Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Ansibleではじめる

NW設定の自動化について
- Cisco(VIRL)編 -
2018/10/12
1
- 非ネットワークエンジニア:

- サーバ・インフラ/アプリケーション側の人
- お仕事柄、NW関係に携わることが多い:
- NWの構成管理,自動設定, SDN etc..
- NW技術が好き
- 最近のつらみ: Java有償化
https:...




・副題
・VIRLすごいよ! V・I・R・L! V・I・R・L!
・余談
・ngrokまぢ便利
3
4
https://www.slideshare.net/akira6592/ansiblesvnwautomation20181012ssmjp-119201162








5
重くてとても持ってこれません。。。
6






自動化業務する人におすすめ!!


7


8




9


10








11
下手するとNW機器買わずにVIRLだけで

本番のNW組めちゃうけど、それはやっちゃダメ


12








13
下手するとNW機器買わずに(ry
https://learningnetwork.cisco.com/docs/DOC-30476


14








15
http://archive.virl.info/virl.cluster.php
下手すると(ry
今日はAnsibleの話をしないといけないので、
一旦ここまで・・・
18
19
えっ・・・、私のMacBookAir スペック低すぎ!?
20
21




22
23
https://ngrok.com/product
セキュリティには
十分留意ください
見られても良いやつだけ
25
VIRL-NW
172.16.1.0/16
WORK-NW
10.102.0.0/22
my-pc
internet VIRL
VM
172.16.1.250
10.102.3.125
10.102.2.193
static
なぜか/22...
26
全部VIRLの上に載っけています
27
28
29
vlan10 vlan20
vlan10 vlan20
30
switch# configure terminal
switch(config)# hostname core-sw
core-sw(config)# no feature ssh
core-sw(config)# ssh key rsa 1024
...
Switch>enable
Switch#configure terminal
Switch(config)#enable secret cisco
Switch(config)#hostname edge-sw-a
edge-sw-a(config)...
33
172.16.1.200 core-sw
172.16.1.210 edge-sw-a
172.16.1.220 edge-sw-b
172.16.1.230 edge-sw-c
172.16.1.110 server-1
172.16....
34
fatal: [172.16.1.30]: FAILED! => {"msg": "paramiko: The authenticity of host 'XXXX' can't be established.nThe ssh-rsa k...
35
[edge-sw_ios]
edge-sw-a
edge-sw-b
edge-sw-c
[core-sw_nxos]
core-sw
[edge-sw_ios:vars]
ansible_connection=network_cli
an...
36


37
https://docs.ansible.com/ansible/2.6/modules/
38
39
https://docs.ansible.com/ansible/2.6/modules/nxos_vlan_module.html
- hosts: core-sw_nxos
tasks:
- name: Create vlan
nxo...
40
$ ansible-playbook -i inventory vlan_for_nxos.yml -vvv
PLAYBOOK: vlan_for_nxos.yml ************
1 plays in vlan_for_nxo...
41
core-sw# show running-config
:
vlan 1,120
vlan 120
name test-vlan
:
$ ansible-playbook -i inventory vlan_for_nxos.yml -v...
42
43




44
- hosts: core-sw_nxos
tasks:
- name: Create vlan v2
nxos_vlan:
vlan_id: 130
name: test-vlan2
interfaces:
- Ethernet3/1
...
45
$ ansible-playbook -i inventory vlan_for_nxos_v2.yml -vvv
PLAYBOOK: vlan_for_nxos_v2.yml ******************************...
46
core-sw# show running-config
:
vlan 1,120,130
vlan 120
name test-vlan
vlan 130
name test-vlan2
:
interface Ethernet3/1
s...
47
https://docs.ansible.com/ansible/2.6/modules/nxos_l2_interface_module.html
- hosts: core-sw_nxos
tasks:
- name: mode to...
48
$ ansible-playbook -i inventory l2port_for_nxos.yml -vvv
PLAYBOOK: l2port_for_nxos.yml ********************************...
49
- hosts: core-sw_nxos
tasks:
- name: mode to layer2
nxos_interface:
name: Ethernet3/2
mode: layer2
- name: mode to tagg...
50
$ ansible-playbook -i inventory l2port_for_nxos_v2.yml -vvv
PLAYBOOK: l2port_for_nxos_v2.yml **************************...
51
core-sw# show running-config
:
interface Ethernet3/2
switchport
switchport mode trunk
switchport trunk allowed vlan 130
...
52
53
https://docs.ansible.com/ansible/2.6/modules/ios_vlan_module.html
- hosts: edge-sw_ios
tasks:
- name: Create vlan
ios_v...
54
$ ansible-playbook -i inventory vlan_for_ios.yml -vvv
PLAYBOOK: vlan_for_ios.yml **************************************...
55
edge-sw-a#show running-config
:
interface GigabitEthernet0/4
switchport access vlan 120
switchport mode access
media-typ...
56
57
https://docs.ansible.com/ansible/2.6/modules/ios_l2_interface_module.html
- hosts: edge-sw_ios
tasks:
- name: mode to t...
58
$ ansible-playbook -i inventory l2port_for_ios.yml -vvv
PLAYBOOK: l2port_for_ios.yml
**********************************...
59
edge-sw-a#show running-config
:
interface GigabitEthernet0/5
switchport trunk allowed vlan 120
media-type rj45
negotiati...
60
- hosts: edge-sw_ios
tasks:
- name: encapsulation dot1q
ios_config:
lines:
- switchport trunk encapsulation dot1q
parent...
61
$ ansible-playbook -i inventory l2port_for_ios_v2.yml -vvv
PLAYBOOK: l2port_for_ios_v2.yml ****************************...
62
edge-sw-a#show running-config
:
interface GigabitEthernet0/5
switchport trunk allowed vlan 120
switchport trunk encapsul...
63
PLAY RECAP
******************************************************************
edge-sw-a : ok=3 changed=0 unreachable=0 ...
64
https://qiita.com/akira6592/items/92e6efc478978eb41eac




65
66
67
vlan10 vlan20
vlan10 vlan20




68






もちろんワンタイム的な使い方もあると思っています
69
 一般的なPlaybookの構成ではなく、
最低限のファイルだけ置いてあります
70
[edge-sw_ios]
edge-sw-a
edge-sw-b
edge-sw-c
[core-sw_nxos]
core-sw
[edge-sw_ios:vars]
ansible_connection=network_cli
an...
71


72


73
74


75


76




77
78
$ ansible-playbook -i inventory add_edge_for_edge_sw.yml
PLAY [configuration add edge-sw for edge-sw]
******************...
79
$ ansible-playbook -i inventory add_edge_for_edge_sw.yml
PLAY [configuration add edge-sw for edge-sw]
******************...
80
$ ansible-playbook -i inventory add_edge_for_core-sw.yml
PLAY [configuration add edge-sw for core-sw]
******************...
81
$ ansible-playbook -i inventory add_edge_for_core-sw.yml
PLAY [configuration add edge-sw for core-sw]
******************...
82
$ ansible-playbook -i inventory provisioning_for_edge-sw.yml
PLAY [configuration provisioning for edge-sw] *************...
83
$ ansible-playbook -i inventory provisioning_for_edge-sw.yml
PLAY [configuration provisioning for edge-sw] *************...
84
$ ansible-playbook -i inventory provisioning_for_core-sw.yml
PLAY [configuration provisioning for core-sw] *************...
85
$ ansible-playbook -i inventory provisioning_for_core-sw.yml
PLAY [configuration provisioning for core-sw] *************...
86
core-sw#show running-config
:
vlan 1,10,20,99
vlan 10
name Vlan_serviceA"
vlan 20
name Vlan_serviceB"
vlan 99
name dummy...
冪等性まぢ大事
何回か動かしたら分かるレベルの
ヤバさなので、まぁ気づくと思いますが。。。




89
NW機器もサーバ側もAnsibleでまとめて設定、
動作確認を実施することができます






90
おわり。
91
AnsibleではじめるNW設定の自動化について - Cisco(VIRL)編 -
AnsibleではじめるNW設定の自動化について - Cisco(VIRL)編 -
Nächste SlideShare
Wird geladen in …5
×

AnsibleではじめるNW設定の自動化について - Cisco(VIRL)編 -

3.145 Aufrufe

Veröffentlicht am

2018年10月の#ssmjp
~Ansibleを語る会~

Veröffentlicht in: Technologie
  • accessibility Books Library allowing access to top content, including thousands of title from favorite author, plus the ability to read or download a huge selection of books for your pc or smartphone within minutes ,Download or read Ebooks here ... ......................................................................................................................... Download FULL PDF EBOOK here { http://bit.ly/2m6jJ5M }
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • If you want to download or read this book, Copy link or url below in the New tab ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... .........................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • accessibility Books Library allowing access to top content, including thousands of title from favorite author, plus the ability to read or download a huge selection of books for your pc or smartphone within minutes.........ACCESS WEBSITE Over for All Ebooks ..... (Unlimited) ......................................................................................................................... Download FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } .........................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • If you want to download or read this book, Copy link or url below in the New tab ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... .........................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • If you want to download or read this book, copy link or url below in the New tab ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } .........................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

AnsibleではじめるNW設定の自動化について - Cisco(VIRL)編 -

  1. 1. Ansibleではじめる
 NW設定の自動化について - Cisco(VIRL)編 - 2018/10/12 1
  2. 2. - 非ネットワークエンジニア:
 - サーバ・インフラ/アプリケーション側の人 - お仕事柄、NW関係に携わることが多い: - NWの構成管理,自動設定, SDN etc.. - NW技術が好き - 最近のつらみ: Java有償化 https://www.facebook.com/yasuyuki.sugai よろしくお願いしまーす ※この資料の内容は、 個人の見解です 自己紹介 菅井 康之 2
  3. 3. 
 
 ・副題 ・VIRLすごいよ! V・I・R・L! V・I・R・L! ・余談 ・ngrokまぢ便利 3
  4. 4. 4 https://www.slideshare.net/akira6592/ansiblesvnwautomation20181012ssmjp-119201162 
 

  5. 5. 
 
 5 重くてとても持ってこれません。。。
  6. 6. 6 
 
 
 自動化業務する人におすすめ!!
  7. 7. 
 7
  8. 8. 
 8
  9. 9. 
 
 9
  10. 10. 
 10
  11. 11. 
 
 
 
 11 下手するとNW機器買わずにVIRLだけで
 本番のNW組めちゃうけど、それはやっちゃダメ
  12. 12. 
 12
  13. 13. 
 
 
 
 13 下手するとNW機器買わずに(ry https://learningnetwork.cisco.com/docs/DOC-30476
  14. 14. 
 14
  15. 15. 
 
 
 
 15 http://archive.virl.info/virl.cluster.php 下手すると(ry
  16. 16. 今日はAnsibleの話をしないといけないので、 一旦ここまで・・・
  17. 17. 18
  18. 18. 19 えっ・・・、私のMacBookAir スペック低すぎ!?
  19. 19. 20
  20. 20. 21 
 

  21. 21. 22
  22. 22. 23 https://ngrok.com/product セキュリティには 十分留意ください 見られても良いやつだけ
  23. 23. 25 VIRL-NW 172.16.1.0/16 WORK-NW 10.102.0.0/22 my-pc internet VIRL VM 172.16.1.250 10.102.3.125 10.102.2.193 static なぜか/22なのは、うちのマンションの仕様です。。。
  24. 24. 26 全部VIRLの上に載っけています
  25. 25. 27
  26. 26. 28
  27. 27. 29 vlan10 vlan20 vlan10 vlan20
  28. 28. 30
  29. 29. switch# configure terminal switch(config)# hostname core-sw core-sw(config)# no feature ssh core-sw(config)# ssh key rsa 1024 core-sw(config)# feature ssh core-sw(config)# vrf context management core-sw(config-vrf)# ip route 0.0.0.0/0 172.16.1.250 core-sw(config-vrf)# exit core-sw(config)# interface mgmt0 core-sw(config-if)# ip address 172.16.1.200/16 core-sw(config-if)# no shutdown core-sw(config-if)# end core-sw# copy running-config startup-config 
  30. 30. Switch>enable Switch#configure terminal Switch(config)#enable secret cisco Switch(config)#hostname edge-sw-a edge-sw-a(config)#username cisco password cisco edge-sw-a(config)#ip domain-name sugawi.jp edge-sw-a(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 edge-sw-a(config)#ip ssh version 2 edge-sw-a(config)#line vty 0 4 edge-sw-a(config-line)#transport input telnet ssh edge-sw-a(config-line)#login local edge-sw-a(config-line)#exit edge-sw-a(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.250 edge-sw-a(config)#interface Vlan1 edge-sw-a(config-if)#ip address 172.16.1.210 255.255.0.0 edge-sw-a(config-if)#no shutdown edge-sw-a(config-if)#end edge-sw-a#write memory
  31. 31. 33 172.16.1.200 core-sw 172.16.1.210 edge-sw-a 172.16.1.220 edge-sw-b 172.16.1.230 edge-sw-c 172.16.1.110 server-1 172.16.1.120 server-2 172.16.1.130 server-3 172.16.1.140 server-4
  32. 32. 34 fatal: [172.16.1.30]: FAILED! => {"msg": "paramiko: The authenticity of host 'XXXX' can't be established.nThe ssh-rsa key fingerprint is XXXX."}
  33. 33. 35 [edge-sw_ios] edge-sw-a edge-sw-b edge-sw-c [core-sw_nxos] core-sw [edge-sw_ios:vars] ansible_connection=network_cli ansible_network_os=ios ansible_user=cisco ansible_ssh_pass=cisco ansible_become=yes ansible_become_method=enable ansible_become_pass=cisco [core-sw_nxos:vars] ansible_connection=network_cli ansible_network_os=nxos ansible_user=admin ansible_ssh_pass=admin ansible_become=no
  34. 34. 36 

  35. 35. 37 https://docs.ansible.com/ansible/2.6/modules/
  36. 36. 38
  37. 37. 39 https://docs.ansible.com/ansible/2.6/modules/nxos_vlan_module.html - hosts: core-sw_nxos tasks: - name: Create vlan nxos_vlan: vlan_id: 120 name: test-vlan state: present
  38. 38. 40 $ ansible-playbook -i inventory vlan_for_nxos.yml -vvv PLAYBOOK: vlan_for_nxos.yml ************ 1 plays in vlan_for_nxos.yml PLAY [core-sw_nxos] ******************** TASK [Gathering Facts] ***************** ok: [core-sw] TASK [Create vlan] ********************* changed: [core-sw] => { "changed": true, "commands": [ "vlan 120", "name test-vlan", "state active", "no shutdown", "exit" ], PLAY RECAP ***************************** core-sw : ok=2 changed=1 unreachable=0 failed=0
  39. 39. 41 core-sw# show running-config : vlan 1,120 vlan 120 name test-vlan : $ ansible-playbook -i inventory vlan_for_nxos.yml -vvv PLAY RECAP ******************************************************************** core-sw : ok=2 changed=0 unreachable=0 failed=0
  40. 40. 42
  41. 41. 43 
 

  42. 42. 44 - hosts: core-sw_nxos tasks: - name: Create vlan v2 nxos_vlan: vlan_id: 130 name: test-vlan2 interfaces: - Ethernet3/1 state: present core-sw# show running-config : interface Ethernet3/1 shutdown no switchport mac-address 0000.0000.002f :
  43. 43. 45 $ ansible-playbook -i inventory vlan_for_nxos_v2.yml -vvv PLAYBOOK: vlan_for_nxos_v2.yml **************************************** 1 plays in vlan_for_nxos_v2.yml PLAY [core-sw_nxos] *************************************************** TASK [Gathering Facts] ************************************************ ok: [core-sw] TASK [Create vlan v2] ************************************************* changed: [core-sw] => { "changed": true, "commands": [ "vlan 130", "name test-vlan2", "state active", "no shutdown", "exit", "interface Ethernet3/1", "switchport", "switchport mode access", "switchport access vlan 130" ], PLAY RECAP ************************************************************ core-sw : ok=2 changed=1 unreachable=0 failed=0
  44. 44. 46 core-sw# show running-config : vlan 1,120,130 vlan 120 name test-vlan vlan 130 name test-vlan2 : interface Ethernet3/1 shutdown switchport switchport access vlan 130 :
  45. 45. 47 https://docs.ansible.com/ansible/2.6/modules/nxos_l2_interface_module.html - hosts: core-sw_nxos tasks: - name: mode to tagged port nxos_l2_interface: name: Ethernet3/2 mode: trunk trunk_allowed_vlans: 130
  46. 46. 48 $ ansible-playbook -i inventory l2port_for_nxos.yml -vvv PLAYBOOK: l2port_for_nxos.yml ************************************ 1 plays in l2port_for_nxos.yml PLAY [core-sw_nxos] ********************************************** TASK [Gathering Facts] ******************************************* ok: [core-sw] TASK [mode to tagged port] *************************************** fatal: [core-sw]: FAILED! => { "changed": false, "msg": "Ensure interface is configured to be a L2nport first before using this module. You can usenthe nxos_interface module for this." } PLAY RECAP ******************************************************* core-sw : ok=1 changed=0 unreachable=0 failed=1
  47. 47. 49 - hosts: core-sw_nxos tasks: - name: mode to layer2 nxos_interface: name: Ethernet3/2 mode: layer2 - name: mode to tagged port nxos_l2_interface: name: Ethernet3/2 mode: trunk trunk_allowed_vlans: 130 core-sw# show running-config : interface Ethernet3/2 shutdown no switchport mac-address 0000.0000.002f : 

  48. 48. 50 $ ansible-playbook -i inventory l2port_for_nxos_v2.yml -vvv PLAYBOOK: l2port_for_nxos_v2.yml ***************************************************** 1 plays in l2port_for_nxos_v2.yml PLAY [core-sw_nxos] ****************************************************************** TASK [Gathering Facts] *************************************************************** ok: [core-sw] TASK [mode to layer2] **************************************************************** changed: [core-sw] => { "changed": true, "commands": [ "interface Ethernet3/2", "switchport", "no shutdown", "interface Ethernet3/2", "no shutdown" ], TASK [mode to tagged port] *********************************************************** changed: [core-sw] => { "changed": true, "commands": [ "interface ethernet3/2", "switchport mode trunk", "switchport trunk allowed vlan 130" ], PLAY RECAP *************************************************************************** core-sw : ok=3 changed=2 unreachable=0 failed=0
  49. 49. 51 core-sw# show running-config : interface Ethernet3/2 switchport switchport mode trunk switchport trunk allowed vlan 130 no shutdown : PLAY RECAP ********************************************************************* core-sw : ok=3 changed=0 unreachable=0 failed=0
  50. 50. 52
  51. 51. 53 https://docs.ansible.com/ansible/2.6/modules/ios_vlan_module.html - hosts: edge-sw_ios tasks: - name: Create vlan ios_vlan: vlan_id: 120 name: test-vlan interfaces: - GigabitEthernet0/4 state: present
  52. 52. 54 $ ansible-playbook -i inventory vlan_for_ios.yml -vvv PLAYBOOK: vlan_for_ios.yml ********************************************** 1 plays in vlan_for_ios.yml PLAY [edge-sw_ios] ****************************************************** TASK [Gathering Facts] ************************************************** ok: [edge-sw-a] TASK [Create vlan] ****************************************************** changed: [edge-sw-a] => { "changed": true, "commands": [ "vlan 120", "name test-vlan", "interface GigabitEthernet0/4", "switchport mode access", "switchport access vlan 120" ], PLAY RECAP ************************************************************** edge-sw-a : ok=2 changed=1 unreachable=0 failed=0
  53. 53. 55 edge-sw-a#show running-config : interface GigabitEthernet0/4 switchport access vlan 120 switchport mode access media-type rj45 negotiation auto : PLAY RECAP ************************************************************* edge-sw-a : ok=2 changed=0 unreachable=0 failed=0 interface GigabitEthernet0/4 media-type rj45 negotiation auto
  54. 54. 56
  55. 55. 57 https://docs.ansible.com/ansible/2.6/modules/ios_l2_interface_module.html - hosts: edge-sw_ios tasks: - name: mode to tagged port ios_l2_interface: name: GigabitEthernet0/5 mode: trunk trunk_allowed_vlans: 120
  56. 56. 58 $ ansible-playbook -i inventory l2port_for_ios.yml -vvv PLAYBOOK: l2port_for_ios.yml ***************************************************** 1 plays in l2port_for_ios.yml PLAY [edge-sw_ios] *************************************************************** TASK [Gathering Facts] *********************************************************** ok: [edge-sw-a] TASK [mode to tagged port] ******************************************************* changed: [edge-sw-a] => { "changed": true, "commands": [ "interface gigabitethernet0/5", "switchport mode trunk", "switchport trunk allowed vlan 120" ], PLAY RECAP *********************************************************************** edge-sw-a : ok=2 changed=1 unreachable=0 failed=0
  57. 57. 59 edge-sw-a#show running-config : interface GigabitEthernet0/5 switchport trunk allowed vlan 120 media-type rj45 negotiation auto :
  58. 58. 60 - hosts: edge-sw_ios tasks: - name: encapsulation dot1q ios_config: lines: - switchport trunk encapsulation dot1q parents: interface GigabitEthernet0/5 - name: mode to tagged port ios_l2_interface: name: GigabitEthernet0/5 mode: trunk trunk_allowed_vlans: 120
  59. 59. 61 $ ansible-playbook -i inventory l2port_for_ios_v2.yml -vvv PLAYBOOK: l2port_for_ios_v2.yml ********************************************* 1 plays in l2port_for_ios_v2.yml PLAY [edge-sw_ios] ********************************************************** TASK [Gathering Facts] ****************************************************** ok: [edge-sw-a] TASK [encapsulation dot1q] ************************************************** changed: [edge-sw-a] => { "changed": true, "commands": [ "interface GigabitEthernet0/5", "switchport trunk encapsulation dot1q" ], TASK [mode to tagged port] ************************************************* changed: [edge-sw-a] => { "changed": true, "commands": [ "interface gigabitethernet0/5", "switchport mode trunk" ], PLAY RECAP ***************************************************************** edge-sw-a : ok=3 changed=2 unreachable=0 failed=0
  60. 60. 62 edge-sw-a#show running-config : interface GigabitEthernet0/5 switchport trunk allowed vlan 120 switchport trunk encapsulation dot1q switchport mode trunk media-type rj45 negotiation auto :
  61. 61. 63 PLAY RECAP ****************************************************************** edge-sw-a : ok=3 changed=0 unreachable=0 failed=0
  62. 62. 64 https://qiita.com/akira6592/items/92e6efc478978eb41eac
  63. 63. 
 
 65
  64. 64. 66
  65. 65. 67 vlan10 vlan20 vlan10 vlan20
  66. 66. 
 
 68 
 
 
 もちろんワンタイム的な使い方もあると思っています
  67. 67. 69  一般的なPlaybookの構成ではなく、 最低限のファイルだけ置いてあります
  68. 68. 70 [edge-sw_ios] edge-sw-a edge-sw-b edge-sw-c [core-sw_nxos] core-sw [edge-sw_ios:vars] ansible_connection=network_cli ansible_network_os=ios ansible_user=cisco ansible_ssh_pass=cisco ansible_become=yes ansible_become_method=enable ansible_become_pass=cisco [core-sw_nxos:vars] ansible_connection=network_cli ansible_network_os=nxos ansible_user=admin ansible_ssh_pass=admin ansible_become=no
  69. 69. 71 

  70. 70. 72 

  71. 71. 73
  72. 72. 74 

  73. 73. 75 

  74. 74. 76 
 

  75. 75. 77
  76. 76. 78 $ ansible-playbook -i inventory add_edge_for_edge_sw.yml PLAY [configuration add edge-sw for edge-sw] *********************************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************************************************** ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] TASK [Create dummy vlan] ******************************************************************************************************************************************************* changed: [edge-sw-a] changed: [edge-sw-b] changed: [edge-sw-c] TASK [upport initialize] ******************************************************************************************************************************************************* changed: [edge-sw-a] changed: [edge-sw-b] changed: [edge-sw-c] TASK [upport mode to tagged port] ********************************************************************************************************************************************** changed: [edge-sw-a] changed: [edge-sw-b] changed: [edge-sw-c] PLAY RECAP ******************************************************************************************************************************************************* ************** edge-sw-a : ok=4 changed=3 unreachable=0 failed=0 edge-sw-b : ok=4 changed=3 unreachable=0 failed=0 edge-sw-c : ok=4 changed=3 unreachable=0 failed=0
  77. 77. 79 $ ansible-playbook -i inventory add_edge_for_edge_sw.yml PLAY [configuration add edge-sw for edge-sw] *********************************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************************************************** ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] TASK [Create dummy vlan] ******************************************************************************************************************************************************* ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] TASK [upport initialize] ******************************************************************************************************************************************************* ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] TASK [upport mode to tagged port] ********************************************************************************************************************************************** ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] PLAY RECAP ******************************************************************************************************************************************************* ************** edge-sw-a : ok=4 changed=0 unreachable=0 failed=0 edge-sw-b : ok=4 changed=0 unreachable=0 failed=0 edge-sw-c : ok=4 changed=0 unreachable=0 failed=0 冪等性確認
  78. 78. 80 $ ansible-playbook -i inventory add_edge_for_core-sw.yml PLAY [configuration add edge-sw for core-sw] ****************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************** ok: [core-sw] TASK [Create dummy vlan] ****************************************************************************************************************** changed: [core-sw] TASK [downport mode to layer2] ****************************************************************************************************************** changed: [core-sw] PLAY RECAP ****************************************************************************************************************** core-sw : ok=3 changed=2 unreachable=0 failed=0
  79. 79. 81 $ ansible-playbook -i inventory add_edge_for_core-sw.yml PLAY [configuration add edge-sw for core-sw] ****************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************** ok: [core-sw] TASK [Create dummy vlan] ****************************************************************************************************************** ok: [core-sw] TASK [downport mode to layer2] ****************************************************************************************************************** ok: [core-sw] PLAY RECAP ****************************************************************************************************************** core-sw : ok=3 changed=0 unreachable=0 failed=0 冪等性確認
  80. 80. 82 $ ansible-playbook -i inventory provisioning_for_edge-sw.yml PLAY [configuration provisioning for edge-sw] ********************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [edge-sw-a] TASK [add vlan] **************************************************************************************************************************************************************** changed: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) changed: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) TASK [description server name] ************************************************************************************************************************************************* skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) changed: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) changed: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) TASK [allowed trunk vlan] ****************************************************************************************************************************************************** changed: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) : PLAY RECAP ********************************************************************************************************************************************************************* edge-sw-a : ok=4 changed=3 unreachable=0 failed=0 数が多いので、1ノード分だけ+一部省略
  81. 81. 83 $ ansible-playbook -i inventory provisioning_for_edge-sw.yml PLAY [configuration provisioning for edge-sw] ********************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [edge-sw-a] TASK [add vlan] **************************************************************************************************************************************************************** ok: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) ok: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) TASK [description server name] ************************************************************************************************************************************************* skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) ok: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) ok: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) TASK [allowed trunk vlan] ****************************************************************************************************************************************************** ok: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) : PLAY RECAP ********************************************************************************************************************************************************************* edge-sw-a : ok=4 changed=0 unreachable=0 failed=0 冪等性確認 whenで対象にならない変数の組み合わせはskippingされます。 変数見て正しいか目視でも確認可能。
  82. 82. 84 $ ansible-playbook -i inventory provisioning_for_core-sw.yml PLAY [configuration provisioning for core-sw] ********************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [core-sw] TASK [add vlan] **************************************************************************************************************************************************************** changed: [core-sw] => (item={u'vlan': 10, u'name': u'serviceA'}) changed: [core-sw] => (item={u'vlan': 20, u'name': u'serviceB'}) TASK [allowed trunk vlan] ****************************************************************************************************************************************************** changed: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) changed: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) changed: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) changed: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) PLAY RECAP ********************************************************************************************************************************************************************* core-sw : ok=3 changed=2 unreachable=0 failed=0
  83. 83. 85 $ ansible-playbook -i inventory provisioning_for_core-sw.yml PLAY [configuration provisioning for core-sw] ********************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [core-sw] TASK [add vlan] **************************************************************************************************************************************************************** ok: [core-sw] => (item={u'vlan': 10, u'name': u'serviceA'}) ok: [core-sw] => (item={u'vlan': 20, u'name': u'serviceB'}) TASK [allowed trunk vlan] ****************************************************************************************************************************************************** ok: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) ok: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) ok: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) ok: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) PLAY RECAP ********************************************************************************************************************************************************************* core-sw : ok=3 changed=0 unreachable=0 failed=0 冪等性確認
  84. 84. 86 core-sw#show running-config : vlan 1,10,20,99 vlan 10 name Vlan_serviceA" vlan 20 name Vlan_serviceB" vlan 99 name dummy-Vlan" : interface Ethernet2/1 description connect to edge-sw-a switchport switchport mode trunk switchport trunk allowed vlan 10,20,99 no shutdown interface Ethernet2/2 description connect to edge-sw-b switchport switchport mode trunk switchport trunk allowed vlan 10,99 no shutdown interface Ethernet2/3 description connect to edge-sw-c switchport switchport mode trunk switchport trunk allowed vlan 20,99 no shutdown : edge-sw-a#show running-config : interface GigabitEthernet0/1 description connect to core-sw switchport trunk allowed vlan 10,20,99 switchport trunk encapsulation dot1q switchport mode trunk media-type rj45 negotiation auto ! interface GigabitEthernet0/2 description connect to server-1 switchport access vlan 10 switchport mode access media-type rj45 negotiation auto ! interface GigabitEthernet0/3 description connect to server-2 switchport access vlan 20 switchport mode access media-type rj45 negotiation auto ! : なんだかんだで想定通りに設定できました edge-sw-b,edge-sw-cは割愛
  85. 85. 冪等性まぢ大事
  86. 86. 何回か動かしたら分かるレベルの ヤバさなので、まぁ気づくと思いますが。。。
  87. 87. 
 
 89 NW機器もサーバ側もAnsibleでまとめて設定、 動作確認を実施することができます
  88. 88. 
 
 
 90
  89. 89. おわり。 91

×