Role: cisco.nac_dc_vxlan.dtc.create/deploy - Inventory

[mikewiebe]

Role Entry Point: https://github.com/netascode/ansible-dc-vxlan/blob/main/roles/dtc/create/tasks/ndfc/main.yml#L19

Role should make use of the following NDFC Ansible Collection dcnm_inventory

• Examples: https://github.com/CiscoDevNet/ansible-dcnm/blob/main/docs/cisco.dcnm.dcnm_inventory_module.rst#examples

Note: It would be best if this issue was worked with the complimentary remove issue for inventory

• Role: cisco.nac_dc_vxlan.dtc.bootstrap #17

Role development should include all of the following:

• Complete Jinja2 Template
  • Link to template
  • Support for both ipv4 and ipv6 seed IP (taken from data model) (priority it ipv4)
  • Support for all auth_protocols (taken from data model) (defaults to MD5)
    • enum('MD5', 'SHA', 'MD5_DES', 'MD5_AES', 'SHA_DES', 'SHA_AES', required=False)
  • Support for all roles
    • Note: The data model needs to be expanded to include all roles supported by the module
    • https://wwwin-github.cisco.com/netascode/nac-dc-vxlan/blob/master/schemas/fabric_schema.yaml#L79
  • Add support for deploy parameter and hard code it to false
  • Leave max_hops hard coded to 0
  • Leave preserve_config hard coded to false (Only supporting greenfield for now)
• The cisco.nac_dc_vxlan.dtc.create in reality should only add the devices to the fabric but not deploy the configuration to the device. We added a deploy option to the module so add this to the jinja2 template and default to false and verify that object for the device is added in the fabric but configuration (based on role) is not pushed to the device. Currently we add and deploy the configuration using the create role.
  • Test cisco.nac_dc_vxlan.dtc.deploy role to verify configuration is set to the device based on role type.
• Action Plugins to transform service model data into module payload data where needed
• Create / Update Testing
  • Verify devices can be added using combo of all role types and auth_protos
  • Verify attempts to update auth_proto and role are rejected after the object is created in NDFC
    • If you see different behavior let's discuss
  • Verify no devices are added when commented out in the data model (test by commenting out parent keys also)
• Rule validation
  • Verify rule works properly https://github.com/netascode/ansible-dc-vxlan/blob/main/roles/validate/files/rules/301_topology_switch_management.py when management ip is not provided
  • Verify rule works properly https://github.com/netascode/ansible-dc-vxlan/blob/main/roles/validate/files/rules/302_topology_switch_role.py when role is not defined

[mtarking]

In https://github.com/netascode/ansible-dc-vxlan/blob/main/roles/dtc/common/templates/ndfc_inventory.j2, line 7 for auth_proto was updated to include the value from https://github.com/netascode/ansible-dc-vxlan/blob/main/roles/validate/defaults/main.yml defaults file.

The update looks like this now: auth_proto: {{ MD['fabric']['global']['auth_proto'] | default(defaults.fabric.global.auth_proto) }}

[mikewiebe]

@vjoshevs I have added additional information to this issue. Note that I removed the molecule and documentation step because I am not convinced that we need molecule testing for these roles and we will need to create a separate task to document the various roles and how they function

[mtarking]

@mikewiebe for the deploy param, that isn't in the config element of the module. I had put that param in the task directly. Do you think we move it to the jinja template though and things are kept cleanly separated that way, i.e. only config element vs other params? Fine either way; just wanted to bring up.

[mikewiebe]

@mikewiebe for the deploy param, that isn't in the config element of the module. I had put that param in the task directly. Do you think we move it to the jinja template though and things are kept cleanly separated that way, i.e. only config element vs other params? Fine either way; just wanted to bring up.

That's a good point. Let's leave it out of the jinja2 template for now and just change it in the task to deploy: false

See todo in:

• https://github.com/netascode/ansible-dc-vxlan/blob/main/roles/dtc/create/tasks/ndfc/devices_discovery.yml

@vjoshevs we might also need to default save to false since we are already doing that in the deploy role
]

[vjoshevs]

@mikewiebe do we still have a task on this, as I think this we close it when we close the creation task ?

[vjoshevs]

We can close this issue as it was handled with the create issue