-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy paththree-tier.yml
207 lines (194 loc) · 5.78 KB
/
three-tier.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
---
# Three Tier Application Playbook
- name: Configuring a new Three Tier Application
hosts: apic1
connection: local
gather_facts: no
vars_files:
- /Users/threnzy/Ansible/2.9/BRKACI-1619/external_vars.yml
tasks:
- name: Create Ansible Tenant
aci_tenant:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
description: "Tenant configured by Ansible"
validate_certs: no
state: present
- name: Create ansible-VRF
aci_vrf:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
vrf: "{{ vrf }}"
description: "VRF configured by Ansible"
validate_certs: no
state: present
- name: Creating ansible-BD
aci_bd:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
vrf: "{{ vrf }}"
bd: "{{ bd.name }}"
enable_routing: yes
arp_flooding: no
l2_unknown_unicast: proxy
description: "BD configured by Ansible"
validate_certs: no
state: present
- name: Creating ansible-BD Subnet
aci_bd_subnet:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
bd: "{{ bd.name }}"
gateway: "{{ bd.ip }}"
mask: "{{ bd.mask }}"
scope: "private"
description: "BD subnet added by Ansible"
validate_certs: no
state: present
- name: Create ansible-AP
aci_ap:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
ap: "{{ app_profile }}"
description: "app profile configured by Ansible"
validate_certs: no
state: present
- name: Creating EPGs
aci_epg:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
ap: "{{ app_profile }}"
epg: "{{ item.epg }}"
bd: "{{ bd.name }}"
description: "EPG configured by Ansible"
validate_certs: no
state: present
loop:
- epg: "{{ epg1 }}"
- epg: "{{ epg2 }}"
- epg: "{{ epg3 }}"
- name: Creating Contracts
aci_contract:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
#contract: "{{ web_to_app_contract }}"
contract: "{{ item.contract }}"
tenant: "{{ tenant }}"
scope: "context"
description: "Contract created by Ansible"
validate_certs: no
state: present
loop:
- contract: "{{ web_to_app_contract }}"
- contract: "{{ app_to_db_contract }}"
- name: Add Filters
aci_filter:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
#filter: "{{ http_filter }}"
filter: "{{ item.filter }}"
tenant: "{{ tenant }}"
description: "Filter created by Ansible"
validate_certs: no
state: present
loop:
- filter: "{{ http_filter }}"
- filter: "{{ db_filter }}"
- name: Add Port 80 and 1433 to Filter entries
aci_filter_entry:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
entry: "{{ item.entry }}"
tenant: "{{ tenant }}"
ether_type: ip
ip_protocol: tcp
dst_port: "{{ item.dst_port }}"
filter: "{{ item.filter }}"
description: "Filter Entry created by Ansible"
validate_certs: no
state: present
loop:
- entry: "{{ http_filter_entry }}"
dst_port: 80
filter: "{{ http_filter }}"
- entry: "{{ db_filter_entry }}"
dst_port: 1433
filter: "{{ db_filter }}"
- name: Bind subjects to contracts
aci_contract_subject:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
contract: "{{ item.contract }}"
subject: "{{ item.subject }}"
reverse_filter: yes
description: "Subject created by Ansible"
validate_certs: no
state: present
loop:
- contract: "{{ web_to_app_contract }}"
subject: "{{ web_to_app_contract_subject }}"
- contract: "{{ app_to_db_contract }}"
subject: "{{ app_to_db_contract_subject }}"
- name: Bind Contract Subjects to filter
aci_contract_subject_to_filter:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
contract: "{{ item.contract }}"
#contract: "{{ web_to_app_contract }}"
filter: "{{ item.filter }}"
#filter: "{{ http_filter }}"
#subject: "{{ web_to_app_contract_subject }}"
subject: "{{ item.subject }}"
validate_certs: no
state: present
loop:
- contract: "{{ web_to_app_contract }}"
filter: "{{ http_filter }}"
subject: "{{ web_to_app_contract_subject }}"
- contract: "{{ app_to_db_contract }}"
filter: "{{ db_filter }}"
subject: "{{ app_to_db_contract_subject }}"
- name: Bind EPGs to Contract
aci_epg_to_contract:
hostname: "{{ inventory_hostname }}"
username: ansible
private_key: ansible.key
tenant: "{{ tenant }}"
epg: "{{ item.epg }}"
ap: "{{ app_profile }}"
contract: "{{ item.contract }}"
contract_type: "{{ item.type }}"
validate_certs: no
state: present
loop:
- epg: "{{ epg1 }}"
type: consumer
contract: "{{ web_to_app_contract }}"
- epg: "{{ epg2 }}"
type: provider
contract: "{{ web_to_app_contract }}"
- epg: "{{ epg2 }}"
type: consumer
contract: "{{ app_to_db_contract }}"
- epg: "{{ epg3 }}"
type: provider
contract: "{{ app_to_db_contract }}"