[INFO] Executing initial configuration for node h1 (namespace clab- ml_17-h1) [INFO] Executing routing configuration for node h1 (namespace clab- ml_17-h1) [INFO] Executing initial configuration for node h2 (namespace clab- ml_17-h2) [INFO] Executing routing configuration for node h2 (namespace clab- ml_17-h2) [INFO] Executing initial configuration for node h3 (namespace clab- ml_17-h3) [INFO] Executing routing configuration for node h3 (namespace clab- ml_17-h3) [INFO] Executing initial configuration for node h4 (namespace clab- ml_17-h4) [INFO] Executing routing configuration for node h4 (namespace clab- ml_17-h4) [INFO] Executing initial configuration for node h5 (namespace clab- ml_17-h5) [INFO] Executing routing configuration for node h5 (namespace clab- ml_17-h5) [INFO] Executing initial configuration for node h6 (namespace clab- ml_17-h6) [INFO] Executing routing configuration for node h6 (namespace clab- ml_17-h6) [INFO] Starting Ansible playbook to deploy the rest of the configurations /home/pipi/.local/lib/python3.10/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0. "cipher": algorithms.TripleDES, /home/pipi/.local/lib/python3.10/site-packages/paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0. "class": algorithms.TripleDES, [WARNING]: Could not match supplied host pattern, ignoring: unprovisioned [WARNING]: Found variable using reserved name: hosts PLAY [Deploy initial device configuration] ************************************* TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h5] ok: [h4] ok: [h6] ok: [s1] ok: [s2] TASK [Generic readiness tests] ************************************************* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] included: /home/pipi/netlab_gh/netsim/ansible/tasks/readiness-check/ssh.yml for s2 => (item=ssh) TASK [Check if 'sshpass' is installed] ***************************************** ok: [s2 -> localhost] TASK [Check for 'timeout' command] ********************************************* ok: [s2 -> localhost] TASK [Execute local ssh command to check ssh readiness] ************************ FAILED - RETRYING: [s2 -> localhost]: Execute local ssh command to check ssh readiness (20 retries left). ok: [s2 -> localhost] TASK [Confirm s2 SSH server works] ********************************************* ok: [s2] => msg: Node s2 is ready. TASK [Find device readiness script] ******************************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h6] ok: [h5] ok: [s1] ok: [s2] TASK [Wait for device to become ready] ***************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s2] included: /home/pipi/netlab_gh/netsim/ansible/tasks/readiness-check/cumulus_nvue.yml for s1 TASK [Wait for nvued to start] ************************************************* ok: [s1] TASK [Normalize config on bridge-like devices] ********************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, h5, h6, s1, s2 TASK [Figure out whether to deploy the module normalize on current device] ***** ok: [h1] ok: [h2] ok: [h3] ok: [h5] ok: [h4] ok: [h6] ok: [s1] ok: [s2] TASK [Find configuration template for normalize] ******************************* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h6] ok: [h5] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for normalize] *************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] ok: [s2] => msg: |- normalize configuration for s2 ========================================= ! interface Ethernet1 shutdown ! interface Ethernet2 shutdown ! interface Ethernet3 shutdown ! interface Ethernet4 shutdown TASK [Deploy normalize configuration] ****************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [eos_config: deploying normalize from /home/pipi/netlab_gh/netsim/ansible/templates/normalize/eos.j2] *** [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation changed: [s2] TASK [Deploy initial configuration] ******************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, h5, h6, s1, s2 TASK [Figure out whether to deploy the module initial on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [Find configuration template for initial] ********************************* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for initial] ***************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] => msg: |- initial configuration for s1 ========================================= - set: system: hostname: s1 global: system-mac: ca:fe:00:07:00:00 config: snippet: system-mtu: file: /etc/network/ifupdown2/policy.d/mtu.json content: | { "address": { "defaults": { "mtu": "1500" } } } interface: eth0: ip: vrf: mgmt address: dhcp: {} type: eth swp1: type: swp link: state: up : {} description: "s1 -> s2" ip: ipv6: enable: off swp2: type: swp link: state: up : {} description: "[Access VLAN red] s1 -> h1" ip: ipv6: enable: off swp3: type: swp link: state: up : {} description: "[Access VLAN blue] s1 -> h3" ip: ipv6: enable: off swp4: type: swp link: state: up : {} description: "[Access VLAN untagged] s1 -> h5" ip: ipv6: enable: off vlan700: type: svi link: state: up : {} description: "VLAN red (700) -> [h1,h2,s2]" ip: ipv6: enable: off vlan701: type: svi link: state: up : {} description: "VLAN blue (701) -> [h3,h4,s2]" ip: ipv6: enable: off vlan1: type: svi link: state: up : {} description: "VLAN untagged (1) -> [h5,h6,s2]" ip: ipv6: enable: off - set: interface: lo: type: loopback ip: address: 10.0.0.7/32: {} ipv6: enable: off ok: [s2] => msg: |- initial configuration for s2 ========================================= hostname s2 ! logging monitor debugging aaa authorization exec default local ! lldp run ip routing no ipv6 unicast-routing ! ! ip host h1 172.31.1.1 ip host h2 172.31.1.2 ip host h3 172.31.1.3 ip host h4 172.31.1.4 ip host h5 172.31.1.5 ip host h6 172.31.1.6 ip host s1 10.0.0.7 ! interface Management0 no lldp transmit no lldp receive ! interface Loopback0 ip address 10.0.0.8/32 ! interface Ethernet1 no switchport description s2 -> s1 mac-address caf0.0008.0001 ! no shutdown ! interface Ethernet2 no switchport description [Access VLAN red] s2 -> h2 ! no shutdown ! interface Ethernet3 no switchport description [Access VLAN blue] s2 -> h4 ! no shutdown ! interface Ethernet4 no switchport description [Access VLAN untagged] s2 -> h6 ! no shutdown ! interface Vlan700 description VLAN red (700) -> [h1,s1,h2] ! interface Vlan701 description VLAN blue (701) -> [h3,s1,h4] ! interface Vlan1 description VLAN untagged (1) -> [h5,s1,h6] ! TASK [Deploy initial configuration] ******************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/cumulus_nvue.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [set_fact] **************************************************************** ok: [s1] TASK [copy the cumulus nvue YAML initial config file to switch (generated from /home/pipi/netlab_gh/netsim/ansible/templates/initial/cumulus_nvue.j2)] *** changed: [s1] TASK [execute on cumulus: 'nv config patch' for initial config] **************** changed: [s1] TASK [execute on cumulus: 'nv config apply -y' for initial config] ************* changed: [s1] TASK [eos_config: deploying initial from /home/pipi/netlab_gh/netsim/ansible/templates/initial/eos.j2] *** changed: [s2] PLAY [Deploy module-specific configurations] *********************************** TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [Deploy individual configuration modules] ********************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, h5, h6, s1, s2 => (item=vlan) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, h5, h6, s1, s2 => (item=routing) TASK [Figure out whether to deploy the module vlan on current device] ********** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [Find configuration template for vlan] ************************************ skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for vlan] ******************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] => msg: |- vlan configuration for s1 ========================================= - set: bridge: domain: br_default: type: vlan-aware vlan: '700': {} '701': {} '1': {} - set: interface: swp1: bridge: domain: br_default: untagged: none - set: interface: swp2: bridge: domain: br_default: access: 700 - set: interface: swp3: bridge: domain: br_default: access: 701 - set: interface: swp4: bridge: domain: br_default: access: 1 - set: interface: swp1: bridge: domain: br_default: vlan: '701': {} - set: interface: swp1: bridge: domain: br_default: vlan: '700': {} ok: [s2] => msg: |- vlan configuration for s2 ========================================= vlan 700 name red ! vlan 701 name blue ! vlan 1 name untagged ! ! interface Ethernet1 switchport switchport mode trunk switchport trunk allowed vlan 1,700,701 switchport trunk native vlan 1 ! interface Ethernet2 switchport switchport access vlan 700 ! interface Ethernet3 switchport switchport access vlan 701 ! interface Ethernet4 switchport switchport access vlan 1 ! interface Vlan700 ! interface Vlan701 ! interface Vlan1 TASK [Deploy vlan configuration] *********************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/cumulus_nvue.yml for s1 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [set_fact] **************************************************************** ok: [s1] TASK [copy the cumulus nvue YAML vlan config file to switch (generated from /home/pipi/netlab_gh/netsim/ansible/templates/vlan/cumulus_nvue.j2)] *** changed: [s1] TASK [execute on cumulus: 'nv config patch' for vlan config] ******************* changed: [s1] TASK [execute on cumulus: 'nv config apply -y' for vlan config] **************** changed: [s1] TASK [eos_config: deploying vlan from /home/pipi/netlab_gh/netsim/ansible/templates/vlan/eos.j2] *** changed: [s2] TASK [Figure out whether to deploy the module routing on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [Find configuration template for routing] ********************************* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for routing] ***************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [Deploy routing configuration] ******************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] PLAY [Deploy custom deployment templates] ************************************** skipping: no hosts matched PLAY RECAP ********************************************************************* h1 : ok=13 changed=0 unreachable=0 failed=0 skipped=20 rescued=0 ignored=0 h2 : ok=13 changed=0 unreachable=0 failed=0 skipped=20 rescued=0 ignored=0 h3 : ok=13 changed=0 unreachable=0 failed=0 skipped=20 rescued=0 ignored=0 h4 : ok=13 changed=0 unreachable=0 failed=0 skipped=20 rescued=0 ignored=0 h5 : ok=13 changed=0 unreachable=0 failed=0 skipped=20 rescued=0 ignored=0 h6 : ok=13 changed=0 unreachable=0 failed=0 skipped=20 rescued=0 ignored=0 s1 : ok=31 changed=6 unreachable=0 failed=0 skipped=11 rescued=0 ignored=0 s2 : ok=31 changed=3 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0 Results of configuration script deployments ================================================================================ h1 OK=2 h2 OK=2 h3 OK=2 h4 OK=2 h5 OK=2 h6 OK=2 The devices under test are simple bridges with a VLAN trunk between them. Both VLANs are using the same IP prefix to identify potential inter-VLAN leaking. * h1 and h2 should be able to ping each other * h3 and h4 should be able to ping each other * h1 should not be able to reach h3 * h5 should not be able to reach h6 over its untagged native vlan Please note it might take a while for the lab to work due to STP learning phase