yeshess · February 28, 2017 11:33
diff --git a/vyatta.yaml b/vyatta.yaml
 branch1_vpn:
    type: vyatta-machine
    properties:
      netconf_auth:
        user: { get_input: netconf_user }
        password: { get_input: netconf_user }
        key_content: { get_input: netconf_key_content }
    relationships:
    - type: cloudify.relationships.contained_in
      target: vrouter_branch1_VM
    - type: cloudify.relationships.depends_on
      target: branch1_dataplane_dp0s3
    - type: cloudify.relationships.depends_on
      target: branch1_dataplane_dp0s4
    - type: cloudify.relationships.depends_on
      target: branch1_dataplane_dp0s5
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            netconf_auth:
              ip: { get_attribute: [ vrouter_branch1_VM, networks, demo_management ]}
            lock:
              - rfc6020@candidate
            back_database: rfc6020@candidate
            front_database: rfc6020@running
            calls:
              - action: rfc6020@edit-config
                validate_xml: false
                payload:
                  rfc6020@config: 
                    vyatta-security-v1@security:
                      vyatta-security-vpn-ipsec-v1@vpn:
                        vyatta-security-vpn-ipsec-v1@ipsec:
                          vyatta-security-vpn-ipsec-v1@esp-group:
                            vyatta-security-vpn-ipsec-v1@tagnode: ESP-1W
                            vyatta-security-vpn-ipsec-v1@proposal:
                              vyatta-security-vpn-ipsec-v1@tagnode: 1
                              vyatta-security-vpn-ipsec-v1@encryption: aes256
                              vyatta-security-vpn-ipsec-v1@hash: sha1
                            vyatta-security-vpn-ipsec-v1@lifetime: 1800

              - action: rfc6020@edit-config
                validate_xml: false
                payload:
                  rfc6020@config: 
                    vyatta-security-v1@security:
                      vyatta-security-vpn-ipsec-v1@vpn:
                        vyatta-security-vpn-ipsec-v1@ipsec:
                          vyatta-security-vpn-ipsec-v1@ike-group:
                            vyatta-security-vpn-ipsec-v1@tagnode: IKE-1W
                            vyatta-security-vpn-ipsec-v1@proposal:
                              vyatta-security-vpn-ipsec-v1@tagnode: 1
                              vyatta-security-vpn-ipsec-v1@encryption: aes256
                              vyatta-security-vpn-ipsec-v1@hash: sha1
                            vyatta-security-vpn-ipsec-v1@lifetime: 3600
              - action: rfc6020@edit-config
                validate_xml: false
                payload:
                  rfc6020@config:
                    vyatta-if-v1@interfaces:
                      vyatta-interfaces-vti-v1@vti:
                        vyatta-interfaces-vti-v1@tagnode: vti0
                        vyatta-interfaces-vti-v1@address: 172.169.97.249/30 


        configure:
          inputs:
            netconf_auth:
              ip: { get_attribute: [ vrouter_branch1_VM, networks, demo_management ]}
            lock:
              - rfc6020@candidate
            back_database: rfc6020@candidate
            front_database: rfc6020@running
            calls:
              - action: rfc6020@get-config
                payload:
                  rfc6020@source:
                    rfc6020@running: {}
                save_to: origin_interfaces
              - action: rfc6020@edit-config
                validate_xml: false
                payload:
                  rfc6020@config:
                    vyatta-security-v1@security:
                      vyatta-security-vpn-ipsec-v1@vpn:
                        vyatta-security-vpn-ipsec-v1@ipsec:
                          vyatta-security-vpn-ipsec-v1@site-to-site:
                            vyatta-security-vpn-ipsec-v1@peer:
                              vyatta-security-vpn-ipsec-v1@tagnode: { get_attribute: [ vrouter_branch2_VM, networks, demo_public ] }
                              vyatta-security-vpn-ipsec-v1@authentication:
                                vyatta-security-vpn-ipsec-v1@pre-shared-secret: test_key_1
                              vyatta-security-vpn-ipsec-v1@ike-group: IKE-1W
                              vyatta-security-vpn-ipsec-v1@local-address: { get_attribute: [ vrouter_branch1_VM, networks, demo_public ] }
                              vyatta-security-vpn-ipsec-v1@vti:
                                vyatta-security-vpn-ipsec-v1@bind: vti0
                                vyatta-security-vpn-ipsec-v1@esp-group: ESP-1W
	branch1_vpn:
	type: vyatta-machine
	properties:
	netconf_auth:
	user: { get_input: netconf_user }
	password: { get_input: netconf_user }
	key_content: { get_input: netconf_key_content }
	relationships:
	- type: cloudify.relationships.contained_in
	target: vrouter_branch1_VM
	- type: cloudify.relationships.depends_on
	target: branch1_dataplane_dp0s3
	- type: cloudify.relationships.depends_on
	target: branch1_dataplane_dp0s4
	- type: cloudify.relationships.depends_on
	target: branch1_dataplane_dp0s5
	interfaces:
	cloudify.interfaces.lifecycle:
	create:
	inputs:
	netconf_auth:
	ip: { get_attribute: [ vrouter_branch1_VM, networks, demo_management ]}
	lock:
	- rfc6020@candidate
	back_database: rfc6020@candidate
	front_database: rfc6020@running
	calls:
	- action: rfc6020@edit-config
	validate_xml: false
	payload:
	rfc6020@config:
	vyatta-security-v1@security:
	vyatta-security-vpn-ipsec-v1@vpn:
	vyatta-security-vpn-ipsec-v1@ipsec:
	vyatta-security-vpn-ipsec-v1@esp-group:
	vyatta-security-vpn-ipsec-v1@tagnode: ESP-1W
	vyatta-security-vpn-ipsec-v1@proposal:
	vyatta-security-vpn-ipsec-v1@tagnode: 1
	vyatta-security-vpn-ipsec-v1@encryption: aes256
	vyatta-security-vpn-ipsec-v1@hash: sha1
	vyatta-security-vpn-ipsec-v1@lifetime: 1800

	- action: rfc6020@edit-config
	validate_xml: false
	payload:
	rfc6020@config:
	vyatta-security-v1@security:
	vyatta-security-vpn-ipsec-v1@vpn:
	vyatta-security-vpn-ipsec-v1@ipsec:
	vyatta-security-vpn-ipsec-v1@ike-group:
	vyatta-security-vpn-ipsec-v1@tagnode: IKE-1W
	vyatta-security-vpn-ipsec-v1@proposal:
	vyatta-security-vpn-ipsec-v1@tagnode: 1
	vyatta-security-vpn-ipsec-v1@encryption: aes256
	vyatta-security-vpn-ipsec-v1@hash: sha1
	vyatta-security-vpn-ipsec-v1@lifetime: 3600
	- action: rfc6020@edit-config
	validate_xml: false
	payload:
	rfc6020@config:
	vyatta-if-v1@interfaces:
	vyatta-interfaces-vti-v1@vti:
	vyatta-interfaces-vti-v1@tagnode: vti0
	vyatta-interfaces-vti-v1@address: 172.169.97.249/30


	configure:
	inputs:
	netconf_auth:
	ip: { get_attribute: [ vrouter_branch1_VM, networks, demo_management ]}
	lock:
	- rfc6020@candidate
	back_database: rfc6020@candidate
	front_database: rfc6020@running
	calls:
	- action: rfc6020@get-config
	payload:
	rfc6020@source:
	rfc6020@running: {}
	save_to: origin_interfaces
	- action: rfc6020@edit-config
	validate_xml: false
	payload:
	rfc6020@config:
	vyatta-security-v1@security:
	vyatta-security-vpn-ipsec-v1@vpn:
	vyatta-security-vpn-ipsec-v1@ipsec:
	vyatta-security-vpn-ipsec-v1@site-to-site:
	vyatta-security-vpn-ipsec-v1@peer:
	vyatta-security-vpn-ipsec-v1@tagnode: { get_attribute: [ vrouter_branch2_VM, networks, demo_public ] }
	vyatta-security-vpn-ipsec-v1@authentication:
	vyatta-security-vpn-ipsec-v1@pre-shared-secret: test_key_1
	vyatta-security-vpn-ipsec-v1@ike-group: IKE-1W
	vyatta-security-vpn-ipsec-v1@local-address: { get_attribute: [ vrouter_branch1_VM, networks, demo_public ] }
	vyatta-security-vpn-ipsec-v1@vti:
	vyatta-security-vpn-ipsec-v1@bind: vti0
	vyatta-security-vpn-ipsec-v1@esp-group: ESP-1W