + services { + extension-service { + request-response { + grpc { + clear-text { + address 0.0.0.0; + port 32767; + } + max-connections 30; + skip-authentication; + } + } + notification { + allow-clients { + address 0.0.0.0/0; + } + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 new file mode 100644 index 0000000..3b692a5 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 @@ -0,0 +1,28 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +interfaces { + {{ management_interface.int }} { + unit 0 { + description "*** management ***"; + family inet { +{% if management_interface.ip is defined %} + address {{ management_interface.ip }}/{{ management_interface.mask }}; +{% else %} + dhcp; +{% endif %} + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 new file mode 100644 index 0000000..9517ada --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 @@ -0,0 +1,32 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +routing-options { +{% if loopback_ip is defined %} + router-id {{ loopback_ip }}; +{% endif %} +{% if routing_options is defined %} +{% for route in routing_options %} + {% if route.destination == "discard" %} + static { + route {{ route.static }} {{ route.destination }}; + } + {% else %} + static { + route {{ route.static }} next-hop {{ route.destination }}; + } + {% endif %} +{% endfor %} +{% endif %} +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 new file mode 100644 index 0000000..18e749b --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 @@ -0,0 +1,23 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +snmp { + location "{{ snmp.location }}"; + contact "{{ snmp.contact }}"; + {% for community in snmp.communities %} + community {{ community.name }} { + authorization read-only; + } + {% endfor %} +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml new file mode 100644 index 0000000..d1dbae8 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: Juniper.junos } diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml new file mode 100644 index 0000000..213cddf --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- name: Creating vqfx pfe interface + template: src=vqfx_pfe_interface.j2 dest={{ tmp_dir }}/vqfx_pfe_interface.cfg + +- name: Creating common system config + template: src=system.j2 dest={{ tmp_dir }}/system.cfg + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 new file mode 100644 index 0000000..6c71f83 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 @@ -0,0 +1,74 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +system { + host-name {{ inventory_hostname }}; + root-authentication { + encrypted-password "{{ password_hashes.root_user }}"; # SECRET-DATA + } + services { + ssh { + root-login allow; + } + netconf { + ssh; + } + rest { + http { + port 3000; + } + enable-explorer; + } + } + login { + message "{{ login_message }}"; + user jcluser { + class super-user; + uid 2000; + authentication { + encrypted-password "{{ password_hashes.netadmin_user }}"; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + {% if ntp_server is defined %} + ntp { + server {{ ntp_server }}; + } + {% endif %} + {% if time_zone is defined %} + time-zone {{ time_zone }}; + {% endif %} + extensions { + providers { + juniper { + license-type juniper deployment-scope commercial; + } + chef { + license-type juniper deployment-scope commercial; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 new file mode 100644 index 0000000..3594521 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 @@ -0,0 +1,24 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +interfaces { + em1 { + unit 0 { + description "*** to pfe ***" + family inet { + address 169.254.0.2/24; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md new file mode 100644 index 0000000..08ac962 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-erb +Ansible roles to configure Juniper QFX in an EVPN VXLAN ERB architecture diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml new file mode 100644 index 0000000..cc2bfd8 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure BGP + EVPN for ERB leaf + template: src="ibgp_leaf.j2" dest="{{ tmp_dir }}/ibgp_leaf.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 new file mode 100644 index 0000000..9356735 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 @@ -0,0 +1,54 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +protocols { + bgp { +{% for bgp in evpn_ibgp %} + group {{ bgp.group }} { + type internal; + local-address {{ loopback_ip }}; + family evpn { + signaling; + } + cluster {{ loopback_ip }}; + local-as {{ autonomous_system }}; + multipath; +{% for neighbor in bgp.neighbors %} + neighbor {{ neighbor.name }}; +{% endfor %} + } +{% endfor %} + } + evpn { + encapsulation vxlan; + multicast-mode ingress-replication; + default-gateway do-not-advertise; +{% if leaf_type != "border" %} + extended-vni-list all; +{% endif %} +{%if collapsed_spine is defined %} +{%if collapsed_spine %} + no-core-isolation; +{% endif %} +{% endif %} + } +} +switch-options { + vtep-source-interface lo0.0; + route-distinguisher {{ loopback_ip }}:9999; + vrf-target { + target:9999:9999; + auto; + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml new file mode 100644 index 0000000..fcef9a9 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Create iBGP route reflector + template: src="ibgp_spine_rr.j2" dest="{{ tmp_dir }}/ibgp_spine_rr.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 new file mode 100644 index 0000000..5937f4a --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 @@ -0,0 +1,34 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +protocols { + bgp { +{% for bgp in evpn_ibgp %} + group EVPN_iBGP { + type internal; + local-address {{ loopback_ip }}; + family evpn { + signaling; + } + cluster {{ loopback_ip }}; + local-as {{ autonomous_system }}; + multipath; + allow {{ loopback_subnet }}; +{% for neighbor in bgp.neighbors %} + neighbor {{ neighbor.name }}; +{% endfor %} + } +{% endfor %} + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml new file mode 100644 index 0000000..4c63492 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure routing policies + template: src="evpn_policy.j2" dest="{{ tmp_dir }}/evpn_policy.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 new file mode 100644 index 0000000..ead9f62 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 @@ -0,0 +1,55 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if export_policies is defined %} +{% for policy in export_policies %} +policy-options { + policy-statement {{ policy.name }}_exp { + term export_local { + from protocol direct; + then { + community add {{ policy.name }}_comm; + accept; + } + } + term export { + then { + community add {{ policy.name }}_comm; + accept; + } + } + } + community {{ policy.name }}_comm members {{ policy.target }}; +} +{% endfor %} +{% endif %} +{% if import_policies is defined %} +{% for policy in import_policies %} +policy-options { + policy-statement {{ policy.name }}_imp { + term bgp { + from { +{% for community in policy.communities %} + community {{ community.name }}_comm; +{% endfor %} + } + then accept; + } + term end { + then reject; + } + } +} +{% endfor %} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml new file mode 100644 index 0000000..c4ac7ee --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure evpn vxlan ports + template: src="evpn_port.j2" dest="{{ tmp_dir }}/evpn_port.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 new file mode 100644 index 0000000..8c1ffd0 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 @@ -0,0 +1,74 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if evpn_port is defined %} +interfaces { +{% for port in evpn_port %} + {{ port.interface }} { +{% if port.esi is defined %} + esi { + {{ port.esi }}; + all-active; + } + aggregated-ether-options{ + lacp { + active; + periodic fast; + system-id {{ port.system_id }}; + } + } +{% endif %} +{% if port.vlan_id is defined %} + vlan-tagging; +{% endif %} + unit {{ port.vlan_id | default("0", true) }} { +{% if port.description is defined %} + description "{{ port.description }}"; +{% endif %} +{% if port.members is defined %} + family { + ethernet-switching { + vlan { +{% for item in port.members %} + members {{ item.id }}; +{% endfor %} + } + } + } +{% else %} +{% if port.vlan_id is defined %} + vlan-id {{ port.vlan_id }}; +{% endif %} +{% if port.ip is defined %} + family { + inet { + address {{ port.ip }}; + } + } +{% endif %} +{% endif %} + } + } +{% if port.lag_members is defined %} +{% for item in port.lag_members %} + {{ item.interface }} { + ether-options { + 802.3ad {{ port.interface }}; + } + } +{% endfor %} +{% endif %} +{% endfor %} +} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml new file mode 100644 index 0000000..97e5ece --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- name: Configure VNIs + IRBs + template: src="evpn_vni.j2" dest="{{ tmp_dir }}/evpn_vni.cfg" + when: leaf_type != "border" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 new file mode 100644 index 0000000..12b5fca --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 @@ -0,0 +1,40 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +interfaces { +{% for vni in vnis %} + irb { + unit {{ vni.id }} { + family inet { +{% for item in vni.irb_ips %} + address {{ item.ip }}; +{% endfor %} + } + mac {{ vni.irb_mac }}; + } + } +{% endfor %} +} + +vlans { +{% for vni in vnis %} + vlan_{{ vni.id }} { + vlan-id {{ vni.id }}; + l3-interface irb.{{ vni.id }}; + vxlan { + vni {{ vni.id }}; + } + } +{% endfor %} +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml new file mode 100644 index 0000000..3701a58 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure VRFs + template: src="evpn_vrf.j2" dest="{{ tmp_dir }}/evpn_vrf.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 new file mode 100644 index 0000000..e3337f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 @@ -0,0 +1,93 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if vrfs is defined %} +{% for vrf in vrfs %} +interfaces lo0 { + unit {{ vrf.vrf_id }} { + description "Loopback for VXLAN control packets for VRF_{{ vrf.vrf_id }}"; + family inet { + address {{ vrf.loopback_ip }}/32; + } + } +} +routing-instances { + VRF_{{ vrf.vrf_id }} { + instance-type vrf; +{% if vrf.interfaces is defined %} +{% for interface in vrf.interfaces %} + interface {{ interface.name }}; +{% endfor %} +{% endif %} + interface lo0.{{ vrf.vrf_id }}; + route-distinguisher {{ vrf.loopback_ip }}:{{ vrf.vrf_id }}; + vrf-target target:1:{{ vrf.vrf_id }}; +{% if vrf.export is defined %} + vrf-export {{ vrf.export }}_exp; +{% endif %} +{% if vrf.import is defined %} + vrf-import {{ vrf.import }}_imp; +{% endif %} + vrf-table-label; + routing-options { + auto-export; + } + protocols { + evpn { + ip-prefix-routes { + advertise direct-nexthop; + encapsulation vxlan; + vni {{ vrf.vrf_id }}; + export EVPN_T5_EXPORT; + } + } +{% if vrf.ospf_interfaces is defined %} +{% for interface in vrf.ospf_interfaces %} + ospf { + export to-ospf; + area 0.0.0.0 { + interface {{ interface.name }} { + metric {{ interface.metric }}; + } + } + } +{% endfor %} +{% endif %} + } + } +} +{% if vrf.ospf_interfaces is defined %} +policy-options { + policy-statement to-ospf { + term 10 { +{% if collapsed_spine is defined %} +{% if collapsed_spine %} +{% for vni in vnis %} +{% for interface in vni.irb_ips %} + from route-filter {{ interface.subnet }} orlonger; +{% endfor %} +{% endfor %} +{% endif %} +{% endif %} + from protocol evpn; + then accept; + } + term 100 { + then reject; + } + } +} +{% endif %} +{% endfor %} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md b/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md new file mode 100644 index 0000000..5232886 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-fi +Ansible roles for EVPN VXLAN data center fabric interconnect configuration, between pods/datacenters/campus/etc. diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml new file mode 100644 index 0000000..ec6632e --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure DCI eBGP + template: src="evpn_vxlan_dci.j2" dest="{{ tmp_dir }}/evpn_vxlan_dci.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 new file mode 100644 index 0000000..1a3196c --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 @@ -0,0 +1,48 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if dci_ebgp is defined %} +protocols { + bgp { +{% for bgp in dci_ebgp %} + group {{ bgp.group }} { + type external; + local-address "{{ loopback_ip }}"; + local-as "{{ autonomous_system }}"; + multipath { + multiple-as; + } + multihop { + no-nexthop-change; + } + family evpn { + signaling { + delay-route-advertisements { + minimum-delay { + routing-uptime 480; + } + } + } + } +{% for neighbor in bgp.neighbors %} + neighbor {{ neighbor.name }} { + description "DCI EBGP peering to {{ neighbor.name }}"; + peer-as {{ neighbor.asn }}; + } +{% endfor %} + } +{% endfor %} + } +} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md new file mode 100644 index 0000000..9155557 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-hb +Ansible roles to support using Healthbot and EVPN VXLAN diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect new file mode 100644 index 0000000..18abec2 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect @@ -0,0 +1,18 @@ +#!/usr/bin/expect + +spawn docker-compose -p healthbot -f /var/local/healthbot/healthbot_mgd.yaml exec mgd /usr/sbin/cli +expect "> " +send "request healthbot load | no-more\n" +expect "> " +send "configure\n" +expect "# " +send "load merge /config/healthbot.conf | no-more\n" +expect "# " +send "commit and-quit\n" +expect "> " +send "request healthbot deploy\n" +expect "Do you want to continue (y/n) ? " +send "y\n" +expect "Do you want to continue (y/n) ? " +send "y\n" +expect "> " diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml new file mode 100644 index 0000000..1e24c87 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml @@ -0,0 +1,24 @@ +--- +- name: installing expect + become: yes + apt: + name: expect + +- name: install healthbot commit_config.expect script + become: yes + copy: + src: commit_config.expect + dest: /root/commit_config.expect + mode: 0755 + +- name: copy configuration file + become: yes + copy: + src: "{{ build_dir }}/healthbot.conf" + dest: /var/local/healthbot/mgd_config/healthbot.conf + mode: 0644 + +- name: execute expect script to commit configuration to healthbot + become: yes + shell: "/root/commit_config.expect" + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml new file mode 100644 index 0000000..f0de114 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml @@ -0,0 +1,16 @@ +--- +- name: Configure healthbot device + template: src="device.j2" dest="{{ tmp_dir }}/device.cfg" + +- name: Configure healthbot device group + template: src="device_group.j2" dest="{{ tmp_dir }}/device_group.cfg" + +- name: Assembling configurations per device + assemble: + src={{ build_dir }}/{{ inventory_hostname }}/tmp + dest={{ build_dir }}/{{ inventory_hostname }}/healthbot.conf + mode={{ conf_file_mode | default('666') }} + regexp=.+\.cfg + +- name: Append to common configuration + shell: "cat {{ build_dir }}/{{ inventory_hostname }}/healthbot.conf >> {{ build_dir }}/healthbot.conf" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 new file mode 100644 index 0000000..abd0818 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 @@ -0,0 +1,36 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +healthbot { + device {{ inventory_hostname }} { + host {{ management_interface.ip }}; + open-config { + port 32767; + } + iAgent { + port 830; + } + authentication { + password { + username "{{ netconf_user }}"; + password "{{ netconf_passwd }}"; + } + } + vendor { + juniper { + operating-system junos; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 new file mode 100644 index 0000000..06123f7 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 @@ -0,0 +1,19 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +healthbot { + device-group {{ healthbot_device_group }} { + devices [ {{ inventory_hostname }} ]; + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md new file mode 100644 index 0000000..a2147dd --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-sb +EVPN VXLAN data center service block diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml new file mode 100644 index 0000000..d1dbae8 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: Juniper.junos } diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml new file mode 100644 index 0000000..54ea591 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml @@ -0,0 +1,10 @@ +--- +- name: Creating common system config + template: src=system.j2 dest={{ tmp_dir }}/system.cfg + +- name: Creating security config + template: src=security.j2 dest={{ tmp_dir }}/security.cfg + +- name: Creating lldp config + template: src=lldp.j2 dest={{ tmp_dir }}/lldp.cfg + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 new file mode 100644 index 0000000..935f22c --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 @@ -0,0 +1,19 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +protocols { + lldp { + interface all; + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 new file mode 100644 index 0000000..4dccecd --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 @@ -0,0 +1,84 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +security { + log { + mode stream; + report; + } + screen { + ids-option untrust-screen { + icmp { + ping-death; + } + ip { + source-route-option; + tear-drop; + } + tcp { + syn-flood { + alarm-threshold 1024; + attack-threshold 200; + source-threshold 1024; + destination-threshold 2048; + queue-size 2000; + timeout 20; + } + land; + } + } + } + policies { + from-zone trust to-zone trust { + policy default-permit { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + from-zone trust to-zone untrust { + policy default-permit { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + } + zones { + security-zone trust { + tcp-rst; + host-inbound-traffic { + system-services { + all; + } + protocols { + all; + } + } + } + security-zone untrust { + screen untrust-screen; + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 new file mode 100644 index 0000000..b341c62 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 @@ -0,0 +1,69 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +system { + host-name {{ inventory_hostname }}; + root-authentication { + encrypted-password "{{ password_hashes.root_user }}"; # SECRET-DATA + } + services { + ssh { + root-login allow; + } + netconf { + ssh; + } + rest { + http { + port 3000; + } + enable-explorer; + } + } + login { + message "{{ login_message }}"; + user jcluser { + class super-user; + uid 2000; + authentication { + encrypted-password "{{ password_hashes.netadmin_user }}"; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + license { + autoupdate { + url https://ae1.juniper.net/junos/key_retrieval; + } + } + {% if ntp_server is defined %} + ntp { + server {{ ntp_server }}; + } + {% endif %} + {% if time_zone is defined %} + time-zone {{ time_zone }}; + {% endif %} +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml new file mode 100644 index 0000000..d1dbae8 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: Juniper.junos } diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml new file mode 100644 index 0000000..ac376c2 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml @@ -0,0 +1,16 @@ +--- +- name: Creating firewall port config + template: src=firewall_port.j2 dest={{ tmp_dir }}/firewall_port.cfg + +- name: Creating ospf config + template: src=ospf.j2 dest={{ tmp_dir }}/ospf.cfg + +- name: Creating fabric routing instance config + template: src=fabric.j2 dest={{ tmp_dir }}/fabric.cfg + +- name: Creating zones config + template: src=zones.j2 dest={{ tmp_dir }}/zones.cfg + +- name: Creating security policies config + template: src=security_policies.j2 dest={{ tmp_dir }}/security_policies.cfg + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 new file mode 100644 index 0000000..385c12c --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 @@ -0,0 +1,43 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +routing-instances { + fabric { + instance-type virtual-router; +{% for port in firewall_port %} + interface {{ port.interface }}.{{ port.vlan_id | default("0", true) }}; +{% endfor %} + routing-options { + static { + route 0.0.0.0/0 discard; + } + } + protocols { + ospf { + export ospf-default; + area 0.0.0.0 { +{% if vrfs is defined %} +{% for vrf in vrfs %} +{% if vrf.ospf_interfaces is defined %} +{% for interface in vrf.ospf_interfaces %} + interface {{ interface.name }}; +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + } + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 new file mode 100644 index 0000000..9bdb388 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 @@ -0,0 +1,74 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if firewall_port is defined %} +interfaces { +{% for port in firewall_port %} + {{ port.interface }} { +{% if port.esi is defined %} + esi { + {{ port.esi }}; + all-active; + } + aggregated-ether-options{ + lacp { + active; + periodic fast; + system-id {{ port.system_id }}; + } + } +{% endif %} +{% if port.vlan_id is defined %} + vlan-tagging; +{% endif %} + unit {{ port.vlan_id | default("0", true) }} { +{% if port.description is defined %} + description "{{ port.description }}"; +{% endif %} +{% if port.members is defined %} + family { + ethernet-switching { + vlan { +{% for item in port.members %} + members {{ item.id }}; +{% endfor %} + } + } + } +{% else %} +{% if port.vlan_id is defined %} + vlan-id {{ port.vlan_id }}; +{% endif %} +{% if port.ip is defined %} + family { + inet { + address {{ port.ip }}; + } + } +{% endif %} +{% endif %} + } + } +{% if port.lag_members is defined %} +{% for item in port.lag_members %} + {{ item.interface }} { + ether-options { + 802.3ad {{ port.interface }}; + } + } +{% endfor %} +{% endif %} +{% endfor %} +} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 new file mode 100644 index 0000000..6862550 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 @@ -0,0 +1,23 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +policy-options { + policy-statement ospf-default { + term 1 { + from { + route-filter 0.0.0.0/0 exact accept; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 new file mode 100644 index 0000000..95eda37 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 @@ -0,0 +1,34 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if firewall_rules is defined %} +security { +{% for rule in firewall_rules %} + policies { + from-zone {{ rule.from_zone }} to-zone {{ rule.to_zone }} { + policy default-permit { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + } +{% endfor %} +} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 new file mode 100644 index 0000000..628b52a --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 @@ -0,0 +1,39 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +security { + zones { +{% if vrfs is defined %} +{% for vrf in vrfs %} + security-zone VRF_{{ vrf.vrf_id }} { + host-inbound-traffic { + system-services { + all; + } + protocols { + all; + } + } +{% if vrf.ospf_interfaces is defined %} + interfaces { +{% for interface in vrf.ospf_interfaces %} + {{ interface.name }}; +{% endfor %} + } +{% endif %} + } +{% endfor %} +{% endif %} + } +} diff --git a/ansible-ee/nita-ansible-ee.yml b/ansible-ee/nita-ansible-ee.yml index d844ae8..7000a3d 100644 --- a/ansible-ee/nita-ansible-ee.yml +++ b/ansible-ee/nita-ansible-ee.yml @@ -1,15 +1,17 @@ --- version: 1 +build_arg_defaults: + ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "-vvv" dependencies: - galaxy: ../requirements.yml - python: ../requirements.txt + galaxy: requirements.yml + python: requirements.txt additional_build_steps: append: - - COPY ../network-roles network-roles - - RUN cd ../network-roles/ebgp-ip-fabric && bash install.sh - - RUN cd ../network-roles/evpn-vxlan-common && bash install.sh - - RUN cd ../network-roles/evpn-vxlan-fi && bash install.sh - - RUN cd ../network-roles/evpn-vxlan-erb && bash install.sh - - RUN cd ../network-roles/evpn-vxlan-hb && bash install.sh - - RUN cd ../network-roles/evpn-vxlan-sb && bash install.sh + - COPY network-roles network-roles + - RUN cd network-roles/ebgp-ip-fabric && bash install.sh + - RUN cd network-roles/evpn-vxlan-common && bash install.sh + - RUN cd network-roles/evpn-vxlan-fi && bash install.sh + - RUN cd network-roles/evpn-vxlan-erb && bash install.sh + - RUN cd network-roles/evpn-vxlan-hb && bash install.sh + - RUN cd network-roles/evpn-vxlan-sb && bash install.sh diff --git a/ansible-ee/requirements.txt b/ansible-ee/requirements.txt new file mode 100644 index 0000000..c894174 --- /dev/null +++ b/ansible-ee/requirements.txt @@ -0,0 +1,4 @@ +junos-eznc +pynetbox +jxmlease +xmltodict diff --git a/ansible-ee/requirements.yml b/ansible-ee/requirements.yml new file mode 100644 index 0000000..4f5eeb4 --- /dev/null +++ b/ansible-ee/requirements.yml @@ -0,0 +1,17 @@ +--- + roles: + # Install a role from Ansible Galaxy. + - name: juniper.junos + version: '2.4.3' + + collections: + # Install a collection from Ansible Galaxy. + - name: netbox.netbox + version: '3.1.1' + # Install juniper.device collection from Ansible Galaxy. + - name: juniper.device + version: '1.0.1' + # Install junipernetworks collection from Ansible Galaxy. + - name: junipernetworks.junos + version: '3.1.0' + From cad085dab88036ca0d2394a8a302a254951379a5 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Fri, 26 Aug 2022 13:11:34 -0700 Subject: [PATCH 04/27] Update build_container.sh --- ansible-ee/build_container.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-ee/build_container.sh b/ansible-ee/build_container.sh index fafa542..403d2bf 100755 --- a/ansible-ee/build_container.sh +++ b/ansible-ee/build_container.sh @@ -13,5 +13,5 @@ # # ******************************************************** -cp -R ../network-roles context/ -ansible-builder build --tag "juniper/nita-ansible-ee" --container-runtime docker -f nita-ansible-ee.yml +#cp -R ../network-roles context/ +ansible-builder build --tag "juniper/nita-ansible-ee:22.9" --container-runtime docker -f nita-ansible-ee.yml From b8a532ee1fc1b0c564ff42f96da4d5468bb0267e Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Tue, 30 Aug 2022 14:11:42 -0700 Subject: [PATCH 05/27] Create README.md Initial README file. --- ansible-ee/README.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ansible-ee/README.md diff --git a/ansible-ee/README.md b/ansible-ee/README.md new file mode 100644 index 0000000..14d2622 --- /dev/null +++ b/ansible-ee/README.md @@ -0,0 +1,6 @@ +Files located in this directory are used to create ansible execution environment for AWX/Ansible Tower. the ```build-container.sh``` script calls ansible-builder, which needs to be installed using pip (see https://ansible-builder.readthedocs.io/en/stable/installation/). Ansible-builder requires python3.8 or later to execute. You can also build the container directly by issuing the following commands: + +``` +cd context +docker build --tag "juniper/nita-ansible-ee:22.9" . +``` From 0e9f25edae0e9465654cce5d76f70e54d48672b3 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Tue, 30 Aug 2022 14:25:41 -0700 Subject: [PATCH 06/27] Update README.md Added instructions for local registry --- ansible-ee/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible-ee/README.md b/ansible-ee/README.md index 14d2622..0781b1d 100644 --- a/ansible-ee/README.md +++ b/ansible-ee/README.md @@ -4,3 +4,11 @@ Files located in this directory are used to create ansible execution environment cd context docker build --tag "juniper/nita-ansible-ee:22.9" . ``` + +AWX requires ansible EEs to be pulled from a repository. For testing purposes you can setup a local repository. See the instructions at https://www.docker.com/blog/how-to-use-your-own-registry-2/. After building the container, you can add a local repository as follows: + +``` +docker run -d -p 5000:5000 --restart always --name registry registry:2.8.1 +docker tag "localhost:5000/ansible-ee" +docker push 533d90bda9f5 localhost:5000/ansible-ee +``` From 6c00c378af03bc0a8cd389142d2884a22508408b Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Tue, 30 Aug 2022 14:27:07 -0700 Subject: [PATCH 07/27] Update README.md --- ansible-ee/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-ee/README.md b/ansible-ee/README.md index 0781b1d..22e8fe3 100644 --- a/ansible-ee/README.md +++ b/ansible-ee/README.md @@ -10,5 +10,5 @@ AWX requires ansible EEs to be pulled from a repository. For testing purposes yo ``` docker run -d -p 5000:5000 --restart always --name registry registry:2.8.1 docker tag "localhost:5000/ansible-ee" -docker push 533d90bda9f5 localhost:5000/ansible-ee +docker push localhost:5000/ansible-ee ``` From 4676839b4daf0d6e2309dfbbb9f6f8493d9da4f7 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Tue, 30 Aug 2022 15:28:50 -0700 Subject: [PATCH 08/27] Update README.md --- ansible-ee/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-ee/README.md b/ansible-ee/README.md index 22e8fe3..d0c50c3 100644 --- a/ansible-ee/README.md +++ b/ansible-ee/README.md @@ -8,7 +8,7 @@ docker build --tag "juniper/nita-ansible-ee:22.9" . AWX requires ansible EEs to be pulled from a repository. For testing purposes you can setup a local repository. See the instructions at https://www.docker.com/blog/how-to-use-your-own-registry-2/. After building the container, you can add a local repository as follows: ``` -docker run -d -p 5000:5000 --restart always --name registry registry:2.8.1 +docker run -d -p 5000:5000 --restart always --name registry registry docker tag "localhost:5000/ansible-ee" docker push localhost:5000/ansible-ee ``` From 30bae9a36e326b6a7a3b0e42c04deb464a35c9f4 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Tue, 30 Aug 2022 15:55:43 -0700 Subject: [PATCH 09/27] Update README.md Added screen shot from AWX --- ansible-ee/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible-ee/README.md b/ansible-ee/README.md index d0c50c3..60f81bb 100644 --- a/ansible-ee/README.md +++ b/ansible-ee/README.md @@ -12,3 +12,8 @@ docker run -d -p 5000:5000 --restart always --name registry registry docker tag "localhost:5000/ansible-ee" docker push localhost:5000/ansible-ee ``` + +After this simply define the localhost:5000/ansible-ee in your definition for an Execution Environment in AWX: + +![image](https://user-images.githubusercontent.com/6110061/187557638-8b0e00bf-9cfc-4f53-9ef3-c97e7fdf0ad0.png) + From c92fccb5b3d87faf2afa08d7b8b97ca0dacb0435 Mon Sep 17 00:00:00 2001 From: wildsubnet Date: Wed, 31 Aug 2022 10:01:32 -0700 Subject: [PATCH 10/27] Adding sample project for AWX --- ansible-ee/ebgp_wan_0.2-wan/.DS_Store | Bin 0 -> 6148 bytes ansible-ee/ebgp_wan_0.2-wan/.gitignore | 7 + ansible-ee/ebgp_wan_0.2-wan/README.md | 34 +++++ ansible-ee/ebgp_wan_0.2-wan/ansible.cfg | 27 ++++ ansible-ee/ebgp_wan_0.2-wan/build.sh | 25 ++++ ansible-ee/ebgp_wan_0.2-wan/build/.gitignore | 1 + ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml | 33 +++++ ansible-ee/ebgp_wan_0.2-wan/dump.sh | 26 ++++ ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore | 1 + ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml | 39 ++++++ ansible-ee/ebgp_wan_0.2-wan/ebgp_wan.xlsx | Bin 0 -> 23182 bytes .../ebgp_wan_0.2-wan/group_vars/all.yaml | 48 +++++++ ansible-ee/ebgp_wan_0.2-wan/healthbot.sh | 25 ++++ .../ebgp_wan_0.2-wan/healthbot/.gitignore | 1 + .../ebgp_wan_0.2-wan/healthbot/sites.yaml | 45 +++++++ .../ebgp_wan_0.2-wan/host_vars/healthbot.yaml | 6 + .../ebgp_wan_0.2-wan/host_vars/nita.yaml | 6 + .../ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml | 30 +++++ .../ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml | 30 +++++ ansible-ee/ebgp_wan_0.2-wan/hosts | 15 +++ ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml | 28 ++++ .../ebgp_wan_0.2-wan/make_etc_hosts.yaml | 21 +++ .../ebgp_wan_0.2-wan/make_hosts_entry.sh | 22 ++++ ansible-ee/ebgp_wan_0.2-wan/netbox.sh | 26 ++++ .../netbox/netbox_device.yaml | 35 +++++ ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml | 122 ++++++++++++++++++ ansible-ee/ebgp_wan_0.2-wan/project.yaml | 42 ++++++ .../roles/mx_common/tasks/main.yaml | 3 + .../roles/mx_common/templates/mx_system.j2 | 62 +++++++++ ansible-ee/ebgp_wan_0.2-wan/test.sh | 32 +++++ ansible-ee/ebgp_wan_0.2-wan/test/.DS_Store | Bin 0 -> 6148 bytes ansible-ee/ebgp_wan_0.2-wan/test/.gitignore | 6 + .../test/resource_files/.gitignore | 1 + ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml | 38 ++++++ .../ebgp_wan_0.2-wan/test/templates/.gitkeep | 0 .../test/templates/02_box_tests.robot.j2 | 90 +++++++++++++ .../test/templates/04_connectivity.robot.j2 | 46 +++++++ .../test/templates/09_bgp_routers.robot.j2 | 37 ++++++ .../test/templates/resources.txt.j2 | 28 ++++ .../ebgp_wan_0.2-wan/test/tests/.gitignore | 1 + ansible-ee/ebgp_wan_0.2-wan/test_setup.sh | 28 ++++ 41 files changed, 1067 insertions(+) create mode 100644 ansible-ee/ebgp_wan_0.2-wan/.DS_Store create mode 100644 ansible-ee/ebgp_wan_0.2-wan/.gitignore create mode 100644 ansible-ee/ebgp_wan_0.2-wan/README.md create mode 100644 ansible-ee/ebgp_wan_0.2-wan/ansible.cfg create mode 100644 ansible-ee/ebgp_wan_0.2-wan/build.sh create mode 100644 ansible-ee/ebgp_wan_0.2-wan/build/.gitignore create mode 100644 ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/dump.sh create mode 100644 ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore create mode 100644 ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/ebgp_wan.xlsx create mode 100755 ansible-ee/ebgp_wan_0.2-wan/group_vars/all.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/healthbot.sh create mode 100644 ansible-ee/ebgp_wan_0.2-wan/healthbot/.gitignore create mode 100644 ansible-ee/ebgp_wan_0.2-wan/healthbot/sites.yaml create mode 100755 ansible-ee/ebgp_wan_0.2-wan/host_vars/healthbot.yaml create mode 100755 ansible-ee/ebgp_wan_0.2-wan/host_vars/nita.yaml create mode 100755 ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml create mode 100755 ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml create mode 100755 ansible-ee/ebgp_wan_0.2-wan/hosts create mode 100644 ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/make_etc_hosts.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/make_hosts_entry.sh create mode 100644 ansible-ee/ebgp_wan_0.2-wan/netbox.sh create mode 100644 ansible-ee/ebgp_wan_0.2-wan/netbox/netbox_device.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml create mode 100755 ansible-ee/ebgp_wan_0.2-wan/project.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/tasks/main.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/templates/mx_system.j2 create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test.sh create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/.DS_Store create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/.gitignore create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/resource_files/.gitignore create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/.gitkeep create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/02_box_tests.robot.j2 create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/04_connectivity.robot.j2 create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/09_bgp_routers.robot.j2 create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/resources.txt.j2 create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/tests/.gitignore create mode 100644 ansible-ee/ebgp_wan_0.2-wan/test_setup.sh diff --git a/ansible-ee/ebgp_wan_0.2-wan/.DS_Store b/ansible-ee/ebgp_wan_0.2-wan/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..6a4f45a46931c42187ec93b8468ae808e961be95 GIT binary patch literal 6148 zcmeHK%}xR_5T43{i^j;oM7{OmjROSyJD6+`58h1H=s}I{W{GUFZV9_c6fyf8`bNHh zuj5Qx2#8*dfex8|(`l#8eA%`P0I)_cr~;G#z(yssRb7V#$gyR4E#R^=oO)s0>dN3SXyKIW%Pr%n$Y}!!jRKcWZlPUa##9hedmHr+RdH_we*Qcp1LFDOwrcK~mN=j^G`Q zi5wr@ZXAjD9=#Nihb{=ry#>j{?KN-Nk8}K%y#*;{4(Z(HKF;u4=A*A;aZ#Tadv$Rs zFqs<$3vVJZ|+g)&`YFcpq| zuID)#GleP~m@Yn;-kIqNg~{DKMy z2AI`!n+;4!zpXRL(Ob(=?@&o-UZzlnV56U7Y0y)=g(?NdI2nkJ#!Ml4P|P0zNrPz& I1AofE7vt8~TL1t6 literal 0 HcmV?d00001 diff --git a/ansible-ee/ebgp_wan_0.2-wan/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/.gitignore new file mode 100644 index 0000000..e6866f3 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/.gitignore @@ -0,0 +1,7 @@ +*.pyc +*.swp +data.json +id_rsa +id_rsa.pub +test/resource_files/tmp/ +test/tests/*.robot diff --git a/ansible-ee/ebgp_wan_0.2-wan/README.md b/ansible-ee/ebgp_wan_0.2-wan/README.md new file mode 100644 index 0000000..5da1927 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/README.md @@ -0,0 +1,34 @@ +\************************************************************ + +Copyright 2020 Juniper Networks, Inc. All rights reserved. + +\************************************************************ + +EBGP WAN +======== + +Summary +------- + +This project contains the build and test for a simple WAN setup based on IPCLOS. + + +NITA support +------------ + +This project has been tested on the following versions of NITA: + * 20.10 + +The following processes have been provided: [TODO] +-------------------------------------------------- + +1. Build of all network devices +2. Testing of network devices + * Base testing of each device + * Connectivity testing using ping + +Documentation +------------- + +[TODO] + diff --git a/ansible-ee/ebgp_wan_0.2-wan/ansible.cfg b/ansible-ee/ebgp_wan_0.2-wan/ansible.cfg new file mode 100644 index 0000000..95d40b0 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/ansible.cfg @@ -0,0 +1,27 @@ +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** + + +[defaults] +inventory = ./hosts +forks = 10 +gathering = explicit +host_key_checking = False +roles_path = roles:/etc/ansible/roles +force_color = 1 +timeout = 120 + +# if set, always use this private key file for authentication, same as +# if passing --private-key to ansible or ansible-playbook +#private_key_file = /path/to/file diff --git a/ansible-ee/ebgp_wan_0.2-wan/build.sh b/ansible-ee/ebgp_wan_0.2-wan/build.sh new file mode 100644 index 0000000..abc23c2 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/build.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +rm -f ~/.ssh/known_hosts +temp_dir=$1 +build_dir=/var/tmp/build + +if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then + build_dir=$temp_dir +fi + +ansible-playbook -i hosts build/sites.yaml --extra-vars "build_dir=$build_dir" +touch $build_dir/ansible-run.log +sudo chmod 664 $build_dir/ansible-run.log diff --git a/ansible-ee/ebgp_wan_0.2-wan/build/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/build/.gitignore new file mode 100644 index 0000000..a90963d --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/build/.gitignore @@ -0,0 +1 @@ +sites.retry diff --git a/ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml new file mode 100644 index 0000000..828d05b --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml @@ -0,0 +1,33 @@ +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +- import_playbook: ../make_clean.yaml +- import_playbook: ../make_etc_hosts.yaml + +- hosts: routers + pre_tasks: + connection: local + roles: + - { role: junos_common } + - { role: mx_common } + +- hosts: routers + connection: local + roles: + - { role: ebgp_ip_fabric } + +- hosts: routers + connection: local + gather_facts: no + roles: + - { role: junos_commit_config } diff --git a/ansible-ee/ebgp_wan_0.2-wan/dump.sh b/ansible-ee/ebgp_wan_0.2-wan/dump.sh new file mode 100644 index 0000000..211813f --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/dump.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** + +rm -f ~/.ssh/known_hosts +temp_dir=$1 +build_dir=/var/tmp/build + +if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then + build_dir=$temp_dir +fi + +ansible-playbook -i hosts dump/sites.yaml --extra-vars "build_dir=$build_dir" +touch $build_dir/ansible-run.log +sudo chmod 664 $build_dir/ansible-run.log diff --git a/ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore new file mode 100644 index 0000000..a90963d --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore @@ -0,0 +1 @@ +sites.retry diff --git a/ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml new file mode 100644 index 0000000..e266751 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml @@ -0,0 +1,39 @@ +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +- import_playbook: ../make_clean.yaml +- import_playbook: ../make_etc_hosts.yaml + +- hosts: routers + gather_facts: no + tasks: + - name: Set ansible credentials + set_fact: + ansible_ssh_user: "{{ netconf_user }}" + ansible_ssh_pass: "{{ netconf_passwd }}" + ansible_ssh_private_key_file: "" + - name: dump config + raw: "show configuration | display inheritance | display set | no-more" + register: configuration + - name: write to disk + connection: local + vars: + ansible_python_interpreter: /usr/bin/python3 + copy: + content: "{{ configuration.stdout }}" + dest: "{{ build_dir }}/{{ inventory_hostname }}/junos_backup.set" + - name: fix file format + connection: local + vars: + ansible_python_interpreter: /usr/bin/python3 + command: dos2unix "{{ build_dir }}/{{ inventory_hostname }}/junos_backup.set" diff --git a/ansible-ee/ebgp_wan_0.2-wan/ebgp_wan.xlsx b/ansible-ee/ebgp_wan_0.2-wan/ebgp_wan.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..c0a962c04295127ebcf71fd40961c0a0358739af GIT binary patch literal 23182 zcmeIaby%ERvOSEuySuwP1b2529^5TB1Pku&?(Pzt;O>OrmY{*)^6O+~Zq9Hr_dDO8 z_nFf`LwCP>JukIa)s|JY6=gud(10L-pn!mYh=G*XWv-Hdfq-fOFHwP@Ky*axY@JPQ zonNcIwKsLrV{o^zCdvZ?p~?XQ0bKw0eN1q{r?KuKG|lGY98tnwU3)fB zV*DV7aO@%%D3p#OkB=Q#1)+{}EaMO4$~n%TeO=Mp-%Z!i#DjyeO_=2+yNZEuxUDQ% zP<&n|;N>I{QdTdY(HiQ9QH%&KrhM0&2r0|8VnhK$;!8`u2d)aEvfuMf*r%*>P0eRV=>3(&l)SLPdXad&P>&~}5*UU9X zyIOx2=D9bC91*-D2JWGZzR!?c_+W3y;cA<7f?=VZrkU5EJm}+edKR6oG^lerMC9V5 z)Iu!LMUJ;mzu96A{n1p0t4h1q;ZXsvpC8+#gTTime=G|$tbqnNdaWq$Kww`Oe5$&C z&Bw#pZ+)em%N?u}Y(KVG*KbelhJf0|`C~m27|R)}DhK;Mp#(uJWHSC2>VGf=0l4!zz*}Jf?)=)()Y^%W;m7meZv0>D zyMOrCE8^s2K$($(PXnHb$2xgeX-H=Bc&qwlfMM)Ba4#+T@ZCCG=d2DHcM2>e9k35p>^(V0|`&#~;HIimGcj>!8 zSjAReAOrccAC`-R`al4GtF8r?W}+jO_N6pp8M$uaE`IPjj^a4mz=R|euM=pVz)i<( z2M4EIwZ*81-Ebi(ZA_8qM2yx=%(C#83-&zq+(NRR8lREF(2;u*V^9K0?Z@ncQ>$rZ zWpVPLG|R;Csf~0sp4MyOdTwU#hSK^!+F=twfx2t8k3wT6QAque(N%Z zmta#Upg=%|kU&6)fGgas8Qtt0t&HsKtbUAs1#0Vd=}bsI*$vOYw=Q`GaWN2y>N08O znG4j~i&x|*juEI80pr&3gk^VKr?NQGGyKl<(r{O|0w3D%y)yKy!#-&-7q+4?_fiTt zrsS~f8e!+JuA^R~ajzi7#_7UfejylS4->*+c$vc5rQN= z?TEcl?E$lVX6KZJHd>N|0af-adQ#GwU&@ya2+e$bq%eT~t{xO6z}|q2jl_wcoWhAF z@uNA~xGlRV7wLtx1?hk_qc{I-*u)2ofMnU${PXYQ5tY)h6&&2iQqu8_owdRf+C1dd zhy%V2G?F0RG}hbp6v3GjvKdMzCo()1Xtt;7Vf5SUr-U@VanZ>lQfTlVU<5&0X2IRYhL&v16B1 z;5r+Q+8*O>kHTSXBQ%BEW6{-P;WM>;VovMcUD@=DUCdK$R>@Ic$5$fs=bnaZYqDu@ z35(4qxrcB`T+p^VrGLLLH8M*^S_5}n@9+*{u?3t1*@lyx7Bo9lG|6TEapv3Ch6kRH zKH6xeR(8#e&7K|2L;-ZE#~08ctR)zMO??3YoDUu!Kd91NZ56IQEbx)irV)Dj4OX0afYu{-xB~nfrbDA!U2K; z2Dr~Z2Aw}T(Z2>DV8A>QaP5Ehqa#7i_8k*a&~>5*FUOkjhWEQea5_39-M1{@Z+ z^^SvYi?@WTTo_s_?#^z+?zKQ9zg_e5m-Yitx+Zbhq(SI#!Q>)K7t*EG^V^dwv4est zlQ(Qo93XYx4xaU%{_;F+fo1qiBbnj&ez!x4B|2o>z*hR#CEKZ$H0t)u3x3Wgrr=z_kyM+f`tVgibjB z3Rg~!4Y-?J5PQrhC)iu(x^F$!pncZfOj-shW03I>!RJq@d`z+@>0=a3V}tjy3CyFF zY%~_R9xh2Ju#B|qR`=!${u1?9J$!UL*qp8j3;PXyrB99f^+1dte#vlHXbU(7$EbcWWd?KTIJH{+Bql4_3Kds)4V{>IKFE~qq{a16O- z?;_I`3X=CUV*7Ps&z&M8O*D>F;J9RM5eOk6b7REpslM*?;Tx&L!Qqz3aidaLH8hyG z`o|cX`>#$ItNL=38dj!+RjrXf)KWauJY1#UhQ}z3XECGug_LOpdKP}sLSw(pN^EFF zV=vzrRv(I^X-RA^DJ9Rxoh_lub7x5vC*M_D@<{+Dpw1ojrqi-2;@Z8o?OudAB!z=E$JgOAe6X^_<@KE^jP@@rV_ zvns<*)Htl^W7 zOv8*|As_Pus%K01ouvvJAiF*`zl%~}T?972^E3#LPnCVt1x>3&mZ_=JYf56tPSpA! zP+~btbE=daspL#5tsFjc3$7lRhM)`kyCwwueF-}f{gvTF-u)wD{cl9UI|egPEsP z?xL|9MT1L9U^tQ9So)4W;9W~kGFwFy0C=xh48s>46sUsmRRU;`fMBTv4#Zg|`g^3A zAfHjtp8l*2GJ;C$AX~{&*-?SmrC6Coxg%)B8I7?VJ>R&|@(R>5hg&v%I%U@mBP@mP zFNK(%a@!=9+S;N=DFaMdIpi&II2V!~Ez;Pl4&g1t0wgV2z4C@^_Ii@mKhW?-@UIxEbadiK{U*vaZFRh3u;qfy2*q_%B-C#XHUi4k9EA!?iPu?FkUiCX$` zE{4j5OqM=-8QAizMq_Dc851lA6AN2I(ryi6Rxnr94e|+tAsgwOOxj+G_ZL^!zLB_# zqNlE-Y`hq7KaD2)z9SQ1RmL1W7DU@#n#mZ7o1JhtiD4Zr@PVJ5zH)k{94`30f`z%N zbdZmQw5q7+isoI56#o{%cADiFsi>};+_4&j!}d6)uFAH9oETAQd`ngOT>VIYOA+AC zB3kOwxwV{n5BfW=ykGUVWZ+ytL2AgedWHwL4D;zUfF-LK6Ho*QvhW%*MNk@|=*ma7 zDv;IJZDRCsWj9ytnPs6<^r+3Jd`xMmgGqB`fI!+uy*MaA{03#Ub-UrF##+y^wZPVR z!&4t{b8aFRKwHkN)5#^P{T)9Q9d0KbT~`-XgS*(38>)v(JHXIO*4~Bvd)rfmY$aKz z7!w1kXn+lc&G+ic#ChkBKDmw`%PFXGR-nYh9&6EunywZ<3zE+yj4cQYy`9uO$wipR z$>L}QJ5z^pY4caky}BKm%SEu%X1yKi61>G0m6Sw4w^KRL4{VH)R<7zbK)hlEAwY9u zUlfzm8`t1FJ=v9A)Z6VFOh8+$I+e>FZC$dCN?xC>donbQ+TnGA(P-GP8WwSKGmU!H zh`yo_5(e75aW!=o#x8f(YS>e)cFqya6Ma##uHpQY-1F@fAmaXc#K%tq7KsO}FP8yv z`9H*DmY*?MRmX0Y3C%}h>y@VXR;5dv{-AK2#aA|FBoJnZ$*OI(g{`H!%qHBeE~g{s z!=@`k5=(DxfqmZf)}`fTbq@3KNc6IC2fiq#Eqawga}Dkfk8j!U{9;`i=q>WKv$j2L z&$Z64$HO#jxai--T1%pcIgyl_ zJ4DB%EgF=Rp+vlW1RKljPSqd#E|s1_~K{u&sKba>{g zS~;8^2huf1mU3_tgb(xsWwdR;Lw7vd7*#n9Cxpq2lK|XvLI%nRL_y!pYj9MB_nTIm zuq`3dPtnSJxHWP7OFOT6_CQk#s6t9a*BAL(?=15{Fn$uHCmB7W8wqQDIeN?%zb ze5?dM00SsmUBx$d%NfMNK;QkOa1$<6JEkg}iqtAJ=9rBEfqie-DRBTfaX3e~`&keq zk4v~$h8P$Np6qJRe{Udn(CaRsA31Ru7R7t{uEM-+>vgHt`-Qw@g-5@9Dcp z6&|uTrFe7XbXM*bTqX=S?;HygJUMm>e`pYv4DI|I7`^kq}_%? zN65$7L4-j_lcD!|b9+4l-L#%Q=hoE9Ai{WARUI%%qGH;r^PyPTS2vK^2a}>BCsGr~ zzwd-B;`N=?S*sPey$EI|I(;+7ns(HO#&K`)t5EE>C*g3>j^}`d-Jglf;C0mW|3PHd z-w}Bx$`)3tsB*Sn5UL-GuRUs3Go0~XL~fwgxn`=A{uhyNm&KdR2P#pu(Yf#`u^a}R z$>-|2n_pFnQ(|!|sEO%Ry8EBD_PyC%<-FBijX$gqe z){)}3K91uu=B~_(wH_vuG80wKwU3TjPBu7b!-#loxgb^Lg=q9vhX2ehlF2rNVp(Q` ztkEqKo0%S7kWQ5L!5eHqvhK*Ew4pE@W9xH)L_%(4kR8bL;e=cQp?h3_*0J;PM?YDQ ziIC0gI2GY#KWD7xaDy3Aqg&}fkds`B>ih&BtQrc>nnT(iGf+**?| zFxjmBBhAGd)hI}GkS9nKqybj405lZ8X+fjA!2VqEyM+GSk)s{x_aCgi)#3EMRnIX5 zIhO3QyUP!Lj8R&}tXy}uF>=IM5z*VK^G^;I*^6VQTGYN@gRsP7vTHeoW0|w}Bqi7g z$Tljd^y4HKAP47I@sJ7nSOR?eF8JNmOz4!>X6I$V@ihl*rcHJE5^U$!@`L&@7d4yY z(^59VeFxd~0q98!S`77#7T&1sQwKv0>xaChiHN zzQ2vg)}mn_ng9{mAFu}d4-uK|Cy~{Z{6Z)BRMHA>iH zyOwtm%Om05S#^Nl(1Vdr#e)iC( z6$iUyn2bKtA$k55i;+aOuK#+{u7`84hu87ACE?owy{=G7cWRvfaiQHuLY&=>92-;L zk?}VS>V-j{UpX+ys{6r`mId)5O+h+;-4)+yl67Dk2yGl3xl<^HaK(c`l{WuCeCsZ1oBTHBtDej;O6`RwDQ}K5z zMHtW(7Ys5Jcy<%sa0QX@*<0iI@Z8}eDAV&msil0RoTZDvimZ*ph8kF`?|hUJd?6V1 z2ci3@6cSWZRv#VAW=XU3JY5>qoCms;I#D8p&>8)7nX-Dszf`rhy-yrTcBiJljP|A9 z6yH&NHh>!pN^pJUukW0)_^Anox~$~`#uli_U*eu z8!&s3Y;95;Tevo6Ja4V8aAOxVbe=;BdjcE9n8bjjP?Ue8r7RfQoW>2 zC`zgIy{cqkrgMHinU1B=)^9Iy+A_*Ql&?r)WpXqxBGM%!!juTc?Kp!JoilsduAgGW z&8s&!{hkM=BkP;_cKMWr!}~A&Q&rPeN3&zGbCt&D^qM)LBMId`s?kGNrh`6DeDyk#Nehg@ z*T<=8cJf24+{Z>FMAr?BPwp7f+Do{}QLoU#w1h{;9?;q+BkYtxTThorV}ThPsP>zP zh!77xce?R$ScF2NM&v2u#y*$AefX}b;8)WMEfRr%>ep-xQi{jzPiuKVqG%LC1m2yW zG>4J!iclDf#HyoCofATsU9%aMkw{0=&{>dfHFWp@&v6YHJ6l8@KSm0kn5cFE8uoa~ zq7sQT!ZI^IILs86C6y!4RnQDRS0WTX$X9zHRdlEg;r+r&%+gtxwTL##YK(=kgu29# z3<|Lv51IDY)_w=4_SKlu^-v>7lc~@x`!+9QOkos@^dSsmo1C^N_g5-bdVru?-|AyhhvuDFa?TD?2DHHLeB zDiJnMdf41D^IHVlyN$S=1k4trgV9C%(Ax}3Ymzv%2^hUt$s{HC^Kx>=`6zk?eUW69 z+Zq~1l-OiJ=56dng(S3mzQc6}7~(@Z(6#g$In;*Ov&F#Y1zRku>d1r(Q5f>QHsG;> zuvUgwB*?kLS*2CaYHWt-l2=3HU<4&;cCge(N3Cg)bqlz|4A&+UdUah}hd|HpO{(apcaW+?u@V!Eh3H^WFexhc zeO__|c;U#NbK+sP(PQfQfU?N3TZ9Y=%SI5!?k75^6418VNp^+rj(+KS5pjt#B+n|? zy_GtoXpAP_<|$a^4wmJM88sf713f$;22(vM6rABxjzIqw zHLWlG@x761$R*y;5~u@6raMuHppAAhZzy07BW9WuohhFHeb7T(41eY;H|v(a=tRUE zaV+ciS^S-ZuqKV5+AJld5YgQHUQi1j8orn$6%F1YYV?`}J}1M9C>YA=d>%4KjS$GK zvNOSqwu}>^VpUxaHLS1L=q{2wXpb!jhpp(lh7OAZ2#(U=))`r?Obe_uUt)&zFkK`k z_0|Y5B&aeN)#&um=M9x@I?45F>{J=ta}@{oYM8+z8O91KqT-mlnxC z`C?g53W0Vz5non;Qbuof7<;JY#U;spK7Z5VDvAX?yjf(-$OWnkQ%b&zlTW^s4em8W zLC(3K**aj6g?CqHH=*-3eFe1)=WZ~HJ3=hY_Vufojt90To0}eivlKHg3ht)PDw{6# zkc(us9%2qQZEAg{!l_Q91J79gft_xw`0d)Er!uaG->xq->I7j-0A9HFpS_Utw_Z3> zSR*(O^1=&~e|n)vPJfYVWOtOphl}Ox$#e3yPbSpb%%v?ukX+VaShai@(3AV1fU#=t z2!yoIB5O)@$J&oDwKuu%`ZTXG2GO!7MZ7zv99Z96?-E++Jit_yU9`vXh6R-+A1BRG zUX>VIu0ka#&J4*}Qv7X{Oz;OU_>h!w_pw0|eKWd6^7kgx^GrUC8$o4DbvNwJ*olav zTXYy&z-TI2j*sS2%p+S*$9$M^@+woE&^m15xX@h`50mA#6>Epo+qG!YW6q!{Qru=5 zKGBy@k#4e8Pa4yK^d!q+=|Cr?X?D2EOP?LsuTA#t$i5y8jX4iL#ZiJja4reFQ4A@9 znh1!Z{xMuJNpp!Vl?ca;L)_3DDYT`)k*2@u;?^mDb2?P8tr`k>v5CRgqt4q zicESbf^RY2|-ZwJi5 z0hNVjh#8w9h;}^UMLD^bkez^F(|PjDm5L4UyUWa%O00n0>?K*$G(+PCJ%A zplPMeU|FgrL_^=$fYpjtmBb@K&riu9VV9i=$-<+LJ?J4U4$e){S7>i~!?dRDam#d1 z%|8Xw-bhIX_(%qvyJ(=$z7fx{A^rRO$#x0j^*1=$>+OJvWloxXJ`E~U)}^ulam+26 zQPc`+bEPGlw=`^c%2zJHiwqE+u2Vo~vQT>L8{MoKZnBK9s#5{OyiZ`w_*{yCJN7+w z*JZ#Afpc+=k<%bY3LpXn+X3mu3%UgC(bqQ1oF6+nL(@x)1_nyLvc)V*+) zSsn~%`SPf_N2xA?c?-Q|yqQC+FWG9I_*=t*vTJ z32}#sZ%u!_{V-`C+~#pCG%`hu9QUmPU6oM-M6@nOf-PL9C)4M2#>20mS1S;EQj#_W z30rs7>$$VsU4)#B9O~+gBWQDgXsMU6saSAL#I9*pJltpaR>|4`3FK-~5JKR!gvtta zn#e@7Svo;%dH}vhBebAWyp>sys|kWW7@!H z?{Ac{`4oYTG-=$YVQBUMy{NC(gF8S`lypRY{54gfwt5LEQXO6a8PQC(yi@yP7zaaQ0mqI6I#R$85S#3+`=E(tvi@snay59|TKo2$0)mg8^06*M5H%B*{3Lm2h@LxSl&p2|N zY|t^-dEFkr@%4FRzS})UEQCF6&?%j;7D z&kY?A#E~-rx%Z;YL&z)p)CXp8+tTt7TVA|(&_xpn89+9OhgH&e8jP5__FpKZNC zMCEL>znHaUrFQ&8Z*Fg__&W!;b8HM!%GpZ^qWuXq`r^@<&hGOr>9)7IHpJQK+8K-kFm*& zEFtbd38UrnS9zW3otTCCK)l+pE^R+m-fFqO6t)i;jFP+nnzkFvD_N0$l(V>MGa92( z-F6#r_u#SVnck6kpNUHDj(zf4)4lneYn2q~YdGX&d)s~03B>blTRUCyq_)jII7Zse z+t=1@JI)sId<7BsCD5dtg@^Ivco<5E7;>O?MJ>xy36y7zR3``w7)wV&0p-yp(g-LS zBGG#6q_62clbKdiOnQL9vy8Q&{YXU|Jj-Y?-$!S-q?!J(U|fYyTw_zYh0$q!j?6rmp4 zjBLiW+38}AKJ9x@nUTI%xhNxAvzQx(+dZ~_W`}~_(MUetC|!XY-8mlV47yZ_N332_+uVQFiVoYpwtTs z#8^)p)ZI~4R>Ss^!fLLr76YG@umqK)Z#9t}Vnij(y9bR3-`%^E1PCA}+VdLH1o-%s zv)R~OjL=Vr%_K6`z)e&cCsDRgHS>rSr&@1PM89E4p`@)uMs&Uyu}$FZqM_Jjlmz7T zJWr}l??dZiR*0>D5`Wr(iEsvNMKP%M=ECek!+U}-w8|d)nfrg$bcYuLzaHM}A_}?d z8t0bjD`1!Pw#*)sROE_QC4pLgS7(xUie@ywbyP>DB{U?eDy5sMQwzBhQ}dz9AKtqO zlFDC^bH0EI6vB<=>C-;RJBV6a$EVWFXt}+MCdfA48v3L)-$DHXb(*`v{G3Dndszi` zTF7edrOCH*D`AZ}=a!FS5;h3Q0+P@E7tvuc%Y>Ad{ww?UiaN*-3kIvSU`pP@90Zb> zk~##CQ(VhpxUy*pHkx54SG}uLEwKzdYuK-cW;hR>CoPV&oc8LR9M8Y6?cYY|X)e{e zw9bA{!HK&v3Hx$o&NGDdG39mR$Sc0{9&h_g4&C$U)VM3lXJFm)o&-Z*GQXYX33eUM zXTT1|pEsm;KZW;2049vYfC(e~KZYeI=eO3TPCsUe1?oD{>0D?&)eX-*-+24TiRJQQ z%A_DlmE9U=WD7s=7=$){ATl-^uDV3WykoYwwlcbq7|Uda)E~-}_`{ zmJof9EGr3Q44MhRa-T1Jt&tYj(Ig#kuY^SBC6v;i8Pqsb#Y__VR9xC2`#ucI)g&Xe zzCI{+Xdzp=l#ScbZzb3%E|)|10IJc$eyc#?0V>Htt-SY>pWbV9@X-U67Fyrkcnm zY>kPk`ng>l1_TkKwzE~u4R&L$evy;&eTe0;+>_~~v_MKA3qMB$E(K%h9Wtow_h5v3 z|94-B0#TtDEEk!P+&@R@Z3oxXQd(TQq=@^`6oXr|w03#Pp0zy1?^Pg|k5+XpzhjvY z4fy!|4R3dE5IL~+juZR^U?*!D?xuaM^EJNh?2rybdm(4`^peg%`#a3Z>-IikJ>Zag zyZDO-PI;&6dti99iADAh*4NiPSHzzq>%bKBd2VbqL5`@e)Eb}!1`Rg~>xnM+VCycE z!nKYH9kB2*F4k-^22qdBaTOlB5&KS_djg^tgP})K@f_Jr%xQwidcG$pUd@`OchYZ$eW_3n`ja5u5HBcXxy?r+WmKhZ~i} zICPaX83z`bd=v2$D${|1ZzfkyYvG;w*wevbVNJ?4@ylt4%iFW3UAzk`NCz<9ELIVR zzEQ?{92NOIar~$;bILAr8%p%XYqa9DYfNTs920RnOea*BtjZ%oSQ+hHDX~IlU65DS z?Qv%Hv&Q2J(c>1RjoeY=hYr@+oK^v@V|qH%u4fp@(g@xk@}xgD*yOVxYipcFH@_W7 zY{wCy{EpJpvGBa6uu4-p*58+~e@_ZbA z(`Xp9~GE=4nrZTo%X_0!NMpL>#^oNl1 zGUIHqd3q8%7ON=QI3KpmBFT+#Ts=3~Ln;iwJ~J9(cKQ(0W#qP)6xKrVP;)tg%ZCnm zo`XYZCvjOV8W97{_;Xt7D}%DMBGrj|x;+~BIVG#kDSDO}=`M9{vp(UNvT_o_Fy&n#XMz=G83Q3_FHgy%w>WIPsJu~FQBCm~HdBnIVhr9dvsp(oF*$zkvS!G|Uf_Ix~S=D1mXWrNTZVo@I^Y&cU%$tl!^Bu<78>!HZ}iP-5crKV zi|aFQjzpQ)Y2xwo7+JJYVbG;hiX|n0XBzVtLR!b3oMO)VuoyZiewM5yRWhdd9Jl+> z{bsZhwJEwU7_>YI=cA&YM!fReO#+?sg6T2@aW}BeJORg;ifHE^{T+`Y=mlIn@%vd3 zjbNp_bvQ4lZA6GM@PoEJ^)*pEBBrFVlL?mQ?MwqfIMvDQ%V>rR=&-8&on^e&&sq_vR?Y@EsP=)>%b zCr61>!bHNwJ!Ln$$m7d@ z8PN9q!tZ8>jaZE$z-w(A)pF5BVwN_1tf(!U8ZbtRQ!p`#5S-UJq-xrxAsNIg5*{oI zouoG^)0EtQ6I^=C^lgRMoX4}f;SF#n#6tgR!ZAEFpUEuj!9o$?A#cla)`^1}9E4$c zCjZ8MS2soPT@w*#jcoOp2OzF$%*rmk3Mg2 zJ!n?-brBH};v_cL{0LUEGK7=gWIsrPT0hHt}hrz*-UZN9yR zY+#gcJf++5)_BLmudMZS6y;6GXPe(OA^B}GP>MUoKp;<&dr0i~o1c-;SGTJyD{lm_ zBAc<%i!12gO$AZ==}>$BiUoeA+WgA`mVHb}qNhO*@0L8tctaG!$X`nnFH$@LiRrKA zT}hiali%JSECmWj^%;L=((~2A{2m@;OafbJD@Yu~CYna)l_}6voukPI?;{n6Q8hHx zJ}z_pK0H}_i`z_nUf9|YW7uxcKE>gCg^GBYiLB{&W#d%YtIbsfb62@~&fRLzPnjzC z5U{&U4LS0Qy2;t?vs{CIr_>J>KTI%89%sOvC&@pgc03vgFoDEXirXC?bi~)OH77T~ zocGVOVYXc8xW8nApGg}3ZUXCPpWTWLLkT8_eE}@^ z_|pV$MPfZ-%2yJ9uz+1>pYjnIT6QsQ;Nk>Oeeh=!h$JEB|0NUrl=pvYf`tF$CNQ~R zBl$}v_^JB-)&x`k$4wxsP2=&GOz>0F`*#!kBNh}xs)X(8N)!Ev1#16@1)RiB_Xq!S zgz~b{mTx`PvF)&QHn%a~1P$?-3`;8?l!h)81 zsp3BW!x26Ps!9@G92NBQrR+RJ<4$#`tJ!?BgKVHJ=5fRL*2?SG#!yQ4eEK6C`iT0b z$L>T!$2$`BcnQTi#)Plz0uKZ%=roNtKK%@bU*6t>{mv1rULoH1{grU|Q&9PL6Z|t4 zgfxMTwgw7T+1vq_btH)$B~IDOTwKrBas&~CeC#k>nZ4#KWu(JH)mr)rfflFWU0|^J z=(^nLXXG%~PK~VXPSjVrYP+J5kuir7&0JrGVFa5mDS-2HM3BcWjU!H6mWm`#IeJ(F zXA3EM%d*=H+7_gu=Lx&Jaw@b&(8}<9D&L31pB4X{@zVq{WIf-4Nxlzf{@RZ+q(27(inr}2MSua(3l<3INA(||(!w6FzHl~mR55jS{;|+_`I?!* z$intWT}DP&3F&F#ds20G`5kGnamff5?_f}F0QDJ z+8@3)-zK@=(`QbExeUYNPUartkG9(zvp1vgr%iBpr;?%gjr1K_927|~QyvuYXe*w^ zgnf@*U2%58i8{P0{|88La880wWR3T6s3B=%Ls0$5*j${cuPY_w#O%%&agMF_D|d`C zl?=1;;$Jf!ZUHqeWujQM@v8gn1vIK&fF#Q#eM$lKUa(u2xPRkm-0x0`>+e(L;fIN% zMp}K?4N>V$K2`^93bs=(?`5cC37N3!HlHmTGsTQXMmy%pFinv-cogK(`9y2<$*W#0 zV|9wR9y=v4`*|JJsa`q3{!RBzlKM3M+8Z;lv@s3Vx>J9WDEm=9`|%Myv&SrfFj9Z- z9i?sp*JUfPWvhz%uUJud_Re(;6yTU<;3`)aS6mN`(lKs(&vrGkpdVw4!F_madD}iF zI7X^lV!wIcTyrDXhQqtFzd3%iAm3KA7Idx@_at>jil(n1K0cuw5?41~m?Ho;i$gzOqRQ|4J2dqLP;*@0in9zdO z!JkEjJ=2SDzX-2xCh&73RZx8h+OehOu#jYFfAXAlEyuqj+9BuO_sMXQYU3NBxdAaA z)iwqlV|GVo#-g{)@EaQ4kv=P2O_J0ZkI>I zbDwQs=^MYK8R@B_{-*_Tmi=n85cchCYe=s5+qiT+%sqI0_)K%8$eA$#(URUwYKTa9 zBH$whQaMLg^F7RpfeX{ZJk3BCe%4Ad z))Wy4VK@T$#K`K=X02vE-}`tjvi|GEtuny{oq}Ew z!s&$!+Hy9C5Vd2i!1G&c`W37(8a|`5tq&jD%52g^GPi# zz_IqnsI@UJcFYBjT2w5qDr@NVEOw>Wmancm;u+x2r?2fe%g@EaOU8e$wm4Lslu$^2 z7u_B7u+upW!zHifHA}c-z^3H9#rKB5aaGNPUZ*JTkfp@bAOO zwt7XHT6q#}>OFrIMDRGc2D)v9wI|kUOJsn3!5VBzHx!cc&cGwS9l|zn*e9zjM&zRw~2r8y40-?ZrVmn$_l++ge`)8?|{Db#;7gCI%BgVI>dTL{p1r zyhzvOw|rbcofyw7e0Fp3#P-CSt^oz1`8I9LgL@k7Ds|-dOge95WTEvoBHln#P!n7C zBwa7B-9f^%T^I+0km}eyI$WGJ+!M)|yOQm7$j+k45aGZwP$fyJ8lr$ACs6Xd&s$p= zsslcLe%01-_yM6RyZs5M{)}a^SEK2fnF;^_znk6=nV%;NK5_`y;@Q z@#7Ci!M$ww@(8S7O+f&%6kwnEk7xP3Z2a#B0R3tT1SAAVV*@n)561z$#Cdtt%P*vC zxc|9{KOOw?66NLL1iw&NQGSc^Q$Kx)^0G4g7s>-5!RMa_`QyF(lptTCye!N8g)#u( zz;94~s(3F^UKTw5LaD|1Ey_?O*}im+cO3;4f9`KcwnM0r`!@(V?m__ruO<(QW! zFSGA|p{y7eW%- zOB?()Q{g4xOR4`CU<&*H0{Bb#e+l?fIR6Eh&hfth{*uvO0=|@?e*tE3{x5*PMCq4+ zFGby7fVo`%3*aw__a)#0r&p`_)9Q-3HVZQ`~_Id^S=Q8k{@3JzLa!+0hR-@ z3IW03uV{IH9W;smuYmqkjs7~Q|Es?O`ct3y>!8*`e+BgCPWWF3)e!kBpg;Fq|2n9! z*k1wtxx4q*LFpy_3h2*$q?e%ozDMzkP=K0WDIlOf?O42Q{_l&+KQ_;j`9t%6E;V1a n{`VRBA6qBO|Dm<<|IF7FWxxRyS3p37fUi?P@&0?IAFuu&tueDa literal 0 HcmV?d00001 diff --git a/ansible-ee/ebgp_wan_0.2-wan/group_vars/all.yaml b/ansible-ee/ebgp_wan_0.2-wan/group_vars/all.yaml new file mode 100755 index 0000000..6c39350 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/group_vars/all.yaml @@ -0,0 +1,48 @@ +--- +OS_dir: /var/tmp/ +OS_package: +OS_version: 20.1R1.11 +autonomous_system: 65200 +build_dir: /var/tmp/build +final_push: 'False' +gateway: 100.123.0.1 +junos_conf: '{{build_dir}}/{{ inventory_hostname }}/junos.conf' +leaf_type: server +log: '{{build_dir}}/ansible-run.log' +log_dir: '{{build_dir}}/log' +login_message: '***********************************************************************\nThis + system is restricted to __________, authorized users for legitimate\nbusiness purposes + only. All activity on the system will be logged and\nis subject to monitoring. Unauthorized + access, use or modification\nof computers, data therein or data in transit to or + from the computers\nis a violation of state and federal laws. Unauthorized activity + will\nbe reported to the law enforcement for investigation and possible\nprosecution. + __________ reserves the right to investigate, refer for\nprosecution and pursue + monetary damages in civil actions in the event\nof unauthorized access.\n***********************************************************************\n' +loopback_subnet: 10.52.100.0/24 +nameserver: 100.123.0.1 +netbox_pass: Juniper!1 +netbox_site_name: WAN +netbox_token: 8a099878e119b9e230b20cba3a091a5e9144bd40 +netbox_url: https://100.123.35.1 +netbox_user: netbox +netconf_passwd: Juniper!1 +netconf_port: 22 +netconf_user: jcluser +ntpserver: 100.123.0.1 +password_hashes: + netadmin_user: $1$a31gJmWG$h9ohikT1ajySf/tVH.gmv1 + root_user: $1$DbZ1Q3pj$s48cZytjsmSJRUJAf4LdM. +route_filter: 10.32.0.0/16 +routing_options: +- destination: 100.123.0.1 + static: 0.0.0.0/0 +snmp: + communities: + - name: public + contact: mtighe1@juniper.net + location: JCL Labs +tmp_dir: '{{build_dir}}/{{inventory_hostname}}/tmp' +vm_passwd: Juniper!1 +vm_user: root +wait_time: 800 +xml_dir: '{{build_dir}}/{{ inventory_hostname }}/xml' diff --git a/ansible-ee/ebgp_wan_0.2-wan/healthbot.sh b/ansible-ee/ebgp_wan_0.2-wan/healthbot.sh new file mode 100644 index 0000000..7bd55a5 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/healthbot.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +rm -f ~/.ssh/known_hosts +temp_dir=$1 +build_dir=/var/tmp/build + +if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then + build_dir=$temp_dir +fi + +ansible-playbook -i hosts healthbot/sites.yaml --extra-vars "build_dir=$build_dir" +touch $build_dir/ansible-run.log +sudo chmod 664 $build_dir/ansible-run.log diff --git a/ansible-ee/ebgp_wan_0.2-wan/healthbot/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/healthbot/.gitignore new file mode 100644 index 0000000..a90963d --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/healthbot/.gitignore @@ -0,0 +1 @@ +sites.retry diff --git a/ansible-ee/ebgp_wan_0.2-wan/healthbot/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/healthbot/sites.yaml new file mode 100644 index 0000000..eed1342 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/healthbot/sites.yaml @@ -0,0 +1,45 @@ +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +- import_playbook: ../make_clean.yaml +- import_playbook: ../make_etc_hosts.yaml + +- hosts: healthbot + connection: local + vars: + ansible_python_interpreter: /usr/bin/python3 + tasks: + - name: Delete local healthbot configuration file + file: + name: "{{ build_dir }}/healthbot.conf" + state: absent + +- hosts: routers + vars: + ansible_python_interpreter: /usr/bin/python3 + connection: local + roles: + - { role: healthbot_config } + +- hosts: healthbot + gather_facts: no + pre_tasks: + - name: Set ansible credentials + set_fact: + ansible_ssh_user: "{{ vm_user }}" + ansible_ssh_pass: "{{ vm_passwd }}" + ansible_become_pass: "{{ vm_passwd }}" + ansible_ssh_private_key_file: "" + ansible_python_interpreter: /usr/bin/python3 + roles: + - { role: healthbot_commit } diff --git a/ansible-ee/ebgp_wan_0.2-wan/host_vars/healthbot.yaml b/ansible-ee/ebgp_wan_0.2-wan/host_vars/healthbot.yaml new file mode 100755 index 0000000..4865c62 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/host_vars/healthbot.yaml @@ -0,0 +1,6 @@ +--- +management_interface: + int: eth0 + ip: 100.123.0.19 + mask: 16 +vm_user: jcluser diff --git a/ansible-ee/ebgp_wan_0.2-wan/host_vars/nita.yaml b/ansible-ee/ebgp_wan_0.2-wan/host_vars/nita.yaml new file mode 100755 index 0000000..68fa325 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/host_vars/nita.yaml @@ -0,0 +1,6 @@ +--- +management_interface: + int: eth0 + ip: 100.123.0.16 + mask: 16 +vm_user: jcluser diff --git a/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml b/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml new file mode 100755 index 0000000..c62c4ed --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml @@ -0,0 +1,30 @@ +--- +core_interfaces: +- desc: '*** to dc1-borderleaf1 ***' + int: ge-0/0/0 + ip: 10.32.6.2 + mask: 30 +- desc: '*** to dc1-borderleaf2 ***' + int: ge-0/0/2 + ip: 10.32.10.2 + mask: 30 +- desc: '*** to wan-pe2 ***' + int: ge-0/0/1 + ip: 10.32.1.1 + mask: 30 +healthbot_device_group: wan +loopback_ip: 10.52.100.1 +management_interface: + int: fxp0 + ip: 100.123.1.0 + mask: 16 +underlay_ebgp: +- autonomous_system: 65400 + group: IPCLOS_eBGP + neighbors: + - asn: 65401 + name: 10.32.1.2 + - asn: 65506 + name: 10.32.6.1 + - asn: '65507' + name: 10.32.10.1 diff --git a/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml b/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml new file mode 100755 index 0000000..c3208fb --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml @@ -0,0 +1,30 @@ +--- +core_interfaces: +- desc: '*** to dc2-spine1 ***' + int: ge-0/0/1 + ip: 10.32.12.2 + mask: 30 +- desc: '*** to dc2-spine2 ***' + int: ge-0/0/2 + ip: 10.32.2.2 + mask: 30 +- desc: '*** to wan-pe1 ***' + int: ge-0/0/0 + ip: 10.32.1.2 + mask: 30 +healthbot_device_group: wan +loopback_ip: 10.52.100.2 +management_interface: + int: fxp0 + ip: 100.123.1.1 + mask: 16 +underlay_ebgp: +- autonomous_system: 65401 + group: IPCLOS_eBGP + neighbors: + - asn: 65400 + name: 10.32.1.1 + - asn: '65520' + name: 10.32.2.1 + - asn: 65521 + name: 10.32.12.1 diff --git a/ansible-ee/ebgp_wan_0.2-wan/hosts b/ansible-ee/ebgp_wan_0.2-wan/hosts new file mode 100755 index 0000000..3da9b88 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/hosts @@ -0,0 +1,15 @@ +[all:children] +routers +contrail +build + +[routers] +wan-pe1 +wan-pe2 + +[contrail] +healthbot + +[build] +nita + diff --git a/ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml b/ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml new file mode 100644 index 0000000..ac03c15 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml @@ -0,0 +1,28 @@ +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +- name: Creating build directories for each host + hosts: all + connection: local + ignore_errors: yes + vars: + ansible_python_interpreter: /usr/bin/python3 + tasks: + - name: remove host build temp directory + file: path={{ build_dir }} state=absent + - name: create host build temp directory + file: path={{ tmp_dir }} state=directory mode=0777 + - name: create ansible log directory for config diff during push + file: path={{ build_dir }}/log state=directory mode=0777 + - name: create ansible log file + file: path={{ log }} state=touch mode=0666 diff --git a/ansible-ee/ebgp_wan_0.2-wan/make_etc_hosts.yaml b/ansible-ee/ebgp_wan_0.2-wan/make_etc_hosts.yaml new file mode 100644 index 0000000..b205f94 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/make_etc_hosts.yaml @@ -0,0 +1,21 @@ +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +- name: Creating /etc/hosts file + hosts: all + connection: local + vars: + ansible_python_interpreter: /usr/bin/python3 + tasks: + - name: Add host to /etc/hosts + shell: bash make_hosts_entry.sh {{ inventory_hostname }} {{ management_interface.ip }} diff --git a/ansible-ee/ebgp_wan_0.2-wan/make_hosts_entry.sh b/ansible-ee/ebgp_wan_0.2-wan/make_hosts_entry.sh new file mode 100644 index 0000000..87899e2 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/make_hosts_entry.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** + +HOST=$1 +IP=$2 + +if ! grep " $HOST$" /etc/hosts >/dev/null 2>&1; then + sudo bash -c 'echo "'$IP' '$HOST'" >> /etc/hosts' +fi + diff --git a/ansible-ee/ebgp_wan_0.2-wan/netbox.sh b/ansible-ee/ebgp_wan_0.2-wan/netbox.sh new file mode 100644 index 0000000..705ac52 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/netbox.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** + +rm -f ~/.ssh/known_hosts +temp_dir=$1 +build_dir=/var/tmp/build + +if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then + build_dir=$temp_dir +fi + +ansible-playbook -i hosts netbox/sites.yaml --extra-vars "build_dir=$build_dir" +touch $build_dir/ansible-run.log +sudo chmod 664 $build_dir/ansible-run.log diff --git a/ansible-ee/ebgp_wan_0.2-wan/netbox/netbox_device.yaml b/ansible-ee/ebgp_wan_0.2-wan/netbox/netbox_device.yaml new file mode 100644 index 0000000..4201e8f --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/netbox/netbox_device.yaml @@ -0,0 +1,35 @@ +- name: Device + netbox_device: + netbox_url: "{{ netbox_url }}" + netbox_token: "{{ netbox_token }}" + data: + name: "{{ inventory_hostname }}" + device_type: "{{ device_type }}" + device_role: "{{ device_role }}" + site: "{{ netbox_site_name }}" + state: present + validate_certs: false + +- name: Managment Interface + netbox_device_interface: + netbox_url: "{{ netbox_url }}" + netbox_token: "{{ netbox_token }}" + data: + device: "{{ inventory_hostname }}" + name: "{{ management_interface.int }}" + type: virtual + mgmt_only: true + state: present + validate_certs: false + +- name: Management IP Address + netbox_ip_address: + netbox_url: "{{ netbox_url }}" + netbox_token: "{{ netbox_token }}" + data: + address: "{{ management_interface.ip }}/{{ management_interface.mask }}" + interface: + name: "{{ management_interface.int }}" + device: "{{ inventory_hostname }}" + state: present + validate_certs: false diff --git a/ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml new file mode 100644 index 0000000..b87abeb --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml @@ -0,0 +1,122 @@ +--- +- import_playbook: ../make_clean.yaml +- import_playbook: ../make_etc_hosts.yaml + +- name: "Create API Token in Netbox" + connection: local + hosts: nita + gather_facts: false + + tasks: + - name: Bash script to create an API Token in Netbox + shell: | + HOST='{{ netbox_url }}' + USER='{{ netbox_user }}' + PASS='{{ netbox_pass }}' + KEY='{{ netbox_token }}' + + DJANGO_LOGIN=$HOST/login/ + DJANGO_API_TOKEN=$HOST/user/api-tokens/add/ + + COOKIES=cookies.txt + DATAFILE=curl-data.txt + + CURL_BIN="curl --insecure -s -c $COOKIES -b $COOKIES -e $DJANGO_LOGIN" + + function django_token { + echo "csrfmiddlewaretoken=$(grep csrftoken $COOKIES | sed 's/^.*csrftoken\s*//')" + } + + umask 0007 + + echo -n "Django Auth: get csrftoken ..." + $CURL_BIN $DJANGO_LOGIN > /dev/null + + echo -n " perform login ..." + echo "`django_token`;username=$USER;password=$PASS" > $DATAFILE + $CURL_BIN -X POST -d @$DATAFILE $DJANGO_LOGIN > /dev/null + + echo -n " create API Token ..." + echo "`django_token`;key=$KEY;write_enabled=true" > $DATAFILE + $CURL_BIN -X POST -d @$DATAFILE $DJANGO_API_TOKEN > /dev/null + + echo " logout" + rm $COOKIES $DATAFILE + args: + chdir: ~ + +- name: "Create Site, Roles, Types and Manufacturers" + connection: local + hosts: nita + gather_facts: false + collections: + - netbox.netbox + + tasks: + - name: Sites + netbox_site: + netbox_url: "{{ netbox_url }}" + netbox_token: "{{ netbox_token }}" + data: + name: "{{ netbox_site_name }}" + state: present + validate_certs: false + + - name: Device Roles + netbox_device_role: + netbox_url: "{{ netbox_url }}" + netbox_token: "{{ netbox_token }}" + data: + name: "{{ item.name }}" + slug: "{{ item.slug }}" + color: "{{ item.color }}" + state: present + validate_certs: false + loop: + - { name: 'Leaf', slug: 'leaf', color: '2f6a31'} + - { name: 'Spine', slug: 'spine', color: 'cddc39'} + - { name: 'BMS', slug: 'bms', color: '607d8b'} + - { name: 'WAN', slug: 'wan', color: 'fc03f8'} + loop_control: + label: "{{ item.name }}" + + - name: Manufacturers + netbox_manufacturer: + netbox_url: "{{ netbox_url }}" + netbox_token: "{{ netbox_token }}" + data: + name: Juniper + slug: jnpr + state: present + validate_certs: false + + - name: Device Types + netbox_device_type: + netbox_url: "{{ netbox_url }}" + netbox_token: "{{ netbox_token }}" + data: + model: "{{ item.model }}" + manufacturer: "{{ item.manufacturer }}" + slug: "{{ item.slug }}" + state: present + validate_certs: false + loop: + - { model: 'Switch', manufacturer: 'jnpr', slug: 'switch'} + - { model: 'Server', manufacturer: 'jnpr', slug: 'server'} + - { model: 'Router', manufacturer: 'jnpr', slug: 'router'} + loop_control: + label: "{{ item.model }}" + +- name: "Create Devices (PEs)" + connection: local + hosts: routers + gather_facts: false + collections: + - netbox.netbox + + tasks: + - include_tasks: netbox_device.yaml + vars: + device_type: router + device_role: wan + diff --git a/ansible-ee/ebgp_wan_0.2-wan/project.yaml b/ansible-ee/ebgp_wan_0.2-wan/project.yaml new file mode 100755 index 0000000..12c97af --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/project.yaml @@ -0,0 +1,42 @@ +action: +- category: BUILD + configuration: + shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" + -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 + /bin/bash -c "cd ${WORKSPACE}; bash build.sh ${build_dir}" + jenkins_url: build_vmx_wan-wan + name: Build(wan) +- category: BUILD + configuration: + shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" + -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 + /bin/bash -c "cd ${WORKSPACE}; bash dump.sh ${build_dir}" + jenkins_url: dump_vmx_wan-wan + name: Dump configuration(wan) +- category: TEST + configuration: + output_path: test/outputs/ + shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" + -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 + /bin/bash -c "cd ${WORKSPACE}; bash test_setup.sh ${build_dir}" write_yaml_files.py; + docker run -u root -v "/var/nita_project:/project:rw" -v "/var/nita_configs:/var/tmp/build:rw" + --rm --name robot -e ROBOT_OPTIONS="-d ${PWD}/test/outputs" juniper/nita-robot:21.7-1 + /bin/bash -c "cd ${WORKSPACE}; bash test.sh" + jenkins_url: test_vmx_wan-wan + name: Test(wan) +- category: BUILD + configuration: + shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" + -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 + /bin/bash -c "cd ${WORKSPACE}; bash netbox.sh ${build_dir}" + jenkins_url: netbox_population-wan + name: Netbox Population(wan) +- category: BUILD + configuration: + shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" + -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 + /bin/bash -c "cd ${WORKSPACE}; bash healthbot.sh ${build_dir}" + jenkins_url: healthbot_population-wan + name: HealthBot Population(wan) +description: wan created using the NITA webapp +name: wan diff --git a/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/tasks/main.yaml b/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/tasks/main.yaml new file mode 100644 index 0000000..60c0370 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Creating common SNMP config + template: src=mx_system.j2 dest={{ tmp_dir }}/mx_system.cfg diff --git a/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/templates/mx_system.j2 b/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/templates/mx_system.j2 new file mode 100644 index 0000000..fdcf007 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/templates/mx_system.j2 @@ -0,0 +1,62 @@ +system { + host-name {{ inventory_hostname }}; + root-authentication { + encrypted-password "{{ password_hashes.root_user }}"; ## SECRET-DATA + } + scripts { + language python; + } + login { + message "{{ login_message }}"; + user jcluser { + uid 2000; + class super-user; + authentication { + encrypted-password "{{ password_hashes.netadmin_user }}"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + netconf { + ssh; + } + rest { + http { + port 3000; + } + enable-explorer; + } + } + syslog { + user * { + any emergency; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + processes { + dhcp-service { + traceoptions { + file dhcp_logfile size 10m; + level all; + flag packet; + } + } + } + {% if ntp_server is defined %} + ntp { + server {{ ntp_server }}; + } + {% endif %} + {% if time_zone is defined %} + time-zone {{ time_zone }}; + {% endif %} +} diff --git a/ansible-ee/ebgp_wan_0.2-wan/test.sh b/ansible-ee/ebgp_wan_0.2-wan/test.sh new file mode 100644 index 0000000..0ea0fa5 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** + +umask 0002 + +# Creating of result files and making them R/W by everybody +mkdir -p test/outputs +mkdir -p test/resource_files/tmp +touch test/outputs/output.xml +touch test/outputs/log.html +touch test/outputs/report.html + +export PYTHONPATH=libraries + +(cd test && robot -C ansi -L TRACE tests/) + +chmod -R 777 test/tests +chmod -R 777 test/resource_files/tmp +chmod -R 777 test/outputs + diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/.DS_Store b/ansible-ee/ebgp_wan_0.2-wan/test/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..79bc1ce52e6930855222eae31cd989ab07a1095f GIT binary patch literal 6148 zcmeHKPfNov6i>FPEh6q9sJC3a?Xa;q^&pfw58i}|9#poL4Oi&ev33rvm3|KWMt%Xm zj_)PeaBQ9gk@4Pm`Mtb93HfCt4P%Vk<8Fdh=OjopLV=|yMo^qjtAuWyQA4*x|d+Zw0v z4#twTK02c?h{6YmPAjJsgv0YFL`!3?P#zu7 z;O8U8ONc07<68nzXtXru3Lyf*RVkn<<@$-iRXO;D&a*V;3ROAda%LDu&&>4;h0EE& zFJwC7mO^TY0b*dDfuib`@%}&m`Taj%L_K1F7+5I=c&X*IY*>=MTNf6GcdY>JfTCbt nu5eZYhP;X)7q8+yP$}RSXaHIobA{jmp$`E`12x3JpEB?TZj)3B literal 0 HcmV?d00001 diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/test/.gitignore new file mode 100644 index 0000000..247eb21 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test/.gitignore @@ -0,0 +1,6 @@ +*.html +output.xml +sites.retry +resource_files/resources.txt +tests/02_* +tests/04_* diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/resource_files/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/test/resource_files/.gitignore new file mode 100644 index 0000000..f935021 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test/resource_files/.gitignore @@ -0,0 +1 @@ +!.gitignore diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml new file mode 100644 index 0000000..c001882 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml @@ -0,0 +1,38 @@ +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +- import_playbook: ../make_clean.yaml +- import_playbook: ../make_etc_hosts.yaml + +- hosts: routers + connection: local + vars: + ansible_python_interpreter: /usr/bin/python3 + tasks: + - name: Create shared resource file + run_once: true + template: + src: resources.txt.j2 + dest: "resource_files/resources.txt" + - name: Create box tests + template: + src: 02_box_tests.robot.j2 + dest: "tests/02_{{ inventory_hostname }}.robot" + - name: Create connectivity tests + template: + src: 04_connectivity.robot.j2 + dest: "tests/04_{{ inventory_hostname }}.robot" + - name: Create bgp tests + template: + src: 09_bgp_routers.robot.j2 + dest: "tests/09_{{ inventory_hostname }}.robot" diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/.gitkeep b/ansible-ee/ebgp_wan_0.2-wan/test/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/02_box_tests.robot.j2 b/ansible-ee/ebgp_wan_0.2-wan/test/templates/02_box_tests.robot.j2 new file mode 100644 index 0000000..5447b10 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test/templates/02_box_tests.robot.j2 @@ -0,0 +1,90 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-webapp +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +*** Settings *** +Documentation Box Test cases + +Resource ${EXECDIR}/resource_files/resources.txt +Resource ${JUNIPER_COMMON}/resource_files/show_cmd_keywords.txt +Resource ${JUNIPER_COMMON}/resource_files/device_resources.txt + +Suite Setup Device Open Connection ${device} +Suite Teardown Device Close Connection ${device} + +*** Variables *** + +# Device to test against +${device}= {{ inventory_hostname | replace("-", "_") }} +# Time diff against UTC +${time_diff}= + 0 minutes + +*** Keywords *** + +*** Test Cases *** + +T1.1: CHECK SYSTEM SOFTWARE VERSION + [Documentation] Objective: Check software version + [Tags] SYSTEM SWITCH SOFTWARE + Check Software Version ${device} {{ OS_version }} + +T1.2: CHECK SYSTEM USER + [Documentation] Objective: Check System User Information + [Tags] SYSTEM USER + Check System User Information ${device} + +T1.3: CHECK CONFIGURATION + [Documentation] Objective: Check configuration for the device + [Tags] SYSTEM CONFIGURATION + Check Configuration ${device} + +T1.4: SHOW ROUTING TABLE + [Documentation] Objective: Check routing table + [Tags] SYSTEM SWITCH + Check Routing Table ${device} + +T1.5: SHOW PFE STATISTICS LOCAL TRAFFIC + [Documentation] Objective: Check PFE statistics + [Tags] SYSTEM SWITCH + Check PFE Statistics Local Traffic ${device} + +T1.6: CHECK SYSTEM CURRENT TIME + [Documentation] Objective: Check system current time + [Setup] Run Keyword ${device}.Commands Executor command=set date ntp 192.168.56.11 format=text + [Tags] SYSTEM SWITCH + Check System Current Time ${device} ${time_diff} + +T1.7: CHECK NO CHASSIS ALARMS + [Documentation] Objective: Check there are no chassis alarms + [Tags] SYSTEM SWITCH ALARMS + Check No Chassis Alarms ${device} + +T1.8: CHECK NO SYSTEM ALARMS + [Documentation] Objective: Check there are no system alarms + [Tags] SYSTEM SWITCH ALARMS + Check No System Alarms ${device} + +T1.9: CHECK NO CORE DUMPS PRESENT + [Documentation] Objective: Check there are no core dumps present + [Tags] SYSTEM SWITCH ALARMS + Check Core Dumps ${device} + +T1.10: CHECK '/dev/ad0s1a' PARTITION HAVE ENOUGH FREE SPACE FOR UPGRADE + [Documentation] Objective: Check '/dev/ad0s1a' partition have at least 400MB for upgrade + [Tags] SYSTEM SWITCH + Check Partition ${device} + +T1.11: CHECK FPC IS ONLINE + [Documentation] Objective: Check FPC is Online + [Tags] SYSTEM SWITCH + Check FPC Is Online ${device} diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/04_connectivity.robot.j2 b/ansible-ee/ebgp_wan_0.2-wan/test/templates/04_connectivity.robot.j2 new file mode 100644 index 0000000..534f014 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test/templates/04_connectivity.robot.j2 @@ -0,0 +1,46 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-webapp +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +*** Settings *** +Documentation DC Connectivity Test cases + +Resource ${EXECDIR}/resource_files/resources.txt +Resource ${JUNIPER_COMMON}/resource_files/connectivity_resources.txt +Resource ${JUNIPER_COMMON}/resource_files/device_resources.txt + +Suite Setup Device Open Connection {{ inventory_hostname | replace("-", "_") }} +Suite Teardown Device Close Connection {{ inventory_hostname | replace("-", "_") }} + +*** Variables *** + +${output_directory}= ${CURDIR} +${path}= ${CURDIR} + +*** Keywords *** + +*** Test Cases *** + +{% for interface in core_interfaces %} +T4.{{ inventory_hostname | replace("-", "_") }}.{{ interface.int }}: PING TEST {{ inventory_hostname | replace("-", "_") }} LINK {{ interface.desc }} + [Documentation] Objective: Check {{ inventory_hostname }} to {{ interface.desc }} + [Tags] CONNECTIVITY {{ inventory_hostname }} {{ interface.desc }} + +{% if interface.ip | regex_search("\.1$") %} + Ping Test From Device {{ inventory_hostname | replace("-", "_") }} {{ interface.ip | regex_replace("\.1$", ".2")}} +{% else %} + Ping Test From Device {{ inventory_hostname | replace("-", "_") }} {{ interface.ip | regex_replace("\.2$", ".1")}} +{% endif %} + + +{% endfor %} diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/09_bgp_routers.robot.j2 b/ansible-ee/ebgp_wan_0.2-wan/test/templates/09_bgp_routers.robot.j2 new file mode 100644 index 0000000..525ad67 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test/templates/09_bgp_routers.robot.j2 @@ -0,0 +1,37 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-webapp +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +*** Settings *** +Documentation DC BGP Test cases + +Resource ${EXECDIR}/resource_files/resources.txt +Resource ${JUNIPER_COMMON}/resource_files/device_resources.txt +Resource ${JUNIPER_COMMON}/resource_files/show_cmd_keywords.txt + +Suite Setup Device Open Connection {{ inventory_hostname | replace("-","_") }} +Suite Teardown Device Close Connection {{ inventory_hostname | replace("-","_") }} + +*** Variables *** + +${output_directory}= ${CURDIR} +${path}= ${CURDIR} + +*** Keywords *** + +*** Test Cases *** +T9.{{ inventory_hostname | replace("-","_") }}: BGP NEIGHBORS {{ inventory_hostname }} + [Documentation] Objective: Check BGP is working on {{ inventory_hostname }} + [Tags] BGP + Check BGP Neighbors {{ inventory_hostname | replace("-","_") }} {{ underlay_ebgp[0].neighbors|length }} + diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/resources.txt.j2 b/ansible-ee/ebgp_wan_0.2-wan/test/templates/resources.txt.j2 new file mode 100644 index 0000000..81a4b2d --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test/templates/resources.txt.j2 @@ -0,0 +1,28 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-webapp +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +*** Settings *** +Documentation A resource file with reusable keywords and variables +Variables ${JUNIPER_COMMON}/variables_file/variables.py +Resource ${JUNIPER_COMMON}/resource_files/common.txt +{% for device in ansible_play_hosts_all %} +Library ${JUNIPER_COMMON}/libraries/pybot_jrouter.py user=${user} target=${ {{ device | replace("-", "_") }}_mgmt_ip } password=${password} WITH NAME {{ device | replace("-", "_") }} +{% endfor %} + +*** Variables *** +${JUNIPER_COMMON}= /usr/share/nita-robot/robot-resources + +*** Keywords *** + + diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/tests/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/test/tests/.gitignore new file mode 100644 index 0000000..f935021 --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test/tests/.gitignore @@ -0,0 +1 @@ +!.gitignore diff --git a/ansible-ee/ebgp_wan_0.2-wan/test_setup.sh b/ansible-ee/ebgp_wan_0.2-wan/test_setup.sh new file mode 100644 index 0000000..239101d --- /dev/null +++ b/ansible-ee/ebgp_wan_0.2-wan/test_setup.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-webapp +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** + +rm -f ~/.ssh/known_hosts +temp_dir=$1 +current_dir=`pwd` +base=`basename $current_dir` +build_dir=/var/tmp/build/$base + +if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then + build_dir=$temp_dir +fi + +ansible-playbook -i hosts test/sites.yaml --extra-vars "build_dir=$build_dir" +touch $build_dir/ansible-run.log +sudo chmod 664 $build_dir/ansible-run.log From 2d39e5c53f214601cc3719e193a9e6655e3400da Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Wed, 31 Aug 2022 11:10:59 -0700 Subject: [PATCH 11/27] Delete ansible-ee/ebgp_wan_0.2-wan directory --- ansible-ee/ebgp_wan_0.2-wan/.DS_Store | Bin 6148 -> 0 bytes ansible-ee/ebgp_wan_0.2-wan/.gitignore | 7 - ansible-ee/ebgp_wan_0.2-wan/README.md | 34 ----- ansible-ee/ebgp_wan_0.2-wan/ansible.cfg | 27 ---- ansible-ee/ebgp_wan_0.2-wan/build.sh | 25 ---- ansible-ee/ebgp_wan_0.2-wan/build/.gitignore | 1 - ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml | 33 ----- ansible-ee/ebgp_wan_0.2-wan/dump.sh | 26 ---- ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore | 1 - ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml | 39 ------ ansible-ee/ebgp_wan_0.2-wan/ebgp_wan.xlsx | Bin 23182 -> 0 bytes .../ebgp_wan_0.2-wan/group_vars/all.yaml | 48 ------- ansible-ee/ebgp_wan_0.2-wan/healthbot.sh | 25 ---- .../ebgp_wan_0.2-wan/healthbot/.gitignore | 1 - .../ebgp_wan_0.2-wan/healthbot/sites.yaml | 45 ------- .../ebgp_wan_0.2-wan/host_vars/healthbot.yaml | 6 - .../ebgp_wan_0.2-wan/host_vars/nita.yaml | 6 - .../ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml | 30 ----- .../ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml | 30 ----- ansible-ee/ebgp_wan_0.2-wan/hosts | 15 --- ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml | 28 ---- .../ebgp_wan_0.2-wan/make_etc_hosts.yaml | 21 --- .../ebgp_wan_0.2-wan/make_hosts_entry.sh | 22 ---- ansible-ee/ebgp_wan_0.2-wan/netbox.sh | 26 ---- .../netbox/netbox_device.yaml | 35 ----- ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml | 122 ------------------ ansible-ee/ebgp_wan_0.2-wan/project.yaml | 42 ------ .../roles/mx_common/tasks/main.yaml | 3 - .../roles/mx_common/templates/mx_system.j2 | 62 --------- ansible-ee/ebgp_wan_0.2-wan/test.sh | 32 ----- ansible-ee/ebgp_wan_0.2-wan/test/.DS_Store | Bin 6148 -> 0 bytes ansible-ee/ebgp_wan_0.2-wan/test/.gitignore | 6 - .../test/resource_files/.gitignore | 1 - ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml | 38 ------ .../ebgp_wan_0.2-wan/test/templates/.gitkeep | 0 .../test/templates/02_box_tests.robot.j2 | 90 ------------- .../test/templates/04_connectivity.robot.j2 | 46 ------- .../test/templates/09_bgp_routers.robot.j2 | 37 ------ .../test/templates/resources.txt.j2 | 28 ---- .../ebgp_wan_0.2-wan/test/tests/.gitignore | 1 - ansible-ee/ebgp_wan_0.2-wan/test_setup.sh | 28 ---- 41 files changed, 1067 deletions(-) delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/.DS_Store delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/.gitignore delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/README.md delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/ansible.cfg delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/build.sh delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/build/.gitignore delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/dump.sh delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/ebgp_wan.xlsx delete mode 100755 ansible-ee/ebgp_wan_0.2-wan/group_vars/all.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/healthbot.sh delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/healthbot/.gitignore delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/healthbot/sites.yaml delete mode 100755 ansible-ee/ebgp_wan_0.2-wan/host_vars/healthbot.yaml delete mode 100755 ansible-ee/ebgp_wan_0.2-wan/host_vars/nita.yaml delete mode 100755 ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml delete mode 100755 ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml delete mode 100755 ansible-ee/ebgp_wan_0.2-wan/hosts delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/make_etc_hosts.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/make_hosts_entry.sh delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/netbox.sh delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/netbox/netbox_device.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml delete mode 100755 ansible-ee/ebgp_wan_0.2-wan/project.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/tasks/main.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/templates/mx_system.j2 delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test.sh delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/.DS_Store delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/.gitignore delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/resource_files/.gitignore delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/.gitkeep delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/02_box_tests.robot.j2 delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/04_connectivity.robot.j2 delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/09_bgp_routers.robot.j2 delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/templates/resources.txt.j2 delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test/tests/.gitignore delete mode 100644 ansible-ee/ebgp_wan_0.2-wan/test_setup.sh diff --git a/ansible-ee/ebgp_wan_0.2-wan/.DS_Store b/ansible-ee/ebgp_wan_0.2-wan/.DS_Store deleted file mode 100644 index 6a4f45a46931c42187ec93b8468ae808e961be95..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK%}xR_5T43{i^j;oM7{OmjROSyJD6+`58h1H=s}I{W{GUFZV9_c6fyf8`bNHh zuj5Qx2#8*dfex8|(`l#8eA%`P0I)_cr~;G#z(yssRb7V#$gyR4E#R^=oO)s0>dN3SXyKIW%Pr%n$Y}!!jRKcWZlPUa##9hedmHr+RdH_we*Qcp1LFDOwrcK~mN=j^G`Q zi5wr@ZXAjD9=#Nihb{=ry#>j{?KN-Nk8}K%y#*;{4(Z(HKF;u4=A*A;aZ#Tadv$Rs zFqs<$3vVJZ|+g)&`YFcpq| zuID)#GleP~m@Yn;-kIqNg~{DKMy z2AI`!n+;4!zpXRL(Ob(=?@&o-UZzlnV56U7Y0y)=g(?NdI2nkJ#!Ml4P|P0zNrPz& I1AofE7vt8~TL1t6 diff --git a/ansible-ee/ebgp_wan_0.2-wan/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/.gitignore deleted file mode 100644 index e6866f3..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -*.pyc -*.swp -data.json -id_rsa -id_rsa.pub -test/resource_files/tmp/ -test/tests/*.robot diff --git a/ansible-ee/ebgp_wan_0.2-wan/README.md b/ansible-ee/ebgp_wan_0.2-wan/README.md deleted file mode 100644 index 5da1927..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/README.md +++ /dev/null @@ -1,34 +0,0 @@ -\************************************************************ - -Copyright 2020 Juniper Networks, Inc. All rights reserved. - -\************************************************************ - -EBGP WAN -======== - -Summary -------- - -This project contains the build and test for a simple WAN setup based on IPCLOS. - - -NITA support ------------- - -This project has been tested on the following versions of NITA: - * 20.10 - -The following processes have been provided: [TODO] --------------------------------------------------- - -1. Build of all network devices -2. Testing of network devices - * Base testing of each device - * Connectivity testing using ping - -Documentation -------------- - -[TODO] - diff --git a/ansible-ee/ebgp_wan_0.2-wan/ansible.cfg b/ansible-ee/ebgp_wan_0.2-wan/ansible.cfg deleted file mode 100644 index 95d40b0..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/ansible.cfg +++ /dev/null @@ -1,27 +0,0 @@ -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** - - -[defaults] -inventory = ./hosts -forks = 10 -gathering = explicit -host_key_checking = False -roles_path = roles:/etc/ansible/roles -force_color = 1 -timeout = 120 - -# if set, always use this private key file for authentication, same as -# if passing --private-key to ansible or ansible-playbook -#private_key_file = /path/to/file diff --git a/ansible-ee/ebgp_wan_0.2-wan/build.sh b/ansible-ee/ebgp_wan_0.2-wan/build.sh deleted file mode 100644 index abc23c2..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/build.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** -rm -f ~/.ssh/known_hosts -temp_dir=$1 -build_dir=/var/tmp/build - -if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then - build_dir=$temp_dir -fi - -ansible-playbook -i hosts build/sites.yaml --extra-vars "build_dir=$build_dir" -touch $build_dir/ansible-run.log -sudo chmod 664 $build_dir/ansible-run.log diff --git a/ansible-ee/ebgp_wan_0.2-wan/build/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/build/.gitignore deleted file mode 100644 index a90963d..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/build/.gitignore +++ /dev/null @@ -1 +0,0 @@ -sites.retry diff --git a/ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml deleted file mode 100644 index 828d05b..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/build/sites.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** -- import_playbook: ../make_clean.yaml -- import_playbook: ../make_etc_hosts.yaml - -- hosts: routers - pre_tasks: - connection: local - roles: - - { role: junos_common } - - { role: mx_common } - -- hosts: routers - connection: local - roles: - - { role: ebgp_ip_fabric } - -- hosts: routers - connection: local - gather_facts: no - roles: - - { role: junos_commit_config } diff --git a/ansible-ee/ebgp_wan_0.2-wan/dump.sh b/ansible-ee/ebgp_wan_0.2-wan/dump.sh deleted file mode 100644 index 211813f..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/dump.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** - -rm -f ~/.ssh/known_hosts -temp_dir=$1 -build_dir=/var/tmp/build - -if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then - build_dir=$temp_dir -fi - -ansible-playbook -i hosts dump/sites.yaml --extra-vars "build_dir=$build_dir" -touch $build_dir/ansible-run.log -sudo chmod 664 $build_dir/ansible-run.log diff --git a/ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore deleted file mode 100644 index a90963d..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/dump/.gitignore +++ /dev/null @@ -1 +0,0 @@ -sites.retry diff --git a/ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml deleted file mode 100644 index e266751..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/dump/sites.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** -- import_playbook: ../make_clean.yaml -- import_playbook: ../make_etc_hosts.yaml - -- hosts: routers - gather_facts: no - tasks: - - name: Set ansible credentials - set_fact: - ansible_ssh_user: "{{ netconf_user }}" - ansible_ssh_pass: "{{ netconf_passwd }}" - ansible_ssh_private_key_file: "" - - name: dump config - raw: "show configuration | display inheritance | display set | no-more" - register: configuration - - name: write to disk - connection: local - vars: - ansible_python_interpreter: /usr/bin/python3 - copy: - content: "{{ configuration.stdout }}" - dest: "{{ build_dir }}/{{ inventory_hostname }}/junos_backup.set" - - name: fix file format - connection: local - vars: - ansible_python_interpreter: /usr/bin/python3 - command: dos2unix "{{ build_dir }}/{{ inventory_hostname }}/junos_backup.set" diff --git a/ansible-ee/ebgp_wan_0.2-wan/ebgp_wan.xlsx b/ansible-ee/ebgp_wan_0.2-wan/ebgp_wan.xlsx deleted file mode 100644 index c0a962c04295127ebcf71fd40961c0a0358739af..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 23182 zcmeIaby%ERvOSEuySuwP1b2529^5TB1Pku&?(Pzt;O>OrmY{*)^6O+~Zq9Hr_dDO8 z_nFf`LwCP>JukIa)s|JY6=gud(10L-pn!mYh=G*XWv-Hdfq-fOFHwP@Ky*axY@JPQ zonNcIwKsLrV{o^zCdvZ?p~?XQ0bKw0eN1q{r?KuKG|lGY98tnwU3)fB zV*DV7aO@%%D3p#OkB=Q#1)+{}EaMO4$~n%TeO=Mp-%Z!i#DjyeO_=2+yNZEuxUDQ% zP<&n|;N>I{QdTdY(HiQ9QH%&KrhM0&2r0|8VnhK$;!8`u2d)aEvfuMf*r%*>P0eRV=>3(&l)SLPdXad&P>&~}5*UU9X zyIOx2=D9bC91*-D2JWGZzR!?c_+W3y;cA<7f?=VZrkU5EJm}+edKR6oG^lerMC9V5 z)Iu!LMUJ;mzu96A{n1p0t4h1q;ZXsvpC8+#gTTime=G|$tbqnNdaWq$Kww`Oe5$&C z&Bw#pZ+)em%N?u}Y(KVG*KbelhJf0|`C~m27|R)}DhK;Mp#(uJWHSC2>VGf=0l4!zz*}Jf?)=)()Y^%W;m7meZv0>D zyMOrCE8^s2K$($(PXnHb$2xgeX-H=Bc&qwlfMM)Ba4#+T@ZCCG=d2DHcM2>e9k35p>^(V0|`&#~;HIimGcj>!8 zSjAReAOrccAC`-R`al4GtF8r?W}+jO_N6pp8M$uaE`IPjj^a4mz=R|euM=pVz)i<( z2M4EIwZ*81-Ebi(ZA_8qM2yx=%(C#83-&zq+(NRR8lREF(2;u*V^9K0?Z@ncQ>$rZ zWpVPLG|R;Csf~0sp4MyOdTwU#hSK^!+F=twfx2t8k3wT6QAque(N%Z zmta#Upg=%|kU&6)fGgas8Qtt0t&HsKtbUAs1#0Vd=}bsI*$vOYw=Q`GaWN2y>N08O znG4j~i&x|*juEI80pr&3gk^VKr?NQGGyKl<(r{O|0w3D%y)yKy!#-&-7q+4?_fiTt zrsS~f8e!+JuA^R~ajzi7#_7UfejylS4->*+c$vc5rQN= z?TEcl?E$lVX6KZJHd>N|0af-adQ#GwU&@ya2+e$bq%eT~t{xO6z}|q2jl_wcoWhAF z@uNA~xGlRV7wLtx1?hk_qc{I-*u)2ofMnU${PXYQ5tY)h6&&2iQqu8_owdRf+C1dd zhy%V2G?F0RG}hbp6v3GjvKdMzCo()1Xtt;7Vf5SUr-U@VanZ>lQfTlVU<5&0X2IRYhL&v16B1 z;5r+Q+8*O>kHTSXBQ%BEW6{-P;WM>;VovMcUD@=DUCdK$R>@Ic$5$fs=bnaZYqDu@ z35(4qxrcB`T+p^VrGLLLH8M*^S_5}n@9+*{u?3t1*@lyx7Bo9lG|6TEapv3Ch6kRH zKH6xeR(8#e&7K|2L;-ZE#~08ctR)zMO??3YoDUu!Kd91NZ56IQEbx)irV)Dj4OX0afYu{-xB~nfrbDA!U2K; z2Dr~Z2Aw}T(Z2>DV8A>QaP5Ehqa#7i_8k*a&~>5*FUOkjhWEQea5_39-M1{@Z+ z^^SvYi?@WTTo_s_?#^z+?zKQ9zg_e5m-Yitx+Zbhq(SI#!Q>)K7t*EG^V^dwv4est zlQ(Qo93XYx4xaU%{_;F+fo1qiBbnj&ez!x4B|2o>z*hR#CEKZ$H0t)u3x3Wgrr=z_kyM+f`tVgibjB z3Rg~!4Y-?J5PQrhC)iu(x^F$!pncZfOj-shW03I>!RJq@d`z+@>0=a3V}tjy3CyFF zY%~_R9xh2Ju#B|qR`=!${u1?9J$!UL*qp8j3;PXyrB99f^+1dte#vlHXbU(7$EbcWWd?KTIJH{+Bql4_3Kds)4V{>IKFE~qq{a16O- z?;_I`3X=CUV*7Ps&z&M8O*D>F;J9RM5eOk6b7REpslM*?;Tx&L!Qqz3aidaLH8hyG z`o|cX`>#$ItNL=38dj!+RjrXf)KWauJY1#UhQ}z3XECGug_LOpdKP}sLSw(pN^EFF zV=vzrRv(I^X-RA^DJ9Rxoh_lub7x5vC*M_D@<{+Dpw1ojrqi-2;@Z8o?OudAB!z=E$JgOAe6X^_<@KE^jP@@rV_ zvns<*)Htl^W7 zOv8*|As_Pus%K01ouvvJAiF*`zl%~}T?972^E3#LPnCVt1x>3&mZ_=JYf56tPSpA! zP+~btbE=daspL#5tsFjc3$7lRhM)`kyCwwueF-}f{gvTF-u)wD{cl9UI|egPEsP z?xL|9MT1L9U^tQ9So)4W;9W~kGFwFy0C=xh48s>46sUsmRRU;`fMBTv4#Zg|`g^3A zAfHjtp8l*2GJ;C$AX~{&*-?SmrC6Coxg%)B8I7?VJ>R&|@(R>5hg&v%I%U@mBP@mP zFNK(%a@!=9+S;N=DFaMdIpi&II2V!~Ez;Pl4&g1t0wgV2z4C@^_Ii@mKhW?-@UIxEbadiK{U*vaZFRh3u;qfy2*q_%B-C#XHUi4k9EA!?iPu?FkUiCX$` zE{4j5OqM=-8QAizMq_Dc851lA6AN2I(ryi6Rxnr94e|+tAsgwOOxj+G_ZL^!zLB_# zqNlE-Y`hq7KaD2)z9SQ1RmL1W7DU@#n#mZ7o1JhtiD4Zr@PVJ5zH)k{94`30f`z%N zbdZmQw5q7+isoI56#o{%cADiFsi>};+_4&j!}d6)uFAH9oETAQd`ngOT>VIYOA+AC zB3kOwxwV{n5BfW=ykGUVWZ+ytL2AgedWHwL4D;zUfF-LK6Ho*QvhW%*MNk@|=*ma7 zDv;IJZDRCsWj9ytnPs6<^r+3Jd`xMmgGqB`fI!+uy*MaA{03#Ub-UrF##+y^wZPVR z!&4t{b8aFRKwHkN)5#^P{T)9Q9d0KbT~`-XgS*(38>)v(JHXIO*4~Bvd)rfmY$aKz z7!w1kXn+lc&G+ic#ChkBKDmw`%PFXGR-nYh9&6EunywZ<3zE+yj4cQYy`9uO$wipR z$>L}QJ5z^pY4caky}BKm%SEu%X1yKi61>G0m6Sw4w^KRL4{VH)R<7zbK)hlEAwY9u zUlfzm8`t1FJ=v9A)Z6VFOh8+$I+e>FZC$dCN?xC>donbQ+TnGA(P-GP8WwSKGmU!H zh`yo_5(e75aW!=o#x8f(YS>e)cFqya6Ma##uHpQY-1F@fAmaXc#K%tq7KsO}FP8yv z`9H*DmY*?MRmX0Y3C%}h>y@VXR;5dv{-AK2#aA|FBoJnZ$*OI(g{`H!%qHBeE~g{s z!=@`k5=(DxfqmZf)}`fTbq@3KNc6IC2fiq#Eqawga}Dkfk8j!U{9;`i=q>WKv$j2L z&$Z64$HO#jxai--T1%pcIgyl_ zJ4DB%EgF=Rp+vlW1RKljPSqd#E|s1_~K{u&sKba>{g zS~;8^2huf1mU3_tgb(xsWwdR;Lw7vd7*#n9Cxpq2lK|XvLI%nRL_y!pYj9MB_nTIm zuq`3dPtnSJxHWP7OFOT6_CQk#s6t9a*BAL(?=15{Fn$uHCmB7W8wqQDIeN?%zb ze5?dM00SsmUBx$d%NfMNK;QkOa1$<6JEkg}iqtAJ=9rBEfqie-DRBTfaX3e~`&keq zk4v~$h8P$Np6qJRe{Udn(CaRsA31Ru7R7t{uEM-+>vgHt`-Qw@g-5@9Dcp z6&|uTrFe7XbXM*bTqX=S?;HygJUMm>e`pYv4DI|I7`^kq}_%? zN65$7L4-j_lcD!|b9+4l-L#%Q=hoE9Ai{WARUI%%qGH;r^PyPTS2vK^2a}>BCsGr~ zzwd-B;`N=?S*sPey$EI|I(;+7ns(HO#&K`)t5EE>C*g3>j^}`d-Jglf;C0mW|3PHd z-w}Bx$`)3tsB*Sn5UL-GuRUs3Go0~XL~fwgxn`=A{uhyNm&KdR2P#pu(Yf#`u^a}R z$>-|2n_pFnQ(|!|sEO%Ry8EBD_PyC%<-FBijX$gqe z){)}3K91uu=B~_(wH_vuG80wKwU3TjPBu7b!-#loxgb^Lg=q9vhX2ehlF2rNVp(Q` ztkEqKo0%S7kWQ5L!5eHqvhK*Ew4pE@W9xH)L_%(4kR8bL;e=cQp?h3_*0J;PM?YDQ ziIC0gI2GY#KWD7xaDy3Aqg&}fkds`B>ih&BtQrc>nnT(iGf+**?| zFxjmBBhAGd)hI}GkS9nKqybj405lZ8X+fjA!2VqEyM+GSk)s{x_aCgi)#3EMRnIX5 zIhO3QyUP!Lj8R&}tXy}uF>=IM5z*VK^G^;I*^6VQTGYN@gRsP7vTHeoW0|w}Bqi7g z$Tljd^y4HKAP47I@sJ7nSOR?eF8JNmOz4!>X6I$V@ihl*rcHJE5^U$!@`L&@7d4yY z(^59VeFxd~0q98!S`77#7T&1sQwKv0>xaChiHN zzQ2vg)}mn_ng9{mAFu}d4-uK|Cy~{Z{6Z)BRMHA>iH zyOwtm%Om05S#^Nl(1Vdr#e)iC( z6$iUyn2bKtA$k55i;+aOuK#+{u7`84hu87ACE?owy{=G7cWRvfaiQHuLY&=>92-;L zk?}VS>V-j{UpX+ys{6r`mId)5O+h+;-4)+yl67Dk2yGl3xl<^HaK(c`l{WuCeCsZ1oBTHBtDej;O6`RwDQ}K5z zMHtW(7Ys5Jcy<%sa0QX@*<0iI@Z8}eDAV&msil0RoTZDvimZ*ph8kF`?|hUJd?6V1 z2ci3@6cSWZRv#VAW=XU3JY5>qoCms;I#D8p&>8)7nX-Dszf`rhy-yrTcBiJljP|A9 z6yH&NHh>!pN^pJUukW0)_^Anox~$~`#uli_U*eu z8!&s3Y;95;Tevo6Ja4V8aAOxVbe=;BdjcE9n8bjjP?Ue8r7RfQoW>2 zC`zgIy{cqkrgMHinU1B=)^9Iy+A_*Ql&?r)WpXqxBGM%!!juTc?Kp!JoilsduAgGW z&8s&!{hkM=BkP;_cKMWr!}~A&Q&rPeN3&zGbCt&D^qM)LBMId`s?kGNrh`6DeDyk#Nehg@ z*T<=8cJf24+{Z>FMAr?BPwp7f+Do{}QLoU#w1h{;9?;q+BkYtxTThorV}ThPsP>zP zh!77xce?R$ScF2NM&v2u#y*$AefX}b;8)WMEfRr%>ep-xQi{jzPiuKVqG%LC1m2yW zG>4J!iclDf#HyoCofATsU9%aMkw{0=&{>dfHFWp@&v6YHJ6l8@KSm0kn5cFE8uoa~ zq7sQT!ZI^IILs86C6y!4RnQDRS0WTX$X9zHRdlEg;r+r&%+gtxwTL##YK(=kgu29# z3<|Lv51IDY)_w=4_SKlu^-v>7lc~@x`!+9QOkos@^dSsmo1C^N_g5-bdVru?-|AyhhvuDFa?TD?2DHHLeB zDiJnMdf41D^IHVlyN$S=1k4trgV9C%(Ax}3Ymzv%2^hUt$s{HC^Kx>=`6zk?eUW69 z+Zq~1l-OiJ=56dng(S3mzQc6}7~(@Z(6#g$In;*Ov&F#Y1zRku>d1r(Q5f>QHsG;> zuvUgwB*?kLS*2CaYHWt-l2=3HU<4&;cCge(N3Cg)bqlz|4A&+UdUah}hd|HpO{(apcaW+?u@V!Eh3H^WFexhc zeO__|c;U#NbK+sP(PQfQfU?N3TZ9Y=%SI5!?k75^6418VNp^+rj(+KS5pjt#B+n|? zy_GtoXpAP_<|$a^4wmJM88sf713f$;22(vM6rABxjzIqw zHLWlG@x761$R*y;5~u@6raMuHppAAhZzy07BW9WuohhFHeb7T(41eY;H|v(a=tRUE zaV+ciS^S-ZuqKV5+AJld5YgQHUQi1j8orn$6%F1YYV?`}J}1M9C>YA=d>%4KjS$GK zvNOSqwu}>^VpUxaHLS1L=q{2wXpb!jhpp(lh7OAZ2#(U=))`r?Obe_uUt)&zFkK`k z_0|Y5B&aeN)#&um=M9x@I?45F>{J=ta}@{oYM8+z8O91KqT-mlnxC z`C?g53W0Vz5non;Qbuof7<;JY#U;spK7Z5VDvAX?yjf(-$OWnkQ%b&zlTW^s4em8W zLC(3K**aj6g?CqHH=*-3eFe1)=WZ~HJ3=hY_Vufojt90To0}eivlKHg3ht)PDw{6# zkc(us9%2qQZEAg{!l_Q91J79gft_xw`0d)Er!uaG->xq->I7j-0A9HFpS_Utw_Z3> zSR*(O^1=&~e|n)vPJfYVWOtOphl}Ox$#e3yPbSpb%%v?ukX+VaShai@(3AV1fU#=t z2!yoIB5O)@$J&oDwKuu%`ZTXG2GO!7MZ7zv99Z96?-E++Jit_yU9`vXh6R-+A1BRG zUX>VIu0ka#&J4*}Qv7X{Oz;OU_>h!w_pw0|eKWd6^7kgx^GrUC8$o4DbvNwJ*olav zTXYy&z-TI2j*sS2%p+S*$9$M^@+woE&^m15xX@h`50mA#6>Epo+qG!YW6q!{Qru=5 zKGBy@k#4e8Pa4yK^d!q+=|Cr?X?D2EOP?LsuTA#t$i5y8jX4iL#ZiJja4reFQ4A@9 znh1!Z{xMuJNpp!Vl?ca;L)_3DDYT`)k*2@u;?^mDb2?P8tr`k>v5CRgqt4q zicESbf^RY2|-ZwJi5 z0hNVjh#8w9h;}^UMLD^bkez^F(|PjDm5L4UyUWa%O00n0>?K*$G(+PCJ%A zplPMeU|FgrL_^=$fYpjtmBb@K&riu9VV9i=$-<+LJ?J4U4$e){S7>i~!?dRDam#d1 z%|8Xw-bhIX_(%qvyJ(=$z7fx{A^rRO$#x0j^*1=$>+OJvWloxXJ`E~U)}^ulam+26 zQPc`+bEPGlw=`^c%2zJHiwqE+u2Vo~vQT>L8{MoKZnBK9s#5{OyiZ`w_*{yCJN7+w z*JZ#Afpc+=k<%bY3LpXn+X3mu3%UgC(bqQ1oF6+nL(@x)1_nyLvc)V*+) zSsn~%`SPf_N2xA?c?-Q|yqQC+FWG9I_*=t*vTJ z32}#sZ%u!_{V-`C+~#pCG%`hu9QUmPU6oM-M6@nOf-PL9C)4M2#>20mS1S;EQj#_W z30rs7>$$VsU4)#B9O~+gBWQDgXsMU6saSAL#I9*pJltpaR>|4`3FK-~5JKR!gvtta zn#e@7Svo;%dH}vhBebAWyp>sys|kWW7@!H z?{Ac{`4oYTG-=$YVQBUMy{NC(gF8S`lypRY{54gfwt5LEQXO6a8PQC(yi@yP7zaaQ0mqI6I#R$85S#3+`=E(tvi@snay59|TKo2$0)mg8^06*M5H%B*{3Lm2h@LxSl&p2|N zY|t^-dEFkr@%4FRzS})UEQCF6&?%j;7D z&kY?A#E~-rx%Z;YL&z)p)CXp8+tTt7TVA|(&_xpn89+9OhgH&e8jP5__FpKZNC zMCEL>znHaUrFQ&8Z*Fg__&W!;b8HM!%GpZ^qWuXq`r^@<&hGOr>9)7IHpJQK+8K-kFm*& zEFtbd38UrnS9zW3otTCCK)l+pE^R+m-fFqO6t)i;jFP+nnzkFvD_N0$l(V>MGa92( z-F6#r_u#SVnck6kpNUHDj(zf4)4lneYn2q~YdGX&d)s~03B>blTRUCyq_)jII7Zse z+t=1@JI)sId<7BsCD5dtg@^Ivco<5E7;>O?MJ>xy36y7zR3``w7)wV&0p-yp(g-LS zBGG#6q_62clbKdiOnQL9vy8Q&{YXU|Jj-Y?-$!S-q?!J(U|fYyTw_zYh0$q!j?6rmp4 zjBLiW+38}AKJ9x@nUTI%xhNxAvzQx(+dZ~_W`}~_(MUetC|!XY-8mlV47yZ_N332_+uVQFiVoYpwtTs z#8^)p)ZI~4R>Ss^!fLLr76YG@umqK)Z#9t}Vnij(y9bR3-`%^E1PCA}+VdLH1o-%s zv)R~OjL=Vr%_K6`z)e&cCsDRgHS>rSr&@1PM89E4p`@)uMs&Uyu}$FZqM_Jjlmz7T zJWr}l??dZiR*0>D5`Wr(iEsvNMKP%M=ECek!+U}-w8|d)nfrg$bcYuLzaHM}A_}?d z8t0bjD`1!Pw#*)sROE_QC4pLgS7(xUie@ywbyP>DB{U?eDy5sMQwzBhQ}dz9AKtqO zlFDC^bH0EI6vB<=>C-;RJBV6a$EVWFXt}+MCdfA48v3L)-$DHXb(*`v{G3Dndszi` zTF7edrOCH*D`AZ}=a!FS5;h3Q0+P@E7tvuc%Y>Ad{ww?UiaN*-3kIvSU`pP@90Zb> zk~##CQ(VhpxUy*pHkx54SG}uLEwKzdYuK-cW;hR>CoPV&oc8LR9M8Y6?cYY|X)e{e zw9bA{!HK&v3Hx$o&NGDdG39mR$Sc0{9&h_g4&C$U)VM3lXJFm)o&-Z*GQXYX33eUM zXTT1|pEsm;KZW;2049vYfC(e~KZYeI=eO3TPCsUe1?oD{>0D?&)eX-*-+24TiRJQQ z%A_DlmE9U=WD7s=7=$){ATl-^uDV3WykoYwwlcbq7|Uda)E~-}_`{ zmJof9EGr3Q44MhRa-T1Jt&tYj(Ig#kuY^SBC6v;i8Pqsb#Y__VR9xC2`#ucI)g&Xe zzCI{+Xdzp=l#ScbZzb3%E|)|10IJc$eyc#?0V>Htt-SY>pWbV9@X-U67Fyrkcnm zY>kPk`ng>l1_TkKwzE~u4R&L$evy;&eTe0;+>_~~v_MKA3qMB$E(K%h9Wtow_h5v3 z|94-B0#TtDEEk!P+&@R@Z3oxXQd(TQq=@^`6oXr|w03#Pp0zy1?^Pg|k5+XpzhjvY z4fy!|4R3dE5IL~+juZR^U?*!D?xuaM^EJNh?2rybdm(4`^peg%`#a3Z>-IikJ>Zag zyZDO-PI;&6dti99iADAh*4NiPSHzzq>%bKBd2VbqL5`@e)Eb}!1`Rg~>xnM+VCycE z!nKYH9kB2*F4k-^22qdBaTOlB5&KS_djg^tgP})K@f_Jr%xQwidcG$pUd@`OchYZ$eW_3n`ja5u5HBcXxy?r+WmKhZ~i} zICPaX83z`bd=v2$D${|1ZzfkyYvG;w*wevbVNJ?4@ylt4%iFW3UAzk`NCz<9ELIVR zzEQ?{92NOIar~$;bILAr8%p%XYqa9DYfNTs920RnOea*BtjZ%oSQ+hHDX~IlU65DS z?Qv%Hv&Q2J(c>1RjoeY=hYr@+oK^v@V|qH%u4fp@(g@xk@}xgD*yOVxYipcFH@_W7 zY{wCy{EpJpvGBa6uu4-p*58+~e@_ZbA z(`Xp9~GE=4nrZTo%X_0!NMpL>#^oNl1 zGUIHqd3q8%7ON=QI3KpmBFT+#Ts=3~Ln;iwJ~J9(cKQ(0W#qP)6xKrVP;)tg%ZCnm zo`XYZCvjOV8W97{_;Xt7D}%DMBGrj|x;+~BIVG#kDSDO}=`M9{vp(UNvT_o_Fy&n#XMz=G83Q3_FHgy%w>WIPsJu~FQBCm~HdBnIVhr9dvsp(oF*$zkvS!G|Uf_Ix~S=D1mXWrNTZVo@I^Y&cU%$tl!^Bu<78>!HZ}iP-5crKV zi|aFQjzpQ)Y2xwo7+JJYVbG;hiX|n0XBzVtLR!b3oMO)VuoyZiewM5yRWhdd9Jl+> z{bsZhwJEwU7_>YI=cA&YM!fReO#+?sg6T2@aW}BeJORg;ifHE^{T+`Y=mlIn@%vd3 zjbNp_bvQ4lZA6GM@PoEJ^)*pEBBrFVlL?mQ?MwqfIMvDQ%V>rR=&-8&on^e&&sq_vR?Y@EsP=)>%b zCr61>!bHNwJ!Ln$$m7d@ z8PN9q!tZ8>jaZE$z-w(A)pF5BVwN_1tf(!U8ZbtRQ!p`#5S-UJq-xrxAsNIg5*{oI zouoG^)0EtQ6I^=C^lgRMoX4}f;SF#n#6tgR!ZAEFpUEuj!9o$?A#cla)`^1}9E4$c zCjZ8MS2soPT@w*#jcoOp2OzF$%*rmk3Mg2 zJ!n?-brBH};v_cL{0LUEGK7=gWIsrPT0hHt}hrz*-UZN9yR zY+#gcJf++5)_BLmudMZS6y;6GXPe(OA^B}GP>MUoKp;<&dr0i~o1c-;SGTJyD{lm_ zBAc<%i!12gO$AZ==}>$BiUoeA+WgA`mVHb}qNhO*@0L8tctaG!$X`nnFH$@LiRrKA zT}hiali%JSECmWj^%;L=((~2A{2m@;OafbJD@Yu~CYna)l_}6voukPI?;{n6Q8hHx zJ}z_pK0H}_i`z_nUf9|YW7uxcKE>gCg^GBYiLB{&W#d%YtIbsfb62@~&fRLzPnjzC z5U{&U4LS0Qy2;t?vs{CIr_>J>KTI%89%sOvC&@pgc03vgFoDEXirXC?bi~)OH77T~ zocGVOVYXc8xW8nApGg}3ZUXCPpWTWLLkT8_eE}@^ z_|pV$MPfZ-%2yJ9uz+1>pYjnIT6QsQ;Nk>Oeeh=!h$JEB|0NUrl=pvYf`tF$CNQ~R zBl$}v_^JB-)&x`k$4wxsP2=&GOz>0F`*#!kBNh}xs)X(8N)!Ev1#16@1)RiB_Xq!S zgz~b{mTx`PvF)&QHn%a~1P$?-3`;8?l!h)81 zsp3BW!x26Ps!9@G92NBQrR+RJ<4$#`tJ!?BgKVHJ=5fRL*2?SG#!yQ4eEK6C`iT0b z$L>T!$2$`BcnQTi#)Plz0uKZ%=roNtKK%@bU*6t>{mv1rULoH1{grU|Q&9PL6Z|t4 zgfxMTwgw7T+1vq_btH)$B~IDOTwKrBas&~CeC#k>nZ4#KWu(JH)mr)rfflFWU0|^J z=(^nLXXG%~PK~VXPSjVrYP+J5kuir7&0JrGVFa5mDS-2HM3BcWjU!H6mWm`#IeJ(F zXA3EM%d*=H+7_gu=Lx&Jaw@b&(8}<9D&L31pB4X{@zVq{WIf-4Nxlzf{@RZ+q(27(inr}2MSua(3l<3INA(||(!w6FzHl~mR55jS{;|+_`I?!* z$intWT}DP&3F&F#ds20G`5kGnamff5?_f}F0QDJ z+8@3)-zK@=(`QbExeUYNPUartkG9(zvp1vgr%iBpr;?%gjr1K_927|~QyvuYXe*w^ zgnf@*U2%58i8{P0{|88La880wWR3T6s3B=%Ls0$5*j${cuPY_w#O%%&agMF_D|d`C zl?=1;;$Jf!ZUHqeWujQM@v8gn1vIK&fF#Q#eM$lKUa(u2xPRkm-0x0`>+e(L;fIN% zMp}K?4N>V$K2`^93bs=(?`5cC37N3!HlHmTGsTQXMmy%pFinv-cogK(`9y2<$*W#0 zV|9wR9y=v4`*|JJsa`q3{!RBzlKM3M+8Z;lv@s3Vx>J9WDEm=9`|%Myv&SrfFj9Z- z9i?sp*JUfPWvhz%uUJud_Re(;6yTU<;3`)aS6mN`(lKs(&vrGkpdVw4!F_madD}iF zI7X^lV!wIcTyrDXhQqtFzd3%iAm3KA7Idx@_at>jil(n1K0cuw5?41~m?Ho;i$gzOqRQ|4J2dqLP;*@0in9zdO z!JkEjJ=2SDzX-2xCh&73RZx8h+OehOu#jYFfAXAlEyuqj+9BuO_sMXQYU3NBxdAaA z)iwqlV|GVo#-g{)@EaQ4kv=P2O_J0ZkI>I zbDwQs=^MYK8R@B_{-*_Tmi=n85cchCYe=s5+qiT+%sqI0_)K%8$eA$#(URUwYKTa9 zBH$whQaMLg^F7RpfeX{ZJk3BCe%4Ad z))Wy4VK@T$#K`K=X02vE-}`tjvi|GEtuny{oq}Ew z!s&$!+Hy9C5Vd2i!1G&c`W37(8a|`5tq&jD%52g^GPi# zz_IqnsI@UJcFYBjT2w5qDr@NVEOw>Wmancm;u+x2r?2fe%g@EaOU8e$wm4Lslu$^2 z7u_B7u+upW!zHifHA}c-z^3H9#rKB5aaGNPUZ*JTkfp@bAOO zwt7XHT6q#}>OFrIMDRGc2D)v9wI|kUOJsn3!5VBzHx!cc&cGwS9l|zn*e9zjM&zRw~2r8y40-?ZrVmn$_l++ge`)8?|{Db#;7gCI%BgVI>dTL{p1r zyhzvOw|rbcofyw7e0Fp3#P-CSt^oz1`8I9LgL@k7Ds|-dOge95WTEvoBHln#P!n7C zBwa7B-9f^%T^I+0km}eyI$WGJ+!M)|yOQm7$j+k45aGZwP$fyJ8lr$ACs6Xd&s$p= zsslcLe%01-_yM6RyZs5M{)}a^SEK2fnF;^_znk6=nV%;NK5_`y;@Q z@#7Ci!M$ww@(8S7O+f&%6kwnEk7xP3Z2a#B0R3tT1SAAVV*@n)561z$#Cdtt%P*vC zxc|9{KOOw?66NLL1iw&NQGSc^Q$Kx)^0G4g7s>-5!RMa_`QyF(lptTCye!N8g)#u( zz;94~s(3F^UKTw5LaD|1Ey_?O*}im+cO3;4f9`KcwnM0r`!@(V?m__ruO<(QW! zFSGA|p{y7eW%- zOB?()Q{g4xOR4`CU<&*H0{Bb#e+l?fIR6Eh&hfth{*uvO0=|@?e*tE3{x5*PMCq4+ zFGby7fVo`%3*aw__a)#0r&p`_)9Q-3HVZQ`~_Id^S=Q8k{@3JzLa!+0hR-@ z3IW03uV{IH9W;smuYmqkjs7~Q|Es?O`ct3y>!8*`e+BgCPWWF3)e!kBpg;Fq|2n9! z*k1wtxx4q*LFpy_3h2*$q?e%ozDMzkP=K0WDIlOf?O42Q{_l&+KQ_;j`9t%6E;V1a n{`VRBA6qBO|Dm<<|IF7FWxxRyS3p37fUi?P@&0?IAFuu&tueDa diff --git a/ansible-ee/ebgp_wan_0.2-wan/group_vars/all.yaml b/ansible-ee/ebgp_wan_0.2-wan/group_vars/all.yaml deleted file mode 100755 index 6c39350..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/group_vars/all.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -OS_dir: /var/tmp/ -OS_package: -OS_version: 20.1R1.11 -autonomous_system: 65200 -build_dir: /var/tmp/build -final_push: 'False' -gateway: 100.123.0.1 -junos_conf: '{{build_dir}}/{{ inventory_hostname }}/junos.conf' -leaf_type: server -log: '{{build_dir}}/ansible-run.log' -log_dir: '{{build_dir}}/log' -login_message: '***********************************************************************\nThis - system is restricted to __________, authorized users for legitimate\nbusiness purposes - only. All activity on the system will be logged and\nis subject to monitoring. Unauthorized - access, use or modification\nof computers, data therein or data in transit to or - from the computers\nis a violation of state and federal laws. Unauthorized activity - will\nbe reported to the law enforcement for investigation and possible\nprosecution. - __________ reserves the right to investigate, refer for\nprosecution and pursue - monetary damages in civil actions in the event\nof unauthorized access.\n***********************************************************************\n' -loopback_subnet: 10.52.100.0/24 -nameserver: 100.123.0.1 -netbox_pass: Juniper!1 -netbox_site_name: WAN -netbox_token: 8a099878e119b9e230b20cba3a091a5e9144bd40 -netbox_url: https://100.123.35.1 -netbox_user: netbox -netconf_passwd: Juniper!1 -netconf_port: 22 -netconf_user: jcluser -ntpserver: 100.123.0.1 -password_hashes: - netadmin_user: $1$a31gJmWG$h9ohikT1ajySf/tVH.gmv1 - root_user: $1$DbZ1Q3pj$s48cZytjsmSJRUJAf4LdM. -route_filter: 10.32.0.0/16 -routing_options: -- destination: 100.123.0.1 - static: 0.0.0.0/0 -snmp: - communities: - - name: public - contact: mtighe1@juniper.net - location: JCL Labs -tmp_dir: '{{build_dir}}/{{inventory_hostname}}/tmp' -vm_passwd: Juniper!1 -vm_user: root -wait_time: 800 -xml_dir: '{{build_dir}}/{{ inventory_hostname }}/xml' diff --git a/ansible-ee/ebgp_wan_0.2-wan/healthbot.sh b/ansible-ee/ebgp_wan_0.2-wan/healthbot.sh deleted file mode 100644 index 7bd55a5..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/healthbot.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** -rm -f ~/.ssh/known_hosts -temp_dir=$1 -build_dir=/var/tmp/build - -if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then - build_dir=$temp_dir -fi - -ansible-playbook -i hosts healthbot/sites.yaml --extra-vars "build_dir=$build_dir" -touch $build_dir/ansible-run.log -sudo chmod 664 $build_dir/ansible-run.log diff --git a/ansible-ee/ebgp_wan_0.2-wan/healthbot/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/healthbot/.gitignore deleted file mode 100644 index a90963d..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/healthbot/.gitignore +++ /dev/null @@ -1 +0,0 @@ -sites.retry diff --git a/ansible-ee/ebgp_wan_0.2-wan/healthbot/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/healthbot/sites.yaml deleted file mode 100644 index eed1342..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/healthbot/sites.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** -- import_playbook: ../make_clean.yaml -- import_playbook: ../make_etc_hosts.yaml - -- hosts: healthbot - connection: local - vars: - ansible_python_interpreter: /usr/bin/python3 - tasks: - - name: Delete local healthbot configuration file - file: - name: "{{ build_dir }}/healthbot.conf" - state: absent - -- hosts: routers - vars: - ansible_python_interpreter: /usr/bin/python3 - connection: local - roles: - - { role: healthbot_config } - -- hosts: healthbot - gather_facts: no - pre_tasks: - - name: Set ansible credentials - set_fact: - ansible_ssh_user: "{{ vm_user }}" - ansible_ssh_pass: "{{ vm_passwd }}" - ansible_become_pass: "{{ vm_passwd }}" - ansible_ssh_private_key_file: "" - ansible_python_interpreter: /usr/bin/python3 - roles: - - { role: healthbot_commit } diff --git a/ansible-ee/ebgp_wan_0.2-wan/host_vars/healthbot.yaml b/ansible-ee/ebgp_wan_0.2-wan/host_vars/healthbot.yaml deleted file mode 100755 index 4865c62..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/host_vars/healthbot.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -management_interface: - int: eth0 - ip: 100.123.0.19 - mask: 16 -vm_user: jcluser diff --git a/ansible-ee/ebgp_wan_0.2-wan/host_vars/nita.yaml b/ansible-ee/ebgp_wan_0.2-wan/host_vars/nita.yaml deleted file mode 100755 index 68fa325..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/host_vars/nita.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -management_interface: - int: eth0 - ip: 100.123.0.16 - mask: 16 -vm_user: jcluser diff --git a/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml b/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml deleted file mode 100755 index c62c4ed..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe1.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -core_interfaces: -- desc: '*** to dc1-borderleaf1 ***' - int: ge-0/0/0 - ip: 10.32.6.2 - mask: 30 -- desc: '*** to dc1-borderleaf2 ***' - int: ge-0/0/2 - ip: 10.32.10.2 - mask: 30 -- desc: '*** to wan-pe2 ***' - int: ge-0/0/1 - ip: 10.32.1.1 - mask: 30 -healthbot_device_group: wan -loopback_ip: 10.52.100.1 -management_interface: - int: fxp0 - ip: 100.123.1.0 - mask: 16 -underlay_ebgp: -- autonomous_system: 65400 - group: IPCLOS_eBGP - neighbors: - - asn: 65401 - name: 10.32.1.2 - - asn: 65506 - name: 10.32.6.1 - - asn: '65507' - name: 10.32.10.1 diff --git a/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml b/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml deleted file mode 100755 index c3208fb..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/host_vars/wan-pe2.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -core_interfaces: -- desc: '*** to dc2-spine1 ***' - int: ge-0/0/1 - ip: 10.32.12.2 - mask: 30 -- desc: '*** to dc2-spine2 ***' - int: ge-0/0/2 - ip: 10.32.2.2 - mask: 30 -- desc: '*** to wan-pe1 ***' - int: ge-0/0/0 - ip: 10.32.1.2 - mask: 30 -healthbot_device_group: wan -loopback_ip: 10.52.100.2 -management_interface: - int: fxp0 - ip: 100.123.1.1 - mask: 16 -underlay_ebgp: -- autonomous_system: 65401 - group: IPCLOS_eBGP - neighbors: - - asn: 65400 - name: 10.32.1.1 - - asn: '65520' - name: 10.32.2.1 - - asn: 65521 - name: 10.32.12.1 diff --git a/ansible-ee/ebgp_wan_0.2-wan/hosts b/ansible-ee/ebgp_wan_0.2-wan/hosts deleted file mode 100755 index 3da9b88..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/hosts +++ /dev/null @@ -1,15 +0,0 @@ -[all:children] -routers -contrail -build - -[routers] -wan-pe1 -wan-pe2 - -[contrail] -healthbot - -[build] -nita - diff --git a/ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml b/ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml deleted file mode 100644 index ac03c15..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/make_clean.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** -- name: Creating build directories for each host - hosts: all - connection: local - ignore_errors: yes - vars: - ansible_python_interpreter: /usr/bin/python3 - tasks: - - name: remove host build temp directory - file: path={{ build_dir }} state=absent - - name: create host build temp directory - file: path={{ tmp_dir }} state=directory mode=0777 - - name: create ansible log directory for config diff during push - file: path={{ build_dir }}/log state=directory mode=0777 - - name: create ansible log file - file: path={{ log }} state=touch mode=0666 diff --git a/ansible-ee/ebgp_wan_0.2-wan/make_etc_hosts.yaml b/ansible-ee/ebgp_wan_0.2-wan/make_etc_hosts.yaml deleted file mode 100644 index b205f94..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/make_etc_hosts.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** -- name: Creating /etc/hosts file - hosts: all - connection: local - vars: - ansible_python_interpreter: /usr/bin/python3 - tasks: - - name: Add host to /etc/hosts - shell: bash make_hosts_entry.sh {{ inventory_hostname }} {{ management_interface.ip }} diff --git a/ansible-ee/ebgp_wan_0.2-wan/make_hosts_entry.sh b/ansible-ee/ebgp_wan_0.2-wan/make_hosts_entry.sh deleted file mode 100644 index 87899e2..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/make_hosts_entry.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** - -HOST=$1 -IP=$2 - -if ! grep " $HOST$" /etc/hosts >/dev/null 2>&1; then - sudo bash -c 'echo "'$IP' '$HOST'" >> /etc/hosts' -fi - diff --git a/ansible-ee/ebgp_wan_0.2-wan/netbox.sh b/ansible-ee/ebgp_wan_0.2-wan/netbox.sh deleted file mode 100644 index 705ac52..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/netbox.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** - -rm -f ~/.ssh/known_hosts -temp_dir=$1 -build_dir=/var/tmp/build - -if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then - build_dir=$temp_dir -fi - -ansible-playbook -i hosts netbox/sites.yaml --extra-vars "build_dir=$build_dir" -touch $build_dir/ansible-run.log -sudo chmod 664 $build_dir/ansible-run.log diff --git a/ansible-ee/ebgp_wan_0.2-wan/netbox/netbox_device.yaml b/ansible-ee/ebgp_wan_0.2-wan/netbox/netbox_device.yaml deleted file mode 100644 index 4201e8f..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/netbox/netbox_device.yaml +++ /dev/null @@ -1,35 +0,0 @@ -- name: Device - netbox_device: - netbox_url: "{{ netbox_url }}" - netbox_token: "{{ netbox_token }}" - data: - name: "{{ inventory_hostname }}" - device_type: "{{ device_type }}" - device_role: "{{ device_role }}" - site: "{{ netbox_site_name }}" - state: present - validate_certs: false - -- name: Managment Interface - netbox_device_interface: - netbox_url: "{{ netbox_url }}" - netbox_token: "{{ netbox_token }}" - data: - device: "{{ inventory_hostname }}" - name: "{{ management_interface.int }}" - type: virtual - mgmt_only: true - state: present - validate_certs: false - -- name: Management IP Address - netbox_ip_address: - netbox_url: "{{ netbox_url }}" - netbox_token: "{{ netbox_token }}" - data: - address: "{{ management_interface.ip }}/{{ management_interface.mask }}" - interface: - name: "{{ management_interface.int }}" - device: "{{ inventory_hostname }}" - state: present - validate_certs: false diff --git a/ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml deleted file mode 100644 index b87abeb..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/netbox/sites.yaml +++ /dev/null @@ -1,122 +0,0 @@ ---- -- import_playbook: ../make_clean.yaml -- import_playbook: ../make_etc_hosts.yaml - -- name: "Create API Token in Netbox" - connection: local - hosts: nita - gather_facts: false - - tasks: - - name: Bash script to create an API Token in Netbox - shell: | - HOST='{{ netbox_url }}' - USER='{{ netbox_user }}' - PASS='{{ netbox_pass }}' - KEY='{{ netbox_token }}' - - DJANGO_LOGIN=$HOST/login/ - DJANGO_API_TOKEN=$HOST/user/api-tokens/add/ - - COOKIES=cookies.txt - DATAFILE=curl-data.txt - - CURL_BIN="curl --insecure -s -c $COOKIES -b $COOKIES -e $DJANGO_LOGIN" - - function django_token { - echo "csrfmiddlewaretoken=$(grep csrftoken $COOKIES | sed 's/^.*csrftoken\s*//')" - } - - umask 0007 - - echo -n "Django Auth: get csrftoken ..." - $CURL_BIN $DJANGO_LOGIN > /dev/null - - echo -n " perform login ..." - echo "`django_token`;username=$USER;password=$PASS" > $DATAFILE - $CURL_BIN -X POST -d @$DATAFILE $DJANGO_LOGIN > /dev/null - - echo -n " create API Token ..." - echo "`django_token`;key=$KEY;write_enabled=true" > $DATAFILE - $CURL_BIN -X POST -d @$DATAFILE $DJANGO_API_TOKEN > /dev/null - - echo " logout" - rm $COOKIES $DATAFILE - args: - chdir: ~ - -- name: "Create Site, Roles, Types and Manufacturers" - connection: local - hosts: nita - gather_facts: false - collections: - - netbox.netbox - - tasks: - - name: Sites - netbox_site: - netbox_url: "{{ netbox_url }}" - netbox_token: "{{ netbox_token }}" - data: - name: "{{ netbox_site_name }}" - state: present - validate_certs: false - - - name: Device Roles - netbox_device_role: - netbox_url: "{{ netbox_url }}" - netbox_token: "{{ netbox_token }}" - data: - name: "{{ item.name }}" - slug: "{{ item.slug }}" - color: "{{ item.color }}" - state: present - validate_certs: false - loop: - - { name: 'Leaf', slug: 'leaf', color: '2f6a31'} - - { name: 'Spine', slug: 'spine', color: 'cddc39'} - - { name: 'BMS', slug: 'bms', color: '607d8b'} - - { name: 'WAN', slug: 'wan', color: 'fc03f8'} - loop_control: - label: "{{ item.name }}" - - - name: Manufacturers - netbox_manufacturer: - netbox_url: "{{ netbox_url }}" - netbox_token: "{{ netbox_token }}" - data: - name: Juniper - slug: jnpr - state: present - validate_certs: false - - - name: Device Types - netbox_device_type: - netbox_url: "{{ netbox_url }}" - netbox_token: "{{ netbox_token }}" - data: - model: "{{ item.model }}" - manufacturer: "{{ item.manufacturer }}" - slug: "{{ item.slug }}" - state: present - validate_certs: false - loop: - - { model: 'Switch', manufacturer: 'jnpr', slug: 'switch'} - - { model: 'Server', manufacturer: 'jnpr', slug: 'server'} - - { model: 'Router', manufacturer: 'jnpr', slug: 'router'} - loop_control: - label: "{{ item.model }}" - -- name: "Create Devices (PEs)" - connection: local - hosts: routers - gather_facts: false - collections: - - netbox.netbox - - tasks: - - include_tasks: netbox_device.yaml - vars: - device_type: router - device_role: wan - diff --git a/ansible-ee/ebgp_wan_0.2-wan/project.yaml b/ansible-ee/ebgp_wan_0.2-wan/project.yaml deleted file mode 100755 index 12c97af..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/project.yaml +++ /dev/null @@ -1,42 +0,0 @@ -action: -- category: BUILD - configuration: - shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" - -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 - /bin/bash -c "cd ${WORKSPACE}; bash build.sh ${build_dir}" - jenkins_url: build_vmx_wan-wan - name: Build(wan) -- category: BUILD - configuration: - shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" - -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 - /bin/bash -c "cd ${WORKSPACE}; bash dump.sh ${build_dir}" - jenkins_url: dump_vmx_wan-wan - name: Dump configuration(wan) -- category: TEST - configuration: - output_path: test/outputs/ - shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" - -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 - /bin/bash -c "cd ${WORKSPACE}; bash test_setup.sh ${build_dir}" write_yaml_files.py; - docker run -u root -v "/var/nita_project:/project:rw" -v "/var/nita_configs:/var/tmp/build:rw" - --rm --name robot -e ROBOT_OPTIONS="-d ${PWD}/test/outputs" juniper/nita-robot:21.7-1 - /bin/bash -c "cd ${WORKSPACE}; bash test.sh" - jenkins_url: test_vmx_wan-wan - name: Test(wan) -- category: BUILD - configuration: - shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" - -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 - /bin/bash -c "cd ${WORKSPACE}; bash netbox.sh ${build_dir}" - jenkins_url: netbox_population-wan - name: Netbox Population(wan) -- category: BUILD - configuration: - shell_command: write_yaml_files.py; docker run -u root -v "/var/nita_project:/project:rw" - -v "/var/nita_configs:/var/tmp/build:rw" --rm --name ansible juniper/nita-ansible:21.7-1 - /bin/bash -c "cd ${WORKSPACE}; bash healthbot.sh ${build_dir}" - jenkins_url: healthbot_population-wan - name: HealthBot Population(wan) -description: wan created using the NITA webapp -name: wan diff --git a/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/tasks/main.yaml b/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/tasks/main.yaml deleted file mode 100644 index 60c0370..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Creating common SNMP config - template: src=mx_system.j2 dest={{ tmp_dir }}/mx_system.cfg diff --git a/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/templates/mx_system.j2 b/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/templates/mx_system.j2 deleted file mode 100644 index fdcf007..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/roles/mx_common/templates/mx_system.j2 +++ /dev/null @@ -1,62 +0,0 @@ -system { - host-name {{ inventory_hostname }}; - root-authentication { - encrypted-password "{{ password_hashes.root_user }}"; ## SECRET-DATA - } - scripts { - language python; - } - login { - message "{{ login_message }}"; - user jcluser { - uid 2000; - class super-user; - authentication { - encrypted-password "{{ password_hashes.netadmin_user }}"; ## SECRET-DATA - } - } - } - services { - ssh { - root-login allow; - } - netconf { - ssh; - } - rest { - http { - port 3000; - } - enable-explorer; - } - } - syslog { - user * { - any emergency; - } - file messages { - any notice; - authorization info; - } - file interactive-commands { - interactive-commands any; - } - } - processes { - dhcp-service { - traceoptions { - file dhcp_logfile size 10m; - level all; - flag packet; - } - } - } - {% if ntp_server is defined %} - ntp { - server {{ ntp_server }}; - } - {% endif %} - {% if time_zone is defined %} - time-zone {{ time_zone }}; - {% endif %} -} diff --git a/ansible-ee/ebgp_wan_0.2-wan/test.sh b/ansible-ee/ebgp_wan_0.2-wan/test.sh deleted file mode 100644 index 0ea0fa5..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** - -umask 0002 - -# Creating of result files and making them R/W by everybody -mkdir -p test/outputs -mkdir -p test/resource_files/tmp -touch test/outputs/output.xml -touch test/outputs/log.html -touch test/outputs/report.html - -export PYTHONPATH=libraries - -(cd test && robot -C ansi -L TRACE tests/) - -chmod -R 777 test/tests -chmod -R 777 test/resource_files/tmp -chmod -R 777 test/outputs - diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/.DS_Store b/ansible-ee/ebgp_wan_0.2-wan/test/.DS_Store deleted file mode 100644 index 79bc1ce52e6930855222eae31cd989ab07a1095f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKPfNov6i>FPEh6q9sJC3a?Xa;q^&pfw58i}|9#poL4Oi&ev33rvm3|KWMt%Xm zj_)PeaBQ9gk@4Pm`Mtb93HfCt4P%Vk<8Fdh=OjopLV=|yMo^qjtAuWyQA4*x|d+Zw0v z4#twTK02c?h{6YmPAjJsgv0YFL`!3?P#zu7 z;O8U8ONc07<68nzXtXru3Lyf*RVkn<<@$-iRXO;D&a*V;3ROAda%LDu&&>4;h0EE& zFJwC7mO^TY0b*dDfuib`@%}&m`Taj%L_K1F7+5I=c&X*IY*>=MTNf6GcdY>JfTCbt nu5eZYhP;X)7q8+yP$}RSXaHIobA{jmp$`E`12x3JpEB?TZj)3B diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/test/.gitignore deleted file mode 100644 index 247eb21..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -*.html -output.xml -sites.retry -resource_files/resources.txt -tests/02_* -tests/04_* diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/resource_files/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/test/resource_files/.gitignore deleted file mode 100644 index f935021..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test/resource_files/.gitignore +++ /dev/null @@ -1 +0,0 @@ -!.gitignore diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml b/ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml deleted file mode 100644 index c001882..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test/sites.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** -- import_playbook: ../make_clean.yaml -- import_playbook: ../make_etc_hosts.yaml - -- hosts: routers - connection: local - vars: - ansible_python_interpreter: /usr/bin/python3 - tasks: - - name: Create shared resource file - run_once: true - template: - src: resources.txt.j2 - dest: "resource_files/resources.txt" - - name: Create box tests - template: - src: 02_box_tests.robot.j2 - dest: "tests/02_{{ inventory_hostname }}.robot" - - name: Create connectivity tests - template: - src: 04_connectivity.robot.j2 - dest: "tests/04_{{ inventory_hostname }}.robot" - - name: Create bgp tests - template: - src: 09_bgp_routers.robot.j2 - dest: "tests/09_{{ inventory_hostname }}.robot" diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/.gitkeep b/ansible-ee/ebgp_wan_0.2-wan/test/templates/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/02_box_tests.robot.j2 b/ansible-ee/ebgp_wan_0.2-wan/test/templates/02_box_tests.robot.j2 deleted file mode 100644 index 5447b10..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test/templates/02_box_tests.robot.j2 +++ /dev/null @@ -1,90 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-webapp -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -*** Settings *** -Documentation Box Test cases - -Resource ${EXECDIR}/resource_files/resources.txt -Resource ${JUNIPER_COMMON}/resource_files/show_cmd_keywords.txt -Resource ${JUNIPER_COMMON}/resource_files/device_resources.txt - -Suite Setup Device Open Connection ${device} -Suite Teardown Device Close Connection ${device} - -*** Variables *** - -# Device to test against -${device}= {{ inventory_hostname | replace("-", "_") }} -# Time diff against UTC -${time_diff}= + 0 minutes - -*** Keywords *** - -*** Test Cases *** - -T1.1: CHECK SYSTEM SOFTWARE VERSION - [Documentation] Objective: Check software version - [Tags] SYSTEM SWITCH SOFTWARE - Check Software Version ${device} {{ OS_version }} - -T1.2: CHECK SYSTEM USER - [Documentation] Objective: Check System User Information - [Tags] SYSTEM USER - Check System User Information ${device} - -T1.3: CHECK CONFIGURATION - [Documentation] Objective: Check configuration for the device - [Tags] SYSTEM CONFIGURATION - Check Configuration ${device} - -T1.4: SHOW ROUTING TABLE - [Documentation] Objective: Check routing table - [Tags] SYSTEM SWITCH - Check Routing Table ${device} - -T1.5: SHOW PFE STATISTICS LOCAL TRAFFIC - [Documentation] Objective: Check PFE statistics - [Tags] SYSTEM SWITCH - Check PFE Statistics Local Traffic ${device} - -T1.6: CHECK SYSTEM CURRENT TIME - [Documentation] Objective: Check system current time - [Setup] Run Keyword ${device}.Commands Executor command=set date ntp 192.168.56.11 format=text - [Tags] SYSTEM SWITCH - Check System Current Time ${device} ${time_diff} - -T1.7: CHECK NO CHASSIS ALARMS - [Documentation] Objective: Check there are no chassis alarms - [Tags] SYSTEM SWITCH ALARMS - Check No Chassis Alarms ${device} - -T1.8: CHECK NO SYSTEM ALARMS - [Documentation] Objective: Check there are no system alarms - [Tags] SYSTEM SWITCH ALARMS - Check No System Alarms ${device} - -T1.9: CHECK NO CORE DUMPS PRESENT - [Documentation] Objective: Check there are no core dumps present - [Tags] SYSTEM SWITCH ALARMS - Check Core Dumps ${device} - -T1.10: CHECK '/dev/ad0s1a' PARTITION HAVE ENOUGH FREE SPACE FOR UPGRADE - [Documentation] Objective: Check '/dev/ad0s1a' partition have at least 400MB for upgrade - [Tags] SYSTEM SWITCH - Check Partition ${device} - -T1.11: CHECK FPC IS ONLINE - [Documentation] Objective: Check FPC is Online - [Tags] SYSTEM SWITCH - Check FPC Is Online ${device} diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/04_connectivity.robot.j2 b/ansible-ee/ebgp_wan_0.2-wan/test/templates/04_connectivity.robot.j2 deleted file mode 100644 index 534f014..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test/templates/04_connectivity.robot.j2 +++ /dev/null @@ -1,46 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-webapp -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -*** Settings *** -Documentation DC Connectivity Test cases - -Resource ${EXECDIR}/resource_files/resources.txt -Resource ${JUNIPER_COMMON}/resource_files/connectivity_resources.txt -Resource ${JUNIPER_COMMON}/resource_files/device_resources.txt - -Suite Setup Device Open Connection {{ inventory_hostname | replace("-", "_") }} -Suite Teardown Device Close Connection {{ inventory_hostname | replace("-", "_") }} - -*** Variables *** - -${output_directory}= ${CURDIR} -${path}= ${CURDIR} - -*** Keywords *** - -*** Test Cases *** - -{% for interface in core_interfaces %} -T4.{{ inventory_hostname | replace("-", "_") }}.{{ interface.int }}: PING TEST {{ inventory_hostname | replace("-", "_") }} LINK {{ interface.desc }} - [Documentation] Objective: Check {{ inventory_hostname }} to {{ interface.desc }} - [Tags] CONNECTIVITY {{ inventory_hostname }} {{ interface.desc }} - -{% if interface.ip | regex_search("\.1$") %} - Ping Test From Device {{ inventory_hostname | replace("-", "_") }} {{ interface.ip | regex_replace("\.1$", ".2")}} -{% else %} - Ping Test From Device {{ inventory_hostname | replace("-", "_") }} {{ interface.ip | regex_replace("\.2$", ".1")}} -{% endif %} - - -{% endfor %} diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/09_bgp_routers.robot.j2 b/ansible-ee/ebgp_wan_0.2-wan/test/templates/09_bgp_routers.robot.j2 deleted file mode 100644 index 525ad67..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test/templates/09_bgp_routers.robot.j2 +++ /dev/null @@ -1,37 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-webapp -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -*** Settings *** -Documentation DC BGP Test cases - -Resource ${EXECDIR}/resource_files/resources.txt -Resource ${JUNIPER_COMMON}/resource_files/device_resources.txt -Resource ${JUNIPER_COMMON}/resource_files/show_cmd_keywords.txt - -Suite Setup Device Open Connection {{ inventory_hostname | replace("-","_") }} -Suite Teardown Device Close Connection {{ inventory_hostname | replace("-","_") }} - -*** Variables *** - -${output_directory}= ${CURDIR} -${path}= ${CURDIR} - -*** Keywords *** - -*** Test Cases *** -T9.{{ inventory_hostname | replace("-","_") }}: BGP NEIGHBORS {{ inventory_hostname }} - [Documentation] Objective: Check BGP is working on {{ inventory_hostname }} - [Tags] BGP - Check BGP Neighbors {{ inventory_hostname | replace("-","_") }} {{ underlay_ebgp[0].neighbors|length }} - diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/templates/resources.txt.j2 b/ansible-ee/ebgp_wan_0.2-wan/test/templates/resources.txt.j2 deleted file mode 100644 index 81a4b2d..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test/templates/resources.txt.j2 +++ /dev/null @@ -1,28 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-webapp -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -*** Settings *** -Documentation A resource file with reusable keywords and variables -Variables ${JUNIPER_COMMON}/variables_file/variables.py -Resource ${JUNIPER_COMMON}/resource_files/common.txt -{% for device in ansible_play_hosts_all %} -Library ${JUNIPER_COMMON}/libraries/pybot_jrouter.py user=${user} target=${ {{ device | replace("-", "_") }}_mgmt_ip } password=${password} WITH NAME {{ device | replace("-", "_") }} -{% endfor %} - -*** Variables *** -${JUNIPER_COMMON}= /usr/share/nita-robot/robot-resources - -*** Keywords *** - - diff --git a/ansible-ee/ebgp_wan_0.2-wan/test/tests/.gitignore b/ansible-ee/ebgp_wan_0.2-wan/test/tests/.gitignore deleted file mode 100644 index f935021..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test/tests/.gitignore +++ /dev/null @@ -1 +0,0 @@ -!.gitignore diff --git a/ansible-ee/ebgp_wan_0.2-wan/test_setup.sh b/ansible-ee/ebgp_wan_0.2-wan/test_setup.sh deleted file mode 100644 index 239101d..0000000 --- a/ansible-ee/ebgp_wan_0.2-wan/test_setup.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-webapp -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** - -rm -f ~/.ssh/known_hosts -temp_dir=$1 -current_dir=`pwd` -base=`basename $current_dir` -build_dir=/var/tmp/build/$base - -if [ $# -ne 0 ] && [ "$temp_dir" != "None" ]; then - build_dir=$temp_dir -fi - -ansible-playbook -i hosts test/sites.yaml --extra-vars "build_dir=$build_dir" -touch $build_dir/ansible-run.log -sudo chmod 664 $build_dir/ansible-run.log From ca2dec1b1c8e60de4a70646d9488b3b2a54f9d85 Mon Sep 17 00:00:00 2001 From: wildsubnet Date: Wed, 31 Aug 2022 13:49:13 -0700 Subject: [PATCH 12/27] Updated container to use Juniper.junos rather than juniper.junos --- ansible-ee/context/Dockerfile | 1 + ansible-ee/context/_build/requirements.yml | 2 +- .../network-roles/mx_common/install.sh | 8 +++ .../network-roles/mx_common/tasks/main.yaml | 3 + .../mx_common/templates/mx_system.j2 | 62 +++++++++++++++++++ ansible-ee/nita-ansible-ee.yml | 1 + ansible-ee/requirements.yml | 2 +- 7 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 ansible-ee/context/network-roles/mx_common/install.sh create mode 100644 ansible-ee/context/network-roles/mx_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 diff --git a/ansible-ee/context/Dockerfile b/ansible-ee/context/Dockerfile index fa46636..cb065dc 100644 --- a/ansible-ee/context/Dockerfile +++ b/ansible-ee/context/Dockerfile @@ -33,3 +33,4 @@ RUN cd network-roles/evpn-vxlan-fi && bash install.sh RUN cd network-roles/evpn-vxlan-erb && bash install.sh RUN cd network-roles/evpn-vxlan-hb && bash install.sh RUN cd network-roles/evpn-vxlan-sb && bash install.sh +COPY network-roles/mx_common/ /etc/ansible/roles/mx_common diff --git a/ansible-ee/context/_build/requirements.yml b/ansible-ee/context/_build/requirements.yml index 4f5eeb4..9c94914 100644 --- a/ansible-ee/context/_build/requirements.yml +++ b/ansible-ee/context/_build/requirements.yml @@ -1,7 +1,7 @@ --- roles: # Install a role from Ansible Galaxy. - - name: juniper.junos + - name: Juniper.junos version: '2.4.3' collections: diff --git a/ansible-ee/context/network-roles/mx_common/install.sh b/ansible-ee/context/network-roles/mx_common/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/mx_common/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/mx_common/tasks/main.yaml b/ansible-ee/context/network-roles/mx_common/tasks/main.yaml new file mode 100644 index 0000000..60c0370 --- /dev/null +++ b/ansible-ee/context/network-roles/mx_common/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Creating common SNMP config + template: src=mx_system.j2 dest={{ tmp_dir }}/mx_system.cfg diff --git a/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 b/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 new file mode 100644 index 0000000..fdcf007 --- /dev/null +++ b/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 @@ -0,0 +1,62 @@ +system { + host-name {{ inventory_hostname }}; + root-authentication { + encrypted-password "{{ password_hashes.root_user }}"; ## SECRET-DATA + } + scripts { + language python; + } + login { + message "{{ login_message }}"; + user jcluser { + uid 2000; + class super-user; + authentication { + encrypted-password "{{ password_hashes.netadmin_user }}"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + netconf { + ssh; + } + rest { + http { + port 3000; + } + enable-explorer; + } + } + syslog { + user * { + any emergency; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + processes { + dhcp-service { + traceoptions { + file dhcp_logfile size 10m; + level all; + flag packet; + } + } + } + {% if ntp_server is defined %} + ntp { + server {{ ntp_server }}; + } + {% endif %} + {% if time_zone is defined %} + time-zone {{ time_zone }}; + {% endif %} +} diff --git a/ansible-ee/nita-ansible-ee.yml b/ansible-ee/nita-ansible-ee.yml index 7000a3d..a117486 100644 --- a/ansible-ee/nita-ansible-ee.yml +++ b/ansible-ee/nita-ansible-ee.yml @@ -15,3 +15,4 @@ additional_build_steps: - RUN cd network-roles/evpn-vxlan-erb && bash install.sh - RUN cd network-roles/evpn-vxlan-hb && bash install.sh - RUN cd network-roles/evpn-vxlan-sb && bash install.sh + - COPY network-roles/mx_common/ /etc/ansible/roles/mx_common diff --git a/ansible-ee/requirements.yml b/ansible-ee/requirements.yml index 4f5eeb4..9c94914 100644 --- a/ansible-ee/requirements.yml +++ b/ansible-ee/requirements.yml @@ -1,7 +1,7 @@ --- roles: # Install a role from Ansible Galaxy. - - name: juniper.junos + - name: Juniper.junos version: '2.4.3' collections: From 7d3030a89a9b16aef20b2efab423ba6136b22f2f Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Thu, 22 Sep 2022 13:07:02 -0700 Subject: [PATCH 13/27] Updated EE container build configs --- ansible-ee/bindep.txt | 4 ++++ ansible-ee/context/Dockerfile | 7 ++++++- ansible-ee/context/_build/bindep.txt | 4 ++++ ansible-ee/context/_build/requirements.txt | 1 + ansible-ee/nita-ansible-ee.yml | 6 ++++++ ansible-ee/requirements.txt | 1 + 6 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 ansible-ee/bindep.txt create mode 100644 ansible-ee/context/_build/bindep.txt diff --git a/ansible-ee/bindep.txt b/ansible-ee/bindep.txt new file mode 100644 index 0000000..db1a0d7 --- /dev/null +++ b/ansible-ee/bindep.txt @@ -0,0 +1,4 @@ +python38-devel [platform:rpm compile] +subversion [platform:rpm] +subversion [platform:dpkg] +git-lfs [platform:rpm] diff --git a/ansible-ee/context/Dockerfile b/ansible-ee/context/Dockerfile index cb065dc..de92e99 100644 --- a/ansible-ee/context/Dockerfile +++ b/ansible-ee/context/Dockerfile @@ -16,11 +16,14 @@ FROM $EE_BUILDER_IMAGE as builder COPY --from=galaxy /usr/share/ansible /usr/share/ansible ADD _build/requirements.txt requirements.txt -RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt +ADD _build/bindep.txt bindep.txt +RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt RUN assemble FROM $EE_BASE_IMAGE USER root +RUN whoami +RUN cat /etc/os-release COPY --from=galaxy /usr/share/ansible /usr/share/ansible @@ -34,3 +37,5 @@ RUN cd network-roles/evpn-vxlan-erb && bash install.sh RUN cd network-roles/evpn-vxlan-hb && bash install.sh RUN cd network-roles/evpn-vxlan-sb && bash install.sh COPY network-roles/mx_common/ /etc/ansible/roles/mx_common +RUN mkdir -p /var/nita_configs +RUN mkdir -p /var/tmp/build diff --git a/ansible-ee/context/_build/bindep.txt b/ansible-ee/context/_build/bindep.txt new file mode 100644 index 0000000..db1a0d7 --- /dev/null +++ b/ansible-ee/context/_build/bindep.txt @@ -0,0 +1,4 @@ +python38-devel [platform:rpm compile] +subversion [platform:rpm] +subversion [platform:dpkg] +git-lfs [platform:rpm] diff --git a/ansible-ee/context/_build/requirements.txt b/ansible-ee/context/_build/requirements.txt index c894174..a0a10f0 100644 --- a/ansible-ee/context/_build/requirements.txt +++ b/ansible-ee/context/_build/requirements.txt @@ -2,3 +2,4 @@ junos-eznc pynetbox jxmlease xmltodict +dos2unix diff --git a/ansible-ee/nita-ansible-ee.yml b/ansible-ee/nita-ansible-ee.yml index a117486..93b030e 100644 --- a/ansible-ee/nita-ansible-ee.yml +++ b/ansible-ee/nita-ansible-ee.yml @@ -5,8 +5,12 @@ build_arg_defaults: dependencies: galaxy: requirements.yml python: requirements.txt + system: bindep.txt additional_build_steps: + prepend: | + RUN whoami + RUN cat /etc/os-release append: - COPY network-roles network-roles - RUN cd network-roles/ebgp-ip-fabric && bash install.sh @@ -16,3 +20,5 @@ additional_build_steps: - RUN cd network-roles/evpn-vxlan-hb && bash install.sh - RUN cd network-roles/evpn-vxlan-sb && bash install.sh - COPY network-roles/mx_common/ /etc/ansible/roles/mx_common + - RUN mkdir -p /var/nita_configs + - RUN mkdir -p /var/tmp/build diff --git a/ansible-ee/requirements.txt b/ansible-ee/requirements.txt index c894174..a0a10f0 100644 --- a/ansible-ee/requirements.txt +++ b/ansible-ee/requirements.txt @@ -2,3 +2,4 @@ junos-eznc pynetbox jxmlease xmltodict +dos2unix From ce67cda8daf8d29228d65bddfe3564966520396c Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Thu, 22 Sep 2022 13:44:58 -0700 Subject: [PATCH 14/27] Update README.md Updated build and testing information for NITA ebgp_wan example. --- ansible-ee/README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/ansible-ee/README.md b/ansible-ee/README.md index 60f81bb..3cc9a58 100644 --- a/ansible-ee/README.md +++ b/ansible-ee/README.md @@ -1,3 +1,5 @@ +

AWX Execution Environment

+ Files located in this directory are used to create ansible execution environment for AWX/Ansible Tower. the ```build-container.sh``` script calls ansible-builder, which needs to be installed using pip (see https://ansible-builder.readthedocs.io/en/stable/installation/). Ansible-builder requires python3.8 or later to execute. You can also build the container directly by issuing the following commands: ``` @@ -17,3 +19,44 @@ After this simply define the localhost:5000/ansible-ee in your definition for an ![image](https://user-images.githubusercontent.com/6110061/187557638-8b0e00bf-9cfc-4f53-9ef3-c97e7fdf0ad0.png) +

Notes

+ ++ The file ``bindep.txt`` and related configuration in ``nita-ansible-ee.yml`` are here for completeness. AWX documentation and some blogs indicated it is required although container seemed to build and operate fine without it. ++ This container is being tested against a version of the ebgp-wan example from the NITA project. Current files for the AWX test version can be found at https://github.com/wildsubnet/awx-test. There are certain incompatiabilities between NITA environment and AWX need to be worked out (see todo list below) + +## To-Do + +* Persistence for generated configuration files. Playbooks are running and configurations seem to be getting generated but they are lost as soon as the environment is stopped. Will need a mechanism to save configuration files. +* Final build action (junos_commit_config) fails when trying to move generated Junos config file from ``/root/.ansible/`` temporary working folder to ``/var/tmp/build//`` folder, which does not exist. Further investigation needed why sub-folders are not getting built. +* Currently in order to get playbooks to run variables need to be manually loaded into AWX. While AWX loads the variable files under ``group_vars`` and ``hosts_vars`` folders as part of the project fetch, they are ignored. +* Name resolution for hosts. NITA builds ``/etc/host`` file using shell scripts, need to find alternative for AWX EE environment. + + + +## AWX Screenshots + +How the NITA example data is being loaded into AWX for testing (as of September 22, 2022). + +### Template +![image](https://user-images.githubusercontent.com/6110061/191846632-018f1318-fa5a-4c45-99ee-7c4989afa1d6.png) + +### Project + +![image](https://user-images.githubusercontent.com/6110061/191846831-1f8644e1-96e2-496d-b77e-5a127d46ea61.png) + +### Inventories + +Note the variable data from ``groups_vars`` + +![image](https://user-images.githubusercontent.com/6110061/191847011-f2759976-4ef9-4eb4-ab93-0b4fbbb51673.png) + +### Hosts + +Each individual host has ``host_vars`` defined here + +![image](https://user-images.githubusercontent.com/6110061/191847136-9caa10a3-8e34-4c23-8c3b-60f88502c7cd.png) +![image](https://user-images.githubusercontent.com/6110061/191847262-1cefe0fa-5960-4513-8c06-a37247fa4aa3.png) + + + + From d8688bbc00e532865179352adfb23ae7acf1bdec Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Tue, 1 Nov 2022 08:07:13 -0700 Subject: [PATCH 15/27] Updated dockerfile to alpine 3.16.2 Ansible release stays the same --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index aa251c6..637d3f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # # ******************************************************** -FROM amd64/alpine:3.16.1 +FROM amd64/alpine:3.16.2 # ==> Specify Python requirements filename; default = "requirements.txt" # ==> Specify Ansible requirements filename; default = "requirements.yml" From 86852d4ee5d22e12842eb827a987754a36041a44 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Fri, 2 Dec 2022 14:02:56 -0800 Subject: [PATCH 16/27] Update README.md --- ansible-ee/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-ee/README.md b/ansible-ee/README.md index 3cc9a58..5642dda 100644 --- a/ansible-ee/README.md +++ b/ansible-ee/README.md @@ -29,7 +29,7 @@ After this simply define the localhost:5000/ansible-ee in your definition for an * Persistence for generated configuration files. Playbooks are running and configurations seem to be getting generated but they are lost as soon as the environment is stopped. Will need a mechanism to save configuration files. * Final build action (junos_commit_config) fails when trying to move generated Junos config file from ``/root/.ansible/`` temporary working folder to ``/var/tmp/build//`` folder, which does not exist. Further investigation needed why sub-folders are not getting built. * Currently in order to get playbooks to run variables need to be manually loaded into AWX. While AWX loads the variable files under ``group_vars`` and ``hosts_vars`` folders as part of the project fetch, they are ignored. -* Name resolution for hosts. NITA builds ``/etc/host`` file using shell scripts, need to find alternative for AWX EE environment. +* Name resolution for hosts. NITA builds ``/etc/host`` file using shell scripts, need to find alternative for AWX EE environment. According to this https://github.com/ansible/awx/issues/1125 dynamically updating /etc/host file may not be feasible. In that case, we'd need to rely on external DNS resolution and/or manually updating k8s config files and restarting pod, which is not ideal. From b9c0914b462fcdc6f1028648d5f54aa92a2db6b5 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Fri, 2 Dec 2022 14:22:27 -0800 Subject: [PATCH 17/27] Delete ansible-ee directory --- ansible-ee/README.md | 62 --------- ansible-ee/ansible.cfg | 7 - ansible-ee/bindep.txt | 4 - ansible-ee/build_container.sh | 17 --- ansible-ee/context/Dockerfile | 41 ------ ansible-ee/context/_build/bindep.txt | 4 - ansible-ee/context/_build/requirements.txt | 5 - ansible-ee/context/_build/requirements.yml | 17 --- .../network-roles/ebgp-ip-fabric/.gitignore | 129 ------------------ .../network-roles/ebgp-ip-fabric/README.md | 2 - .../network-roles/ebgp-ip-fabric/install.sh | 8 -- .../roles/ebgp_ip_fabric/tasks/main.yaml | 16 --- .../templates/forwarding-options.j2 | 19 --- .../ebgp_ip_fabric/templates/interfaces.j2 | 42 ------ .../templates/policy-options.j2 | 45 ------ .../ebgp_ip_fabric/templates/protocols.j2 | 47 ------- .../templates/routing-options.j2 | 20 --- .../evpn-vxlan-common/.gitignore | 129 ------------------ .../network-roles/evpn-vxlan-common/README.md | 2 - .../evpn-vxlan-common/install.sh | 8 -- .../roles/evpn_vxlan_common/tasks/main.yaml | 7 - .../templates/evpn_routing_options.j2 | 23 ---- .../templates/policy_options.j2 | 71 ---------- .../roles/junos_commit_config/meta/main.yaml | 5 - .../roles/junos_commit_config/tasks/main.yaml | 42 ------ .../roles/junos_common/meta/main.yaml | 3 - .../roles/junos_common/tasks/main.yaml | 15 -- .../roles/junos_common/templates/chassis.j2 | 21 --- .../junos_common/templates/common_system.j2 | 35 ----- .../templates/management_interface.j2 | 28 ---- .../junos_common/templates/routing_options.j2 | 32 ----- .../roles/junos_common/templates/snmp.j2 | 23 ---- .../roles/junos_qfx_common/meta/main.yaml | 3 - .../roles/junos_qfx_common/tasks/main.yaml | 7 - .../junos_qfx_common/templates/system.j2 | 74 ---------- .../templates/vqfx_pfe_interface.j2 | 24 ---- .../network-roles/evpn-vxlan-erb/README.md | 2 - .../network-roles/evpn-vxlan-erb/install.sh | 8 -- .../roles/evpn_vxlan_erb_leaf/tasks/main.yaml | 3 - .../templates/ibgp_leaf.j2 | 54 -------- .../evpn_vxlan_erb_spine/tasks/main.yaml | 3 - .../templates/ibgp_spine_rr.j2 | 34 ----- .../roles/evpn_vxlan_policy/tasks/main.yaml | 3 - .../templates/evpn_policy.j2 | 55 -------- .../roles/evpn_vxlan_port/tasks/main.yaml | 3 - .../evpn_vxlan_port/templates/evpn_port.j2 | 74 ---------- .../roles/evpn_vxlan_vni/tasks/main.yaml | 4 - .../evpn_vxlan_vni/templates/evpn_vni.j2 | 40 ------ .../roles/evpn_vxlan_vrf/tasks/main.yaml | 3 - .../evpn_vxlan_vrf/templates/evpn_vrf.j2 | 93 ------------- .../network-roles/evpn-vxlan-fi/.gitignore | 129 ------------------ .../network-roles/evpn-vxlan-fi/README.md | 2 - .../network-roles/evpn-vxlan-fi/install.sh | 8 -- .../roles/evpn_vxlan_dci/tasks/main.yaml | 3 - .../templates/evpn_vxlan_dci.j2 | 48 ------- .../network-roles/evpn-vxlan-hb/.gitignore | 129 ------------------ .../network-roles/evpn-vxlan-hb/README.md | 2 - .../network-roles/evpn-vxlan-hb/install.sh | 8 -- .../files/commit_config.expect | 18 --- .../roles/healthbot_commit/tasks/main.yaml | 24 ---- .../roles/healthbot_config/tasks/main.yaml | 16 --- .../healthbot_config/templates/device.j2 | 36 ----- .../templates/device_group.j2 | 19 --- .../network-roles/evpn-vxlan-sb/.gitignore | 129 ------------------ .../network-roles/evpn-vxlan-sb/README.md | 2 - .../network-roles/evpn-vxlan-sb/install.sh | 8 -- .../roles/srx_common/meta/main.yaml | 3 - .../roles/srx_common/tasks/main.yaml | 10 -- .../roles/srx_common/templates/lldp.j2 | 19 --- .../roles/srx_common/templates/security.j2 | 84 ------------ .../roles/srx_common/templates/system.j2 | 69 ---------- .../roles/srx_firewall/meta/main.yaml | 3 - .../roles/srx_firewall/tasks/main.yaml | 16 --- .../roles/srx_firewall/templates/fabric.j2 | 43 ------ .../srx_firewall/templates/firewall_port.j2 | 74 ---------- .../roles/srx_firewall/templates/ospf.j2 | 23 ---- .../templates/security_policies.j2 | 34 ----- .../roles/srx_firewall/templates/zones.j2 | 39 ------ .../network-roles/mx_common/install.sh | 8 -- .../network-roles/mx_common/tasks/main.yaml | 3 - .../mx_common/templates/mx_system.j2 | 62 --------- ansible-ee/nita-ansible-ee.yml | 24 ---- ansible-ee/requirements.txt | 5 - ansible-ee/requirements.yml | 17 --- 84 files changed, 2533 deletions(-) delete mode 100644 ansible-ee/README.md delete mode 100644 ansible-ee/ansible.cfg delete mode 100644 ansible-ee/bindep.txt delete mode 100755 ansible-ee/build_container.sh delete mode 100644 ansible-ee/context/Dockerfile delete mode 100644 ansible-ee/context/_build/bindep.txt delete mode 100644 ansible-ee/context/_build/requirements.txt delete mode 100644 ansible-ee/context/_build/requirements.yml delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/README.md delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 delete mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/README.md delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/install.sh delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/README.md delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/README.md delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/README.md delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/README.md delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 delete mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 delete mode 100644 ansible-ee/context/network-roles/mx_common/install.sh delete mode 100644 ansible-ee/context/network-roles/mx_common/tasks/main.yaml delete mode 100644 ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 delete mode 100644 ansible-ee/nita-ansible-ee.yml delete mode 100644 ansible-ee/requirements.txt delete mode 100644 ansible-ee/requirements.yml diff --git a/ansible-ee/README.md b/ansible-ee/README.md deleted file mode 100644 index 5642dda..0000000 --- a/ansible-ee/README.md +++ /dev/null @@ -1,62 +0,0 @@ -

AWX Execution Environment

- -Files located in this directory are used to create ansible execution environment for AWX/Ansible Tower. the ```build-container.sh``` script calls ansible-builder, which needs to be installed using pip (see https://ansible-builder.readthedocs.io/en/stable/installation/). Ansible-builder requires python3.8 or later to execute. You can also build the container directly by issuing the following commands: - -``` -cd context -docker build --tag "juniper/nita-ansible-ee:22.9" . -``` - -AWX requires ansible EEs to be pulled from a repository. For testing purposes you can setup a local repository. See the instructions at https://www.docker.com/blog/how-to-use-your-own-registry-2/. After building the container, you can add a local repository as follows: - -``` -docker run -d -p 5000:5000 --restart always --name registry registry -docker tag "localhost:5000/ansible-ee" -docker push localhost:5000/ansible-ee -``` - -After this simply define the localhost:5000/ansible-ee in your definition for an Execution Environment in AWX: - -![image](https://user-images.githubusercontent.com/6110061/187557638-8b0e00bf-9cfc-4f53-9ef3-c97e7fdf0ad0.png) - -

Notes

- -+ The file ``bindep.txt`` and related configuration in ``nita-ansible-ee.yml`` are here for completeness. AWX documentation and some blogs indicated it is required although container seemed to build and operate fine without it. -+ This container is being tested against a version of the ebgp-wan example from the NITA project. Current files for the AWX test version can be found at https://github.com/wildsubnet/awx-test. There are certain incompatiabilities between NITA environment and AWX need to be worked out (see todo list below) - -## To-Do - -* Persistence for generated configuration files. Playbooks are running and configurations seem to be getting generated but they are lost as soon as the environment is stopped. Will need a mechanism to save configuration files. -* Final build action (junos_commit_config) fails when trying to move generated Junos config file from ``/root/.ansible/`` temporary working folder to ``/var/tmp/build//`` folder, which does not exist. Further investigation needed why sub-folders are not getting built. -* Currently in order to get playbooks to run variables need to be manually loaded into AWX. While AWX loads the variable files under ``group_vars`` and ``hosts_vars`` folders as part of the project fetch, they are ignored. -* Name resolution for hosts. NITA builds ``/etc/host`` file using shell scripts, need to find alternative for AWX EE environment. According to this https://github.com/ansible/awx/issues/1125 dynamically updating /etc/host file may not be feasible. In that case, we'd need to rely on external DNS resolution and/or manually updating k8s config files and restarting pod, which is not ideal. - - - -## AWX Screenshots - -How the NITA example data is being loaded into AWX for testing (as of September 22, 2022). - -### Template -![image](https://user-images.githubusercontent.com/6110061/191846632-018f1318-fa5a-4c45-99ee-7c4989afa1d6.png) - -### Project - -![image](https://user-images.githubusercontent.com/6110061/191846831-1f8644e1-96e2-496d-b77e-5a127d46ea61.png) - -### Inventories - -Note the variable data from ``groups_vars`` - -![image](https://user-images.githubusercontent.com/6110061/191847011-f2759976-4ef9-4eb4-ab93-0b4fbbb51673.png) - -### Hosts - -Each individual host has ``host_vars`` defined here - -![image](https://user-images.githubusercontent.com/6110061/191847136-9caa10a3-8e34-4c23-8c3b-60f88502c7cd.png) -![image](https://user-images.githubusercontent.com/6110061/191847262-1cefe0fa-5960-4513-8c06-a37247fa4aa3.png) - - - - diff --git a/ansible-ee/ansible.cfg b/ansible-ee/ansible.cfg deleted file mode 100644 index a41a34c..0000000 --- a/ansible-ee/ansible.cfg +++ /dev/null @@ -1,7 +0,0 @@ -[galaxy] -server_list = automation_hub - -[galaxy_server.automation_hub] -url=https://cloud.redhat.com/api/automation-hub/ -auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token -token=my_ah_token diff --git a/ansible-ee/bindep.txt b/ansible-ee/bindep.txt deleted file mode 100644 index db1a0d7..0000000 --- a/ansible-ee/bindep.txt +++ /dev/null @@ -1,4 +0,0 @@ -python38-devel [platform:rpm compile] -subversion [platform:rpm] -subversion [platform:dpkg] -git-lfs [platform:rpm] diff --git a/ansible-ee/build_container.sh b/ansible-ee/build_container.sh deleted file mode 100755 index 403d2bf..0000000 --- a/ansible-ee/build_container.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-ansible -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** - -#cp -R ../network-roles context/ -ansible-builder build --tag "juniper/nita-ansible-ee:22.9" --container-runtime docker -f nita-ansible-ee.yml diff --git a/ansible-ee/context/Dockerfile b/ansible-ee/context/Dockerfile deleted file mode 100644 index de92e99..0000000 --- a/ansible-ee/context/Dockerfile +++ /dev/null @@ -1,41 +0,0 @@ -ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:latest -ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest - -FROM $EE_BASE_IMAGE as galaxy -ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=-vvv -USER root - -ADD _build /build -WORKDIR /build - -RUN ansible-galaxy role install -r requirements.yml --roles-path "/usr/share/ansible/roles" -RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections" - -FROM $EE_BUILDER_IMAGE as builder - -COPY --from=galaxy /usr/share/ansible /usr/share/ansible - -ADD _build/requirements.txt requirements.txt -ADD _build/bindep.txt bindep.txt -RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt -RUN assemble - -FROM $EE_BASE_IMAGE -USER root -RUN whoami -RUN cat /etc/os-release - -COPY --from=galaxy /usr/share/ansible /usr/share/ansible - -COPY --from=builder /output/ /output/ -RUN /output/install-from-bindep && rm -rf /output/wheels -COPY network-roles network-roles -RUN cd network-roles/ebgp-ip-fabric && bash install.sh -RUN cd network-roles/evpn-vxlan-common && bash install.sh -RUN cd network-roles/evpn-vxlan-fi && bash install.sh -RUN cd network-roles/evpn-vxlan-erb && bash install.sh -RUN cd network-roles/evpn-vxlan-hb && bash install.sh -RUN cd network-roles/evpn-vxlan-sb && bash install.sh -COPY network-roles/mx_common/ /etc/ansible/roles/mx_common -RUN mkdir -p /var/nita_configs -RUN mkdir -p /var/tmp/build diff --git a/ansible-ee/context/_build/bindep.txt b/ansible-ee/context/_build/bindep.txt deleted file mode 100644 index db1a0d7..0000000 --- a/ansible-ee/context/_build/bindep.txt +++ /dev/null @@ -1,4 +0,0 @@ -python38-devel [platform:rpm compile] -subversion [platform:rpm] -subversion [platform:dpkg] -git-lfs [platform:rpm] diff --git a/ansible-ee/context/_build/requirements.txt b/ansible-ee/context/_build/requirements.txt deleted file mode 100644 index a0a10f0..0000000 --- a/ansible-ee/context/_build/requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -junos-eznc -pynetbox -jxmlease -xmltodict -dos2unix diff --git a/ansible-ee/context/_build/requirements.yml b/ansible-ee/context/_build/requirements.yml deleted file mode 100644 index 9c94914..0000000 --- a/ansible-ee/context/_build/requirements.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - roles: - # Install a role from Ansible Galaxy. - - name: Juniper.junos - version: '2.4.3' - - collections: - # Install a collection from Ansible Galaxy. - - name: netbox.netbox - version: '3.1.1' - # Install juniper.device collection from Ansible Galaxy. - - name: juniper.device - version: '1.0.1' - # Install junipernetworks collection from Ansible Galaxy. - - name: junipernetworks.junos - version: '3.1.0' - diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore b/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore deleted file mode 100644 index b6e4761..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore +++ /dev/null @@ -1,129 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md b/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md deleted file mode 100644 index a459657..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# ebgp-ip-fabric -Ansible roles to configure a Juniper QFX with an EBGP based IP fabric diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh b/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh deleted file mode 100644 index 6d8f2f4..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} - -mkdir -p ${ANSIBLEROLES} -cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml deleted file mode 100644 index 5c929e3..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Creating base interfaces config - template: src="interfaces.j2" dest="{{ tmp_dir }}/interfaces.cfg" - -- name: Creating protocols config - template: src="protocols.j2" dest="{{ tmp_dir }}/protocols.cfg" - -- name: Creating policy-options config - template: src="policy-options.j2" dest="{{ tmp_dir }}/policy-options.cfg" - -- name: Creating forwarding-options config - template: src="forwarding-options.j2" dest="{{ tmp_dir }}/forwarding-options.cfg" - -- name: Creating routing-options config - template: src="routing-options.j2" dest="{{ tmp_dir }}/routing-options.cfg" - diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 deleted file mode 100644 index 69a4692..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 +++ /dev/null @@ -1,19 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -forwarding-options { - storm-control-profiles default { - all; - } -} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 deleted file mode 100644 index 9e9ed29..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -interfaces { -{% for intf in core_interfaces %} - {{ intf.int }} { -{% if intf.desc is defined %} - description "{{ intf.desc }}"; -{% endif %} -{% if intf.mac is defined %} - mac {{ intf.mac }}; -{% endif %} -{% if intf.ip is defined %} - unit 0 { - family inet { - address {{ intf.ip }}/{{ intf.mask }}; - } - } -{% endif %} - } -{% endfor %} - - lo0 { - unit 0 { - description "*** loopback ***"; - family inet { - address {{ loopback_ip }}/32; - } - } - } -} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 deleted file mode 100644 index d601f9a..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 +++ /dev/null @@ -1,45 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -policy-options { - policy-statement IPCLOS_BGP_EXP { - term loopback { - from protocol [ direct bgp ]; - then { - community add "{{ inventory_hostname }}"; - accept; - } - } - term default { - then reject; - } - } - policy-statement IPCLOS_BGP_IMP { - term loopback { - from protocol [ bgp direct ]; - then accept; - } - term default { - then reject; - } - } - policy-statement PFE-LB { - then { - load-balance per-packet; - } - } -{% for bgp in underlay_ebgp %} - community "{{ inventory_hostname }}" members "{{ bgp.autonomous_system }}:1"; -{% endfor %} -} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 deleted file mode 100644 index 7fe0536..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 +++ /dev/null @@ -1,47 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -protocols { - bgp { -{% for bgp in underlay_ebgp %} - group {{ bgp.group }} { - bfd-liveness-detection minimum-interval 1000; - bfd-liveness-detection multiplier 3; - export IPCLOS_BGP_EXP; - import IPCLOS_BGP_IMP; - type external; - mtu-discovery; - vpn-apply-export; - local-as "{{ bgp.autonomous_system }}"; - multipath { - multiple-as; - } -{% for neighbor in bgp.neighbors %} - neighbor {{ neighbor.name }} { - description "EBGP peering to {{ neighbor.name }}"; - peer-as {{ neighbor.asn }}; - } -{% endfor %} - } -{% endfor %} - } - - igmp-snooping { - vlan default; - } - - lldp { - interface all; - } -} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 deleted file mode 100644 index c390064..0000000 --- a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 +++ /dev/null @@ -1,20 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -routing-options { - forwarding-table { - export PFE-LB; - ecmp-fast-reroute; - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore deleted file mode 100644 index b6e4761..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore +++ /dev/null @@ -1,129 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/README.md b/ansible-ee/context/network-roles/evpn-vxlan-common/README.md deleted file mode 100644 index 178160e..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# evpn-vxlan-common -Common ansible roles for deploying an EVPN VXLAN fabric diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh deleted file mode 100644 index 6d8f2f4..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} - -mkdir -p ${ANSIBLEROLES} -cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml deleted file mode 100644 index 61b70e2..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Creating common evpn routing options config - template: src=evpn_routing_options.j2 dest={{ tmp_dir }}/evpn_routing_options.cfg - -- name: Creating common evpn policy options config - template: src=policy_options.j2 dest={{ tmp_dir }}/evpn_policy_options.cfg - diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 deleted file mode 100644 index 174baa5..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 +++ /dev/null @@ -1,23 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -routing-options { - forwarding-table { - chained-composite-next-hop { - ingress { - evpn; - } - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 deleted file mode 100644 index 17fb130..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 +++ /dev/null @@ -1,71 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -policy-options { - policy-statement EVPN_T5_EXPORT { - term fm_direct { - from protocol direct; - then accept; - } - term fm_static { - from protocol static; - then accept; - } -{% if collapsed_spine is defined %} -{% if collapsed_spine %} - term fm_v4_default { - from { - protocol evpn; - protocol ospf; - route-filter 0.0.0.0/0 exact; - } - then accept; - } - term fm_v4_host { - from { - protocol evpn; - route-filter 0.0.0.0/0 prefix-length-range /32-/32; - } - then accept; - } -{% endif %} -{% else %} -{% if leaf_type == "border" %} - term fm_v4_default { - from { - protocol evpn; - protocol ospf; - route-filter 0.0.0.0/0 exact; - } - then accept; - } -{% else %} - term fm_v4_host { - from { - protocol evpn; - route-filter 0.0.0.0/0 prefix-length-range /32-/32; - } - then accept; - } -{% endif %} -{% endif %} - term fm_v6_host { - from { - protocol evpn; - route-filter 0::0/0 prefix-length-range /128-/128; - } - then accept; - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml deleted file mode 100644 index 3aea705..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -dependencies: - - { role: Juniper.junos } -collections: - - juniper.device diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml deleted file mode 100644 index 143b9da..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Assembling configurations - assemble: - src={{ tmp_dir }} - dest={{ junos_conf }} - mode={{ conf_file_mode | default('666') }} - regexp=.+\.cfg -# Use for Ansible 2.9 and lower -# - name: Pushing config ... please wait -# juniper_junos_config: -# user: "{{ netconf_user }}" -# passwd: "{{ netconf_passwd }}" -# load: 'override' -# src: "{{ junos_conf }}" -# commit: true -# diffs_file: "{{build_dir}}/log/{{ inventory_hostname }}-diff.log" -# logfile: "{{ log }}" -# comment: "Committed using NITA" -# timeout: "{{ netconf_timeout | default('300') }}" -# register: response -# - name: Commit response -# debug: -# var: response -# -# -# Use section below for device collection use for Ansible 2.10 and greater... -# -- name: Pushing config ... please wait - config: - user: "{{ netconf_user }}" - passwd: "{{ netconf_passwd }}" - load: 'override' - src: "{{ junos_conf }}" - commit: true - diffs_file: "{{build_dir}}/log/{{ inventory_hostname }}-diff.log" - logfile: "{{ log }}" - comment: "Committed using NITA" - timeout: "{{ netconf_timeout | default('300') }}" - register: response -- name: Commit response - debug: - var: response diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml deleted file mode 100644 index d1dbae8..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - { role: Juniper.junos } diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml deleted file mode 100644 index 18bc799..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Creating management interface - template: src=management_interface.j2 dest={{ tmp_dir }}/management_interface.cfg - -- name: Creating common SNMP config - template: src=snmp.j2 dest={{ tmp_dir }}/snmp.cfg - -- name: Creating common routing config - template: src=routing_options.j2 dest={{ tmp_dir }}/routing_options.cfg - -- name: Creating chassis config - template: src=chassis.j2 dest={{ tmp_dir }}/chassis.cfg - -- name: Enable grpc support - template: src=common_system.j2 dest={{ tmp_dir }}/common_system.cfg diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 deleted file mode 100644 index 2353017..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 +++ /dev/null @@ -1,21 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -chassis { - aggregated-devices { - ethernet { - device-count 24; - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 deleted file mode 100644 index e97ab0b..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 +++ /dev/null @@ -1,35 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -system { - services { - extension-service { - request-response { - grpc { - clear-text { - address 0.0.0.0; - port 32767; - } - max-connections 30; - skip-authentication; - } - } - notification { - allow-clients { - address 0.0.0.0/0; - } - } - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 deleted file mode 100644 index 3b692a5..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 +++ /dev/null @@ -1,28 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -interfaces { - {{ management_interface.int }} { - unit 0 { - description "*** management ***"; - family inet { -{% if management_interface.ip is defined %} - address {{ management_interface.ip }}/{{ management_interface.mask }}; -{% else %} - dhcp; -{% endif %} - } - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 deleted file mode 100644 index 9517ada..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 +++ /dev/null @@ -1,32 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -routing-options { -{% if loopback_ip is defined %} - router-id {{ loopback_ip }}; -{% endif %} -{% if routing_options is defined %} -{% for route in routing_options %} - {% if route.destination == "discard" %} - static { - route {{ route.static }} {{ route.destination }}; - } - {% else %} - static { - route {{ route.static }} next-hop {{ route.destination }}; - } - {% endif %} -{% endfor %} -{% endif %} -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 deleted file mode 100644 index 18e749b..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 +++ /dev/null @@ -1,23 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -snmp { - location "{{ snmp.location }}"; - contact "{{ snmp.contact }}"; - {% for community in snmp.communities %} - community {{ community.name }} { - authorization read-only; - } - {% endfor %} -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml deleted file mode 100644 index d1dbae8..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - { role: Juniper.junos } diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml deleted file mode 100644 index 213cddf..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Creating vqfx pfe interface - template: src=vqfx_pfe_interface.j2 dest={{ tmp_dir }}/vqfx_pfe_interface.cfg - -- name: Creating common system config - template: src=system.j2 dest={{ tmp_dir }}/system.cfg - diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 deleted file mode 100644 index 6c71f83..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 +++ /dev/null @@ -1,74 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -system { - host-name {{ inventory_hostname }}; - root-authentication { - encrypted-password "{{ password_hashes.root_user }}"; # SECRET-DATA - } - services { - ssh { - root-login allow; - } - netconf { - ssh; - } - rest { - http { - port 3000; - } - enable-explorer; - } - } - login { - message "{{ login_message }}"; - user jcluser { - class super-user; - uid 2000; - authentication { - encrypted-password "{{ password_hashes.netadmin_user }}"; - } - } - } - syslog { - user * { - any emergency; - } - file messages { - any notice; - authorization info; - } - file interactive-commands { - interactive-commands any; - } - } - {% if ntp_server is defined %} - ntp { - server {{ ntp_server }}; - } - {% endif %} - {% if time_zone is defined %} - time-zone {{ time_zone }}; - {% endif %} - extensions { - providers { - juniper { - license-type juniper deployment-scope commercial; - } - chef { - license-type juniper deployment-scope commercial; - } - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 deleted file mode 100644 index 3594521..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 +++ /dev/null @@ -1,24 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -interfaces { - em1 { - unit 0 { - description "*** to pfe ***" - family inet { - address 169.254.0.2/24; - } - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md deleted file mode 100644 index 08ac962..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# evpn-vxlan-erb -Ansible roles to configure Juniper QFX in an EVPN VXLAN ERB architecture diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh deleted file mode 100644 index 6d8f2f4..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} - -mkdir -p ${ANSIBLEROLES} -cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml deleted file mode 100644 index cc2bfd8..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Configure BGP + EVPN for ERB leaf - template: src="ibgp_leaf.j2" dest="{{ tmp_dir }}/ibgp_leaf.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 deleted file mode 100644 index 9356735..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -protocols { - bgp { -{% for bgp in evpn_ibgp %} - group {{ bgp.group }} { - type internal; - local-address {{ loopback_ip }}; - family evpn { - signaling; - } - cluster {{ loopback_ip }}; - local-as {{ autonomous_system }}; - multipath; -{% for neighbor in bgp.neighbors %} - neighbor {{ neighbor.name }}; -{% endfor %} - } -{% endfor %} - } - evpn { - encapsulation vxlan; - multicast-mode ingress-replication; - default-gateway do-not-advertise; -{% if leaf_type != "border" %} - extended-vni-list all; -{% endif %} -{%if collapsed_spine is defined %} -{%if collapsed_spine %} - no-core-isolation; -{% endif %} -{% endif %} - } -} -switch-options { - vtep-source-interface lo0.0; - route-distinguisher {{ loopback_ip }}:9999; - vrf-target { - target:9999:9999; - auto; - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml deleted file mode 100644 index fcef9a9..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Create iBGP route reflector - template: src="ibgp_spine_rr.j2" dest="{{ tmp_dir }}/ibgp_spine_rr.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 deleted file mode 100644 index 5937f4a..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 +++ /dev/null @@ -1,34 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -protocols { - bgp { -{% for bgp in evpn_ibgp %} - group EVPN_iBGP { - type internal; - local-address {{ loopback_ip }}; - family evpn { - signaling; - } - cluster {{ loopback_ip }}; - local-as {{ autonomous_system }}; - multipath; - allow {{ loopback_subnet }}; -{% for neighbor in bgp.neighbors %} - neighbor {{ neighbor.name }}; -{% endfor %} - } -{% endfor %} - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml deleted file mode 100644 index 4c63492..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Configure routing policies - template: src="evpn_policy.j2" dest="{{ tmp_dir }}/evpn_policy.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 deleted file mode 100644 index ead9f62..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 +++ /dev/null @@ -1,55 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -{% if export_policies is defined %} -{% for policy in export_policies %} -policy-options { - policy-statement {{ policy.name }}_exp { - term export_local { - from protocol direct; - then { - community add {{ policy.name }}_comm; - accept; - } - } - term export { - then { - community add {{ policy.name }}_comm; - accept; - } - } - } - community {{ policy.name }}_comm members {{ policy.target }}; -} -{% endfor %} -{% endif %} -{% if import_policies is defined %} -{% for policy in import_policies %} -policy-options { - policy-statement {{ policy.name }}_imp { - term bgp { - from { -{% for community in policy.communities %} - community {{ community.name }}_comm; -{% endfor %} - } - then accept; - } - term end { - then reject; - } - } -} -{% endfor %} -{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml deleted file mode 100644 index c4ac7ee..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Configure evpn vxlan ports - template: src="evpn_port.j2" dest="{{ tmp_dir }}/evpn_port.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 deleted file mode 100644 index 8c1ffd0..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 +++ /dev/null @@ -1,74 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -{% if evpn_port is defined %} -interfaces { -{% for port in evpn_port %} - {{ port.interface }} { -{% if port.esi is defined %} - esi { - {{ port.esi }}; - all-active; - } - aggregated-ether-options{ - lacp { - active; - periodic fast; - system-id {{ port.system_id }}; - } - } -{% endif %} -{% if port.vlan_id is defined %} - vlan-tagging; -{% endif %} - unit {{ port.vlan_id | default("0", true) }} { -{% if port.description is defined %} - description "{{ port.description }}"; -{% endif %} -{% if port.members is defined %} - family { - ethernet-switching { - vlan { -{% for item in port.members %} - members {{ item.id }}; -{% endfor %} - } - } - } -{% else %} -{% if port.vlan_id is defined %} - vlan-id {{ port.vlan_id }}; -{% endif %} -{% if port.ip is defined %} - family { - inet { - address {{ port.ip }}; - } - } -{% endif %} -{% endif %} - } - } -{% if port.lag_members is defined %} -{% for item in port.lag_members %} - {{ item.interface }} { - ether-options { - 802.3ad {{ port.interface }}; - } - } -{% endfor %} -{% endif %} -{% endfor %} -} -{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml deleted file mode 100644 index 97e5ece..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Configure VNIs + IRBs - template: src="evpn_vni.j2" dest="{{ tmp_dir }}/evpn_vni.cfg" - when: leaf_type != "border" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 deleted file mode 100644 index 12b5fca..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 +++ /dev/null @@ -1,40 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -interfaces { -{% for vni in vnis %} - irb { - unit {{ vni.id }} { - family inet { -{% for item in vni.irb_ips %} - address {{ item.ip }}; -{% endfor %} - } - mac {{ vni.irb_mac }}; - } - } -{% endfor %} -} - -vlans { -{% for vni in vnis %} - vlan_{{ vni.id }} { - vlan-id {{ vni.id }}; - l3-interface irb.{{ vni.id }}; - vxlan { - vni {{ vni.id }}; - } - } -{% endfor %} -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml deleted file mode 100644 index 3701a58..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Configure VRFs - template: src="evpn_vrf.j2" dest="{{ tmp_dir }}/evpn_vrf.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 deleted file mode 100644 index e3337f4..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 +++ /dev/null @@ -1,93 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -{% if vrfs is defined %} -{% for vrf in vrfs %} -interfaces lo0 { - unit {{ vrf.vrf_id }} { - description "Loopback for VXLAN control packets for VRF_{{ vrf.vrf_id }}"; - family inet { - address {{ vrf.loopback_ip }}/32; - } - } -} -routing-instances { - VRF_{{ vrf.vrf_id }} { - instance-type vrf; -{% if vrf.interfaces is defined %} -{% for interface in vrf.interfaces %} - interface {{ interface.name }}; -{% endfor %} -{% endif %} - interface lo0.{{ vrf.vrf_id }}; - route-distinguisher {{ vrf.loopback_ip }}:{{ vrf.vrf_id }}; - vrf-target target:1:{{ vrf.vrf_id }}; -{% if vrf.export is defined %} - vrf-export {{ vrf.export }}_exp; -{% endif %} -{% if vrf.import is defined %} - vrf-import {{ vrf.import }}_imp; -{% endif %} - vrf-table-label; - routing-options { - auto-export; - } - protocols { - evpn { - ip-prefix-routes { - advertise direct-nexthop; - encapsulation vxlan; - vni {{ vrf.vrf_id }}; - export EVPN_T5_EXPORT; - } - } -{% if vrf.ospf_interfaces is defined %} -{% for interface in vrf.ospf_interfaces %} - ospf { - export to-ospf; - area 0.0.0.0 { - interface {{ interface.name }} { - metric {{ interface.metric }}; - } - } - } -{% endfor %} -{% endif %} - } - } -} -{% if vrf.ospf_interfaces is defined %} -policy-options { - policy-statement to-ospf { - term 10 { -{% if collapsed_spine is defined %} -{% if collapsed_spine %} -{% for vni in vnis %} -{% for interface in vni.irb_ips %} - from route-filter {{ interface.subnet }} orlonger; -{% endfor %} -{% endfor %} -{% endif %} -{% endif %} - from protocol evpn; - then accept; - } - term 100 { - then reject; - } - } -} -{% endif %} -{% endfor %} -{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore deleted file mode 100644 index b6e4761..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore +++ /dev/null @@ -1,129 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md b/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md deleted file mode 100644 index 5232886..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# evpn-vxlan-fi -Ansible roles for EVPN VXLAN data center fabric interconnect configuration, between pods/datacenters/campus/etc. diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh deleted file mode 100644 index 6d8f2f4..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} - -mkdir -p ${ANSIBLEROLES} -cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml deleted file mode 100644 index ec6632e..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Configure DCI eBGP - template: src="evpn_vxlan_dci.j2" dest="{{ tmp_dir }}/evpn_vxlan_dci.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 deleted file mode 100644 index 1a3196c..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 +++ /dev/null @@ -1,48 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -{% if dci_ebgp is defined %} -protocols { - bgp { -{% for bgp in dci_ebgp %} - group {{ bgp.group }} { - type external; - local-address "{{ loopback_ip }}"; - local-as "{{ autonomous_system }}"; - multipath { - multiple-as; - } - multihop { - no-nexthop-change; - } - family evpn { - signaling { - delay-route-advertisements { - minimum-delay { - routing-uptime 480; - } - } - } - } -{% for neighbor in bgp.neighbors %} - neighbor {{ neighbor.name }} { - description "DCI EBGP peering to {{ neighbor.name }}"; - peer-as {{ neighbor.asn }}; - } -{% endfor %} - } -{% endfor %} - } -} -{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore deleted file mode 100644 index b6e4761..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore +++ /dev/null @@ -1,129 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md deleted file mode 100644 index 9155557..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# evpn-vxlan-hb -Ansible roles to support using Healthbot and EVPN VXLAN diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh deleted file mode 100644 index 6d8f2f4..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} - -mkdir -p ${ANSIBLEROLES} -cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect deleted file mode 100644 index 18abec2..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/expect - -spawn docker-compose -p healthbot -f /var/local/healthbot/healthbot_mgd.yaml exec mgd /usr/sbin/cli -expect "> " -send "request healthbot load | no-more\n" -expect "> " -send "configure\n" -expect "# " -send "load merge /config/healthbot.conf | no-more\n" -expect "# " -send "commit and-quit\n" -expect "> " -send "request healthbot deploy\n" -expect "Do you want to continue (y/n) ? " -send "y\n" -expect "Do you want to continue (y/n) ? " -send "y\n" -expect "> " diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml deleted file mode 100644 index 1e24c87..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: installing expect - become: yes - apt: - name: expect - -- name: install healthbot commit_config.expect script - become: yes - copy: - src: commit_config.expect - dest: /root/commit_config.expect - mode: 0755 - -- name: copy configuration file - become: yes - copy: - src: "{{ build_dir }}/healthbot.conf" - dest: /var/local/healthbot/mgd_config/healthbot.conf - mode: 0644 - -- name: execute expect script to commit configuration to healthbot - become: yes - shell: "/root/commit_config.expect" - diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml deleted file mode 100644 index f0de114..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Configure healthbot device - template: src="device.j2" dest="{{ tmp_dir }}/device.cfg" - -- name: Configure healthbot device group - template: src="device_group.j2" dest="{{ tmp_dir }}/device_group.cfg" - -- name: Assembling configurations per device - assemble: - src={{ build_dir }}/{{ inventory_hostname }}/tmp - dest={{ build_dir }}/{{ inventory_hostname }}/healthbot.conf - mode={{ conf_file_mode | default('666') }} - regexp=.+\.cfg - -- name: Append to common configuration - shell: "cat {{ build_dir }}/{{ inventory_hostname }}/healthbot.conf >> {{ build_dir }}/healthbot.conf" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 deleted file mode 100644 index abd0818..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 +++ /dev/null @@ -1,36 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -healthbot { - device {{ inventory_hostname }} { - host {{ management_interface.ip }}; - open-config { - port 32767; - } - iAgent { - port 830; - } - authentication { - password { - username "{{ netconf_user }}"; - password "{{ netconf_passwd }}"; - } - } - vendor { - juniper { - operating-system junos; - } - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 deleted file mode 100644 index 06123f7..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 +++ /dev/null @@ -1,19 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -healthbot { - device-group {{ healthbot_device_group }} { - devices [ {{ inventory_hostname }} ]; - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore deleted file mode 100644 index b6e4761..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore +++ /dev/null @@ -1,129 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md deleted file mode 100644 index a2147dd..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# evpn-vxlan-sb -EVPN VXLAN data center service block diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh deleted file mode 100644 index 6d8f2f4..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} - -mkdir -p ${ANSIBLEROLES} -cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml deleted file mode 100644 index d1dbae8..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - { role: Juniper.junos } diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml deleted file mode 100644 index 54ea591..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Creating common system config - template: src=system.j2 dest={{ tmp_dir }}/system.cfg - -- name: Creating security config - template: src=security.j2 dest={{ tmp_dir }}/security.cfg - -- name: Creating lldp config - template: src=lldp.j2 dest={{ tmp_dir }}/lldp.cfg - diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 deleted file mode 100644 index 935f22c..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 +++ /dev/null @@ -1,19 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -protocols { - lldp { - interface all; - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 deleted file mode 100644 index 4dccecd..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 +++ /dev/null @@ -1,84 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -security { - log { - mode stream; - report; - } - screen { - ids-option untrust-screen { - icmp { - ping-death; - } - ip { - source-route-option; - tear-drop; - } - tcp { - syn-flood { - alarm-threshold 1024; - attack-threshold 200; - source-threshold 1024; - destination-threshold 2048; - queue-size 2000; - timeout 20; - } - land; - } - } - } - policies { - from-zone trust to-zone trust { - policy default-permit { - match { - source-address any; - destination-address any; - application any; - } - then { - permit; - } - } - } - from-zone trust to-zone untrust { - policy default-permit { - match { - source-address any; - destination-address any; - application any; - } - then { - permit; - } - } - } - } - zones { - security-zone trust { - tcp-rst; - host-inbound-traffic { - system-services { - all; - } - protocols { - all; - } - } - } - security-zone untrust { - screen untrust-screen; - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 deleted file mode 100644 index b341c62..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 +++ /dev/null @@ -1,69 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -system { - host-name {{ inventory_hostname }}; - root-authentication { - encrypted-password "{{ password_hashes.root_user }}"; # SECRET-DATA - } - services { - ssh { - root-login allow; - } - netconf { - ssh; - } - rest { - http { - port 3000; - } - enable-explorer; - } - } - login { - message "{{ login_message }}"; - user jcluser { - class super-user; - uid 2000; - authentication { - encrypted-password "{{ password_hashes.netadmin_user }}"; - } - } - } - syslog { - user * { - any emergency; - } - file messages { - any any; - authorization info; - } - file interactive-commands { - interactive-commands any; - } - } - license { - autoupdate { - url https://ae1.juniper.net/junos/key_retrieval; - } - } - {% if ntp_server is defined %} - ntp { - server {{ ntp_server }}; - } - {% endif %} - {% if time_zone is defined %} - time-zone {{ time_zone }}; - {% endif %} -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml deleted file mode 100644 index d1dbae8..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - { role: Juniper.junos } diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml deleted file mode 100644 index ac376c2..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Creating firewall port config - template: src=firewall_port.j2 dest={{ tmp_dir }}/firewall_port.cfg - -- name: Creating ospf config - template: src=ospf.j2 dest={{ tmp_dir }}/ospf.cfg - -- name: Creating fabric routing instance config - template: src=fabric.j2 dest={{ tmp_dir }}/fabric.cfg - -- name: Creating zones config - template: src=zones.j2 dest={{ tmp_dir }}/zones.cfg - -- name: Creating security policies config - template: src=security_policies.j2 dest={{ tmp_dir }}/security_policies.cfg - diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 deleted file mode 100644 index 385c12c..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -routing-instances { - fabric { - instance-type virtual-router; -{% for port in firewall_port %} - interface {{ port.interface }}.{{ port.vlan_id | default("0", true) }}; -{% endfor %} - routing-options { - static { - route 0.0.0.0/0 discard; - } - } - protocols { - ospf { - export ospf-default; - area 0.0.0.0 { -{% if vrfs is defined %} -{% for vrf in vrfs %} -{% if vrf.ospf_interfaces is defined %} -{% for interface in vrf.ospf_interfaces %} - interface {{ interface.name }}; -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} - } - } - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 deleted file mode 100644 index 9bdb388..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 +++ /dev/null @@ -1,74 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -{% if firewall_port is defined %} -interfaces { -{% for port in firewall_port %} - {{ port.interface }} { -{% if port.esi is defined %} - esi { - {{ port.esi }}; - all-active; - } - aggregated-ether-options{ - lacp { - active; - periodic fast; - system-id {{ port.system_id }}; - } - } -{% endif %} -{% if port.vlan_id is defined %} - vlan-tagging; -{% endif %} - unit {{ port.vlan_id | default("0", true) }} { -{% if port.description is defined %} - description "{{ port.description }}"; -{% endif %} -{% if port.members is defined %} - family { - ethernet-switching { - vlan { -{% for item in port.members %} - members {{ item.id }}; -{% endfor %} - } - } - } -{% else %} -{% if port.vlan_id is defined %} - vlan-id {{ port.vlan_id }}; -{% endif %} -{% if port.ip is defined %} - family { - inet { - address {{ port.ip }}; - } - } -{% endif %} -{% endif %} - } - } -{% if port.lag_members is defined %} -{% for item in port.lag_members %} - {{ item.interface }} { - ether-options { - 802.3ad {{ port.interface }}; - } - } -{% endfor %} -{% endif %} -{% endfor %} -} -{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 deleted file mode 100644 index 6862550..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 +++ /dev/null @@ -1,23 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -policy-options { - policy-statement ospf-default { - term 1 { - from { - route-filter 0.0.0.0/0 exact accept; - } - } - } -} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 deleted file mode 100644 index 95eda37..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 +++ /dev/null @@ -1,34 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -{% if firewall_rules is defined %} -security { -{% for rule in firewall_rules %} - policies { - from-zone {{ rule.from_zone }} to-zone {{ rule.to_zone }} { - policy default-permit { - match { - source-address any; - destination-address any; - application any; - } - then { - permit; - } - } - } - } -{% endfor %} -} -{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 deleted file mode 100644 index 628b52a..0000000 --- a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 +++ /dev/null @@ -1,39 +0,0 @@ -#jinja2:lstrip_blocks: True -## ******************************************************** -## -## Project: nita-ansible -## -## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -## -## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -## -## SPDX-License-Identifier: Apache-2.0 -## -## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -## -## ******************************************************** -security { - zones { -{% if vrfs is defined %} -{% for vrf in vrfs %} - security-zone VRF_{{ vrf.vrf_id }} { - host-inbound-traffic { - system-services { - all; - } - protocols { - all; - } - } -{% if vrf.ospf_interfaces is defined %} - interfaces { -{% for interface in vrf.ospf_interfaces %} - {{ interface.name }}; -{% endfor %} - } -{% endif %} - } -{% endfor %} -{% endif %} - } -} diff --git a/ansible-ee/context/network-roles/mx_common/install.sh b/ansible-ee/context/network-roles/mx_common/install.sh deleted file mode 100644 index 6d8f2f4..0000000 --- a/ansible-ee/context/network-roles/mx_common/install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} - -mkdir -p ${ANSIBLEROLES} -cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/mx_common/tasks/main.yaml b/ansible-ee/context/network-roles/mx_common/tasks/main.yaml deleted file mode 100644 index 60c0370..0000000 --- a/ansible-ee/context/network-roles/mx_common/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Creating common SNMP config - template: src=mx_system.j2 dest={{ tmp_dir }}/mx_system.cfg diff --git a/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 b/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 deleted file mode 100644 index fdcf007..0000000 --- a/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 +++ /dev/null @@ -1,62 +0,0 @@ -system { - host-name {{ inventory_hostname }}; - root-authentication { - encrypted-password "{{ password_hashes.root_user }}"; ## SECRET-DATA - } - scripts { - language python; - } - login { - message "{{ login_message }}"; - user jcluser { - uid 2000; - class super-user; - authentication { - encrypted-password "{{ password_hashes.netadmin_user }}"; ## SECRET-DATA - } - } - } - services { - ssh { - root-login allow; - } - netconf { - ssh; - } - rest { - http { - port 3000; - } - enable-explorer; - } - } - syslog { - user * { - any emergency; - } - file messages { - any notice; - authorization info; - } - file interactive-commands { - interactive-commands any; - } - } - processes { - dhcp-service { - traceoptions { - file dhcp_logfile size 10m; - level all; - flag packet; - } - } - } - {% if ntp_server is defined %} - ntp { - server {{ ntp_server }}; - } - {% endif %} - {% if time_zone is defined %} - time-zone {{ time_zone }}; - {% endif %} -} diff --git a/ansible-ee/nita-ansible-ee.yml b/ansible-ee/nita-ansible-ee.yml deleted file mode 100644 index 93b030e..0000000 --- a/ansible-ee/nita-ansible-ee.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -version: 1 -build_arg_defaults: - ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "-vvv" -dependencies: - galaxy: requirements.yml - python: requirements.txt - system: bindep.txt - -additional_build_steps: - prepend: | - RUN whoami - RUN cat /etc/os-release - append: - - COPY network-roles network-roles - - RUN cd network-roles/ebgp-ip-fabric && bash install.sh - - RUN cd network-roles/evpn-vxlan-common && bash install.sh - - RUN cd network-roles/evpn-vxlan-fi && bash install.sh - - RUN cd network-roles/evpn-vxlan-erb && bash install.sh - - RUN cd network-roles/evpn-vxlan-hb && bash install.sh - - RUN cd network-roles/evpn-vxlan-sb && bash install.sh - - COPY network-roles/mx_common/ /etc/ansible/roles/mx_common - - RUN mkdir -p /var/nita_configs - - RUN mkdir -p /var/tmp/build diff --git a/ansible-ee/requirements.txt b/ansible-ee/requirements.txt deleted file mode 100644 index a0a10f0..0000000 --- a/ansible-ee/requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -junos-eznc -pynetbox -jxmlease -xmltodict -dos2unix diff --git a/ansible-ee/requirements.yml b/ansible-ee/requirements.yml deleted file mode 100644 index 9c94914..0000000 --- a/ansible-ee/requirements.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - roles: - # Install a role from Ansible Galaxy. - - name: Juniper.junos - version: '2.4.3' - - collections: - # Install a collection from Ansible Galaxy. - - name: netbox.netbox - version: '3.1.1' - # Install juniper.device collection from Ansible Galaxy. - - name: juniper.device - version: '1.0.1' - # Install junipernetworks collection from Ansible Galaxy. - - name: junipernetworks.junos - version: '3.1.0' - From a391f8d0cf84556058fa5851bb125b4dd0afbf24 Mon Sep 17 00:00:00 2001 From: aburston Date: Mon, 22 May 2023 10:42:44 -0700 Subject: [PATCH 18/27] updated alpine linux container and requirements.yml --- Dockerfile | 6 +++--- requirements.yml | 9 ++------- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6a73723..5a97196 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # # ******************************************************** -FROM amd64/alpine:3.16.3 +FROM amd64/alpine:3.15.6 # ==> Specify Python requirements filename; default = "requirements.txt" # ==> Specify Ansible requirements filename; default = "requirements.yml" @@ -27,8 +27,8 @@ RUN apk add --no-cache sudo \ gcc libxml2-dev libxslt-dev musl-dev \ bash python3-dev openssh expect sshpass \ libffi-dev openssl-dev build-base curl vim \ - ansible-core=2.13.6-r0 \ - ansible=5.8.0-r0 + ansible-core \ + ansible # copy requirements.txt for Python and install WORKDIR /tmp diff --git a/requirements.yml b/requirements.yml index 6e0dc4c..cc1454c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,17 +1,12 @@ --- - roles: - # Install a role from Ansible Galaxy. - - name: Juniper.junos - version: '2.4.0' - collections: # Install a collection from Ansible Galaxy. - name: netbox.netbox version: '3.1.1' # Install juniper.device collection from Ansible Galaxy. - name: juniper.device - version: '1.0.1' + version: '1.0.2' # Install junipernetworks collection from Ansible Galaxy. - name: junipernetworks.junos - version: '3.1.0' + version: '5.1.0' From d45e777790a36e24c51632aeecf54211a6f7dc94 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Mon, 22 May 2023 11:25:45 -0700 Subject: [PATCH 19/27] Update README.md Fixed a typo and updated juniper.device reference to 1.0.2 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dc0ba70..225dd3e 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ No containers tagged as "latest" are provided by the package. ## Ansible 2.10 and greater -Starting with Ansible 2.10, juniper.device ansible collection is added. This collection has been included in the requirements.yml file and will be built-in the container automatically. Existing juniper.junos role is still supported and works with Ansible 2.10. For more information on this transition see https://www.juniper.net/documentation/us/en/software/junos-ansible/ansible/topics/concept/junos-ansible-modules-overview.html and https://galaxy.ansible.com/juniper/device. As of juniper.device collection 1.0.1 it is still currently recommended to continue to use the juniper.junos roles versus juniper.device collection per the galxy website. +Starting with Ansible 2.10, juniper.device and junipernetworks.junos ansible collections are added. This collection has been included in the requirements.yml file and will be built-in the container automatically. Existing juniper.junos role is still supported and works with Ansible 2.10. For more information on this transition see https://www.juniper.net/documentation/us/en/software/junos-ansible/ansible/topics/concept/junos-ansible-modules-overview.html and https://galaxy.ansible.com/juniper/device. As of juniper.device collection 1.0.2 it is still currently recommended to continue to use the juniper.junos roles versus juniper.device collection per the galaxy website. # Installing From f43cb8ee29a531aa0f7bf9c06dcb13b3e549fa6b Mon Sep 17 00:00:00 2001 From: aburston Date: Mon, 22 May 2023 11:45:55 -0700 Subject: [PATCH 20/27] updated Alpine to 3.17.3 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5a97196..acc4b7a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # # ******************************************************** -FROM amd64/alpine:3.15.6 +FROM amd64/alpine:3.17.3 # ==> Specify Python requirements filename; default = "requirements.txt" # ==> Specify Ansible requirements filename; default = "requirements.yml" From 2aa80611ef9a83406afacb5187d6d17e022c141f Mon Sep 17 00:00:00 2001 From: aburston Date: Mon, 22 May 2023 13:31:33 -0700 Subject: [PATCH 21/27] Updated network roles to look for juniper collections instead of roles --- Dockerfile | 2 +- .../roles/junos_commit_config/meta/main.yaml | 3 +-- .../evpn-vxlan-common/roles/junos_common/meta/main.yaml | 5 +++-- .../evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml | 5 +++-- network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml | 5 +++-- .../evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml | 5 +++-- 6 files changed, 14 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index acc4b7a..6679d39 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,7 @@ WORKDIR /tmp COPY requirements.txt requirements.txt RUN pip3 install -r requirements.txt -RUN ansible-galaxy install Juniper.junos -p /etc/ansible/roles/ +#RUN ansible-galaxy install Juniper.junos -p /etc/ansible/roles/ COPY requirements.yml . RUN ansible-galaxy collection install -r requirements.yml diff --git a/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml b/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml index 3aea705..e36cc4f 100644 --- a/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml +++ b/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml @@ -1,5 +1,4 @@ --- -dependencies: - - { role: Juniper.junos } collections: - juniper.device + - junipernetworks.junos diff --git a/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml b/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml index d1dbae8..e36cc4f 100644 --- a/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml +++ b/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml @@ -1,3 +1,4 @@ --- -dependencies: - - { role: Juniper.junos } +collections: + - juniper.device + - junipernetworks.junos diff --git a/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml b/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml index d1dbae8..e36cc4f 100644 --- a/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml +++ b/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml @@ -1,3 +1,4 @@ --- -dependencies: - - { role: Juniper.junos } +collections: + - juniper.device + - junipernetworks.junos diff --git a/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml b/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml index d1dbae8..e36cc4f 100644 --- a/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml +++ b/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml @@ -1,3 +1,4 @@ --- -dependencies: - - { role: Juniper.junos } +collections: + - juniper.device + - junipernetworks.junos diff --git a/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml b/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml index d1dbae8..e36cc4f 100644 --- a/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml +++ b/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml @@ -1,3 +1,4 @@ --- -dependencies: - - { role: Juniper.junos } +collections: + - juniper.device + - junipernetworks.junos From 225b731a1a0394130f5a29b06fa293ec41e9cba1 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Mon, 22 May 2023 13:40:33 -0700 Subject: [PATCH 22/27] Update README.md updated in anticipation of NITA Ansible 23.Y release. Removed juniper.junos references from code and pointed NITA network roles to updated collections (junipernetworks.junos and devices). --- README.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 225dd3e..f2797e4 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ -# NITA Ansible 22.8 +# NITA Ansible 23.Y -Welcome to NITA 22.8. +Welcome to NITA 23.y. -Packages built from this branch will be nita-*-22.8-x where x is the packaging release. +Packages built from this branch will be nita-*-22.Y-x where x is the packaging release. This branch also contains patches from other branches or minor modifications as required to support the stability and usability of the release. There are also some backwards compatibility packages here for ansible and robot that allow projects written for NITA 3.0.7 to work without having to make any changes. -Note that NITA 22.8 is backward compatible with NITA 21.7 projects, provided the correct ansible and robot containers are installed. +Note that NITA 23.Y should be backward compatible with NITA 22.8 and 21.7 projects, provided the correct ansible and robot containers are installed. However, see the note below about ansible 2.10 changes. # Copyright @@ -29,7 +29,13 @@ No containers tagged as "latest" are provided by the package. ## Ansible 2.10 and greater -Starting with Ansible 2.10, juniper.device and junipernetworks.junos ansible collections are added. This collection has been included in the requirements.yml file and will be built-in the container automatically. Existing juniper.junos role is still supported and works with Ansible 2.10. For more information on this transition see https://www.juniper.net/documentation/us/en/software/junos-ansible/ansible/topics/concept/junos-ansible-modules-overview.html and https://galaxy.ansible.com/juniper/device. As of juniper.device collection 1.0.2 it is still currently recommended to continue to use the juniper.junos roles versus juniper.device collection per the galaxy website. +Starting with Ansible 2.10, juniper.device and junipernetworks.junos ansible collections are added. This collection has been included in the requirements.yml file and will be built-in the container automatically. Existing juniper.junos role is still supported and works with Ansible 2.10. For more information on this transition see https://www.juniper.net/documentation/us/en/software/junos-ansible/ansible/topics/concept/junos-ansible-modules-overview.html and https://galaxy.ansible.com/juniper/device. Juniper.junos roles has been removed and superceded by the newer collections. If the old roles are still required, simply uncomment the line from the ``Dockerfile``: + +``` +RUN ansible-galaxy install Juniper.junos -p /etc/ansible/roles/ +``` + +The network-roles the container copies over to support the NITA Project have been updated to remove the dependencies on the old roles and will use the collections. # Installing From 9c69ebcf979a02bfa25d18df9efa6cc8c0396844 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Mon, 22 May 2023 13:47:47 -0700 Subject: [PATCH 23/27] Update README.md --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index f2797e4..460e421 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Note that NITA 23.Y should be backward compatible with NITA 22.8 and 21.7 projec # Copyright -Copyright 2021, Juniper Networks, Inc. +Copyright 2023, Juniper Networks, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: @@ -95,11 +95,6 @@ When invoking these built-in roles the build-folder needs to be passed to the an ``` ansible-playbook -i hosts playbook.yaml --extra-vars "build_dir=container_build_folder" ``` - -### Juniper.junos - -This is the main Junos Ansible 2.9 role and is included in the nita-ansible container. This role allows Ansible to communicate with Junos devices. Information on the functionality that is provided with this Ansible role can found here: https://www.juniper.net/documentation/en_US/junos-ansible/topics/reference/general/junos-ansible-modules-overview.html - ### ebgp_ip_fabric Builds the configuration stanzas that make up a Junos eBGP IP fabric underlay. It includes configurations for forwarding, routing, and policy options as well as interfaces participating in the fabric and BGP protocol configuration. In the sample Excel file included with the NITA package for EVPN data center mentioned above, the tabs that hold the variable information include "underlay_ebgp+", "core_interfaces+", "underlay_ebgp+" From c4e55d06ad9be007f0d1a3f7bbef2c66b346cf14 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Wed, 31 May 2023 10:30:13 -0700 Subject: [PATCH 24/27] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 460e421..0553ba6 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ -# NITA Ansible 23.Y +# NITA Ansible 23.p -Welcome to NITA 23.y. +Welcome to NITA 23.p pre-release. -Packages built from this branch will be nita-*-22.Y-x where x is the packaging release. +Packages built from this branch will be nita-*-22.p-x where x is the packaging release. This branch also contains patches from other branches or minor modifications as required to support the stability and usability of the release. There are also some backwards compatibility packages here for ansible and robot that allow projects written for NITA 3.0.7 to work without having to make any changes. -Note that NITA 23.Y should be backward compatible with NITA 22.8 and 21.7 projects, provided the correct ansible and robot containers are installed. However, see the note below about ansible 2.10 changes. +Note that NITA 23.p should be backward compatible with NITA 22.8 and 21.7 projects, provided the correct ansible and robot containers are installed. However, see the note below about ansible 2.10 changes. # Copyright From 4eb630817e8691866d94b45ae59142175b45e1f5 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Wed, 31 May 2023 11:37:00 -0700 Subject: [PATCH 25/27] Merged AWX --- ansible-ee/README.md | 88 ++++++++++++ ansible-ee/ansible.cfg | 7 + ansible-ee/bindep.txt | 4 + ansible-ee/context/Dockerfile | 41 ++++++ ansible-ee/context/_build/bindep.txt | 4 + ansible-ee/context/_build/requirements.txt | 5 + ansible-ee/context/_build/requirements.yml | 12 ++ .../network-roles/ebgp-ip-fabric/.gitignore | 129 ++++++++++++++++++ .../network-roles/ebgp-ip-fabric/README.md | 2 + .../network-roles/ebgp-ip-fabric/install.sh | 8 ++ .../roles/ebgp_ip_fabric/tasks/main.yaml | 16 +++ .../templates/forwarding-options.j2 | 19 +++ .../ebgp_ip_fabric/templates/interfaces.j2 | 42 ++++++ .../templates/policy-options.j2 | 45 ++++++ .../ebgp_ip_fabric/templates/protocols.j2 | 47 +++++++ .../templates/routing-options.j2 | 20 +++ .../evpn-vxlan-common/.gitignore | 129 ++++++++++++++++++ .../network-roles/evpn-vxlan-common/README.md | 2 + .../evpn-vxlan-common/install.sh | 8 ++ .../roles/evpn_vxlan_common/tasks/main.yaml | 7 + .../templates/evpn_routing_options.j2 | 23 ++++ .../templates/policy_options.j2 | 71 ++++++++++ .../roles/junos_commit_config/meta/main.yaml | 4 + .../roles/junos_commit_config/tasks/main.yaml | 42 ++++++ .../roles/junos_common/meta/main.yaml | 4 + .../roles/junos_common/tasks/main.yaml | 15 ++ .../roles/junos_common/templates/chassis.j2 | 21 +++ .../junos_common/templates/common_system.j2 | 35 +++++ .../templates/management_interface.j2 | 28 ++++ .../junos_common/templates/routing_options.j2 | 32 +++++ .../roles/junos_common/templates/snmp.j2 | 23 ++++ .../roles/junos_qfx_common/meta/main.yaml | 4 + .../roles/junos_qfx_common/tasks/main.yaml | 7 + .../junos_qfx_common/templates/system.j2 | 74 ++++++++++ .../templates/vqfx_pfe_interface.j2 | 24 ++++ .../network-roles/evpn-vxlan-erb/README.md | 2 + .../network-roles/evpn-vxlan-erb/install.sh | 8 ++ .../roles/evpn_vxlan_erb_leaf/tasks/main.yaml | 3 + .../templates/ibgp_leaf.j2 | 54 ++++++++ .../evpn_vxlan_erb_spine/tasks/main.yaml | 3 + .../templates/ibgp_spine_rr.j2 | 34 +++++ .../roles/evpn_vxlan_policy/tasks/main.yaml | 3 + .../templates/evpn_policy.j2 | 55 ++++++++ .../roles/evpn_vxlan_port/tasks/main.yaml | 3 + .../evpn_vxlan_port/templates/evpn_port.j2 | 74 ++++++++++ .../roles/evpn_vxlan_vni/tasks/main.yaml | 4 + .../evpn_vxlan_vni/templates/evpn_vni.j2 | 40 ++++++ .../roles/evpn_vxlan_vrf/tasks/main.yaml | 3 + .../evpn_vxlan_vrf/templates/evpn_vrf.j2 | 93 +++++++++++++ .../network-roles/evpn-vxlan-fi/.gitignore | 129 ++++++++++++++++++ .../network-roles/evpn-vxlan-fi/README.md | 2 + .../network-roles/evpn-vxlan-fi/install.sh | 8 ++ .../roles/evpn_vxlan_dci/tasks/main.yaml | 3 + .../templates/evpn_vxlan_dci.j2 | 48 +++++++ .../network-roles/evpn-vxlan-hb/.gitignore | 129 ++++++++++++++++++ .../network-roles/evpn-vxlan-hb/README.md | 2 + .../network-roles/evpn-vxlan-hb/install.sh | 8 ++ .../files/commit_config.expect | 18 +++ .../roles/healthbot_commit/tasks/main.yaml | 24 ++++ .../roles/healthbot_config/tasks/main.yaml | 16 +++ .../healthbot_config/templates/device.j2 | 36 +++++ .../templates/device_group.j2 | 19 +++ .../network-roles/evpn-vxlan-sb/.gitignore | 129 ++++++++++++++++++ .../network-roles/evpn-vxlan-sb/README.md | 2 + .../network-roles/evpn-vxlan-sb/install.sh | 8 ++ .../roles/srx_common/meta/main.yaml | 4 + .../roles/srx_common/tasks/main.yaml | 10 ++ .../roles/srx_common/templates/lldp.j2 | 19 +++ .../roles/srx_common/templates/security.j2 | 84 ++++++++++++ .../roles/srx_common/templates/system.j2 | 69 ++++++++++ .../roles/srx_firewall/meta/main.yaml | 4 + .../roles/srx_firewall/tasks/main.yaml | 16 +++ .../roles/srx_firewall/templates/fabric.j2 | 43 ++++++ .../srx_firewall/templates/firewall_port.j2 | 74 ++++++++++ .../roles/srx_firewall/templates/ospf.j2 | 23 ++++ .../templates/security_policies.j2 | 34 +++++ .../roles/srx_firewall/templates/zones.j2 | 39 ++++++ .../network-roles/mx_common/install.sh | 8 ++ .../network-roles/mx_common/tasks/main.yaml | 3 + .../mx_common/templates/mx_system.j2 | 62 +++++++++ ansible-ee/nita-ansible-ee.yml | 24 ++++ ansible-ee/requirements.txt | 5 + ansible-ee/requirements.yml | 12 ++ build_ansible_container.sh | 16 +++ build_awx_container.sh | 45 ++++++ build_ee_container.sh | 18 +++ network-roles/mx_common/install.sh | 8 ++ network-roles/mx_common/tasks/main.yaml | 3 + .../mx_common/templates/mx_system.j2 | 62 +++++++++ nita-awx | 1 + 90 files changed, 2688 insertions(+) create mode 100644 ansible-ee/README.md create mode 100644 ansible-ee/ansible.cfg create mode 100644 ansible-ee/bindep.txt create mode 100644 ansible-ee/context/Dockerfile create mode 100644 ansible-ee/context/_build/bindep.txt create mode 100644 ansible-ee/context/_build/requirements.txt create mode 100644 ansible-ee/context/_build/requirements.yml create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/README.md create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 create mode 100644 ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/README.md create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 create mode 100644 ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 create mode 100644 ansible-ee/context/network-roles/mx_common/install.sh create mode 100644 ansible-ee/context/network-roles/mx_common/tasks/main.yaml create mode 100644 ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 create mode 100644 ansible-ee/nita-ansible-ee.yml create mode 100644 ansible-ee/requirements.txt create mode 100644 ansible-ee/requirements.yml create mode 100755 build_ansible_container.sh create mode 100755 build_awx_container.sh create mode 100755 build_ee_container.sh create mode 100644 network-roles/mx_common/install.sh create mode 100644 network-roles/mx_common/tasks/main.yaml create mode 100644 network-roles/mx_common/templates/mx_system.j2 create mode 160000 nita-awx diff --git a/ansible-ee/README.md b/ansible-ee/README.md new file mode 100644 index 0000000..d0dea1d --- /dev/null +++ b/ansible-ee/README.md @@ -0,0 +1,88 @@ +

AWX Execution Environment

+ +Files located in this directory are used to create ansible execution environment for AWX/Ansible Tower. the ```build-container.sh``` script calls ansible-builder, which needs to be installed using pip (see https://ansible-builder.readthedocs.io/en/stable/installation/). Ansible-builder requires python3.8 or later to execute. [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) and [Docker](https://docs.docker.com/engine/install/ubuntu/) also need to be installed. You can also build the container directly by issuing the following commands: + +``` +cd context +docker build --tag "juniper/nita-ansible-ee:22.9" . +``` + +AWX requires ansible EEs to be pulled from a repository. For testing purposes you can setup a local repository. See the instructions at https://www.docker.com/blog/how-to-use-your-own-registry-2/. After building the container, you can add a local repository as follows: + +``` +docker run -d -p 5000:5000 --restart always --name registry registry +docker tag "localhost:5000/ansible-ee" +docker push localhost:5000/ansible-ee +``` + +After this simply define the localhost:5000/ansible-ee in your definition for an Execution Environment in AWX: + +![image](https://user-images.githubusercontent.com/6110061/187557638-8b0e00bf-9cfc-4f53-9ef3-c97e7fdf0ad0.png) + +

Notes

+ ++ The file ``bindep.txt`` and related configuration in ``nita-ansible-ee.yml`` are here for completeness. AWX documentation and some blogs indicated it is required although container seemed to build and operate fine without it. ++ This container is being tested against a version of the ebgp-wan example from the NITA project. Current files for the AWX test version can be found at https://github.com/wildsubnet/awx-test. There are certain incompatiabilities between NITA environment and AWX need to be worked out (see todo list below) + +## To-Do + +See https://github.com/users/wildsubnet/projects/1 for current list. Issues can be found at https://github.com/wildsubnet/nita-awx/issues + + +## AWX Screenshots + +How the NITA example data is being loaded into AWX for testing (as of September 22, 2022). + +### Template +image + + +### Project + +![image](https://user-images.githubusercontent.com/6110061/191846831-1f8644e1-96e2-496d-b77e-5a127d46ea61.png) + +### Inventories + +Note the variable data from ``groups_vars``. Also AWX requires an additional variable definition here ``ansible_python_interpreter: "{{ ansible_playbook_python }}"`` otherwise it will toss a missing module error because it runs the wrong python environment. See [this](https://www.reddit.com/r/ansible/comments/rb80pv/execution_environments_and_pip_module_locations/) thread. + +image + +### Hosts + +Each individual host has ``host_vars`` defined here + +image +image + +### Instance Groups + +In order to mount /var/tmp into ansible execution environment, you need to update the yaml file for the container group that creates the AWX worker. +image + +Example file: +``` +apiVersion: v1 +kind: Pod +metadata: + namespace: awx +spec: + serviceAccountName: default + automountServiceAccountToken: false + containers: + - image: quay.io/ansible/awx-ee:latest + name: worker + args: + - ansible-runner + - worker + - '--private-data-dir=/runner' + volumeMounts: + - mountPath: /var/tmp + name: nb-volume + readOnly: false + volumes: + - hostPath: + path: /var/tmp + type: "" + name: nb-volume +``` + diff --git a/ansible-ee/ansible.cfg b/ansible-ee/ansible.cfg new file mode 100644 index 0000000..a41a34c --- /dev/null +++ b/ansible-ee/ansible.cfg @@ -0,0 +1,7 @@ +[galaxy] +server_list = automation_hub + +[galaxy_server.automation_hub] +url=https://cloud.redhat.com/api/automation-hub/ +auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token +token=my_ah_token diff --git a/ansible-ee/bindep.txt b/ansible-ee/bindep.txt new file mode 100644 index 0000000..db1a0d7 --- /dev/null +++ b/ansible-ee/bindep.txt @@ -0,0 +1,4 @@ +python38-devel [platform:rpm compile] +subversion [platform:rpm] +subversion [platform:dpkg] +git-lfs [platform:rpm] diff --git a/ansible-ee/context/Dockerfile b/ansible-ee/context/Dockerfile new file mode 100644 index 0000000..de92e99 --- /dev/null +++ b/ansible-ee/context/Dockerfile @@ -0,0 +1,41 @@ +ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:latest +ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest + +FROM $EE_BASE_IMAGE as galaxy +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=-vvv +USER root + +ADD _build /build +WORKDIR /build + +RUN ansible-galaxy role install -r requirements.yml --roles-path "/usr/share/ansible/roles" +RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections" + +FROM $EE_BUILDER_IMAGE as builder + +COPY --from=galaxy /usr/share/ansible /usr/share/ansible + +ADD _build/requirements.txt requirements.txt +ADD _build/bindep.txt bindep.txt +RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt +RUN assemble + +FROM $EE_BASE_IMAGE +USER root +RUN whoami +RUN cat /etc/os-release + +COPY --from=galaxy /usr/share/ansible /usr/share/ansible + +COPY --from=builder /output/ /output/ +RUN /output/install-from-bindep && rm -rf /output/wheels +COPY network-roles network-roles +RUN cd network-roles/ebgp-ip-fabric && bash install.sh +RUN cd network-roles/evpn-vxlan-common && bash install.sh +RUN cd network-roles/evpn-vxlan-fi && bash install.sh +RUN cd network-roles/evpn-vxlan-erb && bash install.sh +RUN cd network-roles/evpn-vxlan-hb && bash install.sh +RUN cd network-roles/evpn-vxlan-sb && bash install.sh +COPY network-roles/mx_common/ /etc/ansible/roles/mx_common +RUN mkdir -p /var/nita_configs +RUN mkdir -p /var/tmp/build diff --git a/ansible-ee/context/_build/bindep.txt b/ansible-ee/context/_build/bindep.txt new file mode 100644 index 0000000..db1a0d7 --- /dev/null +++ b/ansible-ee/context/_build/bindep.txt @@ -0,0 +1,4 @@ +python38-devel [platform:rpm compile] +subversion [platform:rpm] +subversion [platform:dpkg] +git-lfs [platform:rpm] diff --git a/ansible-ee/context/_build/requirements.txt b/ansible-ee/context/_build/requirements.txt new file mode 100644 index 0000000..a0a10f0 --- /dev/null +++ b/ansible-ee/context/_build/requirements.txt @@ -0,0 +1,5 @@ +junos-eznc +pynetbox +jxmlease +xmltodict +dos2unix diff --git a/ansible-ee/context/_build/requirements.yml b/ansible-ee/context/_build/requirements.yml new file mode 100644 index 0000000..a9816e5 --- /dev/null +++ b/ansible-ee/context/_build/requirements.yml @@ -0,0 +1,12 @@ +--- + collections: + # Install a collection from Ansible Galaxy. + - name: netbox.netbox + version: '3.1.1' + # Install juniper.device collection from Ansible Galaxy. + - name: juniper.device + version: '1.0.1' + # Install junipernetworks collection from Ansible Galaxy. + - name: junipernetworks.junos + version: '3.1.0' + diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore b/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md b/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md new file mode 100644 index 0000000..a459657 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/README.md @@ -0,0 +1,2 @@ +# ebgp-ip-fabric +Ansible roles to configure a Juniper QFX with an EBGP based IP fabric diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh b/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml new file mode 100644 index 0000000..5c929e3 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/tasks/main.yaml @@ -0,0 +1,16 @@ +--- +- name: Creating base interfaces config + template: src="interfaces.j2" dest="{{ tmp_dir }}/interfaces.cfg" + +- name: Creating protocols config + template: src="protocols.j2" dest="{{ tmp_dir }}/protocols.cfg" + +- name: Creating policy-options config + template: src="policy-options.j2" dest="{{ tmp_dir }}/policy-options.cfg" + +- name: Creating forwarding-options config + template: src="forwarding-options.j2" dest="{{ tmp_dir }}/forwarding-options.cfg" + +- name: Creating routing-options config + template: src="routing-options.j2" dest="{{ tmp_dir }}/routing-options.cfg" + diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 new file mode 100644 index 0000000..69a4692 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/forwarding-options.j2 @@ -0,0 +1,19 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +forwarding-options { + storm-control-profiles default { + all; + } +} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 new file mode 100644 index 0000000..9e9ed29 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/interfaces.j2 @@ -0,0 +1,42 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +interfaces { +{% for intf in core_interfaces %} + {{ intf.int }} { +{% if intf.desc is defined %} + description "{{ intf.desc }}"; +{% endif %} +{% if intf.mac is defined %} + mac {{ intf.mac }}; +{% endif %} +{% if intf.ip is defined %} + unit 0 { + family inet { + address {{ intf.ip }}/{{ intf.mask }}; + } + } +{% endif %} + } +{% endfor %} + + lo0 { + unit 0 { + description "*** loopback ***"; + family inet { + address {{ loopback_ip }}/32; + } + } + } +} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 new file mode 100644 index 0000000..d601f9a --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/policy-options.j2 @@ -0,0 +1,45 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +policy-options { + policy-statement IPCLOS_BGP_EXP { + term loopback { + from protocol [ direct bgp ]; + then { + community add "{{ inventory_hostname }}"; + accept; + } + } + term default { + then reject; + } + } + policy-statement IPCLOS_BGP_IMP { + term loopback { + from protocol [ bgp direct ]; + then accept; + } + term default { + then reject; + } + } + policy-statement PFE-LB { + then { + load-balance per-packet; + } + } +{% for bgp in underlay_ebgp %} + community "{{ inventory_hostname }}" members "{{ bgp.autonomous_system }}:1"; +{% endfor %} +} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 new file mode 100644 index 0000000..7fe0536 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/protocols.j2 @@ -0,0 +1,47 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +protocols { + bgp { +{% for bgp in underlay_ebgp %} + group {{ bgp.group }} { + bfd-liveness-detection minimum-interval 1000; + bfd-liveness-detection multiplier 3; + export IPCLOS_BGP_EXP; + import IPCLOS_BGP_IMP; + type external; + mtu-discovery; + vpn-apply-export; + local-as "{{ bgp.autonomous_system }}"; + multipath { + multiple-as; + } +{% for neighbor in bgp.neighbors %} + neighbor {{ neighbor.name }} { + description "EBGP peering to {{ neighbor.name }}"; + peer-as {{ neighbor.asn }}; + } +{% endfor %} + } +{% endfor %} + } + + igmp-snooping { + vlan default; + } + + lldp { + interface all; + } +} diff --git a/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 new file mode 100644 index 0000000..c390064 --- /dev/null +++ b/ansible-ee/context/network-roles/ebgp-ip-fabric/roles/ebgp_ip_fabric/templates/routing-options.j2 @@ -0,0 +1,20 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +routing-options { + forwarding-table { + export PFE-LB; + ecmp-fast-reroute; + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/README.md b/ansible-ee/context/network-roles/evpn-vxlan-common/README.md new file mode 100644 index 0000000..178160e --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-common +Common ansible roles for deploying an EVPN VXLAN fabric diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml new file mode 100644 index 0000000..61b70e2 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- name: Creating common evpn routing options config + template: src=evpn_routing_options.j2 dest={{ tmp_dir }}/evpn_routing_options.cfg + +- name: Creating common evpn policy options config + template: src=policy_options.j2 dest={{ tmp_dir }}/evpn_policy_options.cfg + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 new file mode 100644 index 0000000..174baa5 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/evpn_routing_options.j2 @@ -0,0 +1,23 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +routing-options { + forwarding-table { + chained-composite-next-hop { + ingress { + evpn; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 new file mode 100644 index 0000000..17fb130 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/evpn_vxlan_common/templates/policy_options.j2 @@ -0,0 +1,71 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +policy-options { + policy-statement EVPN_T5_EXPORT { + term fm_direct { + from protocol direct; + then accept; + } + term fm_static { + from protocol static; + then accept; + } +{% if collapsed_spine is defined %} +{% if collapsed_spine %} + term fm_v4_default { + from { + protocol evpn; + protocol ospf; + route-filter 0.0.0.0/0 exact; + } + then accept; + } + term fm_v4_host { + from { + protocol evpn; + route-filter 0.0.0.0/0 prefix-length-range /32-/32; + } + then accept; + } +{% endif %} +{% else %} +{% if leaf_type == "border" %} + term fm_v4_default { + from { + protocol evpn; + protocol ospf; + route-filter 0.0.0.0/0 exact; + } + then accept; + } +{% else %} + term fm_v4_host { + from { + protocol evpn; + route-filter 0.0.0.0/0 prefix-length-range /32-/32; + } + then accept; + } +{% endif %} +{% endif %} + term fm_v6_host { + from { + protocol evpn; + route-filter 0::0/0 prefix-length-range /128-/128; + } + then accept; + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml new file mode 100644 index 0000000..e36cc4f --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/meta/main.yaml @@ -0,0 +1,4 @@ +--- +collections: + - juniper.device + - junipernetworks.junos diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml new file mode 100644 index 0000000..143b9da --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_commit_config/tasks/main.yaml @@ -0,0 +1,42 @@ +--- +- name: Assembling configurations + assemble: + src={{ tmp_dir }} + dest={{ junos_conf }} + mode={{ conf_file_mode | default('666') }} + regexp=.+\.cfg +# Use for Ansible 2.9 and lower +# - name: Pushing config ... please wait +# juniper_junos_config: +# user: "{{ netconf_user }}" +# passwd: "{{ netconf_passwd }}" +# load: 'override' +# src: "{{ junos_conf }}" +# commit: true +# diffs_file: "{{build_dir}}/log/{{ inventory_hostname }}-diff.log" +# logfile: "{{ log }}" +# comment: "Committed using NITA" +# timeout: "{{ netconf_timeout | default('300') }}" +# register: response +# - name: Commit response +# debug: +# var: response +# +# +# Use section below for device collection use for Ansible 2.10 and greater... +# +- name: Pushing config ... please wait + config: + user: "{{ netconf_user }}" + passwd: "{{ netconf_passwd }}" + load: 'override' + src: "{{ junos_conf }}" + commit: true + diffs_file: "{{build_dir}}/log/{{ inventory_hostname }}-diff.log" + logfile: "{{ log }}" + comment: "Committed using NITA" + timeout: "{{ netconf_timeout | default('300') }}" + register: response +- name: Commit response + debug: + var: response diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml new file mode 100644 index 0000000..e36cc4f --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/meta/main.yaml @@ -0,0 +1,4 @@ +--- +collections: + - juniper.device + - junipernetworks.junos diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml new file mode 100644 index 0000000..18bc799 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/tasks/main.yaml @@ -0,0 +1,15 @@ +--- +- name: Creating management interface + template: src=management_interface.j2 dest={{ tmp_dir }}/management_interface.cfg + +- name: Creating common SNMP config + template: src=snmp.j2 dest={{ tmp_dir }}/snmp.cfg + +- name: Creating common routing config + template: src=routing_options.j2 dest={{ tmp_dir }}/routing_options.cfg + +- name: Creating chassis config + template: src=chassis.j2 dest={{ tmp_dir }}/chassis.cfg + +- name: Enable grpc support + template: src=common_system.j2 dest={{ tmp_dir }}/common_system.cfg diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 new file mode 100644 index 0000000..2353017 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/chassis.j2 @@ -0,0 +1,21 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +chassis { + aggregated-devices { + ethernet { + device-count 24; + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 new file mode 100644 index 0000000..e97ab0b --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/common_system.j2 @@ -0,0 +1,35 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +system { + services { + extension-service { + request-response { + grpc { + clear-text { + address 0.0.0.0; + port 32767; + } + max-connections 30; + skip-authentication; + } + } + notification { + allow-clients { + address 0.0.0.0/0; + } + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 new file mode 100644 index 0000000..3b692a5 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/management_interface.j2 @@ -0,0 +1,28 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +interfaces { + {{ management_interface.int }} { + unit 0 { + description "*** management ***"; + family inet { +{% if management_interface.ip is defined %} + address {{ management_interface.ip }}/{{ management_interface.mask }}; +{% else %} + dhcp; +{% endif %} + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 new file mode 100644 index 0000000..9517ada --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/routing_options.j2 @@ -0,0 +1,32 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +routing-options { +{% if loopback_ip is defined %} + router-id {{ loopback_ip }}; +{% endif %} +{% if routing_options is defined %} +{% for route in routing_options %} + {% if route.destination == "discard" %} + static { + route {{ route.static }} {{ route.destination }}; + } + {% else %} + static { + route {{ route.static }} next-hop {{ route.destination }}; + } + {% endif %} +{% endfor %} +{% endif %} +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 new file mode 100644 index 0000000..18e749b --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_common/templates/snmp.j2 @@ -0,0 +1,23 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +snmp { + location "{{ snmp.location }}"; + contact "{{ snmp.contact }}"; + {% for community in snmp.communities %} + community {{ community.name }} { + authorization read-only; + } + {% endfor %} +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml new file mode 100644 index 0000000..e36cc4f --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/meta/main.yaml @@ -0,0 +1,4 @@ +--- +collections: + - juniper.device + - junipernetworks.junos diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml new file mode 100644 index 0000000..213cddf --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- name: Creating vqfx pfe interface + template: src=vqfx_pfe_interface.j2 dest={{ tmp_dir }}/vqfx_pfe_interface.cfg + +- name: Creating common system config + template: src=system.j2 dest={{ tmp_dir }}/system.cfg + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 new file mode 100644 index 0000000..6c71f83 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/system.j2 @@ -0,0 +1,74 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +system { + host-name {{ inventory_hostname }}; + root-authentication { + encrypted-password "{{ password_hashes.root_user }}"; # SECRET-DATA + } + services { + ssh { + root-login allow; + } + netconf { + ssh; + } + rest { + http { + port 3000; + } + enable-explorer; + } + } + login { + message "{{ login_message }}"; + user jcluser { + class super-user; + uid 2000; + authentication { + encrypted-password "{{ password_hashes.netadmin_user }}"; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + {% if ntp_server is defined %} + ntp { + server {{ ntp_server }}; + } + {% endif %} + {% if time_zone is defined %} + time-zone {{ time_zone }}; + {% endif %} + extensions { + providers { + juniper { + license-type juniper deployment-scope commercial; + } + chef { + license-type juniper deployment-scope commercial; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 new file mode 100644 index 0000000..3594521 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-common/roles/junos_qfx_common/templates/vqfx_pfe_interface.j2 @@ -0,0 +1,24 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +interfaces { + em1 { + unit 0 { + description "*** to pfe ***" + family inet { + address 169.254.0.2/24; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md new file mode 100644 index 0000000..08ac962 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-erb +Ansible roles to configure Juniper QFX in an EVPN VXLAN ERB architecture diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml new file mode 100644 index 0000000..cc2bfd8 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure BGP + EVPN for ERB leaf + template: src="ibgp_leaf.j2" dest="{{ tmp_dir }}/ibgp_leaf.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 new file mode 100644 index 0000000..9356735 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_leaf/templates/ibgp_leaf.j2 @@ -0,0 +1,54 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +protocols { + bgp { +{% for bgp in evpn_ibgp %} + group {{ bgp.group }} { + type internal; + local-address {{ loopback_ip }}; + family evpn { + signaling; + } + cluster {{ loopback_ip }}; + local-as {{ autonomous_system }}; + multipath; +{% for neighbor in bgp.neighbors %} + neighbor {{ neighbor.name }}; +{% endfor %} + } +{% endfor %} + } + evpn { + encapsulation vxlan; + multicast-mode ingress-replication; + default-gateway do-not-advertise; +{% if leaf_type != "border" %} + extended-vni-list all; +{% endif %} +{%if collapsed_spine is defined %} +{%if collapsed_spine %} + no-core-isolation; +{% endif %} +{% endif %} + } +} +switch-options { + vtep-source-interface lo0.0; + route-distinguisher {{ loopback_ip }}:9999; + vrf-target { + target:9999:9999; + auto; + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml new file mode 100644 index 0000000..fcef9a9 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Create iBGP route reflector + template: src="ibgp_spine_rr.j2" dest="{{ tmp_dir }}/ibgp_spine_rr.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 new file mode 100644 index 0000000..5937f4a --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_erb_spine/templates/ibgp_spine_rr.j2 @@ -0,0 +1,34 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +protocols { + bgp { +{% for bgp in evpn_ibgp %} + group EVPN_iBGP { + type internal; + local-address {{ loopback_ip }}; + family evpn { + signaling; + } + cluster {{ loopback_ip }}; + local-as {{ autonomous_system }}; + multipath; + allow {{ loopback_subnet }}; +{% for neighbor in bgp.neighbors %} + neighbor {{ neighbor.name }}; +{% endfor %} + } +{% endfor %} + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml new file mode 100644 index 0000000..4c63492 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure routing policies + template: src="evpn_policy.j2" dest="{{ tmp_dir }}/evpn_policy.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 new file mode 100644 index 0000000..ead9f62 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_policy/templates/evpn_policy.j2 @@ -0,0 +1,55 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if export_policies is defined %} +{% for policy in export_policies %} +policy-options { + policy-statement {{ policy.name }}_exp { + term export_local { + from protocol direct; + then { + community add {{ policy.name }}_comm; + accept; + } + } + term export { + then { + community add {{ policy.name }}_comm; + accept; + } + } + } + community {{ policy.name }}_comm members {{ policy.target }}; +} +{% endfor %} +{% endif %} +{% if import_policies is defined %} +{% for policy in import_policies %} +policy-options { + policy-statement {{ policy.name }}_imp { + term bgp { + from { +{% for community in policy.communities %} + community {{ community.name }}_comm; +{% endfor %} + } + then accept; + } + term end { + then reject; + } + } +} +{% endfor %} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml new file mode 100644 index 0000000..c4ac7ee --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure evpn vxlan ports + template: src="evpn_port.j2" dest="{{ tmp_dir }}/evpn_port.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 new file mode 100644 index 0000000..8c1ffd0 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_port/templates/evpn_port.j2 @@ -0,0 +1,74 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if evpn_port is defined %} +interfaces { +{% for port in evpn_port %} + {{ port.interface }} { +{% if port.esi is defined %} + esi { + {{ port.esi }}; + all-active; + } + aggregated-ether-options{ + lacp { + active; + periodic fast; + system-id {{ port.system_id }}; + } + } +{% endif %} +{% if port.vlan_id is defined %} + vlan-tagging; +{% endif %} + unit {{ port.vlan_id | default("0", true) }} { +{% if port.description is defined %} + description "{{ port.description }}"; +{% endif %} +{% if port.members is defined %} + family { + ethernet-switching { + vlan { +{% for item in port.members %} + members {{ item.id }}; +{% endfor %} + } + } + } +{% else %} +{% if port.vlan_id is defined %} + vlan-id {{ port.vlan_id }}; +{% endif %} +{% if port.ip is defined %} + family { + inet { + address {{ port.ip }}; + } + } +{% endif %} +{% endif %} + } + } +{% if port.lag_members is defined %} +{% for item in port.lag_members %} + {{ item.interface }} { + ether-options { + 802.3ad {{ port.interface }}; + } + } +{% endfor %} +{% endif %} +{% endfor %} +} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml new file mode 100644 index 0000000..97e5ece --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- name: Configure VNIs + IRBs + template: src="evpn_vni.j2" dest="{{ tmp_dir }}/evpn_vni.cfg" + when: leaf_type != "border" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 new file mode 100644 index 0000000..12b5fca --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vni/templates/evpn_vni.j2 @@ -0,0 +1,40 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +interfaces { +{% for vni in vnis %} + irb { + unit {{ vni.id }} { + family inet { +{% for item in vni.irb_ips %} + address {{ item.ip }}; +{% endfor %} + } + mac {{ vni.irb_mac }}; + } + } +{% endfor %} +} + +vlans { +{% for vni in vnis %} + vlan_{{ vni.id }} { + vlan-id {{ vni.id }}; + l3-interface irb.{{ vni.id }}; + vxlan { + vni {{ vni.id }}; + } + } +{% endfor %} +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml new file mode 100644 index 0000000..3701a58 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure VRFs + template: src="evpn_vrf.j2" dest="{{ tmp_dir }}/evpn_vrf.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 new file mode 100644 index 0000000..e3337f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-erb/roles/evpn_vxlan_vrf/templates/evpn_vrf.j2 @@ -0,0 +1,93 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if vrfs is defined %} +{% for vrf in vrfs %} +interfaces lo0 { + unit {{ vrf.vrf_id }} { + description "Loopback for VXLAN control packets for VRF_{{ vrf.vrf_id }}"; + family inet { + address {{ vrf.loopback_ip }}/32; + } + } +} +routing-instances { + VRF_{{ vrf.vrf_id }} { + instance-type vrf; +{% if vrf.interfaces is defined %} +{% for interface in vrf.interfaces %} + interface {{ interface.name }}; +{% endfor %} +{% endif %} + interface lo0.{{ vrf.vrf_id }}; + route-distinguisher {{ vrf.loopback_ip }}:{{ vrf.vrf_id }}; + vrf-target target:1:{{ vrf.vrf_id }}; +{% if vrf.export is defined %} + vrf-export {{ vrf.export }}_exp; +{% endif %} +{% if vrf.import is defined %} + vrf-import {{ vrf.import }}_imp; +{% endif %} + vrf-table-label; + routing-options { + auto-export; + } + protocols { + evpn { + ip-prefix-routes { + advertise direct-nexthop; + encapsulation vxlan; + vni {{ vrf.vrf_id }}; + export EVPN_T5_EXPORT; + } + } +{% if vrf.ospf_interfaces is defined %} +{% for interface in vrf.ospf_interfaces %} + ospf { + export to-ospf; + area 0.0.0.0 { + interface {{ interface.name }} { + metric {{ interface.metric }}; + } + } + } +{% endfor %} +{% endif %} + } + } +} +{% if vrf.ospf_interfaces is defined %} +policy-options { + policy-statement to-ospf { + term 10 { +{% if collapsed_spine is defined %} +{% if collapsed_spine %} +{% for vni in vnis %} +{% for interface in vni.irb_ips %} + from route-filter {{ interface.subnet }} orlonger; +{% endfor %} +{% endfor %} +{% endif %} +{% endif %} + from protocol evpn; + then accept; + } + term 100 { + then reject; + } + } +} +{% endif %} +{% endfor %} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md b/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md new file mode 100644 index 0000000..5232886 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-fi +Ansible roles for EVPN VXLAN data center fabric interconnect configuration, between pods/datacenters/campus/etc. diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml new file mode 100644 index 0000000..ec6632e --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Configure DCI eBGP + template: src="evpn_vxlan_dci.j2" dest="{{ tmp_dir }}/evpn_vxlan_dci.cfg" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 new file mode 100644 index 0000000..1a3196c --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-fi/roles/evpn_vxlan_dci/templates/evpn_vxlan_dci.j2 @@ -0,0 +1,48 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if dci_ebgp is defined %} +protocols { + bgp { +{% for bgp in dci_ebgp %} + group {{ bgp.group }} { + type external; + local-address "{{ loopback_ip }}"; + local-as "{{ autonomous_system }}"; + multipath { + multiple-as; + } + multihop { + no-nexthop-change; + } + family evpn { + signaling { + delay-route-advertisements { + minimum-delay { + routing-uptime 480; + } + } + } + } +{% for neighbor in bgp.neighbors %} + neighbor {{ neighbor.name }} { + description "DCI EBGP peering to {{ neighbor.name }}"; + peer-as {{ neighbor.asn }}; + } +{% endfor %} + } +{% endfor %} + } +} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md new file mode 100644 index 0000000..9155557 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-hb +Ansible roles to support using Healthbot and EVPN VXLAN diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect new file mode 100644 index 0000000..18abec2 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/files/commit_config.expect @@ -0,0 +1,18 @@ +#!/usr/bin/expect + +spawn docker-compose -p healthbot -f /var/local/healthbot/healthbot_mgd.yaml exec mgd /usr/sbin/cli +expect "> " +send "request healthbot load | no-more\n" +expect "> " +send "configure\n" +expect "# " +send "load merge /config/healthbot.conf | no-more\n" +expect "# " +send "commit and-quit\n" +expect "> " +send "request healthbot deploy\n" +expect "Do you want to continue (y/n) ? " +send "y\n" +expect "Do you want to continue (y/n) ? " +send "y\n" +expect "> " diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml new file mode 100644 index 0000000..1e24c87 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_commit/tasks/main.yaml @@ -0,0 +1,24 @@ +--- +- name: installing expect + become: yes + apt: + name: expect + +- name: install healthbot commit_config.expect script + become: yes + copy: + src: commit_config.expect + dest: /root/commit_config.expect + mode: 0755 + +- name: copy configuration file + become: yes + copy: + src: "{{ build_dir }}/healthbot.conf" + dest: /var/local/healthbot/mgd_config/healthbot.conf + mode: 0644 + +- name: execute expect script to commit configuration to healthbot + become: yes + shell: "/root/commit_config.expect" + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml new file mode 100644 index 0000000..f0de114 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/tasks/main.yaml @@ -0,0 +1,16 @@ +--- +- name: Configure healthbot device + template: src="device.j2" dest="{{ tmp_dir }}/device.cfg" + +- name: Configure healthbot device group + template: src="device_group.j2" dest="{{ tmp_dir }}/device_group.cfg" + +- name: Assembling configurations per device + assemble: + src={{ build_dir }}/{{ inventory_hostname }}/tmp + dest={{ build_dir }}/{{ inventory_hostname }}/healthbot.conf + mode={{ conf_file_mode | default('666') }} + regexp=.+\.cfg + +- name: Append to common configuration + shell: "cat {{ build_dir }}/{{ inventory_hostname }}/healthbot.conf >> {{ build_dir }}/healthbot.conf" diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 new file mode 100644 index 0000000..abd0818 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device.j2 @@ -0,0 +1,36 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +healthbot { + device {{ inventory_hostname }} { + host {{ management_interface.ip }}; + open-config { + port 32767; + } + iAgent { + port 830; + } + authentication { + password { + username "{{ netconf_user }}"; + password "{{ netconf_passwd }}"; + } + } + vendor { + juniper { + operating-system junos; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 new file mode 100644 index 0000000..06123f7 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-hb/roles/healthbot_config/templates/device_group.j2 @@ -0,0 +1,19 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +healthbot { + device-group {{ healthbot_device_group }} { + devices [ {{ inventory_hostname }} ]; + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore b/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore new file mode 100644 index 0000000..b6e4761 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md b/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md new file mode 100644 index 0000000..a2147dd --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/README.md @@ -0,0 +1,2 @@ +# evpn-vxlan-sb +EVPN VXLAN data center service block diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh b/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml new file mode 100644 index 0000000..e36cc4f --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/meta/main.yaml @@ -0,0 +1,4 @@ +--- +collections: + - juniper.device + - junipernetworks.junos diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml new file mode 100644 index 0000000..54ea591 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/tasks/main.yaml @@ -0,0 +1,10 @@ +--- +- name: Creating common system config + template: src=system.j2 dest={{ tmp_dir }}/system.cfg + +- name: Creating security config + template: src=security.j2 dest={{ tmp_dir }}/security.cfg + +- name: Creating lldp config + template: src=lldp.j2 dest={{ tmp_dir }}/lldp.cfg + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 new file mode 100644 index 0000000..935f22c --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/lldp.j2 @@ -0,0 +1,19 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +protocols { + lldp { + interface all; + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 new file mode 100644 index 0000000..4dccecd --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/security.j2 @@ -0,0 +1,84 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +security { + log { + mode stream; + report; + } + screen { + ids-option untrust-screen { + icmp { + ping-death; + } + ip { + source-route-option; + tear-drop; + } + tcp { + syn-flood { + alarm-threshold 1024; + attack-threshold 200; + source-threshold 1024; + destination-threshold 2048; + queue-size 2000; + timeout 20; + } + land; + } + } + } + policies { + from-zone trust to-zone trust { + policy default-permit { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + from-zone trust to-zone untrust { + policy default-permit { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + } + zones { + security-zone trust { + tcp-rst; + host-inbound-traffic { + system-services { + all; + } + protocols { + all; + } + } + } + security-zone untrust { + screen untrust-screen; + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 new file mode 100644 index 0000000..b341c62 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_common/templates/system.j2 @@ -0,0 +1,69 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +system { + host-name {{ inventory_hostname }}; + root-authentication { + encrypted-password "{{ password_hashes.root_user }}"; # SECRET-DATA + } + services { + ssh { + root-login allow; + } + netconf { + ssh; + } + rest { + http { + port 3000; + } + enable-explorer; + } + } + login { + message "{{ login_message }}"; + user jcluser { + class super-user; + uid 2000; + authentication { + encrypted-password "{{ password_hashes.netadmin_user }}"; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + license { + autoupdate { + url https://ae1.juniper.net/junos/key_retrieval; + } + } + {% if ntp_server is defined %} + ntp { + server {{ ntp_server }}; + } + {% endif %} + {% if time_zone is defined %} + time-zone {{ time_zone }}; + {% endif %} +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml new file mode 100644 index 0000000..e36cc4f --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/meta/main.yaml @@ -0,0 +1,4 @@ +--- +collections: + - juniper.device + - junipernetworks.junos diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml new file mode 100644 index 0000000..ac376c2 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/tasks/main.yaml @@ -0,0 +1,16 @@ +--- +- name: Creating firewall port config + template: src=firewall_port.j2 dest={{ tmp_dir }}/firewall_port.cfg + +- name: Creating ospf config + template: src=ospf.j2 dest={{ tmp_dir }}/ospf.cfg + +- name: Creating fabric routing instance config + template: src=fabric.j2 dest={{ tmp_dir }}/fabric.cfg + +- name: Creating zones config + template: src=zones.j2 dest={{ tmp_dir }}/zones.cfg + +- name: Creating security policies config + template: src=security_policies.j2 dest={{ tmp_dir }}/security_policies.cfg + diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 new file mode 100644 index 0000000..385c12c --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/fabric.j2 @@ -0,0 +1,43 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +routing-instances { + fabric { + instance-type virtual-router; +{% for port in firewall_port %} + interface {{ port.interface }}.{{ port.vlan_id | default("0", true) }}; +{% endfor %} + routing-options { + static { + route 0.0.0.0/0 discard; + } + } + protocols { + ospf { + export ospf-default; + area 0.0.0.0 { +{% if vrfs is defined %} +{% for vrf in vrfs %} +{% if vrf.ospf_interfaces is defined %} +{% for interface in vrf.ospf_interfaces %} + interface {{ interface.name }}; +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + } + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 new file mode 100644 index 0000000..9bdb388 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/firewall_port.j2 @@ -0,0 +1,74 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if firewall_port is defined %} +interfaces { +{% for port in firewall_port %} + {{ port.interface }} { +{% if port.esi is defined %} + esi { + {{ port.esi }}; + all-active; + } + aggregated-ether-options{ + lacp { + active; + periodic fast; + system-id {{ port.system_id }}; + } + } +{% endif %} +{% if port.vlan_id is defined %} + vlan-tagging; +{% endif %} + unit {{ port.vlan_id | default("0", true) }} { +{% if port.description is defined %} + description "{{ port.description }}"; +{% endif %} +{% if port.members is defined %} + family { + ethernet-switching { + vlan { +{% for item in port.members %} + members {{ item.id }}; +{% endfor %} + } + } + } +{% else %} +{% if port.vlan_id is defined %} + vlan-id {{ port.vlan_id }}; +{% endif %} +{% if port.ip is defined %} + family { + inet { + address {{ port.ip }}; + } + } +{% endif %} +{% endif %} + } + } +{% if port.lag_members is defined %} +{% for item in port.lag_members %} + {{ item.interface }} { + ether-options { + 802.3ad {{ port.interface }}; + } + } +{% endfor %} +{% endif %} +{% endfor %} +} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 new file mode 100644 index 0000000..6862550 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/ospf.j2 @@ -0,0 +1,23 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +policy-options { + policy-statement ospf-default { + term 1 { + from { + route-filter 0.0.0.0/0 exact accept; + } + } + } +} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 new file mode 100644 index 0000000..95eda37 --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/security_policies.j2 @@ -0,0 +1,34 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +{% if firewall_rules is defined %} +security { +{% for rule in firewall_rules %} + policies { + from-zone {{ rule.from_zone }} to-zone {{ rule.to_zone }} { + policy default-permit { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + } +{% endfor %} +} +{% endif %} diff --git a/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 new file mode 100644 index 0000000..628b52a --- /dev/null +++ b/ansible-ee/context/network-roles/evpn-vxlan-sb/roles/srx_firewall/templates/zones.j2 @@ -0,0 +1,39 @@ +#jinja2:lstrip_blocks: True +## ******************************************************** +## +## Project: nita-ansible +## +## Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +## +## Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +## +## SPDX-License-Identifier: Apache-2.0 +## +## Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +## +## ******************************************************** +security { + zones { +{% if vrfs is defined %} +{% for vrf in vrfs %} + security-zone VRF_{{ vrf.vrf_id }} { + host-inbound-traffic { + system-services { + all; + } + protocols { + all; + } + } +{% if vrf.ospf_interfaces is defined %} + interfaces { +{% for interface in vrf.ospf_interfaces %} + {{ interface.name }}; +{% endfor %} + } +{% endif %} + } +{% endfor %} +{% endif %} + } +} diff --git a/ansible-ee/context/network-roles/mx_common/install.sh b/ansible-ee/context/network-roles/mx_common/install.sh new file mode 100644 index 0000000..6d8f2f4 --- /dev/null +++ b/ansible-ee/context/network-roles/mx_common/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ANSIBLEROLES=${ANSIBLEROLES:=/etc/ansible/roles} + +mkdir -p ${ANSIBLEROLES} +cp -r roles/* ${ANSIBLEROLES} diff --git a/ansible-ee/context/network-roles/mx_common/tasks/main.yaml b/ansible-ee/context/network-roles/mx_common/tasks/main.yaml new file mode 100644 index 0000000..60c0370 --- /dev/null +++ b/ansible-ee/context/network-roles/mx_common/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- name: Creating common SNMP config + template: src=mx_system.j2 dest={{ tmp_dir }}/mx_system.cfg diff --git a/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 b/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 new file mode 100644 index 0000000..fdcf007 --- /dev/null +++ b/ansible-ee/context/network-roles/mx_common/templates/mx_system.j2 @@ -0,0 +1,62 @@ +system { + host-name {{ inventory_hostname }}; + root-authentication { + encrypted-password "{{ password_hashes.root_user }}"; ## SECRET-DATA + } + scripts { + language python; + } + login { + message "{{ login_message }}"; + user jcluser { + uid 2000; + class super-user; + authentication { + encrypted-password "{{ password_hashes.netadmin_user }}"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + netconf { + ssh; + } + rest { + http { + port 3000; + } + enable-explorer; + } + } + syslog { + user * { + any emergency; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + processes { + dhcp-service { + traceoptions { + file dhcp_logfile size 10m; + level all; + flag packet; + } + } + } + {% if ntp_server is defined %} + ntp { + server {{ ntp_server }}; + } + {% endif %} + {% if time_zone is defined %} + time-zone {{ time_zone }}; + {% endif %} +} diff --git a/ansible-ee/nita-ansible-ee.yml b/ansible-ee/nita-ansible-ee.yml new file mode 100644 index 0000000..93b030e --- /dev/null +++ b/ansible-ee/nita-ansible-ee.yml @@ -0,0 +1,24 @@ +--- +version: 1 +build_arg_defaults: + ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "-vvv" +dependencies: + galaxy: requirements.yml + python: requirements.txt + system: bindep.txt + +additional_build_steps: + prepend: | + RUN whoami + RUN cat /etc/os-release + append: + - COPY network-roles network-roles + - RUN cd network-roles/ebgp-ip-fabric && bash install.sh + - RUN cd network-roles/evpn-vxlan-common && bash install.sh + - RUN cd network-roles/evpn-vxlan-fi && bash install.sh + - RUN cd network-roles/evpn-vxlan-erb && bash install.sh + - RUN cd network-roles/evpn-vxlan-hb && bash install.sh + - RUN cd network-roles/evpn-vxlan-sb && bash install.sh + - COPY network-roles/mx_common/ /etc/ansible/roles/mx_common + - RUN mkdir -p /var/nita_configs + - RUN mkdir -p /var/tmp/build diff --git a/ansible-ee/requirements.txt b/ansible-ee/requirements.txt new file mode 100644 index 0000000..a0a10f0 --- /dev/null +++ b/ansible-ee/requirements.txt @@ -0,0 +1,5 @@ +junos-eznc +pynetbox +jxmlease +xmltodict +dos2unix diff --git a/ansible-ee/requirements.yml b/ansible-ee/requirements.yml new file mode 100644 index 0000000..a9816e5 --- /dev/null +++ b/ansible-ee/requirements.yml @@ -0,0 +1,12 @@ +--- + collections: + # Install a collection from Ansible Galaxy. + - name: netbox.netbox + version: '3.1.1' + # Install juniper.device collection from Ansible Galaxy. + - name: juniper.device + version: '1.0.1' + # Install junipernetworks collection from Ansible Galaxy. + - name: junipernetworks.junos + version: '3.1.0' + diff --git a/build_ansible_container.sh b/build_ansible_container.sh new file mode 100755 index 0000000..a6cc922 --- /dev/null +++ b/build_ansible_container.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-ansible +# +# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** + +docker build -t juniper/nita-ansible:22.8-1 . diff --git a/build_awx_container.sh b/build_awx_container.sh new file mode 100755 index 0000000..13fb0b0 --- /dev/null +++ b/build_awx_container.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# ******************************************************** +# +# Project: nita-awx +# +# Copyright (c) Juniper Networks, Inc., 2022. All rights reserved. +# +# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html +# +# SPDX-License-Identifier: Apache-2.0 +# +# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. +# +# ******************************************************** +cd nita-awx +git clone https://github.com/ansible/awx-operator.git +export NAMESPACE=awx +kubectl create ns $NAMESPACE +sudo kubectl config set-context --current --namespace=$NAMESPACE +kubectl get pods +cd awx-operator +git checkout 2.1.0 +make deploy +kubectl get pods +cat < Date: Wed, 31 May 2023 11:47:58 -0700 Subject: [PATCH 26/27] Cleanup --- awx/LICENSE.txt | 202 +++++++++++++++++++++++++++++++++++++++++ awx/NOTICES.txt | 33 +++++++ awx/README.md | 58 ++++++++++++ awx/VERSION.txt | 1 + awx/awx-deploy.yml | 16 ++++ awx/awx-operator | 1 + awx/dnsutils.yml | 14 +++ build_awx_container.sh | 2 +- build_container.sh | 16 ---- nita-awx | 1 - 10 files changed, 326 insertions(+), 18 deletions(-) create mode 100644 awx/LICENSE.txt create mode 100644 awx/NOTICES.txt create mode 100644 awx/README.md create mode 100644 awx/VERSION.txt create mode 100644 awx/awx-deploy.yml create mode 160000 awx/awx-operator create mode 100644 awx/dnsutils.yml delete mode 100755 build_container.sh delete mode 160000 nita-awx diff --git a/awx/LICENSE.txt b/awx/LICENSE.txt new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/awx/LICENSE.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/awx/NOTICES.txt b/awx/NOTICES.txt new file mode 100644 index 0000000..90ebf98 --- /dev/null +++ b/awx/NOTICES.txt @@ -0,0 +1,33 @@ +NOTICES FOR THIRD-PARTY CODE/DEPENDENCIES + +Name: Python (Python Software Foundation). +URL: https://www.python.org +License: https://docs.python.org/3/license.html + +Name: PIP (Python Packaging Authority (PyPA)). +URL: https://pip.pypa.io/en/stable/ +License: MIT License (MIT) + +Name: junos-eznc (Junos 'EZ' automation for non-programmers) +URL: https://pypi.org/project/junos-eznc/ +License: Apache Software License (Apache 2.0) + +Name: pynetbox (NetBox API client library) +URL: https://pypi.org/project/pynetbox/ +License: Apache2 + +Name: Juniper Ansible collection for Junos +URL: https://galaxy.ansible.com/juniper/junos +License: Apache 2.0 + +Name: NetBox modules for Ansible using Ansible Collections +URL: https://galaxy.ansible.com/netbox/netbox +License: https://github.com/netbox-community/ansible_modules/blob/devel/LICENSE + +Name: ansible/ansible-runner (A tool and python library for interfacing with Ansible ) +URL: https://hub.docker.com/r/ansible/ansible-runner +License: https://github.com/ansible/ansible-runner/blob/devel/LICENSE.md + +Name: jxmlease (jxmlease converts between XML and intelligent Python data structures) +URL: https://pypi.org/project/jxmlease/ +License: MIT License (MIT) diff --git a/awx/README.md b/awx/README.md new file mode 100644 index 0000000..c60a852 --- /dev/null +++ b/awx/README.md @@ -0,0 +1,58 @@ +# nita-awx + +This is a work in progress and represents the files used to create an AWX instance running along side an existing NITA (docker based) install. This is being used to test the AWX execution environment. AWX requires kubernetes. + +## Folders + +ansible-ee - setup files to build ansible execution environment based on https://github.com/juniper/nita-ansible container. + + +## Installation + +1. Install Kubernetes. The build script assumes kubernetes is already installed. K3s (https://k3s.io/) was used to test this installation procedure. To install k3s issue the following commands: +``` +curl -sfL https://get.k3s.io | sudo bash - +sudo chmod 644 /etc/rancher/k3s/k3s.yaml +``` + +You can test the installation of k3s with the following commands: +``` +kubectl get nodes +kubectl version --short +``` + +2. Install AWX using the provided script as show below. This does a few things in addition to pulling a specific version of AWX. The script creates a namespace in k8s called ```awx```. It also creates the pods required to run AWX and spins up a service running on default ports for AWX. + +``` +cd nita-awx +./build_container.sh +``` + +3. After installing AWX, you should create a superuser. This can be done by initiating a bash shell on the awx-web pod and executing the appropriate command (follow the prompts): + +``` +kubectl exec -ti deploy/awx -c awx-web -- "/bin/bash" +bash-5.1$ awx-manage createsuperuser +``` + +4. Finally you will need an ansible execution environment. + +``` +cd ansible-ee +./build_container.sh +``` + +See [ansible-ee/README.md](ansible-ee/README.md) for details. + +## Updating + +In order to update versions of AWX, simply run the following commands and re-run the installation script: + +``` +kubectl delete deployment awx-operator-controller-manager +kubectl delete serviceaccount awx-operator-controller-manager +kubectl delete rolebinding awx-operator-awx-manager-rolebinding +kubectl delete role awx-operator-awx-manager-role +``` + + diff --git a/awx/VERSION.txt b/awx/VERSION.txt new file mode 100644 index 0000000..8dc248c --- /dev/null +++ b/awx/VERSION.txt @@ -0,0 +1 @@ +22.8 diff --git a/awx/awx-deploy.yml b/awx/awx-deploy.yml new file mode 100644 index 0000000..b9b62c4 --- /dev/null +++ b/awx/awx-deploy.yml @@ -0,0 +1,16 @@ +--- +apiVersion: awx.ansible.com/v1beta1 +kind: AWX +metadata: + name: awx +spec: + service_type: nodeport + projects_persistence: true + projects_storage_access_mode: ReadWriteOnce + web_extra_volume_mounts: | + - name: static-data + mountPath: /var/lib/projects + extra_volumes: | + - name: static-data + persistentVolumeClaim: + claimName: static-data-pvc diff --git a/awx/awx-operator b/awx/awx-operator new file mode 160000 index 0000000..4fe482b --- /dev/null +++ b/awx/awx-operator @@ -0,0 +1 @@ +Subproject commit 4fe482b77b7fe7a6da1b36f2d23cc3428728e6d3 diff --git a/awx/dnsutils.yml b/awx/dnsutils.yml new file mode 100644 index 0000000..58b7f6e --- /dev/null +++ b/awx/dnsutils.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: dnsutils + namespace: awx +spec: + containers: + - name: dnsutils + image: registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3 + command: + - sleep + - "infinity" + imagePullPolicy: IfNotPresent + restartPolicy: Always diff --git a/build_awx_container.sh b/build_awx_container.sh index 13fb0b0..3e95538 100755 --- a/build_awx_container.sh +++ b/build_awx_container.sh @@ -12,7 +12,7 @@ # Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. # # ******************************************************** -cd nita-awx +cd awx git clone https://github.com/ansible/awx-operator.git export NAMESPACE=awx kubectl create ns $NAMESPACE diff --git a/build_container.sh b/build_container.sh deleted file mode 100755 index a6cc922..0000000 --- a/build_container.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# ******************************************************** -# -# Project: nita-ansible -# -# Copyright (c) Juniper Networks, Inc., 2021. All rights reserved. -# -# Notice and Disclaimer: This code is licensed to you under the Apache 2.0 License (the "License"). You may not use this code except in compliance with the License. This code is not an official Juniper product. You can obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.html -# -# SPDX-License-Identifier: Apache-2.0 -# -# Third-Party Code: This code may depend on other components under separate copyright notice and license terms. Your use of the source code for those components is subject to the terms and conditions of the respective license as noted in the Third-Party source code file. -# -# ******************************************************** - -docker build -t juniper/nita-ansible:22.8-1 . diff --git a/nita-awx b/nita-awx deleted file mode 160000 index 0ebc6ef..0000000 --- a/nita-awx +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 0ebc6ef779dbb7111e10f936198bf13d6dede335 From edeb92b4e98dc8cc5c77f0702a5754497402ad68 Mon Sep 17 00:00:00 2001 From: Matthew Tighe Date: Wed, 31 May 2023 12:10:01 -0700 Subject: [PATCH 27/27] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0553ba6..5030428 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # NITA Ansible 23.p -Welcome to NITA 23.p pre-release. +Welcome to NITA 23.p pre-release. This is a testing release that includes scripts for building ansible execution environment for use with AWX. The execution environment is based on the nita-ansible docker build. Also included is a script to install AWX. See the individual readme files under the ansible-ee and awx folders for more information. Packages built from this branch will be nita-*-22.p-x where x is the packaging release. This branch also contains patches from other branches or minor modifications as required to support the stability and usability of the release.