From 83a2ce8cdbd25dcc5c28a5e1a74274029e279c5e Mon Sep 17 00:00:00 2001 From: Todd Ruch Date: Wed, 28 Aug 2024 13:19:29 -0400 Subject: [PATCH 1/8] updated to use Demo inventory instead of Network Inventory --- network/setup.yml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/network/setup.yml b/network/setup.yml index aa6c90cbf..bac41d324 100644 --- a/network/setup.yml +++ b/network/setup.yml @@ -15,28 +15,21 @@ controller_projects: default_environment: Networking Execution Environment controller_inventories: - - name: Network Inventory + - name: Demo Inventory organization: Default controller_inventory_sources: - name: DevNet always-on sandboxes source: scm - inventory: Network Inventory + inventory: Demo Inventory overwrite: true source_project: Network Golden Configs source_path: hosts -controller_hosts: - - name: node1 - inventory: Network Inventory - variables: - ansible_user: rhel - ansible_host: node1 - controller_templates: - name: NETWORK / Configuration organization: Default - inventory: Network Inventory + inventory: Demo Inventory survey_enabled: true project: Network Golden Configs playbook: main.yml @@ -70,7 +63,7 @@ controller_templates: - name: "NETWORK / Report" job_type: check organization: Default - inventory: Network Inventory + inventory: Demo Inventory project: "Ansible official demo project" playbook: "network/report.yml" notification_templates_started: Telemetry @@ -99,7 +92,7 @@ controller_templates: - name: "NETWORK / DISA STIG" job_type: check organization: Default - inventory: Network Inventory + inventory: Demo Inventory project: "Ansible official demo project" playbook: "network/compliance.yml" notification_templates_started: Telemetry From fc6b819aa4e42140a317a923871d4731604000ee Mon Sep 17 00:00:00 2001 From: Todd Ruch Date: Wed, 28 Aug 2024 13:20:12 -0400 Subject: [PATCH 2/8] commented out the IOS XE facts collection until I understand the issue --- network/report.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/network/report.yml b/network/report.yml index 639e8c4ae..52dab83b4 100644 --- a/network/report.yml +++ b/network/report.yml @@ -20,11 +20,11 @@ gather_network_resources: all when: ansible_network_os == 'cisco.nxos.nxos' - - name: Gather all network resource and minimal legacy facts [Cisco IOS XR] - cisco.iosxr.iosxr_facts: - gather_subset: min - gather_network_resources: all - when: ansible_network_os == 'cisco.iosxr.iosxr' + # - name: Gather all network resource and minimal legacy facts [Cisco IOS XR] + # cisco.iosxr.iosxr_facts: + # gather_subset: min + # gather_network_resources: all + # when: ansible_network_os == 'cisco.iosxr.iosxr' # # The dig lookup requires the python 'dnspython' library # - name: Resolve IP address From c4e83639c64aab9edcc0351b1c99e6b6526a94e4 Mon Sep 17 00:00:00 2001 From: Todd Ruch Date: Wed, 28 Aug 2024 13:27:18 -0400 Subject: [PATCH 3/8] removing firewall update task as there is no firewalld installed --- .../patching/roles/report_server/tasks/apache.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml index 0dbae4fab..bfb6d7f91 100644 --- a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml +++ b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml @@ -2,13 +2,13 @@ - name: Include system variables ansible.builtin.include_vars: "{{ ansible_system }}.yml" -- name: Permit traffic in default zone for http service - ansible.posix.firewalld: - service: http - permanent: true - state: enabled - immediate: true - check_mode: false +# - name: Permit traffic in default zone for http service +# ansible.posix.firewalld: +# service: http +# permanent: true +# state: enabled +# immediate: true +# check_mode: false - name: Install httpd package ansible.builtin.yum: From c9db23ff99f0b0fa94513f3ca54d7f04b71039f7 Mon Sep 17 00:00:00 2001 From: Todd Ruch Date: Wed, 28 Aug 2024 15:12:41 -0400 Subject: [PATCH 4/8] updated to print where to go to get the report --- .../demo/patching/roles/report_server/tasks/apache.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml index bfb6d7f91..dc95fdc99 100644 --- a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml +++ b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml @@ -30,8 +30,12 @@ mode: "0644" check_mode: false -- name: Install httpd service +- name: Start httpd service ansible.builtin.service: name: httpd state: started check_mode: false + +- name: Print out where to go for the network report + ansible.builtin.debug: + msg: "Please go here for the network report: http://{{ inventory_host }}/reports/network.html" From 42f4ebab811155c11edb28b376f6599840dd8fa1 Mon Sep 17 00:00:00 2001 From: Todd Ruch Date: Wed, 28 Aug 2024 15:17:13 -0400 Subject: [PATCH 5/8] using the correct variable name now --- .../demo/patching/roles/report_server/tasks/apache.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml index dc95fdc99..5a0df9af2 100644 --- a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml +++ b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml @@ -38,4 +38,4 @@ - name: Print out where to go for the network report ansible.builtin.debug: - msg: "Please go here for the network report: http://{{ inventory_host }}/reports/network.html" + msg: "Please go here for the network report: http://{{ inventory_hostname }}/reports/network.html" From 10eb365685c75410e2e57acdb9aa70593ba45dda Mon Sep 17 00:00:00 2001 From: Todd Ruch Date: Wed, 28 Aug 2024 15:23:02 -0400 Subject: [PATCH 6/8] fixed loop var and added print msg --- .../roles/build_report_network/tasks/main.yml | 19 +++++++++++-------- .../roles/report_server/tasks/apache.yml | 4 +--- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml index 862b0feb4..d0552b209 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml @@ -21,17 +21,20 @@ check_mode: false - name: Copy logos over - ansible.builtin.copy: - src: "{{ item }}" - dest: "{{ file_path }}" - directory_mode: true - mode: "0644" loop: - "webpage_logo.png" - "redhat-ansible-logo.svg" - "router.png" + loop_control: + loop_var: logo + ansible.builtin.copy: + src: "{{ logo }}" + dest: "{{ file_path }}" + directory_mode: true + mode: "0644" + check_mode: false -# - name: Display link to Linux patch report -# ansible.builtin.debug: -# msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/network.html" +- name: Display link to Linux patch report + ansible.builtin.debug: + msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/network.html" diff --git a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml index 5a0df9af2..53f6841ba 100644 --- a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml +++ b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml @@ -36,6 +36,4 @@ state: started check_mode: false -- name: Print out where to go for the network report - ansible.builtin.debug: - msg: "Please go here for the network report: http://{{ inventory_hostname }}/reports/network.html" +... From 7a75c2f77da1e50e49f134c155ea9d10f04afb24 Mon Sep 17 00:00:00 2001 From: Todd Ruch Date: Wed, 28 Aug 2024 17:39:15 -0400 Subject: [PATCH 7/8] updated readme to walk through how to use the three use cases --- network/README.md | 45 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/network/README.md b/network/README.md index 3f2406f4b..558088df3 100644 --- a/network/README.md +++ b/network/README.md @@ -18,12 +18,15 @@ These demos leverage playbooks from a [git repo](https://github.com/nleiva/ansib ### Inventory -These demos leverage "always-on" instances for Cisco IOS, IOSXR, and NXOS from [Cisco DevNet Sandboxes](https://developer.cisco.com/docs/sandbox/#!getting-started/always-on-sandboxes). These instances are shared and do not provide admin access but they are instantly avaible all the time meaning not setup time is required. +These demos leverage "always-on" instances for Cisco IOS, IOSXR, and NXOS from [Cisco DevNet Sandboxes](https://developer.cisco.com/docs/sandbox/#!getting-started/always-on-sandboxes). These instances are shared and do not provide admin access but they are instantly avaible all the time meaning no setup time is required. -A **`Network Inventory`** is created when setting up these demos and a dynamic source is added to populate the Always-On instances. Review the inventory file [here](https://github.com/nleiva/ansible-net-modules/blob/main/hosts). +A **`Demo Inventory`** is created when setting up these demos and a dynamic source is added to populate the Always-On instances. Review the inventory file [here](https://github.com/nleiva/ansible-net-modules/blob/main/hosts). Demo Inventory is the default inventory for **`Product Demos`**. ## Suggested Usage +**NETWORK / Report** - Use this job to gather facts from Cisco Network devices and create a report with information about the device such as code version, along with configuration information about layers 1, 2, and 3. This shows how Ansible can be used to gather facts and build reports. Generating html pages is just one potential output. This information can be used in a number of ways, such as integration with different network management tools. + - to run this you will first need to run the **`Deploy Cloud Stack in AWS`** job template to deploy the report server. This will ask you for an SSH public key. After running this playbook, you will need to add the SSH private key to the **`Demo Credential`** before you can run the report, so it can connect to the report server. + **NETWORK / Configuration** - Use this job to execute different [Ansible Network Resource Modules](https://docs.ansible.com/ansible/latest/network/user_guide/network_resource_modules.html) to deploy golden configs. Below is a list of the different resources the can be configured with a link to their golden config. - [acls](https://github.com/nleiva/ansible-net-modules/blob/main/acls.cfg) - [banner](https://github.com/nleiva/ansible-net-modules/blob/main/banner.cfg) @@ -36,3 +39,41 @@ A **`Network Inventory`** is created when setting up these demos and a dynamic s - [prefix_lists](https://github.com/nleiva/ansible-net-modules/blob/main/prefix_lists.cfg) - [snmp](https://github.com/nleiva/ansible-net-modules/blob/main/snmp.cfg) - [user](https://github.com/nleiva/ansible-net-modules/blob/main/user.cfg) + +**NETWORK / DISA STIG** - Use this job to run the DISA STIG role (in check mode) and show how Ansible can be used for configuration compliance of network devices. Click into tasks to see what is changed for each compliance rule, i.e.: +{ + "changed": true, + "warnings": [ + "To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device" + ], + "commands": [ + "ip http max-connections 2" + ], + "updates": [ + "ip http max-connections 2" + ], + "banners": {}, + "invocation": { + "module_args": { + "defaults": true, + "lines": [ + "ip http max-connections 2" + ], + "match": "line", + "replace": "line", + "multiline_delimiter": "@", + "backup": false, + "save_when": "never", + "src": null, + "parents": null, + "before": null, + "after": null, + "running_config": null, + "intended_config": null, + "backup_options": null, + "diff_against": null, + "diff_ignore_lines": null + } + }, + "_ansible_no_log": false +} \ No newline at end of file From f6997410f2a12d4cbe76d30bedf78233d7383f71 Mon Sep 17 00:00:00 2001 From: Todd Ruch Date: Fri, 30 Aug 2024 17:01:27 -0400 Subject: [PATCH 8/8] Cleaned up comments, line spacing. No functional changes. --- .../roles/build_report_network/tasks/main.yml | 7 +++---- .../roles/report_server/tasks/apache.yml | 8 -------- network/report.yml | 16 ++++++---------- 3 files changed, 9 insertions(+), 22 deletions(-) diff --git a/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml index d0552b209..7cee09f7e 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml @@ -6,19 +6,19 @@ mode: "0755" - name: Create HTML report + check_mode: false ansible.builtin.template: src: report.j2 dest: "{{ file_path }}/network.html" mode: "0644" - check_mode: false - name: Copy CSS over + check_mode: false ansible.builtin.copy: src: "css" dest: "{{ file_path }}" directory_mode: true mode: "0775" - check_mode: false - name: Copy logos over loop: @@ -27,14 +27,13 @@ - "router.png" loop_control: loop_var: logo + check_mode: false ansible.builtin.copy: src: "{{ logo }}" dest: "{{ file_path }}" directory_mode: true mode: "0644" - check_mode: false - - name: Display link to Linux patch report ansible.builtin.debug: msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/network.html" diff --git a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml index 53f6841ba..6fc828798 100644 --- a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml +++ b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml @@ -2,14 +2,6 @@ - name: Include system variables ansible.builtin.include_vars: "{{ ansible_system }}.yml" -# - name: Permit traffic in default zone for http service -# ansible.posix.firewalld: -# service: http -# permanent: true -# state: enabled -# immediate: true -# check_mode: false - - name: Install httpd package ansible.builtin.yum: name: httpd diff --git a/network/report.yml b/network/report.yml index 52dab83b4..6d183bc7c 100644 --- a/network/report.yml +++ b/network/report.yml @@ -20,16 +20,12 @@ gather_network_resources: all when: ansible_network_os == 'cisco.nxos.nxos' - # - name: Gather all network resource and minimal legacy facts [Cisco IOS XR] - # cisco.iosxr.iosxr_facts: - # gather_subset: min - # gather_network_resources: all - # when: ansible_network_os == 'cisco.iosxr.iosxr' - -# # The dig lookup requires the python 'dnspython' library -# - name: Resolve IP address -# ansible.builtin.set_fact: -# ansible_host: "{{ lookup('community.general.dig', inventory_hostname)}}" + - name: Gather all network resource and minimal legacy facts [Cisco IOS XR] + ignore_errors: true + cisco.iosxr.iosxr_facts: + gather_subset: min + gather_network_resources: all + when: ansible_network_os == 'cisco.iosxr.iosxr' - name: Create network reports hosts: "{{ report_server }}"