There are 100+ devices running VyOS.
Interfaces, firewall rulesets, rules might have different names/numbers.
My goal: remove port restrictions on all firewall rules on all devices.
Any ideas?
Currently all configs get dumped onto control server, so they can be parsed there.
Installing any agents on the devices is not possible.
olofl
April 3, 2020, 8:49am
2
Use Ansible.
Here is an example playbook I use:
- name: VyOS deploy syslog settings
connection: network_cli
gather_facts: False
hosts: vyos
tasks:
- name: Include syslog vars
include_vars:
file: files/syslog.yml
- name: Deploy SNMP on VyOS routers
cli_config:
config: "{{ lookup('template', 'vyos-syslog.j2') }}"
commit_comment: Updated syslog from Ansible.
And the syslog.yml
variables are defined
---
syslog_hosts:
- 172.18.42.12:1521
- 172.23.253.22:1521
And this Jinja2
template will use those variables and push configuration to device.
delete system syslog
set system syslog global facility all level 'debug'
{% for host in syslog_hosts %}
set system syslog host {{host}} facility all level 'debug'
set system syslog host {{host}} facility all protocol 'udp'
{% endfor %}
2 Likes
So in the end of the day this is how I solved it:
Ansible pulls the config file from the device (nothing fashionable here, because nodes don’t have python);
Controller node uses command module to launch a python script that parses and edits the pulled config file on the controller;
Ansible pushes the config file back to the node and applies it there.
system
Closed
May 2, 2020, 7:14am
4
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.