Creates a compliance report for network devices . In this example if a device's version, NTP, AAA or Syslog doesn't match what is configured in the variables then it will be highlighted in the report. This role is configured to only send reports to Confluence and Mattermost at this time.
- In the network_compliance_report/vars folder is main.yml and within that is the version and server variables.
- The server, Confluence and Mattermost variables are found in defaults/main.yml
- If there is not a task for your OS you can create one, just make sure you follow the structure of the other devices to ensure a uniform variable set.
- If you are setting the tokens as variables(recommended) then make sure to remove confluence_token and mattermost_token from defaults/main.yml
- Confluence is assumed to be the Atlassian hosted solution, you may have to modify the URI call if its an on-premise device.
---
- name: Build Network Compliance Report
hosts: all
gather_facts: False
roles:
- network_compliance_report
The playbook has 2 templates for Confluence and Mattermost depending if you pass in an entire inventory or if you do a limit.
- all: Will loop through all groups in the inventory except for All and Ungrouped. Make sure each device has its OS task otherwise it will error out
- limit: Will loop through only the groups in the ansible_limit specified at runtime
There are currently 2 ways to create a report, Mattermost and Confluence. Below are the required variables for each and where they should be placed.
I strongly recommend vaulting the API tokens! In Ansible Tower use a Custom Credential Type Please see step 5 in notes and make sure you remove these if you set them as vars, though exta-vars injected at runtime will take precedence over role vars.
These should be placed in vars/main.yml
Specifies the desired version for the devices to run. Ansible will compare this version to the current version to determine if it's compliant.
Examples:
- asa_version: "9.8(4)26"
- eos_version: "4.24.1.1F"
- f5_version: "15.1.0.2"
- ios_version: "16.12.03"
- panos_version: "9.0.0"
These should be placed in vars/main.yml
- aaa_servers: List of AAA servers to check against
- snmp_servers: List of SNMP servers to check against
- ntp_servers: List of NTP servers to check against
- syslog_servers: List of Syslog servers to check against
- dns_servers: List of DNS servers to check against
These should be placed in defaults/main.yml
- enable_mattermost: (yes/no) Includes the Mattermost tasks
- mattermost_url: the url for the mattermost instance
- mattermost_token: the api token for the mattermost instance
- mattermost_channel: the channel to send the message to
These should be placed in defaults/main.yml
- enable_confluence: (yes/no) Includes the Confluence tasks
- confluence_url: Base URL for confluence (myconfluence.atlassian.com)
- confluence_user: Username for Confluence
- confluence_token: API Token for Confluence
- confluence_title: Title of the page to create
- confluence_space: This is the space that the page will be created (E.G. Network, Dev, etc)
Devices not matching the variables for each check will exhibit an ! if the version is off or X if the servers are missing.
Red Hat® Ansible® Automation consists of three products:
-
Red Hat® Ansible® Tower: Built for operationalizing and scaling automation, managing complex deployments and speeding up productivity. Extend the power of Ansible Tower with Workflows and Surveys to streamline jobs and simple tools to share solutions with your team.
-
Red Hat® Ansible® Engine: a fully supported product built on the foundational capabilities of the Ansible project. Also provides support for select modules including Infoblox.
-
Red Hat® Ansible® Network Automation: provides support for select networking modules from Arista (EOS), Cisco (IOS, IOS XR, NX-OS), Juniper (JunOS), Open vSwitch, and VyOS. Includes Ansible Tower, Ansible Engine, and curated content specifically for network use cases.