From 4bf73677a257f5d6f7559afc266507ee408ebb0f Mon Sep 17 00:00:00 2001 From: Colin McCarthy Date: Sat, 9 May 2020 19:18:21 -0400 Subject: [PATCH 1/2] added logging and ntp audit playbooks --- .../vars/main/network/configlet_logging.yml | 20 +++++++++++++++++++ .../vars/main/network/configlet_ntp.yml | 20 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 roles/install_demo/vars/main/network/configlet_logging.yml create mode 100644 roles/install_demo/vars/main/network/configlet_ntp.yml diff --git a/roles/install_demo/vars/main/network/configlet_logging.yml b/roles/install_demo/vars/main/network/configlet_logging.yml new file mode 100644 index 0000000..1be874b --- /dev/null +++ b/roles/install_demo/vars/main/network/configlet_logging.yml @@ -0,0 +1,20 @@ +--- +configlet_logging: + author: "Colin McCarthy" + category: network + name: "Cisco IOS logging config audit/remediation" + description: "Cisco IOS logging config audit/remediation" + job_type: "run" + inventory: "Workshop Inventory" + playbook: configlet_logging.yml + credential: "Workshop Credential" + survey_enabled: false + fact_caching_enabled: true + project: + name: "Ansible official demo project" + description: "prescriptive demos from Red Hat Management Buisness Unit" + organization: "Default" + scm_type: git + scm_url: "https://github.com/ansible/product-demos" + workshop_type: + - network diff --git a/roles/install_demo/vars/main/network/configlet_ntp.yml b/roles/install_demo/vars/main/network/configlet_ntp.yml new file mode 100644 index 0000000..bab86d8 --- /dev/null +++ b/roles/install_demo/vars/main/network/configlet_ntp.yml @@ -0,0 +1,20 @@ +--- +configlet_ntp: + author: "Colin McCarthy" + category: network + name: "Cisco IOS ntp config audit/remediation" + description: "Cisco IOS ntp config audit/remediation" + job_type: "run" + inventory: "Workshop Inventory" + playbook: configlet_ntp.yml + credential: "Workshop Credential" + survey_enabled: false + fact_caching_enabled: true + project: + name: "Ansible official demo project" + description: "prescriptive demos from Red Hat Management Buisness Unit" + organization: "Default" + scm_type: git + scm_url: "https://github.com/ansible/product-demos" + workshop_type: + - network From 137a1d834f588fc152e5de40c7c0f2eb161161e4 Mon Sep 17 00:00:00 2001 From: Colin McCarthy Date: Sat, 9 May 2020 19:20:24 -0400 Subject: [PATCH 2/2] added logging and ntp audit playbooks --- playbooks/network/configlet_logging.yml | 33 ++++++++++++++++++++++ playbooks/network/configlet_ntp.yml | 37 +++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 playbooks/network/configlet_logging.yml create mode 100644 playbooks/network/configlet_ntp.yml diff --git a/playbooks/network/configlet_logging.yml b/playbooks/network/configlet_logging.yml new file mode 100644 index 0000000..2b05f24 --- /dev/null +++ b/playbooks/network/configlet_logging.yml @@ -0,0 +1,33 @@ +--- +- hosts: ios + gather_facts: no + + vars: + + log_servers: + - logging 10.10.10.10 + - logging 10.10.10.11 + + + tasks: + + - name: "GET CONFIG" + ios_command: + commands: + - show running-config full | include logging [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ + register: log + + - name: RUN 'Set Logging' + ios_config: + commands: "{{ item }}" + loop: "{{ log_servers }}" + register: set_logging + + - debug: var=log.stdout_lines + + - name: RUN 'Remove Logging' + ios_config: + commands: "no {{ item }}" + when: "(log.stdout_lines[0][0] != '') and (item not in log_servers)" + loop: "{{ log.stdout_lines[0] }}" + register: remove_logging diff --git a/playbooks/network/configlet_ntp.yml b/playbooks/network/configlet_ntp.yml new file mode 100644 index 0000000..63f7f99 --- /dev/null +++ b/playbooks/network/configlet_ntp.yml @@ -0,0 +1,37 @@ +--- +- hosts: ios + gather_facts: no + + + vars: + + ntp_servers: + - ntp server 10.10.10.13 + - ntp server 10.10.10.14 + + + + tasks: + + - name: "GET CONFIG" + ios_command: + commands: + - "show running-config full | include ntp server" + register: get_config + + - debug: var=get_config.stdout_lines + + - name: RUN 'Set NTP' + with_items: "{{ ntp_servers }}" + ios_config: + lines: + - "{{ item }}" + register: set_ntp + + - name: RUN 'Remove NTP' + when: "(get_config.stdout_lines[0][0] != '') and (item not in ntp_servers)" + with_items: "{{ get_config.stdout_lines[0] }}" + register: remove_ntp + ios_config: + lines: + - "no {{ item }}"