reverting b/c symbolic link doesn't work :-|

2022-02-04 09:21:45 -05:00
parent 258d0f4869
commit 6431c64213
25 changed files with 48 additions and 3 deletions
--- a/playbooks/network/configlet_vtyacl.yml
+++ b/playbooks/network/configlet_vtyacl.yml
@@ -0,0 +1,60 @@
+---
+- name: CORRECT VTY-ACL ON CISCO DEVICES
+  hosts: cisco
+  connection: network_cli
+  gather_facts: no
+
+  tasks:
+
+    - name: SAVE RUNNING-CONFIG TO NVRAM FOR RECOVERY IF NEEDED
+      ios_config:
+        save_when: always
+
+    - name: Set the task_status var
+      set_fact:
+        task_status: "OK"
+
+    - block:
+      - name: UPDATE VTY-ACL ACCESS LIST
+        ios_config:
+          parents: ip access-list extended VTY-ACL
+          lines:
+            - permit tcp host {{ hostvars['ansible-1'].ansible_host }} any eq 22
+            - permit tcp 172.16.0.0 0.15.255.255 any eq 22
+            - permit tcp 192.168.0.0 0.0.255.255 any eq 22
+            - permit tcp 10.0.0.0 0.255.255.255 any eq 22 log-input
+            - deny   ip any any log-input
+          match: exact
+          replace: block
+          before:
+            - line vty 0 15
+            - NO access-class VTY-ACL in
+            - NO ip access-list extended VTY-ACL
+          after:
+            - line vty 0 15
+            - access-class VTY-ACL in
+
+      - name: CHECK IF SSH IS STILL ACCESSIABLE FROM NETWORK
+        wait_for:
+          host: "{{ inventory_hostname }}"
+          port: 22
+          state: started
+          delay: 2
+          timeout: 6
+        ignore_errors: no
+        
+
+      - name: SSH TEST SUCCESSFUL.  SAVING RUNNING-CONFIG
+        ios_config:
+          save_when: always
+
+      rescue:
+        - name: UPDATE FAILED. ROLLING BACK CONFIG
+          ios_command:
+            commands:
+                - configure replace nvram:startup-config force
+        - set_fact:
+            task_status: "ERROR"
+
+      when: task_status == 'OK'
+