Skip to content

Commit 243e05c

Browse files
ppiwowa-cscoppiwowa-csco
committed
Deploy infrastructure with dual stack
1 parent 53a1369 commit 243e05c

File tree

12 files changed

+288
-39
lines changed

12 files changed

+288
-39
lines changed

roles/azure_controllers/defaults/main.yml

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,22 +24,30 @@ az_vn_address_prefixes_cidr: 10.0.0.0/16
2424
az_subnets: |
2525
{% filter from_yaml %}
2626
- name: "{{ az_resources_prefix }}-mgmt-subnet-512"
27-
cidr: "10.0.1.0/24"
27+
cidr:
28+
- "10.0.1.0/24"
29+
- "fd00:0:0:1::/64"
2830
VPN: 512
2931
type: mgmt
3032
- name: "{{ az_resources_prefix }}-transport-subnet-0"
31-
cidr: "10.0.2.0/24"
33+
cidr:
34+
- "10.0.2.0/24"
35+
- "fd00:0:0:2::/64"
3236
VPN: 0
3337
type: transport
3438
{% if vmanage_instances is defined and vmanage_instances | length > 2 %}
3539
- name: "{{ az_resources_prefix }}-cluster-subnet-0"
36-
cidr: "10.0.3.0/24"
40+
cidr:
41+
- "10.0.3.0/24"
42+
- "fd00:0:0:3::/64"
3743
VPN: 0
3844
type: cluster
3945
{% endif %}
4046
{% if ux20_deployment is defined and ux20_deployment == true %}
4147
- name: "{{ az_resources_prefix }}-service-subnet-10"
42-
cidr: "10.0.4.0/24" # default ips from official Cisco guides
48+
cidr:
49+
- "10.0.4.0/24" # default ips from official Cisco guides
50+
- "fd00:0:0:4::/64"
4351
VPN: 10
4452
type: service
4553
{% endif %}
@@ -49,6 +57,11 @@ az_subnets: |
4957
az_network_security_group: "{{ az_resources_prefix }}-nsg"
5058

5159

60+
# Private DNS zone
61+
az_private_dns_zone: "{{ az_resources_prefix }}.internal"
62+
az_vbond_address: "vbond.{{ az_private_dns_zone }}"
63+
64+
5265
# VPN subnets from which we can connect to Azure EIPs (Network Security Group config)
5366
az_allowed_subnets: null
5467

@@ -63,6 +76,7 @@ admin_password: null # pragma: allowlist secret
6376
admin_ssh_keys: []
6477
vbond_port: 12346
6578
default_vbond_ip: 192.168.1.199
79+
ipv6_strict_control: true
6680
# vpn0_interface_color: default
6781

6882

roles/azure_controllers/tasks/azure_vbond_vm.yml

Lines changed: 60 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -19,13 +19,34 @@
1919
Machine: "{{ hostname }}"
2020
VPN: "{{ subnet_item.VPN }}"
2121
Subnet: "{{ subnet_item.name }}"
22+
sku: standard
2223
loop:
2324
- "{{ mgmt_subnet }}"
2425
- "{{ transport_subnet }}"
2526
loop_control:
2627
loop_var: subnet_item
2728
register: public_ip_addresses
2829

30+
- name: "Create public IPv6 addresses for machine: {{ hostname }}"
31+
azure.azcollection.azure_rm_publicipaddress:
32+
resource_group: "{{ az_resource_group }}"
33+
allocation_method: static
34+
name: "public-ipv6-{{ hostname }}-vpn-{{ subnet_item.VPN }}"
35+
tags:
36+
Name: "public-ipv6-{{ hostname }}"
37+
Creator: "{{ az_tag_creator }}"
38+
Machine: "{{ hostname }}"
39+
VPN: "{{ subnet_item.VPN }}"
40+
Subnet: "{{ subnet_item.name }}"
41+
version: ipv6
42+
sku: standard
43+
loop:
44+
- "{{ mgmt_subnet }}"
45+
- "{{ transport_subnet }}"
46+
loop_control:
47+
loop_var: subnet_item
48+
register: public_ipv6_addresses
49+
2950
- name: "Get info about NSG: {{ az_network_security_group }}"
3051
azure.azcollection.azure_rm_securitygroup_info:
3152
resource_group: "{{ az_resource_group }}"
@@ -49,7 +70,7 @@
4970
Name: "{{ az_network_security_group }}"
5071
Creator: "{{ az_tag_creator }}"
5172
Organization: "{{ organization_name }}"
52-
loop: "{{ public_ip_addresses.results }}"
73+
loop: "{{ public_ip_addresses.results + public_ipv6_addresses.results }}"
5374
loop_control:
5475
loop_var: public_ip_state
5576
index_var: my_idx
@@ -67,6 +88,10 @@
6788
- name: "ipconfig-vpn-{{ public_ip_state.state.tags.VPN }}"
6889
public_ip_address_name: "{{ public_ip_state.state.name }}"
6990
private_ip_allocation_method: "Dynamic"
91+
- name: "ipconfig-vpn-{{ public_ip_state.state.tags.VPN }}-ipv6"
92+
public_ip_address_name: "{{ public_ipv6_addresses.results | json_query(_public_ip_query) | first }}"
93+
private_ip_allocation_method: "Dynamic"
94+
private_ip_address_version: IPv6
7095
tags:
7196
Name: "nic-{{ hostname }}-vpn-{{ public_ip_state.state.tags.VPN }}"
7297
Creator: "{{ az_tag_creator }}"
@@ -78,30 +103,41 @@
78103
index_var: my_idx
79104
label: public_ip_state.state.name
80105
register: vbond_nics
106+
vars:
107+
_public_ip_query: "[?to_number(state.tags.VPN)==`{{ public_ip_state.state.tags.VPN }}`].state.name"
81108

82109
- name: Set az_network_interfaces_vbond fact with a list of interfaces for vBond
83110
ansible.builtin.set_fact:
84111
az_network_interfaces_vbond: "{{ vbond_nics.results | map(attribute='state') | list }}"
85-
az_public_ip_addresses_vbond: "{{ public_ip_addresses.results | map(attribute='state') | list }}"
112+
az_public_ip_addresses_vbond: "{{ (public_ip_addresses.results + public_ipv6_addresses.results) | map(attribute='state') | list }}"
86113

87114
- name: Filter az_network_interfaces_vbond for instance creation. Set az_mgmt_nic and az_transport_nic facts
88115
ansible.builtin.set_fact:
89116
az_mgmt_nic: "{{ az_network_interfaces_vbond | selectattr('tags.VPN', 'equalto', '512') | list | first }}"
90117
az_transport_nic: "{{ az_network_interfaces_vbond | selectattr('tags.VPN', 'equalto', '0') | list | first }}"
91-
az_mgmt_public_ip: "{{ az_public_ip_addresses_vbond | selectattr('tags.VPN', 'equalto', '512') | list | first }}"
92-
az_transport_public_ip: "{{ az_public_ip_addresses_vbond | selectattr('tags.VPN', 'equalto', '0') | list | first }}"
118+
az_mgmt_public_ip: "{{ _mgmt_public_ips | selectattr('public_ip_address_version', 'equalto', 'ipv4') | list | first }}"
119+
az_transport_public_ip: "{{ _transport_public_ips | selectattr('public_ip_address_version', 'equalto', 'ipv4') | list | first }}"
120+
az_mgmt_public_ipv6: "{{ _mgmt_public_ips | selectattr('public_ip_address_version', 'equalto', 'ipv6') | list | first }}"
121+
az_transport_public_ipv6: "{{ _transport_public_ips | selectattr('public_ip_address_version', 'equalto', 'ipv6') | list | first }}"
122+
vars:
123+
_mgmt_public_ips: "{{ az_public_ip_addresses_vbond | selectattr('tags.VPN', 'equalto', '512') }}"
124+
_transport_public_ips: "{{ az_public_ip_addresses_vbond | selectattr('tags.VPN', 'equalto', '0') }}"
93125

94126
# vbond_mgmt_private_ip
95127
- name: "Set ip addresses vbond facts"
96128
ansible.builtin.set_fact:
97-
vbond_mgmt_private_ip: "{{ az_mgmt_nic.ip_configuration.private_ip_address }}"
98-
vbond_transport_private_ip: "{{ az_transport_nic.ip_configuration.private_ip_address }}"
129+
vbond_mgmt_private_ip: "{{ (az_mgmt_nic.ip_configurations | json_query('[?private_ip_address_version==`IPv4`]') | first).private_ip_address }}"
130+
vbond_mgmt_private_ipv6: "{{ (az_mgmt_nic.ip_configurations | json_query('[?private_ip_address_version==`IPv6`]') | first).private_ip_address }}"
131+
vbond_transport_private_ip: "{{ (az_transport_nic.ip_configurations | json_query('[?private_ip_address_version==`IPv4`]') | first).private_ip_address }}"
132+
vbond_transport_private_ipv6: "{{ (az_transport_nic.ip_configurations | json_query('[?private_ip_address_version==`IPv6`]') | first).private_ip_address }}"
99133
vbond_mgmt_public_ip: "{{ az_mgmt_public_ip.ip_address }}"
100134
vbond_transport_public_ip: "{{ az_transport_public_ip.ip_address }}"
135+
vbond_mgmt_public_ipv6: "{{ az_mgmt_public_ipv6.ip_address }}"
136+
vbond_transport_public_ipv6: "{{ az_transport_public_ipv6.ip_address }}"
101137

102138
- name: "Set vpn0_default_gateway fact from VPN 0 subnet value"
103139
ansible.builtin.set_fact:
104-
vpn0_default_gateway: "{{ subnet_item.cidr | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}"
140+
vpn0_default_gateway: "{{ subnet_item.cidr[0] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}"
105141
loop:
106142
- "{{ mgmt_subnet }}"
107143
- "{{ transport_subnet }}"
@@ -178,9 +214,26 @@
178214
admin_password: "{{ admin_password }}"
179215
mgmt_public_ip: "{{ vbond_mgmt_public_ip }}"
180216
transport_public_ip: "{{ vbond_transport_public_ip }}"
217+
mgmt_public_ipv6: "{{ vbond_mgmt_public_ipv6 }}"
218+
transport_public_ipv6: "{{ vbond_transport_public_ipv6 }}"
181219
changed_when: true
182220
notify: Show deployment_facts
183221

222+
- name: DNS records
223+
azure.azcollection.azure_rm_privatednsrecordset:
224+
resource_group: "{{ az_resource_group }}"
225+
zone_name: "{{ az_private_dns_zone }}"
226+
relative_name: "vbond"
227+
record_type: "{{ item.type }}"
228+
records: "{{ item.records }}"
229+
loop:
230+
- type: 'A'
231+
records:
232+
- entry: "{{ vbond_transport_public_ip }}"
233+
- type: 'AAAA'
234+
records:
235+
- entry: "{{ vbond_transport_public_ipv6 }}"
236+
184237
- name: Update deployment facts - vBond - that will be consumed by vManage-client in Ansible
185238
ansible.builtin.set_fact:
186239
deployment_facts:

roles/azure_controllers/tasks/azure_vmanage_vm.yml

Lines changed: 46 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,13 +21,35 @@
2121
VPN: "{{ subnet_item.VPN }}"
2222
Subnet: "{{ subnet_item.name }}"
2323
type: "{{ subnet_item.type }}"
24+
sku: standard
2425
loop:
2526
- "{{ mgmt_subnet }}"
2627
- "{{ transport_subnet }}"
2728
loop_control:
2829
loop_var: subnet_item
2930
register: public_ip_addresses
3031

32+
- name: "Create public IPv6 addresses for machine: {{ hostname }}"
33+
azure.azcollection.azure_rm_publicipaddress:
34+
resource_group: "{{ az_resource_group }}"
35+
allocation_method: static
36+
name: "public-ipv6-{{ hostname }}-vpn-{{ subnet_item.VPN }}"
37+
tags:
38+
Name: "public-ipv6-{{ hostname }}"
39+
Creator: "{{ az_tag_creator }}"
40+
Machine: "{{ hostname }}"
41+
VPN: "{{ subnet_item.VPN }}"
42+
Subnet: "{{ subnet_item.name }}"
43+
type: "{{ subnet_item.type }}"
44+
version: ipv6
45+
sku: standard
46+
loop:
47+
- "{{ mgmt_subnet }}"
48+
- "{{ transport_subnet }}"
49+
loop_control:
50+
loop_var: subnet_item
51+
register: public_ipv6_addresses
52+
3153
- name: "Get info about NSG: {{ az_network_security_group }}"
3254
azure.azcollection.azure_rm_securitygroup_info:
3355
resource_group: "{{ az_resource_group }}"
@@ -51,7 +73,7 @@
5173
Name: "{{ az_network_security_group }}"
5274
Creator: "{{ az_tag_creator }}"
5375
Organization: "{{ organization_name }}"
54-
loop: "{{ public_ip_addresses.results }}"
76+
loop: "{{ public_ip_addresses.results + public_ipv6_addresses.results }}"
5577
loop_control:
5678
loop_var: public_ip_state
5779
index_var: my_idx
@@ -71,6 +93,10 @@
7193
- name: "ipconfig-vpn-{{ public_ip_state.state.tags.VPN }}"
7294
public_ip_address_name: "{{ public_ip_state.state.name }}"
7395
private_ip_allocation_method: "Dynamic"
96+
- name: "ipconfig-vpn-{{ public_ip_state.state.tags.VPN }}-ipv6"
97+
public_ip_address_name: "{{ public_ipv6_addresses.results | json_query(_public_ip_query) | first }}"
98+
private_ip_allocation_method: "Dynamic"
99+
private_ip_address_version: IPv6
74100
tags:
75101
Name: "nic-{{ hostname }}-{{ public_ip_state.state.tags.type }}-vpn-{{ public_ip_state.state.tags.VPN }}"
76102
Creator: "{{ az_tag_creator }}"
@@ -85,6 +111,8 @@
85111
register: vmanage_nics
86112
when:
87113
- public_ip_state.state is defined
114+
vars:
115+
_public_ip_query: "[?to_number(state.tags.VPN)==`{{ public_ip_state.state.tags.VPN }}`].state.name"
88116

89117
- name: "Create virtual network interface card if cluster deployment"
90118
azure.azcollection.azure_rm_networkinterface:
@@ -140,15 +168,20 @@
140168
- name: Set az_network_interfaces_vmanage fact with a list of interfaces for vmanage
141169
ansible.builtin.set_fact:
142170
az_network_interfaces_vmanage: "{{ (vmanage_nics.results + [cluster_vmanage_nic]) | selectattr('state', 'defined') | map(attribute='state') | list }}"
143-
az_public_ip_addresses_vmanage: "{{ public_ip_addresses.results | selectattr('state', 'defined') | map(attribute='state') | list }}"
171+
az_public_ip_addresses_vmanage: "{{ (public_ip_addresses.results + public_ipv6_addresses.results) | selectattr('state', 'defined') | map(attribute='state') | list }}"
144172

145173
- name: Filter az_network_interfaces_vmanage for instance creation. Set az_mgmt_nic and az_transport_nic facts
146174
ansible.builtin.set_fact:
147175
az_mgmt_nic: "{{ az_network_interfaces_vmanage | selectattr('tags.type', 'equalto', 'mgmt') | list | first }}"
148176
az_transport_nic: "{{ az_network_interfaces_vmanage | selectattr('tags.type', 'equalto', 'transport') | list | first }}"
149177
az_cluster_nic: "{{ az_network_interfaces_vmanage | selectattr('tags.type', 'equalto', 'cluster') | list | first | default(omit) }}"
150-
az_mgmt_public_ip: "{{ az_public_ip_addresses_vmanage | selectattr('tags.type', 'equalto', 'mgmt') | list | first }}"
151-
az_transport_public_ip: "{{ az_public_ip_addresses_vmanage | selectattr('tags.type', 'equalto', 'transport') | list | first }}"
178+
az_mgmt_public_ip: "{{ _mgmt_public_ips | selectattr('public_ip_address_version', 'equalto', 'ipv4') | list | first }}"
179+
az_transport_public_ip: "{{ _transport_public_ips | selectattr('public_ip_address_version', 'equalto', 'ipv4') | list | first }}"
180+
az_mgmt_public_ipv6: "{{ _mgmt_public_ips | selectattr('public_ip_address_version', 'equalto', 'ipv6') | list | first }}"
181+
az_transport_public_ipv6: "{{ _transport_public_ips | selectattr('public_ip_address_version', 'equalto', 'ipv6') | list | first }}"
182+
vars:
183+
_mgmt_public_ips: "{{ az_public_ip_addresses_vbond | selectattr('tags.VPN', 'equalto', '512') }}"
184+
_transport_public_ips: "{{ az_public_ip_addresses_vbond | selectattr('tags.VPN', 'equalto', '0') }}"
152185

153186
- name: Prepare nics_ids_list variable for VM creation
154187
ansible.builtin.set_fact:
@@ -169,10 +202,14 @@
169202

170203
- name: "Set vmanage facts"
171204
ansible.builtin.set_fact:
172-
vmanage_mgmt_private_ip: "{{ az_mgmt_nic.ip_configuration.private_ip_address }}"
173-
vmanage_transport_private_ip: "{{ az_transport_nic.ip_configuration.private_ip_address }}"
205+
vmanage_mgmt_private_ip: "{{ (az_mgmt_nic.ip_configurations | json_query('[?private_ip_address_version==`IPv4`]') | first).private_ip_address }}"
206+
vmanage_mgmt_private_ipv6: "{{ (az_mgmt_nic.ip_configurations | json_query('[?private_ip_address_version==`IPv6`]') | first).private_ip_address }}"
207+
vmanage_transport_private_ip: "{{ (az_transport_nic.ip_configurations | json_query('[?private_ip_address_version==`IPv4`]') | first).private_ip_address }}"
208+
vmanage_transport_private_ipv6: "{{ (az_transport_nic.ip_configurations | json_query('[?private_ip_address_version==`IPv6`]') | first).private_ip_address }}"
174209
vmanage_mgmt_public_ip: "{{ az_mgmt_public_ip.ip_address }}"
175210
vmanage_transport_public_ip: "{{ az_transport_public_ip.ip_address }}"
211+
vmanage_mgmt_public_ipv6: "{{ az_mgmt_public_ipv6.ip_address }}"
212+
vmanage_transport_public_ipv6: "{{ az_transport_public_ipv6.ip_address }}"
176213
vmanage_persona: "{{ persona | default(vmanage_default_persona) }}"
177214

178215
- name: "Set vmanage cluster related facts"
@@ -185,7 +222,7 @@
185222

186223
- name: "Set vpn0_default_gateway fact from VPN 0 subnet value"
187224
ansible.builtin.set_fact:
188-
vpn0_default_gateway: "{{ subnet.cidr | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}"
225+
vpn0_default_gateway: "{{ subnet.cidr[0] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}"
189226
loop: "{{ az_subnets }}"
190227
loop_control:
191228
loop_var: subnet
@@ -254,6 +291,8 @@
254291
admin_password: "{{ admin_password }}"
255292
mgmt_public_ip: "{{ vmanage_mgmt_public_ip }}"
256293
transport_public_ip: "{{ vmanage_transport_public_ip }}"
294+
mgmt_public_ipv6: "{{ vmanage_mgmt_public_ipv6 }}"
295+
transport_public_ipv6: "{{ vmanage_transport_public_ipv6 }}"
257296
cluster_private_ip: "{{ vmanage_cluster_private_ip | default(omit) }}"
258297
persona: "{{ vmanage_persona }}"
259298
changed_when: true

0 commit comments

Comments
 (0)