aruba: add minimal (untested) role

2 years ago · 8d596082b3
parent 2e10714a79
commit 8d596082b3
5 changed files with 200 additions and 0 deletions
--- a/filter_plugins/enquote.py
+++ b/filter_plugins/enquote.py
@ -0,0 +1,16 @@
+class FilterModule:
+    def filters(self):
+        return {
+            "enquote": enquote,
+        }
+
+
+def enquote(string, delimiter='"', escape="\\"):
+    translation = str.maketrans(
+        {
+            delimiter: f"{escape}{delimiter}",
+            escape: f"{escape}{escape}",
+        }
+    )
+    escaped = string.translate(translation)
+    return f"{delimiter}{escaped}{delimiter}"
--- a/filter_plugins/list_utils.py
+++ b/filter_plugins/list_utils.py
@ -0,0 +1,9 @@
+class FilterModule:
+    def filters(self):
+        return {
+            "contains": contains,
+        }
+
+
+def contains(a, b):
+    return b in a
--- a/roles/aruba/defaults/main.yml
+++ b/roles/aruba/defaults/main.yml
@ -0,0 +1,9 @@
+---
+aruba__ntp_servers: []
+aruba__vlans: {}
+aruba__interfaces: {}
+aruba__default_gateways: []
+aruba__ssh_enabled: False
+aruba__loop_protect_disable_timer: 30
+aruba__loop_protect_tx_interval: 3
+...
--- a/roles/aruba/tasks/main.yml
+++ b/roles/aruba/tasks/main.yml
@ -0,0 +1,12 @@
+---
+
+- name: Generation configuration
+  set_fact:
+    aruba__config: "{{ lookup('template', './config.j2') }}"
+
+- name: Write configuration
+  delegate_to: localhost
+  copy:
+    content: "{{ aruba__config }}"
+    dest: /tmp/aruba.config
+...
--- a/roles/aruba/templates/config.j2
+++ b/roles/aruba/templates/config.j2
@ -0,0 +1,154 @@
+{{ ansible_managed | comment(decoration="; ") }}
+
+hostname {{ aruba__hostname | enquote }}
+
+include-credentials
+
+{% if aruba__ntp_servers %}
+timesync ntp
+ntp unicast
+{% for address in aruba__ntp_servers %}
+ntp server {{ address | ipaddr }} iburst
+{% endfor %}
+{% if aruba__timezone == "Europe/Paris" %}
+time daylight-time-rule western-europe
+time timezone 60
+{% endif %}
+{% endif %}
+
+{% for address in aruba__dns_servers[:2] %}
+ip dns server-address priority {{ loop.index }} {{ address | ipaddr }}
+{% endfor %}
+
+{% if aruba__dns_domain_name is defined %}
+ip dns domain-name {{ aruba__dns_domain_name | enquote }}
+{% endif %}
+
+; TODO
+{% if False %}
+snmpv3 enable
+snmpv3 only
+snmpv3 user "re2o"
+;snmpv3 group ManagerPriv user "re2o" sec-model ver3
+;snmp-server community "public" Operator
+{% endif %}
+
+no cdp run
+lldp run
+
+{%
+set lldp_enabled =
+    aruba__interfaces
+    | dict2items
+    | selectattr("value.lldp", "defined")
+    | selectattr("value.lldp", "==", True)
+    | map(attribute="key")
+%}
+{%
+set lldp_disabled =
+    aruba__interfaces.keys()
+    | difference(lldp_enabled)
+    | map("int")
+    | list
+%}
+{% if lldp_disabled %}
+lldp admin-status {{ lldp_disabled | join(",") }} disable
+{% endif %}
+
+password manager plaintext {{ aruba__manager_password | enquote }}
+{% if aruba__operator_password is defined %}
+password operator plaintext {{ aruba__operator_password | enquote }}
+{% endif %}
+
+{% if aruba__ssh_enabled %}
+ip ssh
+ip ssh ciphertype aes256–ctr
+ip ssh kex ecdh-sha2-nistp521
+ip ssh mac hmac-sha2-256
+ip ssh filetransfer
+{% else %}
+no ip ssh
+{% endif %}
+
+no telnet-server
+; FIXME: ssl
+web-management plaintext
+rest-interface
+
+{%
+set loop_protect =
+    aruba__interfaces
+    | dict2items
+    | selectattr("value.loop_protect", "defined")
+    | selectattr("value.loop_protect")
+    | map(attribute="key")
+    | map("int")
+    | list
+%}
+{% if loop_protect %}
+loop-protect disable-timer {{ aruba__loop_protect_disable_timer | int }}
+loop-protect transmit-interval {{ aruba__loop_protect_tx_interval | int }}
+loop-protect {{ loop_protect | join(",") }}
+{% endif %}
+
+{% if aruba__default_gateways | ipv4 %}
+ip default-gateway {{ aruba__default_gateways | ipv4 | first }}
+{% endif %}
+{% if aruba__default_gateways | ipv6 %}
+ipv6 default-gateway {{ aruba__default_gateways | ipv6 | first }}
+{% endif %}
+
+{% for id, vlan in aruba__vlans.items() %}
+vlan {{ id | int }}
+{% if vlan.name is defined %}
+    name {{ vlan.name | enquote }}
+{% endif %}
+{%
+set untagged =
+    aruba__interfaces
+    | dict2items
+    | selectattr("value.untagged", "defined")
+    | selectattr("value.untagged", "==", id)
+    | map(attribute="key")
+    | map("int")
+    | list
+%}
+{% if untagged %}
+    untagged {{ untagged | join(",") }}
+{% endif %}
+{%
+set tagged =
+    aruba__interfaces
+    | dict2items
+    | selectattr("value.tagged", "defined")
+    | selectattr("value.tagged", "contains", id)
+    | map(attribute="key")
+    | map("int")
+    | list
+%}
+{% if tagged %}
+    tagged {{ tagged | join(",") }}
+{% endif %}
+{% if vlan.addresses | default([]) %}
+{% for address in vlan.addresses | ipv4 %}
+    ip address {{ address }}
+{% endfor %}
+{% for address in vlan.addresses | ipv6 %}
+    ipv6 address {{ address }}
+{% endfor %}
+{% else %}
+    no ip address
+{% endif %}
+    no flow-control
+    exit
+
+{% endfor %}
+
+{% for id, iface in aruba__interfaces.items() %}
+interface {{ id | int }}
+{% if iface.name is defined %}
+    name {{ iface.name | enquote }}
+{% endif %}
+    exit
+
+{% endfor %}