Milestone 6.3
Ansible Installation
The following PPA can be used to install Ansible on the Xubuntu system in use for this lab:
sudo apt install sshpass python3-paramiko
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt update && sudo apt install ansibleAdditionally, host key checking can be disabled by placing the following in ~/.ansible.cfg:
[defaults]
host_key_checking = falseVerify Installation
The installation can be verified by executing a ping against a given inventory:
ansible vyos -m ping -i inventory.txt --user vyos -kVyOS Configuration via Ansible
VyOS can be configured via Ansible through a number of different methods. That which is described in this milestone works by copying a templated VyOS configuration file into the proper location, replacing templated variables with those defined in the inventory file.
Inventory file variables may be defined as follows:
[inv_category]
10.0.17.102 var_name=value var2_name=value ...The boot config may then be templated as e.g. config.boot.j2, using Jinja2. The templated base configuration for VyOS used in this milestone is as follows:
interfaces {
ethernet eth0 {
address {{ wan_ip }}/24
}
ethernet eth1 {
address {{ lan_ip }}/24
}
loopback lo {}
}
nat {
source {
rule 10 {
outbound-interface eth0
source {
address {{ lan }}
}
translation {
address masquerade
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop {{ gateway }} {}
}
}
}
service {
dns {
forwarding {
allow-from {{ lan }}
listen-address {{ lan_ip }}
name-server {{ name_server }}
system
}
}
ssh {
listen-address 0.0.0.0
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
host-name {{ hostname }}
login {
user vyos {
authentication {
encrypted-password {{ password_hash }}
plaintext-password ""
}
}
}
name-server {{ name_server }}
ntp {
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}The playbook used with this template is as follows:
---
- name: VyOS Base Configuration
hosts: vyos
vars_prompt:
- name: password
prompt: Enter password for new VyOS configuration
private: true
tasks:
- name: Create password hash (as fact)
ansible.builtin.set_fact:
password_hash: "{{ password | password_hash('sha512') }}"
- name: Copy templated VyOS configuration
become: true
ansible.builtin.template:
src: files/config.boot.j2
dest: /config/config.boot
mode: "0775"
owner: root
group: "vyattacfg"
- name: Restart VyOS target
become: true
ansible.builtin.reboot:
reboot_timeout: 1