From afa0edcfdd4de3370a866f1484fbcb166aa25369 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Tue, 3 Sep 2024 17:52:46 +0000 Subject: [PATCH 01/11] Add ANTA lab --- labs/L3LS_ANTA/Makefile | 73 ++++++++++++ labs/L3LS_ANTA/ansible.cfg | 55 +++++++++ labs/L3LS_ANTA/extra_configs/inventory.yml | 11 ++ labs/L3LS_ANTA/extra_configs/s1-core1.cfg | 57 ++++++++++ labs/L3LS_ANTA/extra_configs/s1-core2.cfg | 57 ++++++++++ labs/L3LS_ANTA/extra_configs/s1-host1.cfg | 16 +++ labs/L3LS_ANTA/extra_configs/s1-host2.cfg | 16 +++ labs/L3LS_ANTA/extra_configs/s2-core1.cfg | 57 ++++++++++ labs/L3LS_ANTA/extra_configs/s2-core2.cfg | 57 ++++++++++ labs/L3LS_ANTA/extra_configs/s2-host1.cfg | 16 +++ labs/L3LS_ANTA/extra_configs/s2-host2.cfg | 16 +++ labs/L3LS_ANTA/global_vars/global_dc_vars.yml | 105 ++++++++++++++++++ labs/L3LS_ANTA/playbooks/build.yml | 14 +++ labs/L3LS_ANTA/playbooks/cvp1.yml | 14 +++ labs/L3LS_ANTA/playbooks/cvp2.yml | 14 +++ labs/L3LS_ANTA/playbooks/deploy.yml | 10 ++ labs/L3LS_ANTA/playbooks/ping.yml | 15 +++ labs/L3LS_ANTA/playbooks/preplab.yml | 16 +++ labs/L3LS_ANTA/playbooks/validate.yml | 14 +++ .../custom_anta_catalogs/SITE1_LEAFS.yml | 8 ++ .../sites/site_1/custom_anta_catalogs/all.yml | 11 ++ .../group_vars/SITE1_CONNECTED_ENDPOINTS.yml | 45 ++++++++ .../sites/site_1/group_vars/SITE1_FABRIC.yml | 87 +++++++++++++++ .../sites/site_1/group_vars/SITE1_LEAFS.yml | 2 + .../group_vars/SITE1_NETWORK_SERVICES.yml | 16 +++ .../sites/site_1/group_vars/SITE1_SPINES.yml | 2 + labs/L3LS_ANTA/sites/site_1/inventory.yml | 28 +++++ .../custom_anta_catalogs/SITE2_LEAFS.yml | 8 ++ .../sites/site_2/custom_anta_catalogs/all.yml | 11 ++ .../group_vars/SITE2_CONNECTED_ENDPOINTS.yml | 45 ++++++++ .../sites/site_2/group_vars/SITE2_FABRIC.yml | 87 +++++++++++++++ .../sites/site_2/group_vars/SITE2_LEAFS.yml | 2 + .../group_vars/SITE2_NETWORK_SERVICES.yml | 16 +++ .../sites/site_2/group_vars/SITE2_SPINES.yml | 2 + labs/L3LS_ANTA/sites/site_2/inventory.yml | 28 +++++ 35 files changed, 1031 insertions(+) create mode 100644 labs/L3LS_ANTA/Makefile create mode 100644 labs/L3LS_ANTA/ansible.cfg create mode 100644 labs/L3LS_ANTA/extra_configs/inventory.yml create mode 100644 labs/L3LS_ANTA/extra_configs/s1-core1.cfg create mode 100644 labs/L3LS_ANTA/extra_configs/s1-core2.cfg create mode 100644 labs/L3LS_ANTA/extra_configs/s1-host1.cfg create mode 100644 labs/L3LS_ANTA/extra_configs/s1-host2.cfg create mode 100644 labs/L3LS_ANTA/extra_configs/s2-core1.cfg create mode 100644 labs/L3LS_ANTA/extra_configs/s2-core2.cfg create mode 100644 labs/L3LS_ANTA/extra_configs/s2-host1.cfg create mode 100644 labs/L3LS_ANTA/extra_configs/s2-host2.cfg create mode 100644 labs/L3LS_ANTA/global_vars/global_dc_vars.yml create mode 100644 labs/L3LS_ANTA/playbooks/build.yml create mode 100644 labs/L3LS_ANTA/playbooks/cvp1.yml create mode 100644 labs/L3LS_ANTA/playbooks/cvp2.yml create mode 100644 labs/L3LS_ANTA/playbooks/deploy.yml create mode 100644 labs/L3LS_ANTA/playbooks/ping.yml create mode 100644 labs/L3LS_ANTA/playbooks/preplab.yml create mode 100644 labs/L3LS_ANTA/playbooks/validate.yml create mode 100644 labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml create mode 100644 labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/all.yml create mode 100644 labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml create mode 100644 labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_FABRIC.yml create mode 100644 labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_LEAFS.yml create mode 100644 labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml create mode 100644 labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_SPINES.yml create mode 100644 labs/L3LS_ANTA/sites/site_1/inventory.yml create mode 100644 labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml create mode 100644 labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/all.yml create mode 100644 labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml create mode 100644 labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_FABRIC.yml create mode 100644 labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_LEAFS.yml create mode 100644 labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml create mode 100644 labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_SPINES.yml create mode 100644 labs/L3LS_ANTA/sites/site_2/inventory.yml diff --git a/labs/L3LS_ANTA/Makefile b/labs/L3LS_ANTA/Makefile new file mode 100644 index 000000000..4cc018944 --- /dev/null +++ b/labs/L3LS_ANTA/Makefile @@ -0,0 +1,73 @@ +.PHONY: help +help: ## Display help message + @grep -E '^[0-9a-zA-Z_-]+\.*[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' + +######################################################## +# Site 1 +######################################################## + +.PHONY: ping-site-1 +ping-site-1: ## Ping Nodes + ansible-playbook playbooks/ping.yml -i sites/site_1/inventory.yml -e "target_hosts=SITE1_FABRIC" + +.PHONY: build-site-1 +build-site-1: ## Build Configs + ansible-playbook playbooks/build.yml -i sites/site_1/inventory.yml -e "target_hosts=SITE1_FABRIC" + +.PHONY: deploy-site-1 +deploy-site-1: ## Deploy Configs via eAPI + ansible-playbook playbooks/deploy.yml -i sites/site_1/inventory.yml -e "target_hosts=SITE1_FABRIC" + +.PHONY: validate-site-1 +validate-site-1: ## Validate network state + ansible-playbook playbooks/validate.yml -i sites/site_1/inventory.yml -e "target_hosts=SITE1_FABRIC" + +.PHONY: cvp-site-1 +cvp-site-1: ## Deploy Configs via eAPI + ansible-playbook playbooks/cvp1.yml -i sites/site_1/inventory.yml + +######################################################## +# Site 2 +######################################################## + +.PHONY: ping-site-2 +ping-site-2: ## Ping Nodes + ansible-playbook playbooks/ping.yml -i sites/site_2/inventory.yml -e "target_hosts=SITE2_FABRIC" + +.PHONY: build-site-2 +build-site-2: ## Build Configs + ansible-playbook playbooks/build.yml -i sites/site_2/inventory.yml -e "target_hosts=SITE2_FABRIC" + +.PHONY: deploy-site-2 +deploy-site-2: ## Deploy Configs via eAPI + ansible-playbook playbooks/deploy.yml -i sites/site_2/inventory.yml -e "target_hosts=SITE2_FABRIC" + +.PHONY: validate-site-2 +validate-site-2: ## Validate network state + ansible-playbook playbooks/validate.yml -i sites/site_2/inventory.yml -e "target_hosts=SITE2_FABRIC" + +.PHONY: cvp-site-2 +cvp-site-2: ## Deploy Configs via eAPI + ansible-playbook playbooks/cvp2.yml -i sites/site_2/inventory.yml + +######################################################## +# WAN & Hosts - Lab Prep +######################################################## + +.PHONY: preplab +preplab: ## Deploy Configs via eAPI + ansible-playbook playbooks/preplab.yml -i extra_configs/inventory.yml -e "target_hosts=LAB" + +######################################################## +# ANTA COMMANDS +######################################################## + + +.PHONY: anta-inv-site-1 +anta-inv-site-1: ## Generate ANTA Inventory + anta get from-ansible --ansible-inventory sites/site_1/inventory.yml -g SITE1_FABRIC -o sites/site_1/anta_inventory.yml + +.PHONY: anta-inv-site-2 +anta-inv-site-2: ## Generate ANTA Inventory + anta get from-ansible --ansible-inventory sites/site_2/inventory.yml -g SITE2_FABRIC -o sites/site_2/anta_inventory.yml + diff --git a/labs/L3LS_ANTA/ansible.cfg b/labs/L3LS_ANTA/ansible.cfg new file mode 100644 index 000000000..8ec730b25 --- /dev/null +++ b/labs/L3LS_ANTA/ansible.cfg @@ -0,0 +1,55 @@ +[defaults] + +# Disable host key checking by the underlying tools Ansible uses to connect to target hosts +host_key_checking = False + +# Location of inventory file containing target hosts +# inventory = ./inventory/inventory.yml + +# Only gather Ansible facts if explicity directed to in a given play +gathering = explicit + +# Disable the creation of .retry files if a playbook fails +retry_files_enabled = False + +# Path(s) to search for installed Ansible Galaxy Collections +collections_paths = ~/.ansible/collections + +# Enable additional Jinja2 Extensions (https://jinja.palletsprojects.com/en/3.1.x/extensions/) +jinja2_extensions = jinja2.ext.loopcontrols,jinja2.ext.do,jinja2.ext.i18n + +# Enable the YAML callback plugin, providing much easier to read terminal output. (https://docs.ansible.com/ansible/latest/plugins/callback.html#callback-plugins) +stdout_callback = yaml + +# Permit the use of callback plugins when running ad-hoc commands +bin_ansible_callbacks = True + +# List of enabled callbacks. Many callbacks shipped with Ansible are not enabled by default +callbacks_enabled = profile_roles, profile_tasks, timer + +# Maximum number of forks that Ansible will use to execute tasks on target hosts +forks = 15 + +# Disable cowsay (Why?) +nocows = True + +# Disable deprecation warnings, more readable output +deprecation_warnings = False + +#enable global vars +vars_plugins_enabled = arista.avd.global_vars, host_group_vars + +#define global vars path +[vars_global_vars] +paths = ../../global_vars + +[paramiko_connection] +# Automatically add the keys of target hosts to known hosts +host_key_auto_add = True + +[persistent_connection] +# Set the amount of time, in seconds, to wait for response from remote device before timing out persistent connection. +command_timeout = 60 + +# Set the amount of time, in seconds, that a persistent connection will remain idle before it is destroyed. +connect_timeout = 60 diff --git a/labs/L3LS_ANTA/extra_configs/inventory.yml b/labs/L3LS_ANTA/extra_configs/inventory.yml new file mode 100644 index 000000000..c37e02e56 --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/inventory.yml @@ -0,0 +1,11 @@ +--- +LAB: + hosts: + s1-core1: + s1-core2: + s1-host1: + s1-host2: + s2-core1: + s2-core2: + s2-host1: + s2-host2: diff --git a/labs/L3LS_ANTA/extra_configs/s1-core1.cfg b/labs/L3LS_ANTA/extra_configs/s1-core1.cfg new file mode 100644 index 000000000..b4aab4442 --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/s1-core1.cfg @@ -0,0 +1,57 @@ +! Command: show running-config +! device: s1-core1 (cEOSLab, EOS-4.29.0.2F-29226602.42902F (engineering build)) +! +no aaa root +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname s1-core1 +dns domain atd.lab +! +spanning-tree mode mstp +! +management api http-commands + no shutdown +! +vlan 1000 + name dci +! +radius-server host 192.168.0.1 key 7 0207165218120E +! +aaa group server radius atds + server 192.168.0.1 +! +aaa authentication login default group atds local +aaa authorization exec default group atds local +aaa authorization commands all default local +! +interface Ethernet1 + shutdown +! +interface Ethernet2 + switchport + switchport mode access + switchport access vlan 1000 +! +interface Ethernet3 + shutdown +! +interface Ethernet4 + switchport + switchport mode access + switchport access vlan 1000 +! +interface Ethernet6 + shutdown +! +interface Management0 + ip address 192.168.0.102/24 +! +ip routing +! +ntp server 192.168.0.1 iburst source Management0 +! +ip radius source-interface Management0 +! diff --git a/labs/L3LS_ANTA/extra_configs/s1-core2.cfg b/labs/L3LS_ANTA/extra_configs/s1-core2.cfg new file mode 100644 index 000000000..6f6696062 --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/s1-core2.cfg @@ -0,0 +1,57 @@ +! Command: show running-config +! device: s1-core2 (cEOSLab, EOS-4.29.0.2F-29226602.42902F (engineering build)) +! +no aaa root +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname s1-core2 +dns domain atd.lab +! +spanning-tree mode mstp +! +management api http-commands + no shutdown +! +vlan 1000 + name dci +! +radius-server host 192.168.0.1 key 7 0207165218120E +! +aaa group server radius atds + server 192.168.0.1 +! +aaa authentication login default group atds local +aaa authorization exec default group atds local +aaa authorization commands all default local +! +interface Ethernet1 + shutdown +! +interface Ethernet2 + shutdown +! +interface Ethernet3 + switchport + switchport mode access + switchport access vlan 1000 +! +interface Ethernet4 + switchport + switchport mode access + switchport access vlan 1000 +! +interface Ethernet6 + shutdown +! +interface Management0 + ip address 192.168.0.103/24 +! +ip routing +! +ntp server 192.168.0.1 iburst source Management0 +! +ip radius source-interface Management0 +! diff --git a/labs/L3LS_ANTA/extra_configs/s1-host1.cfg b/labs/L3LS_ANTA/extra_configs/s1-host1.cfg new file mode 100644 index 000000000..6d12478e9 --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/s1-host1.cfg @@ -0,0 +1,16 @@ +!----------------------------------------- +! s1-host1 - Lab config +!----------------------------------------- +! +interface Port-Channel1 + no switchport + ip address 10.10.10.100/24 +! +interface Ethernet1 + channel-group 1 mode active +! +interface Ethernet2 + channel-group 1 mode active +! +ip route 10.0.0.0/8 10.10.10.1 +! diff --git a/labs/L3LS_ANTA/extra_configs/s1-host2.cfg b/labs/L3LS_ANTA/extra_configs/s1-host2.cfg new file mode 100644 index 000000000..ff42c979a --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/s1-host2.cfg @@ -0,0 +1,16 @@ +!----------------------------------------- +! s1-host2 - Lab config +!----------------------------------------- +! +interface Port-Channel1 + no switchport + ip address 10.20.20.100/24 +! +interface Ethernet1 + channel-group 1 mode active +! +interface Ethernet2 + channel-group 1 mode active +! +ip route 10.0.0.0/8 10.20.20.1 +! diff --git a/labs/L3LS_ANTA/extra_configs/s2-core1.cfg b/labs/L3LS_ANTA/extra_configs/s2-core1.cfg new file mode 100644 index 000000000..0c86de045 --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/s2-core1.cfg @@ -0,0 +1,57 @@ +! Command: show running-config +! device: s2-core1 (cEOSLab, EOS-4.29.0.2F-29226602.42902F (engineering build)) +! +no aaa root +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname s2-core1 +dns domain atd.lab +! +spanning-tree mode mstp +! +management api http-commands + no shutdown +! +vlan 1000 + name dci +! +radius-server host 192.168.0.1 key 7 0207165218120E +! +aaa group server radius atds + server 192.168.0.1 +! +aaa authentication login default group atds local +aaa authorization exec default group atds local +aaa authorization commands all default local +! +interface Ethernet1 + shutdown +! +interface Ethernet2 + switchport + switchport mode access + switchport access vlan 1000 +! +interface Ethernet3 + shutdown +! +interface Ethernet4 + switchport + switchport mode access + switchport access vlan 1000 +! +interface Ethernet6 + shutdown +! +interface Management0 + ip address 192.168.0.202/24 +! +ip routing +! +ntp server 192.168.0.1 iburst source Management0 +! +ip radius source-interface Management0 +! diff --git a/labs/L3LS_ANTA/extra_configs/s2-core2.cfg b/labs/L3LS_ANTA/extra_configs/s2-core2.cfg new file mode 100644 index 000000000..ea7c147b6 --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/s2-core2.cfg @@ -0,0 +1,57 @@ +! Command: show running-config +! device: s2-core2 (cEOSLab, EOS-4.29.0.2F-29226602.42902F (engineering build)) +! +no aaa root +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname s2-core2 +dns domain atd.lab +! +spanning-tree mode mstp +! +management api http-commands + no shutdown +! +vlan 1000 + name dci +! +radius-server host 192.168.0.1 key 7 0207165218120E +! +aaa group server radius atds + server 192.168.0.1 +! +aaa authentication login default group atds local +aaa authorization exec default group atds local +aaa authorization commands all default local +! +interface Ethernet1 + shutdown +! +interface Ethernet2 + shutdown +! +interface Ethernet3 + switchport + switchport mode access + switchport access vlan 1000 +! +interface Ethernet4 + switchport + switchport mode access + switchport access vlan 1000 +! +interface Ethernet6 + shutdown +! +interface Management0 + ip address 192.168.0.203/24 +! +ip routing +! +ntp server 192.168.0.1 iburst source Management0 +! +ip radius source-interface Management0 +! diff --git a/labs/L3LS_ANTA/extra_configs/s2-host1.cfg b/labs/L3LS_ANTA/extra_configs/s2-host1.cfg new file mode 100644 index 000000000..bf6bf2678 --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/s2-host1.cfg @@ -0,0 +1,16 @@ +!----------------------------------------- +! s2-host1 - Lab config +!----------------------------------------- +! +interface Port-Channel1 + no switchport + ip address 10.10.10.200/24 +! +interface Ethernet1 + channel-group 1 mode active +! +interface Ethernet2 + channel-group 1 mode active +! +ip route 10.0.0.0/8 10.10.10.1 +! diff --git a/labs/L3LS_ANTA/extra_configs/s2-host2.cfg b/labs/L3LS_ANTA/extra_configs/s2-host2.cfg new file mode 100644 index 000000000..8f602ef13 --- /dev/null +++ b/labs/L3LS_ANTA/extra_configs/s2-host2.cfg @@ -0,0 +1,16 @@ +!----------------------------------------- +! s2-host2 - Lab config +!----------------------------------------- +! +interface Port-Channel1 + no switchport + ip address 10.20.20.200/24 +! +interface Ethernet1 + channel-group 1 mode active +! +interface Ethernet2 + channel-group 1 mode active +! +ip route 10.0.0.0/8 10.20.20.1 +! diff --git a/labs/L3LS_ANTA/global_vars/global_dc_vars.yml b/labs/L3LS_ANTA/global_vars/global_dc_vars.yml new file mode 100644 index 000000000..159d55b8d --- /dev/null +++ b/labs/L3LS_ANTA/global_vars/global_dc_vars.yml @@ -0,0 +1,105 @@ +--- + +# Credentials for CVP and EOS Switches +ansible_user: arista +ansible_password: "{{ lookup('env', 'LABPASSPHRASE') }}" +ansible_network_os: arista.eos.eos +# Configure privilege escalation +ansible_become: true +ansible_become_method: enable +# HTTPAPI configuration +ansible_connection: httpapi +ansible_httpapi_port: 443 +ansible_httpapi_use_ssl: true +ansible_httpapi_validate_certs: false +ansible_python_interpreter: $(which python3) +avd_data_conversion_mode: error +avd_data_validation_mode: error + +# CVP node variables +cv_collection: v3 +execute_tasks: true + +# Local Users +local_users: + - name: arista + privilege: 15 + role: network-admin + sha512_password: "{{ ansible_password | password_hash('sha512', salt='arista') }}" + ssh_key: "{{ lookup('ansible.builtin.file', '~/.ssh/id_rsa.pub') }}" + +# AAA +aaa_authorization: + exec: + default: local + +# OOB Management network default gateway. +mgmt_gateway: 192.168.0.1 +mgmt_interface_vrf: default + +# NTP Servers IP or DNS name, first NTP server will be preferred, and sourced from Management VRF +ntp: + servers: + - name: 192.168.0.1 + iburst: true + local_interface: Management0 + +# Domain/DNS +dns_domain: atd.lab + +# TerminAttr +daemon_terminattr: + # Address of the gRPC server on CloudVision + # TCP 9910 is used on on-prem + # TCP 443 is used on CV as a Service + cvaddrs: # For single cluster + - 192.168.0.5:9910 + # Authentication scheme used to connect to CloudVision + cvauth: + method: token + token_file: "/tmp/token" + # Exclude paths from Sysdb on the ingest side + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + # Exclude paths from the shared memory table + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata + +# Point to Point Links MTU Override for Lab +p2p_uplinks_mtu: 1500 + +# Set IPv4 Underlay Routing and EVPN Overlay Routing to use eBGP +underlay_routing_protocol: ebgp +overlay_routing_protocol: ebgp + +# Configure password authentication for BGP peerings +bgp_peer_groups: + evpn_overlay_peers: + password: Q4fqtbqcZ7oQuKfuWtNGRQ== + ipv4_underlay_peers: + password: 7x4B4rnJhZB438m9+BrBfQ== + mlag_ipv4_underlay_peer: + password: 4b21pAdCvWeAqpcKDFMdWw== + +# # L3 Edge port definitions. This can be any port in the entire Fabric, where IP interfaces are defined. +# l3_edge: +# # Define a new IP pool that will be used to assign IP addresses to L3 Edge interfaces. +# p2p_links_ip_pools: +# - name: S1_to_S2_IP_pool +# ipv4_pool: 172.16.255.0/24 +# # Define a new link profile which will match the IP pool, the used ASNs and include the defined interface into underlay routing +# p2p_links_profiles: +# - name: S1_to_S2_profile +# ip_pool: S1_to_S2_IP_pool +# as: [ 65103, 65203 ] +# include_in_underlay_protocol: true +# # Define each P2P L3 link and link the nodes, the interfaces and the profile used. +# p2p_links: +# - id: 1 +# nodes: [ s1-brdr1, s2-brdr1 ] +# interfaces: [ Ethernet4, Ethernet4 ] +# profile: S1_to_S2_profile +# - id: 2 +# nodes: [ s1-brdr2, s2-brdr2 ] +# interfaces: [ Ethernet5, Ethernet5 ] +# profile: S1_to_S2_profile + + diff --git a/labs/L3LS_ANTA/playbooks/build.yml b/labs/L3LS_ANTA/playbooks/build.yml new file mode 100644 index 000000000..958d097b7 --- /dev/null +++ b/labs/L3LS_ANTA/playbooks/build.yml @@ -0,0 +1,14 @@ +--- +- name: Build Switch configuration + hosts: "{{ target_hosts }}" + gather_facts: false + + tasks: + + - name: Generate Structured Variables per Device + ansible.builtin.import_role: + name: arista.avd.eos_designs + + - name: Generate Intended Config and Documentation + ansible.builtin.import_role: + name: arista.avd.eos_cli_config_gen diff --git a/labs/L3LS_ANTA/playbooks/cvp1.yml b/labs/L3LS_ANTA/playbooks/cvp1.yml new file mode 100644 index 000000000..27ef13ff8 --- /dev/null +++ b/labs/L3LS_ANTA/playbooks/cvp1.yml @@ -0,0 +1,14 @@ +--- +- name: Build Switch configuration + hosts: cvp + gather_facts: false + + tasks: + + - name: Generate Intended Config and Documentation + ansible.builtin.import_role: + name: arista.avd.eos_config_deploy_cvp + vars: + container_root: 'SITE1_FABRIC' + configlets_prefix: 'AVD' + state: present diff --git a/labs/L3LS_ANTA/playbooks/cvp2.yml b/labs/L3LS_ANTA/playbooks/cvp2.yml new file mode 100644 index 000000000..96c244631 --- /dev/null +++ b/labs/L3LS_ANTA/playbooks/cvp2.yml @@ -0,0 +1,14 @@ +--- +- name: Build Switch configuration + hosts: cvp + gather_facts: false + + tasks: + + - name: Generate Intended Config and Documentation + ansible.builtin.import_role: + name: arista.avd.eos_config_deploy_cvp + vars: + container_root: 'SITE2_FABRIC' + configlets_prefix: 'AVD' + state: present diff --git a/labs/L3LS_ANTA/playbooks/deploy.yml b/labs/L3LS_ANTA/playbooks/deploy.yml new file mode 100644 index 000000000..a0a06322d --- /dev/null +++ b/labs/L3LS_ANTA/playbooks/deploy.yml @@ -0,0 +1,10 @@ +--- +- name: Deploy Switch configuration + hosts: "{{ target_hosts }}" + gather_facts: false + + tasks: + + - name: Deploy Configuration to Device + ansible.builtin.import_role: + name: arista.avd.eos_config_deploy_eapi diff --git a/labs/L3LS_ANTA/playbooks/ping.yml b/labs/L3LS_ANTA/playbooks/ping.yml new file mode 100644 index 000000000..357bbfced --- /dev/null +++ b/labs/L3LS_ANTA/playbooks/ping.yml @@ -0,0 +1,15 @@ +--- +- name: Test Connectivity to Lab Nodes + hosts: "{{ target_hosts }}" + connection: local + gather_facts: false + + tasks: + + - name: Import Global Vars + ansible.builtin.include_vars: "{{ item }}" + with_items: + - "../global_vars/global_dc_vars.yml" + + - name: Ping Hosts + ping: diff --git a/labs/L3LS_ANTA/playbooks/preplab.yml b/labs/L3LS_ANTA/playbooks/preplab.yml new file mode 100644 index 000000000..3d7ad9db4 --- /dev/null +++ b/labs/L3LS_ANTA/playbooks/preplab.yml @@ -0,0 +1,16 @@ +--- +- name: Deploy WAN & Host configurations + hosts: "{{ target_hosts }}" + gather_facts: false + + tasks: + + - name: Import Global Vars + ansible.builtin.include_vars: "{{ item }}" + with_items: + - "../global_vars/global_dc_vars.yml" + + - name: load configuration from file + arista.eos.eos_config: + src: ../extra_configs/{{inventory_hostname}}.cfg + replace: line diff --git a/labs/L3LS_ANTA/playbooks/validate.yml b/labs/L3LS_ANTA/playbooks/validate.yml new file mode 100644 index 000000000..24f952d21 --- /dev/null +++ b/labs/L3LS_ANTA/playbooks/validate.yml @@ -0,0 +1,14 @@ +--- +- name: Validate Network State + hosts: "{{ target_hosts }}" + connection: httpapi + gather_facts: false + + tasks: + + - name: validate states on EOS devices + ansible.builtin.import_role: + name: arista.avd.eos_validate_state + vars: + use_anta: true + save_catalog: true \ No newline at end of file diff --git a/labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml b/labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml new file mode 100644 index 000000000..017b9809b --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml @@ -0,0 +1,8 @@ +# # Verifies the device has certain route in routing table +# anta.tests.routing: +# generic: +# - VerifyRoutingTableEntry: +# vrf: default +# routes: +# - 0.0.0.0 +# - 9.9.9.9 diff --git a/labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/all.yml b/labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/all.yml new file mode 100644 index 000000000..b4cffefbe --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/all.yml @@ -0,0 +1,11 @@ +# anta.tests.software: + +# # Verifies the device is running one of the allowed EOS version. +# - VerifyEOSVersion: +# versions: # List of allowed EOS versions. +# - 4.32.0F-36401836.4320F (engineering build) + +# # Verifies the device is running one of the allowed TerminAttr version. +# - VerifyTerminAttrVersion: +# versions: # List of allowed TerminAttr versions. +# - v1.32.0 \ No newline at end of file diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml new file mode 100644 index 000000000..a792d1ce8 --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml @@ -0,0 +1,45 @@ +--- +port_profiles: + + - profile: PP-VLAN10 + mode: "access" + vlans: "10" + spanning_tree_portfast: edge + - profile: PP-VLAN20 + mode: "access" + vlans: "20" + spanning_tree_portfast: edge + +########################################################### +# ---------------- Endpoint Connectivity ---------------- # +########################################################### + +# servers: + +# # --------------------------------------------------------# +# # Site1 RACK1 Endpoints +# # --------------------------------------------------------# + +# - name: s1-host1 # Server name +# rack: RACK1 # Informational RACK (optional) +# adapters: +# - endpoint_ports: [ eth1, eth2 ] # Server port to connect (optional) +# switch_ports: [ Ethernet4, Ethernet4 ] # Switch port to connect server (required) +# switches: [ s1-leaf1, s1-leaf2 ] # Switch to connect server (required) +# profile: PP-VLAN10 # Port profile to apply (required) +# port_channel: +# mode: active + +# # --------------------------------------------------------# +# # Site1 RACK2 Endpoints +# # --------------------------------------------------------# + +# - name: s1-host2 # Server name +# rack: RACK2 # Informational RACK (optional) +# adapters: +# - endpoint_ports: [ eth1, eth2 ] # Server port to connect (optional) +# switch_ports: [ Ethernet4, Ethernet4 ] # Switch port to connect server (required) +# switches: [ s1-leaf3, s1-leaf4 ] # Switch to connect server (required) +# profile: PP-VLAN20 # Port profile to apply (required) +# port_channel: +# mode: active diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_FABRIC.yml b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_FABRIC.yml new file mode 100644 index 000000000..13044df65 --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_FABRIC.yml @@ -0,0 +1,87 @@ +--- +fabric_name: SITE1_FABRIC + +# Set Design Type to L3L2 with EVPN VXLAN +design: + type: l3ls-evpn + +# Spine Switches +spine: + defaults: + platform: cEOS + loopback_ipv4_pool: 10.250.1.0/24 + bgp_as: 65100 + nodes: + - name: s1-spine1 + id: 1 + mgmt_ip: 192.168.0.10/24 + - name: s1-spine2 + id: 2 + mgmt_ip: 192.168.0.11/24 + +# Leaf Switches +l3leaf: + defaults: + platform: cEOS + spanning_tree_priority: 4096 + spanning_tree_mode: mstp + loopback_ipv4_pool: 10.250.1.0/24 + loopback_ipv4_offset: 2 + vtep_loopback_ipv4_pool: 10.255.1.0/24 + uplink_switches: [ s1-spine1, s1-spine2 ] + uplink_interfaces: [ Ethernet2, Ethernet3 ] + uplink_ipv4_pool: 172.16.1.0/24 + mlag_interfaces: [ Ethernet1, Ethernet6 ] + mlag_peer_ipv4_pool: 10.251.1.0/24 + mlag_peer_l3_ipv4_pool: 10.252.1.0/24 + virtual_router_mac_address: 00:1c:73:00:00:99 + node_groups: + - group: S1_RACK1 + bgp_as: 65101 + nodes: + - name: s1-leaf1 + id: 1 + mgmt_ip: 192.168.0.12/24 + uplink_switch_interfaces: [ Ethernet2, Ethernet2 ] + - name: s1-leaf2 + id: 2 + mgmt_ip: 192.168.0.13/24 + uplink_switch_interfaces: [ Ethernet3, Ethernet3 ] + - group: S1_RACK2 + bgp_as: 65102 + nodes: + - name: s1-leaf3 + id: 3 + mgmt_ip: 192.168.0.14/24 + uplink_switch_interfaces: [ Ethernet4, Ethernet4 ] + - name: s1-leaf4 + id: 4 + mgmt_ip: 192.168.0.15/24 + uplink_switch_interfaces: [ Ethernet5, Ethernet5 ] + - group: S1_BRDR + bgp_as: 65103 + evpn_gateway: + evpn_l2: + enabled: true + evpn_l3: + enabled: true + inter_domain: true + nodes: + - name: s1-brdr1 + id: 5 + mgmt_ip: 192.168.0.100/24 + uplink_switch_interfaces: [ Ethernet7, Ethernet7 ] + evpn_gateway: + remote_peers: + - hostname: s2-brdr1 + bgp_as: 65203 + ip_address: 10.250.2.7 + - name: s1-brdr2 + id: 6 + mgmt_ip: 192.168.0.101/24 + uplink_switch_interfaces: [ Ethernet8, Ethernet8 ] + evpn_gateway: + remote_peers: + - hostname: s2-brdr2 + bgp_as: 65203 + ip_address: 10.250.2.8 diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_LEAFS.yml b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_LEAFS.yml new file mode 100644 index 000000000..2f6d52d1c --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_LEAFS.yml @@ -0,0 +1,2 @@ +--- +type: l3leaf diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml new file mode 100644 index 000000000..c97222924 --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml @@ -0,0 +1,16 @@ +--- +tenants: + - name: S1_FABRIC + mac_vrf_vni_base: 10000 + vrfs: + - name: OVERLAY + vrf_vni: 10 + svis: + - id: 10 + name: 'Ten' + enabled: true + ip_address_virtual: 10.10.10.1/24 + - id: 20 + name: 'Twenty' + enabled: true + ip_address_virtual: 10.20.20.1/24 diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_SPINES.yml b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_SPINES.yml new file mode 100644 index 000000000..ea38f466b --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_SPINES.yml @@ -0,0 +1,2 @@ +--- +type: spine diff --git a/labs/L3LS_ANTA/sites/site_1/inventory.yml b/labs/L3LS_ANTA/sites/site_1/inventory.yml new file mode 100644 index 000000000..165eb69df --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_1/inventory.yml @@ -0,0 +1,28 @@ +--- +SITE1: + children: + CVP: + hosts: + cvp: + SITE1_FABRIC: + children: + SITE1_SPINES: + hosts: + s1-spine1: + s1-spine2: + SITE1_LEAFS: + hosts: + s1-leaf1: + s1-leaf2: + s1-leaf3: + s1-leaf4: + s1-brdr1: + s1-brdr2: + SITE1_NETWORK_SERVICES: + children: + SITE1_SPINES: + SITE1_LEAFS: + SITE1_CONNECTED_ENDPOINTS: + children: + SITE1_SPINES: + SITE1_LEAFS: diff --git a/labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml b/labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml new file mode 100644 index 000000000..017b9809b --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml @@ -0,0 +1,8 @@ +# # Verifies the device has certain route in routing table +# anta.tests.routing: +# generic: +# - VerifyRoutingTableEntry: +# vrf: default +# routes: +# - 0.0.0.0 +# - 9.9.9.9 diff --git a/labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/all.yml b/labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/all.yml new file mode 100644 index 000000000..b4cffefbe --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/all.yml @@ -0,0 +1,11 @@ +# anta.tests.software: + +# # Verifies the device is running one of the allowed EOS version. +# - VerifyEOSVersion: +# versions: # List of allowed EOS versions. +# - 4.32.0F-36401836.4320F (engineering build) + +# # Verifies the device is running one of the allowed TerminAttr version. +# - VerifyTerminAttrVersion: +# versions: # List of allowed TerminAttr versions. +# - v1.32.0 \ No newline at end of file diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml new file mode 100644 index 000000000..e1e7c89bb --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml @@ -0,0 +1,45 @@ +--- +port_profiles: + + - profile: PP-VLAN10 + mode: "access" + vlans: "10" + spanning_tree_portfast: edge + - profile: PP-VLAN20 + mode: "access" + vlans: "20" + spanning_tree_portfast: edge + +########################################################### +# ---------------- Endpoint Connectivity ---------------- # +########################################################### + +servers: + +# --------------------------------------------------------# +# Site2 RACK1 Endpoints +# --------------------------------------------------------# + + - name: s2-host1 # Server name + rack: RACK1 # Informational RACK (optional) + adapters: + - endpoint_ports: [ eth1, eth2 ] # Server port to connect (optional) + switch_ports: [ Ethernet4, Ethernet4 ] # Switch port to connect server (required) + switches: [ s2-leaf1,s2-leaf2 ] # Switch to connect server (required) + profile: PP-VLAN10 # Port profile to apply (required) + port_channel: + mode: active + +# --------------------------------------------------------# +# Site2 RACK2 Endpoints +# --------------------------------------------------------# + + - name: s2-host2 # Server name + rack: RACK2 # Informational RACK (optional) + adapters: + - endpoint_ports: [ eth1, eth2 ] # Server port to connect (optional) + switch_ports: [ Ethernet4, Ethernet4 ] # Switch port to connect server (required) + switches: [ s2-leaf3, s2-leaf4 ] # Switch to connect server (required) + profile: PP-VLAN20 # Port profile to apply (required) + port_channel: + mode: active diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_FABRIC.yml b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_FABRIC.yml new file mode 100644 index 000000000..2e0875ccd --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_FABRIC.yml @@ -0,0 +1,87 @@ +--- +fabric_name: SITE2_FABRIC + +# Set Design Type to L3L2 with EVPN VXLAN +design: + type: l3ls-evpn + +# Spine Switches +spine: + defaults: + platform: cEOS + loopback_ipv4_pool: 10.250.2.0/24 + bgp_as: 65200 + nodes: + - name: s2-spine1 + id: 1 + mgmt_ip: 192.168.0.20/24 + - name: s2-spine2 + id: 2 + mgmt_ip: 192.168.0.21/24 + +# Leaf Switches +l3leaf: + defaults: + platform: cEOS + spanning_tree_priority: 4096 + spanning_tree_mode: mstp + loopback_ipv4_pool: 10.250.2.0/24 + loopback_ipv4_offset: 2 + vtep_loopback_ipv4_pool: 10.255.2.0/24 + uplink_switches: [ s2-spine1, s2-spine2 ] + uplink_interfaces: [ Ethernet2, Ethernet3 ] + uplink_ipv4_pool: 172.16.2.0/24 + mlag_interfaces: [ Ethernet1, Ethernet6 ] + mlag_peer_ipv4_pool: 10.251.2.0/24 + mlag_peer_l3_ipv4_pool: 10.252.2.0/24 + virtual_router_mac_address: 00:1c:73:00:00:99 + node_groups: + - group: S2_RACK1 + bgp_as: 65201 + nodes: + - name: s2-leaf1 + id: 1 + mgmt_ip: 192.168.0.22/24 + uplink_switch_interfaces: [ Ethernet2, Ethernet2 ] + - name: s2-leaf2 + id: 2 + mgmt_ip: 192.168.0.23/24 + uplink_switch_interfaces: [ Ethernet3, Ethernet3 ] + - group: S2_RACK2 + bgp_as: 65202 + nodes: + - name: s2-leaf3 + id: 3 + mgmt_ip: 192.168.0.24/24 + uplink_switch_interfaces: [ Ethernet4, Ethernet4 ] + - name: s2-leaf4 + id: 4 + mgmt_ip: 192.168.0.25/24 + uplink_switch_interfaces: [ Ethernet5, Ethernet5 ] + - group: S2_BRDR + bgp_as: 65203 + evpn_gateway: + evpn_l2: + enabled: true + evpn_l3: + enabled: true + inter_domain: true + nodes: + - name: s2-brdr1 + id: 5 + mgmt_ip: 192.168.0.200/24 + uplink_switch_interfaces: [ Ethernet7, Ethernet7 ] + evpn_gateway: + remote_peers: + - hostname: s1-brdr1 + bgp_as: 65103 + ip_address: 10.250.1.7 + - name: s2-brdr2 + id: 6 + mgmt_ip: 192.168.0.201/24 + uplink_switch_interfaces: [ Ethernet8, Ethernet8 ] + evpn_gateway: + remote_peers: + - hostname: s1-brdr2 + bgp_as: 65103 + ip_address: 10.250.1.8 \ No newline at end of file diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_LEAFS.yml b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_LEAFS.yml new file mode 100644 index 000000000..2f6d52d1c --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_LEAFS.yml @@ -0,0 +1,2 @@ +--- +type: l3leaf diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml new file mode 100644 index 000000000..42f8aaacc --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml @@ -0,0 +1,16 @@ +--- +tenants: + - name: S2_FABRIC + mac_vrf_vni_base: 10000 + vrfs: + - name: OVERLAY + vrf_vni: 10 + svis: + - id: 10 + name: 'Ten' + enabled: true + ip_address_virtual: 10.10.10.1/24 + - id: 20 + name: 'Twenty' + enabled: true + ip_address_virtual: 10.20.20.1/24 diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_SPINES.yml b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_SPINES.yml new file mode 100644 index 000000000..ea38f466b --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_SPINES.yml @@ -0,0 +1,2 @@ +--- +type: spine diff --git a/labs/L3LS_ANTA/sites/site_2/inventory.yml b/labs/L3LS_ANTA/sites/site_2/inventory.yml new file mode 100644 index 000000000..13015a049 --- /dev/null +++ b/labs/L3LS_ANTA/sites/site_2/inventory.yml @@ -0,0 +1,28 @@ +--- +SITE2: + children: + CVP: + hosts: + cvp: + SITE2_FABRIC: + children: + SITE2_SPINES: + hosts: + s2-spine1: + s2-spine2: + SITE2_LEAFS: + hosts: + s2-leaf1: + s2-leaf2: + s2-leaf3: + s2-leaf4: + s2-brdr1: + s2-brdr2: + SITE2_NETWORK_SERVICES: + children: + SITE2_SPINES: + SITE2_LEAFS: + SITE2_CONNECTED_ENDPOINTS: + children: + SITE2_SPINES: + SITE2_LEAFS: From 8ccadd7449f0c18e9f1535fa56a004b0119a5a61 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Tue, 3 Sep 2024 20:20:40 +0000 Subject: [PATCH 02/11] Change lab name --- .../group_vars/SITE1_CONNECTED_ENDPOINTS.yml | 45 ------------------- labs/{L3LS_ANTA => NET_TESTING}/Makefile | 0 labs/{L3LS_ANTA => NET_TESTING}/ansible.cfg | 0 .../extra_configs/inventory.yml | 0 .../extra_configs/s1-core1.cfg | 0 .../extra_configs/s1-core2.cfg | 0 .../extra_configs/s1-host1.cfg | 0 .../extra_configs/s1-host2.cfg | 0 .../extra_configs/s2-core1.cfg | 0 .../extra_configs/s2-core2.cfg | 0 .../extra_configs/s2-host1.cfg | 0 .../extra_configs/s2-host2.cfg | 0 .../global_vars/global_dc_vars.yml | 0 .../playbooks/build.yml | 0 .../playbooks/cvp1.yml | 0 .../playbooks/cvp2.yml | 0 .../playbooks/deploy.yml | 0 .../playbooks/ping.yml | 0 .../playbooks/preplab.yml | 0 .../playbooks/validate.yml | 0 .../custom_anta_catalogs/SITE1_LEAFS.yml | 0 .../sites/site_1/custom_anta_catalogs/all.yml | 0 .../group_vars/SITE1_CONNECTED_ENDPOINTS.yml | 45 +++++++++++++++++++ .../sites/site_1/group_vars/SITE1_FABRIC.yml | 0 .../sites/site_1/group_vars/SITE1_LEAFS.yml | 0 .../group_vars/SITE1_NETWORK_SERVICES.yml | 0 .../sites/site_1/group_vars/SITE1_SPINES.yml | 0 .../sites/site_1/inventory.yml | 0 .../custom_anta_catalogs/SITE2_LEAFS.yml | 0 .../sites/site_2/custom_anta_catalogs/all.yml | 0 .../group_vars/SITE2_CONNECTED_ENDPOINTS.yml | 0 .../sites/site_2/group_vars/SITE2_FABRIC.yml | 0 .../sites/site_2/group_vars/SITE2_LEAFS.yml | 0 .../group_vars/SITE2_NETWORK_SERVICES.yml | 0 .../sites/site_2/group_vars/SITE2_SPINES.yml | 0 .../sites/site_2/inventory.yml | 0 36 files changed, 45 insertions(+), 45 deletions(-) delete mode 100644 labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml rename labs/{L3LS_ANTA => NET_TESTING}/Makefile (100%) rename labs/{L3LS_ANTA => NET_TESTING}/ansible.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/inventory.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/s1-core1.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/s1-core2.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/s1-host1.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/s1-host2.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/s2-core1.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/s2-core2.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/s2-host1.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/extra_configs/s2-host2.cfg (100%) rename labs/{L3LS_ANTA => NET_TESTING}/global_vars/global_dc_vars.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/playbooks/build.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/playbooks/cvp1.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/playbooks/cvp2.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/playbooks/deploy.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/playbooks/ping.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/playbooks/preplab.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/playbooks/validate.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_1/custom_anta_catalogs/all.yml (100%) create mode 100644 labs/NET_TESTING/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_1/group_vars/SITE1_FABRIC.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_1/group_vars/SITE1_LEAFS.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_1/group_vars/SITE1_SPINES.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_1/inventory.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_2/custom_anta_catalogs/all.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_2/group_vars/SITE2_FABRIC.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_2/group_vars/SITE2_LEAFS.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_2/group_vars/SITE2_SPINES.yml (100%) rename labs/{L3LS_ANTA => NET_TESTING}/sites/site_2/inventory.yml (100%) diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml b/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml deleted file mode 100644 index a792d1ce8..000000000 --- a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -port_profiles: - - - profile: PP-VLAN10 - mode: "access" - vlans: "10" - spanning_tree_portfast: edge - - profile: PP-VLAN20 - mode: "access" - vlans: "20" - spanning_tree_portfast: edge - -########################################################### -# ---------------- Endpoint Connectivity ---------------- # -########################################################### - -# servers: - -# # --------------------------------------------------------# -# # Site1 RACK1 Endpoints -# # --------------------------------------------------------# - -# - name: s1-host1 # Server name -# rack: RACK1 # Informational RACK (optional) -# adapters: -# - endpoint_ports: [ eth1, eth2 ] # Server port to connect (optional) -# switch_ports: [ Ethernet4, Ethernet4 ] # Switch port to connect server (required) -# switches: [ s1-leaf1, s1-leaf2 ] # Switch to connect server (required) -# profile: PP-VLAN10 # Port profile to apply (required) -# port_channel: -# mode: active - -# # --------------------------------------------------------# -# # Site1 RACK2 Endpoints -# # --------------------------------------------------------# - -# - name: s1-host2 # Server name -# rack: RACK2 # Informational RACK (optional) -# adapters: -# - endpoint_ports: [ eth1, eth2 ] # Server port to connect (optional) -# switch_ports: [ Ethernet4, Ethernet4 ] # Switch port to connect server (required) -# switches: [ s1-leaf3, s1-leaf4 ] # Switch to connect server (required) -# profile: PP-VLAN20 # Port profile to apply (required) -# port_channel: -# mode: active diff --git a/labs/L3LS_ANTA/Makefile b/labs/NET_TESTING/Makefile similarity index 100% rename from labs/L3LS_ANTA/Makefile rename to labs/NET_TESTING/Makefile diff --git a/labs/L3LS_ANTA/ansible.cfg b/labs/NET_TESTING/ansible.cfg similarity index 100% rename from labs/L3LS_ANTA/ansible.cfg rename to labs/NET_TESTING/ansible.cfg diff --git a/labs/L3LS_ANTA/extra_configs/inventory.yml b/labs/NET_TESTING/extra_configs/inventory.yml similarity index 100% rename from labs/L3LS_ANTA/extra_configs/inventory.yml rename to labs/NET_TESTING/extra_configs/inventory.yml diff --git a/labs/L3LS_ANTA/extra_configs/s1-core1.cfg b/labs/NET_TESTING/extra_configs/s1-core1.cfg similarity index 100% rename from labs/L3LS_ANTA/extra_configs/s1-core1.cfg rename to labs/NET_TESTING/extra_configs/s1-core1.cfg diff --git a/labs/L3LS_ANTA/extra_configs/s1-core2.cfg b/labs/NET_TESTING/extra_configs/s1-core2.cfg similarity index 100% rename from labs/L3LS_ANTA/extra_configs/s1-core2.cfg rename to labs/NET_TESTING/extra_configs/s1-core2.cfg diff --git a/labs/L3LS_ANTA/extra_configs/s1-host1.cfg b/labs/NET_TESTING/extra_configs/s1-host1.cfg similarity index 100% rename from labs/L3LS_ANTA/extra_configs/s1-host1.cfg rename to labs/NET_TESTING/extra_configs/s1-host1.cfg diff --git a/labs/L3LS_ANTA/extra_configs/s1-host2.cfg b/labs/NET_TESTING/extra_configs/s1-host2.cfg similarity index 100% rename from labs/L3LS_ANTA/extra_configs/s1-host2.cfg rename to labs/NET_TESTING/extra_configs/s1-host2.cfg diff --git a/labs/L3LS_ANTA/extra_configs/s2-core1.cfg b/labs/NET_TESTING/extra_configs/s2-core1.cfg similarity index 100% rename from labs/L3LS_ANTA/extra_configs/s2-core1.cfg rename to labs/NET_TESTING/extra_configs/s2-core1.cfg diff --git a/labs/L3LS_ANTA/extra_configs/s2-core2.cfg b/labs/NET_TESTING/extra_configs/s2-core2.cfg similarity index 100% rename from labs/L3LS_ANTA/extra_configs/s2-core2.cfg rename to labs/NET_TESTING/extra_configs/s2-core2.cfg diff --git a/labs/L3LS_ANTA/extra_configs/s2-host1.cfg b/labs/NET_TESTING/extra_configs/s2-host1.cfg similarity index 100% rename from labs/L3LS_ANTA/extra_configs/s2-host1.cfg rename to labs/NET_TESTING/extra_configs/s2-host1.cfg diff --git a/labs/L3LS_ANTA/extra_configs/s2-host2.cfg b/labs/NET_TESTING/extra_configs/s2-host2.cfg similarity index 100% rename from labs/L3LS_ANTA/extra_configs/s2-host2.cfg rename to labs/NET_TESTING/extra_configs/s2-host2.cfg diff --git a/labs/L3LS_ANTA/global_vars/global_dc_vars.yml b/labs/NET_TESTING/global_vars/global_dc_vars.yml similarity index 100% rename from labs/L3LS_ANTA/global_vars/global_dc_vars.yml rename to labs/NET_TESTING/global_vars/global_dc_vars.yml diff --git a/labs/L3LS_ANTA/playbooks/build.yml b/labs/NET_TESTING/playbooks/build.yml similarity index 100% rename from labs/L3LS_ANTA/playbooks/build.yml rename to labs/NET_TESTING/playbooks/build.yml diff --git a/labs/L3LS_ANTA/playbooks/cvp1.yml b/labs/NET_TESTING/playbooks/cvp1.yml similarity index 100% rename from labs/L3LS_ANTA/playbooks/cvp1.yml rename to labs/NET_TESTING/playbooks/cvp1.yml diff --git a/labs/L3LS_ANTA/playbooks/cvp2.yml b/labs/NET_TESTING/playbooks/cvp2.yml similarity index 100% rename from labs/L3LS_ANTA/playbooks/cvp2.yml rename to labs/NET_TESTING/playbooks/cvp2.yml diff --git a/labs/L3LS_ANTA/playbooks/deploy.yml b/labs/NET_TESTING/playbooks/deploy.yml similarity index 100% rename from labs/L3LS_ANTA/playbooks/deploy.yml rename to labs/NET_TESTING/playbooks/deploy.yml diff --git a/labs/L3LS_ANTA/playbooks/ping.yml b/labs/NET_TESTING/playbooks/ping.yml similarity index 100% rename from labs/L3LS_ANTA/playbooks/ping.yml rename to labs/NET_TESTING/playbooks/ping.yml diff --git a/labs/L3LS_ANTA/playbooks/preplab.yml b/labs/NET_TESTING/playbooks/preplab.yml similarity index 100% rename from labs/L3LS_ANTA/playbooks/preplab.yml rename to labs/NET_TESTING/playbooks/preplab.yml diff --git a/labs/L3LS_ANTA/playbooks/validate.yml b/labs/NET_TESTING/playbooks/validate.yml similarity index 100% rename from labs/L3LS_ANTA/playbooks/validate.yml rename to labs/NET_TESTING/playbooks/validate.yml diff --git a/labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml b/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml rename to labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml diff --git a/labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/all.yml b/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/all.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_1/custom_anta_catalogs/all.yml rename to labs/NET_TESTING/sites/site_1/custom_anta_catalogs/all.yml diff --git a/labs/NET_TESTING/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml new file mode 100644 index 000000000..f91fda3b1 --- /dev/null +++ b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_CONNECTED_ENDPOINTS.yml @@ -0,0 +1,45 @@ +--- +port_profiles: + + - profile: PP-VLAN10 + mode: "access" + vlans: "10" + spanning_tree_portfast: edge + - profile: PP-VLAN20 + mode: "access" + vlans: "20" + spanning_tree_portfast: edge + +########################################################### +# ---------------- Endpoint Connectivity ---------------- # +########################################################### + +servers: + +# --------------------------------------------------------# +# Site1 RACK1 Endpoints +# --------------------------------------------------------# + + - name: s1-host1 # Server name + rack: RACK1 # Informational RACK (optional) + adapters: + - endpoint_ports: [ eth1, eth2 ] # Server port to connect (optional) + switch_ports: [ Ethernet4, Ethernet4 ] # Switch port to connect server (required) + switches: [ s1-leaf1, s1-leaf2 ] # Switch to connect server (required) + profile: PP-VLAN10 # Port profile to apply (required) + port_channel: + mode: active + +# --------------------------------------------------------# +# Site1 RACK2 Endpoints +# --------------------------------------------------------# + + - name: s1-host2 # Server name + rack: RACK2 # Informational RACK (optional) + adapters: + - endpoint_ports: [ eth1, eth2 ] # Server port to connect (optional) + switch_ports: [ Ethernet4, Ethernet4 ] # Switch port to connect server (required) + switches: [ s1-leaf3, s1-leaf4 ] # Switch to connect server (required) + profile: PP-VLAN20 # Port profile to apply (required) + port_channel: + mode: active diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_FABRIC.yml b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_FABRIC.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_FABRIC.yml rename to labs/NET_TESTING/sites/site_1/group_vars/SITE1_FABRIC.yml diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_LEAFS.yml b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_LEAFS.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_LEAFS.yml rename to labs/NET_TESTING/sites/site_1/group_vars/SITE1_LEAFS.yml diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml rename to labs/NET_TESTING/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml diff --git a/labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_SPINES.yml b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_SPINES.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_1/group_vars/SITE1_SPINES.yml rename to labs/NET_TESTING/sites/site_1/group_vars/SITE1_SPINES.yml diff --git a/labs/L3LS_ANTA/sites/site_1/inventory.yml b/labs/NET_TESTING/sites/site_1/inventory.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_1/inventory.yml rename to labs/NET_TESTING/sites/site_1/inventory.yml diff --git a/labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml b/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml rename to labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml diff --git a/labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/all.yml b/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/all.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_2/custom_anta_catalogs/all.yml rename to labs/NET_TESTING/sites/site_2/custom_anta_catalogs/all.yml diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml rename to labs/NET_TESTING/sites/site_2/group_vars/SITE2_CONNECTED_ENDPOINTS.yml diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_FABRIC.yml b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_FABRIC.yml rename to labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_LEAFS.yml b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_LEAFS.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_LEAFS.yml rename to labs/NET_TESTING/sites/site_2/group_vars/SITE2_LEAFS.yml diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml rename to labs/NET_TESTING/sites/site_2/group_vars/SITE2_NETWORK_SERVICES.yml diff --git a/labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_SPINES.yml b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_SPINES.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_2/group_vars/SITE2_SPINES.yml rename to labs/NET_TESTING/sites/site_2/group_vars/SITE2_SPINES.yml diff --git a/labs/L3LS_ANTA/sites/site_2/inventory.yml b/labs/NET_TESTING/sites/site_2/inventory.yml similarity index 100% rename from labs/L3LS_ANTA/sites/site_2/inventory.yml rename to labs/NET_TESTING/sites/site_2/inventory.yml From a5fb9c7c46b3d124b4d4cd3e4ec7133e907a2083 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Wed, 4 Sep 2024 13:52:37 +0000 Subject: [PATCH 03/11] Removing the all custom ANTA tests, moving to ./tests --- .../sites/site_1/custom_anta_catalogs/all.yml | 11 ----------- .../sites/site_2/custom_anta_catalogs/all.yml | 11 ----------- 2 files changed, 22 deletions(-) delete mode 100644 labs/NET_TESTING/sites/site_1/custom_anta_catalogs/all.yml delete mode 100644 labs/NET_TESTING/sites/site_2/custom_anta_catalogs/all.yml diff --git a/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/all.yml b/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/all.yml deleted file mode 100644 index b4cffefbe..000000000 --- a/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/all.yml +++ /dev/null @@ -1,11 +0,0 @@ -# anta.tests.software: - -# # Verifies the device is running one of the allowed EOS version. -# - VerifyEOSVersion: -# versions: # List of allowed EOS versions. -# - 4.32.0F-36401836.4320F (engineering build) - -# # Verifies the device is running one of the allowed TerminAttr version. -# - VerifyTerminAttrVersion: -# versions: # List of allowed TerminAttr versions. -# - v1.32.0 \ No newline at end of file diff --git a/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/all.yml b/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/all.yml deleted file mode 100644 index b4cffefbe..000000000 --- a/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/all.yml +++ /dev/null @@ -1,11 +0,0 @@ -# anta.tests.software: - -# # Verifies the device is running one of the allowed EOS version. -# - VerifyEOSVersion: -# versions: # List of allowed EOS versions. -# - 4.32.0F-36401836.4320F (engineering build) - -# # Verifies the device is running one of the allowed TerminAttr version. -# - VerifyTerminAttrVersion: -# versions: # List of allowed TerminAttr versions. -# - v1.32.0 \ No newline at end of file From e608d40312327a12db691a0a6337c2299fa8ba17 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Wed, 4 Sep 2024 13:53:13 +0000 Subject: [PATCH 04/11] Add ansible host IP, ANTA will not generate inventory without it --- labs/NET_TESTING/sites/site_1/inventory.yml | 8 ++++++++ labs/NET_TESTING/sites/site_2/inventory.yml | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/labs/NET_TESTING/sites/site_1/inventory.yml b/labs/NET_TESTING/sites/site_1/inventory.yml index 165eb69df..1f9cc68bd 100644 --- a/labs/NET_TESTING/sites/site_1/inventory.yml +++ b/labs/NET_TESTING/sites/site_1/inventory.yml @@ -9,15 +9,23 @@ SITE1: SITE1_SPINES: hosts: s1-spine1: + ansible_host: 192.168.0.10 s1-spine2: + ansible_host: 192.168.0.11 SITE1_LEAFS: hosts: s1-leaf1: + ansible_host: 192.168.0.12 s1-leaf2: + ansible_host: 192.168.0.13 s1-leaf3: + ansible_host: 192.168.0.14 s1-leaf4: + ansible_host: 192.168.0.15 s1-brdr1: + ansible_host: 192.168.0.100 s1-brdr2: + ansible_host: 192.168.0.101 SITE1_NETWORK_SERVICES: children: SITE1_SPINES: diff --git a/labs/NET_TESTING/sites/site_2/inventory.yml b/labs/NET_TESTING/sites/site_2/inventory.yml index 13015a049..6abd10cbe 100644 --- a/labs/NET_TESTING/sites/site_2/inventory.yml +++ b/labs/NET_TESTING/sites/site_2/inventory.yml @@ -9,15 +9,23 @@ SITE2: SITE2_SPINES: hosts: s2-spine1: + ansible_host: 192.168.0.20 s2-spine2: + ansible_host: 192.168.0.21 SITE2_LEAFS: hosts: s2-leaf1: + ansible_host: 192.168.0.22 s2-leaf2: + ansible_host: 192.168.0.23 s2-leaf3: + ansible_host: 192.168.0.24 s2-leaf4: + ansible_host: 192.168.0.25 s2-brdr1: + ansible_host: 192.168.0.200 s2-brdr2: + ansible_host: 192.168.0.201 SITE2_NETWORK_SERVICES: children: SITE2_SPINES: From a6da6e34f99c3a7ffc6724ce5981fecfb946b528 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Wed, 4 Sep 2024 13:53:28 +0000 Subject: [PATCH 05/11] Adding ANTA test catalog of ANTA lab --- labs/NET_TESTING/tests/all.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 labs/NET_TESTING/tests/all.yml diff --git a/labs/NET_TESTING/tests/all.yml b/labs/NET_TESTING/tests/all.yml new file mode 100644 index 000000000..756ba74c0 --- /dev/null +++ b/labs/NET_TESTING/tests/all.yml @@ -0,0 +1,16 @@ +anta.tests.system: + # Verifies whether the CPU utilization is below 75%. + - VerifyCPUUtilization: + +anta.tests.hardware: + # Verifies the status of power supply fans and all fan trays. + - VerifyEnvironmentCooling: + states: + - ok + +anta.tests.software: + + # Verifies the device is running one of the allowed TerminAttr version. + - VerifyTerminAttrVersion: + versions: + - v1.32.0 From f747dd5025c8d4e1689f4b5dcf3143be406375de Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Wed, 4 Sep 2024 20:31:08 +0000 Subject: [PATCH 06/11] Uncommenting the P2P links --- .../global_vars/global_dc_vars.yml | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/labs/NET_TESTING/global_vars/global_dc_vars.yml b/labs/NET_TESTING/global_vars/global_dc_vars.yml index 159d55b8d..9ff7e60c0 100644 --- a/labs/NET_TESTING/global_vars/global_dc_vars.yml +++ b/labs/NET_TESTING/global_vars/global_dc_vars.yml @@ -80,26 +80,26 @@ bgp_peer_groups: password: 4b21pAdCvWeAqpcKDFMdWw== # # L3 Edge port definitions. This can be any port in the entire Fabric, where IP interfaces are defined. -# l3_edge: -# # Define a new IP pool that will be used to assign IP addresses to L3 Edge interfaces. -# p2p_links_ip_pools: -# - name: S1_to_S2_IP_pool -# ipv4_pool: 172.16.255.0/24 -# # Define a new link profile which will match the IP pool, the used ASNs and include the defined interface into underlay routing -# p2p_links_profiles: -# - name: S1_to_S2_profile -# ip_pool: S1_to_S2_IP_pool -# as: [ 65103, 65203 ] -# include_in_underlay_protocol: true -# # Define each P2P L3 link and link the nodes, the interfaces and the profile used. -# p2p_links: -# - id: 1 -# nodes: [ s1-brdr1, s2-brdr1 ] -# interfaces: [ Ethernet4, Ethernet4 ] -# profile: S1_to_S2_profile -# - id: 2 -# nodes: [ s1-brdr2, s2-brdr2 ] -# interfaces: [ Ethernet5, Ethernet5 ] -# profile: S1_to_S2_profile +l3_edge: + # Define a new IP pool that will be used to assign IP addresses to L3 Edge interfaces. + p2p_links_ip_pools: + - name: S1_to_S2_IP_pool + ipv4_pool: 172.16.255.0/24 + # Define a new link profile which will match the IP pool, the used ASNs and include the defined interface into underlay routing + p2p_links_profiles: + - name: S1_to_S2_profile + ip_pool: S1_to_S2_IP_pool + as: [ 65103, 65203 ] + include_in_underlay_protocol: true + # Define each P2P L3 link and link the nodes, the interfaces and the profile used. + p2p_links: + - id: 1 + nodes: [ s1-brdr1, s2-brdr1 ] + interfaces: [ Ethernet4, Ethernet4 ] + profile: S1_to_S2_profile + - id: 2 + nodes: [ s1-brdr2, s2-brdr2 ] + interfaces: [ Ethernet5, Ethernet5 ] + profile: S1_to_S2_profile From 39df30e471b32d51081d1cb8a14bbf113e6fd77f Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Wed, 4 Sep 2024 20:31:51 +0000 Subject: [PATCH 07/11] Update CPU to Uptime test --- labs/NET_TESTING/tests/all.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/labs/NET_TESTING/tests/all.yml b/labs/NET_TESTING/tests/all.yml index 756ba74c0..27ce9af9e 100644 --- a/labs/NET_TESTING/tests/all.yml +++ b/labs/NET_TESTING/tests/all.yml @@ -1,6 +1,6 @@ anta.tests.system: - # Verifies whether the CPU utilization is below 75%. - - VerifyCPUUtilization: + - VerifyUptime: + minimum: 600 anta.tests.hardware: # Verifies the status of power supply fans and all fan trays. @@ -14,3 +14,4 @@ anta.tests.software: - VerifyTerminAttrVersion: versions: - v1.32.0 + From fc9c9f2f9c8acd998fc12a0094714f7930899dd9 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Wed, 4 Sep 2024 20:32:22 +0000 Subject: [PATCH 08/11] Add typo into SITE2 --- labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml index 2e0875ccd..5fa56f0d9 100644 --- a/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml +++ b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml @@ -83,5 +83,5 @@ l3leaf: evpn_gateway: remote_peers: - hostname: s1-brdr2 - bgp_as: 65103 + bgp_as: 65203 ip_address: 10.250.1.8 \ No newline at end of file From a42182f441565de3fd37d7553dbe3ec3a1f20231 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Thu, 5 Sep 2024 18:21:55 +0000 Subject: [PATCH 09/11] Cleanup and adding ANTA custom catalogs for AVD lab --- labs/NET_TESTING/global_vars/global_dc_vars.yml | 13 +++++++++++++ .../site_1/custom_anta_catalogs/SITE1_FABRIC.yml | 12 ++++++++++++ .../site_1/custom_anta_catalogs/SITE1_LEAFS.yml | 8 -------- .../site_1/custom_anta_catalogs/SITE1_SPINES.yml | 8 ++++++++ .../sites/site_1/group_vars/SITE1_FABRIC.yml | 2 +- .../site_1/group_vars/SITE1_NETWORK_SERVICES.yml | 4 ++++ .../site_2/custom_anta_catalogs/SITE2_FABRIC.yml | 12 ++++++++++++ .../site_2/custom_anta_catalogs/SITE2_LEAFS.yml | 8 -------- .../site_2/custom_anta_catalogs/SITE2_SPINES.yml | 8 ++++++++ .../sites/site_2/group_vars/SITE2_FABRIC.yml | 2 +- 10 files changed, 59 insertions(+), 18 deletions(-) create mode 100644 labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_FABRIC.yml delete mode 100644 labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml create mode 100644 labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_SPINES.yml create mode 100644 labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_FABRIC.yml delete mode 100644 labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml create mode 100644 labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_SPINES.yml diff --git a/labs/NET_TESTING/global_vars/global_dc_vars.yml b/labs/NET_TESTING/global_vars/global_dc_vars.yml index 9ff7e60c0..7b1d8edc0 100644 --- a/labs/NET_TESTING/global_vars/global_dc_vars.yml +++ b/labs/NET_TESTING/global_vars/global_dc_vars.yml @@ -78,6 +78,19 @@ bgp_peer_groups: password: 7x4B4rnJhZB438m9+BrBfQ== mlag_ipv4_underlay_peer: password: 4b21pAdCvWeAqpcKDFMdWw== + +# Add a logging server to both our sites to sastify compliance +# logging: +# buffered: +# size: 8000 +# level: notifications +# trap: debugging +# vrfs: +# - name: "default" +# source_interface: "Management0" +# hosts: +# - name: 10.100.100.100 +# protocol: udp # # L3 Edge port definitions. This can be any port in the entire Fabric, where IP interfaces are defined. l3_edge: diff --git a/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_FABRIC.yml b/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_FABRIC.yml new file mode 100644 index 000000000..d28afa190 --- /dev/null +++ b/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_FABRIC.yml @@ -0,0 +1,12 @@ +########################################################### +# ------------------- Logging Tests --------------------- # +########################################################### +# anta.tests.logging: +# - VerifyLoggingHosts: +# hosts: +# - 10.100.100.100 +# vrf: default + +# - VerifyLoggingSourceIntf: +# interface: Management0 +# vrf: default diff --git a/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml b/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml deleted file mode 100644 index 017b9809b..000000000 --- a/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_LEAFS.yml +++ /dev/null @@ -1,8 +0,0 @@ -# # Verifies the device has certain route in routing table -# anta.tests.routing: -# generic: -# - VerifyRoutingTableEntry: -# vrf: default -# routes: -# - 0.0.0.0 -# - 9.9.9.9 diff --git a/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_SPINES.yml b/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_SPINES.yml new file mode 100644 index 000000000..b1f5b657b --- /dev/null +++ b/labs/NET_TESTING/sites/site_1/custom_anta_catalogs/SITE1_SPINES.yml @@ -0,0 +1,8 @@ +########################################################## +# -------------------- System Tests -------------------- # +########################################################## + +# anta.tests.system: +# - VerifyCPUUtilization: +# - VerifyMemoryUtilization: +# - VerifyFileSystemUtilization: diff --git a/labs/NET_TESTING/sites/site_1/group_vars/SITE1_FABRIC.yml b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_FABRIC.yml index 13044df65..3babac1cf 100644 --- a/labs/NET_TESTING/sites/site_1/group_vars/SITE1_FABRIC.yml +++ b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_FABRIC.yml @@ -70,7 +70,7 @@ l3leaf: - name: s1-brdr1 id: 5 mgmt_ip: 192.168.0.100/24 - uplink_switch_interfaces: [ Ethernet7, Ethernet7 ] + uplink_switch_interfaces: [ Ethernet6, Ethernet6 ] evpn_gateway: remote_peers: - hostname: s2-brdr1 diff --git a/labs/NET_TESTING/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml index c97222924..c0ccbf20e 100644 --- a/labs/NET_TESTING/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml +++ b/labs/NET_TESTING/sites/site_1/group_vars/SITE1_NETWORK_SERVICES.yml @@ -14,3 +14,7 @@ tenants: name: 'Twenty' enabled: true ip_address_virtual: 10.20.20.1/24 + # - id: 30 + # name: 'Thiry' + # enabled: true + # ip_address_virtual: 10.30.30.1/24 diff --git a/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_FABRIC.yml b/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_FABRIC.yml new file mode 100644 index 000000000..d28afa190 --- /dev/null +++ b/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_FABRIC.yml @@ -0,0 +1,12 @@ +########################################################### +# ------------------- Logging Tests --------------------- # +########################################################### +# anta.tests.logging: +# - VerifyLoggingHosts: +# hosts: +# - 10.100.100.100 +# vrf: default + +# - VerifyLoggingSourceIntf: +# interface: Management0 +# vrf: default diff --git a/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml b/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml deleted file mode 100644 index 017b9809b..000000000 --- a/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_LEAFS.yml +++ /dev/null @@ -1,8 +0,0 @@ -# # Verifies the device has certain route in routing table -# anta.tests.routing: -# generic: -# - VerifyRoutingTableEntry: -# vrf: default -# routes: -# - 0.0.0.0 -# - 9.9.9.9 diff --git a/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_SPINES.yml b/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_SPINES.yml new file mode 100644 index 000000000..b1f5b657b --- /dev/null +++ b/labs/NET_TESTING/sites/site_2/custom_anta_catalogs/SITE2_SPINES.yml @@ -0,0 +1,8 @@ +########################################################## +# -------------------- System Tests -------------------- # +########################################################## + +# anta.tests.system: +# - VerifyCPUUtilization: +# - VerifyMemoryUtilization: +# - VerifyFileSystemUtilization: diff --git a/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml index 5fa56f0d9..2e0875ccd 100644 --- a/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml +++ b/labs/NET_TESTING/sites/site_2/group_vars/SITE2_FABRIC.yml @@ -83,5 +83,5 @@ l3leaf: evpn_gateway: remote_peers: - hostname: s1-brdr2 - bgp_as: 65203 + bgp_as: 65103 ip_address: 10.250.1.8 \ No newline at end of file From 619c62b3cfbbf23d3c596b3dd8c7640bd5412d77 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Tue, 24 Sep 2024 22:32:40 +0000 Subject: [PATCH 10/11] Disable ANTA by default --- labs/NET_TESTING/playbooks/validate.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/labs/NET_TESTING/playbooks/validate.yml b/labs/NET_TESTING/playbooks/validate.yml index 24f952d21..359fee6f1 100644 --- a/labs/NET_TESTING/playbooks/validate.yml +++ b/labs/NET_TESTING/playbooks/validate.yml @@ -9,6 +9,6 @@ - name: validate states on EOS devices ansible.builtin.import_role: name: arista.avd.eos_validate_state - vars: - use_anta: true - save_catalog: true \ No newline at end of file + # vars: + # use_anta: true + # save_catalog: true \ No newline at end of file From 3494213f021449d79e8ec44fa0b0d0509b77e9e8 Mon Sep 17 00:00:00 2001 From: Kyle Bush <75400046+kpbush30@users.noreply.github.com> Date: Tue, 24 Sep 2024 22:36:44 +0000 Subject: [PATCH 11/11] Add file location for ANTA pb --- labs/NET_TESTING/playbooks/validate.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/labs/NET_TESTING/playbooks/validate.yml b/labs/NET_TESTING/playbooks/validate.yml index 359fee6f1..62c61daf1 100644 --- a/labs/NET_TESTING/playbooks/validate.yml +++ b/labs/NET_TESTING/playbooks/validate.yml @@ -11,4 +11,5 @@ name: arista.avd.eos_validate_state # vars: # use_anta: true - # save_catalog: true \ No newline at end of file + # save_catalog: true + # eos_validate_state_md_report_path: "{{ eos_validate_state_dir }}/{{ fabric_name }}-state-anta.md"