This is a collection of playbooks for ANM ITOps automation
If using from a VASA, setup is automatic. This repo is cloned to /opt/ansible_local/anm_itops_playbooks. You can force an update by running bash /opt/anm_ms_ova/sync_anm_itops_playbooks.sh
from the WSL console.
If not on a VASA, set up manually:
bash install_requirements.sh
Create one or more inventory files in the inventory folder. See inventory/default_inventory
for an example.
to create an inventory from MS customer assets use the Splunk dashboard: https://splunk.awscloud.anm.com/en-US/app/splunk_ms_app/ansible_inventory
You can target a host or [group] by adding --limit HOST_OR_GROUP
to the ansible-playbook command
update_snmp_acl
This playbook updates the SNMP ACL on one or more devices to allow this host's IP address.
Supported OS:
Variables
snmp_string
: The SNMP string to useenable_secret
: Optional: enable secret if device requires itExamples
ansible-playbook playbooks/update_snmp_acl.yml -e 'snmp_string=public enable_secret=SOMESECRET' --limit network -u admin -k
create_accounts
This playbook creates/ updates ot deletes accounts on one or more devices.
Variables
update_password
(optional): If set to "always", the password will be updated, even if the user already exists. If not defined passwords will only be set for new usersremove_user
(optional): If set to a username, the user will be removed from the device.add_user
(optional): If set to a username, the user will be added to the device. add_password
(required for add_user
and update_password
): The password to set for the user.enable_secret
: Optional: enable secret if device requires itExamples
Add a user
ansible-playbook playbooks/create_accounts.yml -e 'add_user=testuser add_password=testpassword enable_secret=SOMESECRET' --limit network -u admin -k
Remove a user
ansible-playbook playbooks/create_accounts.yml -e 'remove_user=testuser enable_secret=SOMESECRET' --limit network -u admin -k
Update a user's password
ansible-playbook playbooks/create_accounts.yml -e 'update_password=always add_user=testuser add_password=testpassword enable_secret=SOMESECRET' --limit network -u admin -k
configure_snmpv3
This playbook creates a readonly group and configures a snmpv3 user
Variables
snmpv3_user
(required): Username of the snmpv3 user to be given accessauth_password
(required): SHA encrypted password. This is NOT the plaintext password.privacy_password
(required): AES 128 encrypted privacy password. This is NOT the plaintext password.enable_secret
: Optional: enable secret if device requires itExamples
Add a user
ansible-playbook configure_snmpv3.yml -e 'snmpv3_user=testuser auth_password=Ab39NnC4N3acYABat7AD privacy_password=Ah7Dbh7ABCDARx7nNAjJ enable_secret=SOMESECRET' --limit network -u admin -k
remove_snmp
This playbook removes snmp community strings from the device
Supported OS:
Variables
snmp_string
: The SNMP string to useenable_secret
: Optional: enable secret if device requires itExamples
Remove snmpv2 community from a device
ansible-playbook remove_snmp.yml -e 'snmp_string=welcome1' --limit network -u admin -k
http_server
This playbook adds an ACL to an existing http-server enabled switch. Also supports removing the http-server config
Supported OS:
Variables
acl_ips
: Required if remove not set. Type List of string. These are the subnets that will be put into the ACL. Example. acl_ips=["10.16.0.0 0.0.255.255", "10.17.0.0 0.0.255.255"]acl_name
: Required if remove not set. Type string. The name of the ACL that will be applied to the http-serverremove
: Required if acl_ips and acl_name are not set. Type bool. Set to "true" to remove the http-server config from the switch. This is mutually exclusive to the acl_ips and acl_name variables. Do not set this and acl_ips/acl_name.enable_secret
: Optional: enable secret if device requires itExamples
Add new ACL to a device with acl_ips defined in inventory.ini
ansible-playbook http_server.yml -i inventory.ini -e acl_name=test_acl --limit network -u admin -k
Add new ACL to a device with acl_ips defined on CLI
ansible-playbook http_server.yml -i inventory.ini -e 'acl_name=test_acl acl_ips=["10.16.0.0 0.0.255.255", "10.17.0.0 0.0.255.255"]' --limit network -u admin -k
Remove http-server config from device
ansible-playbook http_server.yml -i inventory.ini -e 'remove=true' --limit network -u admin -k