This week we have Greg, Zach, and Collin Z travel there and back again.
**Sponsors**
Sonar.Software
Towercoverage.com
**/Sponsors**
This week we talk about:
Little Brother Employment Advancement (Proof it’s not a static group!)
Ubiquiti identity management
PoE Switches Capable of Being Powered by PoE
Have we talked Omada yet?
What are we automating these days?
zachs links
collins links
Here’s the video:(if you don’t see it, hit refresh)
A question we get off and on is how to automate the configuration of the Ansible Automation Platform(AAP) in the same way we would any other product. This could be for a lot of reasons, but the one I hear most often is “We need to have change control associated with AAP for compliance…so how do we do that?”
To solve this problem I created a quick bit of automation to demonstrate using AAP to automate its own configuration…a bit meta. In short I create some variable files in my git repository that represent how my AAP controller should be configured. I then have automation that will take those files and idempotently apply them to the controller.
Video Demo
Playbooks And Files
All files can be found in my github repo here.
Variable Files
I’ve got all of my settings stored in separate files in a data model I’ve created. This could technically be in a single file, I just chose to break it out for readability for this demo. Each file really just contains variables in whatever format I chose to put them in.
Here’s the inventory variable file for example(inventory.yml):
1 2 3 4 5 | ---
inv_var:
- name: AWS Inventory
state: present
org: Default |
^^ It’s really just a simple set of variables that define the inventory name, its state, and the org it’s associated to.
Playbook
I built this simple demo into a single playbook. The idea being that I created this idempotently, so I can rerun it multiple times and only the necessary adjustments will be made.
My playbook is as follows(main.yml):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 | ---
- name: config as code demo for AAP
hosts: controller
gather_facts: false
vars:
controller_user: code
controller_pass: codepassword
tasks:
- name: bring in credentials variables
include_vars:
file: cred.yml
run_once: true
- name: manage credentials
ansible.controller.credential:
controller_host: "https://{{ ansible_host }}"
controller_username: "{{ controller_user }}"
controller_password: "{{ controller_pass }}"
name: "{{ item.name }}"
organization: "{{ item.org }}"
description: Added by automation
credential_type: "{{ item.type }}"
state: "{{ item.state }}"
inputs:
# secret key
password: "{{ item.password }}"
# access key
username: "{{ item.username }}"
validate_certs: false
loop: "{{ creds }}"
- name: bring in inventory variables
include_vars:
file: inventory.yml
run_once: true
- name: manage inventories
ansible.controller.inventory:
controller_host: "https://{{ ansible_host }}"
controller_username: "{{ controller_user }}"
controller_password: "{{ controller_pass }}"
name: "{{ item.name }}"
description: Added by automation
state: "{{ item.state }}"
organization: "{{ item.org }}"
validate_certs: false
loop: "{{ inv_var }}"
- name: bring in inventory source variables
include_vars:
file: inventory_source.yml
run_once: true
- name: manage inventory sources
ansible.controller.inventory_source:
controller_host: "https://{{ ansible_host }}"
controller_username: "{{ controller_user }}"
controller_password: "{{ controller_pass }}"
name: "{{ item.name }}"
description: Added via automation
inventory: "{{ item.inventory_name }}"
credential: "{{ item.inventory_credential }}"
overwrite: True
update_on_launch: True
source: "{{ item.source }}"
# source_vars:
# private: false
validate_certs: false
loop: "{{ inv_source }}" |
I won’t walk through it completely, as each small section is really a copy and paste of the previous.
First I load in the variables:
1 2 3 4 | - name: bring in credentials variables
include_vars:
file: cred.yml
run_once: true |
It just simply grabs the file and brings in the variables. It does this only once(that way if I’m updating a cluster of controllers it doesn’t waste time).
Next I use the ansible.controller collection to start placing my configurations. In this case I’m updating credentials so I use the ansible.controller.credential module:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | - name: manage credentials
ansible.controller.credential:
controller_host: "https://{{ ansible_host }}"
controller_username: "{{ controller_user }}"
controller_password: "{{ controller_pass }}"
name: "{{ item.name }}"
organization: "{{ item.org }}"
description: Added by automation
credential_type: "{{ item.type }}"
state: "{{ item.state }}"
inputs:
# secret key
password: "{{ item.password }}"
# access key
username: "{{ item.username }}"
validate_certs: false
loop: "{{ creds }}" |
Here you can see that I’m just quickly looping through the variable that was imported and adding in my configurations.
Conclusion
Once you have an example laid out in front of you, it really is pretty simple. The best options for this is to have as many components as external queryable systems as possible(secrets engines and dynamic inventories). Using these methods you could start treating your AAP configurations just like any other infrastructure as code project.
If you have any questions or comments, please let me know. Thanks and happy automating!
This week we have Greg, Tommy C., and friendly new(almost Canadian) face Zach Biles!
**Sponsors**
Sonar.Software
Towercoverage.com
**/Sponsors**
This week we talk about:
Getting better at git
using git in your environment
batfish
SuzieQ
Arista ZTP blogpost
Mikrotik 100Gb switch CRS504-4XQ-IN
Mikrotik 7.2 stable release
CRS326 port extender mode; if extended switch gets a loop the main switch goes hard down.
Let’s say you wanted to make sure someone could use a cell phone for a video call in the middle of a concert where there is massive 5ghz and 2ghz interference and cell service is also overloaded. What would you do?
Universal Service Fund Administration Testing
Here’s the video:(if you don’t see it, hit refresh)
This week we have Greg, Tommy C., and friendly new(almost Canadian) face Zach Biles!
**Sponsors**
Sonar.Software
Towercoverage.com
**/Sponsors**
This week we talk about:
Getting better at git
using git in your environment
batfish
SuzieQ
Arista ZTP blogpost
Mikrotik 100Gb switch CRS504-4XQ-IN
Mikrotik 7.2 stable release
CRS326 port extender mode; if extended switch gets a loop the main switch goes hard down.
Let’s say you wanted to make sure someone could use a cell phone for a video call in the middle of a concert where there is massive 5ghz and 2ghz interference and cell service is also overloaded. What would you do?
Universal Service Fund Administration Testing
Here’s the video:(if you don’t see it, hit refresh)