add bgp ansible

canu/ansible/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+
+filter_plugins = filter_plugins
+host_key_checking = false

canu/ansible/filter_plugins/nutils.py

@@ -0,0 +1,6 @@
+from netutils.utils import jinja2_convenience_function
+
+
+class FilterModule(object):
+    def filters(self):
+        return jinja2_convenience_function()

canu/ansible/plays/bgp_config.yaml

@@ -0,0 +1,82 @@
+---
+- name: Configure BGP
+  hosts: spine
+  collections:
+    - arubanetworks.aoscx
+  gather_facts: true
+
+  vars:
+    sls_json: "{{ lookup('file', 'sls_input_file.json') | from_json }}"
+    hostname: "{{ inventory_hostname }}"
+    bgp_max_paths: 32
+    bgp_keepalive_timer: 1
+    bgp_hold_timer: 3
+    ebgp_admin_distance: 20
+    ibgp_admin_distance: 70
+    bgp_config_file: "{{ playbook_dir }}/bgp_config_{{ inventory_hostname }}.cfg"
+    bgp_template: "{{ playbook_dir }}/bgp_ansible.j2"
+    backup_path: "{{ playbook_dir }}"
+    ansible_connection: network_cli
+
+  tasks:
+    - name: Set BGP ASNs
+      set_fact:
+        bgp_cmn: "{{ sls_json.Networks.CMN.ExtraProperties.MyASN | default(None) }}"
+        bgp_chn: "{{ sls_json.Networks.CHN.ExtraProperties.MyASN | default(None) }}"
+        bgp_nmn: "{{ sls_json.Networks.NMN.ExtraProperties.MyASN | default(None) }}"
+        bgp_switch: "{{ sls_json.Networks.NMN.ExtraProperties.PeerASN | default(None) }}"
+
+    - name: Set IP addresses
+      set_fact:
+        nmn_ips: "{{ sls_json.Networks.NMN.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+        hmn_ips: "{{ sls_json.Networks.HMN.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+        nmn_lb_ips: "{{ sls_json.Networks.NMN.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+        hmn_lb_ips: "{{ sls_json.Networks.HMN.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+        can_ips: "{{ sls_json.Networks.CAN.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+        cmn_ips: "{{ sls_json.Networks.CMN.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+        chn_ips: "{{ sls_json.Networks.CHN.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+      vars:
+        jmesquery: "[].IPReservations[].{Name: Name, IPAddress: IPAddress}"
+
+    - name: Set Subnets
+      set_fact:
+        can_subnet: "{{ sls_json.Networks.CAN.ExtraProperties.CIDR | default(None) }}"
+        cmn_subnet: "{{ sls_json.Networks.CMN.ExtraProperties.CIDR | default(None) }}"
+        chn_subnet: "{{ sls_json.Networks.CHN.ExtraProperties.CIDR | default(None) }}"
+        hmnlb_subnet: "{{ sls_json.Networks.HMNLB.ExtraProperties.CIDR | default(None) }}"
+        nmnlb_subnet: "{{ sls_json.Networks.NMNLB.ExtraProperties.CIDR | default(None) }}"
+
+    - name: Set TFTP IPs
+      set_fact:
+        hmnlb_tftp_ip: "{{ sls_json.Networks.HMNLB.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+        nmnlb_tftp_ip: "{{ sls_json.Networks.NMNLB.ExtraProperties.Subnets | json_query(jmesquery) | default(None) }}"
+      vars:
+        jmesquery: "[].IPReservations[?Name=='cray-tftp'].IPAddress[] | [0]"
+
+    - name: Generate BGP config
+      ansible.builtin.template:
+        src: "{{ bgp_template }}"
+        dest: "{{ bgp_config_file }}"
+        lstrip_blocks: yes
+
+    - name: Enable auto-confirm
+      aoscx_command:
+        commands:
+          - auto-confirm
+
+    - name: Configure BGP
+      aoscx_config:
+        backup: True
+        src: "{{ bgp_config_file }}"
+        save_when: changed
+        backup_options:
+          filename: "{{hostname}}_backup.cfg"
+          dir_path: "{{ backup_path }}"
+      register: bgp
+
+    - name: Clear BGP Sessions
+      aoscx_command:
+        commands:
+          - clear bgp vrf Customer *
+          - clear bgp *
+      when: bgp.changed

canu/ansible/templates/bgp.j2

@@ -0,0 +1,89 @@
+ip prefix-list pl-cmn seq 10 permit {{ cmn_subnet }} ge {{ cmn_subnet | ipaddress_network("prefixlen") }}
+{% if can_subnet != '' %}
+ip prefix-list pl-can seq 10 permit {{ can_subnet}} ge {{ can_subnet | ipaddress_network("prefixlen") }}
+{% endif %}
+ip prefix-list pl-hmn seq 10 permit {{ hmnlb_subnet }} ge {{ hmnlb_subnet | ipaddress_network("prefixlen") }}
+ip prefix-list pl-nmn seq 10 permit {{ nmnlb_subnet }} ge {{ nmnlb_subnet | ipaddress_network("prefixlen") }}
+{% set seq_num = 10 %}
+ip prefix-list tftp seq {{ seq_num }} permit {{ nmnlb_tftp_ip | ipaddress_address("exploded") }}/32 ge 32 le 32
+{% set seq_num = seq_num + 10 %}
+ip prefix-list tftp seq {{ seq_num }} permit {{  hmnlb_tftp_ip | ipaddress_address("exploded") }}/32 ge 32 le 32
+
+{% for host in nmn_ips if "ncn-w" in host.Name %}
+{% set sequence = namespace(value=10) %}
+{% set localpref = namespace(value=1000) %}
+{% for tftp_host in nmn_ips if tftp_host.Name in ["ncn-w001", "ncn-w002", "ncn-w003"] %}
+route-map {{ host.Name }} permit seq {{ sequence.value }}{% set sequence.value = sequence.value + 10 %}
+
+     match ip address prefix-list tftp
+     match ip next-hop {{ tftp_host.IPAddress | ipaddress_address("exploded") }}
+     set local-preference {{ localpref.value }}{% set localpref.value = localpref.value + 100 %}
+
+{% endfor %}
+
+route-map {{ host.Name }} permit seq {{ sequence.value }}
+     match ip address prefix-list pl-hmn
+     {% for hmn_entry in hmn_ips if host.Name == hmn_entry.Name %}
+     set ip next-hop {{ hmn_entry.IPAddress | ipaddress_address("exploded") }}
+     {% endfor %}
+
+{% set sequence.value = sequence.value + 10 %}route-map {{ host.Name }} permit seq {{ sequence.value }}
+     match ip address prefix-list pl-nmn
+     {% for nmn_entry in nmn_ips if host.Name == nmn_entry.Name %}
+     set ip next-hop {{ nmn_entry.IPAddress | ipaddress_address("exploded") }}
+     {% endfor %}
+{% set sequence = namespace(value=10) %}
+{% if can_subnet != '' %}
+route-map {{ host.Name }}-Customer permit seq {{ sequence.value }}
+     set local-preference 1100
+     {% for can_entry in can_ips if name == can_entry.Name %}
+     set ip next-hop {{ can_entry.IPAddress | ipaddress_address("exploded") }}
+{% endfor %}
+{% endif %}
+{% if can_subnet == '' %}
+    {% set sequence.value = sequence.value + 10 %}
+{% endif %}
+route-map {{ host.Name }}-Customer permit seq {{ sequence.value }}
+     match ip address prefix-list pl-cmn
+
+{% endfor %}
+router bgp {{ bgp_switch }}
+    bgp router-id {{ ansible_host }}
+    maximum-paths {{ bgp_max_paths }}
+    timers bgp {{ bgp_keepalive_timer }} {{ bgp_hold_timer }}
+    distance bgp {{ ebgp_admin_distance }} {{ ibgp_admin_distance }}
+    {% for host in nmn_ips if "spine" in host.Name and host.Name != hostname  %}
+    neighbor {{ host.IPAddress | ipaddress_address("exploded") }} remote-as {{ bgp_switch }}
+    {% endfor %}
+    {% for host in nmn_ips if "ncn-w" in host.Name %}
+    neighbor {{ host.IPAddress | ipaddress_address("exploded") }} remote-as {{ bgp_nmn }}
+    neighbor {{ host.IPAddress | ipaddress_address("exploded") }} passive
+    {% endfor %}
+    address-family ipv4 unicast
+        {% for host in nmn_ips if "spine" in host.Name and host.Name != hostname or "ncn-w" in host.Name  %}
+        neighbor {{ host.IPAddress | ipaddress_address("exploded") }} activate
+        {% if "ncn-w" in host.Name %}
+        neighbor {{ host.IPAddress | ipaddress_address("exploded") }} route-map {{ host.Name }} in
+        {% endif %}
+        {% endfor %}
+    exit-address-family
+    vrf Customer
+        bgp router-id {{ ansible_host }}
+        maximum-paths {{ bgp_max_paths }}
+        timers bgp {{ bgp_keepalive_timer }} {{ bgp_hold_timer }}
+        distance bgp {{ ebgp_admin_distance }} {{ ibgp_admin_distance }}
+        {% for host in cmn_ips if "spine" in host.Name and host.Name != hostname  %}
+        neighbor {{ host.IPAddress | ipaddress_address("exploded") }} remote-as {{ bgp_switch }}
+        {% endfor %}
+        {% for host in cmn_ips if "ncn-w" in host.Name %}
+        neighbor {{ host.IPAddress | ipaddress_address("exploded") }} remote-as {{ bgp_cmn }}
+        neighbor {{ host.IPAddress | ipaddress_address("exploded") }} passive
+        {% endfor %}
+        address-family ipv4 unicast
+            {% for host in cmn_ips if "spine" in host.Name and host.Name != hostname or "ncn-w" in host.Name  %}
+            neighbor {{ host.IPAddress | ipaddress_address("exploded") }} activate
+            {% if "ncn-w" in host.Name %}
+            neighbor {{ host.IPAddress | ipaddress_address("exploded") }} route-map {{ host.Name }}-Customer in
+            {% endif %}
+            {% endfor %}
+        exit-address-family