Step 1 - Create inventory, connection, and local defaults

Create the staging inventory, ND connection variables, local credential environment file, and safe delete defaults. The inventory host name maps to a folder under host_vars. The staging host below maps to host_vars/fabric-stage, and the shared nd group variables tell Ansible how to connect to ND.

cat << EOF > ~/workspace/CiscoLive/DEVWKS-3928/hosts.stage.yaml
# Defines the staging fabric inventory host that maps to host_vars/fabric-stage.
---
all:
  children:
    nd:
      hosts:
        fabric-stage:
          ansible_host: 10.15.0.11
EOF

mkdir -p ~/workspace/CiscoLive/DEVWKS-3928/group_vars/nd
cat << EOF > ~/workspace/CiscoLive/DEVWKS-3928/group_vars/nd/connection.yaml
# Stores common ND HTTP API connection settings and credential lookups.
---
ansible_connection: ansible.netcommon.httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_login_domain: "{{ lookup('ansible.builtin.env', 'ND_DOMAIN') }}"
ansible_network_os: cisco.dcnm.dcnm
ansible_user: "{{ lookup('ansible.builtin.env', 'ND_USERNAME') }}"
ansible_password: "{{ lookup('ansible.builtin.env', 'ND_PASSWORD') }}"
ndfc_switch_username: "{{ lookup('ansible.builtin.env', 'NDFC_SW_USERNAME') }}"
ndfc_switch_password: "{{ lookup('ansible.builtin.env', 'NDFC_SW_PASSWORD') }}"
EOF

cat << EOF > ~/workspace/CiscoLive/DEVWKS-3928/.gitignore
# Ignore .env file that contains environment variable exports for credentials.
.env
EOF

cat << EOF > ~/workspace/CiscoLive/DEVWKS-3928/.env
# Defines local environment variables used by connection.yaml.
export ND_USERNAME="admin"
export ND_PASSWORD="cisco.123"
export ND_DOMAIN="local"
export NDFC_SW_USERNAME="admin"
export NDFC_SW_PASSWORD="cisco.123"
EOF

cat << EOF > ~/workspace/CiscoLive/DEVWKS-3928/group_vars/nd/nac.yaml
# Sets safe NaC delete defaults so the lab only creates and updates intent.
---
network_delete_mode: false
vrf_delete_mode: false
EOF

The ansible_network_os value still uses the cisco.dcnm.dcnm plugin name because that is the plugin exposed by the NDFC Ansible Collection dependency. The switch credential variable names include ndfc for the same reason, but they still refer to the switch credentials used by ND to deploy configuration to the switches. In the CI/CD task, the same credential values will come from GitLab CI/CD variables.

Step 2 - Install and update NaC requirements

Use the requirements files created in the previous task to install the Python packages and Ansible collections. The NaC collection is under active development, so the final two commands update NaC and its required NDFC Ansible Collection dependency to the versions used in this lab.

cd ~/workspace/CiscoLive/DEVWKS-3928
python3 -m pip install -r requirements.txt
ansible-galaxy collection install -r requirements.yaml

The project is now ready for NaC overlay intent. In the next task, you will add the VRF and Network model for the staging fabric and deploy it through ND.