diff --git a/plugins/module_utils/aci.py b/plugins/module_utils/aci.py index eb3b93cdd..d94b10428 100644 --- a/plugins/module_utils/aci.py +++ b/plugins/module_utils/aci.py @@ -84,15 +84,43 @@ def aci_argument_spec(): return dict( - host=dict(type="str", required=True, aliases=["hostname"], fallback=(env_fallback, ["ACI_HOST"])), + host=dict( + type="str", + required=True, + aliases=["hostname"], + fallback=(env_fallback, ["ACI_HOST"]), + ), port=dict(type="int", required=False, fallback=(env_fallback, ["ACI_PORT"])), - username=dict(type="str", default="admin", aliases=["user"], fallback=(env_fallback, ["ACI_USERNAME", "ANSIBLE_NET_USERNAME"])), - password=dict(type="str", no_log=True, fallback=(env_fallback, ["ACI_PASSWORD", "ANSIBLE_NET_PASSWORD"])), + username=dict( + type="str", + default="admin", + aliases=["user"], + fallback=(env_fallback, ["ACI_USERNAME", "ANSIBLE_NET_USERNAME"]), + ), + password=dict( + type="str", + no_log=True, + fallback=(env_fallback, ["ACI_PASSWORD", "ANSIBLE_NET_PASSWORD"]), + ), # Beware, this is not the same as client_key ! - private_key=dict(type="str", aliases=["cert_key"], no_log=True, fallback=(env_fallback, ["ACI_PRIVATE_KEY", "ANSIBLE_NET_SSH_KEYFILE"])), + private_key=dict( + type="str", + aliases=["cert_key"], + no_log=True, + fallback=(env_fallback, ["ACI_PRIVATE_KEY", "ANSIBLE_NET_SSH_KEYFILE"]), + ), # Beware, this is not the same as client_cert ! - certificate_name=dict(type="str", aliases=["cert_name"], fallback=(env_fallback, ["ACI_CERTIFICATE_NAME"])), - output_level=dict(type="str", default="normal", choices=["debug", "info", "normal"], fallback=(env_fallback, ["ACI_OUTPUT_LEVEL"])), + certificate_name=dict( + type="str", + aliases=["cert_name"], + fallback=(env_fallback, ["ACI_CERTIFICATE_NAME"]), + ), + output_level=dict( + type="str", + default="normal", + choices=["debug", "info", "normal"], + fallback=(env_fallback, ["ACI_OUTPUT_LEVEL"]), + ), timeout=dict(type="int", default=30, fallback=(env_fallback, ["ACI_TIMEOUT"])), use_proxy=dict(type="bool", default=True, fallback=(env_fallback, ["ACI_USE_PROXY"])), use_ssl=dict(type="bool", default=True, fallback=(env_fallback, ["ACI_USE_SSL"])), @@ -103,7 +131,11 @@ def aci_argument_spec(): def aci_annotation_spec(): return dict( - annotation=dict(type="str", default="orchestrator:ansible", fallback=(env_fallback, ["ACI_ANNOTATION"])), + annotation=dict( + type="str", + default="orchestrator:ansible", + fallback=(env_fallback, ["ACI_ANNOTATION"]), + ), ) @@ -159,7 +191,18 @@ def netflow_spec(): def expression_spec(): return dict( key=dict(type="str", required=True, no_log=False), - operator=dict(type="str", choices=["not_in", "in", "equals", "not_equals", "has_key", "does_not_have_key"], required=True), + operator=dict( + type="str", + choices=[ + "not_in", + "in", + "equals", + "not_equals", + "has_key", + "does_not_have_key", + ], + required=True, + ), value=dict(type="str"), ) @@ -195,11 +238,20 @@ def aci_contract_dscp_spec(direction=None): "CS7", "EF", "VA", - "unspecified" + "unspecified", ], ) +def route_control_profile_spec(): + return dict( + profile=dict(type="str", required=True), + l3out=dict(type="str"), + direction=dict(type="str", required=True), + tenant=dict(type="str", required=True), + ) + + class ACIModule(object): def __init__(self, module): self.module = module @@ -272,7 +324,12 @@ def iso8601_format(self, dt): return dt.isoformat(timespec="milliseconds") except Exception: tz = dt.strftime("%z") - return "%s.%03d%s:%s" % (dt.strftime("%Y-%m-%dT%H:%M:%S"), dt.microsecond / 1000, tz[:3], tz[3:]) + return "%s.%03d%s:%s" % ( + dt.strftime("%Y-%m-%dT%H:%M:%S"), + dt.microsecond / 1000, + tz[:3], + tz[3:], + ) def define_protocol(self): """Set protocol based on use_ssl parameter""" @@ -295,9 +352,21 @@ def login(self): url = "%(protocol)s://%(host)s:%(port)s/api/aaaLogin.json" % self.params else: url = "%(protocol)s://%(host)s/api/aaaLogin.json" % self.params - payload = {"aaaUser": {"attributes": {"name": self.params.get("username"), "pwd": self.params.get("password")}}} + payload = { + "aaaUser": { + "attributes": { + "name": self.params.get("username"), + "pwd": self.params.get("password"), + } + } + } resp, auth = fetch_url( - self.module, url, data=json.dumps(payload), method="POST", timeout=self.params.get("timeout"), use_proxy=self.params.get("use_proxy") + self.module, + url, + data=json.dumps(payload), + method="POST", + timeout=self.params.get("timeout"), + use_proxy=self.params.get("use_proxy"), ) # Handle APIC response @@ -491,7 +560,13 @@ def query(self, path): # Perform request resp, query = fetch_url( - self.module, self.url, data=None, headers=self.headers, method="GET", timeout=self.params.get("timeout"), use_proxy=self.params.get("use_proxy") + self.module, + self.url, + data=None, + headers=self.headers, + method="GET", + timeout=self.params.get("timeout"), + use_proxy=self.params.get("use_proxy"), ) # Handle APIC response @@ -576,7 +651,12 @@ def _deep_url_path_builder(self, obj): self.url = "{protocol}://{host}/{path}".format(path=self.path, **self.module.params) if self.child_classes: - self.update_qs({"rsp-subtree": "full", "rsp-subtree-class": ",".join(sorted(self.child_classes))}) + self.update_qs( + { + "rsp-subtree": "full", + "rsp-subtree-class": ",".join(sorted(self.child_classes)), + } + ) def _deep_url_parent_object(self, parent_objects, parent_class): @@ -718,7 +798,15 @@ def construct_deep_url(self, target_object, parent_objects=None, child_classes=N self._deep_url_path_builder(url_path_object) def construct_url( - self, root_class, subclass_1=None, subclass_2=None, subclass_3=None, subclass_4=None, subclass_5=None, child_classes=None, config_only=True + self, + root_class, + subclass_1=None, + subclass_2=None, + subclass_3=None, + subclass_4=None, + subclass_5=None, + child_classes=None, + config_only=True, ): """ @@ -746,7 +834,15 @@ def construct_url( self.child_classes = set(child_classes) if subclass_5 is not None: - self._construct_url_6(root_class, subclass_1, subclass_2, subclass_3, subclass_4, subclass_5, config_only) + self._construct_url_6( + root_class, + subclass_1, + subclass_2, + subclass_3, + subclass_4, + subclass_5, + config_only, + ) elif subclass_4 is not None: self._construct_url_5(root_class, subclass_1, subclass_2, subclass_3, subclass_4, config_only) elif subclass_3 is not None: @@ -765,7 +861,12 @@ def construct_url( if self.child_classes: # Append child_classes to filter_string if filter string is empty - self.update_qs({"rsp-subtree": "full", "rsp-subtree-class": ",".join(sorted(self.child_classes))}) + self.update_qs( + { + "rsp-subtree": "full", + "rsp-subtree-class": ",".join(sorted(self.child_classes)), + } + ) def _construct_url_1(self, obj, config_only=True): """ @@ -1090,7 +1191,12 @@ def delete_config(self): self.cert_auth(method="DELETE") resp, info = fetch_url( - self.module, self.url, headers=self.headers, method="DELETE", timeout=self.params.get("timeout"), use_proxy=self.params.get("use_proxy") + self.module, + self.url, + headers=self.headers, + method="DELETE", + timeout=self.params.get("timeout"), + use_proxy=self.params.get("use_proxy"), ) self.response = info.get("msg") @@ -1201,7 +1307,10 @@ def get_diff_children(self, aci_class, proposed_obj=None, existing_obj=None): # Loop through proposed child configs and compare against existing child configuration for child in proposed_children: child_class, proposed_child, existing_child = self.get_nested_config(child, existing_children) - proposed_child_children, existing_child_children = self.get_nested_children(child, existing_children) + ( + proposed_child_children, + existing_child_children, + ) = self.get_nested_children(child, existing_children) if existing_child is None: child_update = child @@ -1236,7 +1345,12 @@ def get_existing(self): self.cert_auth(path=self.path + self.filter_string, method="GET") resp, info = fetch_url( - self.module, uri, headers=self.headers, method="GET", timeout=self.params.get("timeout"), use_proxy=self.params.get("use_proxy") + self.module, + uri, + headers=self.headers, + method="GET", + timeout=self.params.get("timeout"), + use_proxy=self.params.get("use_proxy"), ) self.response = info.get("msg") self.status = info.get("status") diff --git a/plugins/modules/aci_l3out_bgp_peer.py b/plugins/modules/aci_l3out_bgp_peer.py index 7b2794a8a..367771f2d 100644 --- a/plugins/modules/aci_l3out_bgp_peer.py +++ b/plugins/modules/aci_l3out_bgp_peer.py @@ -7,7 +7,11 @@ __metaclass__ = type -ANSIBLE_METADATA = {"metadata_version": "1.1", "status": ["preview"], "supported_by": "community"} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = r""" --- @@ -21,48 +25,40 @@ - Name of an existing tenant. type: str aliases: [ tenant_name ] - required: yes l3out: description: - Name of an existing L3Out. type: str aliases: [ l3out_name ] - required: yes node_profile: description: - Name of the node profile. type: str aliases: [ node_profile_name, logical_node ] - required: yes interface_profile: description: - Name of the interface profile. type: str aliases: [ interface_profile_name, logical_interface ] - required: yes pod_id: description: - Pod to build the interface on. type: str - required: yes node_id: description: - Node to build the interface on for Port-channels and single ports. - Hyphen separated pair of nodes (e.g. "201-202") for vPCs. type: str - required: yes path_ep: description: - Path to interface - Interface Port Group name for Port-channels and vPCs - Port number for single ports (e.g. "eth1/12") type: str - required: yes peer_ip: description: - IP address of the BGP peer. type: str - required: yes remote_asn: description: - Autonomous System Number of the BGP peer. @@ -109,6 +105,31 @@ - Number of allowed self AS. - Only used if C(allow-self-as) is enabled under C(bgp_controls). type: int + route_control_profiles: + description: + - List of dictionaries objects, which is used to bind the BGP Peer Connectivity Profile to Route Control Profile. + type: list + elements: dict + suboptions: + tenant: + description: + - Name of the tenant. + type: str + required: yes + profile: + description: + - Name of the Route Control Profile. + type: str + required: yes + l3out: + description: + - Name of the L3 Out. + type: str + direction: + description: + - Name of the Route Control Profile direction. + type: str + required: yes state: description: - Use C(present) or C(absent) for adding or removing. @@ -151,7 +172,15 @@ - send-ext-com peer_controls: - bfd - state: present + route_control_profiles: + - tenant: "ansible_tenant" + profile: "anstest_import" + direction: "import" + - tenant: "ansible_tenant" + profile: "anstest_export" + direction: "export" + l3out: "anstest_l3out" + state: present delegate_to: localhost - name: Add a new BGP peer on a vPC @@ -206,6 +235,25 @@ state: absent delegate_to: localhost +- name: Add BGP Peer to the Node Profile level + cisco.aci.aci_l3out_bgp_peer: + host: apic + username: admin + password: SomeSecretPassword + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + peer_ip: 192.168.50.3 + route_control_profiles: + - tenant: "ansible_tenant" + profile: "anstest_import" + direction: "import" + - tenant: "ansible_tenant" + profile: "anstest_export" + direction: "export" + l3out: "anstest_l3out" + state: present + - name: Query a BGP peer cisco.aci.aci_l3out_bgp_peer: host: apic @@ -223,6 +271,15 @@ delegate_to: localhost register: query_result +- name: Query all BGP peer + cisco.aci.aci_l3out_bgp_peer: + host: apic + username: admin + password: SomeSecretPassword + state: query + delegate_to: localhost + register: query_all + """ RETURN = r""" @@ -332,34 +389,67 @@ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.cisco.aci.plugins.module_utils.aci import ACIModule, aci_argument_spec, aci_annotation_spec +from ansible_collections.cisco.aci.plugins.module_utils.aci import ( + ACIModule, + aci_argument_spec, + aci_annotation_spec, + route_control_profile_spec, +) def main(): argument_spec = aci_argument_spec() argument_spec.update(aci_annotation_spec()) argument_spec.update( - tenant=dict(type="str", aliases=["tenant_name"], required=True), - l3out=dict(type="str", aliases=["l3out_name"], required=True), - node_profile=dict(type="str", aliases=["node_profile_name", "logical_node"], required=True), - interface_profile=dict(type="str", aliases=["interface_profile_name", "logical_interface"], required=True), + tenant=dict(type="str", aliases=["tenant_name"]), + l3out=dict(type="str", aliases=["l3out_name"]), + node_profile=dict(type="str", aliases=["node_profile_name", "logical_node"]), + interface_profile=dict(type="str", aliases=["interface_profile_name", "logical_interface"]), state=dict(type="str", default="present", choices=["absent", "present", "query"]), - pod_id=dict(type="str", required=True), - node_id=dict(type="str", required=True), - path_ep=dict(type="str", required=True), - peer_ip=dict(type="str", required=True), + pod_id=dict(type="str"), + node_id=dict(type="str"), + path_ep=dict(type="str"), + peer_ip=dict(type="str"), remote_asn=dict(type="int"), - bgp_controls=dict(type="list", elements="str", choices=["send-com", "send-ext-com", "allow-self-as", "as-override", "dis-peer-as-check", "nh-self"]), + bgp_controls=dict( + type="list", + elements="str", + choices=[ + "send-com", + "send-ext-com", + "allow-self-as", + "as-override", + "dis-peer-as-check", + "nh-self", + ], + ), peer_controls=dict(type="list", elements="str", choices=["bfd", "dis-conn-check"]), address_type_controls=dict(type="list", elements="str", choices=["af-ucast", "af-mcast"]), - private_asn_controls=dict(type="list", elements="str", choices=["remove-exclusive", "remove-all", "replace-as"]), + private_asn_controls=dict( + type="list", + elements="str", + choices=["remove-exclusive", "remove-all", "replace-as"], + ), ttl=dict(type="int"), weight=dict(type="int"), admin_state=dict(type="str", choices=["enabled", "disabled"]), allow_self_as_count=dict(type="int"), + route_control_profiles=dict( + type="list", + elements="dict", + options=route_control_profile_spec(), + ), ) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_if=[ + ["state", "absent", ["tenant", "l3out", "node_profile", "peer_ip"]], + ["state", "present", ["tenant", "l3out", "node_profile", "peer_ip"]], + ], + required_together=[["interface_profile", "pod_id", "node_id", "path_ep"]], + ) tenant = module.params.get("tenant") l3out = module.params.get("l3out") @@ -373,20 +463,91 @@ def main(): remote_asn = module.params.get("remote_asn") bgp_controls = module.params.get("bgp_controls") peer_controls = module.params.get("peer_controls") - address_type_controls = module.params.get("address_type_controls") + address_type_controls = sorted(module.params.get("address_type_controls") or []) private_asn_controls = module.params.get("private_asn_controls") ttl = module.params.get("ttl") weight = module.params.get("weight") admin_state = module.params.get("admin_state") allow_self_as_count = module.params.get("allow_self_as_count") + route_control_profiles = module.params.get("route_control_profiles") aci = ACIModule(module) - if "-" in node_id: - path_type = "protpaths" - else: - path_type = "paths" + if node_id: + if "-" in node_id: + path_type = "protpaths" + else: + path_type = "paths" + + path_dn = "topology/pod-{0}/{1}-{2}/pathep-[{3}]".format(pod_id, path_type, node_id, path_ep) - path_dn = "topology/pod-{0}/{1}-{2}/pathep-[{3}]".format(pod_id, path_type, node_id, path_ep) + child_configs = [] + child_classes = [ + "bgpRsPeerPfxPol", + "bgpAsP", + "bgpLocalAsnP" + ] + + if remote_asn: + child_configs.append( + dict( + bgpAsP=dict( + attributes=dict(asn=remote_asn), + ), + ) + ) + + if route_control_profiles: + child_classes.append("bgpRsPeerToProfile") + for profile in route_control_profiles: + if profile.get("l3out"): + route_control_profile_dn = "uni/tn-{0}/out-{1}/prof-{2}".format( + profile.get("tenant"), + profile.get("l3out"), + profile.get("profile"), + ) + else: + route_control_profile_dn = "uni/tn-{0}/prof-{1}".format(profile.get("tenant"), profile.get("profile")) + child_configs.append( + dict( + bgpRsPeerToProfile=dict( + attributes=dict( + direction=profile.get("direction"), + tDn=route_control_profile_dn, + ) + ) + ) + ) + + subclass_3 = None + subclass_4 = None + subclass_5 = None + + bgp_peer_profile_dict = None + + if peer_ip or state == "query": + bgp_peer_profile_dict = dict( + aci_class="bgpPeerP", + aci_rn="peerP-[{0}]".format(peer_ip), + module_object=peer_ip, + target_filter={"addr": peer_ip}, + ) + + if interface_profile is None: + subclass_3 = bgp_peer_profile_dict + else: + subclass_3 = dict( + aci_class="l3extLIfP", + aci_rn="lifp-{0}".format(interface_profile), + module_object=interface_profile, + target_filter={"name": interface_profile}, + ) + subclass_4 = dict( + aci_class="l3extRsPathL3OutAtt", + aci_rn="rspathL3OutAtt-[{0}]".format(path_dn), + module_object=path_dn, + target_filter={"tDn": path_dn}, + ) + subclass_5 = bgp_peer_profile_dict aci.construct_url( root_class=dict( @@ -407,17 +568,10 @@ def main(): module_object=node_profile, target_filter={"name": node_profile}, ), - subclass_3=dict( - aci_class="l3extLIfP", - aci_rn="lifp-{0}".format(interface_profile), - module_object=interface_profile, - target_filter={"name": interface_profile}, - ), - subclass_4=dict( - aci_class="l3extRsPathL3OutAtt", aci_rn="/rspathL3OutAtt-[{0}]".format(path_dn), module_object=path_dn, target_filter={"tDn": path_dn} - ), - subclass_5=dict(aci_class="bgpPeerP", aci_rn="/peerP-[{0}]".format(peer_ip), module_object=peer_ip, target_filter={"addr": peer_ip}), - child_classes=["bgpRsPeerPfxPol", "bgpAsP", "bgpLocalAsnP"], + subclass_3=subclass_3, + subclass_4=subclass_4, + subclass_5=subclass_5, + child_classes=child_classes, ) aci.get_existing() @@ -445,13 +599,7 @@ def main(): adminSt=admin_state, allowedSelfAsCnt=allow_self_as_count, ), - child_configs=[ - dict( - bgpAsP=dict( - attributes=dict(asn=remote_asn), - ), - ), - ], + child_configs=child_configs, ) aci.get_diff(aci_class="bgpPeerP") diff --git a/tests/integration/targets/aci_l3out_bgp_peer/tasks/main.yml b/tests/integration/targets/aci_l3out_bgp_peer/tasks/main.yml index 39c70492b..e7df7ea4c 100644 --- a/tests/integration/targets/aci_l3out_bgp_peer/tasks/main.yml +++ b/tests/integration/targets/aci_l3out_bgp_peer/tasks/main.yml @@ -5,7 +5,7 @@ - name: Test that we have an ACI APIC host, ACI username and ACI password fail: - msg: 'Please define the following variables: aci_hostname, aci_username and aci_password.' + msg: "Please define the following variables: aci_hostname, aci_username and aci_password." when: aci_hostname is not defined or aci_username is not defined or aci_password is not defined # GET Credentials from the inventory @@ -15,9 +15,9 @@ host: "{{ aci_hostname }}" username: "{{ aci_username }}" password: "{{ aci_password }}" - validate_certs: '{{ aci_validate_certs | default(false) }}' - use_ssl: '{{ aci_use_ssl | default(true) }}' - use_proxy: '{{ aci_use_proxy | default(true) }}' + validate_certs: "{{ aci_validate_certs | default(false) }}" + use_ssl: "{{ aci_use_ssl | default(true) }}" + use_proxy: "{{ aci_use_proxy | default(true) }}" output_level: debug - name: Query system information @@ -27,6 +27,9 @@ state: query register: version +- name: Verify Cloud and Non-Cloud Sites in use. + include_tasks: ../../../../../../integration/targets/aci_cloud_provider/tasks/main.yml + # CLEAN ENVIRONMENT - name: Remove ansible_tenant if it already exists aci_tenant: @@ -41,1253 +44,1474 @@ domain_type: l3dom state: absent -- name: Remove ansible_port_channel_ipg if it already exists - aci_interface_policy_leaf_policy_group: - <<: *aci_info - lag_type: link - policy_group: ansible_port_channel_ipg - state: absent - -- name: Remove ansible_vpc_ipg if it already exists - aci_interface_policy_leaf_policy_group: - <<: *aci_info - lag_type: node - policy_group: ansible_vpc_ipg - state: absent - -- name: Add a new tenant required for l3out - aci_tenant: - <<: *aci_info - tenant: ansible_tenant - description: Ansible tenant - state: present - -# ADD domain -- name: Add domain for l3out - aci_domain: - <<: *aci_info - domain: ansible_l3ext_domain - domain_type: l3dom - state: present - -# ADD VRF -- name: Add VRF for l3out - aci_vrf: - <<: *aci_info - tenant: ansible_tenant - vrf: ansible_vrf - state: present - -# ADD PC IPG -- name: Add port-channel IPG - aci_interface_policy_leaf_policy_group: - <<: *aci_info - lag_type: link - policy_group: ansible_port_channel_ipg - state: present - -# ADD vPC IPG -- name: Add vPC IPG - aci_interface_policy_leaf_policy_group: - <<: *aci_info - lag_type: node - policy_group: ansible_vpc_ipg - state: present - -# ADD l3out -- name: Add l3out - aci_l3out: - <<: *aci_info - tenant: ansible_tenant - name: ansible_l3out - vrf: ansible_vrf - domain: ansible_domain - route_control: export - state: present - -# ADD l3out logical node profile -- name: l3out logical node profile - aci_l3out_logical_node_profile: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - state: present - -# ADD l3out logical interface profile -- name: l3out logical interface profile - aci_l3out_logical_interface_profile: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - state: present - -# ADD l3out interface -- name: Add routed interface - aci_l3out_interface: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - interface_type: l3-port - mode: regular - addr: 192.168.50.1/27 - state: present - -# ADD l3out port-channel -- name: Add routed interface port-channel - aci_l3out_interface: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - interface_type: l3-port - mode: regular - addr: 192.168.70.1/27 - state: present - -# ADD l3out vPC -- name: Add interface vPC - aci_l3out_interface: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - interface_type: ext-svi - mode: native - addr: 192.168.90.1/27 - encap: vlan-913 - state: present - -# ADD BGP peer to ethernet port -- name: add BGP peer to ethernet port (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - address_type_controls: - - af-ucast - ttl: 2 - state: present - register: add_eth_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: add BGP peer to ethernet port (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - ttl: 2 - state: present - register: add_eth_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been created with correct attributes (version >= 4) - assert: - that: - - add_eth_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - add_eth_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_eth_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" - - add_eth_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "enabled" - - add_eth_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_eth_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_eth_bgp_peer.current.0.bgpPeerP.attributes.ttl == "2" - - add_eth_bgp_peer.current.0.bgpPeerP.attributes.annotation == 'orchestrator:ansible' - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been created with correct attributes (version < 4) - assert: - that: - - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "2" - - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.annotation == 'orchestrator:ansible' - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object has been created correctly - assert: - that: - - add_eth_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object has been created correctly - assert: - that: - - add_eth_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# ADD BGP peer again to check idempotence -- name: add BGP peer to ethernet port again (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - address_type_controls: - - af-ucast - ttl: 2 - state: present - register: add_eth_bgp_peer_again - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: add BGP peer to ethernet port again (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - ttl: 2 - state: present - register: add_eth_bgp_peer_again_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been created with correct attributes (version >= 4) - assert: - that: - - add_eth_bgp_peer_again is not changed - - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" - - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.adminSt == "enabled" - - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been created with correct attributes (version < 4) - assert: - that: - - add_eth_bgp_peer_again_32 is not changed - - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object is still correct (version >= 4) - assert: - that: - - add_eth_bgp_peer_again.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object his still correct (version < 4) - assert: - that: - - add_eth_bgp_peer_again_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# MODIFY BGP peer -- name: update BGP peer (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - remote_asn: 65457 - bgp_controls: - - allow-self-as - - as-override - peer_controls: - - dis-conn-check - private_asn_controls: - - remove-exclusive - address_type_controls: - - af-ucast - - af-mcast - weight: 50 - allow_self_as_count: 3 - ttl: 4 - admin_state: disabled - state: present - register: update_eth_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: update BGP peer (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - remote_asn: 65457 - bgp_controls: - - allow-self-as - - as-override - peer_controls: - - dis-conn-check - private_asn_controls: - - remove-exclusive - weight: 50 - allow_self_as_count: 3 - ttl: 4 - state: present - register: update_eth_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been updated with correct attributes (version >= 4) - assert: - that: - - update_eth_bgp_peer is changed - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "dis-conn-check" - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - update_eth_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-exclusive" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been updated with correct attributes (version < 4) - assert: - that: - - update_eth_bgp_peer_32 is changed - - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "dis-conn-check" - - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" - - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-exclusive" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object has been updated correctly (version >= 4) - assert: - that: - - update_eth_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object has been updated correctly (version < 4) - assert: - that: - - update_eth_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# QUERY BGP peer -- name: query BGP peer (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - state: query - register: query_eth_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: query BGP peer (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - state: query - register: query_eth_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer attributes (version >= 4) - assert: - that: - - query_eth_bgp_peer is not changed - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "dis-conn-check" - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - query_eth_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-exclusive" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer attributes (version < 4) - assert: - that: - - query_eth_bgp_peer_32 is not changed - - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "dis-conn-check" - - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" - - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-exclusive" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP remote AS (version >= 4) - assert: - that: - - query_eth_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP remote AS (version < 4) - assert: - that: - - query_eth_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# DELETE BGP peer -- name: delete BGP peer - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: eth1/15 - peer_ip: 192.168.50.2 - state: absent - register: remove_eth_bgp_peer - -- name: verify remove_eth_bgp_peer - assert: - that: - - remove_eth_bgp_peer is changed - - remove_eth_bgp_peer.current == [] - - remove_eth_bgp_peer.previous.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" - - remove_eth_bgp_peer.previous.0.bgpPeerP.attributes.addr == "192.168.50.2" - -# ADD BGP peer to port-channel -- name: add BGP peer to port-channel (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - address_type_controls: - - af-ucast - ttl: 2 - state: present - register: add_pc_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: add BGP peer to port-channel (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - ttl: 2 - state: present - register: add_pc_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been created with correct attributes (version >= 4) - assert: - that: - - add_pc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - add_pc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_pc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" - - add_pc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "enabled" - - add_pc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_pc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_pc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been created with correct attributes (version < 4) - assert: - that: - - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object has been created correctly (version >= 4) - assert: - that: - - add_pc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object has been created correctly (version < 4) - assert: - that: - - add_pc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# ADD BGP peer again to check idempotence -- name: add BGP peer to port-channel again (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - address_type_controls: - - af-ucast - ttl: 2 - state: present - register: add_pc_bgp_peer_again - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: add BGP peer to port-channel again (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - ttl: 2 - state: present - register: add_pc_bgp_peer_again_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been created with correct attributes (version >= 4) - assert: - that: - - add_pc_bgp_peer_again is not changed - - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" - - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.adminSt == "enabled" - - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been created with correct attributes (version < 4) - assert: - that: - - add_pc_bgp_peer_again_32 is not changed - - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object has been created correctly (version >= 4) - assert: - that: - - add_pc_bgp_peer_again.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object has been created correctly (version < 4) - assert: - that: - - add_pc_bgp_peer_again_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# MODIFY BGP peer -- name: update BGP peer (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - remote_asn: 65457 - bgp_controls: - - allow-self-as - - as-override - peer_controls: - - bfd - - dis-conn-check - private_asn_controls: - - remove-all - - remove-exclusive - - replace-as - address_type_controls: - - af-ucast - - af-mcast - weight: 50 - allow_self_as_count: 3 - ttl: 4 - admin_state: disabled - state: present - register: update_pc_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: update BGP peer (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - remote_asn: 65457 - bgp_controls: - - allow-self-as - - as-override - peer_controls: - - bfd - - dis-conn-check - private_asn_controls: - - remove-all - - remove-exclusive - - replace-as - weight: 50 - allow_self_as_count: 3 - ttl: 4 - state: present - register: update_pc_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been updated with correct attributes (version >= 4) - assert: - that: - - update_pc_bgp_peer is changed - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - update_pc_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been updated with correct attributes (version < 4) - assert: - that: - - update_pc_bgp_peer_32 is changed - - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" - - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" - - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object has been created correctly (version >= 4) - assert: - that: - - update_pc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object has been created correctly (version < 4) - assert: - that: - - update_pc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# QUERY BGP peer -- name: query BGP peer (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - state: query - register: query_pc_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: query BGP peer (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - state: query - register: query_pc_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer attributes (version >= 4) - assert: - that: - - query_pc_bgp_peer is not changed - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - query_pc_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer attributes (version < 4) - assert: - that: - - query_pc_bgp_peer_32 is not changed - - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" - - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" - - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP remote AS (version >= 4) - assert: - that: - - query_pc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP remote AS (version < 4) - assert: - that: - - query_pc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# DELETE BGP peer -- name: delete BGP peer - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201 - path_ep: ansible_port_channel_ipg - peer_ip: 192.168.50.2 - state: absent - register: remove_pc_bgp_peer - -- name: verify remove_pc_bgp_peer - assert: - that: - - remove_pc_bgp_peer is changed - - remove_pc_bgp_peer.current == [] - - remove_pc_bgp_peer.previous.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" - - remove_pc_bgp_peer.previous.0.bgpPeerP.attributes.addr == "192.168.50.2" - -# ADD BGP peer to vPC -- name: add BGP peer to vPC (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - address_type_controls: - - af-ucast - ttl: 2 - state: present - register: add_vpc_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: add BGP peer to vPC (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - ttl: 2 - state: present - register: add_vpc_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been created with correct attributes (version >= 4) - assert: - that: - - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" - - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "enabled" - - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been created with correct attributes (version < 4) - assert: - that: - - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object has been created correctly (version >= 4) - assert: - that: - - add_vpc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object has been created correctly (version < 4) - assert: - that: - - add_vpc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# ADD BGP peer again to check idempotence -- name: add BGP peer to vPC again (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - address_type_controls: - - af-ucast - ttl: 2 - state: present - register: add_vpc_bgp_peer_again - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: add BGP peer to vPC again (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - remote_asn: 65456 - bgp_controls: - - nh-self - - send-com - - send-ext-com - peer_controls: - - bfd - ttl: 2 - state: present - register: add_vpc_bgp_peer_again_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been created with correct attributes (version >= 4) - assert: - that: - - add_vpc_bgp_peer_again is not changed - - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" - - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.adminSt == "enabled" - - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been created with correct attributes (version < 4) - assert: - that: - - add_vpc_bgp_peer_again_32 is not changed - - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" - - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" - - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.ttl == "2" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object has been created correctly (version >= 4) - assert: - that: - - add_vpc_bgp_peer_again.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object has been created correctly (version < 4) - assert: - that: - - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# MODIFY BGP peer -- name: update BGP peer (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - remote_asn: 65457 - bgp_controls: - - allow-self-as - - as-override - peer_controls: - - bfd - - dis-conn-check - private_asn_controls: - - remove-all - - remove-exclusive - - replace-as - address_type_controls: - - af-ucast - - af-mcast - weight: 50 - allow_self_as_count: 3 - ttl: 4 - admin_state: disabled - state: present - register: update_vpc_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: update BGP peer (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - remote_asn: 65457 - bgp_controls: - - allow-self-as - - as-override - peer_controls: - - bfd - - dis-conn-check - private_asn_controls: - - remove-all - - remove-exclusive - - replace-as - weight: 50 - allow_self_as_count: 3 - ttl: 4 - state: present - register: update_vpc_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer has been updated with correct attributes (version >= 4) - assert: - that: - - update_vpc_bgp_peer is changed - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer has been updated with correct attributes (version < 4) - assert: - that: - - update_vpc_bgp_peer_32 is changed - - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" - - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" - - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify remote AS object has been created correctly (version >= 4) - assert: - that: - - update_vpc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify remote AS object has been created correctly (version < 4) - assert: - that: - - update_vpc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# QUERY BGP peer -- name: query BGP peer (version >= 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - state: query - register: query_vpc_bgp_peer - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: query BGP peer (version < 4) - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - state: query - register: query_vpc_bgp_peer_32 - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP peer attributes (version >= 4) - assert: - that: - - query_vpc_bgp_peer is not changed - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP peer attributes (version < 4) - assert: - that: - - query_vpc_bgp_peer_32 is not changed - - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" - - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" - - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" - - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" - - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" - - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -- name: verify BGP remote AS (version >= 4) - assert: - that: - - query_pc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '>=') - -- name: verify BGP remote AS (version < 4) - assert: - that: - - query_pc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" - when: version.current.0.topSystem.attributes.version is version('4', '<') - -# DELETE BGP peer -- name: delete BGP peer - aci_l3out_bgp_peer: - <<: *aci_info - tenant: ansible_tenant - l3out: ansible_l3out - node_profile: ansible_node_profile - interface_profile: ansible_interface_profile - pod_id: 1 - node_id: 201-202 - path_ep: ansible_vpc_ipg - peer_ip: 192.168.50.2 - state: absent - register: remove_vpc_bgp_peer - -- name: verify remove_vpc_bgp_peer - assert: - that: - - remove_vpc_bgp_peer is changed - - remove_vpc_bgp_peer.current == [] - - remove_vpc_bgp_peer.previous.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" - - remove_vpc_bgp_peer.previous.0.bgpPeerP.attributes.addr == "192.168.50.2" - -# CLEAN UP -- name: Remove ansible_tenant - aci_tenant: - <<: *aci_info - tenant: ansible_tenant - state: absent - -- name: Remove ansible_l3ext_domain - aci_domain: - <<: *aci_info - domain: ansible_l3ext_domain - domain_type: l3dom - state: absent - -- name: Remove ansible_port_channel_ipg - aci_interface_policy_leaf_policy_group: - <<: *aci_info - lag_type: link - policy_group: ansible_port_channel_ipg - state: absent - -- name: Remove ansible_vpc_ipg - aci_interface_policy_leaf_policy_group: - <<: *aci_info - lag_type: node - policy_group: ansible_vpc_ipg - state: absent +- name: Execute tasks only for non-cloud sites + when: + - query_cloud.current == [] # This condition will skip execution for cloud sites + block: + - name: Remove ansible_port_channel_ipg if it already exists + aci_interface_policy_leaf_policy_group: + <<: *aci_info + lag_type: link + policy_group: ansible_port_channel_ipg + state: absent + + - name: Remove ansible_vpc_ipg if it already exists + aci_interface_policy_leaf_policy_group: + <<: *aci_info + lag_type: node + policy_group: ansible_vpc_ipg + state: absent + + - name: Add a new tenant required for l3out + aci_tenant: + <<: *aci_info + tenant: ansible_tenant + description: Ansible tenant + state: present + + # ADD domain + - name: Add domain for l3out + aci_domain: + <<: *aci_info + domain: ansible_l3ext_domain + domain_type: l3dom + state: present + + # ADD VRF + - name: Add VRF for l3out + aci_vrf: + <<: *aci_info + tenant: ansible_tenant + vrf: ansible_vrf + state: present + + # ADD PC IPG + - name: Add port-channel IPG + aci_interface_policy_leaf_policy_group: + <<: *aci_info + lag_type: link + policy_group: ansible_port_channel_ipg + state: present + + # ADD vPC IPG + - name: Add vPC IPG + aci_interface_policy_leaf_policy_group: + <<: *aci_info + lag_type: node + policy_group: ansible_vpc_ipg + state: present + + # ADD l3out + - name: Add l3out + aci_l3out: + <<: *aci_info + tenant: ansible_tenant + name: ansible_l3out + vrf: ansible_vrf + domain: ansible_domain + route_control: export + state: present + + # ADD l3out logical node profile + - name: l3out logical node profile + aci_l3out_logical_node_profile: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + state: present + + # ADD l3out logical interface profile + - name: l3out logical interface profile + aci_l3out_logical_interface_profile: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + state: present + + # ADD l3out interface + - name: Add routed interface + aci_l3out_interface: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + interface_type: l3-port + mode: regular + addr: 192.168.50.1/27 + state: present + + # ADD l3out port-channel + - name: Add routed interface port-channel + aci_l3out_interface: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + interface_type: l3-port + mode: regular + addr: 192.168.70.1/27 + state: present + + # ADD l3out vPC + - name: Add interface vPC + aci_l3out_interface: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + interface_type: ext-svi + mode: native + addr: 192.168.90.1/27 + encap: vlan-913 + state: present + + # ADD BGP peer to ethernet port + - name: add BGP peer to ethernet port (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + address_type_controls: + - af-ucast + ttl: 2 + state: present + register: add_eth_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: add BGP peer to ethernet port (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + ttl: 2 + state: present + register: add_eth_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been created with correct attributes (version >= 4) + assert: + that: + - add_eth_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - add_eth_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_eth_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" + - add_eth_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "enabled" + - add_eth_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_eth_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_eth_bgp_peer.current.0.bgpPeerP.attributes.ttl == "2" + - add_eth_bgp_peer.current.0.bgpPeerP.attributes.annotation == 'orchestrator:ansible' + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been created with correct attributes (version < 4) + assert: + that: + - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "2" + - add_eth_bgp_peer_32.current.0.bgpPeerP.attributes.annotation == 'orchestrator:ansible' + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object has been created correctly + assert: + that: + - add_eth_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object has been created correctly + assert: + that: + - add_eth_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # ADD BGP peer again to check idempotence + - name: add BGP peer to ethernet port again (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + address_type_controls: + - af-ucast + ttl: 2 + state: present + register: add_eth_bgp_peer_again + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: add BGP peer to ethernet port again (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + ttl: 2 + state: present + register: add_eth_bgp_peer_again_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been created with correct attributes (version >= 4) + assert: + that: + - add_eth_bgp_peer_again is not changed + - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" + - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.adminSt == "enabled" + - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_eth_bgp_peer_again.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been created with correct attributes (version < 4) + assert: + that: + - add_eth_bgp_peer_again_32 is not changed + - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_eth_bgp_peer_again_32.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object is still correct (version >= 4) + assert: + that: + - add_eth_bgp_peer_again.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object his still correct (version < 4) + assert: + that: + - add_eth_bgp_peer_again_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # MODIFY BGP peer + - name: update BGP peer (version >= 4) + aci_l3out_bgp_peer: &interface_profile_bgp_peer_present + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + remote_asn: 65457 + bgp_controls: + - allow-self-as + - as-override + peer_controls: + - dis-conn-check + private_asn_controls: + - remove-exclusive + address_type_controls: + - af-ucast + - af-mcast + weight: 50 + allow_self_as_count: 3 + ttl: 4 + admin_state: disabled + state: present + register: update_eth_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: update BGP peer (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + remote_asn: 65457 + bgp_controls: + - allow-self-as + - as-override + peer_controls: + - dis-conn-check + private_asn_controls: + - remove-exclusive + weight: 50 + allow_self_as_count: 3 + ttl: 4 + state: present + register: update_eth_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been updated with correct attributes (version >= 4) + assert: + that: + - update_eth_bgp_peer is changed + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "dis-conn-check" + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - update_eth_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-exclusive" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been updated with correct attributes (version < 4) + assert: + that: + - update_eth_bgp_peer_32 is changed + - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "dis-conn-check" + - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" + - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - update_eth_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-exclusive" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object has been updated correctly (version >= 4) + assert: + that: + - update_eth_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object has been updated correctly (version < 4) + assert: + that: + - update_eth_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # QUERY BGP peer + - name: query BGP peer (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + state: query + register: query_eth_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: query BGP peer (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + state: query + register: query_eth_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer attributes (version >= 4) + assert: + that: + - query_eth_bgp_peer is not changed + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "dis-conn-check" + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - query_eth_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-exclusive" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer attributes (version < 4) + assert: + that: + - query_eth_bgp_peer_32 is not changed + - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "dis-conn-check" + - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" + - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - query_eth_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-exclusive" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP remote AS (version >= 4) + assert: + that: + - query_eth_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP remote AS (version < 4) + assert: + that: + - query_eth_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: Execute tasks only for the APIC version version >= 4 + when: version.current.0.topSystem.attributes.version is version('4', '>=') + block: + # Route Control Profile validation check for Interface Profile level + - name: Add Route Control Profile to the ansible_interface_profile (version >= 4) - check mode + aci_l3out_bgp_peer: + <<: *interface_profile_bgp_peer_present + route_control_profiles: + - tenant: "ansible_tenant" + profile: "anstest_import" + direction: "import" + - tenant: "ansible_tenant" + profile: "anstest_export" + direction: "export" + l3out: "anstest_l3out" + state: present + check_mode: yes + register: cm_if_rtctrl_present + + - name: Assertions check for add Route Control Profile to the ansible_interface_profile (version >= 4) - check mode + assert: + that: + - cm_if_rtctrl_present is changed + - cm_if_rtctrl_present.sent.bgpPeerP.children | length == 2 + + - name: Add Route Control Profile to the ansible_interface_profile (version >= 4) - normal mode - missing param + aci_l3out_bgp_peer: + <<: *interface_profile_bgp_peer_present + route_control_profiles: + - tenant: "ansible_tenant" + profile: "anstest_import" + - tenant: "ansible_tenant" + profile: "anstest_export" + direction: "export" + l3out: "anstest_l3out" + state: present + register: nm_if_rtctrl_present_missing_param + ignore_errors: yes + + - name: Assertions check for add Route Control Profile to the ansible_interface_profile (version >= 4) - normal mode - missing param + assert: + that: + - nm_if_rtctrl_present_missing_param is failed + - "nm_if_rtctrl_present_missing_param.msg == 'missing required arguments: direction found in route_control_profiles'" + + - name: Add Route Control Profile to the ansible_interface_profile (version >= 4) - normal mode + aci_l3out_bgp_peer: &nm_if_rtctrl_present + <<: *interface_profile_bgp_peer_present + route_control_profiles: + - tenant: "ansible_tenant" + profile: "anstest_import" + direction: "import" + - tenant: "ansible_tenant" + profile: "anstest_export" + direction: "export" + l3out: "anstest_l3out" + state: present + register: nm_if_rtctrl_present + + - name: Assertions check for add Route Control Profile to the ansible_interface_profile (version >= 4) - normal mode + assert: + that: + - nm_if_rtctrl_present is changed + - nm_if_rtctrl_present.current | length == 1 + - nm_if_rtctrl_present.previous | length == 1 + - nm_if_rtctrl_present.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - nm_if_rtctrl_present.previous.0.bgpPeerP.attributes.addr == "192.168.50.2" + - nm_if_rtctrl_present.current.0.bgpPeerP.children | length >= nm_if_rtctrl_present.previous.0.bgpPeerP.children | length + + - name: Add Route Control Profile to the ansible_interface_profile (version >= 4) - normal mode - idempotency works + aci_l3out_bgp_peer: + <<: *nm_if_rtctrl_present + state: present + register: idempotency_nm_if_rtctrl_present + + - name: Idempotency assertions check for add Route Control Profile to the ansible_interface_profile (version >= 4) - normal mode + assert: + that: + - idempotency_nm_if_rtctrl_present is not changed + - idempotency_nm_if_rtctrl_present.current | length == 1 + - idempotency_nm_if_rtctrl_present.previous | length == 1 + - idempotency_nm_if_rtctrl_present.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - idempotency_nm_if_rtctrl_present.previous.0.bgpPeerP.attributes.addr == "192.168.50.2" + - idempotency_nm_if_rtctrl_present.current.0.bgpPeerP.children | length >= 2 + - idempotency_nm_if_rtctrl_present.previous.0.bgpPeerP.children | length >= 2 + + - name: Query a BGP Peer with Interface Profile + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + state: query + register: query_if_bgp_peer + + - name: Assertions check for query a BGP Peer with Interface Profile + assert: + that: + - query_if_bgp_peer is not changed + - query_if_bgp_peer.current | length == 1 + - query_if_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - query_if_bgp_peer.current.0.bgpPeerP.children | length >= 2 + + # Route Control Profile validation check for Node Profile level + - name: Add BGP Peer to the Node Profile level (version >= 4) - check mode + aci_l3out_bgp_peer: &cm_ln_rtctrl_present + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + peer_ip: 192.168.50.3 + route_control_profiles: + - tenant: "ansible_tenant" + profile: "anstest_import" + direction: "import" + - tenant: "ansible_tenant" + profile: "anstest_export" + direction: "export" + l3out: "anstest_l3out" + state: present + check_mode: yes + register: cm_ln_rtctrl_present + + - name: Assertions check for add BGP Peer to the Node Profile level (version >= 4) - check mode + assert: + that: + - cm_ln_rtctrl_present is changed + - cm_ln_rtctrl_present.current | length == 0 + - cm_ln_rtctrl_present.previous | length == 0 + - cm_ln_rtctrl_present.sent.bgpPeerP.attributes.addr == "192.168.50.3" + - cm_ln_rtctrl_present.sent.bgpPeerP.children | length >= 2 + + - name: Add BGP Peer to the Node Profile level (version >= 4) - normal mode + aci_l3out_bgp_peer: + <<: *cm_ln_rtctrl_present + state: present + register: nm_ln_rtctrl_present + + - name: Assertions check for add BGP Peer to the Node Profile level (version >= 4) - normal mode + assert: + that: + - nm_ln_rtctrl_present is changed + - nm_ln_rtctrl_present.current | length == 1 + - nm_ln_rtctrl_present.previous | length == 0 + - nm_ln_rtctrl_present.current.0.bgpPeerP.attributes.addr == "192.168.50.3" + - nm_ln_rtctrl_present.current.0.bgpPeerP.children | length >= 2 + + - name: Add BGP Peer to the Node Profile level (version >= 4) - normal mode - idempotency works + aci_l3out_bgp_peer: + <<: *cm_ln_rtctrl_present + state: present + register: idempotency_nm_ln_rtctrl_present + + - name: Idempotency assertions check for add BGP Peer to the Node Profile level (version >= 4) - normal mode + assert: + that: + - idempotency_nm_ln_rtctrl_present is not changed + - idempotency_nm_ln_rtctrl_present.current | length == 1 + - idempotency_nm_ln_rtctrl_present.current.0.bgpPeerP.attributes.addr == "192.168.50.3" + - idempotency_nm_ln_rtctrl_present.current.0.bgpPeerP.children | length >= 2 + - idempotency_nm_ln_rtctrl_present.previous | length == 1 + - idempotency_nm_ln_rtctrl_present.previous.0.bgpPeerP.attributes.addr == "192.168.50.3" + + - name: Add BGP Peer to the Node Profile level (version >= 4) - normal mode - missing param + aci_l3out_bgp_peer: + <<: *cm_ln_rtctrl_present + route_control_profiles: + - tenant: "ansible_tenant" + profile: "anstest_import" + - tenant: "ansible_tenant" + profile: "anstest_export" + direction: "export" + l3out: "anstest_l3out" + state: present + register: nm_ln_rtctrl_present_missing_param + ignore_errors: yes + + - name: Assertions check for add BGP Peer to the Node Profile level (version >= 4) - normal mode - missing param + assert: + that: + - nm_ln_rtctrl_present_missing_param is failed + - "nm_ln_rtctrl_present_missing_param.msg == 'missing required arguments: direction found in route_control_profiles'" + + - name: Query a BGP Peer from the Node Profile level + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + peer_ip: 192.168.50.3 + state: query + register: query_ln_bgp_peer + + - name: Assertions check for query a BGP Peer from the Node Profile level + assert: + that: + - query_ln_bgp_peer is not changed + - query_ln_bgp_peer.current | length == 1 + - query_ln_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.3" + + - name: Query all BGP peers + aci_l3out_bgp_peer: + <<: *aci_info + state: query + register: query_all_bgp_peer + + - name: Assertions check for query all BGP peers + assert: + that: + - query_all_bgp_peer is not changed + - query_all_bgp_peer.current | length != 0 + + # DELETE BGP peer + - name: delete BGP peer + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: eth1/15 + peer_ip: 192.168.50.2 + state: absent + register: remove_eth_bgp_peer + + - name: verify remove_eth_bgp_peer + assert: + that: + - remove_eth_bgp_peer is changed + - remove_eth_bgp_peer.current == [] + - remove_eth_bgp_peer.previous.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/15]]/peerP-[192.168.50.2]" + - remove_eth_bgp_peer.previous.0.bgpPeerP.attributes.addr == "192.168.50.2" + + # ADD BGP peer to port-channel + - name: add BGP peer to port-channel (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + address_type_controls: + - af-ucast + ttl: 2 + state: present + register: add_pc_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: add BGP peer to port-channel (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + ttl: 2 + state: present + register: add_pc_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been created with correct attributes (version >= 4) + assert: + that: + - add_pc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - add_pc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_pc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" + - add_pc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "enabled" + - add_pc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_pc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_pc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been created with correct attributes (version < 4) + assert: + that: + - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object has been created correctly (version >= 4) + assert: + that: + - add_pc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object has been created correctly (version < 4) + assert: + that: + - add_pc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # ADD BGP peer again to check idempotence + - name: add BGP peer to port-channel again (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + address_type_controls: + - af-ucast + ttl: 2 + state: present + register: add_pc_bgp_peer_again + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: add BGP peer to port-channel again (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + ttl: 2 + state: present + register: add_pc_bgp_peer_again_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been created with correct attributes (version >= 4) + assert: + that: + - add_pc_bgp_peer_again is not changed + - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" + - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.adminSt == "enabled" + - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_pc_bgp_peer_again.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been created with correct attributes (version < 4) + assert: + that: + - add_pc_bgp_peer_again_32 is not changed + - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_pc_bgp_peer_again_32.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object has been created correctly (version >= 4) + assert: + that: + - add_pc_bgp_peer_again.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object has been created correctly (version < 4) + assert: + that: + - add_pc_bgp_peer_again_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # MODIFY BGP peer + - name: update BGP peer (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + remote_asn: 65457 + bgp_controls: + - allow-self-as + - as-override + peer_controls: + - bfd + - dis-conn-check + private_asn_controls: + - remove-all + - remove-exclusive + - replace-as + address_type_controls: + - af-ucast + - af-mcast + weight: 50 + allow_self_as_count: 3 + ttl: 4 + admin_state: disabled + state: present + register: update_pc_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: update BGP peer (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + remote_asn: 65457 + bgp_controls: + - allow-self-as + - as-override + peer_controls: + - bfd + - dis-conn-check + private_asn_controls: + - remove-all + - remove-exclusive + - replace-as + weight: 50 + allow_self_as_count: 3 + ttl: 4 + state: present + register: update_pc_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been updated with correct attributes (version >= 4) + assert: + that: + - update_pc_bgp_peer is changed + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - update_pc_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been updated with correct attributes (version < 4) + assert: + that: + - update_pc_bgp_peer_32 is changed + - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" + - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" + - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - update_pc_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object has been created correctly (version >= 4) + assert: + that: + - update_pc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object has been created correctly (version < 4) + assert: + that: + - update_pc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # QUERY BGP peer + - name: query BGP peer (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + state: query + register: query_pc_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: query BGP peer (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + state: query + register: query_pc_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer attributes (version >= 4) + assert: + that: + - query_pc_bgp_peer is not changed + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - query_pc_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer attributes (version < 4) + assert: + that: + - query_pc_bgp_peer_32 is not changed + - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" + - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" + - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - query_pc_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP remote AS (version >= 4) + assert: + that: + - query_pc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP remote AS (version < 4) + assert: + that: + - query_pc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # DELETE BGP peer + - name: delete BGP peer + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201 + path_ep: ansible_port_channel_ipg + peer_ip: 192.168.50.2 + state: absent + register: remove_pc_bgp_peer + + - name: verify remove_pc_bgp_peer + assert: + that: + - remove_pc_bgp_peer is changed + - remove_pc_bgp_peer.current == [] + - remove_pc_bgp_peer.previous.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[ansible_port_channel_ipg]]/peerP-[192.168.50.2]" + - remove_pc_bgp_peer.previous.0.bgpPeerP.attributes.addr == "192.168.50.2" + + # ADD BGP peer to vPC + - name: add BGP peer to vPC (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + address_type_controls: + - af-ucast + ttl: 2 + state: present + register: add_vpc_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: add BGP peer to vPC (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + ttl: 2 + state: present + register: add_vpc_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been created with correct attributes (version >= 4) + assert: + that: + - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" + - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "enabled" + - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_vpc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been created with correct attributes (version < 4) + assert: + that: + - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object has been created correctly (version >= 4) + assert: + that: + - add_vpc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object has been created correctly (version < 4) + assert: + that: + - add_vpc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # ADD BGP peer again to check idempotence + - name: add BGP peer to vPC again (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + address_type_controls: + - af-ucast + ttl: 2 + state: present + register: add_vpc_bgp_peer_again + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: add BGP peer to vPC again (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + remote_asn: 65456 + bgp_controls: + - nh-self + - send-com + - send-ext-com + peer_controls: + - bfd + ttl: 2 + state: present + register: add_vpc_bgp_peer_again_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been created with correct attributes (version >= 4) + assert: + that: + - add_vpc_bgp_peer_again is not changed + - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.addrTCtrl == "af-ucast" + - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.adminSt == "enabled" + - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_vpc_bgp_peer_again.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been created with correct attributes (version < 4) + assert: + that: + - add_vpc_bgp_peer_again_32 is not changed + - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.ctrl == "nh-self,send-com,send-ext-com" + - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd" + - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.attributes.ttl == "2" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object has been created correctly (version >= 4) + assert: + that: + - add_vpc_bgp_peer_again.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object has been created correctly (version < 4) + assert: + that: + - add_vpc_bgp_peer_again_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65456" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # MODIFY BGP peer + - name: update BGP peer (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + remote_asn: 65457 + bgp_controls: + - allow-self-as + - as-override + peer_controls: + - bfd + - dis-conn-check + private_asn_controls: + - remove-all + - remove-exclusive + - replace-as + address_type_controls: + - af-ucast + - af-mcast + weight: 50 + allow_self_as_count: 3 + ttl: 4 + admin_state: disabled + state: present + register: update_vpc_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: update BGP peer (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + remote_asn: 65457 + bgp_controls: + - allow-self-as + - as-override + peer_controls: + - bfd + - dis-conn-check + private_asn_controls: + - remove-all + - remove-exclusive + - replace-as + weight: 50 + allow_self_as_count: 3 + ttl: 4 + state: present + register: update_vpc_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer has been updated with correct attributes (version >= 4) + assert: + that: + - update_vpc_bgp_peer is changed + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - update_vpc_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer has been updated with correct attributes (version < 4) + assert: + that: + - update_vpc_bgp_peer_32 is changed + - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" + - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" + - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - update_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify remote AS object has been created correctly (version >= 4) + assert: + that: + - update_vpc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify remote AS object has been created correctly (version < 4) + assert: + that: + - update_vpc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # QUERY BGP peer + - name: query BGP peer (version >= 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + state: query + register: query_vpc_bgp_peer + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: query BGP peer (version < 4) + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + state: query + register: query_vpc_bgp_peer_32 + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP peer attributes (version >= 4) + assert: + that: + - query_vpc_bgp_peer is not changed + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.addrTCtrl == "af-mcast,af-ucast" + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.adminSt == "disabled" + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.ttl == "4" + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - query_vpc_bgp_peer.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP peer attributes (version < 4) + assert: + that: + - query_vpc_bgp_peer_32 is not changed + - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.addr == "192.168.50.2" + - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ctrl == "allow-self-as,as-override" + - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.peerCtrl == "bfd,dis-conn-check" + - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.ttl == "4" + - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.allowedSelfAsCnt == "3" + - query_vpc_bgp_peer_32.current.0.bgpPeerP.attributes.privateASctrl == "remove-all,remove-exclusive,replace-as" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + - name: verify BGP remote AS (version >= 4) + assert: + that: + - query_pc_bgp_peer.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '>=') + + - name: verify BGP remote AS (version < 4) + assert: + that: + - query_pc_bgp_peer_32.current.0.bgpPeerP.children.1.bgpAsP.attributes.asn == "65457" + when: version.current.0.topSystem.attributes.version is version('4', '<') + + # DELETE BGP peer + - name: delete BGP peer + aci_l3out_bgp_peer: + <<: *aci_info + tenant: ansible_tenant + l3out: ansible_l3out + node_profile: ansible_node_profile + interface_profile: ansible_interface_profile + pod_id: 1 + node_id: 201-202 + path_ep: ansible_vpc_ipg + peer_ip: 192.168.50.2 + state: absent + register: remove_vpc_bgp_peer + + - name: verify remove_vpc_bgp_peer + assert: + that: + - remove_vpc_bgp_peer is changed + - remove_vpc_bgp_peer.current == [] + - remove_vpc_bgp_peer.previous.0.bgpPeerP.attributes.dn == "uni/tn-ansible_tenant/out-ansible_l3out/lnodep-ansible_node_profile/lifp-ansible_interface_profile/rspathL3OutAtt-[topology/pod-1/protpaths-201-202/pathep-[ansible_vpc_ipg]]/peerP-[192.168.50.2]" + - remove_vpc_bgp_peer.previous.0.bgpPeerP.attributes.addr == "192.168.50.2" + + # CLEAN UP + - name: Remove ansible_tenant + aci_tenant: + <<: *aci_info + tenant: ansible_tenant + state: absent + + - name: Remove ansible_l3ext_domain + aci_domain: + <<: *aci_info + domain: ansible_l3ext_domain + domain_type: l3dom + state: absent + + - name: Remove ansible_port_channel_ipg + aci_interface_policy_leaf_policy_group: + <<: *aci_info + lag_type: link + policy_group: ansible_port_channel_ipg + state: absent + + - name: Remove ansible_vpc_ipg + aci_interface_policy_leaf_policy_group: + <<: *aci_info + lag_type: node + policy_group: ansible_vpc_ipg + state: absent