Milestone 6 Ansible Setup Installation sudo apt install sshpass python3-paramiko git sudo apt-add-repository ppa:ansible/ansible sudo apt update sudo apt install ansible ansible --version cat >> ~/.ansible.cfg << EOF [defaults] host_key_checking = false EOF Inventory [vyos] 10.0.17.101 hostname=blue1-fw mac=00:50:56:b8:77:a7 wan_ip=10.0.17.200 lan_ip=10.0.5.2 lan=10.0.5.0/24 name_server=10.0.17.4 gateway=10.0.17.2 [vyos:vars] ansible_python_interpreter=/usr/bin/python3 vyos-config.yaml - name: vyos network config hosts: vyos vars_prompt: - name: password prompt: enter your new vyos password private: true tasks: - name: set the password hash fact set_fact: password_hash: "{{ password | password_hash('sha512') }}" - name: load vyos config from template become: yes template: src: files/vyos/config.boot.j2 dest: /config/config.boot mode: "0775" owner: root group: vyattacfg - name: bounce and end become: yes shell: nohup bash -c "/usr/bin/sleep 5 && /usr/sbin/shutdown -r now" & Config for vyos interfaces { ethernet eth0 { address {{ wan_ip }}/24 } ethernet eth1 { address {{ lan_ip }}/24 } loopback lo { } } nat { source { rule 10 { outbound-interface eth0 source { address {{ lan }} } translation { address masquerade } } } } protcols { static { route 0.0.0.0/0 { next-hop {{ gateway }} { } } } } service { dns { forwarding { allow-from {{ lan }} listen-address {{ lan_ip }} name-server {{ name_server }} system } } ssh { listen-address 0.0.0.0 } } system { config-management { commit-revisions 100 } conntrack { modules { ftp h323 nfs pptp sip sqlnet tftp } } console { device ttyS0 { speed 115200 } } host-name {{ hostname }} login { user vyos { authentication { encrypted-password {{ password_hash }} plaintext-password "" } } } name-server {{ name_server }} ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } }