This repository contains the network.acls
Ansible Collection.
-
Ansible Network Acls Collection contains the role that provides a platform-agnostic way of managing acls resources. This collection provides the user the capabilities to gather, deploy, remediate, configure and perform health checks for network acls resources.
-
Network Acls collection can be used by anyone who is looking to manage and maintain acls resources. This includes system administrators and IT professionals.
- Requires Ansible
- Requires Content Collections
- Testing Requirements
- Users also need to include platform collections as per their requirements. The supported platform collections are:
To consume this Validated Content from Automation Hub, the following needs to be added to ansible.cfg:
[galaxy]
server_list = automation_hub
[galaxy_server.automation_hub]
url=https://console.redhat.com/api/automation-hub/content/published/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=<SuperSecretToken>
Get the required token from the Automation Hub Web UI.
With this configured, simply run the following commands:
ansible-galaxy collection install network.base
ansible-galaxy collection install network.acls
Build Brownfield Inventory
: This enables users to fetch the YAML structured resource module facts for acls resources like acls and acls_interfaces and save them as host_vars to a local or remote data store which could be used as a single SOT for other operations.Acls Resource Management
: Users want to be able to manage the acls and acl_interfaces configurations. This also includes the enablement of gathering facts, updating acls resource host-vars, and deploying config onto the appliance.Acls Health Checks
: Users want to be able to perform health checks for acls applications. These health checks should be able to provide the acls configuration status with the necessary details.- Detect Drift and remediate: This enables users to detect any drift between the provided config and running-config and if required then override the running config.
This platform-agnostic role enables the user to perform acls health checks. Users can perform the following health checks:
available_acls
details
missing_acls
unassigned_acls
- This role enables users to create a runtime brownfield inventory with all the acls configurations regarding host vars. These host vars are ansible facts gathered through the *_acls and *_acl_interfaces network resource modules. The tasks offered by this role can be observed below:
- Health Checks operation fetches the current status of acls configuration health.
- This can also include the details about the acls available, missing (not configured), and unassigned acls.
health_checks.yml
---
- name: Perform health checks
hosts: rtr1
gather_facts: false
tasks:
- name: Acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: health_check
- Persist operation fetches the acls and acls_interfaces facts and stores them as host vars. The result of a successful Persist operation would be host_vars having YAML formatted resource facts.
- These host_vars could exist locally or even be published to a remote repository acting as SOT for operations like deploy, remediate, detect, etc.
- name: Persist the facts into host vars
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: persist
data_store:
local: "~/backup/network"
- name: Persist the facts into remote data_store which is a github repository
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: persist
persist_empty: false
data_store:
scm:
origin:
url: "{{ your_github_repo }}"
token: "{{ github_access_token }}"
user:
name: "{{ ansible_github }}"
email: "{{ your_email@example.com }}"
- The gather operation gathers the running configuration specific to acls, acl_interfaces resources and displays these facts in YAML formatted structures.
- name: Display acls resources in a structured format
hosts: rtr1
gather_facts: false
tasks:
- name: Acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: gather
- Deploy operation will read the facts from the provided/default or remote inventory and deploy the changes onto the appliances.
- name: Deploy changes
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: deploy
data_store:
local: "~/backup/network"
- name: retrieve config from github repo and deploy changes
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: deploy
persist_empty: false
data_store:
scm:
origin:
url: "{{ your_github_repo }}"
token: "{{ github_access_token }}"
user:
name: "{{ ansible_github }}"
email: "{{ your_email@example.com }}"
- Detect operation will read the facts from the local provided/default inventory and detect if any configuration diff exists w.r.t running-config.
- name: Configuration drift detection
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
ansible.builtin.include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: detect
data_store:
local: "~/backup/network"
- Detect operation will read the facts from the GitHub repository inventory and detect if any configuration diff exists w.r.t running-config.
- name: Configuration drift detection
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: detect
data_store:
scm:
origin:
url: "{{ your_github_repo }}"
token: "{{ github_access_token }}"
user:
name: "{{ ansible_github }}"
email: "{{ your_email@example.com }}"
The remediate operation will read the facts from the locally provided/default inventory and remediate if any configuration changes are there on the appliances using the overridden state.
- name: Remediate configuration
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: remediate
data_store:
local: "~/backup/network"
The remediate operation will read the facts from the Github repository and remediate if any configuration changes are there on the appliances using the overridden state.
- name: Remediate configuration
hosts: rtr1
gather_facts: false
tasks:
- name: Network acls Manager
include_role:
name: network.acls.run
vars:
ansible_network_os: cisco.ios.ios
operations:
- name: remediate
data_store:
scm:
origin:
url: "{{ your_github_repo }}"
token: "{{ github_access_token }}"
user:
name: "{{ ansible_github }}"
email: "{{ your_email@example.com }}"
The project uses tox to run ansible-lint
and ansible-test sanity
.
Assuming this repository is checked out in the proper structure,
e.g. collections_root/ansible_collections/network/acls
, run:
tox -e ansible-lint
tox -e py39-sanity
To run integration tests, ensure that your inventory has a network_base
group.
Depending on what test target you are running, comment out the host(s).
[network_hosts]
ios
junos
[ios:vars]
< enter inventory details for this group >
[junos:vars]
< enter inventory details for this group >
ansible-test network-integration -i /path/to/inventory --python 3.9 [target]
We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against this repository.
Don't know how to start? Refer to the Ansible community guide!
Want to submit code changes? Take a look at the Quick-start development guide.
We also use the following guidelines:
This collection follows the Ansible project's Code of Conduct. Please read and familiarize yourself with this document.
Release notes are available here.
- Developing network resource modules
- Ansible Networking docs
- Ansible Collection Overview
- Ansible Roles overview
- Ansible User guide
- Ansible Developer guide
- Ansible Community Code of Conduct
GNU General Public License v3.0 or later.
See LICENSE to see the full text.