❯ Catalyst Center SDA Fabric Bringup with Cisco Validated Ansible Playbooks
- Overview
- Features
- Project Structure
- Getting Started
- Project Roadmap
- Contributing
- License
- Acknowledgments
Cisco SD-Access Automation with Ansible
This GitHub project provides a comprehensive Ansible framework for automating the deployment and management of Cisco SD-Access on a freshly installed Catalyst center. By leveraging Ansible's automation capabilities, this project streamlines the configuration process, reduces manual errors, and ensures consistency across your SD-Access fabric.
This project covers the lifecycle of SD-Access deployment through Ansible Automation, from initial setup to ongoing management.
The Ansible roles are organized in a modular fashion, allowing you to easily adapt and customize the automation to your specific needs.
The playbooks are designed to be idempotent, meaning they can be run multiple times without causing unintended changes to your network.
Clear and concise documentation guides you through the setup and usage of the Ansible playbooks.
- Roles and Users: Creates necessary roles and user accounts on the Catalyst center.
- Catalyst Center and ISE Integration: Integrates the Catalyst center with Cisco ISE for authentication and authorization.
- Global Credentials: Configures global credentials for device management.
- California Site Devices Discovery: Discovers and adds devices at the California site to the Catalyst center.
- Global Network Settings Servers: Configures global network settings, including DNS and NTP servers.
- Global Network Settings Global IP Pools: Defines global IP address pools for various purposes.
- California Site Design: Creates the site hierarchy and defines network settings specific to the California site.
- California Site Device Credentials: Assigns device-specific credentials for secure access.
- California Site Network Settings: Configures network settings for the California site, including VLANs and subnets.
- California Site Network Settings IP Pools: Defines site-specific IP address pools.
- California Site Devices Inventory: Gathers detailed inventory information for all devices at the California site.
- California Site Devices Provision: Provisions the discovered devices with the necessary configurations.
- California Site SWIM Devices Upgrade: Upgrades software images on devices using Cisco Software Image Management (SWIM).
- California Site Fabric: Builds the SD-Access fabric, including control plane and data plane configurations.
- California Site Fabric Transits: Configures fabric transit nodes for inter-site connectivity.
- California Site Virtual Networks: Creates virtual networks (VN) for different user groups and applications.
- California Site Devices to Fabric: Attaches devices to the SD-Access fabric.
- California Site Anchor VNs: Configures anchor VNs for external network connectivity.
- California Site Host Onboarding: Automates the onboarding of hosts onto the SD-Access fabric.
Any changes required to be done in the network can be updated in the configuration files of each related section and rerun the playbook to configurations the Updated configurations into Catalyst Center.
└── Network-as-Code/
├── ansible.cfg
├── ansible_inventory/
│ └── catalystcenter_inventory
├── data/
│ ├── floor_images/
│ │ └── *. (pdf, jpeg, jpg, png) Site Floor image files
│ └── *.yml (YAML Input files for Catalyst Center configurations. These are used to create the corresponding configurations in Catalyst Center.)
├── images/
│ ├── AnchorVN_on_ClientSite.png
│ ├── CCO_swim_image_download.png
│ ├── CatC_Ise_AAA-Intg.png
│ ├── CatC_Ise_AAA-Intg1.png
│ ├── Catalyst_center_SDA_Fabric.png
│ ├── Device_EULA_license_acceptance.png
│ ├── Device_compliance_and_Fixes.png
│ ├── NW_Global_ip_pool.png
│ ├── SDA_Border_ip_sda_transits.png
│ ├── SDA_Fabric_L3Handoff.png
│ ├── SDAccessFabric.png
│ ├── SDAccess_Fabric_bringup.png
│ ├── SWIM_tasks_imported_images.png
│ ├── inventory_image_distribution_activation.png
│ ├── reserve_ip_pools_at_sites.png
│ └── site_nw_ip_pools.png
├── requirements.txt
├── scripts/
│ └── run_playbooks.py
├── setup.sh
└── usecase_maps/
├── delete_confis_sda_fabric.yml
└── sda_site_fabric_bringup_usecase.ymlNetwork-as-Code/
__root__
setup.sh ❯ Setup script to create your python environment and install Catalyst Center Python SDK (dnacentersdk) and Ansible collection (cisco.dnac)requirements.txt ❯ This file contains the required python modules. This file is used by setup.sh script
scripts
run_playbooks.py ❯ This Python tool is to run the Ansible playbooks with Inputs files preprogrammed in the usecase_maps files. The Tools lets you choose option to Validate the inout, Execute the playbook for do both. Further it give option for user to run the Catalyst Center Configuration usecases in a group, indivisual usecase or all the usecase in the order specified in the input file selected from usecase_maps directory.
usecase_maps This Directory contain yaml file where you can organize your configuration bringup, update or deletion sequences and bundle them as usecase which can be run using scripts/run_playbooks.py. The Order during execution is maintained as given in the this yaml file. Defining a new usecase in existing file or new file: 1. Give a name to the usecase 2. Give the playbook Location 3. Give the schema file location 4. Provide the input for this usecase Example: # Execute the Network compliance on Site and fix configuration mismatches. CaliforniaSiteNetworkCompliance: schema_file: "network_compliance/schema/network_compliance_workflow_schema.yml" playbook: "network_compliance/playbook/network_compliance_workflow_playbook.yml" data_file: "data/site_network_compliance.yml"
sda_site_fabric_bringup_usecase.yml ❯ This yaml file contain usecase which are to bringup confguration on the catalyst Center. You are free to add more usecases for your need.delete_confis_sda_fabric.yml ❯ This file contain usecase for removing configurations from catalyst Center for the California site. Delete playbooks are used to remove configurations.
data ❯ Catalyst Center YAML input files & assets. These files are used to create the corresponding configurations in Catalyst Center.
floor_images
floor_images/ ❯ Dir: Site floor images (pdf, jpg, png) to be uploaded to floors.Input Files (*.yml)
assurance_healthscore_settings.yml ❯ Input: Assurance healthscore settings.catalyst_center_and_ise_integration.yml ❯ Input: Catalyst Center and ISE integration settings.day_n_assurance_pathtrace.yml ❯ Input: Day-N assurance path trace configurations.device_credentials.yml ❯ Input: Global device credentials.network_settings_global_ip_pools.yml ❯ Input: Global network IP pools.network_settings_servers.yml ❯ Input: Global network server settings (AAA, NTP, etc.).network_settings_wireless.yml ❯ Input: Global wireless network settings.roles_and_users.yml ❯ Input: Roles and user accounts for Catalyst Center.site_access_point_provision.yml ❯ Input: Site-specific access point provisioning.site_application_policy.yml ❯ Input: Site application policy configurations.site_device_credentials.yml ❯ Input: Site-specific device credentials.site_device_discovery.yml ❯ Input: Site device discovery configurations.site_device_templates.yml ❯ Input: Site device template configurations.site_devices_pnp_onboarding.yml ❯ Input: Site PnP device onboarding.site_devices_provision.yml ❯ Input: Site device provisioning configurations.site_hierarchy_design.yml ❯ Input: Site hierarchy design (areas, buildings, floors).site_inventory.yml ❯ Input: Site inventory configurations.site_network_compliance.yml ❯ Input: Site network compliance configurations.site_network_settings_servers.yml ❯ Input: Site-specific network server settings.site_nw_profile_wireless.yml ❯ Input: Site wireless network profile settings.site_nw_settings_ippools.yml ❯ Input: Site-specific network IP pools.site_sben_onboarding.yml ❯ Input: Site sensor-based endpoint onboarding.site_sda_fabric_anchor_vns.yml ❯ Input: Site SDA fabric anchor VN configurations.site_sda_fabric_devices.yml ❯ Input: Site SDA fabric device configurations.site_sda_fabric_devices_anchor_vn_handoff.yml ❯ Input: Site SDA fabric device anchor VN handoff.site_sda_fabric_extranet_policies.yml ❯ Input: Site SDA fabric extranet policies.site_sda_fabric_hostonboarding.yml ❯ Input: Site SDA fabric host onboarding.site_sda_fabric_multicast.yml ❯ Input: Site SDA fabric multicast configurations.site_sda_fabric_sites_zones.yml ❯ Input: Site SDA fabric sites and zones.site_sda_fabric_vn_l2l3_gateways.yml ❯ Input: Site SDA fabric VN L2/L3 gateway configurations.site_sda_transits.yml ❯ Input: Site SDA transit configurations.site_swim.yml ❯ Input: Site SWIM (Software Image Management) configurations.swim_cco_image_tag.yml ❯ Input: SWIM CCO image tagging.swim_distribution_activate.yml ❯ Input: SWIM image distribution and activation.
ansible_inventory
catalystcenter_inventory
hosts.yml ❯ This is a sample Host file to be created for your Catalyst Center to be able to run the existing playbooks. Sample Inventory file --- catalyst_center_hosts: hosts: give_any_hostname: dnac_password: Catalyst Center Credentials password dnac_host: Catalyst Center Host IP address Reachable fron ansible server. dnac_port: 443 dnac_timeout: 60 dnac_username: Catalyst Center Credentials username dnac_verify: false dnac_version: Catalyst Center Release. (i.e. 2.3.7.6) dnac_debug: true dnac_log_level: DEBUG dnac_log: true dnac_log_append: false dnac_log_file_path: log file location i.e.catc_logsgroup_vars
all.yml ❯ REPLACE-MEhost_vars
dnac1.yml ❯ REPLACE-ME
Before getting started with CatC_SD_Access_campus.git, ensure your runtime environment meets the following requirements:
- Programming Language: Shell
- Package Manager: Pip
Install CatC_SD_Access_campus using one of the following methods:
Build from source:
- Clone the CatC_SD_Access_campus.git repository:
❯ git clone https://github.com/DNACENSolutions/Network-as-Code.git- Navigate to the project directory:
❯ cd Network-as-Code- Install the project dependencies:
Using bash
❯ source setup.sh- Update the ansible_inventory/catalystcenter_inventory/hosts.yml file with your Catalyst Center details.
❯ vi ansible_inventory/catalystcenter_inventory/hosts.ymlRun CatC_SD_Access_campus using the following command:
Using Python3
❯ python3 scripts/run_playbooks.pyPost Running ISE AAA Integration you can validate in the Catalyst Center UI
Post running the SDA usecases, you can validate through UI that the configurations are reflecting in the UI.
- 💬 Join the Discussions: Share your insights, provide feedback, or ask questions.
- 🐛 Report Issues: Submit bugs found or log feature requests for the
Network-as-Codeproject. - 💡 Submit Pull Requests: Review open PRs, and submit your own PRs.
Contributing Guidelines
- Fork the Repository: Start by forking the project repository to your github account.
- Clone Locally: Clone the forked repository to your local machine using a git client.
git clone https://github.com/DNACENSolutions/Network-as-Code.git
- Create a New Branch: Always work on a new branch, giving it a descriptive name.
git checkout -b new-feature-x
- Make Your Changes: Develop and test your changes locally.
- Commit Your Changes: Commit with a clear message describing your updates.
git commit -m 'Implemented new feature x.' - Push to github: Push the changes to your forked repository.
git push origin new-feature-x
- Submit a Pull Request: Create a PR against the original project repository. Clearly describe the changes and their motivations.
- Review: Once your PR is reviewed and approved, it will be merged into the main branch. Congratulations on your contribution!
Contributor Graph
This project is protected under the SELECT-A-LICENSE License. For more details, refer to the LICENSE file.
- List any resources, contributors, inspiration, etc. here.