Collection to provision disposable topologies.

The content of this repository is subdivided in the following categories:

1. build

• Manipulation of local artifacts, mainly files operatios.

2. provision

• Provisonning of resources in an cloud provider.

3. deploy

• Setup of environments in the provisionned instances.

4. test

• Validation of the environments from end-to-end.

• ansible
• netaddr
• boto
• boto3
• passlib

pip --user install ansible netaddr boto boto3 passlib

pip install ansible netaddr boto boto3 passlib

NOTE: In Ansible Tower do standard WEBUI manipulation of Inventories.

1. Copy the directory inventories/full to inventories/mytopology.

cp -ap inventories/full inventories/mytopology

2. Edit the file inventories/mytopology/hosts to choose the nodes in your topology.

vi inventories/mytopology/hosts

3. Edit the file inventories/mytopology/group_vars/all.yaml to customize subnets, vpcs, regions...

vi inventories/mytopoly/group_vars/all.yaml

NOTE: For multisite topology, consult cisco_ios

1. Save the public ssh_key in files/keychain/<ec2_vpc_name>.pub.

cp <my key>.pub files/keychain/site1.pub
cp <my key>.pub files/keychain/site2.pub
cp <my key>.pub files/keychain/site3.pub

2. Save the private ssh_key in files/keychain/<ec2_vpc_name>.

cp <my key> files/keychain/site1
cp <my key> files/keychain/site2
cp <my key> files/keychain/site3

NOTE: if missing, ssh-keys are generated automatically during build

./playbooks/main.yaml -i inventories/full

_NOTE: By default everything is provisioned in site1.

./playbooks/provision.yaml -i inventories/full

_NOTE: ssh-key are only generated during build.

./playbooks/provision.yaml -i inventories/full --limit linux

_NOTE: ssh-key are only generated during build.

./playbooks/main.yaml -i inventories/redhat_rhel

_HINT: Topologies are build from inventories

./playbooks/terminate.yaml -i inventories/cisco_ios --limit site1

./playbooks/provision.yaml -i inventories/cisco_ios --limit tower

./playbooks/reprovision.yaml -i inventories/cisco_ios --limit rtr01-ios

./playbooks/reprovision.yaml -i inventories/cisco_ios --limit ios

This is straighforward for topologies following the guideline for groups and vpc names.

1. To spawn the cisco_ios with 3 sites:

./playbooks/main.yaml -i inventories/cisco_ios --limit site1
./playbooks/main.yaml -i inventories/cisco_ios --limit site2  
./playbooks/main.yaml -i inventories/cisco_ios --limit site3

NOTE: Multiple sites cannot be provisioned in parallel as part of the same play, because of race conditions
NOTE: Mutiple sites can be provisioned in parallel from different terminals with different --limit.
NOTE: Multiple instances are provisioned in parallel.

2. To provision Infoblox on top of the previous topology:

./playbooks/main.yaml -i inventories/infoblox_nios

3. To provision Splunk on top of the previous topology:

./playbooks/main.yaml -i inventories/splunk_es

1. Create project for https://www.github.com/victorock/demopoc.
2. Create inventory and define a source from project for inventories/cisco_ios/hosts.
3. Create job template and choose a playbook from playbooks folder (ex: playbooks/main.yaml).

inventories/
.
├── cisco_ios
│   ├── group_vars
│   │   ├── site1.yaml
│   │   ├── site2.yaml
│   │   └── site3.yaml
│   └── hosts
├── f5_tmos
│   ├── group_vars
│   │   └── all.yaml
│   └── hosts
├── full
│   ├── group_vars
│   │   └── all.yaml
│   └── hosts
├── infoblox_nios
│   ├── group_vars
│   │   └── all.yaml
│   └── hosts
├── microsoft_windows
│   ├── group_vars
│   │   └── all.yaml
│   └── hosts
├── paloalto_panos
│   ├── group_vars
│   │   └── all.yaml
│   └── hosts
├── redhat_rhel
│   ├── group_vars
│   │   └── all.yaml
│   └── hosts
└── splunk_es
    ├── group_vars
    │   └── all.yaml
    └── hosts

Due to a limitation in the Infoblox's image, the Infoblox AMI is only accessible through the inside interface (LAN1)..
As alternative, create a SSH tunnel through Ansible Tower to access Infoblox's WEBUI:

1. Add ssh-key to ssh-agent:

ssh-add files/keychain/<ssh_private_key_file>

2. Establish SSH Tunnel (localhost:8443 -> 10.1.2.97:443):

ssh -l ec2-user@<tower_public_ip> -L 8443:10.1.2.97:443

3. Open Browser:

open -a "Google Chrome" https://localhost:8443/

1. Build: Run locally, calling the role build.
2. Provision: Run locally, calling the role provision.
3. Deploy: Run against the provisioned device, calling the role deploy.

• main.yaml:
  • build.yaml:
    • roles:
      • build:
        • download
  • provision.yaml:
    • roles:
      • provision:
        • provision_ec2:
          • playbooks/group_vars/all/ec2.yaml
          • playbooks/group_vars/tower/ec2.yaml
          • playbooks/group_vars/linux/ec2.yaml
          • playbooks/host_vars/host01-tower/ec2.yaml
          • playbooks/host_vars/host01-linux/ec2.yaml
  • deploy.yaml:
    • roles:
      • deploy_tower:
        • deploy_linux:
          • network configuration
          • baseline packages
          • repositories (redhat-rhui)
          • subscription (optional)
        • tower_setup:
          • playbooks/group_vars/tower/ansible_tower_setup.yaml
        • tower_configure:
          • playbooks/group_vars/tower/ansible_tower_config.yaml
        • tower_facts
  • test.yaml:
    • roles:
      • test_tower:
        • application tests

• Playbooks
• Roles

deploy_<environment> for the following:

• asa
• fortios

Performing the following tasks:

• configure environment administrative password according to the value of variable deploy_password.

Don't use any of the content from this repository to manage real production environments.