Last active
December 18, 2021 01:24
-
-
Save dgengtek/4471642fa4e5e46e2f9056b41fd1a63a to your computer and use it in GitHub Desktop.
edgeos role example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
delete firewall | |
delete system config-management | |
delete system domain-search | |
delete system flow-accounting | |
delete system flow-analysis | |
delete system ntp | |
delete system syslog | |
delete traffic-policy | |
delete zone-policy | |
set system host-name {{ edgeos_fqdn }} | |
set system domain-search domain {{ edgeos_domain_search }} | |
set system name-server {{ edgeos_name_server }} | |
set system gateway-address {{ edgeos_gateway_address }} | |
set system ipv6 disable | |
set system ipv6 disable-forwarding | |
set system syslog host log facility all level notice | |
set system time-zone Europe/Berlin | |
{% from 'macros.j2' import set_rule,set_rule_boolean with context %} | |
{% for ethernet, options in edgeos_ethernet | dictsort() %} | |
set interfaces ethernet {{ ethernet }} description "{{ options.description }}" | |
set interfaces ethernet {{ ethernet }} duplex {{ options.duplex }} | |
set interfaces ethernet {{ ethernet }} speed {{ options.speed }} | |
{% for addr in options.address %} | |
set interfaces ethernet {{ ethernet }} address {{ addr }} | |
{% endfor %} | |
{% endfor %} | |
set interfaces loopback {{ edgeos_loopback }} | |
{% for switch, options in edgeos_switch | dictsort() %} | |
{% for option, value in options.items() %} | |
set interfaces switch {{ switch }} {{ option }} {{ value }} | |
{% endfor %} | |
{% endfor %} | |
{% for route in edgeos_static_routes %} | |
set protocols static route {{ route.route }} next-hop {{ route.gateway }} description "{{ route.description | default('') }}" | |
set protocols static route {{ route.route }} next-hop {{ route.gateway }} distance {{ route.distance }} | |
{% endfor %} | |
{% for igmp in edgeos_igmp_proxy %} | |
set protocols igmp-proxy interface {{ igmp.interface }} threshold {{ igmp.threshold }} | |
set protocols igmp-proxy interface {{ igmp.interface }} role {{ igmp.role }} | |
{% if igmp.alt_subnet is defined %} | |
set protocols igmp-proxy interface {{ igmp.interface }} alt-subnet {{ igmp.alt_subnet }} | |
{% endif %} | |
{% endfor %} | |
{% for interface in edgeos_dhcp_relay.interfaces %} | |
set service dhcp-relay interface {{ interface }} | |
{% endfor %} | |
set service dhcp-relay server {{ edgeos_dhcp_relay.server }} | |
{% for command in edgeos_commands_options %} | |
{{ command }} | |
{% endfor %} | |
{% include "config_firewall.j2" %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% for key, values in edgeos_address_group | dictsort() %} | |
{% for address in values.address %} | |
set firewall group address-group {{ key }} address {{ address }} | |
{% endfor %} | |
set firewall group address-group {{ key }} description "{{ values.description | default('') }}" | |
{% endfor %} | |
{% for key, values in edgeos_network_group | dictsort() %} | |
{% for address in values.address %} | |
set firewall group network-group {{ key }} network {{ address }} | |
{% endfor %} | |
set firewall group network-group {{ key }} description "{{ values.description | default('') }}" | |
{% endfor %} | |
{% for key, values in edgeos_port_group | dictsort() %} | |
{% for port in values.ports %} | |
set firewall group port-group {{ key }} port {{ port }} | |
{% endfor %} | |
set firewall group port-group {{ key }} description "{{ values.description | default('') }}" | |
{% endfor %} | |
{% for fw, options in edgeos_fw.items() %} | |
{% if options.description is defined %} | |
set firewall name {{ fw }} description "{{ options.description }}" | |
{% endif %} | |
set firewall name {{ fw }} default-action {{ options.default_action }} | |
{% if options.enable_default_log is defined and options.enable_default_log %} | |
set firewall name {{ fw }} enable-default-log | |
{% endif %} | |
{% for rule in options.rules %} | |
{% with %} | |
{% set loop_index= loop.index %} | |
{% include "config_rule.j2" with context %} | |
{% endwith %} | |
{% endfor %} | |
{% endfor %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% from 'macros.j2' import set_rule,set_rule_boolean with context %} | |
set firewall name {{ fw }} rule {{ loop_index }} action {{ rule.action | default('drop') }} | |
{% if rule.description is defined %} | |
set firewall name {{ fw }} rule {{ loop_index }} description "{{ rule.description }}" | |
{% endif %} | |
{{ set_rule_boolean(rule, 'established', loop_index, fw, 'state established')}} | |
{{ set_rule_boolean(rule, 'related', loop_index, fw, 'state related')}} | |
{{ set_rule_boolean(rule, 'new', loop_index, fw, 'state new')}} | |
{{ set_rule_boolean(rule, 'invalid', loop_index, fw, 'state invalid')}} | |
{{ set_rule_boolean(rule, 'log', loop_index, fw, 'log')}} | |
{{ set_rule(rule, 'protocol', loop_index, fw, 'protocol')}} | |
{{ set_rule(rule, 'destination_address', loop_index, fw, 'destination address')}} | |
{{ set_rule(rule, 'destination_port', loop_index, fw, 'destination port')}} | |
{{ set_rule(rule, 'destination_port_group', loop_index, fw, 'destination group port-group')}} | |
{{ set_rule(rule, 'destination_network_group', loop_index, fw, 'destination group network-group')}} | |
{{ set_rule(rule, 'destination_address_group', loop_index, fw, 'destination group address-group')}} | |
{{ set_rule(rule, 'source_address', loop_index, fw, 'source address')}} | |
{{ set_rule(rule, 'source_mac_address', loop_index, fw, 'source mac-address')}} | |
{{ set_rule(rule, 'source_port', loop_index, fw, 'source port')}} | |
{{ set_rule(rule, 'source_port_group', loop_index, fw, 'source group port-group')}} | |
{{ set_rule(rule, 'source_network_group', loop_index, fw, 'source group network-group')}} | |
{{ set_rule(rule, 'source_address_group', loop_index, fw, 'source group address-group')}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
edgeos_role_enabled: True | |
edgeos_backup: True | |
edgeos_config_template: config.j2 | |
edgeos_config_save: True | |
edgeos_config_comment: "ansible managed via edgeos_config" | |
edgeos_config_match: "none" | |
edgeos_address_group: {} | |
#hDHCP: | |
#description: "DHCP Server" | |
#address: | |
edgeos_network_group: {} | |
#intranet_broadcast: | |
#address: | |
edgeos_port_group: {} | |
#buildbot: | |
#ports: | |
#- 8010 | |
#- 5000 | |
edgeos_commands_options: [] | |
edgeos_commands: [] | |
edgeos_fw: {} | |
# fw-name: | |
# description: "dmz to fw" | |
# default-action: drop | |
# enable_default_log: True | |
# rules: | |
# - action: accept | |
# established: True | |
# related: True | |
# invalid: False | |
# new: False | |
# | |
# states: established, new, invalid, related | |
edgeos_ethernet: {} | |
#eth0: | |
#address: | |
#- 192.168.1.2/24 | |
#description: wan | |
#duplex: auto | |
#speed: auto | |
edgeos_loopback: lo | |
edgeos_switch: {} | |
#switch0: | |
#mtu: 1500 | |
edgeos_static_routes: [] | |
#- route: "192.168.99.1/32" | |
#gateway: 192.168.10.2 | |
#description: "vpn-gateway" | |
#distance: 1 | |
edgeos_igmp_proxy: [] | |
#- interface: eth0 | |
#alt_subnet: 0.0.0.0 | |
#role: upstream | |
#threshold: 1 | |
edgeos_dhcp_relay: {} | |
#server: 1.1.1.1 | |
#interfaces: | |
#- eth1 | |
#- eth4 | |
edgeos_domain_search: "<domain>" | |
edgeos_fqdn: "<domain>" | |
edgeos_gateway_address: 192.168.1.1 | |
edgeos_name_server: 127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% macro set_rule(rule, key, index, firewall, context) %} | |
{% if key in rule %} | |
set firewall name {{ firewall }} rule {{ index }} {{ context }} {{ rule.get(key) }} | |
{% endif %} | |
{% endmacro %} | |
{% macro set_rule_boolean(rule, key, index, firewall, context) %} | |
{% if key in rule and rule.get(key) %} | |
set firewall name {{ firewall }} rule {{ index }} {{ context }} enable | |
{% endif %} | |
{% endmacro %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Test template | |
template: | |
src: "{{ edgeos_config_template }}" | |
dest: "/tmp/{{ ansible_hostname }}_config" | |
delegate_to: localhost | |
- name: Deploy configuration | |
edgeos_config: | |
src: "{{ edgeos_config_template }}" | |
backup: "{{ edgeos_backup }}" | |
save: "{{ edgeos_config_save }}" | |
comment: "{{ edgeos_config_comment }}" | |
# match: "{{ edgeos_config_match }}" | |
register: _result | |
- name: Show filtered config | |
debug: | |
msg: "{{ _result.filtered }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment