diff --git a/esxi-switches.yml b/esxi-switches.yml new file mode 100644 index 0000000..5a8ce6d --- /dev/null +++ b/esxi-switches.yml @@ -0,0 +1,36 @@ +- name: Create internode vswitches + hosts: "{{ variable_hosts }}" + serial: 1 + tags: node_switches + gather_facts: no + vars_files: + - group_vars/vmware + - switch-list-input.yml + tasks: + - name: Create the vswitch + vmware_vswitch: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + switch_name: "{{ item }}" + mtu: 9000 + loop: "{{ switches }}" + delegate_to: localhost + - name: Create the portgroup + vmware_portgroup: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + switch_name: "{{ item }}" + portgroup_name: "{{ item }}" + security: + promiscuous_mode: True + forged_transmits: True + mac_changes: True + vlan_id: 4095 + loop: "{{ switches }}" + delegate_to: localhost \ No newline at end of file diff --git a/files/nessus/config/nessus-vmx1-config.txt b/files/nessus/config/nessus-vmx1-config.txt new file mode 100644 index 0000000..3ac0d8b --- /dev/null +++ b/files/nessus/config/nessus-vmx1-config.txt @@ -0,0 +1,141 @@ + +version VERSION +system { + host-name nessus-vmx1; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + extension-service { + request-response { + grpc { + clear-text; + max-connections 8; + skip-authentication; + } + } + } + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} +chassis { + network-services enhanced-ip; +} +interfaces { + ge-0/0/0 { + description "nessus-vmx1" + unit 0 { + family inet { + address 10.0.0.0/31 + } + family inet6; + family mpls; + family iso; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.200/21; + } + } + } + lo0 { + unit 0 { + family inet { + address 192.168.0.1/32; + } + family inet6 { + address fec0:0:0:1111::1/128; + } + + family iso { + address 49.0001.0010.0100.1001.00; + } + + } + } +} +routing-options { + router-id 192.168.0.1; + autonomous-system 65000; + forwarding-table { + export LOAD-BALANCE; + } + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + isis { + source-packet-routing { + srgb start-label 16000 index-range 8000; + node-segment { + ipv4-index 401; + ipv6-index 601; + } + } + level 1 disable; + level 2 wide-metrics-only; + interface ge-0/0/0.0 { + point-to-point; + level 2 metric 1000; + } + interface lo0.0 { + passive; + } + } + mpls { + interface ge-0/0/0.0; + } + lldp { + port-id-subtype interface-name; + neighbour-port-info-display port-id; + interface ge-0/0/0; + } +} +policy-options { + policy-statement LOAD-BALANCE { + then { + load-balance per-packet; + } + } +} diff --git a/files/nessus/nessus_nodes.yml b/files/nessus/nessus_nodes.yml new file mode 100644 index 0000000..75fbe7a --- /dev/null +++ b/files/nessus/nessus_nodes.yml @@ -0,0 +1,24 @@ +common: + bgp_asn: 65000 + gateway: 10.39.0.1 +nodes: + nessus-vmx1: + asn: 65000 + iso: 49.0001.0010.0100.1001.00 + links: + ge-0/0/0.0: + cost: 1000 + ip: 10.0.0.0 + iso: true + mask: 31 + mpls: true + remote: nessus-vmx1 + vlan: 0 + mgmt: 10.39.0.200 + rid: 192.168.0.1 + rid6: fec0:0:0:1111::1 + sid: 401 + sid6: 601 + switches: + - nessus-vmx1-0--nessus-vmx1-1 + - nessus-vmx1-0--nessus-vmx1-1 diff --git a/files/nessus/tasks/nessus-vmx1_task.yml b/files/nessus/tasks/nessus-vmx1_task.yml new file mode 100644 index 0000000..37bbf53 --- /dev/null +++ b/files/nessus/tasks/nessus-vmx1_task.yml @@ -0,0 +1,40 @@ + - name: Update vmx networking + vmware_guest: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + name: "nessus-vmx1-vfpc" + folder: / + datastore: datastore2 + networks: + - name: NS-DEV-NAT + - name: "nessus-vmx1-br-int" + - name: "nessus-vmx1-0--nessus-vmx1-1" + device_type: vmxnet3 + - name: "nessus-vmx1-0--nessus-vmx1-1" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "nessus-vmx1-0--nessus-vmx1-1" + device_type: vmxnet3 + - name: "nessus-vmx1-0--nessus-vmx1-1" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + hardware: + num_cpus: 3 + memory_mb: 8192 + state: present + delegate_to: localhost diff --git a/files/ova/README-fullk9-R-XRV9000-701.txt b/files/ova/README-fullk9-R-XRV9000-701.txt deleted file mode 100644 index b722d82..0000000 --- a/files/ova/README-fullk9-R-XRV9000-701.txt +++ /dev/null @@ -1,5 +0,0 @@ -# md5 values of files listed in tar file are listed below -ad38cb8ee2ab73cd36fa04af87428eb6 xrv9k-fullk9-x-7.0.1.iso -c343249e16ee101173eb2c14e09b85f8 xrv9k-fullk9-x-7.0.1.ova -ca2817767fa546e303c3c536e211d33e xrv9k-fullk9-x-7.0.1.qcow2 -4c4bc803c9bf641cd028f02edb927cf8 xrv9k-fullk9-x.virsh-7.0.1.xml diff --git a/files/ova/ubuntu-bionic-18.04-cloudimg.mf b/files/ova/ubuntu-bionic-18.04-cloudimg.mf deleted file mode 100644 index b28618a..0000000 --- a/files/ova/ubuntu-bionic-18.04-cloudimg.mf +++ /dev/null @@ -1,2 +0,0 @@ -SHA256(ubuntu-bionic-18.04-cloudimg.vmdk)= bdcbc8c4f5cc5f0c755efed0d4ef6363679ff6b4b39a09d117592c064d129ea2 -SHA256(ubuntu-bionic-18.04-cloudimg.ovf)= 737409b7cab56f892a2c7dbee4da57285637ea3cb6d7ec3a5ff569e53df6ebfa diff --git a/files/ova/ubuntu-bionic-18.04-cloudimg.ovf b/files/ova/ubuntu-bionic-18.04-cloudimg.ovf deleted file mode 100644 index 0762415..0000000 --- a/files/ova/ubuntu-bionic-18.04-cloudimg.ovf +++ /dev/null @@ -1,178 +0,0 @@ - - - - - - - Virtual disk information - - - - The list of logical networks - - The VM Network network - - - - A virtual machine - ubuntu-bionic-18.04-cloudimg-20190122 - - The kind of installed guest operating system - Ubuntu Linux (64-bit) - - - - Cloud-Init customization - Ubuntu 18.04 Server (20190122) - - - Specifies the instance id. This is required and used to determine if the machine should take "first boot" actions - - - Specifies the hostname for the appliance - - - - This field is optional, but indicates that the instance should 'seed' user-data and meta-data from the given url. If set to 'http://tinyurl.com/sm-' is given, meta-data will be pulled from http://tinyurl.com/sm-meta-data and user-data from http://tinyurl.com/sm-user-data. Leave this empty if you do not want to seed from a url. - - - - This field is optional, but indicates that the instance should populate the default user's 'authorized_keys' with this value - - - - In order to fit into a xml attribute, this value is base64 encoded . It will be decoded, and then processed normally as user-data. - - - - - If set, the default user's password will be set to this value to allow password based login. The password will be good for only a single login. If set to the string 'RANDOM' then a random password will be generated, and written to the console. - - - - - Virtual hardware requirements - - Virtual Hardware Family - 0 - ubuntu-bionic-18.04-cloudimg-20190122 - vmx-10 - - - hertz * 10^6 - Number of Virtual CPUs - 2 virtual CPU(s) - 1 - 3 - 2 - - - byte * 2^20 - Memory Size - 1024MB of memory - 2 - 4 - 1024 - - - 0 - SCSI Controller - SCSI Controller 0 - 3 - VirtualSCSI - 6 - - - 1 - IDE Controller - VirtualIDEController 1 - 4 - 5 - - - 0 - IDE Controller - VirtualIDEController 0 - 5 - 5 - - - false - VirtualVideoCard - 6 - 24 - - - - - - - - false - VirtualVMCIDevice - 7 - vmware.vmci - 1 - - - - 0 - false - CD-ROM 1 - 8 - 4 - vmware.cdrom.remotepassthrough - 15 - - - - 0 - Hard Disk 1 - ovf:/disk/vmdisk1 - 9 - 3 - 17 - - - - 0 - false - Floppy Drive - Floppy 1 - 10 - vmware.floppy.remotedevice - 14 - - - 7 - true - VM Network - VmxNet3 ethernet adapter on "VM Network" - Ethernet 1 - 11 - VmxNet3 - 10 - - - - - - - - - - - - - - - - - - - - - - diff --git a/files/rsvp/config/rsvp-vmx1-config.txt b/files/rsvp/config/rsvp-vmx1-config.txt new file mode 100644 index 0000000..bbef5e8 --- /dev/null +++ b/files/rsvp/config/rsvp-vmx1-config.txt @@ -0,0 +1,163 @@ + +version VERSION +system { + host-name rsvp-vmx1; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + extension-service { + request-response { + grpc { + clear-text; + max-connections 10; + skip-authentication; + } + } + } + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} +chassis { + network-services enhanced-ip; +} +interfaces { + ge-0/0/0 { + description "rsvp-vmx2" + unit 0 { + family inet { + address 10.0.12.1/24 + } + family inet6; + family mpls; + family iso; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.201/21; + } + } + } + lo0 { + unit 0 { + family inet { + address 1.1.1.1/32; + } + family inet6 { + address fec0:0:0:1111::1/128; + } + + family iso { + address 49.0001.0010.0100.1001.00; + } + + } + } +} +routing-options { + router-id 1.1.1.1; + autonomous-system 65000; + forwarding-table { + export LOAD-BALANCE; + } + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + bgp { + group Core { + type internal; + export __Ansible_Core_export; + local-address 1.1.1.1; + family inet { + unicast; + } + family inet-vpn { + unicast; + } + neighbor 3.3.3.3; + } + } + isis { + level 1 disable; + level 2 wide-metrics-only; + interface ge-0/0/0.0 { + point-to-point; + level 2 metric 1000; + } + interface lo0.0 { + passive; + } + } + rsvp { + interface ge-0/0/0.0; + } + mpls { + interface ge-0/0/0.0; + } + lldp { + port-id-subtype interface-name; + neighbour-port-info-display port-id; + interface ge-0/0/0; + } +} +policy-options { + policy-statement LOAD-BALANCE { + then { + load-balance per-packet; + } + } + policy-statement __Ansible_Core_export { + term ebgp { + from { + protocol bgp; + external; + } + then { + next-hop self; + accept; + } + } + } +} diff --git a/files/rsvp/config/rsvp-vmx2-config.txt b/files/rsvp/config/rsvp-vmx2-config.txt new file mode 100644 index 0000000..f1b7cfb --- /dev/null +++ b/files/rsvp/config/rsvp-vmx2-config.txt @@ -0,0 +1,175 @@ + +version VERSION +system { + host-name rsvp-vmx2; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + extension-service { + request-response { + grpc { + clear-text; + max-connections 10; + skip-authentication; + } + } + } + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} +chassis { + network-services enhanced-ip; +} +interfaces { + ge-0/0/0 { + description "rsvp-vmx1" + unit 0 { + family inet { + address 10.0.12.2/24 + } + family inet6; + family mpls; + family iso; + } + } + + ge-0/0/1 { + description "rsvp-vmx3" + unit 0 { + family inet { + address 10.0.23.2/24 + } + family inet6; + family mpls; + family iso; + } + } + + ge-0/0/2 { + description "rsvp-vmx4" + unit 0 { + family inet { + address 10.0.24.2/24 + } + family inet6; + family mpls; + family iso; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.202/21; + } + } + } + lo0 { + unit 0 { + family inet { + address 2.2.2.2/32; + } + family inet6 { + address fec0:0:0:1111::2/128; + } + + family iso { + address 49.0001.0010.0100.1002.00; + } + + } + } +} +routing-options { + router-id 2.2.2.2; + autonomous-system 65000; + forwarding-table { + export LOAD-BALANCE; + } + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + isis { + level 1 disable; + level 2 wide-metrics-only; + interface ge-0/0/0.0 { + point-to-point; + level 2 metric 1000; + } + interface ge-0/0/1.0 { + point-to-point; + level 2 metric 1000; + } + interface ge-0/0/2.0 { + point-to-point; + level 2 metric 1000; + } + interface lo0.0 { + passive; + } + } + rsvp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface ge-0/0/2.0; + } + mpls { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface ge-0/0/2.0; + } + lldp { + port-id-subtype interface-name; + neighbour-port-info-display port-id; + interface ge-0/0/0; + interface ge-0/0/1; + interface ge-0/0/2; + } +} +policy-options { + policy-statement LOAD-BALANCE { + then { + load-balance per-packet; + } + } +} diff --git a/files/rsvp/config/rsvp-vmx3-config.txt b/files/rsvp/config/rsvp-vmx3-config.txt new file mode 100644 index 0000000..ffe884c --- /dev/null +++ b/files/rsvp/config/rsvp-vmx3-config.txt @@ -0,0 +1,171 @@ + +version VERSION +system { + host-name rsvp-vmx3; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + extension-service { + request-response { + grpc { + clear-text; + max-connections 10; + skip-authentication; + } + } + } + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} +chassis { + network-services enhanced-ip; +} +interfaces { + ge-0/0/0 { + description "rsvp-vmx2" + unit 0 { + family inet { + address 10.0.23.3/24 + } + family inet6; + family mpls; + family iso; + } + } + + ge-0/0/1 { + description "rsvp-vmx6" + unit 0 { + family inet { + address 10.0.36.3/24 + } + family inet6; + family mpls; + family iso; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.203/21; + } + } + } + lo0 { + unit 0 { + family inet { + address 3.3.3.3/32; + } + family inet6 { + address fec0:0:0:1111::3/128; + } + + family iso { + address 49.0001.0010.0100.1003.00; + } + + } + } +} +routing-options { + router-id 3.3.3.3; + autonomous-system 65000; + forwarding-table { + export LOAD-BALANCE; + } + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + bgp { + group Core { + type internal; + local-address 3.3.3.3; + cluster 3.3.3.3; + family inet { + unicast; + } + family inet-vpn { + unicast; + } + neighbor 1.1.1.1; + neighbor 7.7.7.7; + } + } + isis { + level 1 disable; + level 2 wide-metrics-only; + interface ge-0/0/0.0 { + point-to-point; + level 2 metric 1000; + } + interface ge-0/0/1.0 { + point-to-point; + level 2 metric 1000; + } + interface lo0.0 { + passive; + } + } + rsvp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + mpls { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + lldp { + port-id-subtype interface-name; + neighbour-port-info-display port-id; + interface ge-0/0/0; + interface ge-0/0/1; + } +} +policy-options { + policy-statement LOAD-BALANCE { + then { + load-balance per-packet; + } + } +} diff --git a/files/rsvp/config/rsvp-vmx4-config.txt b/files/rsvp/config/rsvp-vmx4-config.txt new file mode 100644 index 0000000..a53ca82 --- /dev/null +++ b/files/rsvp/config/rsvp-vmx4-config.txt @@ -0,0 +1,156 @@ + +version VERSION +system { + host-name rsvp-vmx4; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + extension-service { + request-response { + grpc { + clear-text; + max-connections 10; + skip-authentication; + } + } + } + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} +chassis { + network-services enhanced-ip; +} +interfaces { + ge-0/0/0 { + description "rsvp-vmx2" + unit 0 { + family inet { + address 10.0.24.4/24 + } + family inet6; + family mpls; + family iso; + } + } + + ge-0/0/1 { + description "rsvp-vmx5" + unit 0 { + family inet { + address 10.0.45.4/24 + } + family inet6; + family mpls; + family iso; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.204/21; + } + } + } + lo0 { + unit 0 { + family inet { + address 4.4.4.4/32; + } + family inet6 { + address fec0:0:0:1111::4/128; + } + + family iso { + address 49.0001.0010.0100.1004.00; + } + + } + } +} +routing-options { + router-id 4.4.4.4; + autonomous-system 65000; + forwarding-table { + export LOAD-BALANCE; + } + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + isis { + level 1 disable; + level 2 wide-metrics-only; + interface ge-0/0/0.0 { + point-to-point; + level 2 metric 1000; + } + interface ge-0/0/1.0 { + point-to-point; + level 2 metric 1000; + } + interface lo0.0 { + passive; + } + } + rsvp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + mpls { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + lldp { + port-id-subtype interface-name; + neighbour-port-info-display port-id; + interface ge-0/0/0; + interface ge-0/0/1; + } +} +policy-options { + policy-statement LOAD-BALANCE { + then { + load-balance per-packet; + } + } +} diff --git a/files/rsvp/config/rsvp-vmx5-config.txt b/files/rsvp/config/rsvp-vmx5-config.txt new file mode 100644 index 0000000..e96a156 --- /dev/null +++ b/files/rsvp/config/rsvp-vmx5-config.txt @@ -0,0 +1,156 @@ + +version VERSION +system { + host-name rsvp-vmx5; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + extension-service { + request-response { + grpc { + clear-text; + max-connections 10; + skip-authentication; + } + } + } + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} +chassis { + network-services enhanced-ip; +} +interfaces { + ge-0/0/0 { + description "rsvp-vmx4" + unit 0 { + family inet { + address 10.0.45.5/24 + } + family inet6; + family mpls; + family iso; + } + } + + ge-0/0/1 { + description "rsvp-vmx6" + unit 0 { + family inet { + address 10.0.56.5/24 + } + family inet6; + family mpls; + family iso; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.205/21; + } + } + } + lo0 { + unit 0 { + family inet { + address 5.5.5.5/32; + } + family inet6 { + address fec0:0:0:1111::5/128; + } + + family iso { + address 49.0001.0010.0100.1005.00; + } + + } + } +} +routing-options { + router-id 5.5.5.5; + autonomous-system 65000; + forwarding-table { + export LOAD-BALANCE; + } + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + isis { + level 1 disable; + level 2 wide-metrics-only; + interface ge-0/0/0.0 { + point-to-point; + level 2 metric 1000; + } + interface ge-0/0/1.0 { + point-to-point; + level 2 metric 1000; + } + interface lo0.0 { + passive; + } + } + rsvp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + mpls { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + } + lldp { + port-id-subtype interface-name; + neighbour-port-info-display port-id; + interface ge-0/0/0; + interface ge-0/0/1; + } +} +policy-options { + policy-statement LOAD-BALANCE { + then { + load-balance per-packet; + } + } +} diff --git a/files/rsvp/config/rsvp-vmx6-config.txt b/files/rsvp/config/rsvp-vmx6-config.txt new file mode 100644 index 0000000..ff7f57d --- /dev/null +++ b/files/rsvp/config/rsvp-vmx6-config.txt @@ -0,0 +1,175 @@ + +version VERSION +system { + host-name rsvp-vmx6; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + extension-service { + request-response { + grpc { + clear-text; + max-connections 10; + skip-authentication; + } + } + } + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} +chassis { + network-services enhanced-ip; +} +interfaces { + ge-0/0/0 { + description "rsvp-vmx3" + unit 0 { + family inet { + address 10.0.36.6/24 + } + family inet6; + family mpls; + family iso; + } + } + + ge-0/0/1 { + description "rsvp-vmx5" + unit 0 { + family inet { + address 10.0.56.6/24 + } + family inet6; + family mpls; + family iso; + } + } + + ge-0/0/2 { + description "rsvp-vmx7" + unit 0 { + family inet { + address 10.0.67.6/24 + } + family inet6; + family mpls; + family iso; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.206/21; + } + } + } + lo0 { + unit 0 { + family inet { + address 6.6.6.6/32; + } + family inet6 { + address fec0:0:0:1111::6/128; + } + + family iso { + address 49.0001.0010.0100.1006.00; + } + + } + } +} +routing-options { + router-id 6.6.6.6; + autonomous-system 65000; + forwarding-table { + export LOAD-BALANCE; + } + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + isis { + level 1 disable; + level 2 wide-metrics-only; + interface ge-0/0/0.0 { + point-to-point; + level 2 metric 1000; + } + interface ge-0/0/1.0 { + point-to-point; + level 2 metric 1000; + } + interface ge-0/0/2.0 { + point-to-point; + level 2 metric 1000; + } + interface lo0.0 { + passive; + } + } + rsvp { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface ge-0/0/2.0; + } + mpls { + interface ge-0/0/0.0; + interface ge-0/0/1.0; + interface ge-0/0/2.0; + } + lldp { + port-id-subtype interface-name; + neighbour-port-info-display port-id; + interface ge-0/0/0; + interface ge-0/0/1; + interface ge-0/0/2; + } +} +policy-options { + policy-statement LOAD-BALANCE { + then { + load-balance per-packet; + } + } +} diff --git a/files/rsvp/config/rsvp-vmx7-config.txt b/files/rsvp/config/rsvp-vmx7-config.txt new file mode 100644 index 0000000..17cf25d --- /dev/null +++ b/files/rsvp/config/rsvp-vmx7-config.txt @@ -0,0 +1,163 @@ + +version VERSION +system { + host-name rsvp-vmx7; + no-redirects; + root-authentication { + encrypted-password "$5$mcE0Hfiq$JfBeC3QSAvnd1tjqlOhlYXDgVrwvd6S4G3oVj5wiMO7"; ## SECRET-DATA + } + login { + user salt { + uid 2001; + class super-user; + authentication { + encrypted-password "$5$yp7ziGTI$F5F.6AUlR8hDK2JIsw5WRrTLex/yTCWH3iSR1Auk293"; ## SECRET-DATA + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjxY2hLZ+ju5wdK4GYNhKGgnS8EWLBoEVpo+xQkhDzkTiBx3HGAnmARcVV0B9MqrHZl1omdnirJeygWzVbVY4yPUqGgEcUsTTq9fvK4AjTwtaoB5txAosaOnZq0zewmuZ6EMi6E3RND6A3FGXkf1Il2jg3I8k/dGqdyFI80B7sWy90fk+EqsGMPxVc+l5vAtY2jm84ellxxzBsulxfCSKPH86hZ1GqZ8A1ZBWITu15NjQw0aGssSYGMMTa1T8eFyY4hHWqqdwgOlODg9mZwwP1JdJH79SRoTOjqGGixuAFDGAgH3fNX6u8wTmYya/z7WXH6B2XwiiaZYdcyEbMLPZt"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login allow; + } + extension-service { + request-response { + grpc { + clear-text; + max-connections 10; + skip-authentication; + } + } + } + netconf { + ssh; + traceoptions { + file nc.txt size 1m world-readable; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + file messages { + any any; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } +} +chassis { + network-services enhanced-ip; +} +interfaces { + ge-0/0/0 { + description "rsvp-vmx6" + unit 0 { + family inet { + address 10.0.67.7/24 + } + family inet6; + family mpls; + family iso; + } + } + + fxp0 { + description "OOB to MGMT Network"; + unit 0 { + family inet { + address 10.39.0.207/21; + } + } + } + lo0 { + unit 0 { + family inet { + address 7.7.7.7/32; + } + family inet6 { + address fec0:0:0:1111::7/128; + } + + family iso { + address 49.0001.0010.0100.1007.00; + } + + } + } +} +routing-options { + router-id 7.7.7.7; + autonomous-system 65000; + forwarding-table { + export LOAD-BALANCE; + } + static { + route 0.0.0.0/0 { + next-hop 10.39.0.1; + no-readvertise; + preference 255; + } + } +} +protocols { + bgp { + group Core { + type internal; + export __Ansible_Core_export; + local-address 7.7.7.7; + family inet { + unicast; + } + family inet-vpn { + unicast; + } + neighbor 3.3.3.3; + } + } + isis { + level 1 disable; + level 2 wide-metrics-only; + interface ge-0/0/0.0 { + point-to-point; + level 2 metric 1000; + } + interface lo0.0 { + passive; + } + } + rsvp { + interface ge-0/0/0.0; + } + mpls { + interface ge-0/0/0.0; + } + lldp { + port-id-subtype interface-name; + neighbour-port-info-display port-id; + interface ge-0/0/0; + } +} +policy-options { + policy-statement LOAD-BALANCE { + then { + load-balance per-packet; + } + } + policy-statement __Ansible_Core_export { + term ebgp { + from { + protocol bgp; + external; + } + then { + next-hop self; + accept; + } + } + } +} diff --git a/files/rsvp/rsvp_nodes.yml b/files/rsvp/rsvp_nodes.yml new file mode 100644 index 0000000..43e8a05 --- /dev/null +++ b/files/rsvp/rsvp_nodes.yml @@ -0,0 +1,133 @@ +# +# Nodes in the network +# + + +--- + +common: + bgp_asn: 65000 + gateway: 10.39.0.1 + +nodes: + + rsvp-vmx1: + mgmt: 10.39.0.201 + rid: 1.1.1.1 + rid6: fec0:0:0:1111::1 + iso: 49.0001.0010.0100.1001.00 + rsvp: True + asn: 65000 + switches: + - rsvp-vmx1-0--rsvp-vmx2-0 + links: + ge-0/0/0.0: { ip: 10.0.12.1, remote: rsvp-vmx2, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + bgp: + ibgp: + peers: + - 3.3.3.3 + af: + - inet + - inet-vpn + + rsvp-vmx2: + mgmt: 10.39.0.202 + rid: 2.2.2.2 + rid6: fec0:0:0:1111::2 + iso: 49.0001.0010.0100.1002.00 + rsvp: True + asn: 65000 + switches: + - rsvp-vmx1-0--rsvp-vmx2-0 + - rsvp-vmx2-1--rsvp-vmx3-0 + - rsvp-vmx2-2--rsvp-vmx4-0 + links: + ge-0/0/0.0: { ip: 10.0.12.2, remote: rsvp-vmx1, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + ge-0/0/1.0: { ip: 10.0.23.2, remote: rsvp-vmx3, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + ge-0/0/2.0: { ip: 10.0.24.2, remote: rsvp-vmx4, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + + rsvp-vmx3: + mgmt: 10.39.0.203 + rid: 3.3.3.3 + rid6: fec0:0:0:1111::3 + iso: 49.0001.0010.0100.1003.00 + rsvp: True + asn: 65000 + switches: + - rsvp-vmx2-1--rsvp-vmx3-0 + - rsvp-vmx3-1--rsvp-vmx6-0 + links: + ge-0/0/0.0: { ip: 10.0.23.3, remote: rsvp-vmx2, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + ge-0/0/1.0: { ip: 10.0.36.3, remote: rsvp-vmx6, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + bgp: + ibgp: + rr: true + peers: + - 1.1.1.1 + - 7.7.7.7 + af: + - inet + - inet-vpn + + rsvp-vmx4: + mgmt: 10.39.0.204 + rid: 4.4.4.4 + rid6: fec0:0:0:1111::4 + iso: 49.0001.0010.0100.1004.00 + rsvp: True + asn: 65000 + switches: + - rsvp-vmx2-2--rsvp-vmx4-0 + - rsvp-vmx4-1--rsvp-vmx5-0 + links: + ge-0/0/0.0: { ip: 10.0.24.4, remote: rsvp-vmx2, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + ge-0/0/1.0: { ip: 10.0.45.4, remote: rsvp-vmx5, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + + rsvp-vmx5: + mgmt: 10.39.0.205 + rid: 5.5.5.5 + rid6: fec0:0:0:1111::5 + iso: 49.0001.0010.0100.1005.00 + rsvp: True + asn: 65000 + switches: + - rsvp-vmx4-1--rsvp-vmx5-0 + - rsvp-vmx5-1--rsvp-vmx6-1 + links: + ge-0/0/0.0: { ip: 10.0.45.5, remote: rsvp-vmx4, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + ge-0/0/1.0: { ip: 10.0.56.5, remote: rsvp-vmx6, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + + rsvp-vmx6: + mgmt: 10.39.0.206 + rid: 6.6.6.6 + rid6: fec0:0:0:1111::6 + iso: 49.0001.0010.0100.1006.00 + rsvp: True + asn: 65000 + switches: + - rsvp-vmx3-1--rsvp-vmx6-0 + - rsvp-vmx5-1--rsvp-vmx6-1 + - rsvp-vmx6-2--rsvp-vmx7-0 + links: + ge-0/0/0.0: { ip: 10.0.36.6, remote: rsvp-vmx3, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + ge-0/0/1.0: { ip: 10.0.56.6, remote: rsvp-vmx5, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + ge-0/0/2.0: { ip: 10.0.67.6, remote: rsvp-vmx7, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + + rsvp-vmx7: + mgmt: 10.39.0.207 + rid: 7.7.7.7 + rid6: fec0:0:0:1111::7 + iso: 49.0001.0010.0100.1007.00 + rsvp: True + asn: 65000 + switches: + - rsvp-vmx6-2--rsvp-vmx7-0 + links: + ge-0/0/0.0: { ip: 10.0.67.7, remote: rsvp-vmx6, mask: 24, cost: 1000, vlan: 0, mpls: True, iso: True} + bgp: + ibgp: + peers: + - 3.3.3.3 + af: + - inet + - inet-vpn diff --git a/files/rsvp/tasks/rsvp-vmx1_task.yml b/files/rsvp/tasks/rsvp-vmx1_task.yml new file mode 100644 index 0000000..199b6f8 --- /dev/null +++ b/files/rsvp/tasks/rsvp-vmx1_task.yml @@ -0,0 +1,32 @@ + - name: Update vmx networking + vmware_guest: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + name: "rsvp-vmx1-vfpc" + folder: / + datastore: datastore2 + networks: + - name: NS-DEV-NAT + - name: "rsvp-vmx1-br-int" + - name: "rsvp-vmx1-0--rsvp-vmx2-0" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + hardware: + num_cpus: 3 + memory_mb: 8192 + state: present + delegate_to: localhost diff --git a/files/rsvp/tasks/rsvp-vmx2_task.yml b/files/rsvp/tasks/rsvp-vmx2_task.yml new file mode 100644 index 0000000..16c8969 --- /dev/null +++ b/files/rsvp/tasks/rsvp-vmx2_task.yml @@ -0,0 +1,32 @@ + - name: Update vmx networking + vmware_guest: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + name: "rsvp-vmx2-vfpc" + folder: / + datastore: datastore2 + networks: + - name: NS-DEV-NAT + - name: "rsvp-vmx2-br-int" + - name: "rsvp-vmx1-0--rsvp-vmx2-0" + device_type: vmxnet3 + - name: "rsvp-vmx2-1--rsvp-vmx3-0" + device_type: vmxnet3 + - name: "rsvp-vmx2-2--rsvp-vmx4-0" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + hardware: + num_cpus: 3 + memory_mb: 8192 + state: present + delegate_to: localhost diff --git a/files/rsvp/tasks/rsvp-vmx3_task.yml b/files/rsvp/tasks/rsvp-vmx3_task.yml new file mode 100644 index 0000000..8776e46 --- /dev/null +++ b/files/rsvp/tasks/rsvp-vmx3_task.yml @@ -0,0 +1,32 @@ + - name: Update vmx networking + vmware_guest: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + name: "rsvp-vmx3-vfpc" + folder: / + datastore: datastore2 + networks: + - name: NS-DEV-NAT + - name: "rsvp-vmx3-br-int" + - name: "rsvp-vmx2-1--rsvp-vmx3-0" + device_type: vmxnet3 + - name: "rsvp-vmx3-1--rsvp-vmx6-0" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + hardware: + num_cpus: 3 + memory_mb: 8192 + state: present + delegate_to: localhost diff --git a/files/rsvp/tasks/rsvp-vmx4_task.yml b/files/rsvp/tasks/rsvp-vmx4_task.yml new file mode 100644 index 0000000..454095f --- /dev/null +++ b/files/rsvp/tasks/rsvp-vmx4_task.yml @@ -0,0 +1,32 @@ + - name: Update vmx networking + vmware_guest: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + name: "rsvp-vmx4-vfpc" + folder: / + datastore: datastore2 + networks: + - name: NS-DEV-NAT + - name: "rsvp-vmx4-br-int" + - name: "rsvp-vmx2-2--rsvp-vmx4-0" + device_type: vmxnet3 + - name: "rsvp-vmx4-1--rsvp-vmx5-0" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + hardware: + num_cpus: 3 + memory_mb: 8192 + state: present + delegate_to: localhost diff --git a/files/rsvp/tasks/rsvp-vmx5_task.yml b/files/rsvp/tasks/rsvp-vmx5_task.yml new file mode 100644 index 0000000..2123ac3 --- /dev/null +++ b/files/rsvp/tasks/rsvp-vmx5_task.yml @@ -0,0 +1,32 @@ + - name: Update vmx networking + vmware_guest: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + name: "rsvp-vmx5-vfpc" + folder: / + datastore: datastore2 + networks: + - name: NS-DEV-NAT + - name: "rsvp-vmx5-br-int" + - name: "rsvp-vmx4-1--rsvp-vmx5-0" + device_type: vmxnet3 + - name: "rsvp-vmx5-1--rsvp-vmx6-1" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + hardware: + num_cpus: 3 + memory_mb: 8192 + state: present + delegate_to: localhost diff --git a/files/rsvp/tasks/rsvp-vmx6_task.yml b/files/rsvp/tasks/rsvp-vmx6_task.yml new file mode 100644 index 0000000..c1dd266 --- /dev/null +++ b/files/rsvp/tasks/rsvp-vmx6_task.yml @@ -0,0 +1,32 @@ + - name: Update vmx networking + vmware_guest: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + name: "rsvp-vmx6-vfpc" + folder: / + datastore: datastore2 + networks: + - name: NS-DEV-NAT + - name: "rsvp-vmx6-br-int" + - name: "rsvp-vmx3-1--rsvp-vmx6-0" + device_type: vmxnet3 + - name: "rsvp-vmx5-1--rsvp-vmx6-1" + device_type: vmxnet3 + - name: "rsvp-vmx6-2--rsvp-vmx7-0" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + hardware: + num_cpus: 3 + memory_mb: 8192 + state: present + delegate_to: localhost diff --git a/files/rsvp/tasks/rsvp-vmx7_task.yml b/files/rsvp/tasks/rsvp-vmx7_task.yml new file mode 100644 index 0000000..6a89d23 --- /dev/null +++ b/files/rsvp/tasks/rsvp-vmx7_task.yml @@ -0,0 +1,32 @@ + - name: Update vmx networking + vmware_guest: + hostname: "{{ esxi_hostname }}" + username: "{{ esxi_username }}" + password: "{{ esxi_password }}" + esxi_hostname: "{{ esxi_hostname }}" + validate_certs: False + name: "rsvp-vmx7-vfpc" + folder: / + datastore: datastore2 + networks: + - name: NS-DEV-NAT + - name: "rsvp-vmx7-br-int" + - name: "rsvp-vmx6-2--rsvp-vmx7-0" + device_type: vmxnet3 + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + - name: "DUMMY" + start_connected: False + hardware: + num_cpus: 3 + memory_mb: 8192 + state: present + delegate_to: localhost diff --git a/group_vars/all b/group_vars/all index 32433d2..3c8336b 100644 --- a/group_vars/all +++ b/group_vars/all @@ -2,5 +2,5 @@ ansible_user: salt ansible_ssh_private_key_file: /srv/salt/ssh/id_rsa remote_user: "{{ ansible_user }}" -esxi_hostname: "nsvmware2.mgmt.internet2.edu" -esxi_datastore: "nsvmware2 - datastore1" +#esxi_hostname: "nsvmware2.mgmt.internet2.edu" +#esxi_datastore: "nsvmware2 - datastore1" diff --git a/group_vars/nessus b/group_vars/nessus new file mode 100644 index 0000000..c139cba --- /dev/null +++ b/group_vars/nessus @@ -0,0 +1,8 @@ +--- +#ansible_connection: local +model: core-model-nessus.yml +topo_dir: files/nessus +config_dir: "{{ topo_dir }}/config" +tasks_dir: "{{ topo_dir }}/tasks" +dryrun: True +ova_ver: 17.3R3-S7.2 diff --git a/group_vars/rsvp b/group_vars/rsvp new file mode 100644 index 0000000..ae0426c --- /dev/null +++ b/group_vars/rsvp @@ -0,0 +1,8 @@ +--- +#ansible_connection: local +model: core-model-rsvp.yml +topo_dir: files/rsvp +config_dir: "{{ topo_dir }}/config" +tasks_dir: "{{ topo_dir }}/tasks" +dryrun: True +ova_ver: 19.2R1.8 diff --git a/hosts.ini b/hosts.ini index 8270f06..3beba1d 100644 --- a/hosts.ini +++ b/hosts.ini @@ -9,16 +9,16 @@ epe-vmx6 ansible_host=10.39.0.106 epe-vmx7 ansible_host=10.39.0.107 epe-vmx8 ansible_host=10.39.0.108 -[ksr] -ksr-vmx1 ansible_host=10.39.0.201 -ksr-vmx2 ansible_host=10.39.0.202 -ksr-vmx3 ansible_host=10.39.0.203 -ksr-vmx4 ansible_host=10.39.0.204 -ksr-vmx5 ansible_host=10.39.0.205 -ksr-vmx6 ansible_host=10.39.0.206 -ksr-vmx7 ansible_host=10.39.0.207 -ksr-vmx8 ansible_host=10.39.0.208 -ksr-vmx9 ansible_host=10.39.0.209 +[rsvp] +rsvp-vmx1 ansible_host=10.39.0.201 +rsvp-vmx2 ansible_host=10.39.0.202 +rsvp-vmx3 ansible_host=10.39.0.203 +rsvp-vmx4 ansible_host=10.39.0.204 +rsvp-vmx5 ansible_host=10.39.0.205 +rsvp-vmx6 ansible_host=10.39.0.206 +rsvp-vmx7 ansible_host=10.39.0.207 +; rsvp-vmx8 ansible_host=10.39.0.208 +; rsvp-vmx9 ansible_host=10.39.0.209 [vmxlab] vmx1 ansible_host=10.39.8.10 @@ -52,6 +52,9 @@ proto-ce2 ansible_host=10.39.0.167 proto-ce3 ansible_host=10.39.0.168 proto-ce4 ansible_host=10.39.0.169 +[nessus] +nessus-vmx1 ansible_host=10.39.0.200 + [tx_vmx:children] tx_i2_vmx tx_conn_vmx @@ -61,11 +64,12 @@ tx_vmx [vmx:children] epe -ksr +rsvp vmxlab mm tx_vmx tx_proto +nessus [mx5] mx5-1 ansible_host=10.39.8.1 @@ -103,3 +107,6 @@ veos [dhcp] dhcpd ansible_host=10.39.0.255 + +[noop] +dummy ansible_host=127.0.0.1 \ No newline at end of file diff --git a/lab-deploy.yml b/lab-deploy.yml index 0c840cf..dface18 100644 --- a/lab-deploy.yml +++ b/lab-deploy.yml @@ -33,6 +33,7 @@ - name: Create internode vswitches hosts: "{{ variable_hosts }}" + serial: 1 tags: node_switches gather_facts: no vars_files: diff --git a/requirements.txt b/requirements.txt index eee9540..5d124a5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ -ansible -junos-eznc -junos-netconify -napalm-ansible -PyVmomi -jinja2-cli -jxmlease +ansible==2.9.1 +junos-eznc==2.3.0 +junos-netconify==1.0.2 +napalm-ansible==1.0.0 +pyvmomi==6.7.3 +jinja2-cli==0.7.0 +jxmlease==1.0.1 diff --git a/switch-list-input.yml b/switch-list-input.yml new file mode 100644 index 0000000..bc90008 --- /dev/null +++ b/switch-list-input.yml @@ -0,0 +1,11 @@ +switches: + - nmao-SEAT--nmao-EQCH + - nmao-SEAT--nmao-SANJ + - nmao-SANJ--nmao-WILC + - nmao-SANJ--nmao-EQCH + - nmao-WILC--nmao-DALL3 + - nmao-EQCH--nmao-DALL3 + - nmao-EQCH--nmao-NEWY32 + - nmao-EQCH--nmao-ASHB + - nmao-DALL3--nmao-ASBH + - nmao-NEWY32--nmao-ASHB diff --git a/templates/core-to-nodes.j2 b/templates/core-to-nodes.j2 index 64b87a0..45958f5 100644 --- a/templates/core-to-nodes.j2 +++ b/templates/core-to-nodes.j2 @@ -11,7 +11,7 @@ common: bgp_asn: {{ common.bgp_asn }} - gateway: {{ common.gateway }} + gateway: {{ common.gateway|default("10.39.0.1") }} nodes: {% for node in nodes %} diff --git a/templates/junos.j2 b/templates/junos.j2 index 863419d..eef279d 100644 --- a/templates/junos.j2 +++ b/templates/junos.j2 @@ -30,7 +30,7 @@ system { request-response { grpc { clear-text; - max-connections 10; + max-connections 8; skip-authentication; } } diff --git a/vars_files/core-model-nessus.yml b/vars_files/core-model-nessus.yml new file mode 100644 index 0000000..988177e --- /dev/null +++ b/vars_files/core-model-nessus.yml @@ -0,0 +1,37 @@ +--- + +common: + bgp_asn: 65000 + +nodes: + - name: nessus-vmx1 + mgmt: 10.39.0.200 + rid: 192.168.0.1 + rid6: fec0:0:0:1111::1 + sid: 401 + sid6: 601 + iso: 49.0001.0010.0100.1001.00 +# - name: nessus-vmx2 +# mgmt: 10.39.0.201 +# rid: 192.168.0.2 +# rid6: fec0:0:0:1111::2 +# sid: 402 +# sid6: 602 +# iso: 49.0001.0010.0100.1002.00 + + +links: + - {left: nessus-vmx1, left_port: ge-0/0/0, left_ip: 10.0.0.0, + right: nessus-vmx1, right_port: ge-0/0/1, right_ip: 10.0.1.1, + mask: 31, cost: 1000, mpls: True, iso: True } + +# bgp: +# rr: [192.168.0.4, 192.168.0.7] +# clients: [192.168.0.1, 192.168.0.2, 192.168.0.8, 192.168.0.9] +# af: +# - inet +# - inet6 +# - inet-vpn + +#isis: +# network: p2p diff --git a/vars_files/core-model-rsvp.yml b/vars_files/core-model-rsvp.yml new file mode 100644 index 0000000..a43a6b2 --- /dev/null +++ b/vars_files/core-model-rsvp.yml @@ -0,0 +1,109 @@ +--- + +common: + bgp_asn: 65000 + +nodes: + - name: rsvp-vmx1 + mgmt: 10.39.0.201 + rid: 1.1.1.1 + rid6: fec0:0:0:1111::1 + # sid: 401 + # sid6: 601 + iso: 49.0001.0010.0100.1001.00 + rsvp: True + + - name: rsvp-vmx2 + mgmt: 10.39.0.202 + rid: 2.2.2.2 + rid6: fec0:0:0:1111::2 + # sid: 402 + # sid6: 602 + iso: 49.0001.0010.0100.1002.00 + rsvp: True + + - name: rsvp-vmx3 + mgmt: 10.39.0.203 + rid: 3.3.3.3 + rid6: fec0:0:0:1111::3 + # sid: 403 + # sid6: 603 + iso: 49.0001.0010.0100.1003.00 + rsvp: True + + - name: rsvp-vmx4 + mgmt: 10.39.0.204 + rid: 4.4.4.4 + rid6: fec0:0:0:1111::4 + # sid: 404 + # sid6: 604 + iso: 49.0001.0010.0100.1004.00 + rsvp: True + + - name: rsvp-vmx5 + mgmt: 10.39.0.205 + rid: 5.5.5.5 + rid6: fec0:0:0:1111::5 + # sid: 405 + # sid6: 605 + iso: 49.0001.0010.0100.1005.00 + rsvp: True + + - name: rsvp-vmx6 + mgmt: 10.39.0.206 + rid: 6.6.6.6 + rid6: fec0:0:0:1111::6 + # sid: 406 + # sid6: 606 + iso: 49.0001.0010.0100.1006.00 + rsvp: True + + - name: rsvp-vmx7 + mgmt: 10.39.0.207 + rid: 7.7.7.7 + rid6: fec0:0:0:1111::7 + # sid: 407 + # sid6: 607 + iso: 49.0001.0010.0100.1007.00 + rsvp: True + + +links: + - {left: rsvp-vmx1, left_port: ge-0/0/0, left_ip: 10.0.12.1, + right: rsvp-vmx2, right_port: ge-0/0/0, right_ip: 10.0.12.2, + mask: 24, cost: 1000, mpls: True, iso: True } + + - {left: rsvp-vmx2, left_port: ge-0/0/1, left_ip: 10.0.23.2, + right: rsvp-vmx3, right_port: ge-0/0/0, right_ip: 10.0.23.3, + mask: 24, cost: 1000, mpls: True, iso: True } + + - {left: rsvp-vmx3, left_port: ge-0/0/1, left_ip: 10.0.36.3, + right: rsvp-vmx6, right_port: ge-0/0/0, right_ip: 10.0.36.6, + mask: 24, cost: 1000, mpls: True, iso: True } + + - {left: rsvp-vmx2, left_port: ge-0/0/2, left_ip: 10.0.24.2, + right: rsvp-vmx4, right_port: ge-0/0/0, right_ip: 10.0.24.4, + mask: 24, cost: 1000, mpls: True, iso: True } + + - {left: rsvp-vmx4, left_port: ge-0/0/1, left_ip: 10.0.45.4, + right: rsvp-vmx5, right_port: ge-0/0/0, right_ip: 10.0.45.5, + mask: 24, cost: 1000, mpls: True, iso: True } + + - {left: rsvp-vmx5, left_port: ge-0/0/1, left_ip: 10.0.56.5, + right: rsvp-vmx6, right_port: ge-0/0/1, right_ip: 10.0.56.6, + mask: 24, cost: 1000, mpls: True, iso: True } + + - {left: rsvp-vmx6, left_port: ge-0/0/2, left_ip: 10.0.67.6, + right: rsvp-vmx7, right_port: ge-0/0/0, right_ip: 10.0.67.7, + mask: 24, cost: 1000, mpls: True, iso: True } + +bgp: + rr: [3.3.3.3] + clients: [1.1.1.1, 7.7.7.7] + af: + - inet + # - inet6 + - inet-vpn + +#isis: +# network: p2p