Eating some ansible last months. Love the way it works. However, when you need to deal with some appliances using unconventional ssh interfaces. Well, It’s been quite a challenge. Then, I started to create my own python tool for those cases.
The victim is VSC (Nuage Virtualized Services Controller). The secret weapon of Nuage SDN. It’s a pretty nice piece of software encapsulating the famous Alcatel-Lucent SROS. Tried to use of course ansible SROS module. However, I couldn’t make it work. Maybe because VSC is changing some part of the interaction.
pexpect is the answer to your prays
Straigth to the point. I using pexpect Python library. This case, this file will create a TLS profile in VSC for NSGs (Gateways used at branches for a SD-WAN solution). Openflow communications between VSC and NSG will be encrypted. Check the following file.
import pexpect import time import sys import argparse parser = argparse.ArgumentParser() parser.add_argument('vsc_host', type=str) parser.add_argument('vsc_ip', type=str) parser.add_argument('passwd', type=str) parser.add_argument('cert_name', type=str) args = parser.parse_args() try: child = pexpect.spawn('ssh admin@%s' % args.vsc_ip) # child.logfile = sys.stdout # uncomment to debug child.expect ('password:') child.sendline (args.passwd) child.expect (args.vsc_host) child.sendline ('configure system security tls-profile "ex-tls-profile" create') child.expect (args.vsc_host) child.sendline (r'own-key "cf1:\%s-Key.pem"' % args.cert_name) child.expect (args.vsc_host) child.sendline (r'own-certificate "cf1:\%s.pem"' % args.cert_name) child.expect (args.vsc_host) child.sendline (r'ca-certificate "cf1:\%s-CA.pem"' % args.cert_name) child.expect (args.vsc_host) child.sendline ('no shutdown') child.expect (args.vsc_host) child.sendline ('exit all') child.expect (args.vsc_host) child.sendline ('configure vswitch-controller open-flow tls-profile "ex-tls-profile"') child.expect (args.vsc_host) child.sendline ('configure vswitch-controller xmpp tls-profile "ex-tls-profile"') child.expect (args.vsc_host) except Exception as e: msg = "Exception is:\n %s \n" % e print msg
As you can notice I am using arguments to re-use this file as many times as I want.
Call it from your role tasks
I am storing this python file into “files” folder into the role to call it later from some task. the way that I managing this is shown at follow.
- name: "Create TLS profile at VSC" local_action: command python {{playbook_dir}}/roles/util-deploy/files/nuage_tls_profile.py {{ vsc1_fqdn }} {{ vsc1_host }} {{ vsc1_passwd }} {{ vsc1_cert_name }} register: output - name: Verification Result Failure Status fail: msg={{ output.stdout }} when: output.stdout != "success"
If everything goes well, then the output will be “success”. Otherwise, the task will fail and you will get the output.
What do you need to run this? You can get the required libraries and applications using my Dockerfile. Just check up my last post.
See ya!
Hey Mau!
Here is an example which uses the Ansible SROS module:
—
– hosts: vsc01
gather_facts: no
connection: local
vars:
credentials:
username: admin
password: admin
host: 10.21.0.121
tasks:
– name: Show SROS version
sros_command:
commands: show version
provider: “{{ credentials }}”
register: version
Have fun with Ansible!