Closed meandus closed 6 years ago
Hi meandus, The current playbook/module has changed, I will be posting a new dev release in the next day which will work. The current has some new requirements around the latest smc-python release. Will post instructions back as well. By the way, which version of smc-python are you using?
I'm currently using the latest one from master so 0.60 or 0.61 right ?
Have you made some tries with the latest release of smc 6.3.2 ?
I would like also create Autonomous System object with 32 bits asn (conversion needed to store 65000.65015 as decimal number in smc) . Do you know the function to do this step ?
I can open a new case for this if you prefer.
RÉMY POUCHAIN.
Le 21 février 2018 18:04:11 GMT+01:00, David LePage notifications@github.com a écrit :
Hi meandus, The current playbook/module has changed, I will be posting a new dev release in the next day which will work. The current has some new requirements around the latest smc-python release. Will post instructions back as well. By the way, which version of smc-python are you using?
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/2#issuecomment-367396907
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Hi Remy, That would make sense as the l3_cluster playbook is stale on the repo, i'll upload a new version today. I've updated the smc-python API to better support ansible cases where elements can be created all at once (i.e. engines with many interfaces) rather than having interfaces being done after the initial connection. This has proven to be much more efficient and also provides the positive side effect that if an engine creation fails, it cannot leave a partially configured engine in the SMC. That would happen in the previous case where you might create an engine, then it fails on creating one of the interfaces.
For the BGP AS, there is not currently a function (not in SMC either), but so I understand correctly, you would use the "asdot" format to specify the AS and have this converted to decimal for SMC.
Hi David
Better is to push in ansible an asdot format., yes
Thanks for the update.
For bgp there is a specifi object for asn in the dynamic routing section.
RÉMY POUCHAIN
Le 21 février 2018 22:20:20 GMT+01:00, David LePage notifications@github.com a écrit :
Hi Remy, That would make sense as the l3_cluster playbook is stale on the repo, i'll upload a new version today. I've updated the smc-python API to better support ansible cases where elements can be created all at once (i.e. engines with many interfaces) rather than having interfaces being done after the initial connection. This has proven to be much more efficient and also provides the positive side effect that if an engine creation fails, it cannot leave a partially configured engine in the SMC. That would happen in the previous case where you might create an engine, then it fails on creating one of the interfaces.
For the BGP AS, there is not currently a function (not in SMC either), but so I understand correctly, you would use the "asdot" format to specify the AS and have this converted to decimal for SMC.
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/2#issuecomment-367476049
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Hi Remy,
I have added a function to convert an 'asdot' formatted BGP ASN to the smc.routing.bgp.AutonomousSystem
class of smc-python. Ansible requires this library to perform all actions.
Creating an AS in smc-python is as easy as:
AutonomousSystem.create(name='fooas', as_number='200.600')
if you download the latest dev build push from now forward you will have this functionality and it is then supported in ansible.
I have also updated the ansible repo, please try the l3_cluster playbook example.
BGP configurations can be done using the bgp.yml example. You can change the as_number to dotted syntax.
Also, please check engine_facts.yml, there is an example that I'm experimenting with where you can pull the engine back down in yaml format which allows for modifications after a fetch of the current engine state.
Hi David,
Thanks a lot for that :) you are pretty efficient.
My goal is to build a full configuration from scratch for route based vpn with bgp. I did the same for underlay on cisco.
Thanks a lot for all your actions
RÉMY POUCHAIN.
Le 22 février 2018 07:44:05 GMT+01:00, David LePage notifications@github.com a écrit :
Hi Remy, I have added a function to convert an 'asdot' formatted BGP ASN to the
smc.routing.bgp.AutonomousSystem
class of smc-python. Ansible requires this library to perform all actions. Creating an AS in smc-python is as easy as:AutonomousSystem.create(name='fooas', as_number='200.600')
if you download the latest dev build push from now forward you will have this functionality and it is then supported in ansible.
I have also updated the ansible repo, please try the l3_cluster playbook example.
BGP configurations can be done using the bgp.yml example. You can change the as_number to dotted syntax.
Also, please check engine_facts.yml, there is an example that I'm experimenting with where you can pull the engine back down in yaml format which allows for modifications after a fetch of the current engine state.
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/2#issuecomment-367583415
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Ok, that's great. One of the original intents was to allow ansible management for quick spin up, especially complex configurations like RBVPN. In addition, quick spin up is important to better support cloud ops as well. Let me know how you get on. Seems I have a small bug in route_vpn.yml to create the RBVPN, i'll fix shortly and repost. Otherwise the 3 playbooks (you can combine into one) will allow you to fully create the whole configuration (including the remote RBVPN gateways).
Hi David,
Is it possible to add on ansible: capacity to choose Location , control primary & backup, snmp agent during cluster creation ?
Cvi_mode: standby does not work. When im checking firewall : still balancing.
But all the rest works perfectly
RÉMY POUCHAIN.
Le 22 février 2018 15:30:41 GMT+01:00, David LePage notifications@github.com a écrit :
Ok, that's great. One of the original intents was to allow ansible management for quick spin up, especially complex configurations like RBVPN. In addition, quick spin up is important to better support cloud ops as well. Let me know how you get on. Seems I have a small bug in route_vpn.yml to create the RBVPN, i'll fix shortly and repost. Otherwise the 3 playbooks (you can combine into one) will allow you to fully create the whole configuration (including the remote RBVPN gateways).
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/2#issuecomment-367697924
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Hi Remy, Yes, I will add that and have a new version ready for Monday latest. I was just thinking about that as well. Currently only primary_mgt is available to set the management interface ID.
Hi Remy, I will close this as commit @3bb9eca resolves these issues.
Hi,
After trying to play your playbook on m SMC 6.2.2 i had this issue
The full traceback is: Traceback (most recent call last): File "/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py", line 428, in
main()
File "/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py", line 425, in main
StonesoftCluster()
File "/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py", line 235, in init
super(StonesoftCluster, self).init(self.module_args, supports_check_mode=True)
File "/tmp/ansible_JUiDdH/ansible_modlib.zip/ansible/module_utils/stonesoft_util.py", line 299, in init
File "/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py", line 292, in exec_module
engine = FirewallCluster.create(**management)
TypeError: create() takes at least 7 arguments (11 given)
fatal: [localhost]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py\", line 428, in\n main()\n File \"/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py\", line 425, in main\n StonesoftCluster()\n File \"/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py\", line 235, in init\n super(StonesoftCluster, self).init(self.module_args, supports_check_mode=True)\n File \"/tmp/ansible_JUiDdH/ansible_modlib.zip/ansible/module_utils/stonesoft_util.py\", line 299, in init\n File \"/tmp/ansible_JUiDdH/ansible_module_l3fw_cluster.py\", line 292, in exec_module\n engine = FirewallCluster.create(**management)\nTypeError: create() takes at least 7 arguments (11 given)\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
i played l3fw_cluster.yml