Ansible Roles
Validate Role
Role: cisco.nac_dc_vxlan.validate
The validate role ensures that the data model is correct and that the data model can be processed by the subsequent roles. The validate role reads all the files in the host_vars directory and create a single data model in memory for execution.
As part of the VXLAN as Code service from Cisco, you will also be able to utilize the semantic validation feature to make sure that the data model matches the intended expected values. This is a powerful feature that allows you to ensure that the data model is correct before it is deployed to the network. Additonally the validate role allows creation of rules that can be used to prevent operators from making specific configurations that are not allowed in the network. These can be as simple as enforcing proper naming conventions to more complex rules for interconnectivity issues that should be avoided. These rules are coded in Python and can be constructed as part of the Services as Code offer.
Create Role
Role: cisco.nac_dc_vxlan.dtc.create
The create role builds all of the templates and variable parameters required to deploy the VXLAN fabric and creates fabric state in NDFC. The data model is converted into the proper templates required by the Ansible modules used to communicate with the NDFC controller and manage the fabric state. The create role has a dependency on the validate role.
Deploy Role
Role: cisco.nac_dc_vxlan.dtc.deploy
The deploy role deploys the fabric state created using the Create role to the NDFC managed devices. The deploy role has a dependency on the validate role.
Remove Role
Role: cisco.nac_dc_vxlan.dtc.remove
The remove role removes state from the NDFC controller and the devices managed by the NDFC controller. When the collection discoveres managed state in NDFC that is not defined the the data model it gets removed by this role. For this reason this role requires the following variables to be set to true under the group_vars directory. This avoids accidental removal of configuration from NDFC that might impact the network. The remove role has a dependency on the validate role.
Inside the example repository under group_vars/ndfc is a file called ndfc.yaml that contains the variables:
# Control Parameters for 'Remove' role tasks
interface_delete_mode: false
network_delete_mode: false
vrf_delete_mode: false
inventory_delete_mode: false
vpc_delete_mode: false
link_vpc_delete_mode: false
Note: These variables are set to false by default to avoid accidental removal of configuration from NDFC that might impact the network.
Advantages of the Roles in the Workflow
These roles when run in sequence (validate, create, deploy, remove) are designed to build out the entire fabric and can be executed by a pipeline. The roles can also be run in isolation by simply commenting out the roles that are not required during testing and fabric buildout to validate incremental changes.
Control Variables
The following control variables are available in this collection.
| Variable | Description | Default Value |
|---|---|---|
force_run_all | Force all roles in the collection to run | false |
interface_delete_mode | Remove interface state as part of the remove role | false |
network_delete_mode | Remove network state as part of the remove role | false |
vrf_delete_mode | Remove vrf state as part of the remove role | false |
inventory_delete_mode | Remove inventory state as part of the remove role | false |
link_vpc_delete_mode | Remove vpc link state as part of the remove role | false |
vpc_delete_mode | Remove vpc pair state as part of the remove role | false |
These variables are described in more detail in different sections of this document.
The default settings can be overridden in group_vars.