āĻšā§ āĻšāĻžāĻŦāĻ°!
āĻ¸āĻŽā§āĻĒā§āĻ°āĻ¤āĻŋ āĻāĻāĻāĻŋ āĻ¨āĻŋāĻŦāĻ¨ā§āĻ§ āĻāĻāĻžāĻ¨ā§ āĻĒāĻĒ āĻāĻĒ
āĻāĻ āĻ§āĻ°āĻ¨ā§āĻ° āĻāĻžāĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻŋ āĻĒā§āĻ°āĻĨāĻŽ āĻŦāĻžāĻāĻ āĻ¨āĻ¯āĻŧāĨ¤ āĻĒā§āĻ°āĻĨāĻŽ āĻŦāĻŋāĻāĻ˛ā§āĻĒāĻāĻŋ āĻŦā§āĻļ āĻāĻ¯āĻŧā§āĻ āĻŦāĻāĻ° āĻāĻā§ āĻŦāĻžāĻ¸ā§āĻ¤āĻŦāĻžāĻ¯āĻŧāĻŋāĻ¤ āĻšāĻ¯āĻŧā§āĻāĻŋāĻ˛ ansible āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ 1.x.x āĻ¸āĻžāĻāĻā§āĻ˛āĻāĻŋ āĻā§āĻŦ āĻāĻŽāĻ āĻŦā§āĻ¯āĻŦāĻšā§āĻ¤ āĻšāĻ¤ āĻāĻŦāĻ āĻ¤āĻžāĻ āĻā§āĻ°āĻŽāĻžāĻāĻ¤ āĻŽāĻ°āĻŋāĻāĻž āĻ§āĻ°ā§āĻāĻŋāĻ˛āĨ¤ āĻāĻ āĻ āĻ°ā§āĻĨā§ āĻ¯ā§ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖāĻā§āĻ˛āĻŋ āĻ¯āĻ¤āĻŦāĻžāĻ° āĻāĻĒāĻĄā§āĻ āĻāĻ°āĻž āĻšāĻ¯āĻŧ āĻ¤āĻ¤āĻŦāĻžāĻ° āĻāĻžāĻāĻāĻŋ āĻ¨āĻŋāĻā§āĻ āĻāĻĻā§āĻā§āĻ¤ āĻšāĻ¯āĻŧ āĻ¨āĻž ansible. āĻāĻŦāĻ āĻ¯āĻ¤āĻŦāĻžāĻ°āĻ āĻāĻžāĻĄāĻŧāĻŋ āĻāĻžāĻ˛āĻžāĻ¤ā§ āĻšāĻŦā§, āĻā§āĻāĻ¨ āĻĒāĻĄāĻŧā§ āĻ¯āĻžāĻ¯āĻŧ āĻŦāĻž āĻāĻžāĻāĻž āĻĒāĻĄāĻŧā§ āĻ¯āĻžāĻ¯āĻŧāĨ¤ āĻ¯āĻžāĻāĻšā§āĻ, āĻĒā§āĻ°āĻĨāĻŽ āĻ āĻāĻļ, āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻž, āĻ¸āĻŦāĻ¸āĻŽāĻ¯āĻŧ āĻā§āĻŦ āĻ¸ā§āĻĒāĻˇā§āĻāĻāĻžāĻŦā§ āĻāĻžāĻ āĻāĻ°ā§, āĻāĻžāĻā§āĻ¯āĻā§āĻ°āĻŽā§ āĻāĻŋāĻā§āĻāĻžā§¨ āĻāĻā§āĻāĻŋāĻ¨ āĻĻā§āĻ°ā§āĻāĻ¸ā§āĻĨāĻžāĻ¯āĻŧā§āĨ¤ āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻĻā§āĻŦāĻŋāĻ¤ā§āĻ¯āĻŧ āĻ āĻāĻļ - āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°āĻā§āĻ˛āĻŋ āĻ°ā§āĻ˛āĻŋāĻ āĻāĻāĻ - āĻ¸āĻžāĻ§āĻžāĻ°āĻŖāĻ¤ āĻāĻŽāĻ āĻ¨āĻŋāĻ¯āĻŧā§ āĻāĻ¸ā§āĨ¤ āĻāĻŦāĻ āĻ¯ā§āĻšā§āĻ¤ā§ āĻāĻŽāĻžāĻā§ āĻāĻ¨āĻĢāĻŋāĻāĻāĻŋ āĻĻā§āĻ°āĻŦāĻ°ā§āĻ¤ā§āĻāĻžāĻŦā§ āĻ āĻ°ā§āĻ§āĻļāĻ¤ āĻĄāĻŋāĻāĻžāĻāĻ¸ā§ āĻ°ā§āĻ˛ āĻāĻāĻ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§, āĻ¯āĻžāĻ° āĻŽāĻ§ā§āĻ¯ā§ āĻāĻ¯āĻŧā§āĻāĻāĻŋ āĻšāĻžāĻāĻžāĻ° āĻšāĻžāĻāĻžāĻ° āĻāĻŋāĻ˛ā§āĻŽāĻŋāĻāĻžāĻ° āĻĻā§āĻ°ā§ āĻ āĻŦāĻ¸ā§āĻĨāĻŋāĻ¤, āĻāĻ āĻ¸āĻ°āĻā§āĻāĻžāĻŽāĻāĻŋ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻž āĻāĻŋāĻā§āĻāĻž āĻŦāĻŋāĻ°āĻā§āĻ¤āĻŋāĻāĻ° āĻāĻŋāĻ˛āĨ¤
āĻāĻāĻžāĻ¨ā§ āĻāĻŽāĻžāĻā§ āĻ āĻŦāĻļā§āĻ¯āĻ āĻ¸ā§āĻŦā§āĻāĻžāĻ° āĻāĻ°āĻ¤ā§ āĻšāĻŦā§ āĻ¯ā§ āĻāĻŽāĻžāĻ° āĻ āĻ¨āĻŋāĻļā§āĻāĻ¯āĻŧāĻ¤āĻž āĻ¸āĻŽā§āĻāĻŦāĻ¤ āĻāĻŽāĻžāĻ° āĻĒāĻ°āĻŋāĻāĻŋāĻ¤āĻŋāĻ° āĻ āĻāĻžāĻŦā§āĻ° āĻŽāĻ§ā§āĻ¯ā§ āĻ°āĻ¯āĻŧā§āĻā§ ansibleāĻ¤āĻžāĻ° āĻ¤ā§āĻ°ā§āĻāĻŋāĻā§āĻ˛āĻŋāĻ° āĻ¤ā§āĻ˛āĻ¨āĻžāĻ¯āĻŧ āĻāĻŦāĻ āĻāĻ, āĻāĻĒāĻžāĻ¯āĻŧ āĻĻā§āĻŦāĻžāĻ°āĻž, āĻāĻāĻāĻŋ āĻā§āĻ°ā§āĻ¤ā§āĻŦāĻĒā§āĻ°ā§āĻŖ āĻĒāĻ¯āĻŧā§āĻ¨ā§āĻ. ansible āĻ¸āĻŽā§āĻĒā§āĻ°ā§āĻŖ āĻāĻ˛āĻžāĻĻāĻž, āĻ¨āĻŋāĻāĻ¸ā§āĻŦ āĻĄāĻŋāĻāĻ¸āĻāĻ˛ (āĻĄā§āĻŽā§āĻ¨ āĻ¸ā§āĻĒā§āĻ¸āĻŋāĻĢāĻŋāĻ āĻ˛ā§āĻ¯āĻžāĻā§āĻā§āĻ¯āĻŧā§āĻ) āĻ¸āĻš āĻ¨āĻŋāĻāĻ¸ā§āĻŦ āĻā§āĻāĻžāĻ¨ā§āĻ° āĻā§āĻˇā§āĻ¤ā§āĻ°, āĻ¯āĻž āĻ āĻŦāĻļā§āĻ¯āĻ āĻāĻ¤ā§āĻŽāĻŦāĻŋāĻļā§āĻŦāĻžāĻ¸ā§ āĻ¸ā§āĻ¤āĻ°ā§ āĻŦāĻāĻžāĻ¯āĻŧ āĻ°āĻžāĻāĻ¤ā§ āĻšāĻŦā§āĨ¤ āĻāĻ¯āĻŧā§āĻ˛, āĻ¯ā§ āĻŽā§āĻšā§āĻ°ā§āĻ¤ āĻ¯ā§ ansible āĻāĻāĻŋ āĻŦā§āĻļ āĻĻā§āĻ°ā§āĻ¤ āĻŦāĻŋāĻāĻžāĻļ āĻāĻ°āĻā§, āĻāĻŦāĻ āĻĒāĻļā§āĻāĻžāĻĻāĻĒāĻĻ āĻ¸āĻžāĻŽāĻā§āĻāĻ¸ā§āĻ¯ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻŦāĻŋāĻļā§āĻˇ āĻŦāĻŋāĻŦā§āĻāĻ¨āĻž āĻāĻžāĻĄāĻŧāĻžāĻ āĻāĻāĻŋ āĻāĻ¤ā§āĻŽāĻŦāĻŋāĻļā§āĻŦāĻžāĻ¸ āĻ¯ā§āĻ āĻāĻ°ā§ āĻ¨āĻžāĨ¤
āĻ
āĻ¤āĻāĻŦ, āĻāĻ¤āĻĻāĻŋāĻ¨ āĻāĻā§ āĻ¸āĻžāĻāĻā§āĻ˛ā§āĻ° āĻĻā§āĻŦāĻŋāĻ¤ā§āĻ¯āĻŧ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖāĻāĻŋ āĻŦāĻžāĻ¸ā§āĻ¤āĻŦāĻžāĻ¯āĻŧāĻŋāĻ¤ āĻšāĻ¯āĻŧāĻ¨āĻŋāĨ¤ āĻ āĻŦāĻžāĻ° āĻĒāĻžāĻāĻĨāĻ¨, āĻ
āĻĨāĻŦāĻž āĻŦāĻ°āĻ āĻāĻāĻāĻŋ āĻĢā§āĻ°ā§āĻŽāĻāĻ¯āĻŧāĻžāĻ°ā§āĻā§ āĻ˛āĻŋāĻāĻŋāĻ¤ āĻĒāĻžāĻāĻĨāĻ¨ āĻāĻŦāĻ āĻāĻ¨ā§āĻ¯ āĻĒāĻžāĻāĻĨāĻ¨ āĻ¨āĻžāĻŽ āĻ
āĻ§ā§āĻ¨ā§
āĻ¤āĻžāĻ - āĻ¨āĻ°āĻ¨āĻŋāĻ° āĻ˛ā§āĻāĻž āĻāĻāĻāĻŋ āĻŽāĻžāĻāĻā§āĻ°ā§āĻĢā§āĻ°ā§āĻŽāĻāĻ¯āĻŧāĻžāĻ°ā§āĻ āĻĒāĻžāĻāĻĨāĻ¨ āĻāĻŦāĻ āĻāĻ¨ā§āĻ¯ āĻĒāĻžāĻāĻĨāĻ¨ āĻāĻŦāĻ āĻ āĻā§āĻŽā§āĻļāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻŋāĻāĻžāĻāĻ¨ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§āĨ¤ āĻ¸āĻā§āĻā§ āĻā§āĻˇā§āĻ¤ā§āĻ°ā§ āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻāĻāĻ ansible, āĻāĻāĻžāĻ¨ā§ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻž āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯, āĻāĻĒāĻ¯ā§āĻā§āĻ¤ āĻĄā§āĻāĻž āĻĒā§āĻ°āĻ¸ā§āĻ¤ā§āĻ¤āĻŋāĻ° āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨, āĻ¯ā§āĻŽāĻ¨ āĻšā§āĻ¸ā§āĻā§āĻ° āĻāĻ¨āĻā§āĻ¨ā§āĻāĻ°āĻŋ āĻāĻŦāĻ āĻ¤āĻžāĻĻā§āĻ° āĻĒā§āĻ¯āĻžāĻ°āĻžāĻŽāĻŋāĻāĻžāĻ°, āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻ¸ā§āĻā§āĻ°āĻŋāĻĒā§āĻāĻā§āĻ˛āĻŋ āĻāĻ˛āĻžāĻĻāĻž āĻĄāĻŋāĻāĻ¸āĻāĻ˛ā§ āĻ˛ā§āĻāĻž āĻšāĻ¯āĻŧ āĻ¨āĻž, āĻ¤āĻŦā§ āĻāĻāĻ āĻ¸āĻžāĻĨā§ āĻā§āĻŦ āĻĒā§āĻ°āĻžāĻ¨ā§ āĻ¨āĻ¯āĻŧ, āĻ¤āĻŦā§ āĻā§āĻŦ āĻāĻžāĻ˛ p[i|i]āĻāĻ¨āĨ¤
āĻāĻ¸ā§āĻ¨ āĻ¨āĻŋāĻā§āĻ° āĻ˛āĻžāĻāĻ āĻāĻĻāĻžāĻšāĻ°āĻŖāĻāĻŋ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§ āĻĻā§āĻāĻŋ āĻāĻŋāĨ¤
āĻ¸āĻžāĻ°āĻž āĻĻā§āĻļā§ āĻāĻ¯āĻŧā§āĻ āĻĄāĻāĻ¨ āĻ āĻĢāĻŋāĻ¸ āĻ¸āĻš āĻāĻŽāĻžāĻ° āĻāĻāĻāĻŋ āĻļāĻžāĻāĻž āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻ āĻ°āĻ¯āĻŧā§āĻā§āĨ¤ āĻĒā§āĻ°āĻ¤āĻŋāĻāĻŋ āĻ āĻĢāĻŋāĻ¸ā§ āĻāĻāĻāĻŋ WAN āĻ°āĻžāĻāĻāĻžāĻ° āĻ°āĻ¯āĻŧā§āĻā§ āĻ¯āĻž āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻ āĻĒāĻžāĻ°ā§āĻāĻ° āĻĨā§āĻā§ āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻ¯ā§āĻāĻžāĻ¯ā§āĻā§āĻ° āĻā§āĻ¯āĻžāĻ¨ā§āĻ˛ āĻŦāĻ¨ā§āĻ§ āĻāĻ°ā§ āĻĻā§āĻ¯āĻŧāĨ¤ āĻ°āĻžāĻāĻāĻŋāĻ āĻĒā§āĻ°ā§āĻā§āĻāĻ˛ āĻšāĻ˛ BGP. WAN āĻ°āĻžāĻāĻāĻžāĻ° āĻĻā§āĻāĻŋ āĻ§āĻ°āĻ¨ā§āĻ° āĻāĻ¸ā§: Cisco ISG āĻŦāĻž Juniper SRXāĨ¤
āĻāĻāĻ¨ āĻāĻžāĻāĻāĻŋ: āĻāĻĒāĻ¨āĻžāĻā§ āĻļāĻžāĻāĻž āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻā§āĻ° āĻ¸āĻŽāĻ¸ā§āĻ¤ WAN āĻ°āĻžāĻāĻāĻžāĻ°ā§ āĻāĻāĻāĻŋ āĻĒā§āĻĨāĻ āĻĒā§āĻ°ā§āĻā§ āĻāĻŋāĻĄāĻŋāĻ āĻ¨āĻāĻ°āĻĻāĻžāĻ°āĻŋāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻĄā§āĻĄāĻŋāĻā§āĻā§āĻĄ āĻ¸āĻžāĻŦāĻ¨ā§āĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻ¤ā§ āĻšāĻŦā§ - BGP-āĻ āĻāĻ āĻ¸āĻžāĻŦāĻ¨ā§āĻā§āĻ° āĻŦāĻŋāĻā§āĻāĻžāĻĒāĻ¨ āĻĻāĻŋāĻ¨ - āĻĄā§āĻĄāĻŋāĻā§āĻā§āĻĄ āĻĒā§āĻ°ā§āĻā§āĻ° āĻāĻ¤āĻŋāĻ¸ā§āĻŽāĻž āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°ā§āĻ¨ā§ˇ
āĻĒā§āĻ°āĻĨāĻŽāĻ¤, āĻāĻŽāĻžāĻĻā§āĻ° āĻāĻ¯āĻŧā§āĻāĻāĻŋ āĻā§āĻŽāĻĒā§āĻ˛ā§āĻ āĻĒā§āĻ°āĻ¸ā§āĻ¤ā§āĻ¤ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§, āĻ¯āĻžāĻ° āĻāĻŋāĻ¤ā§āĻ¤āĻŋāĻ¤ā§ āĻ¸āĻŋāĻ¸āĻā§ āĻāĻŦāĻ āĻā§āĻ¨āĻŋāĻĒāĻžāĻ°ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ˛āĻžāĻĻāĻžāĻāĻžāĻŦā§ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻž āĻšāĻŦā§āĨ¤ āĻĒā§āĻ°āĻ¤āĻŋāĻāĻŋ āĻĒāĻ¯āĻŧā§āĻ¨ā§āĻ āĻāĻŦāĻ āĻ¸āĻāĻ¯ā§āĻā§āĻ° āĻĒāĻ°āĻžāĻŽāĻŋāĻ¤āĻŋāĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯ āĻĄā§āĻāĻž āĻĒā§āĻ°āĻ¸ā§āĻ¤ā§āĻ¤ āĻāĻ°āĻžāĻ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨, āĻ¯ā§āĻŽāĻ¨ āĻāĻāĻ āĻāĻžāĻ¯āĻŧ āĻ¸āĻāĻā§āĻ°āĻš āĻāĻ°ā§āĻ¨
āĻ¸āĻŋāĻ¸ā§āĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĒā§āĻ°āĻ¸ā§āĻ¤ā§āĻ¤ āĻā§āĻŽāĻĒā§āĻ˛ā§āĻ:
$ cat templates/ios/base.j2
class-map match-all VIDEO_SURV
match access-group 111
policy-map VIDEO_SURV
class VIDEO_SURV
police 1500000 conform-action transmit exceed-action drop
interface {{ host.task_data.ifname }}
description VIDEOSURV
ip address 10.10.{{ host.task_data.ipsuffix }}.254 255.255.255.0
service-policy input VIDEO_SURV
router bgp {{ host.task_data.asn }}
network 10.40.{{ host.task_data.ipsuffix }}.0 mask 255.255.255.0
access-list 11 permit 10.10.{{ host.task_data.ipsuffix }}.0 0.0.0.255
access-list 111 permit ip 10.10.{{ host.task_data.ipsuffix }}.0 0.0.0.255 any
āĻā§āĻ¨āĻŋāĻĒāĻžāĻ°ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻā§āĻŽāĻĒā§āĻ˛ā§āĻ:
$ cat templates/junos/base.j2
set interfaces {{ host.task_data.ifname }} unit 0 description "Video surveillance"
set interfaces {{ host.task_data.ifname }} unit 0 family inet filter input limit-in
set interfaces {{ host.task_data.ifname }} unit 0 family inet address 10.10.{{ host.task_data.ipsuffix }}.254/24
set policy-options policy-statement export2bgp term 1 from route-filter 10.10.{{ host.task_data.ipsuffix }}.0/24 exact
set security zones security-zone WAN interfaces {{ host.task_data.ifname }}
set firewall policer policer-1m if-exceeding bandwidth-limit 1m
set firewall policer policer-1m if-exceeding burst-size-limit 187k
set firewall policer policer-1m then discard
set firewall policer policer-1.5m if-exceeding bandwidth-limit 1500000
set firewall policer policer-1.5m if-exceeding burst-size-limit 280k
set firewall policer policer-1.5m then discard
set firewall filter limit-in term 1 then policer policer-1.5m
set firewall filter limit-in term 1 then count limiter
āĻā§āĻŽāĻĒā§āĻ˛ā§āĻ, āĻ āĻŦāĻļā§āĻ¯āĻ, āĻĒāĻžāĻ¤āĻ˛āĻž āĻŦāĻžāĻ¤āĻžāĻ¸ āĻĨā§āĻā§ āĻŦā§āĻ°āĻŋāĻ¯āĻŧā§ āĻāĻ¸ā§ āĻ¨āĻžāĨ¤ āĻāĻā§āĻ˛āĻŋ āĻŽā§āĻ˛āĻ¤ āĻāĻžāĻā§āĻ° āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨āĻā§āĻ˛āĻŋāĻ° āĻŽāĻ§ā§āĻ¯ā§ āĻĒāĻžāĻ°ā§āĻĨāĻā§āĻ¯ āĻ¯āĻž āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻŽāĻĄā§āĻ˛ā§āĻ° āĻĻā§āĻāĻŋ āĻ¨āĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āĻ āĻ°āĻžāĻāĻāĻžāĻ°ā§ āĻāĻžāĻ¸ā§āĻ āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ āĻāĻ°āĻžāĻ° āĻĒāĻ°ā§ āĻāĻŋāĻ˛ āĻāĻŦāĻ āĻāĻŋāĻ˛āĨ¤
āĻāĻŽāĻžāĻĻā§āĻ° āĻā§āĻŽāĻĒā§āĻ˛ā§āĻāĻā§āĻ˛āĻŋ āĻĨā§āĻā§ āĻāĻŽāĻ°āĻž āĻĻā§āĻāĻ¤ā§ āĻĒāĻžāĻ āĻ¯ā§ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻāĻŋ āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯, āĻāĻŽāĻžāĻĻā§āĻ° āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻā§āĻ¨āĻŋāĻĒāĻžāĻ°ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĻā§āĻāĻŋ āĻĒā§āĻ¯āĻžāĻ°āĻžāĻŽāĻŋāĻāĻžāĻ° āĻāĻŦāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻ° āĻāĻ¨ā§āĻ¯ 3āĻāĻŋ āĻĒāĻ°āĻžāĻŽāĻŋāĻ¤āĻŋ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§ˇ āĻāĻāĻžāĻ¨ā§ āĻ¤āĻžāĻ°āĻž:
- ifname
- ipsuffix
- āĻāĻāĻ¸āĻāĻ¨
āĻāĻāĻ¨ āĻāĻŽāĻžāĻĻā§āĻ° āĻĒā§āĻ°āĻ¤āĻŋāĻāĻŋ āĻĄāĻŋāĻāĻžāĻāĻ¸ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ āĻĒāĻ°āĻžāĻŽāĻŋāĻ¤āĻŋāĻā§āĻ˛āĻŋ āĻ¸ā§āĻ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§, āĻ¯ā§āĻŽāĻ¨ āĻāĻāĻ āĻāĻŋāĻ¨āĻŋāĻ¸ āĻāĻ°ā§āĻ¨ āĻāĻžāĻ¯āĻŧ.
āĻĨā§āĻā§ āĻāĻžāĻ¯āĻŧ āĻāĻŽāĻ°āĻž āĻĻāĻ¸ā§āĻ¤āĻžāĻŦā§āĻāĻā§āĻ˛āĻŋ āĻāĻ ā§āĻ°āĻāĻžāĻŦā§ āĻ
āĻ¨ā§āĻ¸āĻ°āĻŖ āĻāĻ°āĻŦ
āĻ āĻ°ā§āĻĨāĻžā§, āĻāĻ¸ā§āĻ¨ āĻāĻāĻ āĻĢāĻžāĻāĻ˛ āĻāĻā§āĻāĻžāĻ˛ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻŋ:
.
âââ config.yaml
âââ inventory
â âââ defaults.yaml
â âââ groups.yaml
â âââ hosts.yaml
config.yaml āĻĢāĻžāĻāĻ˛āĻāĻŋ āĻāĻĻāĻ°ā§āĻļ āĻ¨āĻ°ā§āĻ¨āĻŋāĻ° āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻĢāĻžāĻāĻ˛
$ cat config.yaml
---
core:
num_workers: 10
inventory:
plugin: nornir.plugins.inventory.simple.SimpleInventory
options:
host_file: "inventory/hosts.yaml"
group_file: "inventory/groups.yaml"
defaults_file: "inventory/defaults.yaml"
āĻāĻŽāĻ°āĻž āĻĢāĻžāĻāĻ˛ā§āĻ° āĻĒā§āĻ°āĻ§āĻžāĻ¨ āĻĒāĻ°āĻžāĻŽāĻŋāĻ¤āĻŋāĻā§āĻ˛āĻŋ āĻ¨āĻŋāĻ°ā§āĻĻā§āĻļ āĻāĻ°āĻŦ hosts.yaml, āĻā§āĻ°ā§āĻĒ (āĻāĻŽāĻžāĻ° āĻā§āĻˇā§āĻ¤ā§āĻ°ā§ āĻāĻā§āĻ˛āĻŋ āĻ˛āĻāĻāĻ¨/āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ) āĻāĻ¨ group.yamlāĻāĻŦāĻ āĻŽāĻ§ā§āĻ¯ā§ defaults.yaml āĻāĻŽāĻ°āĻž āĻāĻŋāĻā§ āĻāĻā§āĻāĻŋāĻ¤ āĻāĻ°āĻŦ āĻ¨āĻž, āĻ¤āĻŦā§ āĻāĻĒāĻ¨āĻžāĻā§ āĻ¸ā§āĻāĻžāĻ¨ā§ āĻ¤āĻŋāĻ¨āĻāĻŋ āĻŦāĻŋāĻ¯āĻŧā§āĻ āĻ˛āĻŋāĻāĻ¤ā§ āĻšāĻŦā§ - āĻāĻāĻŋ āĻ¨āĻŋāĻ°ā§āĻĻā§āĻļ āĻāĻ°ā§ āĻāĻ¯āĻŧāĻžāĻŽāĻ˛ āĻ¯āĻĻāĻŋāĻ āĻĢāĻžāĻāĻ˛āĻāĻŋ āĻāĻžāĻ˛āĻŋāĨ¤
hosts.yaml āĻĻā§āĻāĻ¤ā§ āĻāĻāĻ°āĻāĻŽ:
---
srx-test:
hostname: srx-test
groups:
- juniper
data:
task_data:
ifname: fe-0/0/2
ipsuffix: 111
cisco-test:
hostname: cisco-test
groups:
- cisco
data:
task_data:
ifname: GigabitEthernet0/1/1
ipsuffix: 222
asn: 65111
āĻāĻŦāĻ āĻāĻāĻžāĻ¨ā§ group.yaml:
---
cisco:
platform: ios
username: admin1
password: cisco1
juniper:
platform: junos
username: admin2
password: juniper2
āĻāĻāĻžāĻ āĻšāĻ¯ā§āĻāĻŋāĻ˛ āĻāĻžāĻ¯āĻŧ āĻāĻŽāĻžāĻĻā§āĻ° āĻāĻžāĻā§āĻ° āĻāĻ¨ā§āĻ¯āĨ¤ āĻāĻ°āĻŽā§āĻ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ, āĻāĻ¨āĻā§āĻ¨ā§āĻāĻ°āĻŋ āĻĢāĻžāĻāĻ˛ā§āĻ° āĻĒāĻ°āĻžāĻŽāĻŋāĻ¤āĻŋāĻā§āĻ˛āĻŋ āĻ āĻŦāĻā§āĻā§āĻ āĻŽāĻĄā§āĻ˛ā§ āĻŽā§āĻ¯āĻžāĻĒ āĻāĻ°āĻž āĻšāĻ¯āĻŧ āĻāĻ¨āĻā§āĻ¨ā§āĻāĻ°āĻŋ āĻāĻ˛āĻŋāĻŽā§āĻ¨ā§āĻ.
āĻ¸ā§āĻĒāĻ¯āĻŧāĻ˛āĻžāĻ°ā§āĻ° āĻ¨ā§āĻā§ InventoryElement āĻŽāĻĄā§āĻ˛ā§āĻ° āĻāĻāĻāĻŋ āĻāĻŋāĻ¤ā§āĻ° āĻ°āĻ¯āĻŧā§āĻā§
print(json.dumps(InventoryElement.schema(), indent=4))
{
"title": "InventoryElement",
"type": "object",
"properties": {
"hostname": {
"title": "Hostname",
"type": "string"
},
"port": {
"title": "Port",
"type": "integer"
},
"username": {
"title": "Username",
"type": "string"
},
"password": {
"title": "Password",
"type": "string"
},
"platform": {
"title": "Platform",
"type": "string"
},
"groups": {
"title": "Groups",
"default": [],
"type": "array",
"items": {
"type": "string"
}
},
"data": {
"title": "Data",
"default": {},
"type": "object"
},
"connection_options": {
"title": "Connection_Options",
"default": {},
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/ConnectionOptions"
}
}
},
"definitions": {
"ConnectionOptions": {
"title": "ConnectionOptions",
"type": "object",
"properties": {
"hostname": {
"title": "Hostname",
"type": "string"
},
"port": {
"title": "Port",
"type": "integer"
},
"username": {
"title": "Username",
"type": "string"
},
"password": {
"title": "Password",
"type": "string"
},
"platform": {
"title": "Platform",
"type": "string"
},
"extras": {
"title": "Extras",
"type": "object"
}
}
}
}
}
āĻāĻ āĻŽāĻĄā§āĻ˛āĻāĻŋ āĻāĻāĻā§ āĻŦāĻŋāĻā§āĻ°āĻžāĻ¨ā§āĻ¤āĻŋāĻāĻ° āĻĻā§āĻāĻžāĻ¤ā§ āĻĒāĻžāĻ°ā§, āĻŦāĻŋāĻļā§āĻˇ āĻāĻ°ā§ āĻĒā§āĻ°āĻĨāĻŽā§āĨ¤ āĻāĻāĻŋ āĻŦā§āĻ° āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯, āĻāĻ¨ā§āĻāĻžāĻ°ā§āĻā§āĻāĻŋāĻ āĻŽā§āĻĄ āĻāĻ¨ āĻ āĻāĻāĻ°.
$ ipython3
Python 3.6.9 (default, Nov 7 2019, 10:44:02)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.1.1 -- An enhanced Interactive Python. Type '?' for help.
In [1]: from nornir import InitNornir
In [2]: nr = InitNornir(config_file="config.yaml", dry_run=True)
In [3]: nr.inventory.hosts
Out[3]:
{'srx-test': Host: srx-test, 'cisco-test': Host: cisco-test}
In [4]: nr.inventory.hosts['srx-test'].data
Out[4]: {'task_data': {'ifname': 'fe-0/0/2', 'ipsuffix': 111}}
In [5]: nr.inventory.hosts['srx-test']['task_data']
Out[5]: {'ifname': 'fe-0/0/2', 'ipsuffix': 111}
In [6]: nr.inventory.hosts['srx-test'].platform
Out[6]: 'junos'
āĻāĻŦāĻ āĻ
āĻŦāĻļā§āĻˇā§, āĻ¸ā§āĻā§āĻ°āĻŋāĻĒā§āĻ āĻ¨āĻŋāĻā§āĻ āĻāĻāĻŋāĻ¯āĻŧā§ āĻāĻ˛ā§āĻ¨. āĻāĻāĻžāĻ¨ā§ āĻāĻŽāĻžāĻ° āĻŦāĻŋāĻļā§āĻˇ āĻāĻ°ā§āĻŦ āĻāĻ°āĻžāĻ° āĻāĻŋāĻā§ āĻ¨ā§āĻāĨ¤ āĻāĻŽāĻŋ āĻļā§āĻ§ā§ āĻĨā§āĻā§ āĻāĻāĻāĻŋ āĻ°ā§āĻĄāĻŋāĻŽā§āĻĄ āĻāĻĻāĻžāĻšāĻ°āĻŖ āĻ¨āĻŋāĻ¯āĻŧā§āĻāĻŋ
from nornir import InitNornir
from nornir.plugins.tasks import networking, text
from nornir.plugins.functions.text import print_title, print_result
def config_and_deploy(task):
# Transform inventory data to configuration via a template file
r = task.run(task=text.template_file,
name="Base Configuration",
template="base.j2",
path=f"templates/{task.host.platform}")
# Save the compiled configuration into a host variable
task.host["config"] = r.result
# Save the compiled configuration into a file
with open(f"configs/{task.host.hostname}", "w") as f:
f.write(r.result)
# Deploy that configuration to the device using NAPALM
task.run(task=networking.napalm_configure,
name="Loading Configuration on the device",
replace=False,
configuration=task.host["config"])
nr = InitNornir(config_file="config.yaml", dry_run=True) # set dry_run=False, cross your fingers and run again
# run tasks
result = nr.run(task=config_and_deploy)
print_result(result)
āĻĒāĻ°āĻžāĻŽāĻŋāĻ¤āĻŋ āĻŽāĻ¨ā§āĻ¯ā§āĻ āĻĻāĻŋāĻ¨ dry_run=āĻ¸āĻ¤ā§āĻ¯ āĻ˛āĻžāĻāĻ¨ āĻ
āĻŦāĻā§āĻā§āĻ āĻāĻ¨āĻŋāĻļāĻŋāĻ¯āĻŧāĻžāĻ˛āĻžāĻāĻā§āĻļāĻ¨ā§ nr.
āĻāĻāĻžāĻ¨ā§ āĻ¯ā§āĻŽāĻ¨ āĻāĻāĻ ansible āĻāĻāĻāĻŋ āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻāĻžāĻ˛āĻžāĻ¨ā§ āĻšāĻ¯āĻŧā§āĻā§ āĻ¯ā§āĻāĻžāĻ¨ā§ āĻ°āĻžāĻāĻāĻžāĻ°ā§āĻ° āĻ¸āĻžāĻĨā§ āĻāĻāĻāĻŋ āĻ¸āĻāĻ¯ā§āĻ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§, āĻāĻāĻāĻŋ āĻ¨āĻ¤ā§āĻ¨ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻŋāĻ¤ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻĒā§āĻ°āĻ¸ā§āĻ¤ā§āĻ¤ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§, āĻ¯āĻž āĻĒāĻ°ā§ āĻĄāĻŋāĻāĻžāĻāĻ¸ āĻĻā§āĻŦāĻžāĻ°āĻž āĻ¯āĻžāĻāĻžāĻ āĻāĻ°āĻž āĻšāĻ¯āĻŧ (āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻāĻāĻŋ āĻ¨āĻŋāĻļā§āĻāĻŋāĻ¤ āĻ¨āĻ¯āĻŧ; āĻāĻāĻŋ āĻĄāĻŋāĻāĻžāĻāĻ¸ āĻ¸āĻŽāĻ°ā§āĻĨāĻ¨ āĻāĻŦāĻ NAPALM-āĻ āĻĄā§āĻ°āĻžāĻāĻāĻžāĻ° āĻŦāĻžāĻ¸ā§āĻ¤āĻŦāĻžāĻ¯āĻŧāĻ¨ā§āĻ° āĻāĻĒāĻ° āĻ¨āĻŋāĻ°ā§āĻāĻ° āĻāĻ°ā§) , āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻ¨āĻ¤ā§āĻ¨ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻ¸āĻ°āĻžāĻ¸āĻ°āĻŋ āĻĒā§āĻ°āĻ¯āĻŧā§āĻ āĻāĻ°āĻž āĻšāĻ¯āĻŧ āĻ¨āĻžāĨ¤ āĻ¯ā§āĻĻā§āĻ§ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°ā§āĻ° āĻāĻ¨ā§āĻ¯, āĻāĻĒāĻ¨āĻžāĻā§ āĻ
āĻŦāĻļā§āĻ¯āĻ āĻĒā§āĻ¯āĻžāĻ°āĻžāĻŽāĻŋāĻāĻžāĻ°āĻāĻŋ āĻ¸āĻ°āĻŋāĻ¯āĻŧā§ āĻĢā§āĻ˛āĻ¤ā§ āĻšāĻŦā§ āĻļā§āĻˇā§āĻ_āĻ°āĻžāĻ¨ āĻ
āĻĨāĻŦāĻž āĻāĻ° āĻŽāĻžāĻ¨ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°ā§āĻ¨ āĻŽāĻŋāĻĨā§āĻ¯āĻž.
āĻ¯āĻāĻ¨ āĻ¸ā§āĻā§āĻ°āĻŋāĻĒā§āĻāĻāĻŋ āĻāĻžāĻ°ā§āĻ¯āĻāĻ° āĻāĻ°āĻž āĻšāĻ¯āĻŧ, āĻ¤āĻāĻ¨ Nornir āĻāĻ¨āĻ¸ā§āĻ˛ā§ āĻŦāĻŋāĻ¸ā§āĻ¤āĻžāĻ°āĻŋāĻ¤ āĻ˛āĻ āĻāĻāĻāĻĒā§āĻ āĻāĻ°ā§āĨ¤
āĻ¸ā§āĻĒāĻ¯āĻŧāĻ˛āĻžāĻ°ā§āĻ° āĻ¨ā§āĻā§ āĻĻā§āĻāĻŋ āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻ°āĻžāĻāĻāĻžāĻ°ā§ āĻāĻžāĻ˛āĻžāĻ¨ā§ āĻāĻāĻāĻŋ āĻ¯ā§āĻĻā§āĻ§ā§āĻ° āĻāĻāĻāĻĒā§āĻ āĻ°āĻ¯āĻŧā§āĻā§:
config_and_deploy***************************************************************
* cisco-test ** changed : True *******************************************
vvvv config_and_deploy ** changed : True vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO
---- Base Configuration ** changed : True ------------------------------------- INFO
class-map match-all VIDEO_SURV
match access-group 111
policy-map VIDEO_SURV
class VIDEO_SURV
police 1500000 conform-action transmit exceed-action drop
interface GigabitEthernet0/1/1
description VIDEOSURV
ip address 10.10.222.254 255.255.255.0
service-policy input VIDEO_SURV
router bgp 65001
network 10.10.222.0 mask 255.255.255.0
access-list 11 permit 10.10.222.0 0.0.0.255
access-list 111 permit ip 10.10.222.0 0.0.0.255 any
---- Loading Configuration on the device ** changed : True --------------------- INFO
+class-map match-all VIDEO_SURV
+ match access-group 111
+policy-map VIDEO_SURV
+ class VIDEO_SURV
+interface GigabitEthernet0/1/1
+ description VIDEOSURV
+ ip address 10.10.222.254 255.255.255.0
+ service-policy input VIDEO_SURV
+router bgp 65001
+ network 10.10.222.0 mask 255.255.255.0
+access-list 11 permit 10.10.222.0 0.0.0.255
+access-list 111 permit ip 10.10.222.0 0.0.0.255 any
^^^^ END config_and_deploy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* srx-test ** changed : True *******************************************
vvvv config_and_deploy ** changed : True vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv INFO
---- Base Configuration ** changed : True ------------------------------------- INFO
set interfaces fe-0/0/2 unit 0 description "Video surveillance"
set interfaces fe-0/0/2 unit 0 family inet filter input limit-in
set interfaces fe-0/0/2 unit 0 family inet address 10.10.111.254/24
set policy-options policy-statement export2bgp term 1 from route-filter 10.10.111.0/24 exact
set security zones security-zone WAN interfaces fe-0/0/2
set firewall policer policer-1m if-exceeding bandwidth-limit 1m
set firewall policer policer-1m if-exceeding burst-size-limit 187k
set firewall policer policer-1m then discard
set firewall policer policer-1.5m if-exceeding bandwidth-limit 1500000
set firewall policer policer-1.5m if-exceeding burst-size-limit 280k
set firewall policer policer-1.5m then discard
set firewall filter limit-in term 1 then policer policer-1.5m
set firewall filter limit-in term 1 then count limiter
---- Loading Configuration on the device ** changed : True --------------------- INFO
[edit interfaces]
+ fe-0/0/2 {
+ unit 0 {
+ description "Video surveillance";
+ family inet {
+ filter {
+ input limit-in;
+ }
+ address 10.10.111.254/24;
+ }
+ }
+ }
[edit]
+ policy-options {
+ policy-statement export2bgp {
+ term 1 {
+ from {
+ route-filter 10.10.111.0/24 exact;
+ }
+ }
+ }
+ }
[edit security zones]
security-zone test-vpn { ... }
+ security-zone WAN {
+ interfaces {
+ fe-0/0/2.0;
+ }
+ }
[edit]
+ firewall {
+ policer policer-1m {
+ if-exceeding {
+ bandwidth-limit 1m;
+ burst-size-limit 187k;
+ }
+ then discard;
+ }
+ policer policer-1.5m {
+ if-exceeding {
+ bandwidth-limit 1500000;
+ burst-size-limit 280k;
+ }
+ then discard;
+ }
+ filter limit-in {
+ term 1 {
+ then {
+ policer policer-1.5m;
+ count limiter;
+ }
+ }
+ }
+ }
^^^^ END config_and_deploy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ansible_vault-āĻ āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻ˛ā§āĻāĻžāĻ¨ā§
āĻĒā§āĻ°āĻŦāĻ¨ā§āĻ§ā§āĻ° āĻļā§āĻ°ā§āĻ¤ā§ āĻāĻŽāĻŋ āĻāĻāĻā§ āĻāĻāĻžāĻ°āĻŦā§āĻ°ā§āĻĄā§ āĻāĻŋāĻ¯āĻŧā§āĻāĻŋāĻ˛āĻžāĻŽ ansible, āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻāĻāĻž āĻ¸āĻŦ āĻāĻžāĻ°āĻžāĻĒ āĻ¨āĻž. āĻāĻŽāĻŋ āĻāĻ¸āĻ˛ā§āĻ āĻ¤āĻžāĻĻā§āĻ° āĻĒāĻāĻ¨ā§āĻĻ āĻāĻ°āĻŋ āĻāĻŋāĻ˛āĻžāĻ¨ āĻ¯ā§āĻŽāĻ¨, āĻ¸āĻāĻŦā§āĻĻāĻ¨āĻļā§āĻ˛ āĻ¤āĻĨā§āĻ¯āĻā§ āĻĻā§āĻˇā§āĻāĻŋāĻ° āĻŦāĻžāĻāĻ°ā§ āĻ˛ā§āĻāĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻŋāĻāĻžāĻāĻ¨ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§āĨ¤ āĻāĻŦāĻ āĻ¸āĻŽā§āĻāĻŦāĻ¤ āĻ āĻ¨ā§āĻā§āĻ āĻ˛āĻā§āĻˇā§āĻ¯ āĻāĻ°ā§āĻā§āĻ¨ āĻ¯ā§ āĻāĻŽāĻžāĻĻā§āĻ° āĻāĻžāĻā§ āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¯ā§āĻĻā§āĻ§ āĻ°āĻžāĻāĻāĻžāĻ°ā§āĻ° āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ˛āĻāĻāĻ¨/āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻ°āĻ¯āĻŧā§āĻā§ āĻ¯āĻž āĻāĻāĻāĻŋ āĻĢāĻžāĻāĻ˛ā§ āĻā§āĻ˛āĻž āĻāĻāĻžāĻ°ā§ āĻā§āĻŦāĻ˛āĻā§āĻŦāĻ˛ āĻāĻ°āĻā§ gorups.yaml. āĻāĻāĻž āĻ āĻŦāĻļā§āĻ¯āĻ āĻ¸ā§āĻ¨ā§āĻĻāĻ° āĻ¨āĻž. āĻāĻ° āĻ¸āĻžāĻĨā§ āĻāĻ āĻ¤āĻĨā§āĻ¯ āĻ°āĻā§āĻˇāĻž āĻāĻ°āĻž āĻ¯āĻžāĻ āĻāĻŋāĻ˛āĻžāĻ¨.
āĻāĻ¸ā§āĻ¨ group.yaml āĻĨā§āĻā§ creds.yaml-āĻ āĻĒā§āĻ¯āĻžāĻ°āĻžāĻŽāĻŋāĻāĻžāĻ°āĻā§āĻ˛āĻŋ āĻ¸ā§āĻĨāĻžāĻ¨āĻžāĻ¨ā§āĻ¤āĻ° āĻāĻ°āĻŋ āĻāĻŦāĻ 256-āĻ¸āĻāĻā§āĻ¯āĻžāĻ° āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻ¸āĻš AES20 āĻĻāĻŋāĻ¯āĻŧā§ āĻāĻ¨āĻā§āĻ°āĻŋāĻĒā§āĻ āĻāĻ°āĻŋ:
$ cd inventory
$ cat creds.yaml
---
cisco:
username: admin1
password: cisco1
juniper:
username: admin2
password: juniper2
$ pwgen 20 -N 1 > vault.passwd
ansible-vault encrypt creds.yaml --vault-password-file vault.passwd
Encryption successful
$ cat creds.yaml
$ANSIBLE_VAULT;1.1;AES256
39656463353437333337356361633737383464383231366233386636333965306662323534626131
3964396534396333363939373539393662623164373539620a346565373439646436356438653965
39643266333639356564663961303535353364383163633232366138643132313530346661316533
6236306435613132610a656163653065633866626639613537326233653765353661613337393839
62376662303061353963383330323164633162386336643832376263343634356230613562643533
30363436343465306638653932366166306562393061323636636163373164613630643965636361
34343936323066393763323633336366366566393236613737326530346234393735306261363239
35663430623934323632616161636330353134393435396632663530373932383532316161353963
31393434653165613432326636616636383665316465623036376631313162646435
āĻāĻāĻž āĻ¯ā§ āĻ¸āĻšāĻ. āĻāĻāĻž āĻāĻŽāĻžāĻĻā§āĻ° āĻļā§āĻāĻžāĻ¨ āĻ
āĻŦāĻļā§āĻˇ āĻ¨āĻ°āĻ¨āĻŋāĻ°āĻāĻ āĻĄā§āĻāĻž āĻĒā§āĻ¨āĻ°ā§āĻĻā§āĻ§āĻžāĻ° āĻāĻŦāĻ āĻĒā§āĻ°āĻ¯āĻŧā§āĻ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻ¸ā§āĻā§āĻ°āĻŋāĻĒā§āĻāĨ¤
āĻāĻāĻŋ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯, āĻāĻŽāĻžāĻĻā§āĻ° āĻ¸ā§āĻā§āĻ°āĻŋāĻĒā§āĻā§ āĻĒā§āĻ°āĻžāĻ°āĻŽā§āĻāĻŋāĻ āĻ˛āĻžāĻāĻ¨ā§āĻ° āĻĒāĻ°ā§ nr = InitNornir(config_file=âĻ āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻāĻŋāĻ¤ āĻā§āĻĄ āĻ¯ā§āĻ āĻāĻ°ā§āĻ¨:
...
nr = InitNornir(config_file="config.yaml", dry_run=True) # set dry_run=False, cross your fingers and run again
# enrich Inventory with the encrypted vault data
from ansible_vault import Vault
vault_password_file="inventory/vault.passwd"
vault_file="inventory/creds.yaml"
with open(vault_password_file, "r") as fp:
password = fp.readline().strip()
vault = Vault(password)
vaultdata = vault.load(open(vault_file).read())
for a in nr.inventory.hosts.keys():
item = nr.inventory.hosts[a]
item.username = vaultdata[item.groups[0]]['username']
item.password = vaultdata[item.groups[0]]['password']
#print("hostname={}, username={}, password={}n".format(item.hostname, item.username, item.password))
# run tasks
...
āĻ āĻŦāĻļā§āĻ¯āĻ, vault.passwd āĻāĻŽāĻžāĻ° āĻāĻĻāĻžāĻšāĻ°āĻŖā§āĻ° āĻŽāĻ¤ā§ creds.yaml āĻāĻ° āĻĒāĻžāĻļā§ āĻĨāĻžāĻāĻž āĻāĻāĻŋāĻ¤ āĻ¨āĻ¯āĻŧāĨ¤ āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻā§āĻ˛āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻ āĻŋāĻ āĻāĻā§āĨ¤
āĻāĻāĻ¨ āĻ āĻĒāĻ°ā§āĻ¯āĻ¨ā§āĻ¤āĻ. Cisco + Zabbix āĻāĻ¸āĻā§ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻāĻ°āĻ āĻāĻ¯āĻŧā§āĻāĻāĻŋ āĻ¨āĻŋāĻŦāĻ¨ā§āĻ§ āĻ°āĻ¯āĻŧā§āĻā§, āĻ¤āĻŦā§ āĻāĻāĻŋ āĻ āĻā§āĻŽā§āĻļāĻ¨ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻāĻŋāĻā§āĻāĻž āĻ¨āĻ¯āĻŧāĨ¤ āĻāĻŦāĻ āĻ āĻĻā§āĻ° āĻāĻŦāĻŋāĻˇā§āĻ¯āĻ¤ā§ āĻāĻŽāĻŋ āĻ¸āĻŋāĻ¸āĻā§āĻ¤ā§ RESTCONF āĻ¨āĻŋāĻ¯āĻŧā§ āĻ˛ā§āĻāĻžāĻ° āĻĒāĻ°āĻŋāĻāĻ˛ā§āĻĒāĻ¨āĻž āĻāĻ°āĻāĻŋāĨ¤
āĻāĻ¤ā§āĻ¸: www.habr.com