ansible/roles/aruba/templates/config.j2

; {{ aruba__model }} Configuration Editor; Created on release #{{ aruba__release }}

hostname {{ aruba__hostname | hostname | truncate(32) | enquote }}

include-credentials

{% if aruba__ntp_servers %}
timesync ntp
ntp unicast
{% for addr in aruba__ntp_servers %}
ntp server {{ addr | ipaddr }} iburst
{% endfor %}
{% if aruba__timezone == "Europe/Paris" %}
time daylight-time-rule western-europe
time timezone 60
{% endif %}
{% endif %}

{% for addr in aruba__dns_servers[:2] %}
ip dns server-address priority {{ loop.index }} {{ addr | ipaddr }}
{% endfor %}

{% for domain in aruba__dns_domain_names[:5] %}
ip dns domain-name {{ domain | enquote }}
{% endfor %}

activate provision disable
activate software-update disable

{% if False %}
snmpv3 enable
snmpv3 only
snmpv3 user "re2o"
snmpv3 group ManagerPriv user "re2o" sec-model ver3
snmp-server community "public" Operator
{% endif %}

no cdp run
lldp run

{%
set lldp_disabled =
    aruba__interfaces.keys()
    | difference(aruba__interfaces
                 | dict2items
                 | selectattr("value.lldp", "defined")
                 | selectattr("value.lldp", "==", True)
                 | map(attribute="key"))
    | list
%}
{% if lldp_disabled %}
lldp admin-status {{ lldp_disabled | aruba_ints }} disable
{% endif %}

password manager sha1 {{ aruba__manager_password | hash("sha1") }}
{% if aruba__operator_password is defined %}
password operator sha1 {{ aruba__operator_password | hash("sha1") }}
{% endif %}
#}

{% if aruba__ssh_enabled %}
ip ssh
{# ip ssh cipher aes256–ctr #}
{# ip ssh kex ecdh-sha2-nistp521 #}
{# ip ssh mac hmac-sha2-256 #}
ip ssh filetransfer
{% else %}
no ip ssh
{% endif %}

no telnet-server
no tftp

{% if aruba__rest_enabled %}
{# FIXME: ssl #}
web-management plaintext
rest-interface
{% endif %}

{%
set loop_protect =
    aruba__interfaces
    | dict2items
    | selectattr("value.loop_protect", "defined")
    | selectattr("value.loop_protect")
    | map(attribute="key")
    | list
%}
{% if loop_protect %}
loop-protect disable-timer {{ aruba__loop_protect_disable_timer | int }}
loop-protect transmit-interval {{ aruba__loop_protect_tx_interval | int }}
loop-protect {{ loop_protect | aruba_ints }}
{% endif %}

{% if aruba__default_gateways | ipv4 %}
ip default-gateway {{ aruba__default_gateways | ipv4 | first }}
{% endif %}
{% if aruba__default_gateways | ipv6 %}
{# ipv6 default-gateway {{ aruba__default_gateways | ipv6 | first }} #}
{% endif %}

{% for id, vlan in aruba__vlans.items() %}
vlan {{ id | int }}
{% if vlan.name is defined %}
    name {{ vlan.name | truncate(32) | enquote }}
{% endif %}
{%
set untagged =
    aruba__interfaces
    | dict2items
    | selectattr("value.untagged", "defined")
    | selectattr("value.untagged", "==", id)
    | map(attribute="key")
    | list
%}
{% if untagged %}
    untagged {{ untagged | aruba_ints }}
{% endif %}
{%
set tagged =
    aruba__interfaces
    | dict2items
    | selectattr("value.tagged", "defined")
    | selectattr("value.tagged", "contains", id)
    | map(attribute="key")
    | list
%}
{% if tagged %}
    tagged {{ tagged | aruba_ints }}
{% endif %}
{% if vlan.addresses | default([]) %}
{% for addr in vlan.addresses | ipv4 %}
    ip address {{ addr | ipaddr("host") }}
{% endfor %}
{% for addr in vlan.addresses | ipv6 %}
    ipv6 address {{ addr | ipaddr("host") }}
{% endfor %}
{% else %}
    no ip address
{% endif %}
    exit

{% endfor %}

{% for id, iface in aruba__interfaces.items() %}
interface {{ id | int }}
{% if iface.name is defined %}
    name {{ iface.name | truncate(32) | enquote }}
{% endif %}
{% if iface.enabled | default(True) %}
    enable
{% else %}
    no enable
{% endif %}
{# TODO: split and check speed/duplex #}
{% if iface.speed_duplex is defined %}
    speed-duplex {{ iface.speed_duplex }}
{% endif %}
    no flow-control
    exit

{% endfor %}