This demo uses the Ansible Automation Platform to perform compliance checks on network infrastructure. It uses vendor agnostic settings files to allow configuration/compliance checking against different vendors/models of equipment. These playbooks aren’t just about compliance, they will do: standard configuration of the equipment, compliance testing and alerting, and also remediation.
The method I employ here isn’t the end-all be-all, but it is how a lot of folks do it. Keep in mind that every organization is different, so expect to adjust this to fit your needs.
Video Demo
Files
The Github repo with all of the files are here.
The best way to see how all of the pieces fit together is via the above video(there’s a lot explanation in there). I’m going to cover in depth a couple of specific playbooks.
First I’ll say, this is what my workflow template looks like in my ansible controller:
This corresponds to my main job templates. The order is:
– Run the pre process. This creates a blank file I refer to as the compliance file. As I run though the other playbooks they will fill this file out with anything non compliant.
– NTP configuration playbook. In this one it will determine if it is a Cisco or Arista device, then configure NTP servers based on a regionalized configuration files. If it’s in “compliance mode” it will fill out the compliance file.
– SNMP configuration playbook. This is much the same as the NTP playbook only it’s configuring SNMP community strings.
– The post processing playbook checks if the compliance file is empty. If it is, it does nothing. If there are entries, then that means there were non compliant entries, so it connects to servicenow and generates an incidence based on the contents of the file.
For NTP I first hit this playbook:
In here I’m really looking at the inventory object for each host and determining what network_os they are running. If it is Cisco I call the Cisco specific task file, and if it is Arista, I pull the Arista specific task file.
This is the Cisco specific task file:
In here I build several variables: one variable consists of the currently configured NTP servers on the device, another is the imported server(my source of truth), I then build a variable that is the command format for the new servers(ntp server x.x.x.x), and last I do a diff on the existing and the SoT to find out what servers exist and need to be removed.
I then remove the non compliant servers, and add any servers that should be in place.
If the playbook is run in check mode(a condition where I verify what changes WOULD be made) and I have the “compliance_check” variable defined, then I’ll start the compliance code block. Here I find anything that should be removed and add an entry to the compliance file. Last I find anything that should be added and add it to the compliance file.
Here’s an example of the NTP server file. Again, this is stored as just the raw servers, so it’s easy to take the servers and apply them to each vendors configuration format.
I then do the same for SNMP and last I hit this file for post processing:
In here I load the contents of the compliance file into a variable. If the variable has entries I then use the new ServiceNow collection to create an incident in SNOW with the contents of the file.
Conclusion
While I could create a playbook just for compliance, it is a waste of time/resources for me to do so. If I make one playbook that can provision, detect/alert on compliance, and then perform remediation all with just a little bit of additional effort, then I’m going to do so.
If you would change this for your environment, let me know, I’d like to see how your environment differs.
As always, thanks and happy compliance 😉
It seems these days that at least half of my customers are using SNOW as their ITSM, so I’m always looking for ways to automate against it. RedHat recently launched a new collection that works directly with SNOW. In V1 release is the ability to work with problems, incidents, change requests, and configuration items(which are your CMDB entries). Playing with the collection is nice, but I wanted to do something interesting, so I made a way to use it to import switches into the CMDB in a repeatable manner.
Video Demo
Files
All files can be found here in my public github repo. I’ll start with the template file I’m going to be importing into SNOW. This will more likely be a CSV or something of the like, and perhaps I’ll update this in the future, but for now it’s a simple YAML file:
In the file I’m adding the important bits like name, serial number, IP address, and make/model. I’m using the name as the key, so each will need to be unique in my environment. Believe it or not, The sys_id field is they key in the database, so the system will let me add the exact same device info 100 times if I want to…each having it’s own entry in the database. I always have unique device names, so I’m using that.
Next I’ll look at the main playbook:
I setup a few variables in the vars section, most notably, which CMDB these entries should live in.
Task 1 reads in the file that I’m going to be importing into the database “snow-col-config-template.yml”.
Task 2 reads all of the existing CMDB entries and saves them into the “all_config_items” variable.
The final task loops through each entry to import and calls a sub task. I do this because I need to have a loop with an inner loop, and this is the simplest way to accomplish it.
This is the sub task that’s called for each entry ready from the import file.
This file consists of two tasks.
Task 1 takes each switch at a time and checks to see if it already exists in the database. Again, I’m matching based on name. Now this module isn’t idempotent unfortunately, so when it finds a match, it will show changed each time it runs. This isn’t necessarily a bad thing, in fact it really won’t hurt anything, I’ve just become a fan of idempotent modules(so expect to see the orange “changed” output). The output of this run is saved as a variable.
Task 2 runs and checks the previously created variable and sees if there was a change made. If there was a change made, then I know that the record existed already, so do nothing. If the record didn’t exist, then this task will go ahead and create it. Since this module doesn’t support idempotency I have to check if it already exists, otherwise it will create multiple entries for the same device…and you’ll have a bad time.
Running The Automation In Ansible Automation Platform
To view the CMDB now before I do the run I follow these three steps:
Here’s the output from the launch:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | TASK [Include the file that will be imported into SNOW] ************************
ok: [localhost]
TASK [Read all of the existing CMDB entries and save them to a variable] *******
ok: [localhost]
TASK [Loop to import devices. This calls a sub task for processing] ***********
included: /tmp/awx_1056_3rnj557y/project/snow-col-config-import-sub.yml for localhost
included: /tmp/awx_1056_3rnj557y/project/snow-col-config-import-sub.yml for localhost
included: /tmp/awx_1056_3rnj557y/project/snow-col-config-import-sub.yml for localhost
included: /tmp/awx_1056_3rnj557y/project/snow-col-config-import-sub.yml for localhost
TASK [If sw1 already exists, update it's configuration] ************************
changed: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-22 14:08:44', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '1st lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '111', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '48af32ba07102010d42af03c7c1ed03b', 'skip_sync': 'false', 'device_type': 'switch', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2020-11-09 16:36:58', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000611', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw1', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '145f7e7a07102010d42af03c7c1ed06f', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '1', 'monitor': 'false', 'ip_address': '192.168.51.51', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-22 14:08:48', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '2nd lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '222', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '0d81877607102010d42af03c7c1ed0e9', 'skip_sync': 'false', 'device_type': '', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2020-11-09 16:45:14', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000612', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw2', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '5a61877607102010d42af03c7c1ed0f3', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '1', 'monitor': 'false', 'ip_address': '192.168.51.52', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-21 17:44:42', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '3rd lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '333', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '514aea5f07632010d42af03c7c1ed010', 'skip_sync': 'false', 'device_type': '', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2021-04-21 17:44:42', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000613', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw3', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '954aea5f07632010d42af03c7c1ed00f', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '0', 'monitor': 'false', 'ip_address': '192.168.51.53', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
TASK [sw1 didn't already exist, so create it] **********************************
skipping: [localhost]
TASK [If sw2 already exists, update it's configuration] ************************
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-22 14:08:44', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '1st lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '111', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '48af32ba07102010d42af03c7c1ed03b', 'skip_sync': 'false', 'device_type': 'switch', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2020-11-09 16:36:58', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000611', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw1', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '145f7e7a07102010d42af03c7c1ed06f', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '1', 'monitor': 'false', 'ip_address': '192.168.51.51', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
changed: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-22 14:08:48', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '2nd lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '222', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '0d81877607102010d42af03c7c1ed0e9', 'skip_sync': 'false', 'device_type': '', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2020-11-09 16:45:14', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000612', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw2', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '5a61877607102010d42af03c7c1ed0f3', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '1', 'monitor': 'false', 'ip_address': '192.168.51.52', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-21 17:44:42', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '3rd lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '333', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '514aea5f07632010d42af03c7c1ed010', 'skip_sync': 'false', 'device_type': '', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2021-04-21 17:44:42', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000613', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw3', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '954aea5f07632010d42af03c7c1ed00f', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '0', 'monitor': 'false', 'ip_address': '192.168.51.53', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
TASK [sw2 didn't already exist, so create it] **********************************
skipping: [localhost]
TASK [If sw3 already exists, update it's configuration] ************************
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-22 14:08:44', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '1st lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '111', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '48af32ba07102010d42af03c7c1ed03b', 'skip_sync': 'false', 'device_type': 'switch', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2020-11-09 16:36:58', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000611', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw1', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '145f7e7a07102010d42af03c7c1ed06f', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '1', 'monitor': 'false', 'ip_address': '192.168.51.51', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-22 14:08:48', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '2nd lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '222', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '0d81877607102010d42af03c7c1ed0e9', 'skip_sync': 'false', 'device_type': '', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2020-11-09 16:45:14', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000612', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw2', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '5a61877607102010d42af03c7c1ed0f3', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '1', 'monitor': 'false', 'ip_address': '192.168.51.52', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
changed: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-21 17:44:42', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '3rd lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '333', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '514aea5f07632010d42af03c7c1ed010', 'skip_sync': 'false', 'device_type': '', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2021-04-21 17:44:42', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000613', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw3', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '954aea5f07632010d42af03c7c1ed00f', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '0', 'monitor': 'false', 'ip_address': '192.168.51.53', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
TASK [sw3 didn't already exist, so create it] **********************************
skipping: [localhost]
TASK [If sw4 already exists, update it's configuration] ************************
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-22 14:08:44', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '1st lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '111', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '48af32ba07102010d42af03c7c1ed03b', 'skip_sync': 'false', 'device_type': 'switch', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2020-11-09 16:36:58', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000611', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw1', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '145f7e7a07102010d42af03c7c1ed06f', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '1', 'monitor': 'false', 'ip_address': '192.168.51.51', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-22 14:08:48', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '2nd lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '222', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '0d81877607102010d42af03c7c1ed0e9', 'skip_sync': 'false', 'device_type': '', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2020-11-09 16:45:14', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000612', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw2', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '5a61877607102010d42af03c7c1ed0f3', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '1', 'monitor': 'false', 'ip_address': '192.168.51.52', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
skipping: [localhost] => (item={'attested_date': '', 'can_switch': 'false', 'stack': 'false', 'operational_status': 'operational', 'cpu_manufacturer': '', 'sys_updated_on': '2021-04-21 17:44:42', 'discovery_source': '', 'first_discovered': '', 'due_in': '', 'can_partitionvlans': 'false', 'gl_account': '', 'invoice_number': '', 'sys_created_by': 'admin', 'ram': '', 'warranty_expiration': '', 'cpu_speed': '', 'owned_by': '', 'checked_out': '', 'firmware_manufacturer': '', 'disk_space': '', 'sys_domain_path': '/', 'discovery_proto_id': '', 'maintenance_schedule': '', 'cost_center': '', 'attested_by': '', 'dns_domain': '', 'assigned': '', 'purchase_date': '', 'short_description': '3rd lab switch', 'managed_by': '', 'range': '', 'firmware_version': '', 'can_print': 'false', 'last_discovered': '', 'ports': '', 'sys_class_name': 'cmdb_ci_ip_switch', 'cpu_count': '1', 'manufacturer': 'b7e831bdc0a80169015ae101f3c4d6cd', 'vendor': '', 'can_route': 'false', 'model_number': '3550', 'assigned_to': '', 'start_date': '', 'bandwidth': '', 'serial_number': '333', 'support_group': '', 'correlation_id': '', 'unverified': 'false', 'attributes': '', 'asset': '514aea5f07632010d42af03c7c1ed010', 'skip_sync': 'false', 'device_type': '', 'attestation_score': '', 'sys_updated_by': 'admin', 'sys_created_on': '2021-04-21 17:44:42', 'cpu_type': '', 'sys_domain': 'global', 'install_date': '', 'asset_tag': 'P1000613', 'hardware_substatus': '', 'fqdn': '', 'stack_mode': '', 'change_control': '', 'internet_facing': 'true', 'physical_interface_count': '', 'delivery_date': '', 'hardware_status': 'installed', 'channels': '', 'install_status': 'installed', 'supported_by': '', 'name': 'sw3', 'subcategory': 'IP', 'default_gateway': '', 'assignment_group': '', 'managed_by_group': '', 'can_hub': 'false', 'sys_id': '954aea5f07632010d42af03c7c1ed00f', 'po_number': '', 'checked_in': '', 'sys_class_path': '/!!/!2/!!/!,', 'mac_address': '', 'company': '', 'justification': '', 'department': '', 'snmp_sys_location': '', 'comments': '', 'cost': '', 'sys_mod_count': '0', 'monitor': 'false', 'ip_address': '192.168.51.53', 'model_id': '80af727a07102010d42af03c7c1ed0e3', 'duplicate_of': '', 'sys_tags': '', 'cost_cc': 'USD', 'discovery_proto_type': '', 'order_date': '', 'schedule': '', 'environment': 'production', 'due': '', 'attested': 'false', 'location': '', 'category': 'Hardware', 'fault_count': '0', 'lease_id': ''})
TASK [sw4 didn't already exist, so create it] **********************************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=10 changed=4 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 |
This doesn’t format super well, but you can see the changed options for each one.
Here’s the view after the run:
So my existing devices were updated and new devices were added.
Conclusion
So this isn’t earth shattering, but could be useful if you need to do a one-time or perhaps a regular CMDB update/sync from another system. AAP could pull the CMDB entries from one system, then push them into SNOW. Let me know if you have any questions or comments and happy automating.
This week we have Greg, Mike, and Nick A. chopping it up like hibachi chefs.
**Sponsors**
Sonar.software
Kwikbit.com
Towercoverage.com
**/Sponsors**
This week we talk about:
TR-069 with Nick
Equipment mass configuration options
New MTK V6 beta mentions 100Gb LED for winbox…didn’t think there would be any 100Gb in V6
Zach put out a sweet MTK upgrade playbook for ansible
Justin Wilson and Ryan McAfee are at WISPAmerica this week; say hi to those fools.
Mysterious link flapping…and then it’s gone
Dave Taht visits Modem.show to talk about things
Ubiquiti building warehouse in Memphis – boosting direct to customer sales
ROS Jitter?
AS8003?
O365 Missing Shared Mailboxes?
What do you do about moon lighting?
Here’s the video:(if you don’t see it, hit refresh)
I recently had a customer ask about how you could present a user with a form they fill out, then that info would be used to complete a template for say a webserver; the simple answer is to use the survey feature in Tower(also sometimes called control in the Ansible Automation Platform).
Demo Video
Resources:
First, my playbook and template can be found here.
The template file is pretty straight forward:
There’s three variables serv_name, option1, and option2 that will be replaced at runtime with the results of the survey.
The playbook is equally simple:
There is really only a single task that really does anything and it is the template task. It calls the survey-template.conf.j2 file, does variable replacement, and then sticks it in the file_loc path.
The remaining two tasks read the file into a variable, then display it. In a real scenario the template file would push the configuration to a server, then perform a restart of the service in question.
Tower/Control:
From the templates section I create a new job template with info to my inventory, credentials, project, and playbook:
Next I click the “add survey” button:
Last I create three entries, each corresponding to a different variable. The survey info is passed at runtime as extra variables.
Now the template can be launched and the info filled out:
I can now see the output of the run in all its glory:
Conclusion:
I hope you can see how info can be gathered via a survey and easily injected into your playbooks to perform any kind of automation you can dream up.
Thanks and happy surveying.
This week we have Greg, Mike, and Tommy C doing a lot of discussion…which I like.
**Sponsors**
Sonar.software
Kwikbit.com
Towercoverage.com
**/Sponsors**
This week we talk about:
Prevent rogue DHCP servers
unforgivable bad wisp habits
April Fools Clearing
Starlink no plans for tiered consumer plans
DFS
Towers By Airports
Thrift created a new channel called stonks, and I couldn’t care less, but the name makes me LOL
Ubiquiti breach – again (same breach, more info)
Here’s the video:(if you don’t see it, hit refresh)
This week we have Greg, Mike, Nick, and the best hair in the business Andrew Thrift(AKA Little Alex Horne). Big thanks to Tommy C for taking one for the team!
**Sponsors**
Sonar.software
Kwikbit.com
Towercoverage.com
**/Sponsors**
This week we talk about:
CRS504/CRS518 and CCR2016/CCR2116 …speculations?
Thrifty thoughts on security
automation in security
IBM QRadar has a community edition appliance
I’m going to use PFSense as my workshop firewall
How internet congestion control works – bufferbloat
Midwest-IX Router Upgrade
QSFP28-100G DWDM
Here’s the video:(if you don’t see it, hit refresh)
This week we have Greg, Mike, and Tommy C. Apologies in advance, I’ve not been feeling too well and the last 30 minutes or so I kinda crashed(so big thanks to T-Cent and Mike for carrying me).
**Sponsors**
Sonar.software
Kwikbit.com
Towercoverage.com
**/Sponsors**
This week we talk about:
Greg’s conversation podcast with random interesting people
Tommy’s CCR2004 V7.1 adventures
MTK CRS317 to CRS328 failure
Mikrotik newsletter 99
100G-FR?
CHR License
Core, Border, Route Reflector, etc.
Mike vs Ransomware
Here’s the video:(if you don’t see it, hit refresh)