Milestone 6
Ansible Setup
Installation
sudo apt install sshpass python3-paramiko git
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible
ansible --version
cat >> ~/.ansible.cfg << EOF
[defaults]
host_key_checking = false
EOF
Inventory
[vyos]
10.0.17.101 hostname=blue1-fw mac=00:50:56:b8:77:a7 wan_ip=10.0.17.200 lan_ip=10.0.5.2 lan=10.0.5.0/24 name_server=10.0.17.4 gateway=10.0.17.2
[vyos:vars]
ansible_python_interpreter=/usr/bin/python3
vyos-config.yaml
- name: vyos network config
hosts: vyos
vars_prompt:
- name: password
prompt: enter your new vyos password
private: true
tasks:
- name: set the password hash fact
set_fact:
password_hash: "{{ password | password_hash('sha512') }}"
- name: load vyos config from template
become: yes
template:
src: files/vyos/config.boot.j2
dest: /config/config.boot
mode: "0775"
owner: root
group: vyattacfg
- name: bounce and end
become: yes
shell: nohup bash -c "/usr/bin/sleep 5 && /usr/sbin/shutdown -r now" &
Config for vyos
interfaces {
ethernet eth0 {
address {{ wan_ip }}/24
}
ethernet eth1 {
address {{ lan_ip }}/24
}
loopback lo {
}
}
nat {
source {
rule 10 {
outbound-interface eth0
source {
address {{ lan }}
}
translation {
address masquerade
}
}
}
}
protcols {
static {
route 0.0.0.0/0 {
next-hop {{ gateway }} {
}
}
}
}
service {
dns {
forwarding {
allow-from {{ lan }}
listen-address {{ lan_ip }}
name-server {{ name_server }}
system
}
}
ssh {
listen-address 0.0.0.0
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
host-name {{ hostname }}
login {
user vyos {
authentication {
encrypted-password {{ password_hash }}
plaintext-password ""
}
}
}
name-server {{ name_server }}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
}