Remove Role NaC for Nexus Dashboard

When you are working in a declarative configuration model, instead of configuring objects of the data model for “deletion” or “removal”, the absence of the object in the data model is what indicates that the object should be removed from the configuration.

If you have worked with Ansible before, you will remember that the state: absent is used to remove an object from the configuration. This method is associated with imperative configuration models, where you explicitly state what you want to do with the object. But this isn’t the optimal state for infrastructure as code. The operator should not have to worry about the state of the object, but rather just define what the desired state is, and automation will then ensure that the current state defined in the source code data model, matches the desired state in the network.

In the case of Network as Code for Nexus Dashboard, when you want to remove an object, you simply remove it from the data model. This means that if you have a network defined in your data model and you want to remove it, you just delete the section of the YAML file that defines that network. In the default configuration state provided in the example repository, this is not the case. To protect the users from accidentally removing objects, the default configuration state does not allow for the removal of objects.

To better understand this, it is best to also understand some changes Ansible has made in it’s modules over the years.

Legacy Modules	Resource Modules
Inconsistent across network devices	Consistent across network devices
Requires task loops for more than one configuration item	Can leverage task loops or Jinja2 templating for configuration blocks
Simple states, `present` and `absent`	Introduces new states that are geared towards declarative configuration

These new states provide granular control over how automation behaves against device states. The new states include:

State	Description
Merged	Ansible merges the on-device configuration with the provided configuration
Replaced	Ansible replaces the on-device configuration subsection with the provided configuration subsection in the task
Overridden	Ansible overrides the on-device configuration for the resource with the provided configuration in the task.
Deleted	Ansible deletes the on-device configuration subsection and restores any default settings

There is a direct relationship between these new states and how an infrastructure as code methodology works. When you compare this to how Terraform works, terraform behaves in an overridden state, where it will override the current state of the object with the desired state defined in the data model.

Relation to Network as Code for Nexus Dashboard

Due to the declarative nature of Network as Code for Nexus Dashboard, the developers have taken some measure to ensure that a first time user does not accidentally remove configuration from an existing deployment. By default a configuration flag is set to false, making Network as Code for Nexus Dashboard behave in a way to protect from potential mistakes.

Inside the create role the automation is heavily reliant on the replaced state of the Ansible modules. Only in the remove role does the automation use the overridden and deleted states are used.

In the group_vars directory, you will find a file called ndfc.yaml.

cd ~/network-as-code/nac-nd
code-server group_vars/ndfc/ndfc.yaml

In this file is a section that contains all the boolean flags that control the delete mode of the various objects in the data model. By default, these flags are set to false, meaning that when you remove an object from the data model, it will not be deleted from the Nexus Dashboard configuration.

interface_delete_mode: false
inventory_delete_mode: false
link_fabric_delete_mode: false
link_vpc_delete_mode: false
network_delete_mode: false
policy_delete_mode: false
vpc_delete_mode: false
vrf_delete_mode: false

If you where to set these flags to true, then the removal of the objects from the data model would result in the deletion of those objects from the Nexus Dashboard configuration. These parameters also are tied with the parameter force_run_all.

Step 1: Enable Delete Mode

For this step, you are going to enable the delete mode for network_delete_mode and vrf_delete_mode.

In the file you opened earlier, change the value of network_delete_mode and vrf_delete_mode to true:

network_delete_mode: true
vrf_delete_mode: true

And save the file.

Step 2: Comment out the definitions.

In the data model, you will now comment out the definitions of the network and vrf that you want to remove.

cd ~/network-as-code/nac-nd
code-server host_vars/nac-fabric1/vrfs.nac.yaml

Then edit the file to comment out the VRF defintion for Net04.

---
vxlan:
  overlay:
    vrfs:
      # - name: NaC-VRF04
      #   vrf_id: 150004
      #   vlan_id: 2004
      #   vrf_attach_group: all

NOTE: An easy way to comment out the lines in the editor is to select the lines and run the command Cmd + / on Mac or Ctrl + / on Windows/Linux. This will comment out the selected lines.

Repeat the same for the Networks file:

---
vxlan:
  overlay:
    networks:
      # - name: NaC-Net04
      #   vrf_name: NaC-VRF04
      #   net_id: 130004
      #   vlan_id: 2304
      #   vlan_name: NaC-Net04_vlan2304
      #   gw_ip_address: "192.168.12.4/24"
      #   network_attach_group: all

Step 3: Run the Playbook

You will now run the playbook, which will remove the objects from the Nexus Dashboard configuration.

cd ~/network-as-code/nac-nd
ansible-playbook -i inventory.yaml vxlan.yaml