Ansible Automation for VyOS
Ansible Automation for VyOS
Ansible automation для VyOS configuration management, deployment, и maintenance.
Сценарий
- Infrastructure as Code: Version-controlled конфигурация
- Mass Deployment: Automated provisioning множества VyOS instances
- Consistency: Единообразная конфигурация across fleet
Ansible Inventory
# inventory.yml
all:
children:
vyos_routers:
hosts:
vyos-gw-01:
ansible_host: 10.10.1.1
vyos-gw-02:
ansible_host: 10.10.2.1
vars:
ansible_network_os: vyos
ansible_connection: network_cli
ansible_user: vyos
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256...Ansible Playbook Example
---
# vyos-config.yml
- name: Configure VyOS Routers
hosts: vyos_routers
gather_facts: false
tasks:
- name: Set hostname
vyos_system:
host_name: "{{ inventory_hostname }}"
state: present
- name: Configure interfaces
vyos_interfaces:
config:
- name: eth0
description: "WAN Interface"
enabled: true
- name: eth1
description: "LAN Interface"
enabled: true
- name: Configure IP addresses
vyos_l3_interfaces:
config:
- name: eth1
ipv4:
- address: 10.10.1.1/24
- name: Configure OSPF
vyos_ospfv2:
config:
router_id: "{{ ansible_host }}"
areas:
- area_id: 0.0.0.0
networks:
- address: 10.10.1.0/24
- name: Save configuration
vyos_config:
save: yesRunning Playbook
ansible-playbook -i inventory.yml vyos-config.yml
# Dry-run (check mode)
ansible-playbook -i inventory.yml vyos-config.yml --check
# Limit к specific hosts
ansible-playbook -i inventory.yml vyos-config.yml --limit vyos-gw-01Yandex/VK Cloud Integration
# Deploy VyOS в Yandex Cloud с Terraform, затем configure с Ansible
- name: Wait for VyOS boot
wait_for:
host: "{{ yandex_cloud_elastic_ip }}"
port: 22
timeout: 300
- name: Initial VyOS configuration
vyos_config:
src: templates/vyos-cloud-init.conf.j2Ansible Vault для Secrets
# Encrypt passwords
ansible-vault encrypt_string 'MySecretPassword' --name 'ansible_password'
# Edit vault file
ansible-vault edit secrets.yml
# Run с vault password
ansible-playbook -i inventory.yml vyos-config.yml --ask-vault-passBest Practices
- Version Control: Git repository для playbooks
- Templates: Jinja2 templates для dynamic config
- Testing: Validate конфигурация в test environment first
- Idempotency: Playbooks должны быть idempotent
- Secrets: Use Ansible Vault для credentials
Ссылки
Проверено OpenNix LLC · Обновлено