Skip to content
SD-WAN DevOps Tools
Python Groovy Dockerfile Shell
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Removed Windows CLI references Feb 14, 2020
group_vars/all updated default vmware version to 19.2.1 Feb 6, 2020
inventory updated jenkins inventory Feb 6, 2020
jenkins added cleur jenkins and virl files Feb 6, 2020
roles added ansible-virl directory back Jan 17, 2020
templates Debugging Jan 15, 2020
terraform-sdwan @ a7f6ff6 latest terraform-sdwan and added cleur2020 inventory Jan 17, 2020
.gitignore updated .gitignore Feb 6, 2020
.gitmodules added terraform-sdwan submodule Oct 30, 2019
Dockerfile Fixes for VIRL2 Nov 11, 2019
LICENSE Initial Submission Jul 18, 2019
activate-policy.yml Fixes Oct 30, 2019
ansible.cfg Bulk Commit for DEVWKS-2028 Jan 10, 2020
ansible.cfg.docker Initial Submission Jul 18, 2019
attach-template.yml updated playbooks from cleur Feb 6, 2020
build-aws.yml Merge branch 'master' of Oct 30, 2019
build-ca.yml Small fixes Oct 17, 2019
build-virl.yml Increased retries for mgmt interfaces to come up. This often takes lo… Jan 10, 2020
build-vmware.yml added terraform.tfvars to inventory and playbooks Nov 11, 2019
check-network.yml Initial Submission Jul 18, 2019
check-sdwan.yml Fixed incorrect host assignment Jan 9, 2020
clean-aws.yml Merge branch 'master' of Oct 30, 2019
clean-control.yml Flattened and normalized the sdwan variables Oct 5, 2019
clean-virl.yml Added tag to always stop and wipe the simulation Jan 14, 2020
clean-vmware.yml added variables to clean-vmware Nov 11, 2019
clean.yml updates for virl2 and control plane on vmware Oct 22, 2019
config-virl.yml Added wait for vmanage to get its IP address Nov 12, 2019
config-vmware.yml updated playbooks from cleur Feb 6, 2020
configure-licensing.yml Initial Submission Jul 18, 2019
configure.yml restrcutred build/clean and changed ping tests for cedge Sep 16, 2019
control-node.yml Updated docs Oct 4, 2019
delete-templates.yml Initial Submission Jul 18, 2019
deploy-hw-edges.yml seperate deploy-edges for hw and vmware Oct 30, 2019
deploy-virl.yml Fixing typo in virl_image_definition Jan 16, 2020
deploy-vmware-edges.yml changed copy module to net_put Feb 6, 2020
detach-template.yml Initial Submission Jul 18, 2019
export-policy.yml Initial Submission Jul 18, 2019
export-templates.yml Initial Submission Jul 18, 2019
generate-template-all.yml Bulk Commit for DEVWKS-2028 Jan 10, 2020
import-policy.yml updated playbooks from cleur Feb 6, 2020
import-templates.yml Fixes Oct 30, 2019
inventory.yml Flattened and normalized the sdwan variables Oct 5, 2019 updated for TF env vars Nov 10, 2019
query-attach.yml Bulk Commit for DEVWKS-2028 Jan 10, 2020
requirements.txt changed copy module to net_put Feb 6, 2020
show-inventory.yml Initial Submission Jul 18, 2019
update-rtbh-apps.yml updated playbooks from cleur Feb 6, 2020
update-rtbh.yml updated playbooks from cleur Feb 6, 2020
virl-facts.yml Last changes before merge to master Oct 15, 2019
virl-inventory.yml Last changes before merge to master Oct 15, 2019
waitfor-sync.yml Fixes for vmware Jan 9, 2020


This repo contains a set of tools to automate workflows and build CI/CD pipelines for Cisco SDWAN.

Note: The tools in this repo only work from a Unix environment with Docker (e.g. Linux, MacOS, etc.) due to issues with Ansible and file permissions mapping between Windows and the Linux container used in WSL2 may fix this issue and we will revisit when WSL2 is released.


Cloning the repo

git clone --recursive

All operations are run out of the sdwan-devops directory:

cd sdwan-devops

Software Dependancies

  • ansible-viptela (Delivered as part of the repo when --recursive is used when cloning)
  • Python 3 with the dependencies listed in requirements.txt
  • sshpass

Running with Docker

The easiest way to address the python and sshpass dependencies is to use the Dockerfile packaged in the repo. All development and testing uses this Dockerfile, so it is the best way to guarantee that the tooling will run as designed

Build the Docker container

To build the docker container, run:

docker build -t ansible-sdwan .

Running the the playbooks in the docker container

In order to make this easier, a bash script has been provided. To run a playbook specified in the directions, you can run using bash:

$ ./ <playbook> <options>

Licensing Requirements

  • A Viptela license file and the Organization name associated with that license file in licenses/serialFile.viptela.
  • The Organization name associated with the serial file
  • A Cisco Smart License token that point to an account with ASAv licensing (when licensing non-SD-WAN VNFs is required)

Set the name of the organization, e.g.: Using bash:

export VMANAGE_ORG=myorgname

Note: This value can be set permanently in group_vars/all/local.yml

organization_name: "<your org name>"

Note: Edge devices in the topologies must be updated to reflect the one from the serialFile.viptela provided. This is done by updated sdwan_uuid in the sdwan.yml inventory file in the host_vars directory corresponding to the edge device (e.g. inventory/hq1/host_vars/hq-cedge1/sdwan.yml). See the Variables section for more information.



Simulation can be used for developing new deployments as well as testing changes to current deployments. Simulation capabilities are provided by VIRL^2. The Ansible VIRL^2 Modules are used to automate deployments in VIRL^2.


A set of playbooks is providing for automating deployments on several different infrastructures. Currently, the following infrastructure is supported:

  • VIRL
  • Vmware
  • AWS: Deployment on AWS can be done with the either:
  • Azure

Automation Playbooks

  • build-ca.yml: Creates a local CA

  • import-templates.yml

  • attach-templates.yml

  • import-policy.yml

  • activate-policy.yml

  • waitfor-sync.yml

  • build-XXXX.yml

  • config-XXXX.yml

    • Configure setting on vmanage
    • Install Enterprise CA when required
    • Add vbonds and vsmarts to vmanage
    • Create CSRs for vbonds and vsmarts
    • Install certificates into vmanage
    • Push certificates to controllers
    • Import templates if present
    • Import policy if present


Validation Playbooks

  • check-sdwan.yml
  • check-network.yml


Jenkins is used for automatic and manual testing.



The repo contains a set of playbooks, roles, and templates that are fed from the included inventories. Several built-in topologies located in the inventory and more can be added. There are

To switch between topologies, either edit ansible.cfg and point inventory to the proper directory:

For example, change:

inventory = ./inventory/hq1


inventory = ./inventory/crn1

or specify -i with every command (e.g. ./ -i inventory/hq1 build-cml.yml)

The local defaults for all inventories are set in sdwan-devops/group_vars/all/local/yml


The following variables are used by the playbooks and must be set somewhere in the inventory:

sdwan_site_id: 1
sdwan_model: 'vedge-CSR-1000v'
sdwan_uuid: 'CSR-82DEC3C6-3A28-B866-6F4A-40BEA274CA00'
sdwan_personality: vedge
  name: 'hq-csr1000v'
    'vpn512_interface': GigabitEthernet1
    'vpn0_interface': GigabitEthernet2
    'vpn1_interface': GigabitEthernet3
    'vpn1_ospf_interface': GigabitEthernet3
    'system_latitude': 37.411343
    'system_longitude': -121.938803
    'system_site_id': 1
    'system_host_name': hq-cedge1
    'banner_login': "{{ login_banner }}"
    'banner_motd': Welcome to hq-cedge1!

Infrastructure specific playbooks for building the control plane and deploying vedges are described in the specific infrastructure instructions below

You can’t perform that action at this time.