Skip to content
Snippets Groups Projects
Commit 7251d738 authored by ak@geant.org's avatar ak@geant.org
Browse files

changes in the role cic_generic: replacing system-login and replacing system-dns stanzas

parent 8f8e94ce
No related branches found
No related tags found
2 merge requests!2Cic changes,!1Cic changes
Pipeline #84226 failed
......@@ -14,4 +14,5 @@
- name: Show diff of "{{ config_object }}"
ansible.builtin.debug:
msg: "{{ response }}"
when: verb == "fix" and not (dry_run | ansible.builtin.bool)
when: verb == "fix" and not (dry_run | ansible.builtin.bool)
......@@ -9,7 +9,7 @@
when: ((verb is not defined) or (config_object is not defined)) or (verb not in verbs) or (config_object not in config_objects.keys())
- name: Fail if arguments are not correct
ansible.builtin.meta: end_play
meta: end_play
when: ((verb is not defined) or (config_object is not defined)) or (verb not in verbs) or (config_object not in config_objects.keys())
- name: Set an ID for this run
......@@ -21,10 +21,39 @@
ansible.builtin.debug:
msg: "{{ opid }}"
- name: Merge system login user vars
merge_vars:
suffix_to_merge: users__to_merge
merged_var_name: system_login_users
expected_type: 'list'
- name: Merge system login classes vars
merge_vars:
suffix_to_merge: classes__to_merge
merged_var_name: system_login_classes
expected_type: 'list'
- name: Merge snmp communities vars
merge_vars:
suffix_to_merge: snmp_communities__to_merge
merged_var_name: snmp_communities
expected_type: 'list'
- name: Merge prefix lists
merge_vars:
suffix_to_merge: prefix_lists__to_merge
merged_var_name: po_prefixlists
expected_type: 'list'
- name: Include compiling the template
ansible.builtin.include_tasks: compile_template.yaml
include_tasks: compile_template.yaml
when: (verb in verbs)
- name: Include the test tasks if specified
ansible.builtin.include_tasks: test_template.yaml
include_tasks: test_template.yaml
when: verb == "test"
- name: Include the test tasks if specified
include_tasks: fix_template.yaml
when: verb == "fix"
---
- name: Verify "{{ config_object }}" [CHECK ONLY]
### This task will fail if commit-check fails
- name: Test "{{ config_object }}" [CHECK ONLY]
juniper_junos_config:
load: "{{ config_objects[config_object].strategy }}"
src: "/var/tmp/ansible_run_{{ opid }}/{{ config_object }}.conf"
......@@ -8,20 +9,28 @@
check: true
commit: false
register: response
when: verb == "test" and (dry_run | ansible.builtin.bool)
when: verb == "test" and dry_run | ansible.builtin.bool
### This task never fails. It only shows differences if ther are any
### but commit-check in the previous task should succeed
- name: Show DRY diff of "{{ config_object }}"
ansible.builtin.debug:
msg: "{{ response }}"
when: verb == "test" and (dry_run | ansible.builtin.bool) and (response.changed | ansible.builtin.bool)
when: verb == "test" and dry_run | ansible.builtin.bool and response.changed == true
# ### This task will artificially fail if there is config that needs to be added or removed
# - name: Fail if there are diffs
# ansible.builtin.fail:
# msg: "Running configuration is not the same as the intended"
# when: response.changed == true
- name: Send an e-mail using Geant SMTP servers
community.general.notification.mail:
mail:
host: "{{ cic_alerts_mail_host }}"
port: "{{ cic_alerts_smtp_port }}"
sender: "{{ cic_alerts_sender }}"
to: "{{ cic_alerts_recipient }}"
subject: "Config Integrity Check failed for {{ inventory_hostname }} on {{ config_object }}"
subject: "Config Integrity Check failed for {{ inventory_hostname }} on {{ config_object }}"
body: "{{ lookup('ansible.builtin.template', 'mail_body.j2') }}"
delegate_to: localhost
when: (response.changed | ansible.builtin.bool) and (send_email | ansible.builtin.bool)
when: response.changed == true and (send_email | ansible.builtin.bool) == true
system {
{% if system_name_servers is defined %}
{% if system_name_servers|length > 1 %}
replace: name-server {
{%- for name_server in system_name_servers %}
{{ name_server }};
{%- endfor %}
}
{% else %}
{%- for name_server in system_name_servers %}
replace: name-server {{ name_server }};
{% endfor %}
{% endif %}
{% endif %}
}
......@@ -70,6 +70,7 @@ replace: login {
{% endfor %}
}
{% endif %}
message "----------------------------------------------------------------\n\n This is {{ inventory_hostname }} a GEANT Router in {{ site_city }}, {{ site_country }}.\n Warning: Unauthorized access to this equipment is strictly forbidden and will lead to prosecution \n\n-------------------------------------------------------------\n";
}
}
......@@ -25,4 +25,6 @@ config_objects:
system_ntp:
strategy: replace
system_login:
strategy: merge
strategy: replace
system_dns:
strategy: replace
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment