[WARNING]: Could not match supplied host pattern, ignoring: unprovisioned [WARNING]: Found variable using reserved name: hosts PLAY [Deploy initial device configuration] ************************************* TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s2] ok: [s1] TASK [Find device readiness script] ******************************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [s2] ok: [h6] ok: [s1] TASK [Wait for device to become ready] ***************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] included: /home/pipi/net101/tools/netsim/ansible/tasks/readiness-check/eos-clab.yml for s2 TASK [Wait for cEOS SSH daemon to start] *************************************** ok: [s2] TASK [Normalize config on bridge-like devices] ********************************* included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-module.yml for s2, h1, h2, h3, h4, h5, h6, s1 TASK [Figure out whether to deploy the module normalize on current device] ***** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [s2] ok: [h6] ok: [s1] TASK [Find configuration template for normalize] ******************************* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [s2] ok: [h6] ok: [s1] TASK [fail] ******************************************************************** skipping: [s2] skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] TASK [Find configuration deployment deploy_script for normalize] *************** ok: [h1] ok: [h2] ok: [h4] ok: [h3] ok: [s2] ok: [h5] ok: [h6] ok: [s1] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] ok: [s2] => msg: |- normalize configuration for s2 ========================================= ! interface Ethernet1 shutdown mac-address 52dc.cafe.0801 ! interface Ethernet2 shutdown mac-address 52dc.cafe.0802 ! interface Ethernet3 shutdown mac-address 52dc.cafe.0803 ! interface Ethernet4 shutdown mac-address 52dc.cafe.0804 TASK [Deploy normalize configuration] ****************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [eos_config: deploying normalize from /home/pipi/net101/tools/netsim/ansible/templates/normalize/eos.j2] *** [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation changed: [s2] TASK [Deploy initial configuration] ******************************************** included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-module.yml for s2, h1, h2, h3, h4, h5, h6, s1 TASK [Figure out whether to deploy the module initial on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [Find configuration template for initial] ********************************* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [s2] skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] TASK [Find configuration deployment deploy_script for initial] ***************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [s1] ok: [h6] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** ok: [h1] => msg: |- initial configuration for h1 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.1/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.1/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h2] => msg: |- initial configuration for h2 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.2/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.2/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h3] => msg: |- initial configuration for h3 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.3/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.3/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h4] => msg: |- initial configuration for h4 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.4/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.4/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h5] => msg: |- initial configuration for h5 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.5/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.5/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h6] => msg: |- initial configuration for h6 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.6/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.6/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [s2] => msg: |- initial configuration for s2 ========================================= hostname s2 ! logging monitor debugging aaa authorization exec default local ! lldp run ip routing no ipv6 unicast-routing ! ! ip host h1 172.31.1.1 ip host h2 172.31.1.2 ip host h3 172.31.1.3 ip host h4 172.31.1.4 ip host h5 172.31.1.5 ip host h6 172.31.1.6 ip host s1 10.0.0.7 ! interface Management0 no lldp transmit no lldp receive ! interface Loopback0 ip address 10.0.0.8/32 ! interface Ethernet1 no switchport description s2 -> s1 ! mac-address 52dc.cafe.0801 no shutdown ! interface Ethernet2 no switchport description [Access VLAN red] s2 -> h2 ! mac-address 52dc.cafe.0802 no shutdown ! interface Ethernet3 no switchport description [Access VLAN blue] s2 -> h4 ! mac-address 52dc.cafe.0803 no shutdown ! interface Ethernet4 no switchport description [Access VLAN untagged] s2 -> h6 ! mac-address 52dc.cafe.0804 no shutdown ! interface Vlan700 description VLAN red (700) -> [h1,s1,h2] ! interface Vlan701 description VLAN blue (701) -> [h3,s1,h4] ! interface Vlan1 description VLAN untagged (1) -> [h5,s1,h6] ! ok: [s1] => msg: |- initial configuration for s1 ========================================= #!/bin/vbash source /opt/vyatta/etc/functions/script-template if [ "$(id -g -n)" != 'vyattacfg' ] ; then exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@" fi # Configuration items start here configure set system host-name 's1' set interfaces bridge br0 description 'Global Switch Bridge' set interfaces bridge br0 enable-vlan set interfaces bridge br0 vif 701 set interfaces bridge br0 vif 700 set interfaces dummy dum0 address 10.0.0.7/32 set interfaces ethernet eth1 description 's1 -> s2' set interfaces ethernet eth1 mtu 1500 set interfaces ethernet eth2 description '[Access VLAN red] s1 -> h1' set interfaces ethernet eth2 mtu 1500 set interfaces ethernet eth3 description '[Access VLAN blue] s1 -> h3' set interfaces ethernet eth3 mtu 1500 set interfaces ethernet eth4 description '[Access VLAN untagged] s1 -> h5' set interfaces ethernet eth4 mtu 1500 set interfaces bridge br0 vif 700 description 'VLAN red (700) -> [h1,s2,h2]' set interfaces bridge br0 vif 701 description 'VLAN blue (701) -> [h3,s2,h4]' set interfaces bridge br0 description 'VLAN untagged (1) -> [h5,h6,s2]' set service lldp interface all >/dev/null 2>/dev/null set service lldp interface eth0 disable >/dev/null 2>/dev/null set service lldp interface eth0 mode disable set service ssh # Commit, save and exit from subshell commit save exit # Restart FRR to pick up the new hostname sudo service frr restart TASK [Deploy initial configuration] ******************************************** included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/eos.yml for s2 included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/linux-clab.yml for h1, h2, h3, h4, h5, h6 included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/vyos.yml for s1 TASK [eos_config: deploying initial from /home/pipi/net101/tools/netsim/ansible/templates/initial/eos.j2] *** changed: [s2] TASK [Define script filename and determine whether to execute in netns] ******** ok: [h1] ok: [h2] ok: [h3] ok: [h5] ok: [h4] ok: [h6] TASK [Create a temporary file for the rendered script] ************************* changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h1 -> localhost] changed: [h5 -> localhost] changed: [h6 -> localhost] changed: [h4 -> localhost] TASK [Create container setup script from /home/pipi/net101/tools/netsim/ansible/templates/initial/linux-clab.j2] *** changed: [h3 -> localhost] changed: [h2 -> localhost] changed: [h6 -> localhost] changed: [h1 -> localhost] changed: [h5 -> localhost] changed: [h4 -> localhost] TASK [Copy script into running container at /tmp/config-h1_initial.sh] ********* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] TASK [Execute /tmp/config-h1_initial.sh to deploy initial config based on /home/pipi/net101/tools/netsim/ansible/templates/initial/linux-clab.j2] *** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] TASK [Container configuration for initial based on /home/pipi/net101/tools/netsim/ansible/templates/initial/linux-clab.j2 executed in netns] *** changed: [h6 -> localhost] changed: [h4 -> localhost] changed: [h1 -> localhost] changed: [h5 -> localhost] changed: [h3 -> localhost] changed: [h2 -> localhost] TASK [Remove temporary file /tmp/h1_initial-m3h9zcl1.sh] *********************** changed: [h2 -> localhost] changed: [h1 -> localhost] changed: [h6 -> localhost] changed: [h4 -> localhost] changed: [h3 -> localhost] changed: [h5 -> localhost] TASK [wait_for_connection] ***************************************************** ok: [s1] TASK [wait_for] **************************************************************** ok: [s1] TASK [set_fact] **************************************************************** ok: [s1] TASK [set_fact] **************************************************************** ok: [s1] TASK [template] **************************************************************** changed: [s1] TASK [execute config-initial.sh to deploy initial config from /home/pipi/net101/tools/netsim/ansible/templates/initial/vyos.j2] *** changed: [s1] PLAY [Deploy module-specific configurations] *********************************** TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h5] ok: [h4] ok: [h6] ok: [s1] ok: [s2] TASK [Deploy individual configuration modules] ********************************* included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, h5, h6, s1, s2 => (item=vlan) included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, h5, h6, s1, s2 => (item=routing) TASK [Figure out whether to deploy the module vlan on current device] ********** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [Find configuration template for vlan] ************************************ skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for vlan] ******************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] ok: [s2] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s1] => msg: |- vlan configuration for s1 ========================================= #!/bin/vbash source /opt/vyatta/etc/functions/script-template if [ "$(id -g -n)" != 'vyattacfg' ] ; then exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@" fi # Configuration items start here configure set interfaces bridge br0 member interface eth1 allowed-vlan 700 set interfaces bridge br0 member interface eth1 allowed-vlan 701 set interfaces bridge br0 member interface eth2 native-vlan 700 set interfaces bridge br0 member interface eth3 native-vlan 701 set interfaces bridge br0 member interface eth4 native-vlan 1 # Commit, save and exit from subshell commit save exit ok: [s2] => msg: |- vlan configuration for s2 ========================================= vlan 701 name blue ! vlan 700 name red ! vlan 1 name untagged ! ! interface Ethernet1 switchport switchport mode trunk switchport trunk allowed vlan 1,700,701 switchport trunk native vlan 1 ! interface Ethernet2 switchport switchport access vlan 700 ! interface Ethernet3 switchport switchport access vlan 701 ! interface Ethernet4 switchport switchport access vlan 1 ! interface Vlan700 ! interface Vlan701 ! interface Vlan1 TASK [Deploy vlan configuration] *********************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/vyos.yml for s1 included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [wait_for_connection] ***************************************************** skipping: [s1] TASK [wait_for] **************************************************************** skipping: [s1] TASK [set_fact] **************************************************************** ok: [s1] TASK [set_fact] **************************************************************** ok: [s1] TASK [template] **************************************************************** changed: [s1] TASK [execute config-vlan.sh to deploy vlan config from /home/pipi/net101/tools/netsim/ansible/templates/vlan/vyos.j2] *** changed: [s1] TASK [eos_config: deploying vlan from /home/pipi/net101/tools/netsim/ansible/templates/vlan/eos.j2] *** changed: [s2] TASK [Figure out whether to deploy the module routing on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s1] ok: [s2] TASK [Find configuration template for routing] ********************************* ok: [h1] ok: [h2] ok: [h3] skipping: [s1] skipping: [s2] ok: [h4] ok: [h6] ok: [h5] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] skipping: [s2] TASK [Find configuration deployment deploy_script for routing] ***************** ok: [h1] ok: [h2] skipping: [s1] ok: [h3] skipping: [s2] ok: [h4] ok: [h5] ok: [h6] TASK [Print deployed configuration when running in verbose mode] *************** ok: [h1] => msg: |- routing configuration for h1 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route ok: [h2] => msg: |- routing configuration for h2 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route ok: [h3] => msg: |- routing configuration for h3 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route skipping: [s1] skipping: [s2] ok: [h4] => msg: |- routing configuration for h4 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route ok: [h5] => msg: |- routing configuration for h5 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route ok: [h6] => msg: |- routing configuration for h6 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route TASK [Deploy routing configuration] ******************************************** skipping: [s1] skipping: [s2] included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/linux-clab.yml for h1, h2, h3, h4, h5, h6 TASK [Define script filename and determine whether to execute in netns] ******** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] TASK [Create a temporary file for the rendered script] ************************* changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] changed: [h5 -> localhost] changed: [h6 -> localhost] TASK [Create container setup script from /home/pipi/net101/tools/netsim/ansible/templates/routing/linux-clab.j2] *** changed: [h1 -> localhost] changed: [h4 -> localhost] changed: [h3 -> localhost] changed: [h2 -> localhost] changed: [h5 -> localhost] changed: [h6 -> localhost] TASK [Copy script into running container at /tmp/config-h1_routing.sh] ********* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] TASK [Execute /tmp/config-h1_routing.sh to deploy routing config based on /home/pipi/net101/tools/netsim/ansible/templates/routing/linux-clab.j2] *** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] TASK [Container configuration for routing based on /home/pipi/net101/tools/netsim/ansible/templates/routing/linux-clab.j2 executed in netns] *** changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h4 -> localhost] changed: [h5 -> localhost] changed: [h3 -> localhost] changed: [h6 -> localhost] TASK [Remove temporary file /tmp/h1_routing-clvpwdxx.sh] *********************** changed: [h1 -> localhost] changed: [h4 -> localhost] changed: [h5 -> localhost] changed: [h6 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] PLAY [Deploy custom deployment templates] ************************************** skipping: no hosts matched PLAY RECAP ********************************************************************* h1 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 h2 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 h3 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 h4 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 h5 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 h6 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 s1 : ok=31 changed=4 unreachable=0 failed=0 skipped=13 rescued=0 ignored=0 s2 : ok=28 changed=3 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 The devices under test are simple bridges with a VLAN trunk between them. Both VLANs are using the same IP prefix to identify potential inter-VLAN leaking. * h1 and h2 should be able to ping each other * h3 and h4 should be able to ping each other * h1 should not be able to reach h3 * h5 should not be able to reach h6 over its untagged native vlan Please note it might take a while for the lab to work due to STP learning phase