Juniper Ansible collection for Junos

NOTE : The collection for Ansible is under development and changes are expected in the namespace/module implementation.
One may use it but it is recommended to currently use juniper.junos roles for professional implementation. Refer - https://github.com/Juniper/ansible-junos-stdlib/tree/roles for more info.

Juniper Ansible collection for Junos

The repo is under active development. If you take a clone, you are getting the latest, and perhaps not entirely stable code.

About

Juniper Networks supports Ansible for managing devices running the Junos operating system (Junos OS). This collection is hosted on the Ansible Galaxy website under the collection juniper.device. The juniper.device collection includes a set of Ansible modules that perform specific operational and configuration tasks on devices running Junos OS. These tasks include: installing and upgrading Junos OS, provisioning new Junos devices in the network, loading configuration changes, retrieving information, and resetting, rebooting, or shutting down managed devices. Please refer to the INSTALLATION section for instructions on installing this collection.

juniper.junos roles by Juniper Networks

Ansible galaxy is upgrading to collections and plans to deprecate roles in future. The master branch will now have juniper.device collection support. Juniper.junos roles have been moved to roles branch. For more information for roles, check: https://github.com/Juniper/ansible-junos-stdlib/tree/roles

Two Sets of Ansible Modules for Junos devices

Since Ansible version >= 2.1, Ansible also natively includes core modules for Junos. The Junos modules included in Ansible core have names which begin with the prefix junos_. The Junos modules included in this Juniper.device collection have names starting with module types. These two sets of Junos modules can coexist on the same Ansible control machine, and an Ansible play may invoke a module from either (or both) sets. Juniper Networks recommends using the modules in this collection when writing new playbooks that manage Junos devices.

Overview of Modules

This juniper.device collection includes the following modules:

command — Execute one or more CLI commands on a Junos device.
config — Manipulate the configuration of a Junos device.
facts — Retrieve facts from a Junos device.
jsnapy — Execute JSNAPy tests on a Junos device.
ping — Execute ping from a Junos device.
pmtud — Perform path MTU discovery from a Junos device to a destination.
rpc — Execute one or more NETCONF RPCs on a Junos device.
software — Install software on a Junos device.
srx_cluster — Add or remove SRX chassis cluster configuration.
system — Initiate operational actions on the Junos system.
table — Retrieve data from a Junos device using a PyEZ table/view.

PyEZ Version Requirement

For ansible collection juniper.device we will need to install junos-eznc(PyEZ) version 2.6.0 or higher.

Overview of Plugins

In addition to the modules listed above, a callback_plugin jsnapy is available for the module jsnapy.

The callback_plugin jsnapy helps to print on the screen additional information regarding jsnapy failed tests. For each failed test, a log will be printed after the RECAP of the playbook as shown in this example:

PLAY RECAP *********************************************************************
qfx10002-01                : ok=3    changed=0    unreachable=0    failed=1
qfx10002-02                : ok=3    changed=0    unreachable=0    failed=1
qfx5100-01                 : ok=1    changed=0    unreachable=0    failed=1

JSNAPy Results for: qfx10002-01 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "60021", "peer-state": "Idle", "peer-address": "192.168.0.1"}
Value of 'oper-status' not 'is-equal' at '//interface-information/physical-interface[normalize-space(admin-status)='up' and logical-interface/address-family/address-family-name ]' with {"oper-status": "down", "name": "et-0/0/18"}

JSNAPy Results for: qfx10002-02 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}

The jsnapy plugin is currently in Experimental stage, please provide feedback.

Callback plugins are not activated by default. They must be manually added to the Ansible configuration file under the [defaults] section using the variable callback_whitelist. Specifically, these lines should be added to the Ansible configuration file in order to allow the jsnapy callback plugin:

[defaults]
callback_whitelist = jsnapy

DOCUMENTATION

Official Juniper documentation (detailed information, including examples)

Ansible style documentation

INSTALLATION

You must have the DEPENDENCIES installed on your system. Check requirements.txt for the dependencies.

NOTICES

MacOS Mojave and newer

In MacOS Mojave and newer (>=10.14), ssh keys created with the system ssh-keygen are created using the newer 'OPENSSH' key format, even when specifying -t rsa during creation. This directly affects the usage of ssh keys, particularly when using the ssh_private_key_file. To create/convert/check keys, follow these steps:

Create a new RSA key: ssh-keygen -m PEM -t rsa -b 4096
Check existing keys: head -n1 ~/.ssh/some_private_key RSA keys will be -----BEGIN RSA PRIVATE KEY----- and OPENSSH keys will be -----BEGIN OPENSSH PRIVATE KEY-----
Convert an OPENSSH key to an RSA key: ssh-keygen -p -m PEM -f ~/.ssh/some_key

Ansible Galaxy collection

You can use the ansible-galaxy install command to install the latest version of the juniper.device collection.

sudo ansible-galaxy collection install juniper.device

You can also use the ansible-galaxy install command to install the latest development version of the junos role directly from GitHub.

sudo ansible-galaxy collection install git+https://github.com/Juniper/ansible-junos-stdlib.git#/ansible_collections/juniper/device

For more information visit - https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#specifying-the-location-to-search-for-collections

Git clone

For testing you can git clone this repo and run the env-setup script in the repo directory:

user@ansible-junos-stdlib> source env-setup

This will set your $ANSIBLE_LIBRARY variable to the repo location and the installed Ansible library path. For example:

$ echo $ANSIBLE_LIBRARY /home/jeremy/Ansible/ansible-junos-stdlib/library:/usr/share/ansible

Docker

To run this as a Docker container, which includes JSNAPy and PyEZ, simply pull it from the Docker hub and run it. The following will pull the latest image and run it in an interactive ash shell.

docker run -it --rm juniper/pyez-ansible

Although, you'll probably want to bind mount a host directory (perhaps the directory containing your playbooks and associated files). The following will bind mount the current working directory and start the ash shell.

docker run -it --rm -v $PWD:/project juniper/pyez-ansible

You can also use the container as an executable to run your playbooks. Let's assume we have a typical playbook structure as below:

example
|playbook.yml
|hosts
|-vars
|-templates
|-scripts

We can move to the example directory and run the playbook with the following command:

cd example/ docker run -it --rm -v $PWD:/playbooks juniper/pyez-ansible ansible-playbook -i hosts playbook.yml

You can pass any valid command string after the container name and it will be passed to Bash for execution.

You may have noticed that the base command is almost always the same. We can also use an alias to save some keystrokes.

alias pb-ansible="docker run -it --rm -v $PWD:/project juniper/pyez-ansible ansible-playbook" pb-ansible -i hosts playbook.yml

Extending the container with additional packages

It's possible to install additional OS (Alpine) packages, Python packages (via pip), and Ansible roles or collections at container instantiation. This can be done by passing in environment variables or bind mounting files.

OS Packages

Environment Variable: $APK Bind Mount: /extras/apk.txt File Format: list of valid Alpine packages, one per line Examples:

As an environment variable, where the file containing a list of packages is in the current directory.

docker run -it --rm -v $PWD:/project -e APK="apk.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/apk.txt:/extras/apk.txt juniper/pyez-ansible

Python Packages

Environment Variable: $REQ Bind Mount: /extras/requirements.txt File Format: pip requirements file

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.txt juniper/pyez-ansible

Ansible Packages

Environment Variable: $ROLES Bind Mount: /extras/requirements.yml File Format: Ansible requirements file

NOTE: This works for collections as well as roles.

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.yml" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.yml juniper/pyez-ansible

Example Playbook

This example outlines how to use Ansible to install or upgrade the software image on a device running Junos OS.

---
- name: Install Junos OS
  hosts: dc1
  collections:
    - juniper.device
  connection: local
  gather_facts: no
  vars:
    wait_time: 3600
    pkg_dir: /var/tmp/junos-install
    OS_version: 14.1R1.10
    OS_package: jinstall-14.1R1.10-domestic-signed.tgz
    log_dir: /var/log/ansible

  tasks:
    - name: Checking NETCONF connectivity
      wait_for: host={{ inventory_hostname }} port=830 timeout=5
    - name: Install Junos OS package
      software:
        reboot: yes
        version: "{{ OS_version }}"
        package: "{{ pkg_dir }}/{{ OS_package }}"
        logfile: "{{ log_dir }}/software.log"
      register: sw
      notify:
        - wait_reboot

  handlers:
    - name: wait_reboot
      wait_for: host={{ inventory_hostname }} port=830 timeout={{ wait_time }}
      when: not sw.check_mode

DEPENDENCIES

This modules requires the following to be installed on the Ansible control machine:

Python >= 3.7
Ansible 2.9 or later
Junos py-junos-eznc 2.6.0 or later
jxmlease 1.0.1 or later

LICENSE

Apache 2.0

SUPPORT

Support for this juniper.device collection is provided by the community and Juniper Networks. If you have an issue with a module in the juniper.device collection, you may:

Open a GitHub issue.
Post a question on our Google Group
Email jnpr-community-netdev@juniper.net
Open a JTAC Case

Support for the Junos modules included in Ansible core is provided by Ansible. If you have an issue with an Ansible core module you should open a Github issue against the Ansible project.

CONTRIBUTORS

Juniper Networks is actively contributing to and maintaining this repo. Please contact jnpr-community-netdev@juniper.net for any queries.

Contributors: Nitin Kumar, Rahul Kumar, Stephen Steiner

Former Contributors:

Stacy W Smith, Jeremy Schulman, Rick Sherman, Damien Garros, David Gethings

Download Details:

Author: Juniper
Download Link: Download The Source Code
Official Website: https://github.com/Juniper/ansible-junos-stdlib
License: Apache-2.0 license

#Ansible #webdevelopers

What is GEEK

Buddha Community

Joseph Murray

1621559580

Collection vs Collections in Java: Difference Between Collection & Collections in Java

Introduction

This article will be looking into one of the most popular questions in Java Language – What is Collection in Java? Also, what do you mean by Collections in Java? Are Collection and Collections the same or different in Java?

What is Collection?

What is Collections?

Conclusion

#full stack development #collection #collection vs collections in java #collections in java #difference between collection and collections in java

Katlynn Schaden

1667747700

Awesome Ansible List

Awesome Ansible

A collaborative curated list of awesome Ansible resources, tools, Roles, tutorials and other related stuff.

Ansible is an open source toolkit, written in Python, it is used for configuration management, application deployment, continuous delivery, IT infrastructure automation and automation in general.

Official resources

Official resources by and for Ansible.

Latest Ansible Documentation - Latest user guide and documentation for Ansible.
Ansible Galaxy Website - Official repository and community site for Ansible Roles.
Ansible Blog - Official Ansible blog.

Community

Places where to chat with the Ansible community

About code - GitHub.com/ansible, GitHub.com/ansible-collections and GitHub.com/ansible-community.
IRC - #ansible, #ansible-devel and #ansible-community amongst others on libera.chat.
reddit.com/r/ansible - The Ansible subreddit.
Discord - The Ansible discord.
ansible.com/community - Twitter, mailing lists, meetups and more.

Tutorials

Tutorials and courses to learn Ansible.

How To Manage Remote Servers with Ansible - This Tutorial goes over how to use Ansible to manage remote servers.
Ansible Tutorial by leucos - 12 Step Tutorial for Ansible.
Programming Community Curated Resources for learning Ansible - A list of recommended resources.
Ansible TopTechSkills.com Tutorial Series on Ansible - Tutorials on how to Install and use Ansible.
Official Ansible labs by Red Hat - Training Course for Ansible Automation Platform.
Ansible Tutorials on DigitalOcean - Basic tutorials on DigitalOcean.com.
Ansible Tutorial by BlueBanquise team - Basic Ansible tutorial.
Ansible Tutorial for Beginners: Playbook & Examples - Introduction to Ansible for beginners.

Books

Books about Ansible.

Ansible for DevOps - This book helps to start using Ansible to provision and manage anywhere from one to thousands of servers. Free sample can be read here.
Ansible for Kubernetes - Deploy and maintain real-world massively-scalable and high-available applications with Ansible.
How To Manage Remote Servers with Ansible eBook - This book is based on the "How To Manage Remote Servers with Ansible" tutorial series.

Videos

Video tutorials and Ansible training.

Ansible YouTube Channel - Official Ansible YouTube channel.
Introduction to Ansible - Introduction to Ansible by Cloud Academy.
Ansible 101 by Jeff Geerling - Great video series on Ansible, by Jeff Geerling.
Ansible TopTechSkills.com Tutorial Series on YouTube - Video tutorials on Ansible.
Ansible Essentials - Course - Free Video Classroom on Ansible essentials by Red Hat.
Complete Ansible Course 2020 by DevOps Journey - Free Video Course on Ansible including labs to follow along.
Getting started with Ansible - YouTube tutorial series by LearnLinuxTV.

Tools

Tools for and using Ansible.

Ansible Tower - Ansible Tower by Red Hat helps you scale IT automation, manage complex deployments and speed productivity. Extend the power of Ansible to your entire team.
AWX - AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is the upstream project for Tower, a commercial derivative of AWX.
Ansible Lint - Checks Playbooks for best practices and behavior that could potentially be improved.
Ansible Later - Another best practice scanner. Checks Playbooks and Roles for best practices and behavior that could potentially be improved.
Ansible Doctor - Simple annotation like documentation generator for Ansible roles based on Jinja2 templates.
Ansible cmdb - Takes the output of Ansible's fact gathering and converts it into a static HTML page.
ARA - ARA Records Ansible playbooks and makes them easier to understand and troubleshoot with a reporting API, UI and CLI.
Mitogen for Ansible - Speed up Ansible substantially with Mitogen.
Molecule - Molecule aids in the development and testing of Ansible roles.
Packer Ansible Provisioner - This Provisioner can be used to automate VM Image creation via Packer with Ansible.
Excel Ansible Inventory - Turn any Excel Spreadsheet into an Ansible Inventory.
terraform.py - Ansible dynamic inventory script for parsing Terraform state files.
ansible-navigator - A text-based user interface (TUI) for Ansible.
squest - Self-service portal for Ansible Tower job templates.
ansible-bender - Tool which bends containers using Ansible playbooks and turns them into container images.
ansible-runner - A tool and python library that helps when interfacing with Ansible directly or as part of another system whether that be through a container image interface, as a standalone tool, or as a Python module that can be imported.
ansible-builder - Using Ansible content that depends on non-default dependencies can be tricky. Packages must be installed on each node, play nicely with other software installed on the host system, and be kept in sync.
kics - SAST Tool that scans your ansible infrastructure as code playbooks for security vulnverables, compliance issues and misconfigurations.
php-ansible Library - OOP-Wrapper for Ansible, making Ansible available in PHP.
TD4A - Design aid for building and testing jinja2 templates, combines data in yaml format with a jinja2 template and render the output.
Ansible Playbook Grapher - Command line tool to create a graph representing your Ansible playbook plays, tasks and roles.
ansible-doc-extractor - A tool that extracts documentation from Ansible modules in the HTML form.
Ansible Semaphore - Ansible Semaphore is a modern UI for Ansible.

Blog posts and opinions

Best practices and other opinions on Ansible.

Ansible (Real Life) Good Practices - Best practice guidelines.
Testing Ansible Roles Against Windows with Test-Kitchen - Using Test-Kitchen with Ansible to apply playbooks to Windows machines and test them with Pester.
Ansible Best Practices by AndiDog - Practices covering many aspects of an Ansible setup, including hints to support different environments (testing, staging, production).
Getting started with Ansible - Introduces Ansible, provides installation instructions and gives an interactive walkthrough of Ansible's basic functionalities, like running Ansible playbooks and installing Ansible content.
Taking Ansible apart - Describes and shows how most commonly used Ansible components work.

German

Ansible – Was ich am Ad-hoc-Modus schätze - Opinion what the author likes about the Ansible Ad-Hoc mode.

Playbooks, Roles and Collections

Awesome production ready Playbooks, Roles and Collections to get you up and running.

Ansible Vagrant Examples by geerlingguy - Ansible examples using Vagrant to deploy to local VMs.
Ansible playbook for Linux machine setup - Ansible playbook for setting up a self-updating, hardened Debian/Ubuntu machine with Docker daemon.
DevSec Hardening Framework - The DevSec collection helps you harden your Linux Based OS as well as MySQL, NGINX and SSH Server/Services.
T.A.D.S. boilerplate - Provision and deploy a Docker Swarm cluster to development environment and to production. Infrastructure as Code and DevOps best practices.
Openstack Ansible - Ansible Playbooks for deploying OpenStack.
Robert de Bock - A extensive collection of Ansible roles.
DebOps - A extensive collection of Debian based Ansible Playbooks.
ansible-ssm - An ansible role to provision physical and virtual hosts with the AWS SSM agent.
BlueBanquise - An ansible coherent roles collection to deploy clusters.

Download Details:

Author: ansible-community
Source Code: https://github.com/ansible-community/awesome-ansible

License: CC0-1.0 license

#ansible

Fabiola Auma

1667834580

Juniper Ansible collection for Junos

Juniper Ansible collection for Junos

The repo is under active development. If you take a clone, you are getting the latest, and perhaps not entirely stable code.

About

juniper.junos roles by Juniper Networks

Two Sets of Ansible Modules for Junos devices

Overview of Modules

This juniper.device collection includes the following modules:

command — Execute one or more CLI commands on a Junos device.
config — Manipulate the configuration of a Junos device.
facts — Retrieve facts from a Junos device.
jsnapy — Execute JSNAPy tests on a Junos device.
ping — Execute ping from a Junos device.
pmtud — Perform path MTU discovery from a Junos device to a destination.
rpc — Execute one or more NETCONF RPCs on a Junos device.
software — Install software on a Junos device.
srx_cluster — Add or remove SRX chassis cluster configuration.
system — Initiate operational actions on the Junos system.
table — Retrieve data from a Junos device using a PyEZ table/view.

PyEZ Version Requirement

For ansible collection juniper.device we will need to install junos-eznc(PyEZ) version 2.6.0 or higher.

Overview of Plugins

In addition to the modules listed above, a callback_plugin jsnapy is available for the module jsnapy.

PLAY RECAP *********************************************************************
qfx10002-01                : ok=3    changed=0    unreachable=0    failed=1
qfx10002-02                : ok=3    changed=0    unreachable=0    failed=1
qfx5100-01                 : ok=1    changed=0    unreachable=0    failed=1

JSNAPy Results for: qfx10002-01 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "60021", "peer-state": "Idle", "peer-address": "192.168.0.1"}
Value of 'oper-status' not 'is-equal' at '//interface-information/physical-interface[normalize-space(admin-status)='up' and logical-interface/address-family/address-family-name ]' with {"oper-status": "down", "name": "et-0/0/18"}

JSNAPy Results for: qfx10002-02 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}

The jsnapy plugin is currently in Experimental stage, please provide feedback.

[defaults]
callback_whitelist = jsnapy

DOCUMENTATION

Official Juniper documentation (detailed information, including examples)

Ansible style documentation

INSTALLATION

You must have the DEPENDENCIES installed on your system. Check requirements.txt for the dependencies.

NOTICES

MacOS Mojave and newer

Create a new RSA key: ssh-keygen -m PEM -t rsa -b 4096
Check existing keys: head -n1 ~/.ssh/some_private_key RSA keys will be -----BEGIN RSA PRIVATE KEY----- and OPENSSH keys will be -----BEGIN OPENSSH PRIVATE KEY-----
Convert an OPENSSH key to an RSA key: ssh-keygen -p -m PEM -f ~/.ssh/some_key

Ansible Galaxy collection

You can use the ansible-galaxy install command to install the latest version of the juniper.device collection.

sudo ansible-galaxy collection install juniper.device

You can also use the ansible-galaxy install command to install the latest development version of the junos role directly from GitHub.

sudo ansible-galaxy collection install git+https://github.com/Juniper/ansible-junos-stdlib.git#/ansible_collections/juniper/device

For more information visit - https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#specifying-the-location-to-search-for-collections

Git clone

For testing you can git clone this repo and run the env-setup script in the repo directory:

user@ansible-junos-stdlib> source env-setup

This will set your $ANSIBLE_LIBRARY variable to the repo location and the installed Ansible library path. For example:

$ echo $ANSIBLE_LIBRARY /home/jeremy/Ansible/ansible-junos-stdlib/library:/usr/share/ansible

Docker

To run this as a Docker container, which includes JSNAPy and PyEZ, simply pull it from the Docker hub and run it. The following will pull the latest image and run it in an interactive ash shell.

docker run -it --rm juniper/pyez-ansible

docker run -it --rm -v $PWD:/project juniper/pyez-ansible

You can also use the container as an executable to run your playbooks. Let's assume we have a typical playbook structure as below:

example
|playbook.yml
|hosts
|-vars
|-templates
|-scripts

We can move to the example directory and run the playbook with the following command:

cd example/ docker run -it --rm -v $PWD:/playbooks juniper/pyez-ansible ansible-playbook -i hosts playbook.yml

You can pass any valid command string after the container name and it will be passed to Bash for execution.

You may have noticed that the base command is almost always the same. We can also use an alias to save some keystrokes.

alias pb-ansible="docker run -it --rm -v $PWD:/project juniper/pyez-ansible ansible-playbook" pb-ansible -i hosts playbook.yml

Extending the container with additional packages

OS Packages

Environment Variable: $APK Bind Mount: /extras/apk.txt File Format: list of valid Alpine packages, one per line Examples:

As an environment variable, where the file containing a list of packages is in the current directory.

docker run -it --rm -v $PWD:/project -e APK="apk.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/apk.txt:/extras/apk.txt juniper/pyez-ansible

Python Packages

Environment Variable: $REQ Bind Mount: /extras/requirements.txt File Format: pip requirements file

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.txt juniper/pyez-ansible

Ansible Packages

Environment Variable: $ROLES Bind Mount: /extras/requirements.yml File Format: Ansible requirements file

NOTE: This works for collections as well as roles.

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.yml" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.yml juniper/pyez-ansible

Example Playbook

This example outlines how to use Ansible to install or upgrade the software image on a device running Junos OS.

---
- name: Install Junos OS
  hosts: dc1
  collections:
    - juniper.device
  connection: local
  gather_facts: no
  vars:
    wait_time: 3600
    pkg_dir: /var/tmp/junos-install
    OS_version: 14.1R1.10
    OS_package: jinstall-14.1R1.10-domestic-signed.tgz
    log_dir: /var/log/ansible

  tasks:
    - name: Checking NETCONF connectivity
      wait_for: host={{ inventory_hostname }} port=830 timeout=5
    - name: Install Junos OS package
      software:
        reboot: yes
        version: "{{ OS_version }}"
        package: "{{ pkg_dir }}/{{ OS_package }}"
        logfile: "{{ log_dir }}/software.log"
      register: sw
      notify:
        - wait_reboot

  handlers:
    - name: wait_reboot
      wait_for: host={{ inventory_hostname }} port=830 timeout={{ wait_time }}
      when: not sw.check_mode

DEPENDENCIES

This modules requires the following to be installed on the Ansible control machine:

Python >= 3.7
Ansible 2.9 or later
Junos py-junos-eznc 2.6.0 or later
jxmlease 1.0.1 or later

LICENSE

Apache 2.0

SUPPORT

Support for this juniper.device collection is provided by the community and Juniper Networks. If you have an issue with a module in the juniper.device collection, you may:

Open a GitHub issue.
Post a question on our Google Group
Email jnpr-community-netdev@juniper.net
Open a JTAC Case

Support for the Junos modules included in Ansible core is provided by Ansible. If you have an issue with an Ansible core module you should open a Github issue against the Ansible project.

CONTRIBUTORS

Juniper Networks is actively contributing to and maintaining this repo. Please contact jnpr-community-netdev@juniper.net for any queries.

Contributors: Nitin Kumar, Rahul Kumar, Stephen Steiner

Former Contributors:

Stacy W Smith, Jeremy Schulman, Rick Sherman, Damien Garros, David Gethings

Download Details:

Author: Juniper
Download Link: Download The Source Code
Official Website: https://github.com/Juniper/ansible-junos-stdlib
License: Apache-2.0 license

#Ansible #webdevelopers

Nigel Uys

1672332269

Ansible Collection Provides Battle Tested Hardening for Linux, SSH

Ansible Collection - devsec.hardening

Description

This collection provides battle tested hardening for:

Linux operating systems:
- CentOS 7
- Rocky Linux 8
- Debian 10/11
- Ubuntu 18.04/20.04/22.04
- Amazon Linux (some roles supported)
- Arch Linux (some roles supported)
- Fedora (some roles supported)
- Suse Tumbleweed (some roles supported)
MySQL
- MariaDB >= 5.5.65, >= 10.1.45, >= 10.3.17
- MySQL >= 5.7.31, >= 8.0.3
Nginx 1.0.16 or later
OpenSSH 5.3 and later

The hardening is intended to be compliant with the Inspec DevSec Baselines:

Looking for the old roles?

The roles are now part of the hardening-collection. We have kept the old releases of the os-hardening role in this repository, so you can find the them by exploring older tags. The last release of the standalone role was 6.2.0.

The other roles are in separate archives repositories:

Minimum required Ansible-version

Ansible >= 2.9.10

Included content

In progress, not working:

Installation

Install the collection via ansible-galaxy:

ansible-galaxy collection install devsec.hardening

Using this collection

Please refer to the examples in the readmes of the role.

See Ansible Using collections for more details.

Contributing to this collection

See the contributor guideline.

Release notes

See the changelog.

Roadmap

Todos:

Work on apache_hardening and windows_hardening
Add support for more operating systems

More information

General information:

Download Details:

Author: Dev-sec
Source Code: https://github.com/dev-sec/ansible-collection-hardening
License: Apache-2.0 license

#ansible #collect #linux #nginx

Fabiola Auma

1667973300

Community.vmware: Ansible Collection for VMware

Ansible Collection: community.vmware

This repo hosts the community.vmware Ansible Collection.

The collection includes the VMware modules and plugins supported by Ansible VMware community to help the management of VMware infrastructure.

Releases and maintenance

Release	Status	Expected end of life
3	Maintained	Nov 2024
2	Maintained (bug fixes only)	Nov 2023
1	Unmaintained	Nov 2022

Ansible version compatibility

This collection has been tested against following Ansible versions: >=2.13.0.

For collections that support Ansible 2.9, please ensure you update your network_os to use the fully qualified collection name (for example, cisco.ios.ios). Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible.

Installation and Usage

Installing the Collection from Ansible Galaxy

Before using the VMware community collection, you need to install the collection with the ansible-galaxy CLI:

ansible-galaxy collection install community.vmware

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:

collections:
- name: community.vmware

Required Python libraries

VMware community collection depends on Python 3.8+ and on following third party libraries:

Installing required libraries and SDK

Installing collection does not install any required third party Python libraries or SDKs. You need to install the required Python libraries using following command:

pip install -r ~/.ansible/collections/ansible_collections/community/vmware/requirements.txt

If you are working on developing and/or testing VMware community collection, you may want to install additional requirements using following command:

pip install -r ~/.ansible/collections/ansible_collections/community/vmware/test-requirements.txt

Included content

Connection plugins

Name	Description
community.vmware.vmware_tools	Execute tasks inside a VM via VMware Tools

Httpapi plugins

Name	Description
community.vmware.vmware	HttpApi Plugin for VMware REST API

Inventory plugins

Name	Description
community.vmware.vmware_host_inventory	VMware ESXi hostsystem inventory source
community.vmware.vmware_vm_inventory	VMware Guest inventory source

Modules

Name	Description
community.vmware.vcenter_domain_user_group_info	Gather user or group information of a domain
community.vmware.vcenter_extension	Register/deregister vCenter Extensions
community.vmware.vcenter_extension_info	Gather info vCenter extensions
community.vmware.vcenter_folder	Manage folders on given datacenter
community.vmware.vcenter_license	Manage VMware vCenter license keys
community.vmware.vcenter_standard_key_provider	Add, reconfigure or remove Standard Key Provider on vCenter server
community.vmware.vmware_about_info	Provides information about VMware server to which user is connecting to
community.vmware.vmware_category	Manage VMware categories
community.vmware.vmware_category_info	Gather info about VMware tag categories
community.vmware.vmware_cfg_backup	Backup / Restore / Reset ESXi host configuration
community.vmware.vmware_cluster	Manage VMware vSphere clusters
community.vmware.vmware_cluster_dpm	Manage Distributed Power Management (DPM) on VMware vSphere clusters
community.vmware.vmware_cluster_drs	Manage Distributed Resource Scheduler (DRS) on VMware vSphere clusters
community.vmware.vmware_cluster_ha	Manage High Availability (HA) on VMware vSphere clusters
community.vmware.vmware_cluster_info	Gather info about clusters available in given vCenter
community.vmware.vmware_cluster_vcls	Override the default vCLS (vSphere Cluster Services) VM disk placement for this cluster.
community.vmware.vmware_cluster_vsan	Manages virtual storage area network (vSAN) configuration on VMware vSphere clusters
community.vmware.vmware_content_deploy_ovf_template	Deploy Virtual Machine from ovf template stored in content library.
community.vmware.vmware_content_deploy_template	Deploy Virtual Machine from template stored in content library.
community.vmware.vmware_content_library_info	Gather information about VMWare Content Library
community.vmware.vmware_content_library_manager	Create, update and delete VMware content library
community.vmware.vmware_datacenter	Manage VMware vSphere Datacenters
community.vmware.vmware_datacenter_info	Gather information about VMware vSphere Datacenters
community.vmware.vmware_datastore	Configure Datastores
community.vmware.vmware_datastore_cluster	Manage VMware vSphere datastore clusters
community.vmware.vmware_datastore_cluster_manager	Manage VMware vSphere datastore cluster's members
community.vmware.vmware_datastore_info	Gather info about datastores available in given vCenter
community.vmware.vmware_datastore_maintenancemode	Place a datastore into maintenance mode
community.vmware.vmware_deploy_ovf	Deploys a VMware virtual machine from an OVF or OVA file
community.vmware.vmware_drs_group	Creates vm/host group in a given cluster.
community.vmware.vmware_drs_group_info	Gathers info about DRS VM/Host groups on the given cluster
community.vmware.vmware_drs_group_manager	Manage VMs and Hosts in DRS group.
community.vmware.vmware_drs_rule_info	Gathers info about DRS rule on the given cluster
community.vmware.vmware_dvs_host	Add or remove a host from distributed virtual switch
community.vmware.vmware_dvs_portgroup	Create or remove a Distributed vSwitch portgroup.
community.vmware.vmware_dvs_portgroup_find	Find portgroup(s) in a VMware environment
community.vmware.vmware_dvs_portgroup_info	Gathers info DVS portgroup configurations
community.vmware.vmware_dvswitch	Create or remove a Distributed Switch
community.vmware.vmware_dvswitch_info	Gathers info dvswitch configurations
community.vmware.vmware_dvswitch_lacp	Manage LACP configuration on a Distributed Switch
community.vmware.vmware_dvswitch_nioc	Manage distributed switch Network IO Control
community.vmware.vmware_dvswitch_pvlans	Manage Private VLAN configuration of a Distributed Switch
community.vmware.vmware_dvswitch_uplink_pg	Manage uplink portproup configuration of a Distributed Switch
community.vmware.vmware_evc_mode	Enable/Disable EVC mode on vCenter
community.vmware.vmware_export_ovf	Exports a VMware virtual machine to an OVF file, device files and a manifest file
community.vmware.vmware_first_class_disk	Manage VMware vSphere First Class Disks
community.vmware.vmware_folder_info	Provides information about folders in a datacenter
community.vmware.vmware_guest	Manages virtual machines in vCenter
community.vmware.vmware_guest_boot_info	Gather info about boot options for the given virtual machine
community.vmware.vmware_guest_boot_manager	Manage boot options for the given virtual machine
community.vmware.vmware_guest_controller	Manage disk or USB controllers related to virtual machine in given vCenter infrastructure
community.vmware.vmware_guest_cross_vc_clone	Cross-vCenter VM/template clone
community.vmware.vmware_guest_custom_attribute_defs	Manage custom attributes definitions for virtual machine from VMware
community.vmware.vmware_guest_custom_attributes	Manage custom attributes from VMware for the given virtual machine
community.vmware.vmware_guest_customization_info	Gather info about VM customization specifications
community.vmware.vmware_guest_disk	Manage disks related to virtual machine in given vCenter infrastructure
community.vmware.vmware_guest_disk_info	Gather info about disks of given virtual machine
community.vmware.vmware_guest_file_operation	Files operation in a VMware guest operating system without network
community.vmware.vmware_guest_find	Find the folder path(s) for a virtual machine by name or UUID
community.vmware.vmware_guest_info	Gather info about a single VM
community.vmware.vmware_guest_instant_clone	Instant Clone VM
community.vmware.vmware_guest_move	Moves virtual machines in vCenter
community.vmware.vmware_guest_network	Manage network adapters of specified virtual machine in given vCenter infrastructure
community.vmware.vmware_guest_powerstate	Manages power states of virtual machines in vCenter
community.vmware.vmware_guest_register_operation	VM inventory registration operation
community.vmware.vmware_guest_screenshot	Create a screenshot of the Virtual Machine console.
community.vmware.vmware_guest_sendkey	Send USB HID codes to the Virtual Machine's keyboard.
community.vmware.vmware_guest_serial_port	Manage serial ports on an existing VM
community.vmware.vmware_guest_snapshot	Manages virtual machines snapshots in vCenter
community.vmware.vmware_guest_snapshot_info	Gather info about virtual machine's snapshots in vCenter
community.vmware.vmware_guest_storage_policy	Set VM Home and disk(s) storage policy profiles.
community.vmware.vmware_guest_tools_info	Gather info about VMware tools installed in VM
community.vmware.vmware_guest_tools_upgrade	Module to upgrade VMTools
community.vmware.vmware_guest_tools_wait	Wait for VMware tools to become available
community.vmware.vmware_guest_tpm	Add or remove vTPM device for specified VM.
community.vmware.vmware_guest_vgpu	Modify vGPU video card profile of the specified virtual machine in the given vCenter infrastructure
community.vmware.vmware_guest_video	Modify video card configurations of specified virtual machine in given vCenter infrastructure
community.vmware.vmware_host	Add, remove, or move an ESXi host to, from, or within vCenter
community.vmware.vmware_host_acceptance	Manage the host acceptance level of an ESXi host
community.vmware.vmware_host_active_directory	Joins an ESXi host system to an Active Directory domain or leaves it
community.vmware.vmware_host_auto_start	Manage the auto power ON or OFF for vm on ESXi host
community.vmware.vmware_host_capability_info	Gathers info about an ESXi host's capability information
community.vmware.vmware_host_config_info	Gathers info about an ESXi host's advance configuration information
community.vmware.vmware_host_config_manager	Manage advanced system settings of an ESXi host
community.vmware.vmware_host_custom_attributes	Manage custom attributes from VMware for the given ESXi host
community.vmware.vmware_host_datastore	Manage a datastore on ESXi host
community.vmware.vmware_host_disk_info	Gathers information about disks attached to given ESXi host/s.
community.vmware.vmware_host_dns	Manage DNS configuration of an ESXi host system
community.vmware.vmware_host_dns_info	Gathers info about an ESXi host's DNS configuration information
community.vmware.vmware_host_facts	Gathers facts about remote ESXi hostsystem
community.vmware.vmware_host_feature_info	Gathers info about an ESXi host's feature capability information
community.vmware.vmware_host_firewall_info	Gathers info about an ESXi host's firewall configuration information
community.vmware.vmware_host_firewall_manager	Manage firewall configurations about an ESXi host
community.vmware.vmware_host_hyperthreading	Enables/Disables Hyperthreading optimization for an ESXi host system
community.vmware.vmware_host_ipv6	Enables/Disables IPv6 support for an ESXi host system
community.vmware.vmware_host_iscsi	Manage the iSCSI configuration of ESXi host
community.vmware.vmware_host_iscsi_info	Gather iSCSI configuration information of ESXi host
community.vmware.vmware_host_kernel_manager	Manage kernel module options on ESXi hosts
community.vmware.vmware_host_lockdown	Manage administrator permission for the local administrative account for the ESXi host
community.vmware.vmware_host_lockdown_exceptions	Manage Lockdown Mode Exception Users
community.vmware.vmware_host_logbundle	Fetch logbundle file from ESXi
community.vmware.vmware_host_logbundle_info	Gathers manifest info for logbundle
community.vmware.vmware_host_ntp	Manage NTP server configuration of an ESXi host
community.vmware.vmware_host_ntp_info	Gathers info about NTP configuration on an ESXi host
community.vmware.vmware_host_package_info	Gathers info about available packages on an ESXi host
community.vmware.vmware_host_passthrough	Manage PCI device passthrough settings on host
community.vmware.vmware_host_powermgmt_policy	Manages the Power Management Policy of an ESXI host system
community.vmware.vmware_host_powerstate	Manages power states of host systems in vCenter
community.vmware.vmware_host_scanhba	Rescan host HBA's and optionally refresh the storage system
community.vmware.vmware_host_scsidisk_info	Gather information about SCSI disk attached to the given ESXi
community.vmware.vmware_host_service_info	Gathers info about an ESXi host's services
community.vmware.vmware_host_service_manager	Manage services on a given ESXi host
community.vmware.vmware_host_snmp	Configures SNMP on an ESXi host system
community.vmware.vmware_host_sriov	Manage SR-IOV settings on host
community.vmware.vmware_host_ssl_info	Gather info of ESXi host system about SSL
community.vmware.vmware_host_tcpip_stacks	Manage the TCP/IP Stacks configuration of ESXi host
community.vmware.vmware_host_user_manager	Manage users of ESXi
community.vmware.vmware_host_vmhba_info	Gathers info about vmhbas available on the given ESXi host
community.vmware.vmware_host_vmnic_info	Gathers info about vmnics available on the given ESXi host
community.vmware.vmware_local_role_info	Gather info about local roles on an ESXi host
community.vmware.vmware_local_role_manager	Manage local roles on an ESXi host
community.vmware.vmware_local_user_info	Gather info about users on the given ESXi host
community.vmware.vmware_local_user_manager	Manage local users on an ESXi host
community.vmware.vmware_maintenancemode	Place a host into maintenance mode
community.vmware.vmware_migrate_vmk	Migrate a VMK interface from VSS to VDS
community.vmware.vmware_object_custom_attributes_info	Gather custom attributes of an object
community.vmware.vmware_object_rename	Renames VMware objects
community.vmware.vmware_object_role_permission	Manage local roles on an ESXi host
community.vmware.vmware_object_role_permission_info	Gather information about object's permissions
community.vmware.vmware_portgroup	Create a VMware portgroup
community.vmware.vmware_portgroup_info	Gathers info about an ESXi host's Port Group configuration
community.vmware.vmware_recommended_datastore	Returns the recommended datastore from a SDRS-enabled datastore cluster
community.vmware.vmware_resource_pool	Add/remove resource pools to/from vCenter
community.vmware.vmware_resource_pool_info	Gathers info about resource pool information
community.vmware.vmware_tag	Manage VMware tags
community.vmware.vmware_tag_info	Manage VMware tag info
community.vmware.vmware_tag_manager	Manage association of VMware tags with VMware objects
community.vmware.vmware_target_canonical_info	Return canonical (NAA) from an ESXi host system
community.vmware.vmware_vc_infraprofile_info	List and Export VMware vCenter infra profile configs.
community.vmware.vmware_vcenter_settings	Configures general settings on a vCenter server
community.vmware.vmware_vcenter_settings_info	Gather info vCenter settings
community.vmware.vmware_vcenter_statistics	Configures statistics on a vCenter server
community.vmware.vmware_vm_config_option	Return supported guest ID list and VM recommended config option for specific guest OS
community.vmware.vmware_vm_host_drs_rule	Creates vm/host group in a given cluster
community.vmware.vmware_vm_info	Return basic info pertaining to a VMware machine guest
community.vmware.vmware_vm_shell	Run commands in a VMware guest operating system
community.vmware.vmware_vm_storage_policy	Create vSphere storage policies
community.vmware.vmware_vm_storage_policy_info	Gather information about vSphere storage profile defined storage policy information.
community.vmware.vmware_vm_vm_drs_rule	Configure VMware DRS Affinity rule for virtual machines in the given cluster
community.vmware.vmware_vm_vss_dvs_migrate	Migrates a virtual machine from a standard vswitch to distributed
community.vmware.vmware_vmkernel	Manages a VMware VMkernel Adapter of an ESXi host.
community.vmware.vmware_vmkernel_info	Gathers VMKernel info about an ESXi host
community.vmware.vmware_vmotion	Move a virtual machine using vMotion, and/or its vmdks using storage vMotion.
community.vmware.vmware_vsan_cluster	Configure VSAN clustering on an ESXi host
community.vmware.vmware_vsan_health_info	Gather information about a VMware vSAN cluster's health
community.vmware.vmware_vspan_session	Create or remove a Port Mirroring session.
community.vmware.vmware_vswitch	Manage a VMware Standard Switch to an ESXi host.
community.vmware.vmware_vswitch_info	Gathers info about an ESXi host's vswitch configurations
community.vmware.vsphere_copy	Copy a file to a VMware datastore
community.vmware.vsphere_file	Manage files on a vCenter datastore

Testing and Development

If you want to develop new content for this collection or improve what is already here, the easiest way to work on the collection is to clone it into one of the configured COLLECTIONS_PATHS, and work on it there.

Guidelines for VMware module development

Testing with `ansible-test`

Refer testing for more information.

Updating documentation

ansible-playbook tools/update_documentation.yml

Publishing New Version

Assuming your (local) repository has set origin to your GitHub fork and this repository is added as upstream:

Prepare the release:

Make sure your fork is up to date: git checkout main && git pull && git fetch upstream && git merge upstream/main.
Run ansible-playbook tools/prepare_release.yml. The playbook tries to generate the next minor release automatically, but you can also set the version explicitly with --extra-vars "version=$VERSION". You will have to set the version explicitly when publishing a new major release.
Push the created release branch to your GitHub repo (git push --set-upstream origin prepare_$VERSION_release) and open a PR for review.

Push the release:

After the PR has been merged, make sure your fork is up to date: git checkout main && git pull && git fetch upstream && git merge upstream/main.
Tag the release: git tag -s $VERSION
Push the tag: git push upstream $VERSION

Revert the version in galaxy.yml back to null:

Make sure your fork is up to date: git checkout main && git pull && git fetch upstream && git merge upstream/main.
Run ansible-playbook tools/unset_version.yml.
Push the created branch to your GitHub repo (git push --set-upstream origin unset_version_$VERSION) and open a PR for review.

Communication

We have a dedicated Working Group for VMware. You can find other people interested in this in the #ansible-vmware channel on libera.chat IRC. For more information about communities, meetings and agendas see https://github.com/ansible/community/wiki/VMware.

Download Details:

Author: ansible-collections
Source Code: https://github.com/ansible-collections/community.vmware

License: GPL-3.0, GPL-3.0 licenses found

#ansible