We are now going to run the Templates and Policies playbooks that we defined in the previous section.
We will now modify the top level build.yml playbook to include the bonus_template_policy role.
code -r /home/cisco/CiscoLive/DEVWKS-3928/build.yml
Uncomment the role on line 9 called bonus_template_policy in the file and press Ctrl+s to save it.
---
# This is the top level build playbook that runs the various
# Ansible roles that will be used to build out the fabric
- name: Build Out Fabric on NDFC
hosts: ndfc
gather_facts: false
roles:
- configure_overlay
- bonus_template_policy
cd /home/cisco/CiscoLive/DEVWKS-3928
If you recall from the previous section, the main.yml file for this role includes various Ansible task files.
---
# This main.yml file includes two task files that will be used to
# define and apply templates and policies
- { include: template_telemetry.yml, tags: ['telemetry'] }
- { include: template_variables.yml, tags: ['ntp_vars'] }
When we run the Ansible role playbook we are going to use the --tags option to specify the file to include. Without the --tags option both of the files above (lines 4 and 5) would be included in the run.
First we only want to run the tasks defined in template_telemetry.yml so run the Ansible role playbook using the --tags telemetry option so that only the telemetry template and policies get applied.
Use the following password when prompted for the Ansible Vault Password in the step below:
ansible-playbook -i hosts.stage.yml build.yml --ask-vault-password --tags telemetry
Vault password:
PLAY [Build Out Fabric on NDFC] ***************************************************************************************************
TASK [bonus_template_policy : Create Template To Enable Telemetry Feature] ********************************************************
changed: [10.15.0.98]
TASK [bonus_template_policy : Create Template For Telemetry Configuration] ********************************************************
changed: [10.15.0.98]
TASK [bonus_template_policy : Create and Apply Policy for Telemetry Configuration] ************************************************
ok: [10.15.0.98]
TASK [bonus_template_policy : Query Policies] *************************************************************************************
ok: [10.15.0.98]
TASK [bonus_template_policy : Display Query Result] *******************************************************************************
ok: [10.15.0.98] => {
"msg": [
{
"autoGenerated": false,
"createdOn": 1716339094411,
"deleted": false,
"description": "",
"editable": true,
"entityName": "SWITCH",
"entityType": "SWITCH",
"fabricName": "fabric-stage",
"generatedConfig": "feature telemetry\n\n\n",
"id": 28660,
"ipAddress": "10.15.30.12",
"modifiedOn": 1716339094411,
"nvPairs": {
"FABRIC_NAME": "fabric-stage"
},
"policyId": "POLICY-28660",
"priority": 1,
"resourcesLinked": "",
"serialNumber": "900INDID0AR",
"source": "",
"status": "NA",
"statusOn": 1716339094411,
"switchName": "staging-leaf1",
"templateContentType": "TEMPLATE_CLI",
"templateName": "template_telemetry_feature"
},
{
"autoGenerated": false,
"createdOn": 1716339094456,
"deleted": false,
"description": "",
"editable": true,
"entityName": "SWITCH",
"entityType": "SWITCH",
"fabricName": "fabric-stage",
"generatedConfig": "telemetry\n certificate /bootflash/telegraf.crt telegraf\n destination-profile\n use-vrf management\n destination-group 101\n ip address 192.168.55.55 port 57101 protocol gRPC encoding GPB\n sensor-group 101\n data-source DME\n path sys/ch depth unbounded\n subscription 101\n dst-grp 101\n snsr-grp 101 sample-interval 10101\n\n\n",
"id": 28670,
"ipAddress": "10.15.30.12",
"modifiedOn": 1716339094456,
"nvPairs": {
"FABRIC_NAME": "fabric-stage"
},
"policyId": "POLICY-28670",
"priority": 2,
"resourcesLinked": "",
"serialNumber": "900INDID0AR",
"source": "",
"status": "NA",
"statusOn": 1716339094456,
"switchName": "staging-leaf1",
"templateContentType": "TEMPLATE_CLI",
"templateName": "template_telemetry"
}
]
}
PLAY RECAP ************************************************************************************************************************
10.15.0.98 : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Notice that the only task that ran was the include file task with the telemetry tag. This is an easy way to select the execution path using Ansible tags.
NOTE: Your policy numbers will very likey differ from the example output in the lab guide. NDFC manages the policy numbering so this is nothing to be concerned about.
This time use the --tags ntp_vars option to only include the template_variables.yml task file and configure the NTP server IP addresses.
Use the following password when prompted for the Ansible vault password in the next step
---
# This main.yml file includes two task files that will be used to
# define and apply templates and policies
- { include: template_telemetry.yml, tags: ['telemetry'] }
- { include: template_variables.yml, tags: ['ntp_vars'] }
ansible-playbook -i hosts.stage.yml build.yml --ask-vault-password --tags ntp_vars
Vault password:
PLAY [Build Out Fabric on NDFC] ***************************************************************************************************
TASK [bonus_template_policy : Create and Apply NTP Server Config using the ntp_server NDFC template] ******************************
ok: [10.15.0.98]
PLAY RECAP ************************************************************************************************************************
10.15.0.98 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
This time, only the tasks to configure the NTP server using the ntp_server Template and Policy were run.