Adding Netbox
This commit is contained in:
Patrick Toal
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Run provider add host initiator tasks
|
||||
include_tasks: "{{ role_path }}/tasks/cloud_vpn/providers/{{ cloud_vpn_initiator_provider }}/initiator/add_host.yaml"
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Run provider add host responder tasks
|
||||
include_tasks: "{{ role_path }}/tasks/cloud_vpn/providers/{{ cloud_vpn_responder_provider }}/responder/add_host.yaml"
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Run provider configure routing initiator tasks
|
||||
include_tasks: "{{ role_path }}/tasks/cloud_vpn/providers/{{ cloud_vpn_initiator_provider }}/initiator/configure_routing.yaml"
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Run provider configure routing tasks
|
||||
include_tasks: "{{ role_path }}/tasks/cloud_vpn/providers/{{ cloud_vpn_responder_provider }}/responder/configure_routing.yaml"
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Run provider configure vpn initiator tasks
|
||||
include_tasks: "{{ role_path }}/tasks/cloud_vpn/providers/{{ cloud_vpn_initiator_provider }}/initiator/configure_vpn.yaml"
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Run provider configure vpn tasks
|
||||
include_tasks: "{{ role_path }}/tasks/cloud_vpn/providers/{{ cloud_vpn_responder_provider }}/responder/configure_vpn.yaml"
|
||||
@@ -0,0 +1 @@
|
||||
---
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
- add_host:
|
||||
name: initiator
|
||||
ansible_host: "{{ cloud_vpn_initiator_public_ip }}"
|
||||
ansible_user: "{{ cloud_vpn_initiator_user }}"
|
||||
ansible_connection: "{{ cloud_vpn_initiator_ansible_connection }}"
|
||||
ansible_network_os: ios
|
||||
ansible_ssh_private_key_file: "{{ cloud_vpn_initiator_ssh_private_key_file }}"
|
||||
|
||||
- name: Wait for SSH port to be reachable
|
||||
wait_for:
|
||||
host: "{{ cloud_vpn_initiator_public_ip }}"
|
||||
port: 22
|
||||
|
||||
- name: Pause for SSH daemon to settle and accept connections
|
||||
pause:
|
||||
seconds: "{{ cloud_vpn_pause_before_config_seconds }}"
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Push routing configuration to CSR device
|
||||
ios_config:
|
||||
src: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "configure_routing_{{ cloud_vpn_routing }}.j2"
|
||||
paths:
|
||||
- "templates/cloud_vpn/providers/csr/initiator/{{ cloud_vpn_responder_provider }}"
|
||||
- templates/cloud_vpn/providers/csr/initiator
|
||||
delegate_to: initiator
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Push VPN configuration to CSR device
|
||||
ios_config:
|
||||
src: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- configure_vpn.j2
|
||||
paths:
|
||||
- "templates/cloud_vpn/providers/csr/initiator/{{ cloud_vpn_responder_provider }}"
|
||||
- templates/cloud_vpn/providers/csr/initiator
|
||||
delegate_to: initiator
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
- name: Show initiator IP and user
|
||||
debug:
|
||||
msg: "Initiator can be reached at {{ cloud_vpn_initiator_user}}@{{ cloud_vpn_initiator_public_ip }}"
|
||||
when: cloud_vpn_initiator_user is defined
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Run provider show login info initiator tasks
|
||||
include_tasks: "{{ role_path }}/tasks/cloud_vpn/providers/{{ cloud_vpn_initiator_provider }}/initiator/show_login_info.yaml"
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Run provider show login info responder tasks
|
||||
include_tasks: "{{ role_path }}/tasks/cloud_vpn/providers/{{ cloud_vpn_responder_provider }}/responder/show_login_info.yaml"
|
||||
@@ -0,0 +1 @@
|
||||
---
|
||||
@@ -0,0 +1 @@
|
||||
---
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: initialize function
|
||||
include_tasks: includes/init.yaml
|
||||
|
||||
- name: run command and return configuration
|
||||
cli:
|
||||
command: "{{ ios_config_source[source | default('running')] }}"
|
||||
register: configuration
|
||||
|
||||
- name: set the configuration fact
|
||||
set_fact:
|
||||
configuration: "{{ configuration.stdout }}"
|
||||
|
||||
- name: parse system configuration
|
||||
command_parser:
|
||||
dir: "{{ role_path }}/parser_templates/config_manager"
|
||||
content: "{{ configuration }}"
|
||||
109
roles/ansible-network.cisco_ios/tasks/config_manager/load.yaml
Normal file
109
roles/ansible-network.cisco_ios/tasks/config_manager/load.yaml
Normal file
@@ -0,0 +1,109 @@
|
||||
---
|
||||
- name: initialize function
|
||||
include_tasks: includes/init.yaml
|
||||
|
||||
- name: validate config_manager_text is defined
|
||||
fail:
|
||||
msg: "missing required arg: config_manager_text"
|
||||
when: config_manager_text is undefined
|
||||
|
||||
- name: set ios checkpoint filename
|
||||
set_fact:
|
||||
ios_checkpoint_filename: "chk_ansible"
|
||||
|
||||
# initiate creating a checkpoint of the existing running-config
|
||||
- name: create checkpoint of current configuration
|
||||
include_tasks: "{{ role_path }}/includes/checkpoint/create.yaml"
|
||||
|
||||
# if running in check mode, the configuration should not be loaded on
|
||||
# the target device because that could have undesired results, so
|
||||
# just print a warning message here.
|
||||
- name: display message due to check mode
|
||||
debug:
|
||||
msg: not loading configuration due to check mode
|
||||
when: ansible_check_mode
|
||||
|
||||
- name: load configuration onto target device
|
||||
block:
|
||||
- name: replace current active configuration
|
||||
include_tasks: "{{ role_path }}/includes/configure/replace.yaml"
|
||||
when: ios_config_replace
|
||||
vars:
|
||||
ios_config_text: "{{ config_manager_text }}"
|
||||
|
||||
- name: merge with current active configuration
|
||||
include_tasks: "{{ role_path }}/includes/configure/merge.yaml"
|
||||
when: not ios_config_replace and not ios_config_use_terminal
|
||||
vars:
|
||||
ios_config_text: "{{ config_manager_text }}"
|
||||
|
||||
- name: load configuration using configure terminal
|
||||
include_tasks: "{{ role_path }}/includes/configure/terminal.yaml"
|
||||
when: not ios_config_replace and ios_config_use_terminal
|
||||
vars:
|
||||
ios_config_text: "{{ config_manager_text }}"
|
||||
|
||||
rescue:
|
||||
# since the host has failed during the configuration load, the role by
|
||||
# default will initiate a restore sequence. the restore sequence will
|
||||
# load the previous running-config with the replace option enabled.
|
||||
- name: display message
|
||||
debug:
|
||||
msg: "error configuring device, starting rollback"
|
||||
when: ios_config_rollback_enabled
|
||||
|
||||
- name: initiate configuration rollback
|
||||
include_tasks: "{{ role_path }}/includes/checkpoint/restore.yaml"
|
||||
|
||||
- name: display message
|
||||
debug:
|
||||
msg: "successfully completed configuration rollback"
|
||||
when: ios_config_rollback_enabled
|
||||
|
||||
- name: fail host due to config load error
|
||||
fail:
|
||||
msg: "error loading configuration onto target device"
|
||||
|
||||
- name: set the ios_active_config fact
|
||||
set_fact:
|
||||
ios_active_config: "cfg_ansible"
|
||||
|
||||
# copy the updated running-config to the local flash device to be used to
|
||||
# generate a configuration diff between the before and after
|
||||
# running-configurations.
|
||||
- name: copy running-config to active config
|
||||
ios_command:
|
||||
commands:
|
||||
- command: "copy running-config flash:{{ ios_active_config }}"
|
||||
prompt: ["\\? "]
|
||||
answer: "{{ ios_active_config }}"
|
||||
|
||||
# generate the configuration diff and display the diff to stdout. only set
|
||||
# changed if there are lines in the diff that have changed
|
||||
- name: generate ios diff
|
||||
cli:
|
||||
command: "show archive config differences flash:{{ ios_checkpoint_filename }} flash:{{ ios_active_config }}"
|
||||
register: ios_config_diff
|
||||
changed_when: "'No changes were found' not in ios_config_diff.stdout"
|
||||
|
||||
- name: display config diff
|
||||
debug:
|
||||
msg: "{{ ios_config_diff.stdout.splitlines() }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
# refresh the list of files currently on the target network device flash
|
||||
# drive and remote all temp files
|
||||
- name: update local directory listing
|
||||
cli:
|
||||
command: dir
|
||||
register: ios_dir_listing
|
||||
|
||||
- name: remove remote temp files from flash
|
||||
cli:
|
||||
command: "delete /force flash:/{{ filename }}"
|
||||
loop:
|
||||
- "{{ ios_active_config }}"
|
||||
- "{{ ios_checkpoint_filename }}"
|
||||
loop_control:
|
||||
loop_var: filename
|
||||
when: filename in ios_dir_listing.stdout
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: initialize function
|
||||
include_tasks: includes/init.yaml
|
||||
|
||||
- name: run command and return configuration
|
||||
cli:
|
||||
command: "copy running-config startup-config"
|
||||
49
roles/ansible-network.cisco_ios/tasks/configure_user.yaml
Normal file
49
roles/ansible-network.cisco_ios/tasks/configure_user.yaml
Normal file
@@ -0,0 +1,49 @@
|
||||
---
|
||||
- name: "check if user(s) to configure is provided"
|
||||
fail:
|
||||
msg: "no user provided to configure"
|
||||
when: users is not defined
|
||||
delegate_to: localhost
|
||||
|
||||
- name: "check for required fact - name"
|
||||
fail:
|
||||
msg: "missing required fact: name"
|
||||
with_items: "{{ users }}"
|
||||
when: ( user.name is not defined )
|
||||
loop_control:
|
||||
loop_var: user
|
||||
delegate_to: localhost
|
||||
|
||||
- name: "fetch existing user account details"
|
||||
block:
|
||||
- name: "fetch user config with section"
|
||||
cli:
|
||||
command: show running-config | section user
|
||||
register: user_config
|
||||
rescue:
|
||||
- name: "fallback fetching full running-config"
|
||||
cli:
|
||||
command: show running-config
|
||||
register: user_config
|
||||
|
||||
- name: "filter out users through user_manager"
|
||||
ios_user_manager:
|
||||
new_users: "{{ users }}"
|
||||
user_config: "{{ user_config.stdout }}"
|
||||
register: filtered_users
|
||||
delegate_to: localhost
|
||||
|
||||
- name: "set users to be configured"
|
||||
set_fact:
|
||||
users: "{{ filtered_users.stdout }}"
|
||||
delegate_to: localhost
|
||||
|
||||
- name: "fetch template for configuring user(s)"
|
||||
set_fact:
|
||||
config_manager_text: "{{ lookup('config_template', 'configure_user.j2') }}"
|
||||
when: users
|
||||
delegate_to: localhost
|
||||
|
||||
- include_tasks: config_manager/load.yaml
|
||||
when: users
|
||||
delegate_to: localhost
|
||||
25
roles/ansible-network.cisco_ios/tasks/get_facts.yaml
Normal file
25
roles/ansible-network.cisco_ios/tasks/get_facts.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
---
|
||||
- name: validate required connection is configured
|
||||
fail:
|
||||
msg: "expected connection value to be set to network_cli, got {{ ansible_connection }}"
|
||||
when: ansible_connection != 'network_cli'
|
||||
|
||||
- name: Validate subset var is a list
|
||||
fail:
|
||||
msg: "subset must be in the form a list, not string"
|
||||
when: subset is defined and subset is string
|
||||
|
||||
- name: collect platform capabilities as facts
|
||||
ios_capabilities:
|
||||
|
||||
- name: run command and parse output
|
||||
include_tasks: includes/run_cli.yaml
|
||||
vars:
|
||||
ios_command: "{{ item.command }}"
|
||||
ios_parser: "cli/{{ item.parser }}"
|
||||
ios_parser_engine: "{{ item.engine | default('command_parser') }}"
|
||||
ios_name: "{{ item.name | default(None) }}"
|
||||
ios_run_cli_command_pre_hook: "{{ item.pre_hook | default(None) }}"
|
||||
ios_run_cli_command_post_hook: "{{ item.post_hook | default(None) }}"
|
||||
loop: "{{ lookup('file', ios_get_facts_command_map) | from_yaml }}"
|
||||
when: ios_get_facts_subset | intersect(item.groups)
|
||||
22
roles/ansible-network.cisco_ios/tasks/main.yml
Normal file
22
roles/ansible-network.cisco_ios/tasks/main.yml
Normal file
@@ -0,0 +1,22 @@
|
||||
---
|
||||
# tasks file for ansible-network.cisco_ios
|
||||
#
|
||||
- name: initialize function
|
||||
include_tasks: includes/init.yaml
|
||||
|
||||
- name: set role supported functions
|
||||
set_fact:
|
||||
ios_functions:
|
||||
- get_facts
|
||||
- config_manager/get
|
||||
- config_manager/load
|
||||
- config_manager/save
|
||||
- noop
|
||||
|
||||
- name: validate the requested function is supported
|
||||
fail:
|
||||
msg: "invalid function specified, expected one of {{ ios_functions }}, got {{ function }}"
|
||||
when: function | default('noop') not in ios_functions
|
||||
|
||||
- name: include function specific tasks and run
|
||||
include_tasks: "{{ function | default('noop') }}.yaml"
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
# IOS providrs for handling acl parsing
|
||||
#
|
||||
- name: get output of command 'show ip access-list <id>'
|
||||
cli_command:
|
||||
command: show ip access-lists {{ acl_id }}
|
||||
register: acl_out_buffer
|
||||
|
||||
|
||||
- name: parse acl and validate. create flow info if acl does not have any discrepancy
|
||||
parse_validate_acl:
|
||||
show_acl_output_buffer: "{{ acl_out_buffer.stdout }}"
|
||||
parser: "{{ role_path }}/parser_templates/net_operations/show_ip_access_list.yaml"
|
||||
generated_flow_file: "{{ generated_flow_file }}"
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
# IOS providrs for configuring sink before starting traffic test
|
||||
|
||||
- name: Configure an access list for catch-all permit
|
||||
ios_config:
|
||||
lines:
|
||||
- permit ip any any log
|
||||
parents: ip access-list extended ansible_sink
|
||||
before: no ip access-list extended ansible_sink
|
||||
register: result
|
||||
|
||||
- name: Attach ACl to sink interface
|
||||
ios_config:
|
||||
lines:
|
||||
- ip access-group ansible_sink in
|
||||
parents: interface {{ sink_capture_interface }}
|
||||
|
||||
- name: Configure Access-list log update interval (1 msec)
|
||||
ios_config:
|
||||
lines:
|
||||
- ip access-list logging interval 1
|
||||
|
||||
- name: Clear the logs
|
||||
ios_command:
|
||||
commands:
|
||||
- command: 'clear logging'
|
||||
prompt: 'Clear logging buffer'
|
||||
answer: "\r\n"
|
||||
ignore_errors: true
|
||||
@@ -0,0 +1,32 @@
|
||||
---
|
||||
# IOS providrs for handling packet dict generation
|
||||
#
|
||||
- name: Delay 10 seconds for log file to be updated
|
||||
wait_for: timeout=10
|
||||
|
||||
- name: Get logs from device
|
||||
ios_command:
|
||||
commands: "show logging"
|
||||
register: result
|
||||
|
||||
- name: write logs to disk
|
||||
copy:
|
||||
contentr: "{{ result.stdout[0] }}"
|
||||
dest: /tmp/ansible_acl_logs.txt
|
||||
|
||||
- name: parse logs file with help of textfsm
|
||||
textfsm_parser:
|
||||
content: "{{ lookup('file', '/tmp/ansible_acl_logs.txt') }}"
|
||||
file: "{{role_path }}/parser_templates/net_operations/show_logs_acl_logs.yaml"
|
||||
name: flows_dict
|
||||
register: result
|
||||
tags: textfsm
|
||||
|
||||
- name: write parsed packets info to disk
|
||||
copy:
|
||||
content: "{{ result.ansible_facts.flows_dict | to_nice_json }}"
|
||||
dest: "{{ sink_path_flow_output }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{ result }}"
|
||||
tags: debug
|
||||
4
roles/ansible-network.cisco_ios/tasks/noop.yaml
Normal file
4
roles/ansible-network.cisco_ios/tasks/noop.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
- name: role noop
|
||||
debug:
|
||||
msg: "{{ role_path }}"
|
||||
Reference in New Issue
Block a user