ciscolive/automation/cleu-ansible-n9k/roles/nxos-vlan/tasks/main.yml

---
- name: Add VLAN definition
  nxos_vlan:
      vlan_id: "{{ vlan_id }}"
      admin_state: up
      name: "{{ vlan_name }}"
  when: delete_vlan is not defined or not delete_vlan|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-vlan
    - add-nxos-vlan

- name: Generate list of interfaces (stretched)
  set_fact: iflist="{{ iflist }} + [{{ item.key }}]"
  with_items: "{{ lookup('dict', port_channels) }}"
  when: generate_iflist|bool and is_stretched|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - allow-vlan
    - remove-vlan
    - remove-ucs-vlan

- name: Generate list of interfaces (non-stretched)
  set_fact: iflist="{{ iflist }} + [{{ item.key }}]"
  with_items: "{{ lookup('dict', port_channels) }}"
  when: generate_iflist|bool and not is_stretched|bool and not port_channels[item.key]|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - allow-vlan
    - remove-vlan
    - remove-ucs-vlan

- name: Associate interfaces to VLAN
  nxos_config:
      lines:
          - switchport trunk allowed vlan add {{ vlan_id }}
      parents: interface {{ item }}
  with_items: "{{ iflist }}"
  when: (delete_vlan is not defined or not delete_vlan|bool) and iflist is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - allow-vlan
    - allow-nxos-vlan

- name: Add SVI definition
  nxos_interfaces:
      config:
        - name: Vlan{{ vlan_id }}
          enabled: True
          mtu: "{{ svi_mtu }}"
          description: "{{ svi_descr }}"
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_mtu is defined and svi_descr is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-svi

- name: Set per-DC v4 IDF ID
  set_fact: v4_idf_id={{ idf_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and not is_stretched|bool and build_v4|bool
  tags:
      - nxos
      - vlan
      - nxos-vlan
      - add-svi-l3
      - add-svi-l3-v4

- name: Set stretched v4 IDF ID
  set_fact: v4_idf_id={{ stretched_idf_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and is_stretched|bool and build_v4|bool
  tags:
      - nxos
      - vlan
      - nxos-vlan
      - add-svi-l3
      - add-svi-l3-v4

- name: Construct SVI IPv4 address
  set_fact: svi_v4_prefix={{ base_major_net }}.{{ vlan_id }}.{{ v4_idf_id }} svi_subnet_len="24"
  when: (delete_vlan is not defined or not delete_vlan|bool) and build_v4|bool
  tags:
      - nxos
      - vlan
      - nxos-vlan
      - add-svi-l3
      - add-svi-l3-v4

- name: Add SVI v4 L3 parameters
  nxos_l3_interfaces:
      config:
        - name: Vlan{{ vlan_id }}
          ipv4:
            - address: "{{ svi_v4_prefix }}.{{ core_svi_v4_suffix }}/{{ svi_subnet_len }}"
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v4_prefix is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-svi-l3
    - add-svi-l3-v4

- name: Set per-DC v6 IDF ID
  set_fact: v6_idf_id="{{ '%0x' % idf_id|int }}"
  when: (delete_vlan is not defined or not delete_vlan|bool) and not is_stretched|bool and build_v6|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-svi-l3
    - add-svi-l3-v6

- name: Set stretched v6 IDF ID
  set_fact: v6_idf_id="{{ '%0x' % stretched_idf_id|int }}"
  when: (delete_vlan is not defined or not delete_vlan|bool) and is_stretched|bool and build_v6|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-svi-l3
    - add-svi-l3-v6

- name: Construct SVI v6 address
  set_fact: svi_v6_network="{{ base_v6_prefix }}:{{ '%0x' % vlan_id|int }}{{ v6_idf_id }}::"
  when: (delete_vlan is not defined or not delete_vlan|bool) and build_v6|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-svi-l3
    - add-svi-l3-v6

- name: Add SVI v6 L3 parameters
  nxos_l3_interfaces:
      config:
        - name: Vlan{{ vlan_id }}
          ipv6:
            - address: "{{ svi_v6_network }}{{ core_svi_v6_suffix }}/64"
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v6_network is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-svi-l3
    - add-svi-l3-v6

- name: Add SVI v6 L3 parameters
  nxos_config:
      lines:
          - ipv6 address use-link-local-only
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v6_link_local is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-svi-l3
    - add-svi-l3-v6

- name: Add SVI OSPFv2 parameters
  nxos_interface_ospf:
      area: 0.0.0.0
      ospf: "{{ ospf_pid }}"
      interface: Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v4_prefix is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-ospf
    - add-ospfv2

- name: Add additional SVI OSPFv2 parameters
  nxos_config:
      lines:
          - ip ospf network {{ ospf_type }}
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v4_prefix is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-ospf
    - add-ospfv2

- name: Disable SVI OSPFv2 passive interface
  nxos_config:
      lines:
          - no ip ospf passive-interface
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v4_prefix is defined and not passive_interface is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-ospf
    - add-ospfv2

- name: Add SVI OSPFv3 parameters
  nxos_config:
      lines:
          - ipv6 router ospfv3 1 area 0.0.0.0
          - ospfv3 network {{ ospf_type }}
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v6_network is defined or svi_v6_link_local is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-ospf
    - add-ospfv3

- name: Disable SVI OSPFv3 passive interface
  nxos_config:
      lines:
          - no ospfv3 passive-interface
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and (svi_v6_network is defined or svi_v6_link_local is defined) and not passive_interface is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-ospf
    - add-ospfv3

- name: Add addition SVI parameters
  nxos_config:
      lines:
          - no ip redirects
          - no ipv6 redirects
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v4_prefix is defined or svi_v6_network is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-svi-l3

- name: Enable HSRP
  nxos_config:
      lines:
          - hsrp version 2
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and (svi_v4_prefix is defined or svi_v6_network is defined) and use_hsrp is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-hsrp

- name: Add HSRP v4 configuration
  nxos_config:
      lines:
          - authentication md5 key-chain HSRP_KEY
          - preempt
          - priority {{ core_hsrp_priority }}
          - timers  1  3
          - ip {{ svi_v4_prefix }}.{{ core_hsrp_vip_v4_suffix }}
          - track {{ core_hsrp_v4_track }} decrement 20
      parents:
          - interface Vlan{{ vlan_id }}
          - hsrp 1
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v4_prefix is defined and use_hsrp is defined
  tags:
      - nxos
      - vlan
      - nxos-vlan
      - add-hsrp
      - add-hsrp-v4

- name: Add HSRP v6 configuration
  nxos_config:
      lines:
          - authentication md5 key-chain HSRP_KEY
          - preempt
          - priority {{ core_hsrp_priority }}
          - timers  1  3
          - ip {{ svi_v6_network }}{{ core_hsrp_vip_v6_suffix }}
          - track {{ core_hsrp_v6_track }} decrement 20
      parents:
          - interface Vlan{{ vlan_id }}
          - hsrp 2 ipv6
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v6_network is defined and use_hsrp is defined
  tags:
      - nxos
      - vlan
      - nxos-vlan
      - add-hsrp
      - add-hsrp-v6

- name: Add DHCP relays
  nxos_config:
      lines:
          - ip dhcp relay address {{ item }}
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v4_prefix is defined
  with_items: "{{ dhcp_servers }}"
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-dhcp-relay

- name: Add v4 ACL
  nxos_acl_interface:
      direction: ingress
      interface: Vlan{{ vlan_id }}
      name: "{{ v4_acl_name }}"
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v4_prefix is defined and add_acl|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-v4-acl

- name: Add v6 ACL
  nxos_config:
      lines:
          - ipv6 traffic-filter {{ v6_acl_name }} in
      parents: interface Vlan{{ vlan_id }}
  when: (delete_vlan is not defined or not delete_vlan|bool) and svi_v6_network and add_acl|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - add-v6-acl

- name: Remove SVI
  nxos_interfaces:
      config:
        - name: Vlan{{ vlan_id }}
      state: deleted
  when: delete_vlan is defined and delete_vlan|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - delete-svi

- name: Remove VLAN from interfaces
  nxos_config:
      lines:
          - switchport trunk allowed vlan remove {{ vlan_id }}
      parents: interface {{ item }}
  with_items: "{{ iflist }}"
  when: delete_vlan is defined and delete_vlan|bool and iflist is defined
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - remove-vlan
    - remove-ucs-vlan

- name: Delete VLAN definition
  nxos_vlan:
      vlan_id: "{{ vlan_id }}"
      state: absent
  when: delete_vlan is defined and delete_vlan|bool
  tags:
    - nxos
    - vlan
    - nxos-vlan
    - delete-vlan
    - delete-nxos-vlan