Документация
Документация VyOS
Configuration Examples - Примеры конфигурации VyOS
Ansible Automation for VyOS

Ansible Automation for VyOS

Ansible automation для VyOS configuration management, deployment, и maintenance.

Сценарий

  • Infrastructure as Code: Version-controlled конфигурация
  • Mass Deployment: Automated provisioning множества VyOS instances
  • Consistency: Единообразная конфигурация across fleet

Ansible Inventory 

# inventory.yml
all:
  children:
    vyos_routers:
      hosts:
        vyos-gw-01:
          ansible_host: 10.10.1.1
        vyos-gw-02:
          ansible_host: 10.10.2.1
      vars:
        ansible_network_os: vyos
        ansible_connection: network_cli
        ansible_user: vyos
        ansible_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256...

Ansible Playbook Example 

---
# vyos-config.yml
- name: Configure VyOS Routers
  hosts: vyos_routers
  gather_facts: false

  tasks:
    - name: Set hostname
      vyos_system:
        host_name: "{{ inventory_hostname }}"
        state: present

    - name: Configure interfaces
      vyos_interfaces:
        config:
          - name: eth0
            description: "WAN Interface"
            enabled: true
          - name: eth1
            description: "LAN Interface"
            enabled: true

    - name: Configure IP addresses
      vyos_l3_interfaces:
        config:
          - name: eth1
            ipv4:
              - address: 10.10.1.1/24

    - name: Configure OSPF
      vyos_ospfv2:
        config:
          router_id: "{{ ansible_host }}"
          areas:
            - area_id: 0.0.0.0
              networks:
                - address: 10.10.1.0/24

    - name: Save configuration
      vyos_config:
        save: yes

Running Playbook 

ansible-playbook -i inventory.yml vyos-config.yml

# Dry-run (check mode)
ansible-playbook -i inventory.yml vyos-config.yml --check

# Limit к specific hosts
ansible-playbook -i inventory.yml vyos-config.yml --limit vyos-gw-01

Yandex/VK Cloud Integration 

# Deploy VyOS в Yandex Cloud с Terraform, затем configure с Ansible
- name: Wait for VyOS boot
  wait_for:
    host: "{{ yandex_cloud_elastic_ip }}"
    port: 22
    timeout: 300

- name: Initial VyOS configuration
  vyos_config:
    src: templates/vyos-cloud-init.conf.j2

Ansible Vault для Secrets 

# Encrypt passwords
ansible-vault encrypt_string 'MySecretPassword' --name 'ansible_password'

# Edit vault file
ansible-vault edit secrets.yml

# Run с vault password
ansible-playbook -i inventory.yml vyos-config.yml --ask-vault-pass

Best Practices

  1. Version Control: Git repository для playbooks
  2. Templates: Jinja2 templates для dynamic config
  3. Testing: Validate конфигурация в test environment first
  4. Idempotency: Playbooks должны быть idempotent
  5. Secrets: Use Ansible Vault для credentials

Ссылки

Проверено OpenNix LLC · Обновлено
DHCP Relay through GRE-Bridge