Improve ansible scripts, add API

sever-sever · Dec 20, 2023 · b63bf1d · b63bf1d
1 parent 7edbe47
commit b63bf1d
Show file tree

Hide file tree

Showing 13 changed files with 129 additions and 117 deletions.
diff --git a/ansible/README.md b/ansible/README.md
@@ -1,5 +1,5 @@
 Usage
-```
+```shell
 $ ansible-playbook main.yml
 $ ansible-playbook banner.yml
 $ ansible-playbook vyos.yml

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
@@ -1,11 +1,11 @@
 [defaults]
-host_key_checking = no
-inventory         = ./hosts
-#callbacks_enabled = timer, profile_tasks, profile_roles
+host_key_checking  = no
+inventory          = ./hosts
 callback_whitelist = minimal
-forks             = 50
-pipelining        = True
-ANSIBLE_NOCOLOR   = True
+forks              = 50
+pipelining         = True
+ANSIBLE_NOCOLOR    = True
+# callbacks_enabled = timer, profile_tasks, profile_roles
 
 [ssh_connection]
 ssh_args = -o ControlMaster=auto -o ControlPersist=10s

diff --git a/ansible/banner.yml b/ansible/banner.yml
@@ -1,10 +1,9 @@
 ---
 
 - hosts: r1
-
-  gather_facts: 'no'
-
+  gather_facts: no
   tasks:
+
     - name: Add post-login banner
       vyos.vyos.vyos_banner:
         banner: post-login

diff --git a/ansible/common.yml b/ansible/common.yml
@@ -0,0 +1,80 @@
+---
+
+- hosts: r4
+
+  strategy: free
+  gather_facts: 'no'
+  remote_user: root
+
+  vars:
+    repo: bookworm
+    #repo: buster
+    version: '1.5'
+
+  tasks:
+    - name: Configure remote {{ inventory_hostname }} (1.4) {{ ansible_ssh_host }}
+      vyos_config:
+        lines:
+          - set system host-name {{ inventory_hostname }}
+          - set system name-server 1.1.1.1
+          - set service ssh disable-host-validation
+          - set system login user vyos authentication public-keys docker@work type ssh-rsa
+          - set system login user vyos authentication public-keys docker@work key "{{ lookup('file', 'id_rsa_docker.pub') }}"
+          - set system option time-format '24-hour'
+          - set system time-zone Europe/Kiev
+          - set interfaces ethernet eth0 description WAN
+          - set service https api keys id KID key 'foo'
+          - set service https api socket
+          - set service https api graphql
+        backup: no
+      when: version == "1.5"
+
+    - name: Configure remote r1 (1.3)
+      vyos_config:
+        lines:
+          - set system host-name {{ inventory_hostname }}
+          - set system name-server 1.1.1.1
+          - set service ssh disable-host-validation
+          - set system login user vyos authentication public-keys docker@work type ssh-rsa
+          - set system login user vyos authentication public-keys docker@work key "{{ lookup('file', 'id_rsa_docker.pub') }}"
+          - set system time-zone Europe/Kiev
+          - set interfaces ethernet eth0 description WAN
+          - set service https api keys id KID key 'foo'
+          - set service https api socket
+        backup: no
+      when: version == "1.3"
+
+    - name: Copy cetrificates and keys to server (1.3)
+      net_put:
+        src: "files/{{ item }}"
+        dest: "/config/auth/{{ item }}"
+      loop:
+        - ca.crt
+        - dh.pem
+        - central.crt
+        - central.key
+        - branch1.crt
+        - branch1.key
+      when: version == "1.3"
+
+    - name: Add repo to /tmp 1.5
+      vars:
+        repo: bookworm
+      net_put:
+        src: "files/mysource-{{ repo }}.list"
+        dest: "/tmp/mysource-{{ repo }}.list"
+      become: yes
+      when: version == "1.5"
+
+    - name: Add repo to /tmp 1.3
+      vars:
+        repo: buster
+      net_put:
+        src: "files/mysource-{{ repo }}.list"
+        dest: "/tmp/mysource-{{ repo }}.list"
+      become: yes
+      when: version == "1.3"
+
+
+    - name: Move repo from tmp to apt
+      command: ssh vyos@{{ ansible_ssh_host }} "sudo mv /tmp/mysource-{{ repo }}.list /etc/apt/sources.list.d/mysource.list"
diff --git a/ansible/group_vars/vyos_hosts → ansible/group_vars/vyos_hosts.yml b/ansible/group_vars/vyos_hosts → ansible/group_vars/vyos_hosts.yml
@@ -1,18 +1,30 @@
+---
 # Common connection options
 ansible_python_interpreter : /usr/bin/python3
 ansible_user               : vyos
 #ansible_ssh_private_key    : ~/.ssh/id_rsa
 ansible_ssh_pass           : vyos_pass
 ansible_network_os         : vyos
-ansible_connection         : network_cli
-
-gather_facts: 'no'
+ansible_connection         : ansible.netcommon.network_cli
+gather_facts               : no
 
 # Routing
 routing:
   ospf:
     enable: false
     area: 0
-
   isis:
     enable: true
+  bgp:
+    enable: false
+
+# API
+api:
+  enable: true
+  api_keys:
+    - name: KID
+      key: foo
+
+name_servers:
+  - 1.1.1.1
+  - 8.8.8.8
diff --git a/ansible/interface.yml b/ansible/interface.yml
@@ -1,16 +1,13 @@
 ---
-
 - hosts: r4
-
-  gather_facts: 'no'
-
+  gather_facts: no
 
   tasks:
     - name: Gather interface facts
       vyos_facts:
         gather_subset:
-          - '!all'
-          - '!min'
+          - "!all"
+          - "!min"
         gather_network_resources:
           - interfaces
       register: ansible_net_interfaces

diff --git a/ansible/main.yml b/ansible/main.yml
@@ -1,80 +1,10 @@
 ---
 
-- hosts: r4
-
-  strategy: free
-  gather_facts: 'no'
-  remote_user: root
-
-  vars:
-    repo: bookworm
-    #repo: buster
-    version: '1.5'
-
-  tasks:
-    - name: Configure remote {{ inventory_hostname }} (1.4) {{ ansible_ssh_host }}
-      vyos_config:
-        lines:
-          - set system host-name {{ inventory_hostname }}
-          - set system name-server 1.1.1.1
-          - set service ssh disable-host-validation
-          - set system login user vyos authentication public-keys docker@work type ssh-rsa
-          - set system login user vyos authentication public-keys docker@work key "{{ lookup('file', 'id_rsa_docker.pub') }}"
-          - set system option time-format '24-hour'
-          - set system time-zone Europe/Kiev
-          - set interfaces ethernet eth0 description WAN
-          - set service https api keys id KID key 'foo'
-          - set service https api socket
-          - set service https api graphql
-        backup: no
-      when: version == "1.5"
-
-    - name: Configure remote r1 (1.3)
-      vyos_config:
-        lines:
-          - set system host-name {{ inventory_hostname }}
-          - set system name-server 1.1.1.1
-          - set service ssh disable-host-validation
-          - set system login user vyos authentication public-keys docker@work type ssh-rsa
-          - set system login user vyos authentication public-keys docker@work key "{{ lookup('file', 'id_rsa_docker.pub') }}"
-          - set system time-zone Europe/Kiev
-          - set interfaces ethernet eth0 description WAN
-          - set service https api keys id KID key 'foo'
-          - set service https api socket
-        backup: no
-      when: version == "1.3"
-
-    - name: Copy cetrificates and keys to server (1.3)
-      net_put:
-        src: "files/{{ item }}"
-        dest: "/config/auth/{{ item }}"
-      loop:
-        - ca.crt
-        - dh.pem
-        - central.crt
-        - central.key
-        - branch1.crt
-        - branch1.key
-      when: version == "1.3"
-
-    - name: Add repo to /tmp 1.5
-      vars:
-        repo: bookworm
-      net_put:
-        src: "files/mysource-{{ repo }}.list"
-        dest: "/tmp/mysource-{{ repo }}.list"
-      become: yes
-      when: version == "1.5"
-
-    - name: Add repo to /tmp 1.3
-      vars:
-        repo: buster
-      net_put:
-        src: "files/mysource-{{ repo }}.list"
-        dest: "/tmp/mysource-{{ repo }}.list"
-      become: yes
-      when: version == "1.3"
-
-
-    - name: Move repo from tmp to apt
-      command: ssh vyos@{{ ansible_ssh_host }} "sudo mv /tmp/mysource-{{ repo }}.list /etc/apt/sources.list.d/mysource.list"
+- hosts: vyos_hosts
+  gather_facts: no
+
+  roles:
+    - interfaces
+    - banner
+    - routing
+    - api
diff --git a/ansible/roles/api/tasks/main.yml b/ansible/roles/api/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Configure API keys on {{ ansible_ssh_host }}
+  vyos.vyos.vyos_config:
+    src: api.j2
diff --git a/ansible/roles/api/templates/api.j2 b/ansible/roles/api/templates/api.j2
@@ -0,0 +1,5 @@
+{% if api.enable %}
+{%     for k in api.api_keys %}
+set service https api keys id {{ k.name }} key '{{ k.key }}'
+{%     endfor %}
+{% endif %}
diff --git a/ansible/roles/addressing/tasks/main.yml → ansible/roles/interfaces/tasks/main.yml b/ansible/roles/addressing/tasks/main.yml → ansible/roles/interfaces/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
 
 - name: Configure interface address on {{ inventory_hostname }}
-  vyos_config:
+  vyos.vyos.vyos_config:
     src: interfaces.j2
diff --git a/.../roles/addressing/templates/interfaces.j2 → .../roles/interfaces/templates/interfaces.j2 b/.../roles/addressing/templates/interfaces.j2 → .../roles/interfaces/templates/interfaces.j2
diff --git a/ansible/roles/routing/tasks/main.yml b/ansible/roles/routing/tasks/main.yml
@@ -1,9 +1,9 @@
 ---
 
 - name: Configure OSPF on {{ inventory_hostname }}
-  vyos_config:
+  vyos.vyos.vyos_config:
     src: ospf.j2
 
 - name: Configure ISIS on {{ inventory_hostname }}
-  vyos_config:
+  vyos.vyos.vyos_config:
     src: isis.j2
diff --git a/ansible/vyos.yml b/ansible/vyos.yml