Ansible verwendet als Template Engine Jinja2. Als Beispiel wird für einen Switch die Radius Konfiguration erzeugt.
Man kann direkt vom Template aus die Konfiguration auf ein Gerät fallen lassen oder so wie in diesem Fall einfach als File speichern.
Eine ausführliche Anleitung was man alles mit der Jinja2 Template Engine machen kann ist unter http://jinja.pocoo.org/docs/2.10/ zu finden.
Template radius_demo.j2:
{% for rad in globals_demo.aaagroup %}
aaa group server radius {{ rad.name }}
{% for server in rad.server %}
server name {{ server }}
{% endfor %}
deadtime {{ rad.deadtime }}
{% endfor %}
{% for server in globals_demo.radiusserver %}
radius server {{ server.name }}
address ipv4 {{ server.address }} auth-port {{ server.authport }} acct-port {{ server.acctport }}
timeout {{ server.timeout }}
retransmit {{ server.retransmit }}
key {{ server.pskkey }}
{% endfor %}
globals_demo.yaml – Konfigdatei mit globalen Variablen welche in das Playbook geladen werden.
---
aaagroup:
- name: DOT1X
server:
- RADIUS1-DOT1X
- RADIUS2-DOT1X
- RADIUS3-DOT1X
- RADIUS4-DOT1X
deadtime: 1
radiusserver:
- name: RADIUS1-DOT1X
address: 192.168.1.101
authport: 1812
acctport: 1813
timeout: 4
retransmit: 3
pskkey: 7 02000B5409071D
- name: RADIUS2-DOT1X
address: 192.168.1.102
authport: 1812
acctport: 1813
timeout: 4
retransmit: 3
pskkey: 7 02000B5409071D
- name: RADIUS3-DOT1X
address: 192.168.1.103
authport: 1812
acctport: 1813
timeout: 4
retransmit: 3
pskkey: 7 02000B5409071D
- name: RADIUS4-DOT1X
address: 192.168.1.104
authport: 1812
acctport: 1813
timeout: 4
retransmit: 3
pskkey: 7 02000B5409071Dconfig_gen.yaml – Das Playbook welches die Konfiguration erzeugen soll
---
- hosts: all
connection: local
gather_facts: False
vars:
cli:
host: "{{ inventory_hostname }}"
username: "{{ ansible_user }}"
password: "{{ ansible_ssh_pass }}"
tasks:
- name: Load globals
include_vars:
file: globals_demo.yaml
name: globals_demo
- name: Generate config
template:
src: radius_demo.j2
dest: "/tmp/out_{{ inventory_hostname }}.cfg"
Testlauf config_gen.yaml Playbook
ansible-playbook -i demo.ini config_gen.yaml -v
PLAY [all] *****************************************************************
TASK [Load globals] ********************************************************
ok: [switch1] => {"ansible_facts": {"globals_demo": {"aaagroup": [{"deadtime": 1, "name": "DOT1X", "server": ["RADIUS1-DOT1X", "RADIUS2-DOT1X", "RADIUS3-DOT1X", "RADIUS4-DOT1X"]}], "radiusserver": [{"acctport": 1813, "address": "192.168.1.101", "authport": 1812, "name": "RADIUS1-DOT1X", "pskkey": "7 02000B5409071D", "retransmit": 3, "timeout": 4}, {"acctport": 1813, "address": "192.168.1.102", "authport": 1812, "name": "RADIUS2-DOT1X", "pskkey": "7 02000B5409071D", "retransmit": 3, "timeout": 4}, {"acctport": 1813, "address": "192.168.1.103", "authport": 1812, "name": "RADIUS3-DOT1X", "pskkey": "7 02000B5409071D", "retransmit": 3, "timeout": 4}, {"acctport": 1813, "address": "192.168.1.104", "authport": 1812, "name": "RADIUS4-DOT1X", "pskkey": "7 02000B5409071D", "retransmit": 3, "timeout": 4}]}}, "ansible_included_var_files": ["/home/ansible/_ansible_cisco_tests/globals_demo.yaml"], "changed": false}
TASK [Generate config] *****************************************************
ok: [switch1] => {"changed": false, "checksum": "b1cac79a0ba981ab398439a9102df687b7932ede", "gid": 1001, "group": "ansible", "mode": "0644", "owner": "ansible", "path": "/tmp/out_switch1.cfg", "size": 715, "state": "file", "uid": 1001}
PLAY RECAP *****************************************************************
switch1 : ok=2 changed=0 unreachable=0 failed=0
Ausgabe out_switch1.cfg
aaa group server radius DOT1X server name RADIUS1-DOT1X server name RADIUS2-DOT1X server name RADIUS3-DOT1X server name RADIUS4-DOT1X deadtime 1 radius server RADIUS1-DOT1X address ipv4 192.168.1.101 auth-port 1812 acct-port 1813 timeout 4 retransmit 3 key 7 02000B5409071D radius server RADIUS2-DOT1X address ipv4 192.168.1.102 auth-port 1812 acct-port 1813 timeout 4 retransmit 3 key 7 02000B5409071D radius server RADIUS3-DOT1X address ipv4 192.168.1.103 auth-port 1812 acct-port 1813 timeout 4 retransmit 3 key 7 02000B5409071D radius server RADIUS4-DOT1X address ipv4 192.168.1.104 auth-port 1812 acct-port 1813 timeout 4 retransmit 3 key 7 02000B5409071D
Möchte man die Konfig direkt auf ein Gerät ausrollen kann man das Playbook wie folgt erweitern:
- name: Apply RADIUS configuration to switch
ios_config:
src: radius_demo.j2
provider: "{{ cli }}"
match: line