ansible/roles/aruba/templates/config.j2

{{ ansible_managed | comment(decoration="; ") }}

hostname {{ aruba__hostname | enquote }}

include-credentials

{% if aruba__ntp_servers %}
timesync ntp
ntp unicast
{% for address in aruba__ntp_servers %}
ntp server {{ address | ipaddr }} iburst
{% endfor %}
{% if aruba__timezone == "Europe/Paris" %}
time daylight-time-rule western-europe
time timezone 60
{% endif %}
{% endif %}

{% for address in aruba__dns_servers[:2] %}
ip dns server-address priority {{ loop.index }} {{ address | ipaddr }}
{% endfor %}

{% if aruba__dns_domain_name is defined %}
ip dns domain-name {{ aruba__dns_domain_name | enquote }}
{% endif %}

; TODO
{% if False %}
snmpv3 enable
snmpv3 only
snmpv3 user "re2o"
;snmpv3 group ManagerPriv user "re2o" sec-model ver3
;snmp-server community "public" Operator
{% endif %}

no cdp run
lldp run

{%
set lldp_disabled =
    aruba__interfaces.keys()
    | difference(aruba__interfaces
                 | dict2items
                 | selectattr("value.lldp", "defined")
                 | selectattr("value.lldp", "==", True)
                 | map(attribute="key"))
    | list
%}
{% if lldp_disabled %}
lldp admin-status {{ lldp_disabled | aruba_ints }} disable
{% endif %}

password manager plaintext {{ aruba__manager_password | enquote }}
{% if aruba__operator_password is defined %}
password operator plaintext {{ aruba__operator_password | enquote }}
{% endif %}

{% if aruba__ssh_enabled %}
ip ssh
ip ssh ciphertype aes256–ctr
ip ssh kex ecdh-sha2-nistp521
ip ssh mac hmac-sha2-256
ip ssh filetransfer
{% else %}
no ip ssh
{% endif %}

no telnet-server
; FIXME: ssl
web-management plaintext
rest-interface

{%
set loop_protect =
    aruba__interfaces
    | dict2items
    | selectattr("value.loop_protect", "defined")
    | selectattr("value.loop_protect")
    | map(attribute="key")
    | list
%}
{% if loop_protect %}
loop-protect disable-timer {{ aruba__loop_protect_disable_timer | int }}
loop-protect transmit-interval {{ aruba__loop_protect_tx_interval | int }}
loop-protect {{ loop_protect | aruba_ints }}
{% endif %}

{% if aruba__default_gateways | ipv4 %}
ip default-gateway {{ aruba__default_gateways | ipv4 | first }}
{% endif %}
{% if aruba__default_gateways | ipv6 %}
ipv6 default-gateway {{ aruba__default_gateways | ipv6 | first }}
{% endif %}

{% for id, vlan in aruba__vlans.items() %}
vlan {{ id | int }}
{% if vlan.name is defined %}
    name {{ vlan.name | enquote }}
{% endif %}
{%
set untagged =
    aruba__interfaces
    | dict2items
    | selectattr("value.untagged", "defined")
    | selectattr("value.untagged", "==", id)
    | map(attribute="key")
    | list
%}
{% if untagged %}
    untagged {{ untagged | aruba_ints }}
{% endif %}
{%
set tagged =
    aruba__interfaces
    | dict2items
    | selectattr("value.tagged", "defined")
    | selectattr("value.tagged", "contains", id)
    | map(attribute="key")
    | list
%}
{% if tagged %}
    tagged {{ tagged | aruba_ints }}
{% endif %}
{% if vlan.addresses | default([]) %}
{% for address in vlan.addresses | ipv4 %}
    ip address {{ address }}
{% endfor %}
{% for address in vlan.addresses | ipv6 %}
    ipv6 address {{ address }}
{% endfor %}
{% else %}
    no ip address
{% endif %}
    no flow-control
    exit

{% endfor %}

{% for id, iface in aruba__interfaces.items() %}
interface {{ id | int }}
{% if iface.name is defined %}
    name {{ iface.name | enquote }}
{% endif %}
{% if iface.enabled | default(True) %}
    enable
{% else %}
    no enable
{% endif %}
    exit

{% endfor %}