/home/pipi/.local/lib/python3.10/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0. "cipher": algorithms.TripleDES, /home/pipi/.local/lib/python3.10/site-packages/paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0. "class": algorithms.TripleDES, [WARNING]: Could not match supplied host pattern, ignoring: unprovisioned [WARNING]: Found variable using reserved name: hosts PLAY [Deploy initial device configuration] ************************************* TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] TASK [Find device readiness script] ******************************************** ok: [h1] ok: [h2] ok: [h3] ok: [s1] ok: [h4] TASK [Wait for device to become ready] ***************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] TASK [Normalize config on bridge-like devices] ********************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1 TASK [Figure out whether to deploy the module normalize on current device] ***** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] TASK [Find configuration template for normalize] ******************************* ok: [h1] ok: [h2] ok: [h3] ok: [s1] ok: [h4] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] TASK [Find configuration deployment deploy_script for normalize] *************** ok: [h1] ok: [h2] ok: [h3] ok: [s1] ok: [h4] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] TASK [Deploy normalize configuration] ****************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] TASK [Deploy initial configuration] ******************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1 TASK [Figure out whether to deploy the module initial on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [s1] ok: [h4] TASK [Find configuration template for initial] ********************************* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] TASK [Find configuration deployment deploy_script for initial] ***************** ok: [h1] ok: [h2] ok: [h3] ok: [s1] ok: [h4] TASK [Print deployed configuration when running in verbose mode] *************** ok: [h1] => msg: |- initial configuration for h1 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.16.0.1/24 dev eth1 2>/dev/null set -e ip addr add 172.16.0.1/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h2] => msg: |- initial configuration for h2 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.16.0.2/24 dev eth1 2>/dev/null set -e ip addr add 172.16.0.2/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h3] => msg: |- initial configuration for h3 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.16.1.3/24 dev eth1 2>/dev/null set -e ip addr add 172.16.1.3/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [h4] => msg: |- initial configuration for h4 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Send ARP requests from a sane source IP address sysctl -w net.ipv4.conf.all.arp_announce=2 # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.16.2.4/24 dev eth1 2>/dev/null set -e ip addr add 172.16.2.4/24 dev eth1 sysctl -w net.ipv6.conf.eth1.disable_ipv6=1 ip link set dev eth1 mtu 1500 ok: [s1] => msg: |- initial configuration for s1 ========================================= #!/bin/vbash source /opt/vyatta/etc/functions/script-template if [ "$(id -g -n)" != 'vyattacfg' ] ; then exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@" fi # Configuration items start here configure set system host-name 's1' set interfaces bridge br0 description 'Global Switch Bridge' set interfaces bridge br0 enable-vlan set interfaces bridge br0 vif 700 set interfaces bridge br0 vif 701 set interfaces bridge br0 vif 702 set interfaces dummy dum0 address 10.0.0.5/32 set interfaces ethernet eth1 description '[Access VLAN red] s1 -> h1' set interfaces ethernet eth2 description '[Access VLAN red] s1 -> h2' set interfaces ethernet eth3 description '[Access VLAN blue] s1 -> h3' set interfaces ethernet eth4 description '[Access VLAN green] s1 -> h4' set interfaces bridge br0 vif 700 description 'VLAN red (700) -> [h1,h2] [stub]' set interfaces bridge br0 vif 701 description 'VLAN blue (701) -> [h3] [stub]' set interfaces bridge br0 vif 701 address 172.16.1.5/24 set interfaces bridge br0 vif 702 description 'VLAN green (702) -> [h4] [stub]' set interfaces bridge br0 vif 702 address 172.16.2.5/24 set service lldp interface all >/dev/null 2>/dev/null set service lldp interface eth0 disable >/dev/null 2>/dev/null set service lldp interface eth0 mode disable # Commit, save and exit from subshell commit save exit # Restart FRR to pick up the new hostname sudo service frr restart TASK [Deploy initial configuration] ******************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/linux-clab.yml for h1, h2, h3, h4 included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/vyos.yml for s1 TASK [Define script filename and determine whether to execute in netns] ******** ok: [h1] ok: [h2] ok: [h3] ok: [h4] TASK [Create a temporary file for the rendered script] ************************* changed: [h4 -> localhost] changed: [h1 -> localhost] changed: [h3 -> localhost] changed: [h2 -> localhost] TASK [Create container setup script from /home/pipi/netlab_gh/netsim/ansible/templates/initial/linux-clab.j2] *** changed: [h1 -> localhost] changed: [h4 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] TASK [Copy script into running container at /tmp/config-h1_initial.sh] ********* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] TASK [Execute /tmp/config-h1_initial.sh to deploy initial config based on /home/pipi/netlab_gh/netsim/ansible/templates/initial/linux-clab.j2] *** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] TASK [Container configuration for initial based on /home/pipi/netlab_gh/netsim/ansible/templates/initial/linux-clab.j2 executed in netns] *** changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] TASK [Remove temporary file /tmp/h1_initial-5pu0nzor.sh] *********************** changed: [h3 -> localhost] changed: [h4 -> localhost] changed: [h2 -> localhost] changed: [h1 -> localhost] TASK [set_fact] **************************************************************** ok: [s1] TASK [template] **************************************************************** changed: [s1] TASK [execute config-initial.sh to deploy initial config from /home/pipi/netlab_gh/netsim/ansible/templates/initial/vyos.j2] *** changed: [s1] PLAY [Deploy module-specific configurations] *********************************** TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] TASK [Deploy individual configuration modules] ********************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1 => (item=vlan) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for h1, h2, h3, h4, s1 => (item=routing) TASK [Figure out whether to deploy the module vlan on current device] ********** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] TASK [Find configuration template for vlan] ************************************ skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] TASK [Find configuration deployment deploy_script for vlan] ******************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] ok: [s1] => msg: |- vlan configuration for s1 ========================================= #!/bin/vbash source /opt/vyatta/etc/functions/script-template if [ "$(id -g -n)" != 'vyattacfg' ] ; then exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@" fi # Configuration items start here configure set interfaces bridge br0 member interface eth1 native-vlan 700 set interfaces bridge br0 member interface eth2 native-vlan 700 set interfaces bridge br0 member interface eth3 native-vlan 701 set interfaces bridge br0 member interface eth4 native-vlan 702 # Commit, save and exit from subshell commit save exit TASK [Deploy vlan configuration] *********************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/vyos.yml for s1 TASK [set_fact] **************************************************************** ok: [s1] TASK [template] **************************************************************** changed: [s1] TASK [execute config-vlan.sh to deploy vlan config from /home/pipi/netlab_gh/netsim/ansible/templates/vlan/vyos.j2] *** changed: [s1] TASK [Figure out whether to deploy the module routing on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s1] TASK [Find configuration template for routing] ********************************* ok: [h1] skipping: [s1] ok: [h2] ok: [h3] ok: [h4] TASK [fail] ******************************************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [s1] TASK [Find configuration deployment deploy_script for routing] ***************** skipping: [s1] ok: [h1] ok: [h2] ok: [h3] ok: [h4] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [s1] ok: [h1] => msg: |- routing configuration for h1 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route ok: [h2] => msg: |- routing configuration for h2 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # # # Print the final routing table ip route ok: [h3] => msg: |- routing configuration for h3 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # echo Removing existing IPv4 routes while ip route del 172.16.0.0/16 2>/dev/null; do : ; done while ip route del 10.0.0.0/24 2>/dev/null; do : ; done while ip route del 10.1.0.0/16 2>/dev/null; do : ; done while ip route del 10.2.0.0/24 2>/dev/null; do : ; done # # # echo Adding direct static routes ip route add 172.16.0.0/16 via 172.16.1.5 dev eth1 protocol static ip route add 10.0.0.0/24 via 172.16.1.5 dev eth1 protocol static ip route add 10.1.0.0/16 via 172.16.1.5 dev eth1 protocol static ip route add 10.2.0.0/24 via 172.16.1.5 dev eth1 protocol static # # Print the final routing table ip route ok: [h4] => msg: |- routing configuration for h4 ========================================= #!/bin/bash # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # echo Removing existing IPv4 routes while ip route del 172.16.0.0/16 2>/dev/null; do : ; done while ip route del 10.0.0.0/24 2>/dev/null; do : ; done while ip route del 10.1.0.0/16 2>/dev/null; do : ; done while ip route del 10.2.0.0/24 2>/dev/null; do : ; done # # # echo Adding direct static routes ip route add 172.16.0.0/16 via 172.16.2.5 dev eth1 protocol static ip route add 10.0.0.0/24 via 172.16.2.5 dev eth1 protocol static ip route add 10.1.0.0/16 via 172.16.2.5 dev eth1 protocol static ip route add 10.2.0.0/24 via 172.16.2.5 dev eth1 protocol static # # Print the final routing table ip route TASK [Deploy routing configuration] ******************************************** skipping: [s1] included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/linux-clab.yml for h1, h2, h3, h4 TASK [Define script filename and determine whether to execute in netns] ******** ok: [h1] ok: [h2] ok: [h3] ok: [h4] TASK [Create a temporary file for the rendered script] ************************* changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] TASK [Create container setup script from /home/pipi/netlab_gh/netsim/ansible/templates/routing/linux-clab.j2] *** changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] changed: [h1 -> localhost] TASK [Copy script into running container at /tmp/config-h1_routing.sh] ********* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] TASK [Execute /tmp/config-h1_routing.sh to deploy routing config based on /home/pipi/netlab_gh/netsim/ansible/templates/routing/linux-clab.j2] *** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] TASK [Container configuration for routing based on /home/pipi/netlab_gh/netsim/ansible/templates/routing/linux-clab.j2 executed in netns] *** changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] TASK [Remove temporary file /tmp/h1_routing-a7f04ped.sh] *********************** changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] PLAY [Deploy custom deployment templates] ************************************** skipping: no hosts matched PLAY RECAP ********************************************************************* h1 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 h2 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 h3 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 h4 : ok=31 changed=8 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 s1 : ok=27 changed=4 unreachable=0 failed=0 skipped=11 rescued=0 ignored=0 The device under test is a mixed layer-2/layer-3 switch. Red VLAN is a layer-2-only VLAN, the device acts as a L2/L3 switch on all other VLANs h1 and h2 should be able to ping each other, but not h3 or h4 h3 and h4 should be able to ping each other, but not h1 or h2