From f2d88ba8a3fc192662af400c9eb0175ffcd02873 Mon Sep 17 00:00:00 2001 From: Philip DiLeo Date: Wed, 11 Nov 2015 10:51:28 -0500 Subject: [PATCH 1/2] Initial release --- LICENSE | 2 +- README.md | 187 +++++++++++++++++++++++++++++++++++++++++++- VERSION | 1 + defaults/main.yml | 3 + files/README.md | 1 + handlers/main.yml | 2 + meta/main.yml | 43 ++++++++++ tasks/main.yml | 65 +++++++++++++++ templates/README.md | 1 + vars/main.yml | 2 + 10 files changed, 304 insertions(+), 3 deletions(-) create mode 100644 VERSION create mode 100644 defaults/main.yml create mode 100644 files/README.md create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/README.md create mode 100644 vars/main.yml diff --git a/LICENSE b/LICENSE index 7acd895..3f32589 100644 --- a/LICENSE +++ b/LICENSE @@ -11,7 +11,7 @@ modification, are permitted provided that the following conditions are met: this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -* Neither the name of ansible-eos-route-control nor the names of its +* Neither the name of ansible-eos-mlag nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. diff --git a/README.md b/README.md index 4d97e8b..dad3d8e 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,185 @@ -# ansible-eos-route-control -Prebuilt Ansible Role to manage routing and access control policy configuration on your Arista EOS Device +Route Control Role for EOS +========================== + +The arista.eos-route-control role creates an abstraction for common EOS +routing policy configuration. This means that you do not need to write any ansible tasks. Simply create an object that matches the requirements below +and this role will ingest that object and perform the necessary configuration. + +This role is used to configure ACLs, Route-maps as well as static IPv4 routes. + +Installation +------------ + +``` +ansible-galaxy install arista.eos-route-control +``` + + +Requirements +------------ + +Requires the arista.eos role. If you have not worked with the arista.eos role, +consider following the [Quickstart][quickstart] guide. + +Role Variables +-------------- + +The tasks in this role are driven by the ``routemaps``, ``acls`` and +``ipv4_static_routes`` objects described below: + +**routemaps** (list) each entry contains the following keys: + +| Key | Type | Notes | +|------------:|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| name | string (required) | The name of the routemap to manage. | +| action | choices: [permit, deny] (required) | The action associated with the routemap name. | +| seqno | int (required) | The sequence number of the rule that this entry corresponds to. | +| description | string | The description for this routemap entry. | +| match | list | The list of match statements that define the routemap entry. The match statements should be a list of match statements without the word 'match' at the beginning of the string. | +| set | list | The list of set statements that define the routemap entry. The set statements should be a list of set statements without the word 'set' at the beginning of the string. | +| continue | int | The statement defines the next routemap clause to evaluate. | +| state | choices: [present*, absent] | Set the state for the routemap configuration. | + + +**acls** (list) each entry contains the following keys: + +| Key | Type | Notes | +|-------------:|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| name | string (required) | The name of the ACL to manage. | +| action | string (required) | The action associated with the ACL name. | +| seqno | int (required) | The sequence number of the rule that this entry corresponds to. | +| acltype | string (required) | The type of ACL to manage. Currently the only supported value for acltype is 'standard' | +| srcaddr | string (required) | The list of match statements that define the routemap entry. The match statements should be a list of match statements without the word 'match' at the beginning of the string. | +| srcprefixlen | string (required) | The statement defines the next routemap clause to evaluate. | +| log | boolean: true, false* | Enables or disables the log keyword | +| state | choices: present*, absent | Set the state for the ACL configuration. | + +**ipv4_static_routes** (list) each entry contains the following keys: + +| Key | Type | Notes | +|------------:|---------------------------|--------------------------------------------------------------------------------| +| ip_dest | string (required) | Destination IP address or network. | +| next_hop | string (required) | The next hop associated with the route. | +| next_hop_ip | string | IP address of the next router. Only valid when next_hop is an egress interface | +| distance | int | Distance designated for this route | +| route_name | string | Descriptive name for the route | +| tag | int | Tag assigned for the route | +| state | choices: present*, absent | Set the state for the route configuration. | + + + + +``` +Note: Asterisk (*) denotes the default value if none specified +``` + + +Dependencies +------------ + +The eos-route-control role utilizes modules distributed within the +arista.eos role. + +- arista.eos version 1.2.0 + +Example Playbook +---------------- + +The following example will use the arista.eos-route-control role to configure +a route-map, ACL and a static route. We'll create a +``hosts`` file with our switch, then a corresponding ``host_vars`` file and +then a simple playbook which only references the eos-route-control role. +By including the role, we automatically get access to all of the tasks +to configure these EOS features. What's nice about this is that if you have a +host without any corresponding configuration, the tasks will be skipped +without any issue. + + +Sample hosts file: + + [leafs] + leaf1.example.com + +Sample host_vars/leaf1.example.com + + routemaps: + - name: RM-1 + action: permit + seqno: 10 + description: My wonderful routemap + match: + - as 1000 + - source-protocol bgp + continue: 20 + - name: RM-1 + action: permit + seqno: 20 + description: My wonderful routemap + set: + - distance 50 + - tag 100 + + acls: + - name: ACL-1 + action: permit + seqno: 50 + description: My wonderful acl + type: standard + srcaddr: 10.10.10.10 + srcprefixlen: 32 + + ipv4_static_routes: + - ip_dest: 0.0.0.0/0 + next_hop: Management1 + next_hop_ip: 172.16.130.2 + route_name: Default + tag: 100 + + +A simple playbook, leaf.yml + + - hosts: leafs + roles: + - arista.eos-route-control + +Then run with: + + ansible-playbook -i hosts leaf.yml + +License +------- + +Copyright (c) 2015, Arista Networks EOS+ +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +* Neither the name of Arista nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Author Information +------------------ + +Please raise any issues using our GitHub repo or email us at ansible-dev@arista.com + +[quickstart]: http://ansible-eos.readthedocs.org/en/latest/quickstart.html diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..6e8bf73 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.1.0 diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..41c5718 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# defaults file +# these defaults will cause Ansible to skip all tasks diff --git a/files/README.md b/files/README.md new file mode 100644 index 0000000..475eebe --- /dev/null +++ b/files/README.md @@ -0,0 +1 @@ +# Placeholder for any files diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..214734c --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..0e7d2a2 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,43 @@ +# +# Copyright (c) 2015, Arista Networks, Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# Neither the name of Arista Networks nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ARISTA NETWORKS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +--- +galaxy_info: + author: EOS+ CS + description: Role for managing EOS ACLs, Routemaps and IPv4 static routing configuration + company: Arista + license: BSD-3 + min_ansible_version: 1.9 + categories: + - networking + +dependencies: + - arista.eos diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..efa7b16 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,65 @@ +--- +- name: Configure Arista EOS Routemaps + eos_routemap: + name={{ item.name|default(omit) }} + action={{ item.action|default(omit) }} + seqno={{ item.seqno|default(omit) }} + description="{{ item.description|default(omit) }}" + set="{{ item.set|default([])|sort(reverse=True)|join(',') or omit }}" + match="{{ item.match|default([])|sort|join(',') or omit }}" + continue={{ item.continue|default(omit) }} + state={{ item.state|default(omit) }} + config={{ eos_eapi_config|default(omit) }} + username={{ eos_eapi_username|default(omit) }} + password={{ eos_eapi_password|default(omit) }} + enablepwd={{ eos_eapi_enablepwd|default(omit) }} + transport={{ eos_eapi_transport|default(omit) }} + connection={{ eos_eapi_connection|default(omit) }} + host={{ eos_eapi_host|default(omit) }} + port={{ eos_eapi_port|default(omit) }} + debug={{ eos_debug|default(omit) }} + when: routemaps is defined + with_items: routemaps + +- name: Configure Arista EOS ACLs + eos_acl_entry: + name={{ item.name|default(omit) }} + action={{ item.action|default(omit) }} + seqno={{ item.seqno|default(omit) }} + acltype={{ item.type|default(omit) }} + srcaddr={{ item.srcaddr|default(omit) }} + srcprefixlen={{ item.srcprefixlen|default(omit) }} + log={{ item.log|default(omit) }} + state={{ item.state|default(omit) }} + config={{ eos_eapi_config|default(omit) }} + username={{ eos_eapi_username|default(omit) }} + password={{ eos_eapi_password|default(omit) }} + enablepwd={{ eos_eapi_enablepwd|default(omit) }} + transport={{ eos_eapi_transport|default(omit) }} + connection={{ eos_eapi_connection|default(omit) }} + host={{ eos_eapi_host|default(omit) }} + port={{ eos_eapi_port|default(omit) }} + debug={{ eos_debug|default(omit) }} + when: acls is defined + with_items: acls + +- name: Configure Arista EOS IPv4 Static Routes + eos_staticroute: + ip_dest={{ item.ip_dest|default(omit) }} + next_hop={{ item.next_hop|default(omit) }} + next_hop_ip={{ item.next_hop_ip|default(omit) }} + distance={{ item.distance|default(omit) }} + route_name={{ item.route_name|default(omit) }} + tag={{ item.tag|default(omit) }} + state={{ item.state|default(omit) }} + config={{ eos_eapi_config|default(omit) }} + username={{ eos_eapi_username|default(omit) }} + password={{ eos_eapi_password|default(omit) }} + enablepwd={{ eos_eapi_enablepwd|default(omit) }} + transport={{ eos_eapi_transport|default(omit) }} + connection={{ eos_eapi_connection|default(omit) }} + host={{ eos_eapi_host|default(omit) }} + port={{ eos_eapi_port|default(omit) }} + debug={{ eos_debug|default(omit) }} + when: ipv4_static_routes is defined + with_items: ipv4_static_routes diff --git a/templates/README.md b/templates/README.md new file mode 100644 index 0000000..c9c993b --- /dev/null +++ b/templates/README.md @@ -0,0 +1 @@ +# Placeholder for any templates diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..d683461 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file From cd41d08f3fbb4c21ba6aca3af510d194951ca1de Mon Sep 17 00:00:00 2001 From: Philip DiLeo Date: Wed, 11 Nov 2015 10:53:20 -0500 Subject: [PATCH 2/2] Update README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dad3d8e..0b25517 100644 --- a/README.md +++ b/README.md @@ -32,13 +32,13 @@ The tasks in this role are driven by the ``routemaps``, ``acls`` and | Key | Type | Notes | |------------:|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | name | string (required) | The name of the routemap to manage. | -| action | choices: [permit, deny] (required) | The action associated with the routemap name. | +| action | choices: permit, deny (required) | The action associated with the routemap name. | | seqno | int (required) | The sequence number of the rule that this entry corresponds to. | | description | string | The description for this routemap entry. | | match | list | The list of match statements that define the routemap entry. The match statements should be a list of match statements without the word 'match' at the beginning of the string. | | set | list | The list of set statements that define the routemap entry. The set statements should be a list of set statements without the word 'set' at the beginning of the string. | | continue | int | The statement defines the next routemap clause to evaluate. | -| state | choices: [present*, absent] | Set the state for the routemap configuration. | +| state | choices: present*, absent | Set the state for the routemap configuration. | **acls** (list) each entry contains the following keys: