Merge branch 'cic_changes' into 'main'

Cic changes See merge request !2

Merge branch 'cic_changes' into 'main'
bb6eef8a · Aleksandr Kurbatov · c722cef1 · 89314bd6 · bb6eef8a · bb6eef8a
Commit bb6eef8a authored 1 year ago by Aleksandr Kurbatov
--- a/geant/ops_ansible/CHANGELOG.md
+++ b/geant/ops_ansible/CHANGELOG.md
-# Changelog
-## 1.0.4 2023-08-04
- Changes in the role 'cic_generic':
-    - Added support for fixing a stanza: a new verb 'fix' to work with the fix_template.
-    - Added support for Junos 'system_login' stanza.
-## 1.0.3 2023-08-02
- Added cic_generic role to manage the test of arbitrary templates against the network.
- Config push strategy is now template-dependant: you should decide if you want a replace or a merge
- Added email generation for test runs that generates differences
+Changelog
+=========
+1.0.5 2023-10-20
+
+Changes in the role 'cic_generic':
+
+- system_login stanza is in the 'replace' mode.
+- Added support for system_dns stanza in 'replace' mode.
+- Code cleanup.
+
+
+1.0.4 2023-08-04
+
+Changes in the role 'cic_generic':
+
+Added support for fixing a stanza: a new verb 'fix' to work with the fix_template.
+Added support for Junos 'system_login' stanza.
+
+
+
+1.0.3 2023-08-02
+
+Added cic_generic role to manage the test of arbitrary templates against the network.
+Config push strategy is now template-dependant: you should decide if you want a replace or a merge
+Added email generation for test runs that generates differences
--- a/geant/ops_ansible/roles/cic_generic/tasks/main.yml
+++ b/geant/ops_ansible/roles/cic_generic/tasks/main.yml
@@ -21,6 +21,30 @@
  ansible.builtin.debug:
    msg: "{{ opid }}"

+- name: Merge system login user vars
+  merge_vars:
+    suffix_to_merge: users__to_merge
+    merged_var_name: system_login_users
+    expected_type: 'list'
+
+- name: Merge system login classes vars
+  merge_vars:
+    suffix_to_merge: classes__to_merge
+    merged_var_name: system_login_classes
+    expected_type: 'list'
+
+- name: Merge snmp communities vars
+  merge_vars:
+    suffix_to_merge: snmp_communities__to_merge
+    merged_var_name: snmp_communities
+    expected_type: 'list'
+
+- name: Merge prefix lists
+  merge_vars:
+    suffix_to_merge: prefix_lists__to_merge
+    merged_var_name: po_prefixlists
+    expected_type: 'list'
+
 - name: Include compiling the template
  ansible.builtin.include_tasks: compile_template.yaml
  when: (verb in verbs)
@@ -28,3 +52,7 @@
 - name: Include the test tasks if specified
  ansible.builtin.include_tasks: test_template.yaml
  when: verb == "test"
+
+- name: Include the Fix tasks if specified
+  ansible.builtin.include_tasks: fix_template.yaml
+  when: verb == "fix"
--- a/geant/ops_ansible/roles/cic_generic/tasks/test_template.yaml
+++ b/geant/ops_ansible/roles/cic_generic/tasks/test_template.yaml
 ---
- name: Verify "{{ config_object }}" [CHECK ONLY]
+### This task will fail if commit-check fails
+- name: Test "{{ config_object }}" [CHECK ONLY]
  juniper_junos_config:
    load: "{{ config_objects[config_object].strategy }}"
    src: "/var/tmp/ansible_run_{{ opid }}/{{ config_object }}.conf"
@@ -10,13 +11,21 @@
  register: response
  when: verb == "test" and (dry_run | ansible.builtin.bool)

+### This task never fails. It only shows differences if ther are any
+### but commit-check in the previous task should succeed
 - name: Show DRY diff of "{{ config_object }}"
  ansible.builtin.debug:
    msg: "{{ response }}"
  when: verb == "test" and (dry_run | ansible.builtin.bool) and (response.changed | ansible.builtin.bool)

+# ### This task will artificially fail if there is config that needs to be added or removed
+# - name: Fail if there are diffs
+#   ansible.builtin.fail:
+#     msg: "Running configuration is not the same as the intended"
+#   when: response.changed == true
+
 - name: Send an e-mail using Geant SMTP servers
-  community.general.notification.mail:
+  community.general.mail:
    host: "{{ cic_alerts_mail_host }}"
    port: "{{ cic_alerts_smtp_port }}"
    sender: "{{ cic_alerts_sender }}"

--- a/geant/ops_ansible/roles/cic_generic/templates/system_dns.j2
+++ b/geant/ops_ansible/roles/cic_generic/templates/system_dns.j2
+system {
+{% if system_name_servers is defined %}
+  {% if system_name_servers|length > 1 %}
+  replace: name-server {
+  {%- for name_server in system_name_servers %}
+    {{ name_server }};
+    {%- endfor %}
+  }
+{% else %}
+  {%- for name_server in system_name_servers %}
+  replace: name-server {{ name_server }};
+  {% endfor %}
+  {% endif %}
+ {% endif %}
+}
--- a/geant/ops_ansible/roles/cic_generic/templates/system_login.j2
+++ b/geant/ops_ansible/roles/cic_generic/templates/system_login.j2
@@ -70,6 +70,7 @@ replace: login {
      {% endfor %}
      }
    {% endif %}
+    message "----------------------------------------------------------------\n\n This is {{ inventory_hostname }} a GEANT Router in {{ site_city }}, {{ site_country }}.\n Warning: Unauthorized access to this equipment is strictly forbidden and will lead to prosecution \n\n-------------------------------------------------------------\n";
 }
 }

--- a/geant/ops_ansible/roles/cic_generic/vars/main.yml
+++ b/geant/ops_ansible/roles/cic_generic/vars/main.yml
@@ -25,4 +25,6 @@ config_objects:
  system_ntp:
    strategy: replace
  system_login:
-    strategy: merge
+    strategy: replace
+  system_dns:
+    strategy: replace
--- a/geant/ops_ansible/roles/manage_global_prefix_lists/tasks/main.yml
+++ b/geant/ops_ansible/roles/manage_global_prefix_lists/tasks/main.yml
@@ -49,7 +49,7 @@
  when: verb == "deploy" and ( dry_run | ansible.builtin.bool )

 - name: Send an e-mail using Geant SMTP servers
-  community.general.notification.mail:
+  community.general.mail:
    host: "{{ cic_alerts_mail_host }}"
    port: "{{ cic_alerts_smtp_port }}"
    sender: "{{ cic_alerts_sender }}"