cisco-en-programmability · ppiwowa-csco · Oct 22, 2025 · Oct 17, 2025 · Oct 22, 2025
diff --git a/roles/azure_edges/tasks/azure_cedge_vm.yml b/roles/azure_edges/tasks/azure_cedge_vm.yml
@@ -261,6 +261,8 @@
       service_interfaces: "{{ service_interfaces | default(omit) }}"
       uuid: "{{ uuid }}"
       site_id: "{{ site_id }}"
+      tenant_org_name: "{{ tenant_org_name }}"
+      tenant_subdomain: "{{ tenant_subdomain }}"
   changed_when: true
   notify: Show deployment_facts
 

diff --git a/roles/azure_edges/tasks/main.yml b/roles/azure_edges/tasks/main.yml
@@ -57,8 +57,10 @@
     system_ip: "{{ instance_item.system_ip }}"
     site_id: "{{ instance_item.site_id }}"
     wan_edges_item: "{{ wan_edges | default([]) | json_query('[?uuid==`'~instance_item.uuid~'`] | [0]') }}"
+    tenant_org_name: "{{ instance_item.tenant_org_name | default(organization_name) }}"
+    tenant_subdomain: "{{ instance_item.tenant_subdomain | default('') }}"
     is_in_default_location: "{{ 'az_location' not in wan_edges_item or wan_edges_item['az_location'] == az_default_location }}"
-    az_resource_group: "{{ az_default_resource_group if is_in_default_location else az_resources_prefix~'-'~wan_edges_item['az_location']~'-rg' }}"
+    az_resource_group: "{{ tenant_org_name~'-rg' if is_in_default_location else az_resources_prefix~'-'~wan_edges_item['az_location']~'-rg' }}"
   loop: "{{ edge_instances }}"
   loop_control:
     loop_var: instance_item

diff --git a/roles/azure_edges/templates/userdata_cedge.j2 b/roles/azure_edges/templates/userdata_cedge.j2
@@ -19,7 +19,7 @@ ca-certs:
   remove-defaults: false
   trusted:
   - |
-   {{ enterprise_root_ca | indent(3) }}
+   {{ lookup('file', enterprise_ca_cert_path | default(results_dir~'/certificates/ca.crt')) | indent(3) }}
 {% endif %}
 
 
@@ -44,7 +44,7 @@ Content-Disposition: attachment; filename="config-{{ uuid }}.txt"
    control-session-pps   300
    admin-tech-on-failure
    sp-organization-name  "{{ organization_name }}"
-   organization-name     "{{ organization_name }}"
+   organization-name     "{{ tenant_org_name }}"
    port-hop
    track-transport
    track-default-gateway

diff --git a/roles/azure_network_infrastructure/tasks/main.yml b/roles/azure_network_infrastructure/tasks/main.yml
@@ -37,3 +37,14 @@
   loop: "{{ az_all_locations }}"
   loop_control:
     label: "{{ item }}"
+
+- name: "Network resources for SD-WAN tenants"
+  ansible.builtin.include_tasks:
+    file: azure_network_infrastructure.yml
+    apply:
+      vars:
+        az_resource_group: "{{ item.org_name }}-rg"
+  loop: "{{ tenants }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: tenants is defined and tenants | length > 0
diff --git a/roles/azure_teardown/tasks/main.yml b/roles/azure_teardown/tasks/main.yml
@@ -22,3 +22,14 @@
   loop: "{{ az_all_locations }}"
   loop_control:
     label: "{{ item }}"
+
+- name: Remove Azure Resource Group and wait for teardown completion
+  ansible.builtin.include_tasks:
+    file: az_teardown_rg.yml
+    apply:
+      vars:
+        az_resource_group: "{{ item.org_name }}-rg"
+  loop: "{{ tenants }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: tenants is defined and tenants | length > 0
diff --git a/roles/common/defaults/az_required_vars_edges.yml b/roles/common/defaults/az_required_vars_edges.yml
@@ -15,3 +15,5 @@ required_variables:
   az_cedge_image_version: "{{ az_cedge_image_version }}"
   admin_username: "{{ admin_username }}"
   admin_password: "{{ admin_password }}"
+
+az_all_locations: "{{ [az_location] + wan_edges | default([]) | json_query('[?az_location].az_location') | unique }}"
diff --git a/roles/common/defaults/az_required_vars_network_infrastructure.yml b/roles/common/defaults/az_required_vars_network_infrastructure.yml
@@ -8,3 +8,5 @@ required_variables:
   az_location: "{{ az_location }}"
   az_subnets: "{{ az_subnets }}"
   az_allowed_subnets: "{{ az_allowed_subnets }}"
+
+az_all_locations: "{{ [az_location] + wan_edges | default([]) | json_query('[?az_location].az_location') | unique }}"
diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
@@ -5,3 +5,4 @@
 
 # Common
 all_aws_regions: "{{ [aws_region] + wan_edges | default([]) | json_query('[?aws_region].aws_region') | unique }}"
+az_all_locations: "{{ [az_location] + wan_edges | default([]) | json_query('[?az_location].az_location') | unique }}"
diff --git a/roles/common/tasks/required_variables.yml b/roles/common/tasks/required_variables.yml
@@ -21,3 +21,10 @@
     loop_var: variable
     label: "{{ variable.key }}"
   when: required_variables is defined # and required_variables | length > 0
+
+- name: Assert that multi tenancy and multiple AWS regions are not in use simultaneously
+  ansible.builtin.assert:
+    that:
+      - aws_region is not defined or tenants is not defined or tenants | length == 0 or all_aws_regions | length == 1
+      - az_location is not defined or tenants is not defined or tenants | length == 0 or az_all_locations | length == 1
+    fail_msg: "Using multi tenancy and multiple AWS regions at the same time is not supported yet"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,4 @@

		# Common
		all_aws_regions: "{{ [aws_region] + wan_edges \| default([]) \| json_query('[?aws_region].aws_region') \| unique }}"
		az_all_locations: "{{ [az_location] + wan_edges \| default([]) \| json_query('[?az_location].az_location') \| unique }}"