Fabiola  Auma

Fabiola Auma

1667834580

Juniper Ansible collection for Junos

NOTE : The collection for Ansible is under development and changes are expected in the namespace/module implementation.
One may use it but it is recommended to currently use juniper.junos roles for professional implementation. Refer - https://github.com/Juniper/ansible-junos-stdlib/tree/roles for more info.

Juniper Ansible collection for Junos

The repo is under active development. If you take a clone, you are getting the latest, and perhaps not entirely stable code.

About

Juniper Networks supports Ansible for managing devices running the Junos operating system (Junos OS). This collection is hosted on the Ansible Galaxy website under the collection juniper.device. The juniper.device collection includes a set of Ansible modules that perform specific operational and configuration tasks on devices running Junos OS. These tasks include: installing and upgrading Junos OS, provisioning new Junos devices in the network, loading configuration changes, retrieving information, and resetting, rebooting, or shutting down managed devices. Please refer to the INSTALLATION section for instructions on installing this collection.

juniper.junos roles by Juniper Networks

Ansible galaxy is upgrading to collections and plans to deprecate roles in future. The master branch will now have juniper.device collection support. Juniper.junos roles have been moved to roles branch. For more information for roles, check: https://github.com/Juniper/ansible-junos-stdlib/tree/roles

Two Sets of Ansible Modules for Junos devices

Since Ansible version >= 2.1, Ansible also natively includes core modules for Junos. The Junos modules included in Ansible core have names which begin with the prefix junos_. The Junos modules included in this Juniper.device collection have names starting with module types. These two sets of Junos modules can coexist on the same Ansible control machine, and an Ansible play may invoke a module from either (or both) sets. Juniper Networks recommends using the modules in this collection when writing new playbooks that manage Junos devices.

Overview of Modules

This juniper.device collection includes the following modules:

  • command — Execute one or more CLI commands on a Junos device.
  • config — Manipulate the configuration of a Junos device.
  • facts — Retrieve facts from a Junos device.
  • jsnapy — Execute JSNAPy tests on a Junos device.
  • ping — Execute ping from a Junos device.
  • pmtud — Perform path MTU discovery from a Junos device to a destination.
  • rpc — Execute one or more NETCONF RPCs on a Junos device.
  • software — Install software on a Junos device.
  • srx_cluster — Add or remove SRX chassis cluster configuration.
  • system — Initiate operational actions on the Junos system.
  • table — Retrieve data from a Junos device using a PyEZ table/view.

PyEZ Version Requirement

For ansible collection juniper.device we will need to install junos-eznc(PyEZ) version 2.6.0 or higher.

Overview of Plugins

In addition to the modules listed above, a callback_plugin jsnapy is available for the module jsnapy.

The callback_plugin jsnapy helps to print on the screen additional information regarding jsnapy failed tests. For each failed test, a log will be printed after the RECAP of the playbook as shown in this example:

PLAY RECAP *********************************************************************
qfx10002-01                : ok=3    changed=0    unreachable=0    failed=1
qfx10002-02                : ok=3    changed=0    unreachable=0    failed=1
qfx5100-01                 : ok=1    changed=0    unreachable=0    failed=1

JSNAPy Results for: qfx10002-01 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "60021", "peer-state": "Idle", "peer-address": "192.168.0.1"}
Value of 'oper-status' not 'is-equal' at '//interface-information/physical-interface[normalize-space(admin-status)='up' and logical-interface/address-family/address-family-name ]' with {"oper-status": "down", "name": "et-0/0/18"}

JSNAPy Results for: qfx10002-02 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}

The jsnapy plugin is currently in Experimental stage, please provide feedback.

Callback plugins are not activated by default. They must be manually added to the Ansible configuration file under the [defaults] section using the variable callback_whitelist. Specifically, these lines should be added to the Ansible configuration file in order to allow the jsnapy callback plugin:

[defaults]
callback_whitelist = jsnapy

DOCUMENTATION

Official Juniper documentation (detailed information, including examples)

Ansible style documentation

INSTALLATION

You must have the DEPENDENCIES installed on your system. Check requirements.txt for the dependencies.

NOTICES

MacOS Mojave and newer

In MacOS Mojave and newer (>=10.14), ssh keys created with the system ssh-keygen are created using the newer 'OPENSSH' key format, even when specifying -t rsa during creation. This directly affects the usage of ssh keys, particularly when using the ssh_private_key_file. To create/convert/check keys, follow these steps:

  • Create a new RSA key: ssh-keygen -m PEM -t rsa -b 4096
  • Check existing keys: head -n1 ~/.ssh/some_private_key RSA keys will be -----BEGIN RSA PRIVATE KEY----- and OPENSSH keys will be -----BEGIN OPENSSH PRIVATE KEY-----
  • Convert an OPENSSH key to an RSA key: ssh-keygen -p -m PEM -f ~/.ssh/some_key

Ansible Galaxy collection

You can use the ansible-galaxy install command to install the latest version of the juniper.device collection.

sudo ansible-galaxy collection install juniper.device

You can also use the ansible-galaxy install command to install the latest development version of the junos role directly from GitHub.

sudo ansible-galaxy collection install git+https://github.com/Juniper/ansible-junos-stdlib.git#/ansible_collections/juniper/device

For more information visit - https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#specifying-the-location-to-search-for-collections

Git clone

For testing you can git clone this repo and run the env-setup script in the repo directory:

user@ansible-junos-stdlib> source env-setup

This will set your $ANSIBLE_LIBRARY variable to the repo location and the installed Ansible library path. For example:

$ echo $ANSIBLE_LIBRARY /home/jeremy/Ansible/ansible-junos-stdlib/library:/usr/share/ansible

Docker

To run this as a Docker container, which includes JSNAPy and PyEZ, simply pull it from the Docker hub and run it. The following will pull the latest image and run it in an interactive ash shell.

docker run -it --rm juniper/pyez-ansible

Although, you'll probably want to bind mount a host directory (perhaps the directory containing your playbooks and associated files). The following will bind mount the current working directory and start the ash shell.

docker run -it --rm -v $PWD:/project juniper/pyez-ansible

You can also use the container as an executable to run your playbooks. Let's assume we have a typical playbook structure as below:

example
|playbook.yml
|hosts
|-vars
|-templates
|-scripts

We can move to the example directory and run the playbook with the following command:

cd example/ docker run -it --rm -v $PWD:/playbooks juniper/pyez-ansible ansible-playbook -i hosts playbook.yml

You can pass any valid command string after the container name and it will be passed to Bash for execution.

You may have noticed that the base command is almost always the same. We can also use an alias to save some keystrokes.

alias pb-ansible="docker run -it --rm -v $PWD:/project juniper/pyez-ansible ansible-playbook" pb-ansible -i hosts playbook.yml

Extending the container with additional packages

It's possible to install additional OS (Alpine) packages, Python packages (via pip), and Ansible roles or collections at container instantiation. This can be done by passing in environment variables or bind mounting files.

OS Packages

Environment Variable: $APK Bind Mount: /extras/apk.txt File Format: list of valid Alpine packages, one per line Examples:

As an environment variable, where the file containing a list of packages is in the current directory.

docker run -it --rm -v $PWD:/project -e APK="apk.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/apk.txt:/extras/apk.txt juniper/pyez-ansible

Python Packages

Environment Variable: $REQ Bind Mount: /extras/requirements.txt File Format: pip requirements file

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.txt juniper/pyez-ansible

Ansible Packages

Environment Variable: $ROLES Bind Mount: /extras/requirements.yml File Format: Ansible requirements file

NOTE: This works for collections as well as roles.

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.yml" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.yml juniper/pyez-ansible

Example Playbook

This example outlines how to use Ansible to install or upgrade the software image on a device running Junos OS.

---
- name: Install Junos OS
  hosts: dc1
  collections:
    - juniper.device
  connection: local
  gather_facts: no
  vars:
    wait_time: 3600
    pkg_dir: /var/tmp/junos-install
    OS_version: 14.1R1.10
    OS_package: jinstall-14.1R1.10-domestic-signed.tgz
    log_dir: /var/log/ansible

  tasks:
    - name: Checking NETCONF connectivity
      wait_for: host={{ inventory_hostname }} port=830 timeout=5
    - name: Install Junos OS package
      software:
        reboot: yes
        version: "{{ OS_version }}"
        package: "{{ pkg_dir }}/{{ OS_package }}"
        logfile: "{{ log_dir }}/software.log"
      register: sw
      notify:
        - wait_reboot

  handlers:
    - name: wait_reboot
      wait_for: host={{ inventory_hostname }} port=830 timeout={{ wait_time }}
      when: not sw.check_mode

DEPENDENCIES

This modules requires the following to be installed on the Ansible control machine:

LICENSE

Apache 2.0

SUPPORT

Support for this juniper.device collection is provided by the community and Juniper Networks. If you have an issue with a module in the juniper.device collection, you may:

Support for the Junos modules included in Ansible core is provided by Ansible. If you have an issue with an Ansible core module you should open a Github issue against the Ansible project.

CONTRIBUTORS

Juniper Networks is actively contributing to and maintaining this repo. Please contact jnpr-community-netdev@juniper.net for any queries.

Contributors: Nitin Kumar, Rahul Kumar, Stephen Steiner

Former Contributors:

Stacy W Smith, Jeremy Schulman, Rick Sherman, Damien Garros, David Gethings

Download Details:
 

Author: Juniper
Download Link: Download The Source Code
Official Website: https://github.com/Juniper/ansible-junos-stdlib 
License: Apache-2.0 license

#Ansible #webdevelopers 

What is GEEK

Buddha Community

Juniper Ansible collection for Junos
Joseph  Murray

Joseph Murray

1621559580

Collection vs Collections in Java: Difference Between Collection & Collections in Java

Introduction

This article will be looking into one of the most popular questions in Java Language – What is Collection in Java? Also, what do you mean by Collections in Java? Are Collection and Collections the same or different in Java?

What is Collection?

What is Collections?

Conclusion

#full stack development #collection #collection vs collections in java #collections in java #difference between collection and collections in java

Awesome Ansible List

Awesome Ansible

A collaborative curated list of awesome Ansible resources, tools, Roles, tutorials and other related stuff.

Ansible is an open source toolkit, written in Python, it is used for configuration management, application deployment, continuous delivery, IT infrastructure automation and automation in general.

Official resources

Official resources by and for Ansible.

Community

Places where to chat with the Ansible community

Tutorials

Tutorials and courses to learn Ansible.

Books

Books about Ansible.

Videos

Video tutorials and Ansible training.

Tools

Tools for and using Ansible.

  • Ansible Tower - Ansible Tower by Red Hat helps you scale IT automation, manage complex deployments and speed productivity. Extend the power of Ansible to your entire team.
  • AWX - AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is the upstream project for Tower, a commercial derivative of AWX.
  • Ansible Lint - Checks Playbooks for best practices and behavior that could potentially be improved.
  • Ansible Later - Another best practice scanner. Checks Playbooks and Roles for best practices and behavior that could potentially be improved.
  • Ansible Doctor - Simple annotation like documentation generator for Ansible roles based on Jinja2 templates.
  • Ansible cmdb - Takes the output of Ansible's fact gathering and converts it into a static HTML page.
  • ARA - ARA Records Ansible playbooks and makes them easier to understand and troubleshoot with a reporting API, UI and CLI.
  • Mitogen for Ansible - Speed up Ansible substantially with Mitogen.
  • Molecule - Molecule aids in the development and testing of Ansible roles.
  • Packer Ansible Provisioner - This Provisioner can be used to automate VM Image creation via Packer with Ansible.
  • Excel Ansible Inventory - Turn any Excel Spreadsheet into an Ansible Inventory.
  • terraform.py - Ansible dynamic inventory script for parsing Terraform state files.
  • ansible-navigator - A text-based user interface (TUI) for Ansible.
  • squest - Self-service portal for Ansible Tower job templates.
  • ansible-bender - Tool which bends containers using Ansible playbooks and turns them into container images.
  • ansible-runner - A tool and python library that helps when interfacing with Ansible directly or as part of another system whether that be through a container image interface, as a standalone tool, or as a Python module that can be imported.
  • ansible-builder - Using Ansible content that depends on non-default dependencies can be tricky. Packages must be installed on each node, play nicely with other software installed on the host system, and be kept in sync.
  • kics - SAST Tool that scans your ansible infrastructure as code playbooks for security vulnverables, compliance issues and misconfigurations.
  • php-ansible Library - OOP-Wrapper for Ansible, making Ansible available in PHP.
  • TD4A - Design aid for building and testing jinja2 templates, combines data in yaml format with a jinja2 template and render the output.
  • Ansible Playbook Grapher - Command line tool to create a graph representing your Ansible playbook plays, tasks and roles.
  • ansible-doc-extractor - A tool that extracts documentation from Ansible modules in the HTML form.
  • Ansible Semaphore - Ansible Semaphore is a modern UI for Ansible.

Blog posts and opinions

Best practices and other opinions on Ansible.

German

Playbooks, Roles and Collections

Awesome production ready Playbooks, Roles and Collections to get you up and running.


Download Details:

Author: ansible-community
Source Code: https://github.com/ansible-community/awesome-ansible

License: CC0-1.0 license

#ansible 

Fabiola  Auma

Fabiola Auma

1667834580

Juniper Ansible collection for Junos

NOTE : The collection for Ansible is under development and changes are expected in the namespace/module implementation.
One may use it but it is recommended to currently use juniper.junos roles for professional implementation. Refer - https://github.com/Juniper/ansible-junos-stdlib/tree/roles for more info.

Juniper Ansible collection for Junos

The repo is under active development. If you take a clone, you are getting the latest, and perhaps not entirely stable code.

About

Juniper Networks supports Ansible for managing devices running the Junos operating system (Junos OS). This collection is hosted on the Ansible Galaxy website under the collection juniper.device. The juniper.device collection includes a set of Ansible modules that perform specific operational and configuration tasks on devices running Junos OS. These tasks include: installing and upgrading Junos OS, provisioning new Junos devices in the network, loading configuration changes, retrieving information, and resetting, rebooting, or shutting down managed devices. Please refer to the INSTALLATION section for instructions on installing this collection.

juniper.junos roles by Juniper Networks

Ansible galaxy is upgrading to collections and plans to deprecate roles in future. The master branch will now have juniper.device collection support. Juniper.junos roles have been moved to roles branch. For more information for roles, check: https://github.com/Juniper/ansible-junos-stdlib/tree/roles

Two Sets of Ansible Modules for Junos devices

Since Ansible version >= 2.1, Ansible also natively includes core modules for Junos. The Junos modules included in Ansible core have names which begin with the prefix junos_. The Junos modules included in this Juniper.device collection have names starting with module types. These two sets of Junos modules can coexist on the same Ansible control machine, and an Ansible play may invoke a module from either (or both) sets. Juniper Networks recommends using the modules in this collection when writing new playbooks that manage Junos devices.

Overview of Modules

This juniper.device collection includes the following modules:

  • command — Execute one or more CLI commands on a Junos device.
  • config — Manipulate the configuration of a Junos device.
  • facts — Retrieve facts from a Junos device.
  • jsnapy — Execute JSNAPy tests on a Junos device.
  • ping — Execute ping from a Junos device.
  • pmtud — Perform path MTU discovery from a Junos device to a destination.
  • rpc — Execute one or more NETCONF RPCs on a Junos device.
  • software — Install software on a Junos device.
  • srx_cluster — Add or remove SRX chassis cluster configuration.
  • system — Initiate operational actions on the Junos system.
  • table — Retrieve data from a Junos device using a PyEZ table/view.

PyEZ Version Requirement

For ansible collection juniper.device we will need to install junos-eznc(PyEZ) version 2.6.0 or higher.

Overview of Plugins

In addition to the modules listed above, a callback_plugin jsnapy is available for the module jsnapy.

The callback_plugin jsnapy helps to print on the screen additional information regarding jsnapy failed tests. For each failed test, a log will be printed after the RECAP of the playbook as shown in this example:

PLAY RECAP *********************************************************************
qfx10002-01                : ok=3    changed=0    unreachable=0    failed=1
qfx10002-02                : ok=3    changed=0    unreachable=0    failed=1
qfx5100-01                 : ok=1    changed=0    unreachable=0    failed=1

JSNAPy Results for: qfx10002-01 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "60021", "peer-state": "Idle", "peer-address": "192.168.0.1"}
Value of 'oper-status' not 'is-equal' at '//interface-information/physical-interface[normalize-space(admin-status)='up' and logical-interface/address-family/address-family-name ]' with {"oper-status": "down", "name": "et-0/0/18"}

JSNAPy Results for: qfx10002-02 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}

The jsnapy plugin is currently in Experimental stage, please provide feedback.

Callback plugins are not activated by default. They must be manually added to the Ansible configuration file under the [defaults] section using the variable callback_whitelist. Specifically, these lines should be added to the Ansible configuration file in order to allow the jsnapy callback plugin:

[defaults]
callback_whitelist = jsnapy

DOCUMENTATION

Official Juniper documentation (detailed information, including examples)

Ansible style documentation

INSTALLATION

You must have the DEPENDENCIES installed on your system. Check requirements.txt for the dependencies.

NOTICES

MacOS Mojave and newer

In MacOS Mojave and newer (>=10.14), ssh keys created with the system ssh-keygen are created using the newer 'OPENSSH' key format, even when specifying -t rsa during creation. This directly affects the usage of ssh keys, particularly when using the ssh_private_key_file. To create/convert/check keys, follow these steps:

  • Create a new RSA key: ssh-keygen -m PEM -t rsa -b 4096
  • Check existing keys: head -n1 ~/.ssh/some_private_key RSA keys will be -----BEGIN RSA PRIVATE KEY----- and OPENSSH keys will be -----BEGIN OPENSSH PRIVATE KEY-----
  • Convert an OPENSSH key to an RSA key: ssh-keygen -p -m PEM -f ~/.ssh/some_key

Ansible Galaxy collection

You can use the ansible-galaxy install command to install the latest version of the juniper.device collection.

sudo ansible-galaxy collection install juniper.device

You can also use the ansible-galaxy install command to install the latest development version of the junos role directly from GitHub.

sudo ansible-galaxy collection install git+https://github.com/Juniper/ansible-junos-stdlib.git#/ansible_collections/juniper/device

For more information visit - https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#specifying-the-location-to-search-for-collections

Git clone

For testing you can git clone this repo and run the env-setup script in the repo directory:

user@ansible-junos-stdlib> source env-setup

This will set your $ANSIBLE_LIBRARY variable to the repo location and the installed Ansible library path. For example:

$ echo $ANSIBLE_LIBRARY /home/jeremy/Ansible/ansible-junos-stdlib/library:/usr/share/ansible

Docker

To run this as a Docker container, which includes JSNAPy and PyEZ, simply pull it from the Docker hub and run it. The following will pull the latest image and run it in an interactive ash shell.

docker run -it --rm juniper/pyez-ansible

Although, you'll probably want to bind mount a host directory (perhaps the directory containing your playbooks and associated files). The following will bind mount the current working directory and start the ash shell.

docker run -it --rm -v $PWD:/project juniper/pyez-ansible

You can also use the container as an executable to run your playbooks. Let's assume we have a typical playbook structure as below:

example
|playbook.yml
|hosts
|-vars
|-templates
|-scripts

We can move to the example directory and run the playbook with the following command:

cd example/ docker run -it --rm -v $PWD:/playbooks juniper/pyez-ansible ansible-playbook -i hosts playbook.yml

You can pass any valid command string after the container name and it will be passed to Bash for execution.

You may have noticed that the base command is almost always the same. We can also use an alias to save some keystrokes.

alias pb-ansible="docker run -it --rm -v $PWD:/project juniper/pyez-ansible ansible-playbook" pb-ansible -i hosts playbook.yml

Extending the container with additional packages

It's possible to install additional OS (Alpine) packages, Python packages (via pip), and Ansible roles or collections at container instantiation. This can be done by passing in environment variables or bind mounting files.

OS Packages

Environment Variable: $APK Bind Mount: /extras/apk.txt File Format: list of valid Alpine packages, one per line Examples:

As an environment variable, where the file containing a list of packages is in the current directory.

docker run -it --rm -v $PWD:/project -e APK="apk.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/apk.txt:/extras/apk.txt juniper/pyez-ansible

Python Packages

Environment Variable: $REQ Bind Mount: /extras/requirements.txt File Format: pip requirements file

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.txt juniper/pyez-ansible

Ansible Packages

Environment Variable: $ROLES Bind Mount: /extras/requirements.yml File Format: Ansible requirements file

NOTE: This works for collections as well as roles.

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.yml" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.yml juniper/pyez-ansible

Example Playbook

This example outlines how to use Ansible to install or upgrade the software image on a device running Junos OS.

---
- name: Install Junos OS
  hosts: dc1
  collections:
    - juniper.device
  connection: local
  gather_facts: no
  vars:
    wait_time: 3600
    pkg_dir: /var/tmp/junos-install
    OS_version: 14.1R1.10
    OS_package: jinstall-14.1R1.10-domestic-signed.tgz
    log_dir: /var/log/ansible

  tasks:
    - name: Checking NETCONF connectivity
      wait_for: host={{ inventory_hostname }} port=830 timeout=5
    - name: Install Junos OS package
      software:
        reboot: yes
        version: "{{ OS_version }}"
        package: "{{ pkg_dir }}/{{ OS_package }}"
        logfile: "{{ log_dir }}/software.log"
      register: sw
      notify:
        - wait_reboot

  handlers:
    - name: wait_reboot
      wait_for: host={{ inventory_hostname }} port=830 timeout={{ wait_time }}
      when: not sw.check_mode

DEPENDENCIES

This modules requires the following to be installed on the Ansible control machine:

LICENSE

Apache 2.0

SUPPORT

Support for this juniper.device collection is provided by the community and Juniper Networks. If you have an issue with a module in the juniper.device collection, you may:

Support for the Junos modules included in Ansible core is provided by Ansible. If you have an issue with an Ansible core module you should open a Github issue against the Ansible project.

CONTRIBUTORS

Juniper Networks is actively contributing to and maintaining this repo. Please contact jnpr-community-netdev@juniper.net for any queries.

Contributors: Nitin Kumar, Rahul Kumar, Stephen Steiner

Former Contributors:

Stacy W Smith, Jeremy Schulman, Rick Sherman, Damien Garros, David Gethings

Download Details:
 

Author: Juniper
Download Link: Download The Source Code
Official Website: https://github.com/Juniper/ansible-junos-stdlib 
License: Apache-2.0 license

#Ansible #webdevelopers 

Nigel  Uys

Nigel Uys

1672332269

Ansible Collection Provides Battle Tested Hardening for Linux, SSH

Ansible Collection - devsec.hardening

Description

This collection provides battle tested hardening for:

  • Linux operating systems:
    • CentOS 7
    • Rocky Linux 8
    • Debian 10/11
    • Ubuntu 18.04/20.04/22.04
    • Amazon Linux (some roles supported)
    • Arch Linux (some roles supported)
    • Fedora (some roles supported)
    • Suse Tumbleweed (some roles supported)
  • MySQL
    • MariaDB >= 5.5.65, >= 10.1.45, >= 10.3.17
    • MySQL >= 5.7.31, >= 8.0.3
  • Nginx 1.0.16 or later
  • OpenSSH 5.3 and later

The hardening is intended to be compliant with the Inspec DevSec Baselines:

Looking for the old roles?

The roles are now part of the hardening-collection. We have kept the old releases of the os-hardening role in this repository, so you can find the them by exploring older tags. The last release of the standalone role was 6.2.0.

The other roles are in separate archives repositories:

Minimum required Ansible-version

  • Ansible >= 2.9.10

Included content

In progress, not working:

Installation

Install the collection via ansible-galaxy:

ansible-galaxy collection install devsec.hardening

Using this collection

Please refer to the examples in the readmes of the role.

See Ansible Using collections for more details.

Contributing to this collection

See the contributor guideline.

Release notes

See the changelog.

Roadmap

Todos:

More information

General information:

Download Details:

Author: Dev-sec
Source Code: https://github.com/dev-sec/ansible-collection-hardening 
License: Apache-2.0 license

#ansible #collect #linux #nginx 

Fabiola  Auma

Fabiola Auma

1667973300

Community.vmware: Ansible Collection for VMware

Ansible Collection: community.vmware

This repo hosts the community.vmware Ansible Collection.

The collection includes the VMware modules and plugins supported by Ansible VMware community to help the management of VMware infrastructure.

Releases and maintenance

ReleaseStatusExpected end of life
3MaintainedNov 2024
2Maintained (bug fixes only)Nov 2023
1UnmaintainedNov 2022

Ansible version compatibility

This collection has been tested against following Ansible versions: >=2.13.0.

For collections that support Ansible 2.9, please ensure you update your network_os to use the fully qualified collection name (for example, cisco.ios.ios). Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible.

Installation and Usage

Installing the Collection from Ansible Galaxy

Before using the VMware community collection, you need to install the collection with the ansible-galaxy CLI:

ansible-galaxy collection install community.vmware

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:

collections:
- name: community.vmware

Required Python libraries

VMware community collection depends on Python 3.8+ and on following third party libraries:

Installing required libraries and SDK

Installing collection does not install any required third party Python libraries or SDKs. You need to install the required Python libraries using following command:

pip install -r ~/.ansible/collections/ansible_collections/community/vmware/requirements.txt

If you are working on developing and/or testing VMware community collection, you may want to install additional requirements using following command:

pip install -r ~/.ansible/collections/ansible_collections/community/vmware/test-requirements.txt

Included content

Connection plugins

NameDescription
community.vmware.vmware_toolsExecute tasks inside a VM via VMware Tools

Httpapi plugins

NameDescription
community.vmware.vmwareHttpApi Plugin for VMware REST API

Inventory plugins

NameDescription
community.vmware.vmware_host_inventoryVMware ESXi hostsystem inventory source
community.vmware.vmware_vm_inventoryVMware Guest inventory source

Modules

NameDescription
community.vmware.vcenter_domain_user_group_infoGather user or group information of a domain
community.vmware.vcenter_extensionRegister/deregister vCenter Extensions
community.vmware.vcenter_extension_infoGather info vCenter extensions
community.vmware.vcenter_folderManage folders on given datacenter
community.vmware.vcenter_licenseManage VMware vCenter license keys
community.vmware.vcenter_standard_key_providerAdd, reconfigure or remove Standard Key Provider on vCenter server
community.vmware.vmware_about_infoProvides information about VMware server to which user is connecting to
community.vmware.vmware_categoryManage VMware categories
community.vmware.vmware_category_infoGather info about VMware tag categories
community.vmware.vmware_cfg_backupBackup / Restore / Reset ESXi host configuration
community.vmware.vmware_clusterManage VMware vSphere clusters
community.vmware.vmware_cluster_dpmManage Distributed Power Management (DPM) on VMware vSphere clusters
community.vmware.vmware_cluster_drsManage Distributed Resource Scheduler (DRS) on VMware vSphere clusters
community.vmware.vmware_cluster_haManage High Availability (HA) on VMware vSphere clusters
community.vmware.vmware_cluster_infoGather info about clusters available in given vCenter
community.vmware.vmware_cluster_vclsOverride the default vCLS (vSphere Cluster Services) VM disk placement for this cluster.
community.vmware.vmware_cluster_vsanManages virtual storage area network (vSAN) configuration on VMware vSphere clusters
community.vmware.vmware_content_deploy_ovf_templateDeploy Virtual Machine from ovf template stored in content library.
community.vmware.vmware_content_deploy_templateDeploy Virtual Machine from template stored in content library.
community.vmware.vmware_content_library_infoGather information about VMWare Content Library
community.vmware.vmware_content_library_managerCreate, update and delete VMware content library
community.vmware.vmware_datacenterManage VMware vSphere Datacenters
community.vmware.vmware_datacenter_infoGather information about VMware vSphere Datacenters
community.vmware.vmware_datastoreConfigure Datastores
community.vmware.vmware_datastore_clusterManage VMware vSphere datastore clusters
community.vmware.vmware_datastore_cluster_managerManage VMware vSphere datastore cluster's members
community.vmware.vmware_datastore_infoGather info about datastores available in given vCenter
community.vmware.vmware_datastore_maintenancemodePlace a datastore into maintenance mode
community.vmware.vmware_deploy_ovfDeploys a VMware virtual machine from an OVF or OVA file
community.vmware.vmware_drs_groupCreates vm/host group in a given cluster.
community.vmware.vmware_drs_group_infoGathers info about DRS VM/Host groups on the given cluster
community.vmware.vmware_drs_group_managerManage VMs and Hosts in DRS group.
community.vmware.vmware_drs_rule_infoGathers info about DRS rule on the given cluster
community.vmware.vmware_dvs_hostAdd or remove a host from distributed virtual switch
community.vmware.vmware_dvs_portgroupCreate or remove a Distributed vSwitch portgroup.
community.vmware.vmware_dvs_portgroup_findFind portgroup(s) in a VMware environment
community.vmware.vmware_dvs_portgroup_infoGathers info DVS portgroup configurations
community.vmware.vmware_dvswitchCreate or remove a Distributed Switch
community.vmware.vmware_dvswitch_infoGathers info dvswitch configurations
community.vmware.vmware_dvswitch_lacpManage LACP configuration on a Distributed Switch
community.vmware.vmware_dvswitch_niocManage distributed switch Network IO Control
community.vmware.vmware_dvswitch_pvlansManage Private VLAN configuration of a Distributed Switch
community.vmware.vmware_dvswitch_uplink_pgManage uplink portproup configuration of a Distributed Switch
community.vmware.vmware_evc_modeEnable/Disable EVC mode on vCenter
community.vmware.vmware_export_ovfExports a VMware virtual machine to an OVF file, device files and a manifest file
community.vmware.vmware_first_class_diskManage VMware vSphere First Class Disks
community.vmware.vmware_folder_infoProvides information about folders in a datacenter
community.vmware.vmware_guestManages virtual machines in vCenter
community.vmware.vmware_guest_boot_infoGather info about boot options for the given virtual machine
community.vmware.vmware_guest_boot_managerManage boot options for the given virtual machine
community.vmware.vmware_guest_controllerManage disk or USB controllers related to virtual machine in given vCenter infrastructure
community.vmware.vmware_guest_cross_vc_cloneCross-vCenter VM/template clone
community.vmware.vmware_guest_custom_attribute_defsManage custom attributes definitions for virtual machine from VMware
community.vmware.vmware_guest_custom_attributesManage custom attributes from VMware for the given virtual machine
community.vmware.vmware_guest_customization_infoGather info about VM customization specifications
community.vmware.vmware_guest_diskManage disks related to virtual machine in given vCenter infrastructure
community.vmware.vmware_guest_disk_infoGather info about disks of given virtual machine
community.vmware.vmware_guest_file_operationFiles operation in a VMware guest operating system without network
community.vmware.vmware_guest_findFind the folder path(s) for a virtual machine by name or UUID
community.vmware.vmware_guest_infoGather info about a single VM
community.vmware.vmware_guest_instant_cloneInstant Clone VM
community.vmware.vmware_guest_moveMoves virtual machines in vCenter
community.vmware.vmware_guest_networkManage network adapters of specified virtual machine in given vCenter infrastructure
community.vmware.vmware_guest_powerstateManages power states of virtual machines in vCenter
community.vmware.vmware_guest_register_operationVM inventory registration operation
community.vmware.vmware_guest_screenshotCreate a screenshot of the Virtual Machine console.
community.vmware.vmware_guest_sendkeySend USB HID codes to the Virtual Machine's keyboard.
community.vmware.vmware_guest_serial_portManage serial ports on an existing VM
community.vmware.vmware_guest_snapshotManages virtual machines snapshots in vCenter
community.vmware.vmware_guest_snapshot_infoGather info about virtual machine's snapshots in vCenter
community.vmware.vmware_guest_storage_policySet VM Home and disk(s) storage policy profiles.
community.vmware.vmware_guest_tools_infoGather info about VMware tools installed in VM
community.vmware.vmware_guest_tools_upgradeModule to upgrade VMTools
community.vmware.vmware_guest_tools_waitWait for VMware tools to become available
community.vmware.vmware_guest_tpmAdd or remove vTPM device for specified VM.
community.vmware.vmware_guest_vgpuModify vGPU video card profile of the specified virtual machine in the given vCenter infrastructure
community.vmware.vmware_guest_videoModify video card configurations of specified virtual machine in given vCenter infrastructure
community.vmware.vmware_hostAdd, remove, or move an ESXi host to, from, or within vCenter
community.vmware.vmware_host_acceptanceManage the host acceptance level of an ESXi host
community.vmware.vmware_host_active_directoryJoins an ESXi host system to an Active Directory domain or leaves it
community.vmware.vmware_host_auto_startManage the auto power ON or OFF for vm on ESXi host
community.vmware.vmware_host_capability_infoGathers info about an ESXi host's capability information
community.vmware.vmware_host_config_infoGathers info about an ESXi host's advance configuration information
community.vmware.vmware_host_config_managerManage advanced system settings of an ESXi host
community.vmware.vmware_host_custom_attributesManage custom attributes from VMware for the given ESXi host
community.vmware.vmware_host_datastoreManage a datastore on ESXi host
community.vmware.vmware_host_disk_infoGathers information about disks attached to given ESXi host/s.
community.vmware.vmware_host_dnsManage DNS configuration of an ESXi host system
community.vmware.vmware_host_dns_infoGathers info about an ESXi host's DNS configuration information
community.vmware.vmware_host_factsGathers facts about remote ESXi hostsystem
community.vmware.vmware_host_feature_infoGathers info about an ESXi host's feature capability information
community.vmware.vmware_host_firewall_infoGathers info about an ESXi host's firewall configuration information
community.vmware.vmware_host_firewall_managerManage firewall configurations about an ESXi host
community.vmware.vmware_host_hyperthreadingEnables/Disables Hyperthreading optimization for an ESXi host system
community.vmware.vmware_host_ipv6Enables/Disables IPv6 support for an ESXi host system
community.vmware.vmware_host_iscsiManage the iSCSI configuration of ESXi host
community.vmware.vmware_host_iscsi_infoGather iSCSI configuration information of ESXi host
community.vmware.vmware_host_kernel_managerManage kernel module options on ESXi hosts
community.vmware.vmware_host_lockdownManage administrator permission for the local administrative account for the ESXi host
community.vmware.vmware_host_lockdown_exceptionsManage Lockdown Mode Exception Users
community.vmware.vmware_host_logbundleFetch logbundle file from ESXi
community.vmware.vmware_host_logbundle_infoGathers manifest info for logbundle
community.vmware.vmware_host_ntpManage NTP server configuration of an ESXi host
community.vmware.vmware_host_ntp_infoGathers info about NTP configuration on an ESXi host
community.vmware.vmware_host_package_infoGathers info about available packages on an ESXi host
community.vmware.vmware_host_passthroughManage PCI device passthrough settings on host
community.vmware.vmware_host_powermgmt_policyManages the Power Management Policy of an ESXI host system
community.vmware.vmware_host_powerstateManages power states of host systems in vCenter
community.vmware.vmware_host_scanhbaRescan host HBA's and optionally refresh the storage system
community.vmware.vmware_host_scsidisk_infoGather information about SCSI disk attached to the given ESXi
community.vmware.vmware_host_service_infoGathers info about an ESXi host's services
community.vmware.vmware_host_service_managerManage services on a given ESXi host
community.vmware.vmware_host_snmpConfigures SNMP on an ESXi host system
community.vmware.vmware_host_sriovManage SR-IOV settings on host
community.vmware.vmware_host_ssl_infoGather info of ESXi host system about SSL
community.vmware.vmware_host_tcpip_stacksManage the TCP/IP Stacks configuration of ESXi host
community.vmware.vmware_host_user_managerManage users of ESXi
community.vmware.vmware_host_vmhba_infoGathers info about vmhbas available on the given ESXi host
community.vmware.vmware_host_vmnic_infoGathers info about vmnics available on the given ESXi host
community.vmware.vmware_local_role_infoGather info about local roles on an ESXi host
community.vmware.vmware_local_role_managerManage local roles on an ESXi host
community.vmware.vmware_local_user_infoGather info about users on the given ESXi host
community.vmware.vmware_local_user_managerManage local users on an ESXi host
community.vmware.vmware_maintenancemodePlace a host into maintenance mode
community.vmware.vmware_migrate_vmkMigrate a VMK interface from VSS to VDS
community.vmware.vmware_object_custom_attributes_infoGather custom attributes of an object
community.vmware.vmware_object_renameRenames VMware objects
community.vmware.vmware_object_role_permissionManage local roles on an ESXi host
community.vmware.vmware_object_role_permission_infoGather information about object's permissions
community.vmware.vmware_portgroupCreate a VMware portgroup
community.vmware.vmware_portgroup_infoGathers info about an ESXi host's Port Group configuration
community.vmware.vmware_recommended_datastoreReturns the recommended datastore from a SDRS-enabled datastore cluster
community.vmware.vmware_resource_poolAdd/remove resource pools to/from vCenter
community.vmware.vmware_resource_pool_infoGathers info about resource pool information
community.vmware.vmware_tagManage VMware tags
community.vmware.vmware_tag_infoManage VMware tag info
community.vmware.vmware_tag_managerManage association of VMware tags with VMware objects
community.vmware.vmware_target_canonical_infoReturn canonical (NAA) from an ESXi host system
community.vmware.vmware_vc_infraprofile_infoList and Export VMware vCenter infra profile configs.
community.vmware.vmware_vcenter_settingsConfigures general settings on a vCenter server
community.vmware.vmware_vcenter_settings_infoGather info vCenter settings
community.vmware.vmware_vcenter_statisticsConfigures statistics on a vCenter server
community.vmware.vmware_vm_config_optionReturn supported guest ID list and VM recommended config option for specific guest OS
community.vmware.vmware_vm_host_drs_ruleCreates vm/host group in a given cluster
community.vmware.vmware_vm_infoReturn basic info pertaining to a VMware machine guest
community.vmware.vmware_vm_shellRun commands in a VMware guest operating system
community.vmware.vmware_vm_storage_policyCreate vSphere storage policies
community.vmware.vmware_vm_storage_policy_infoGather information about vSphere storage profile defined storage policy information.
community.vmware.vmware_vm_vm_drs_ruleConfigure VMware DRS Affinity rule for virtual machines in the given cluster
community.vmware.vmware_vm_vss_dvs_migrateMigrates a virtual machine from a standard vswitch to distributed
community.vmware.vmware_vmkernelManages a VMware VMkernel Adapter of an ESXi host.
community.vmware.vmware_vmkernel_infoGathers VMKernel info about an ESXi host
community.vmware.vmware_vmotionMove a virtual machine using vMotion, and/or its vmdks using storage vMotion.
community.vmware.vmware_vsan_clusterConfigure VSAN clustering on an ESXi host
community.vmware.vmware_vsan_health_infoGather information about a VMware vSAN cluster's health
community.vmware.vmware_vspan_sessionCreate or remove a Port Mirroring session.
community.vmware.vmware_vswitchManage a VMware Standard Switch to an ESXi host.
community.vmware.vmware_vswitch_infoGathers info about an ESXi host's vswitch configurations
community.vmware.vsphere_copyCopy a file to a VMware datastore
community.vmware.vsphere_fileManage files on a vCenter datastore

Testing and Development

If you want to develop new content for this collection or improve what is already here, the easiest way to work on the collection is to clone it into one of the configured COLLECTIONS_PATHS, and work on it there.

Testing with ansible-test

Refer testing for more information.

Updating documentation

ansible-playbook tools/update_documentation.yml

Publishing New Version

Assuming your (local) repository has set origin to your GitHub fork and this repository is added as upstream:

Prepare the release:

  • Make sure your fork is up to date: git checkout main && git pull && git fetch upstream && git merge upstream/main.
  • Run ansible-playbook tools/prepare_release.yml. The playbook tries to generate the next minor release automatically, but you can also set the version explicitly with --extra-vars "version=$VERSION". You will have to set the version explicitly when publishing a new major release.
  • Push the created release branch to your GitHub repo (git push --set-upstream origin prepare_$VERSION_release) and open a PR for review.

Push the release:

  • After the PR has been merged, make sure your fork is up to date: git checkout main && git pull && git fetch upstream && git merge upstream/main.
  • Tag the release: git tag -s $VERSION
  • Push the tag: git push upstream $VERSION

Revert the version in galaxy.yml back to null:

  • Make sure your fork is up to date: git checkout main && git pull && git fetch upstream && git merge upstream/main.
  • Run ansible-playbook tools/unset_version.yml.
  • Push the created branch to your GitHub repo (git push --set-upstream origin unset_version_$VERSION) and open a PR for review.

Communication

We have a dedicated Working Group for VMware. You can find other people interested in this in the #ansible-vmware channel on libera.chat IRC. For more information about communities, meetings and agendas see https://github.com/ansible/community/wiki/VMware.


Download Details:

Author: ansible-collections
Source Code: https://github.com/ansible-collections/community.vmware

License: GPL-3.0, GPL-3.0 licenses found

#ansible