Create cEdge service interfaces

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: cisco
 name: sdwan_deployment
-version: 0.3.2
+version: 0.3.3
 readme: README.md
 authors:
   - Arkadiusz Cichon <[email protected]>

playbooks/aws_sdwan_config.yml

@@ -33,7 +33,8 @@ aws_vpc_cidr: 10.0.0.0/16  # default ips from official Cisco guides
 aws_igw_name: "{{ aws_resources_prefix }}-igw"
 
 # SUBNETs
-aws_subnets:
+aws_subnets: |
+  {% filter from_yaml %}
   - name: "{{ aws_resources_prefix }}-mgmt-subnet-512"
     subnet_cidr: "10.0.1.0/24"  # default ips from official Cisco guides
     VPN: 512
@@ -42,10 +43,19 @@ aws_subnets:
     subnet_cidr: "10.0.2.0/24"  # default ips from official Cisco guides
     VPN: 0
     type: transport
-  # - name: "{{ aws_resources_prefix }}-cluster-subnet-0"
-  #   subnet_cidr: "10.0.3.0/24"
-  #   VPN: 0
-  #   type: cluster
+  {% if vmanage_instances is defined and vmanage_instances | length > 2 %}
+  - name: "{{ aws_resources_prefix }}-cluster-subnet-0"
+    subnet_cidr: "10.0.3.0/24"
+    VPN: 0
+    type: cluster
+  {% endif %}
+  {% if ux20_deployment is defined and ux20_deployment == true %}
+  - name: "{{ aws_resources_prefix }}-service-subnet-10"
+    subnet_cidr: "10.0.4.0/24"  # default ips from official Cisco guides
+    VPN: 10
+    type: service
+  {% endif %}
+  {% endfilter %}
 
 # ROUTE TABLEs
 aws_route_table_name: "{{ aws_resources_prefix }}-rtab"

roles/aws_edges/tasks/aws_cedge_ec2_instance.yml

@@ -14,8 +14,8 @@
 # NICs
 - name: Filter required subnets for instance creation. Set aws_mgmt_subnet and aws_transport_subnet facts
   ansible.builtin.set_fact:
-    aws_mgmt_subnet: "{{ aws_subnets_config | selectattr('tags.VPN', 'equalto', '512') | list | first }}"
-    aws_transport_subnet: "{{ aws_subnets_config | selectattr('tags.VPN', 'equalto', '0') | list | first }}"
+    aws_mgmt_subnet: "{{ aws_subnets_config | selectattr('tags.type', 'equalto', 'mgmt') | list | first }}"
+    aws_transport_subnet: "{{ aws_subnets_config | selectattr('tags.type', 'equalto', 'transport') | list | first }}"
 
 - name: Create network interfaces for cedge
   amazon.aws.ec2_eni:
@@ -28,21 +28,23 @@
       Creator: "{{ aws_tag_creator }}"
       Machine: "{{ hostname }}"
       VPN: "{{ subnet_item.tags.VPN }}"
+      type: "{{ subnet_item.tags.type }}"
   register: network_interfaces_cedge
-  loop: "{{ [aws_mgmt_subnet, aws_transport_subnet] }}"
+  loop: "{{ aws_subnets_config }}"
   loop_control:
     loop_var: subnet_item
     label: "nic-{{ subnet_item.tags.Name }}"
+  when: subnet_item.tags.type != "cluster"
 
 - name: Set aws_network_interfaces fact with a list of interfaces for cEdge device
   ansible.builtin.set_fact:
     aws_network_interfaces: "{{ network_interfaces_cedge.results | map(attribute='interface') | list }}"
 
 - name: Filter aws_network_interfaces for instance creation. Set aws_mgmt_nic and aws_transport_nic facts
   ansible.builtin.set_fact:
-    aws_mgmt_nic: "{{ aws_network_interfaces | selectattr('tags.VPN', 'equalto', '512') | list | first }}"
-    aws_transport_nic: "{{ aws_network_interfaces | selectattr('tags.VPN', 'equalto', '0') | list | first }}"
-
+    aws_mgmt_nic: "{{ aws_network_interfaces | selectattr('tags.type', 'equalto', 'mgmt') | list | first }}"
+    aws_transport_nic: "{{ aws_network_interfaces | selectattr('tags.type', 'equalto', 'transport') | list | first }}"
+    aws_service_nics: "{{ aws_network_interfaces | selectattr('tags.type', 'equalto', 'service') | list | default(omit) }}"
 
 # EIPs
 - name: Associate EIP with mgmt network interface
@@ -57,7 +59,7 @@
       Machine: "{{ hostname }}"
       VPN: "{{ interface_item.tags.VPN }}"
   register: eip_edge
-  loop: "{{ [aws_mgmt_nic, aws_transport_nic] }}"  # We do loop starting with mgmt nic, so we know results[0] is mgmt ip
+  loop: "{{ [aws_mgmt_nic, aws_transport_nic] + (aws_service_nics | default([])) }}"  # We do loop starting with mgmt nic, so we know results[0] is mgmt ip
   loop_control:
     loop_var: interface_item
     label: "eip-for-{{ interface_item.tags.Name }}"
@@ -79,7 +81,25 @@
     mode: "0644"
 
 
-# vManage
+- name: Set interfaces fact
+  ansible.builtin.set_fact:
+    interfaces:
+      - id: "{{ aws_mgmt_nic.id }}"
+        device_index: 0
+        description: "{{ aws_mgmt_nic.tags.Name }}"
+      - id: "{{ aws_transport_nic.id }}"
+        device_index: 1
+        description: "{{ aws_transport_nic.tags.Name }}"
+
+- name: Append service interfaces
+  ansible.builtin.set_fact:
+    interfaces: "{{ interfaces + [{'id': nic.id, 'device_index': index + 2, 'description': nic.tags.Name}] }}"
+  loop: "{{ (aws_service_nics | default([])) }}"
+  loop_control:
+    index_var: index
+    loop_var: nic
+  when: aws_service_nics is defined
+
 - name: Launch cedge
   amazon.aws.ec2_instance:
     count: 1
@@ -92,13 +112,7 @@
     key_name: "{{ aws_key_name | default('') | bool | ternary(aws_key_name, omit) }}"
     network:
       assign_public_ip: false
-      interfaces:
-        - id: "{{ aws_mgmt_nic.id }}"
-          device_index: 0
-          description: "{{ aws_mgmt_nic.tags.Name }}"
-        - id: "{{ aws_transport_nic.id }}"
-          device_index: 1
-          description: "{{ aws_transport_nic.tags.Name }}"
+      interfaces: "{{ interfaces }}"
     name: "{{ hostname }}"
     tags:
       Name: "{{ hostname }}"
@@ -111,6 +125,19 @@
           delete_on_termination: true
   register: ec2_cedge
 
+- name: Set service_interfaces fact
+  ansible.builtin.set_fact:
+    service_interfaces: []
+
+- name: Append to service_interfaces
+  ansible.builtin.set_fact:
+    service_interfaces: "{{ service_interfaces + [{'addr': nic.private_ip_address, 'index': index + 2}] }}"
+  loop: "{{ aws_service_nics }}"
+  loop_control:
+    loop_var: nic
+    index_var: index
+  when: aws_service_nics is defined
+
 - name: Store cEdge instance details for deployment_results
   ansible.builtin.set_fact:
     instance:
@@ -120,7 +147,9 @@
       admin_password: "{{ admin_password }}"
       mgmt_public_ip: "{{ eip_edge.results[0].public_ip }}"
       transport_public_ip: "{{ eip_edge.results[1].public_ip }}"
+      service_interfaces: "{{ service_interfaces | default(omit) }}"
       uuid: "{{ uuid }}"
+      site_id: "{{ site_id }}"
   changed_when: true
   register: _edge_facts
   retries: 3

roles/aws_network_infrastructure/defaults/main.yml

@@ -43,6 +43,12 @@ aws_subnets: |
     VPN: 0
     type: cluster
   {% endif %}
+  {% if ux20_deployment is defined and ux20_deployment == true %}
+  - name: "{{ aws_resources_prefix }}-service-subnet-10"
+    subnet_cidr: "10.0.4.0/24"  # default ips from official Cisco guides
+    VPN: 10
+    type: service
+  {% endif %}
   {% endfilter %}
 
 # ROUTE TABLEs

roles/aws_network_infrastructure/tasks/aws_create_network_infrastructure.yml

@@ -63,13 +63,14 @@
     state: present
     vpc_id: "{{ _created_vpc.vpc.id }}"
     cidr: "{{ subnet_config.subnet_cidr }}"
-    map_public: "{{ subnet_config.type != 'cluster' }}"
+    map_public: "{{ subnet_config.type in ['mgmt', 'transport'] }}"
     region: "{{ aws_region }}"
     az: "{{ aws_availibility_zone }}"
     tags:
       Name: "{{ subnet_config.name }}"
       Creator: "{{ aws_tag_creator }}"
       VPN: "{{ subnet_config.VPN }}"
+      type: "{{ subnet_config.type }}"
   register: _created_subnets
   loop: "{{ aws_subnets }}"
   loop_control:

roles/azure_controllers/defaults/main.yml

@@ -37,6 +37,12 @@ az_subnets: |
     VPN: 0
     type: cluster
   {% endif %}
+  {% if ux20_deployment is defined and ux20_deployment == true %}
+  - name: "{{ az_resources_prefix }}-service-subnet-10"
+    cidr: "10.0.4.0/24"  # default ips from official Cisco guides
+    VPN: 10
+    type: service
+  {% endif %}
   {% endfilter %}
 
 # Security group

roles/azure_edges/defaults/main.yml

@@ -21,7 +21,8 @@ az_virtual_network: "{{ az_resources_prefix }}-vn"
 az_vn_address_prefixes_cidr: 10.0.0.0/16
 
 # Subnets
-az_subnets:
+az_subnets: |
+  {% filter from_yaml %}
   - name: "{{ az_resources_prefix }}-mgmt-subnet-512"
     cidr: "10.0.1.0/24"
     VPN: 512
@@ -30,10 +31,19 @@ az_subnets:
     cidr: "10.0.2.0/24"
     VPN: 0
     type: transport
-  # - name: "{{ az_resources_prefix }}-cluster-subnet-0"
-  #   cidr: "10.0.3.0/24"
-  #   VPN: 0
-  #   type: cluster
+  {% if vmanage_instances is defined and vmanage_instances | length > 2 %}
+  - name: "{{ az_resources_prefix }}-cluster-subnet-0"
+    cidr: "10.0.3.0/24"
+    VPN: 0
+    type: cluster
+  {% endif %}
+  {% if ux20_deployment is defined and ux20_deployment == true %}
+  - name: "{{ az_resources_prefix }}-service-subnet-10"
+    cidr: "10.0.4.0/24"  # default ips from official Cisco guides
+    VPN: 10
+    type: service
+  {% endif %}
+  {% endfilter %}
 
 # Security group
 az_network_security_group: "{{ az_resources_prefix }}-nsg"

roles/azure_edges/tasks/azure_cedge_vm.yml

@@ -19,6 +19,7 @@
       Machine: "{{ hostname }}"
       VPN: "{{ subnet_item.VPN }}"
       Subnet: "{{ subnet_item.name }}"
+      type: "{{ subnet_item.type }}"
   loop:
     - "{{ mgmt_subnet }}"
     - "{{ transport_subnet }}"
@@ -72,24 +73,55 @@
       Creator: "{{ az_tag_creator }}"
       Organization: "{{ organization_name }}"
       VPN: "{{ public_ip_state.state.tags.VPN }}"
+      type: "{{ public_ip_state.state.tags.type }}"
   loop: "{{ public_ip_addresses.results }}"
   loop_control:
     loop_var: public_ip_state
     index_var: my_idx
     label: public_ip_state.state.name
   register: cedge_nics
 
+- name: "Create private virtual network interface cards"
+  azure.azcollection.azure_rm_networkinterface:
+    resource_group: "{{ az_resource_group }}"
+    name: "nic-{{ hostname }}-vpn-{{ subnet.VPN }}"
+    virtual_network: "{{ az_virtual_network }}"
+    subnet_name: "{{ subnet.name }}"
+    security_group: "{{ az_network_security_group }}"
+    ip_configurations:
+      - name: "ipconfig-vpn-{{ subnet.VPN }}"
+        private_ip_allocation_method: "Dynamic"
+    tags:
+      Name: "nic-{{ hostname }}-vpn-{{ subnet.VPN }}"
+      Creator: "{{ az_tag_creator }}"
+      Organization: "{{ organization_name }}"
+      VPN: "{{ subnet.VPN }}"
+      type: "{{ subnet.type }}"
+  loop: "{{ az_subnets }}"
+  loop_control:
+    loop_var: subnet
+    index_var: my_idx
+    label: subnet.name
+  register: cedge_private_nics
+  when: subnet.type == "service"
+
 - name: Set az_network_interfaces_cedge fact with a list of interfaces for cedge
   ansible.builtin.set_fact:
     az_network_interfaces_cedge: "{{ cedge_nics.results | map(attribute='state') | list }}"
+    az_private_network_interfaces_cedge: "{{ cedge_private_nics.results | selectattr('state', 'defined') | map(attribute='state') | list | default([]) }}"
     az_public_ip_addresses_cedge: "{{ public_ip_addresses.results | map(attribute='state') | list }}"
 
+- name: Append to az_network_interfaces_cedge
+  ansible.builtin.set_fact:
+    az_network_interfaces_cedge: "{{ az_network_interfaces_cedge + az_private_network_interfaces_cedge }}"
+
 - name: Filter az_network_interfaces_cedge for instance creation. Set az_mgmt_nic and az_transport_nic facts
   ansible.builtin.set_fact:
-    az_mgmt_nic: "{{ az_network_interfaces_cedge | selectattr('tags.VPN', 'equalto', '512') | list | first }}"
-    az_transport_nic: "{{ az_network_interfaces_cedge | selectattr('tags.VPN', 'equalto', '0') | list | first }}"
-    az_mgmt_public_ip: "{{ az_public_ip_addresses_cedge | selectattr('tags.VPN', 'equalto', '512') | list | first }}"
-    az_transport_public_ip: "{{ az_public_ip_addresses_cedge | selectattr('tags.VPN', 'equalto', '0') | list | first }}"
+    az_mgmt_nic: "{{ az_network_interfaces_cedge | selectattr('tags.type', 'equalto', 'mgmt') | list | first }}"
+    az_transport_nic: "{{ az_network_interfaces_cedge | selectattr('tags.type', 'equalto', 'transport') | list | first }}"
+    az_service_nics: "{{ az_network_interfaces_cedge | selectattr('tags.type', 'equalto', 'service') | list | default(omit) }}"
+    az_mgmt_public_ip: "{{ az_public_ip_addresses_cedge | selectattr('tags.type', 'equalto', 'mgmt') | list | first }}"
+    az_transport_public_ip: "{{ az_public_ip_addresses_cedge | selectattr('tags.type', 'equalto', 'transport') | list | first }}"
 
 # cedge_mgmt_private_ip
 - name: "Set ip addresses cedge facts"
@@ -120,6 +152,18 @@
     dest: "{{ generated_userdata_cedge }}"
     mode: "0644"
 
+- name: "Set network_interfaces fact"
+  ansible.builtin.set_fact:
+    network_interfaces: "{{ [az_mgmt_nic.id, az_transport_nic.id] }}"
+
+- name: "Append service NICs to network_interfaces fact"
+  ansible.builtin.set_fact:
+    network_interfaces: "{{ network_interfaces + [service_nic.id] }}"
+  loop: "{{ az_service_nics }}"
+  loop_control:
+    loop_var: service_nic
+  when: az_service_nics is defined
+
 - name: "Create cedge VM: {{ hostname }}"
   azure.azcollection.azure_rm_virtualmachine:
     resource_group: "{{ az_resource_group }}"
@@ -136,9 +180,7 @@
     ephemeral_os_disk: false
     linux_config:
       disable_password_authentication: false
-    network_interfaces:
-      - "{{ az_mgmt_nic.id }}"
-      - "{{ az_transport_nic.id }}"
+    network_interfaces: "{{ network_interfaces }}"
     image:
       offer: "{{ az_cedge_image_offer }}"
       publisher: "{{ az_cedge_image_publisher }}"
@@ -157,6 +199,19 @@
       Organization: "{{ organization_name }}"
     custom_data: "{{ lookup('file', generated_userdata_cedge) }}"
 
+- name: Set service_interfaces fact
+  ansible.builtin.set_fact:
+    service_interfaces: []
+
+- name: Append to service_interfaces
+  ansible.builtin.set_fact:
+    service_interfaces: "{{ service_interfaces + [{'addr': nic.ip_configuration.private_ip_address, 'index': index + 2}] }}"
+  loop: "{{ az_service_nics }}"
+  loop_control:
+    loop_var: nic
+    index_var: index
+  when: az_service_nics is defined
+
 - name: Store cEdge instance details for deployment_results
   ansible.builtin.set_fact:
     instance:
@@ -166,6 +221,9 @@
       admin_password: "{{ admin_password }}"
       mgmt_public_ip: "{{ cedge_mgmt_public_ip }}"
       transport_public_ip: "{{ cedge_transport_public_ip }}"
+      service_interfaces: "{{ service_interfaces | default(omit) }}"
+      uuid: "{{ uuid }}"
+      site_id: "{{ site_id }}"
   changed_when: true
   notify: Show deployment_facts
 

roles/azure_network_infrastructure/defaults/main.yml

@@ -37,6 +37,12 @@ az_subnets: |
     VPN: 0
     type: cluster
   {% endif %}
+  {% if ux20_deployment is defined and ux20_deployment == true %}
+  - name: "{{ az_resources_prefix }}-service-subnet-10"
+    cidr: "10.0.4.0/24"  # default ips from official Cisco guides
+    VPN: 10
+    type: service
+  {% endif %}
   {% endfilter %}
 
 # Security group