Improvements and bug fixes (#126)

Author: jasonking3

.ansible-lint

@@ -0,0 +1,9 @@
+exclude_paths:
+  - terraform-sdwan/
+  - .github/
+  - files/
+  - extras/
+  - docs/
+  - licenses/
+  - myCA/
+  

.github/workflows/ci.yml

@@ -21,23 +21,30 @@ env:
   ANSIBLE_VAULT_PASSWORD: '${{ secrets.ANSIBLE_VAULT_PASSWORD }}'
 
 jobs:
+  lint:
+    runs-on: self-hosted
+    steps:
+      - name: Checkout Inventory
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      - name: Run ansible-lint
+        run: ansible-lint
   test_19_2_1:
     runs-on: self-hosted
     concurrency: hq2
+    needs: lint
     env:
       VIRL_LAB: 'sdwan-devops-hq2'
       VIPTELA_VERSION: '19.2.1'
       CLOUDINIT_TYPE: 'v1'
       IOSXE_SDWAN_IMAGE: 'iosxe-sdwan-16.12.2r'
-      CSR1000V_IMAGE: 'csr1000v-170101'
-    
+      CSR1000V_IMAGE: 'csr1000v-170101'    
     steps:
       - name: Checkout Inventory
         uses: actions/checkout@v2
         with:
           submodules: recursive
-      - name: Install PIP requirements
-        run: pip install -r requirements.txt
       - name: Clean Existing Deployment
         run: ansible-playbook -i inventory/hq2 clean-virl.yml --tags delete
       - name: Install Licenses
@@ -50,18 +57,19 @@ jobs:
       - name: Build VMware
         run: ansible-playbook -i inventory/hq2 build-virl.yml
       - name: Configure Control Plane
-        run: ansible-playbook -i inventory/hq2 config-virl.yml
+        run: ansible-playbook -i inventory/hq2 config-sdwan.yml
       - name: Deploy Edges
         run: ansible-playbook -i inventory/hq2 deploy-virl.yml
       - name: Wait for Edges to Sync
         run: ansible-playbook -i inventory/hq2 waitfor-sync.yml
       - name: Check SD-WAN
         run: ansible-playbook -i inventory/hq2 check-sdwan.yml
       - name: Cleanup
-        run: ansible-playbook -i inventory/hq2 clean-virl.yml --tags delete
+        run: ansible-playbook -i inventory/hq2 clean-virl.yml
   test_20_3_2:
     runs-on: self-hosted
     concurrency: hq2
+    needs: lint
     env:
       VIRL_LAB: 'sdwan-devops-hq2'
       VIPTELA_VERSION: '20.3.2'
@@ -73,8 +81,6 @@ jobs:
         uses: actions/checkout@v2
         with:
           submodules: recursive
-      - name: Install PIP requirements
-        run: pip install -r requirements.txt
       - name: Clean Existing Deployment
         run: ansible-playbook -i inventory/hq2 clean-virl.yml --tags delete
       - name: Install Licenses
@@ -87,12 +93,48 @@ jobs:
       - name: Build VMware
         run: ansible-playbook -i inventory/hq2 build-virl.yml
       - name: Configure Control Plane
-        run: ansible-playbook -i inventory/hq2 config-virl.yml
+        run: ansible-playbook -i inventory/hq2 config-sdwan.yml
       - name: Deploy Edges
         run: ansible-playbook -i inventory/hq2 deploy-virl.yml
       - name: Wait for Edges to Sync
         run: ansible-playbook -i inventory/hq2 waitfor-sync.yml
       - name: Check SD-WAN
         run: ansible-playbook -i inventory/hq2 check-sdwan.yml
       - name: Cleanup
-        run: ansible-playbook -i inventory/hq2 clean-virl.yml --tags delete
+        run: ansible-playbook -i inventory/hq2 clean-virl.yml
+  test_20_7_1:
+    runs-on: self-hosted
+    concurrency: hq2
+    needs: lint
+    env:
+      VIRL_LAB: 'sdwan-devops-hq2'
+      VIPTELA_VERSION: '20.7.1'
+      CLOUDINIT_TYPE: 'v2'
+      IOSXE_SDWAN_IMAGE: 'iosxe-sdwan-16.12.2r'
+      CSR1000V_IMAGE: 'csr1000v-170101'
+    steps:
+      - name: Checkout Inventory
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      - name: Clean Existing Deployment
+        run: ansible-playbook -i inventory/hq2 clean-virl.yml
+      - name: Install Licenses
+        run: |
+          mkdir licenses
+          echo $ANSIBLE_VAULT_PASSWORD > vault-password-file
+          ansible-vault decrypt --vault-password-file vault-password-file files/serialFile.viptela --output licenses/serialFile.viptela
+      - name: Build CA
+        run: ansible-playbook -i inventory/hq2 build-ca.yml
+      - name: Build VMware
+        run: ansible-playbook -i inventory/hq2 build-virl.yml
+      - name: Configure Control Plane
+        run: ansible-playbook -i inventory/hq2 config-sdwan.yml
+      - name: Deploy Edges
+        run: ansible-playbook -i inventory/hq2 deploy-virl.yml
+      - name: Wait for Edges to Sync
+        run: ansible-playbook -i inventory/hq2 waitfor-sync.yml
+      - name: Check SD-WAN
+        run: ansible-playbook -i inventory/hq2 check-sdwan.yml
+      - name: Cleanup
+        run: ansible-playbook -i inventory/hq2 clean-virl.yml

.gitlab-ci.yml

@@ -47,7 +47,7 @@ build-control:
 config-control:
   stage: config-control
   script:
-    - ansible-playbook config-virl.yml
+    - ansible-playbook config-sdwan.yml
   only:
     changes:
       - files/hq1.yaml

Dockerfile

@@ -1,57 +1,40 @@
 FROM alpine:3.11
 
 ARG build_date=unspecified
-ARG terraform_version=0.12.24
-# ARG virl2_client_pkg=virl2_client-2.1.0b9-py3-none-any.whl
 
 LABEL org.opencontainers.image.title="Cisco-SDWAN" \
       org.opencontainers.image.description="Cisco SDWAN DevOps" \
       org.opencontainers.image.vendor="Cisco Systems" \
       org.opencontainers.image.created="${build_date}" \
       org.opencontainers.image.url="https://github.com/CiscoDevNet/sdwan-devops"
 
+RUN apk add --no-cache gcc musl-dev make
+
+RUN apk add --no-cache python3
+RUN if [ ! -e /usr/bin/python ]; then ln -sf python3 /usr/bin/python ; fi
+
+RUN python3 -m ensurepip
+# RUN rm -r /usr/lib/python*/ensurepip
+RUN pip3 install --no-cache --upgrade pip setuptools wheel
+# RUN if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi
+
+RUN apk --update add git sshpass libffi-dev libxml2-dev libxslt-dev python3-dev openssl-dev openssh-keygen
+
 COPY requirements.txt /tmp/requirements.txt
-# COPY files/${virl2_client_pkg} /tmp/${virl2_client_pkg}
-
-RUN echo "===> Installing GCC <===" && \
-    apk add --no-cache gcc musl-dev make && \
-    \
-    \
-    echo "===> Installing Python <===" && \
-    apk add --no-cache python3 && \
-    if [ ! -e /usr/bin/python ]; then ln -sf python3 /usr/bin/python ; fi && \
-    \
-    \
-    echo "===> Installing pip <===" && \
-    python3 -m ensurepip && \
-    rm -r /usr/lib/python*/ensurepip && \
-    pip3 install --no-cache --upgrade pip setuptools wheel && \
-    if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && \
-    \
-    \
-    echo "===> Installing dependancies <==="  && \
-    apk --update add sshpass libffi-dev libxml2-dev libxslt-dev python3-dev openssl-dev openssh-keygen && \
-    \
-    \
-    echo "===> Installing PIP Requirements <==="  && \
-    pip install -r /tmp/requirements.txt && \
-    \
-    \
-    # echo "===> Installing local virl2 client <===" && \
-    # pip install /tmp/${virl2_client_pkg} && \
-    # \
-    # \
-    echo "===> Installing Terraform <===" && \
-    apk --update add wget unzip cdrkit curl && \
-    \
-    \
-    wget --quiet https://releases.hashicorp.com/terraform/${terraform_version}/terraform_${terraform_version}_linux_amd64.zip && \
-    unzip terraform_${terraform_version}_linux_amd64.zip && \
-    mv terraform /usr/bin && \
-    rm terraform_${terraform_version}_linux_amd64.zip
-
-ENV ANSIBLE_HOST_KEY_CHECKING=false \
-    ANSIBLE_RETRY_FILES_ENABLED=false \
-    ANSIBLE_SSH_PIPELINING=true
+RUN pip install -r /tmp/requirements.txt
+
+ARG terraform_version=0.13.7
+
+RUN apk --update add wget unzip cdrkit curl
+RUN wget --quiet https://releases.hashicorp.com/terraform/${terraform_version}/terraform_${terraform_version}_linux_amd64.zip
+RUN unzip terraform_${terraform_version}_linux_amd64.zip
+RUN mv terraform /usr/bin
+RUN rm terraform_${terraform_version}_linux_amd64.zip
+
+ENV ANSIBLE_HOST_KEY_CHECKING=false
+ENV ANSIBLE_RETRY_FILES_ENABLED=false
+ENV ANSIBLE_SSH_PIPELINING=true
+ENV ANSIBLE_LOCAL_TMP=/tmp
+ENV ANSIBLE_REMOTE_TMP=/tmp
 
 WORKDIR /ansible

README.md

@@ -26,6 +26,7 @@ If you want to skip all the info and documentation below and just run the automa
 - [Build the hq1 topology in CML](docs/virl-hq1.md)
 - [Build the hq2 topology in CML](docs/virl-hq2.md)
 - [Build the hq2 topology in VMware](docs/vmware-hq2.md)
+- [GitLab CI pipeline](docs/gitlab.md)
 
 ## Software Dependancies
 
@@ -69,9 +70,8 @@ Simulation can be used for developing new deployments as well as testing changes
 * `build-virl.yml` or `build-vmware.yml`
   * Creates Day0 config for VNFs based on the data in the `sdwan.yml` file
   * Provision and start VNFs on virtual infrastructure
-* `config-virl.yml` or `config-vmware.yml`
-  * Configure setting on vmanage
-  * Install Enterprise CA when required
+* `config-sdwan.yml`
+  * Configure settings on vmanage
   * Add vbonds and vsmarts to vmanage
   * Create CSRs for vbonds and vsmarts
   * Install certificates into vmanage

ansible.cfg.docker

@@ -15,21 +15,24 @@
     - name: Generate an OpenSSL private key.
       openssl_privatekey:
         cipher: des3
-        passphrase: "{{ sdwan_CA_passphrase }}"
+        passphrase: "{{ sdwan_ca_passphrase }}"
         path: "{{ sdwan_cert_dir }}/myCA.key"
 
     - name: Generate an OpenSSL CSR.
       openssl_csr:
         path: "{{ sdwan_cert_dir }}/myCA.csr"
         privatekey_path: "{{ sdwan_cert_dir }}/myCA.key"
-        privatekey_passphrase: "{{ sdwan_CA_passphrase }}"
+        privatekey_passphrase: "{{ sdwan_ca_passphrase }}"
+        basic_constraints_critical: true
+        basic_constraints:
+          - CA:TRUE
         common_name: viptelaCA.local
 
     - name: Generate a Self Signed OpenSSL certificate.
       openssl_certificate:
         path: "{{ sdwan_cert_dir }}/myCA.pem"
         privatekey_path: "{{ sdwan_cert_dir }}/myCA.key"
-        privatekey_passphrase: "{{ sdwan_CA_passphrase }}"
+        privatekey_passphrase: "{{ sdwan_ca_passphrase }}"
         csr_path: "{{ sdwan_cert_dir }}/myCA.csr"
         # select_crypto_backend: pyopenssl
         provider: selfsigned

bootstrap-cedge.yml

@@ -1,3 +1,13 @@
+- name: Generate day0 configs for control hosts
+  hosts: sdwan_control
+  connection: local
+  gather_facts: no
+  tasks:
+    - name: Generating day0 config
+      set_fact:
+        day0_config: "{{ lookup('template', virl_config_template) }}"
+      when: virl_config_template is defined
+
 - import_playbook: terraform-apply.yml
   vars:
-    sdwan_type: control
+    sdwan_type: control

build-ca.yml

@@ -3,15 +3,15 @@
   connection: local
   gather_facts: no
   roles:
-    - sdwan-tests
+    - sdwan_tests
   vars:
     vmanage_host: "{{ groups.vmanage_hosts | first }}"
     vmanage_mgmt_interface: "{{ hostvars[vmanage_host].mgmt_interface | default('ansible_host') }}"
     vmanage_ip: "{{ hostvars[vmanage_host][vmanage_mgmt_interface] | ipaddr('address') }}"
     state: present
   tasks:
     - include_role:
-        name: sdwan-tests
+        name: sdwan_tests
         tasks_from: ping-test
       vars:
         ping_dst_ip: "{{ item.dst_ip }}"