From 8d596082b3d7969c3f0c033d76a0d1d5d9af6eb1 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 5 Sep 2022 07:53:23 +0200 Subject: [PATCH] aruba: add minimal (untested) role --- filter_plugins/enquote.py | 16 ++++ filter_plugins/list_utils.py | 9 ++ roles/aruba/defaults/main.yml | 9 ++ roles/aruba/tasks/main.yml | 12 +++ roles/aruba/templates/config.j2 | 154 ++++++++++++++++++++++++++++++++ 5 files changed, 200 insertions(+) create mode 100644 filter_plugins/enquote.py create mode 100644 filter_plugins/list_utils.py create mode 100644 roles/aruba/defaults/main.yml create mode 100644 roles/aruba/tasks/main.yml create mode 100644 roles/aruba/templates/config.j2 diff --git a/filter_plugins/enquote.py b/filter_plugins/enquote.py new file mode 100644 index 0000000..576bf3f --- /dev/null +++ b/filter_plugins/enquote.py @@ -0,0 +1,16 @@ +class FilterModule: + def filters(self): + return { + "enquote": enquote, + } + + +def enquote(string, delimiter='"', escape="\\"): + translation = str.maketrans( + { + delimiter: f"{escape}{delimiter}", + escape: f"{escape}{escape}", + } + ) + escaped = string.translate(translation) + return f"{delimiter}{escaped}{delimiter}" diff --git a/filter_plugins/list_utils.py b/filter_plugins/list_utils.py new file mode 100644 index 0000000..264a6f1 --- /dev/null +++ b/filter_plugins/list_utils.py @@ -0,0 +1,9 @@ +class FilterModule: + def filters(self): + return { + "contains": contains, + } + + +def contains(a, b): + return b in a diff --git a/roles/aruba/defaults/main.yml b/roles/aruba/defaults/main.yml new file mode 100644 index 0000000..0b4071d --- /dev/null +++ b/roles/aruba/defaults/main.yml @@ -0,0 +1,9 @@ +--- +aruba__ntp_servers: [] +aruba__vlans: {} +aruba__interfaces: {} +aruba__default_gateways: [] +aruba__ssh_enabled: False +aruba__loop_protect_disable_timer: 30 +aruba__loop_protect_tx_interval: 3 +... diff --git a/roles/aruba/tasks/main.yml b/roles/aruba/tasks/main.yml new file mode 100644 index 0000000..0cfb423 --- /dev/null +++ b/roles/aruba/tasks/main.yml @@ -0,0 +1,12 @@ +--- + +- name: Generation configuration + set_fact: + aruba__config: "{{ lookup('template', './config.j2') }}" + +- name: Write configuration + delegate_to: localhost + copy: + content: "{{ aruba__config }}" + dest: /tmp/aruba.config +... diff --git a/roles/aruba/templates/config.j2 b/roles/aruba/templates/config.j2 new file mode 100644 index 0000000..3519f92 --- /dev/null +++ b/roles/aruba/templates/config.j2 @@ -0,0 +1,154 @@ +{{ ansible_managed | comment(decoration="; ") }} + +hostname {{ aruba__hostname | enquote }} + +include-credentials + +{% if aruba__ntp_servers %} +timesync ntp +ntp unicast +{% for address in aruba__ntp_servers %} +ntp server {{ address | ipaddr }} iburst +{% endfor %} +{% if aruba__timezone == "Europe/Paris" %} +time daylight-time-rule western-europe +time timezone 60 +{% endif %} +{% endif %} + +{% for address in aruba__dns_servers[:2] %} +ip dns server-address priority {{ loop.index }} {{ address | ipaddr }} +{% endfor %} + +{% if aruba__dns_domain_name is defined %} +ip dns domain-name {{ aruba__dns_domain_name | enquote }} +{% endif %} + +; TODO +{% if False %} +snmpv3 enable +snmpv3 only +snmpv3 user "re2o" +;snmpv3 group ManagerPriv user "re2o" sec-model ver3 +;snmp-server community "public" Operator +{% endif %} + +no cdp run +lldp run + +{% +set lldp_enabled = + aruba__interfaces + | dict2items + | selectattr("value.lldp", "defined") + | selectattr("value.lldp", "==", True) + | map(attribute="key") +%} +{% +set lldp_disabled = + aruba__interfaces.keys() + | difference(lldp_enabled) + | map("int") + | list +%} +{% if lldp_disabled %} +lldp admin-status {{ lldp_disabled | join(",") }} disable +{% endif %} + +password manager plaintext {{ aruba__manager_password | enquote }} +{% if aruba__operator_password is defined %} +password operator plaintext {{ aruba__operator_password | enquote }} +{% endif %} + +{% if aruba__ssh_enabled %} +ip ssh +ip ssh ciphertype aes256–ctr +ip ssh kex ecdh-sha2-nistp521 +ip ssh mac hmac-sha2-256 +ip ssh filetransfer +{% else %} +no ip ssh +{% endif %} + +no telnet-server +; FIXME: ssl +web-management plaintext +rest-interface + +{% +set loop_protect = + aruba__interfaces + | dict2items + | selectattr("value.loop_protect", "defined") + | selectattr("value.loop_protect") + | map(attribute="key") + | map("int") + | list +%} +{% if loop_protect %} +loop-protect disable-timer {{ aruba__loop_protect_disable_timer | int }} +loop-protect transmit-interval {{ aruba__loop_protect_tx_interval | int }} +loop-protect {{ loop_protect | join(",") }} +{% endif %} + +{% if aruba__default_gateways | ipv4 %} +ip default-gateway {{ aruba__default_gateways | ipv4 | first }} +{% endif %} +{% if aruba__default_gateways | ipv6 %} +ipv6 default-gateway {{ aruba__default_gateways | ipv6 | first }} +{% endif %} + +{% for id, vlan in aruba__vlans.items() %} +vlan {{ id | int }} +{% if vlan.name is defined %} + name {{ vlan.name | enquote }} +{% endif %} +{% +set untagged = + aruba__interfaces + | dict2items + | selectattr("value.untagged", "defined") + | selectattr("value.untagged", "==", id) + | map(attribute="key") + | map("int") + | list +%} +{% if untagged %} + untagged {{ untagged | join(",") }} +{% endif %} +{% +set tagged = + aruba__interfaces + | dict2items + | selectattr("value.tagged", "defined") + | selectattr("value.tagged", "contains", id) + | map(attribute="key") + | map("int") + | list +%} +{% if tagged %} + tagged {{ tagged | join(",") }} +{% endif %} +{% if vlan.addresses | default([]) %} +{% for address in vlan.addresses | ipv4 %} + ip address {{ address }} +{% endfor %} +{% for address in vlan.addresses | ipv6 %} + ipv6 address {{ address }} +{% endfor %} +{% else %} + no ip address +{% endif %} + no flow-control + exit + +{% endfor %} + +{% for id, iface in aruba__interfaces.items() %} +interface {{ id | int }} +{% if iface.name is defined %} + name {{ iface.name | enquote }} +{% endif %} + exit + +{% endfor %}