netascode · mikewiebe · Jun 27, 2025 · Jun 25, 2025 · Jun 25, 2025 · Jun 25, 2025
@@ -225,9 +225,11 @@ def run(self, tmp=None, task_vars=None):
         workflow = POAPDevice(params)
         workflow.refresh_discovered()
         workflow.check_poap_supported_switches()
-        workflow.check_preprovision_supported_switches()
+        #
+        # TBD: Don't think we need this
+        # workflow.check_preprovision_supported_switches()
 
-        if workflow.poap_supported_switches and not workflow.preprovision_supported_switches:
+        if workflow.poap_supported_switches:
             workflow.refresh()
 
             if workflow.refresh_succeeded:

@@ -0,0 +1,80 @@
+# Copyright (c) 2025 Cisco Systems, Inc. and its affiliates
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# SPDX-License-Identifier: MIT
+
+---
+
+- name: Set file_name Var
+  ansible.builtin.set_fact:
+    file_name: "ndfc_inventory_no_bootstrap.yml"
+  delegate_to: localhost
+
+- name: Stat Previous File If It Exists
+  ansible.builtin.stat:
+    path: "{{ path_name }}{{ file_name }}"
+  register: data_file_previous
+  delegate_to: localhost
+
+- name: Backup Previous Data File If It Exists
+  ansible.builtin.copy:
+    src: "{{ path_name }}{{ file_name }}"
+    dest: "{{ path_name }}{{ file_name }}.old"
+  when: data_file_previous.stat.exists
+
+- name: Delete Previous Data File If It Exists
+  ansible.builtin.file:
+    state: absent
+    path: "{{ path_name }}{{ file_name }}"
+  delegate_to: localhost
+  when: data_file_previous.stat.exists
+
+- name: Set Path For Inventory File Lookup
+  ansible.builtin.set_fact:
+    inv_file_path: "{{ path_name }}{{ file_name }}"
+  delegate_to: localhost
+
+- name: Build Fabric Switch Inventory List From Template
+  ansible.builtin.template:
+    src: ndfc_inventory/common/fabric_inventory_no_bootstrap.j2
+    dest: "{{ inv_file_path }}"
+  delegate_to: localhost
+
+- name: Create Empty inv_config Var
+  ansible.builtin.set_fact:
+    inv_config_no_bootstrap: []
+  delegate_to: localhost
+
+- name: Set inv_config Var
+  ansible.builtin.set_fact:
+    inv_config_no_bootstrap: "{{ lookup('file', path_name + file_name) | from_yaml }}"
+  when: (MD_Extended.vxlan.topology.switches | default([])) | length > 0
+  delegate_to: localhost
+
+- name: Retrieve NDFC Device Username and Password from Group Vars and update inv_config
+  cisco.nac_dc_vxlan.common.get_credentials:
+    inv_list: "{{ inv_config_no_bootstrap }}"
+  register: updated_inv_config_no_bootstrap
+  no_log: true
+
+- name: Credential Retrieval Failed
+  ansible.builtin.fail:
+    msg: "{{ updated_inv_config }}"
+  when: updated_inv_config_no_bootstrap['retrieve_failed']
+  delegate_to: localhost
@@ -52,6 +52,11 @@
 - name: Build NDFC Fabric Switch Inventory List From Template
   ansible.builtin.import_tasks: common/ndfc_inventory.yml
 
+# We need to also build an inventory list without bootstrap settings
+# This will be used for device removal.
+- name: Build NDFC Fabric Switch Inventory List From Template - No Bootstrap
+  ansible.builtin.import_tasks: common/ndfc_inventory_no_bootstrap.yml
+
 # --------------------------------------------------------------------
 # Build vPC Domain ID Resource From Template
 # --------------------------------------------------------------------
@@ -240,6 +245,7 @@
         policy_config: "{{ policy_config }}"
         sub_interface_routed: "{{ sub_interface_routed }}"
         updated_inv_config: "{{ updated_inv_config }}"
+        updated_inv_config_no_bootstrap: "{{ updated_inv_config_no_bootstrap }}"
         vpc_peering: "{{ vpc_peering }}"
         vpc_domain_id_resource: "{{ vpc_domain_id_resource }}"
         vrf_config: "{{ vrf_config }}"

@@ -12,9 +12,13 @@
   max_hops: 0 # this is the default value as it is not defined into the data model
   role: {{ switch['role'] }}
   preserve_config: false
+{# ------------------------------ #}
+{# Global Bootstrap Section Start #}
 {% if MD_Extended.vxlan.global.bootstrap is defined %}
-{% if MD_Extended.vxlan.global.bootstrap.enable_bootstrap is defined and MD_Extended.vxlan.global.bootstrap.enable_bootstrap %}
-{% if switch.poap is defined and switch.poap.bootstrap %}
+{% if MD_Extended.vxlan.global.bootstrap.enable_bootstrap | default(defaults.vxlan.global.enable_bootstrap) | ansible.builtin.bool %}
+{#     ------------------------- #}
+{#     Switch POAP Section Start #}
+{% if switch.poap is defined and (switch.poap.bootstrap | default(defaults.vxlan.topology.switches.poap.bootstrap) | ansible.builtin.bool) %}
 {% if poap_data[switch['serial_number']] is defined %}
 {% set pdata = poap_data[switch['serial_number']] %}
   poap:
@@ -25,7 +29,15 @@
       config_data:
         modulesModel: {{ pdata['modulesModel'] }}
         gateway: {{ pdata['gateway'] }}
-{% elif switch['poap']['preprovision'] is defined %}
+{% endif %}
+{% endif %}
+{#     ---------------------------------- #}
+{#     Switch POAP Section End            #}
+{##}
+{#     ---------------------------------- #}
+{#     Switch Pre-Provision Section Start #}
+{% if switch['poap']['preprovision'] is defined %}
+{% if switch['serial_number'] == switch['poap']['preprovision']['serial_number'] %}
   poap:
     - preprovision_serial: {{ switch['poap']['preprovision']['serial_number'] }}
       model: {{  switch['poap']['preprovision']['model'] }}
@@ -34,8 +46,16 @@
         modulesModel: {{ switch['poap']['preprovision']['modulesModel'] }}
         gateway: {{ switch['management']['default_gateway_v4'] | ansible.utils.ipaddr('address') }}/{{ switch['management']['subnet_mask_ipv4'] }}
       hostname: {{ switch['name'] }}
+{% else %}
+  poap:
+    - serial_number: {{ switch['serial_number'] }}
+      preprovision_serial: {{ switch['poap']['preprovision']['serial_number'] }}
 {% endif %}
 {% endif %}
+{#     Switch Pre-Provision Section End   #}
+{#     ---------------------------------- #}
 {% endif %}
 {% endif %}
-{% endfor %}
+{# Global Bootstrap Section End #}
+{# ---------------------------- #}
+{% endfor %} 
@@ -0,0 +1,15 @@
+{# Auto-generated NDFC DC VXLAN EVPN Inventory config data structure for fabric {{ vxlan.fabric.name }} #}
+{% set poap_data = poap_data['poap_data'] %}
+{% for switch in MD_Extended.vxlan.topology.switches %}
+{% if switch.management.management_ipv4_address is defined %}
+- seed_ip: {{ switch['management']['management_ipv4_address'] }}
+{% elif switch.management.management_ipv6_address is defined %}
+- seed_ip: {{ switch['management']['management_ipv6_address'] }}
+{% endif %}
+  auth_proto: {{ MD['vxlan']['global']['auth_proto'] | default(defaults.vxlan.global.auth_proto) }}
+  user_name: PLACE_HOLDER_USERNAME
+  password: PLACE_HOLDER_PASSWORD
+  max_hops: 0 # this is the default value as it is not defined into the data model
+  role: {{ switch['role'] }}
+  preserve_config: false
+{% endfor %}
@@ -54,15 +54,22 @@
     config: "{{ vars_common_vxlan.underlay_ip_address }}"
   when: MD_Extended.vxlan.underlay.general.manual_underlay_allocation is defined and MD_Extended.vxlan.underlay.general.manual_underlay_allocation == True
 
-- name: Config-Save block
-  block:
-    - name: Config-Save for Fabric {{ MD_Extended.vxlan.fabric.name }}
-      cisco.dcnm.dcnm_rest:
-        method: POST
-        path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/fabrics/{{ MD_Extended.vxlan.fabric.name }}/config-save"
-      register: config_save
-      when: >
-        (MD_Extended.vxlan.topology.switches is defined and MD_Extended.vxlan.topology.switches | length > 0)
+# With the addition of the Allocate Underlay IP Address change above we
+# cannot call cisco.dcnm.dcnm_inventory with save: true until after
+# cisco.dcnm.dcnm_resource_manager is called.  This is why we call it
+# again here with save: true to maintain the previous workflow.
+- name: Call Inventory Module Again with Save set to True
+  cisco.dcnm.dcnm_inventory:
+    fabric: "{{ MD_Extended.vxlan.fabric.name }}"
+    config: "{{ vars_common_local.updated_inv_config['updated_inv_list'] }}"
+    deploy: false
+    save: true
+    state: merged
+  vars:
+    ansible_command_timeout: 3000
+    ansible_connect_timeout: 3000
+  when:
+    - MD_Extended.vxlan.topology.switches | length > 0
 
 - name: Create List of Switch Serial Numbers from Data Model
   ansible.builtin.set_fact:

@@ -41,7 +41,7 @@
 - name: Remove Unmanaged NDFC Fabric Devices
   cisco.dcnm.dcnm_inventory:
     fabric: "{{ MD_Extended.vxlan.fabric.name }}"
-    config: "{{ vars_common_local.updated_inv_config['updated_inv_list'] }}"
+    config: "{{ vars_common_local.updated_inv_config_no_bootstrap['updated_inv_list'] }}"
     deploy: true
     save: true
     state: overridden

@@ -152,6 +152,8 @@ factory_defaults:
           topology_switch_loopback_interface:
             description: "NetAsCode Loopback Interface"
             enabled: true
+        poap:
+          bootstrap: false
       vpc_peers:
         domain_id: 1
       fabric_links: