Updates to playbook and roles for Ansible 2.9

Author: hpreston

netdevops/ansible_part_3/network_deploy.yaml

@@ -10,23 +10,28 @@
 ---
 - name: Enable Model Driven Programmability (NETCONF) on IOS-XE
   hosts: iosxe
-  connection: local
+
+  # Ansible added new connection options for networking devices
+  # to replace connection: local
+  # Now connection: network_cli or httpapi are recommended
+  #   Doc: https://docs.ansible.com/ansible/2.9/network/user_guide/platform_nxos.html 
+  connection: network_cli
   gather_facts: false
 
   roles:
     - iosxe_mdp
 
 - name: Enable NX-API on NX-OS
   hosts: nxos
-  connection: local
+  connection: network_cli
   gather_facts: false
 
   roles:
     - nxos_nxapi
 
 - name: Configure Network Core
   hosts: core
-  connection: local
+  connection: netconf
   gather_facts: false
 
   roles:
@@ -35,7 +40,7 @@
 
 - name: Configure Distribution Switches
   hosts: distribution
-  connection: local
+  connection: network_cli
   gather_facts: false
 
   roles:
@@ -48,7 +53,7 @@
 
 - name: Configure Access Switches
   hosts: access
-  connection: local
+  connection: network_cli
   gather_facts: false
 
   roles:

netdevops/ansible_part_3/roles/iosxe_mdp/tasks/main.yaml

@@ -6,15 +6,23 @@
 #
 # Illustrate the following concepts:
 # -
+# 
+# Note: This file has been updated to leverage the network_cli 
+#  connection method. This is an update from the original 
+#  version which is used in videos.
 ##############################################################
 ---
 - name: Configure NETCONF
   tags: [api, netconf]
   ios_config:
-    provider:
-      host: "{{inventory_hostname}}"
-      timeout: 15      
     lines:
+      # Note: Due to problem with older IOS XE Self Signed certs expiring 
+      #  on Jan 1, 2020, manually changing time on routers to allow certs 
+      #  to remain valid. 
+      # Info: https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html#anc9
+      # This is only needed because Sandbox used has IOS XE 16.8.1a deployed.
+      # newer CSR images would NOT need this fix. 
+      - do clock set 10:00:00 1 Dec 2019
       - netconf-yang
       - netconf-yang cisco-odm polling-enable
       # - restconf

netdevops/ansible_part_3/roles/netconf_l3_interfaces/tasks/main.yaml

@@ -10,17 +10,17 @@
 ---
 - name: "Generate NETCONF Interface config"
   tags: [api, netconf, layer3]
-  with_items: "{{l3_interfaces}}"
+  loop: "{{l3_interfaces}}"
   template:
     src: "files/ietf_interface_template.j2"
     dest: "./configs/{{inventory_hostname}}-{{item.interface_type}}{{item.interface_id}}.xml"
 
 - name: Configure Interfaces with NETCONF
   tags: [api, netconf, layer3]
-  with_items: "{{l3_interfaces}}"
+  loop: "{{l3_interfaces}}"
+  loop_control: 
+    pause: 2
   netconf_config:
     host: "{{inventory_hostname}}"
     hostkey_verify: false
-    username: "{{lookup('env','ANSIBLE_NET_USERNAME')}}"
-    password: "{{lookup('env','ANSIBLE_NET_PASSWORD')}}"
     src: "./configs/{{inventory_hostname}}-{{item.interface_type}}{{item.interface_id}}.xml"

netdevops/ansible_part_3/roles/netconf_ospf/files/ned_ospf.j2

@@ -1,7 +1,7 @@
 <config>
-  <native xmlns="http://cisco.com/ns/yang/ned/ios">
+  <native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
     <router>
-      <ospf>
+      <ospf xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ospf">
         <id>{{ ospf.process_id }}</id>
         <router-id>{{ ospf_router_id }}</router-id>
         {% for network in ospf_networks %}

netdevops/ansible_part_3/roles/netconf_ospf/tasks/main.yaml

@@ -19,6 +19,4 @@
   netconf_config:
     host: "{{inventory_hostname}}"
     hostkey_verify: false
-    username: "{{lookup('env','ANSIBLE_NET_USERNAME')}}"
-    password: "{{lookup('env','ANSIBLE_NET_PASSWORD')}}"
     src: "./configs/{{inventory_hostname}}-ospf.xml"

netdevops/ansible_part_3/roles/nxos_hsrp/tasks/main.yaml

@@ -10,24 +10,16 @@
 ---
 - name: Enable Features
   tags: [api, nxapi, hsrp]
-  with_items:
+  loop:
     - hsrp
   nxos_feature:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
     feature: "{{ item }}"
     state: enabled
 
 - name: Configure HSRP
   tags: [api, nxapi, hsrp]
-  with_items: "{{ hsrp_interfaces }}"
+  loop: "{{ hsrp_interfaces }}"
   nxos_hsrp:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
     group: "{{ item.group }}"
     vip: "{{ item.vip }}"
     interface: "{{ item.interface }}"

netdevops/ansible_part_3/roles/nxos_l3_interfaces/tasks/main.yaml

@@ -10,38 +10,33 @@
 ---
 - name: Enable Features
   tags: [api, nxapi, layer3]
-  with_items:
+  loop:
     - interface-vlan
   nxos_feature:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
     feature: "{{ item }}"
     state: enabled
 
 - name: Configure Layer 3 Interfaces
   tags: [api, nxapi, layer3]
-  with_items: "{{ l3_interfaces }}"
+  loop: "{{ l3_interfaces }}"
+  # Note: the nxos_interface module has been replaced with nxos_interfaces 
+  #  and will be deprecated/removed soon. However the new nxos_interfaces 
+  #  module has a bug in Ansible 2.9 when trying to create loopbacks or SVI. 
+  #  Keeping this example using nxos_interface for now. 
+  # Info: 
+  #  - https://docs.ansible.com/ansible/2.9/modules/nxos_interfaces_module.html
+  #  - https://docs.ansible.com/ansible/2.9/modules/nxos_interface_module.html
   nxos_interface:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
     interface: "{{ item.interface_type }}{{ item.interface_id }}"
     mode: layer3
     description: "{{ item.description }}"
     admin_state: up
 
 - name: Configure IPv4 Address on Interface
   tags: [api, nxapi, layer3]
-  with_items: "{{ l3_interfaces }}"
-  nxos_ip_interface:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
-    interface: "{{ item.interface_type }}{{ item.interface_id }}"
-    version: v4
-    addr: "{{ item.ip_address }}"
-    mask: "{{ item.prefix }}"
+  loop: "{{ l3_interfaces }}"
+  nxos_l3_interfaces:
+    config: 
+      - name: "{{ item.interface_type }}{{ item.interface_id }}"
+        ipv4: 
+          - address: "{{ item.ip_address }}/{{ item.prefix }}"

netdevops/ansible_part_3/roles/nxos_nxapi/tasks/main.yaml

@@ -8,20 +8,8 @@
 # -
 ##############################################################
 ---
-# - name: "Retrieving NX-OS Facts"
-#   nxos_facts:
-#     provider:
-#       host: "{{inventory_hostname}}"
-#   register: facts
-#
-# - name: "Print Facts"
-#   debug: msg="{{facts}}"
-
 - name: Enable NX-API
   tags: [api, nxapi]
   nxos_feature:
-    provider:
-      host: "{{inventory_hostname}}"
-      timeout: 15
     feature: nxapi
     state: enabled

netdevops/ansible_part_3/roles/nxos_ospf/tasks/main.yaml

@@ -10,34 +10,22 @@
 ---
 - name: Enable Features
   tags: [api, nxapi, ospf]
-  with_items:
+  loop:
     - ospf
   nxos_feature:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
     feature: "{{ item }}"
     state: enabled
 
 - name: Configure OSPF
   tags: [api, nxapi, ospf]
   nxos_ospf:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
     ospf: "{{ ospf.process_id }}"
     state: present
 
 - name: Configure OSPF Interfaces
   tags: [api, nxapi, ospf]
-  with_items: "{{ ospf.networks }}"
+  loop: "{{ ospf.networks }}"
   nxos_interface_ospf:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
     interface: "{{ item.interface }}"
     ospf: "{{ ospf.process_id }}"
     area: "{{ item.area }}"

netdevops/ansible_part_3/roles/nxos_po_trunks/tasks/main.yaml

@@ -10,37 +10,42 @@
 ---
 - name: Enable Features
   tags: [api, nxapi, trunk, vlan]
-  with_items:
+  loop:
     - lacp
   nxos_feature:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
     feature: "{{ item }}"
     state: enabled
 
 - name: Create Uplink Port Channel to Distribution
   tags: [api, nxapi, trunk, vlan]
-  with_items: "{{ uplinks }}"
-  nxos_portchannel:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
-    group: "{{ item.port_channel_id }}"
-    members: "{{ item.members }}"
-    force: true
-    mode: on
-    state: present
+  loop: "{{ uplinks }}"
+  nxos_lag_interfaces:
+    config: 
+      - name: "port-channel{{ item.port_channel_id }}"
+        members: 
+          - member: "{{ item.members.0 }}"
+            mode: active
+          - member: "{{ item.members.1 }}"
+            mode: active
+
+- name: Make Port Channel Layer 2
+  tags: [api, nxapi, vpc]
+  loop: "{{ uplinks }}"
+  nxos_interfaces:
+    config: 
+      - name: "port-channel{{ item.port_channel_id }}"
+        enabled: true 
+        mode: layer2 
+
+# BUG: The nxos_l2_interfaces module should be able to configure 
+#  an interface as a trunk. However testing showed it isn't working 
+#  in the current version of Ansible. Therefore the nxos_config module 
+#  is used here to configure correctly.
+- name: Configure Port Channel Trunk
+  tags: [api, nxapi, vpc]
+  loop: "{{ uplinks }}"
+  nxos_config: 
+    lines: 
+      - switchport mode trunk 
+    parents: interface port-channel{{ item.port_channel_id }}
 
-- name: Configure Uplink Port Channels as Trunk
-  tags: [api, nxapi, trunk, vlan]
-  with_items: "{{ uplinks }}"
-  nxos_switchport:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
-    interface: "po{{ item.port_channel_id }}"
-    mode: trunk

netdevops/ansible_part_3/roles/nxos_vlans/tasks/main.yaml

@@ -8,13 +8,24 @@
 # -
 ##############################################################
 ---
+# - name: Configure VLANs
+#   tags: [api, nxapi, vlan]
+#   loop: "{{ vlans }}"
+#   nxos_vlan:
+#     vlan_id: "{{ item.id }}"
+#     name: "{{ item.name }}"
+
 - name: Configure VLANs
   tags: [api, nxapi, vlan]
-  with_items: "{{ vlans }}"
-  nxos_vlan:
-    provider:
-      host: "{{inventory_hostname}}"
-      transport: nxapi
-      timeout: 15
-    vlan_id: "{{ item.id }}"
-    name: "{{ item.name }}"
+  # Note: to stay consistent with the videos for the lesson, this playbook 
+  #  uses the loop construct for configuring interfaces. The current module 
+  #  does support multiple interfaces in one task execution, and that would 
+  #  be a more efficient configuration.
+  loop: "{{ vlans }}"
+  # Note: the module nxos_vlan has been replaced with nxos_vlans in 
+  #  recent versions of Ansible.
+  nxos_vlans:
+    config: 
+      - vlan_id: "{{ item.id }}"
+        name: "{{ item.name }}"
+