Skip to content

Commit

Permalink
add second playbook for AWS automation after DX is accepted
Browse files Browse the repository at this point in the history
  • Loading branch information
ctreatma committed Oct 18, 2024
1 parent 220701f commit 05aeae9
Show file tree
Hide file tree
Showing 5 changed files with 99 additions and 29 deletions.
30 changes: 23 additions & 7 deletions examples/layer2/README.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,24 @@
# Layer 2 networking with Equinix Metal

This example playbook demonstrates the use of the `equinix.cloud.metal_connection`, `equinix.cloud.metal_device`, and `equinix.cloud.metal_port` modules to configure Layer 2 connectivity from an Equinix Metal device to an AWS S3 bucket over a Metal-billed Fabric interconnection.
This example demonstrates the use of the `equinix.cloud.metal_connection`, `equinix.cloud.metal_device`, and `equinix.cloud.metal_port` modules--as well as a variety of AWS modules--to configure Layer 2 connectivity from an Equinix Metal device to AWS S3 over a Metal-billed Fabric interconnection.

## Overview

The [playbook](main.yml) creates a new project, creates 2 VLANs, provisions a device, and configures the device through different [network types](https://deploy.equinix.com/developers/docs/metal/layer2-networking/overview/#network-configuration-types).
The [Metal playbook](metal.yml) creates a new project, a VLAN, a VRF, a VRF Metal Gateway, and a device, converts the device to [hybrid bonded mode](https://deploy.equinix.com/developers/docs/metal/layer2-networking/overview/#network-configuration-types), and then creates a Metal-billed VRF interconnection and configures BGP peering settings on the interconnection's virtual circuit.

Manual intervention is needed in order to finish setting up the interconnection and accept the Direct Connect request in AWS.

The [AWS playbook](aws.yml) creates a new VPC, a VPC endpoint for S3, and a Virtual Private Gateway attached to the specified Direct Connect.

## Prerequisites

Before running the playbook, you will need to have the following:

- Ansible installed on your local machine.
- The Equinix Ansible Collection installed. You can install it using the following command:
- The Community.Aws, and Equinix Ansible Collections installed. You can install them using the following commands:
```bash
ansible-galaxy collection install equinix.cloud
ansible-galaxy collection install community.aws
```
- An Equinix Metal API token. You can obtain an API token from the Equinix Metal Portal. Set the environment variable METAL_AUTH_TOKEN to your API token:
```bash
Expand All @@ -23,12 +27,24 @@ Before running the playbook, you will need to have the following:

## Variables

You can customize some variables from [vars/equinix_metal_vars.yml](vars/equinix_metal_vars.yml).
You can customize some variables from [vars/vars.yml](vars/equinix_metal_vars.yml).

## Running the Playbooks

This example contains multiple playbooks and requires manual intervention between the playbooks.

To create the Equinix Metal infrastructure for this example, navigate to the directory containing the playbook file `metal.yml` and run the following command:

```bash
ansible-playbook metal.yml -extra-vars "bgp_md5_password=<some_value>"
```

After the Equinix Metal infrastructure is created, you will need to redeem the service token for your connection in the [Fabric portal](https://fabric.equinix.com).

## Running the Playbook
Once the service token is redeemed, you will need to accept the Direct Connect request in the [AWS console](https://console.aws.amazon.com). Take note of the Direct Connect ID and the Direct Connect VLAN when you accept the connection. You will need the ID and VLAN for the next playbook.

To run the playbook, navigate to the directory containing the playbook file `main.yml` and run the following command:
To finish setting up the AWS infrastructure, run the following command:

```bash
ansible-playbook main.yml -extra-vars "bgp_md5_password=<some_value>"
ansible-playbook aws.yml -extra-vars "bgp_md5_password=<some_value>" --extra-vars "aws_connection_id=<your_direct_connect_id>" --extra-vars "aws_connection_vlan=<your_direct_connect_vlan>"
```
55 changes: 55 additions & 0 deletions examples/layer2/aws.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
---
# NOTE: this playbook should be run _after_:
# 1. Running the metal.yml playbook
# 2. Redeeming the Fabric service token in the Fabric portal
# 3. Accepting the Direct Connect request in the AWS console
- name: Equinix Layer 2 example -- AWS resources
hosts: localhost
gather_facts: no
tasks:
- name: Include the required variables
include_vars: "vars/vars.yml"

- name: create a VPC
amazon.aws.ec2_vpc_net:
name: ansible-equinix-layer2-example
cidr_block: "{{ aws_network_cidr }}"
region: "{{ aws_region }}"
register: created_vpc

- name: Gather information about any VPC route table within VPC with ID "{{ created_vpc.vpc.id }}"
amazon.aws.ec2_vpc_route_table_info:
filters:
vpc-id: "{{ created_vpc.vpc.id }}"
register: route_table_info

- name: Create new vpc endpoint with the default policy
amazon.aws.ec2_vpc_endpoint:
region: "{{ aws_region }}"
vpc_id: "{{ created_vpc.vpc.id }}"
service: "com.amazonaws.{{ aws_region }}.s3"
route_table_ids: "{{ route_table_info.route_tables | map(attribute='id') }}"
register: new_vpc_endpoint

- name: Create a new VGW attached to the VPC
community.aws.ec2_vpc_vgw:
region: "{{ aws_region }}"
vpc_id: "{{ created_vpc.vpc.id }}"
name: ansible-equinix-layer2-example
register: created_vgw

# TODO this is failing, saying that the virtual gateway
# does not exist, but I can see it...so?
- name: Create an association between VGW and connection
community.aws.directconnect_virtual_interface:
state: present
region: "{{ aws_region }}"
name: "ansible-equinix-layer2-example"
public: false
connection_id: "{{ aws_connection_id }}"
vlan: "{{ aws_connection_vlan }}"
virtual_gateway_id: "{{ created_vgw.vgw.id }}"
customer_address: "{{ metal_peering_ip }}/30"
amazon_address: "{{ aws_peering_ip }}/30"
bgp_asn: "{{ vrf_peering_asn }}"
authentication_key: "{{ bgp_md5_password }}"
14 changes: 3 additions & 11 deletions examples/layer2/main.yml → examples/layer2/metal.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,7 @@
gather_facts: no
tasks:
- name: Include the required variables
include_vars: "vars/equinix_metal_vars.yml"

- name: Compute peering ranges for VRF and virtual circuit
set_fact:
vrf_peering_ip_range: "{{ vrf_peering_ip_network }}/29"
vrf_vc_peering_ip_range: "{{ vrf_peering_ip_network }}/30"
include_vars: "vars/vars.yml"

# Equinix resources
- name: Create a project
Expand Down Expand Up @@ -109,15 +104,12 @@
- "{{ vrf.id }}"
register: connection

# TODO this task will fail until the service token is
# redeemed on the Fabric side; consider checking virtual
# circuit status and skipping if it is `pending`
- name: configure BGP for interconnection virtual circuit
equinix.cloud.metal_virtual_circuit:
id: "{{ connection.ports[0].virtual_circuits[0].id }}"
peer_asn: "{{ vrf_peering_asn }}"
customer_ip: "{{ vrf_vc_peering_ip_range | ansible.utils.nthhost(1) }}"
metal_ip: "{{ vrf_vc_peering_ip_range | ansible.utils.nthhost(2) }}"
customer_ip: "{{ aws_peering_ip }}"
metal_ip: "{{ metal_peering_ip }}"
subnet: "{{ vrf_vc_peering_ip_range }}"
md5: "{{ bgp_md5_password }}"
# The metal_virtual_circuit module requires this parameter
Expand Down
11 changes: 0 additions & 11 deletions examples/layer2/vars/equinix_metal_vars.yml

This file was deleted.

18 changes: 18 additions & 0 deletions examples/layer2/vars/vars.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Equinix variables
project_name: my_metal_layer2_project
device_hostname: layer2-device
metro: sv
operating_system: ubuntu_20_04
plan: c3.small.x86
interconnection_name: "ansible-layer2-example"
vrf_gateway_ip_range: 192.168.200.0/25
vrf_peering_ip_network: 169.254.0.0
vrf_peering_ip_range: "{{ vrf_peering_ip_network }}/29"
vrf_vc_peering_ip_range: "{{ vrf_peering_ip_network }}/30"
metal_peering_ip: "{{ vrf_vc_peering_ip_range | ansible.utils.nthhost(2) }}"
aws_peering_ip: "{{ vrf_vc_peering_ip_range | ansible.utils.nthhost(1) }}"
vrf_peering_asn: 65100
fabric_connection_name: ansible-layer2-example
# AWS variables
aws_network_cidr: 172.16.0.0/16
aws_region: us-west-1

0 comments on commit 05aeae9

Please sign in to comment.