Monday, February 15, 2021

IaC complex variable structure

Hi!

I work for a small MSP.
I'm in the beginning of transforming our DC switches to IaC (Infrastrucure as Code).
We use Cisco Nexus 9000.

I'm fairly fluent in Ansible, and I think I know the steps we need to take towards IaC.
1: Store switch configuration variables in git
2: Generate final config with jinja2
3: Use Ansible module nxos_config to replace config on switches.

Of course there are more steps involved, testing etc, but I'm leaving those out for sake of complicity.
The easy things are for example ntp, aaa, logging, those are all the same on all switches.
I just place those variables data in group_vars/all.yml
If I need something special on one switch, i just stick the data in host_vars/leaf03.yml for example.

Now to the questions:
How do you people handle real world configuration (vlan in the example).
Say I have 12 leaf switches.
Say our vmware platform hangs on port 1-10 on 6 of those 12 leafs.

Example 1:
I need to setup a new server vlan for a customer.
It should be tagged on port 1-10 on the 6 leafs.
Sure, I can edit 6 files, one per leaf, and add vlan to those ports, then generate config.
But that is not the purpose of IaC, this config should be generataed somehow.

Example 2:
I need to add new vmware-hosts:
Say that I places them on leaf 7-10, on ports 1-4.
They need the same vlan config as the other vmware ports.
Again, a LOT of changes need to be made to those files.

Example 3:
I have a customer vlan that needs to be like this:
Leaf1: Tagged e1/23
Leaf3: Untagged e1/12
It also needs to be on all vmware ports.

What I would like is to add a vlan in one place, and have the configuration generated, but it gets very complicated with snowflake config, like example 3.

I tried google, but all posts just do the simple stuff, like ntp, logging etc. =)
So, how do you handle all configuration in you IaC environment?



No comments:

Post a Comment