-
Notifications
You must be signed in to change notification settings - Fork 19
/
vpnm_playbook.yml
96 lines (83 loc) · 2.83 KB
/
vpnm_playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
---
- name: "Manage MPLS L3VPN route-targets"
hosts: "routers"
tasks:
- name: "IOS >> Get running config"
ios_command:
commands: "show running-config | section ^vrf_definition"
register: "CLI_OUTPUT"
tags: "do_ssh"
- block:
- name: "ASSERT >> Ensure CLI_OUTPUT is defined"
assert:
that:
- "CLI_OUTPUT is defined"
- "CLI_OUTPUT.stdout[0] | length > 0"
msg: "Internal error: CLI_OUTPUT not defined"
- name: "SETFACT >> Get current RT import/export list"
set_fact:
CUR_VRF: "{{ CLI_OUTPUT.stdout[0] | ios_vrf_rt }}"
- name: "SETFACT >> Determine RT import/export differences"
set_fact:
RT_DIFF: "{{ vrfs | rt_diff(CUR_VRF) }}"
delegate_to: "localhost"
- name: "IOS >> Apply VPN config"
ios_config:
src: "vpn.j2"
save_when: "changed"
register: "CONFIG_OUTPUT"
tags: "do_ssh"
notify: "wait"
- block:
- name: "SETFACT >> Initialize empty FIB command list"
set_fact:
FIB_CMD_LIST: []
- name: "SETFACT >> Build FIB command list based on intended VRFs"
set_fact:
FIB_CMD_LIST: "{{ FIB_CMD_LIST }} + ['{{ FIB_CMD }}']"
vars:
FIB_CMD: "show ip cef vrf {{ item.name }} | exclude drop"
with_items: "{{ vrfs }}"
loop_control:
label: "VRF {{ item.name }}"
- name: "ASSERT >> Ensure FIB_CMD_LIST and vrfs are same length"
assert:
that: "FIB == VRF"
msg: "Internal error: mistmatched lengths {{ FIB }}:{{ VRF }}"
vars:
FIB: "{{ FIB_CMD_LIST | length }}"
VRF: "{{ vrfs | length }}"
delegate_to: "localhost"
# If there were changes, print them and wait for VPN convergence
- meta: "flush_handlers"
- name: "IOS >> Capture FIB for all VRFs"
ios_command:
commands: "{{ FIB_CMD_LIST }}"
register: "VRF_FIB"
tags: "do_ssh"
- name: "ASSERT >> Ensure VRF_FIB is defined"
assert:
that:
- "VRF_FIB is defined"
- "VRF_FIB | length > 0"
msg: "Internal error: VRF_FIB not defined"
delegate_to: "localhost"
- name: "INCLUDE >> Perform route and ping checks"
include_tasks: "tasks/route_ping.yml"
with_together:
- "{{ vrfs }}"
- "{{ VRF_FIB.stdout }}"
when: "item.0.check is defined and item.0.check"
loop_control:
label: "VRF {{ item.0.name }}"
handlers:
- name: "DEBUG >> Print changes"
listen: "wait"
debug:
msg: "{{ CONFIG_OUTPUT.commands | to_nice_json }}"
delegate_to: "localhost"
- name: "PAUSE >> Wait for VPN route convergence"
listen: "wait"
pause:
seconds: "{{ conv_time | int }}"
...