Milestone 6

Ansible Setup

Installation

sudo apt install sshpass python3-paramiko git
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible
ansible --version
cat >> ~/.ansible.cfg << EOF                                                               
[defaults]
host_key_checking = false
EOF

Inventory

[vyos]
10.0.17.101 hostname=blue1-fw mac=00:50:56:b8:77:a7 wan_ip=10.0.17.200 lan_ip=10.0.5.2 lan=10.0.5.0/24 name_server=10.0.17.4 gateway=10.0.17.2

[vyos:vars]
ansible_python_interpreter=/usr/bin/python3

vyos-config.yaml

- name: vyos network config
  hosts: vyos
  vars_prompt:

  - name: password
    prompt: enter your new vyos password
    private: true
  tasks:
    - name: set the password hash fact
      set_fact:
        password_hash: "{{ password | password_hash('sha512') }}"
    - name:  load vyos config from template
      become: yes
      template:
        src: files/vyos/config.boot.j2
        dest: /config/config.boot
        mode: "0775"
        owner: root
        group: vyattacfg
    - name: bounce and end
      become: yes
      shell: nohup bash -c "/usr/bin/sleep 5 && /usr/sbin/shutdown -r now" &

Config for vyos

interfaces {
    ethernet eth0 {
        address {{ wan_ip }}/24
    }
    ethernet eth1 {
        address {{ lan_ip }}/24
    }
    loopback lo {

    }
}
nat {
    source {
        rule 10 {
            outbound-interface eth0
            source {
                address {{ lan }}
            }
            translation {
                address masquerade
            }
        }
    }
}
protcols {
    static {
        route 0.0.0.0/0 {
            next-hop {{ gateway }} {
            }
        }
    }
}
service {
    dns {
        forwarding {
            allow-from {{ lan }}
            listen-address {{ lan_ip }}
            name-server {{ name_server }}
            system
        }
    }
    ssh {
        listen-address 0.0.0.0
    }
}
system {
    config-management {
        commit-revisions 100
    }
    conntrack {
        modules {
            ftp
            h323
            nfs
            pptp
            sip
            sqlnet
            tftp
        }
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name {{ hostname }}
    login {
        user vyos {
            authentication {
                encrypted-password {{ password_hash }}
                plaintext-password ""
            }
        }
    }
    name-server {{ name_server }}
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
}

Last updated