This repository contains the network.acls
Ansible Collection.
The network.acls
enables users to manage the acls resources independent of platforms and perform acls health checks.
Tested with ansible-core >=2.14 releases.
To consume this Validated Content from Automation Hub, the following needs to be added to ansible.cfg
:
[galaxy]
server_list = automation_hub
[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=<SuperSecretToken>
Get the required token from the Automation Hub Web UI.
With this configured, simply run the following commands:
ansible-galaxy collection install network.base
ansible-galaxy collection install network.acls
Capabilities
Build Brownfield Inventory
: This enables users to fetch the YAML structured resource module facts for acls resources like acls and acls_interfaces and save them as host_vars to a local or remote data store which could be used as a single SOT for other operations.Acls Resource Management
: Users want to be able to manage the acls and acl_interfaces configurations. This also includes the enablement of gathering facts, updating acls resource host-vars, and deploying config onto the appliance.Acls Health Checks
: Users want to be able to perform health checks for acls applications. These health checks should be able to provide the acls configuration status with the necessary details.- Detect Drift and remediate: This enables users to detect any drift between the provided config and running-config and if required then override the running config.
This platform-agnostic role enables the user to perform acls health checks. Users can perform the following health checks:
available_acls
details
missing_acls
unassigned_acls
- This role enables users to create a runtime brownfield inventory with all the acls configurations regarding host vars. These host vars are ansible facts gathered through the *_acls and *_acl_interfaces network resource modules. The tasks offered by this role can be observed below:
- Health Checks operation fetches the current status of acls configuration health.
- This can also include the details about the acls available, missing (not configured), and unassigned acls.
health_checks.yml
---
- name: Perform health checks
hosts: rtr1
gather_facts: false
tasks:
- name: Acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: health_check
- Persist operation fetches the acls and acls_interfaces facts and stores them as host vars. The result of a successful Persist operation would be host_vars having YAML formatted resource facts.
- These host_vars could exist locally or even be published to a remote repository acting as SOT for operations like deploy, remediate, detect, etc.
- name: Persist the facts into host vars
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: persist
data_store:
local: "~/backup/network"
- name: Persist the facts into remote data_store which is a github repository
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: persist
persist_empty: false
data_store:
scm:
origin:
url: "{{ your_github_repo }}"
token: "{{ github_access_token }}"
user:
name: "{{ ansible_github }}"
email: "{{ your_email@example.com }}"
- The gather operation gathers the running configuration specific to acls, acl_interfaces resources and displays these facts in YAML formatted structures.
- name: Display acls resources in a structured format
hosts: rtr1
gather_facts: false
tasks:
- name: Acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: gather
- Deploy operation will read the facts from the provided/default or remote inventory and deploy the changes onto the appliances.
- name: Deploy changes
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: deploy
data_store:
local: "~/backup/network"
- name: retrieve config from github repo and deploy changes
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: deploy
persist_empty: false
data_store:
scm:
origin:
url: "{{ your_github_repo }}"
token: "{{ github_access_token }}"
user:
name: "{{ ansible_github }}"
email: "{{ your_email@example.com }}"
- Detect operation will read the facts from the local provided/default inventory and detect if any configuration diff exists w.r.t running-config.
- name: Configuration drift detection
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: detect
data_store:
local: "~/backup/network"
- Detect operation will read the facts from the GitHub repository inventory and detect if any configuration diff exists w.r.t running-config.
- name: Configuration drift detection
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: detect
data_store:
scm:
origin:
url: "{{ your_github_repo }}"
token: "{{ github_access_token }}"
user:
name: "{{ ansible_github }}"
email: "{{ your_email@example.com }}"
The remediate operation will read the facts from the locally provided/default inventory and remediate if any configuration changes are there on the appliances using the overridden state.
- name: Remediate configuration
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: remediate
data_store:
local: "~/backup/network"
The remediate operation will read the facts from the Github repository and remediate if any configuration changes are there on the appliances using the overridden state.
- name: Remediate configuration
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: remediate
data_store:
scm:
origin:
url: "{{ your_github_repo }}"
token: "{{ github_access_token }}"
user:
name: "{{ ansible_github }}"
email: "{{ your_email@example.com }}"
This collection follows the Ansible project's Code of Conduct. Please read and familiarize yourself with this document.
Release notes are available here.
GNU General Public License v3.0 or later.
See COPYING to see the full text.