Skip to content

Instantly share code, notes, and snippets.

@dgengtek

dgengtek/config.jinja

Last active December 18, 2021 01:24
Show Gist options
  • Save dgengtek/4471642fa4e5e46e2f9056b41fd1a63a to your computer and use it in GitHub Desktop.
Save dgengtek/4471642fa4e5e46e2f9056b41fd1a63a to your computer and use it in GitHub Desktop.
Download ZIP
edgeos role example
Raw
config.jinja
delete firewall
delete system config-management
delete system domain-search
delete system flow-accounting
delete system flow-analysis
delete system ntp
delete system syslog
delete traffic-policy
delete zone-policy
set system host-name {{ edgeos_fqdn }}
set system domain-search domain {{ edgeos_domain_search }}
set system name-server {{ edgeos_name_server }}
set system gateway-address {{ edgeos_gateway_address }}
set system ipv6 disable
set system ipv6 disable-forwarding
set system syslog host log facility all level notice
set system time-zone Europe/Berlin
{% from 'macros.j2' import set_rule,set_rule_boolean with context %}
{% for ethernet, options in edgeos_ethernet | dictsort() %}
set interfaces ethernet {{ ethernet }} description "{{ options.description }}"
set interfaces ethernet {{ ethernet }} duplex {{ options.duplex }}
set interfaces ethernet {{ ethernet }} speed {{ options.speed }}
{% for addr in options.address %}
set interfaces ethernet {{ ethernet }} address {{ addr }}
{% endfor %}
{% endfor %}
set interfaces loopback {{ edgeos_loopback }}
{% for switch, options in edgeos_switch | dictsort() %}
{% for option, value in options.items() %}
set interfaces switch {{ switch }} {{ option }} {{ value }}
{% endfor %}
{% endfor %}
{% for route in edgeos_static_routes %}
set protocols static route {{ route.route }} next-hop {{ route.gateway }} description "{{ route.description | default('') }}"
set protocols static route {{ route.route }} next-hop {{ route.gateway }} distance {{ route.distance }}
{% endfor %}
{% for igmp in edgeos_igmp_proxy %}
set protocols igmp-proxy interface {{ igmp.interface }} threshold {{ igmp.threshold }}
set protocols igmp-proxy interface {{ igmp.interface }} role {{ igmp.role }}
{% if igmp.alt_subnet is defined %}
set protocols igmp-proxy interface {{ igmp.interface }} alt-subnet {{ igmp.alt_subnet }}
{% endif %}
{% endfor %}
{% for interface in edgeos_dhcp_relay.interfaces %}
set service dhcp-relay interface {{ interface }}
{% endfor %}
set service dhcp-relay server {{ edgeos_dhcp_relay.server }}
{% for command in edgeos_commands_options %}
{{ command }}
{% endfor %}
{% include "config_firewall.j2" %}
Raw
config_firewall.j2
{% for key, values in edgeos_address_group | dictsort() %}
{% for address in values.address %}
set firewall group address-group {{ key }} address {{ address }}
{% endfor %}
set firewall group address-group {{ key }} description "{{ values.description | default('') }}"
{% endfor %}
{% for key, values in edgeos_network_group | dictsort() %}
{% for address in values.address %}
set firewall group network-group {{ key }} network {{ address }}
{% endfor %}
set firewall group network-group {{ key }} description "{{ values.description | default('') }}"
{% endfor %}
{% for key, values in edgeos_port_group | dictsort() %}
{% for port in values.ports %}
set firewall group port-group {{ key }} port {{ port }}
{% endfor %}
set firewall group port-group {{ key }} description "{{ values.description | default('') }}"
{% endfor %}
{% for fw, options in edgeos_fw.items() %}
{% if options.description is defined %}
set firewall name {{ fw }} description "{{ options.description }}"
{% endif %}
set firewall name {{ fw }} default-action {{ options.default_action }}
{% if options.enable_default_log is defined and options.enable_default_log %}
set firewall name {{ fw }} enable-default-log
{% endif %}
{% for rule in options.rules %}
{% with %}
{% set loop_index= loop.index %}
{% include "config_rule.j2" with context %}
{% endwith %}
{% endfor %}
{% endfor %}
Raw
config_rule.jinja
{% from 'macros.j2' import set_rule,set_rule_boolean with context %}
set firewall name {{ fw }} rule {{ loop_index }} action {{ rule.action | default('drop') }}
{% if rule.description is defined %}
set firewall name {{ fw }} rule {{ loop_index }} description "{{ rule.description }}"
{% endif %}
{{ set_rule_boolean(rule, 'established', loop_index, fw, 'state established')}}
{{ set_rule_boolean(rule, 'related', loop_index, fw, 'state related')}}
{{ set_rule_boolean(rule, 'new', loop_index, fw, 'state new')}}
{{ set_rule_boolean(rule, 'invalid', loop_index, fw, 'state invalid')}}
{{ set_rule_boolean(rule, 'log', loop_index, fw, 'log')}}
{{ set_rule(rule, 'protocol', loop_index, fw, 'protocol')}}
{{ set_rule(rule, 'destination_address', loop_index, fw, 'destination address')}}
{{ set_rule(rule, 'destination_port', loop_index, fw, 'destination port')}}
{{ set_rule(rule, 'destination_port_group', loop_index, fw, 'destination group port-group')}}
{{ set_rule(rule, 'destination_network_group', loop_index, fw, 'destination group network-group')}}
{{ set_rule(rule, 'destination_address_group', loop_index, fw, 'destination group address-group')}}
{{ set_rule(rule, 'source_address', loop_index, fw, 'source address')}}
{{ set_rule(rule, 'source_mac_address', loop_index, fw, 'source mac-address')}}
{{ set_rule(rule, 'source_port', loop_index, fw, 'source port')}}
{{ set_rule(rule, 'source_port_group', loop_index, fw, 'source group port-group')}}
{{ set_rule(rule, 'source_network_group', loop_index, fw, 'source group network-group')}}
{{ set_rule(rule, 'source_address_group', loop_index, fw, 'source group address-group')}}
Raw
defaults_main.yaml
edgeos_role_enabled: True
edgeos_backup: True
edgeos_config_template: config.j2
edgeos_config_save: True
edgeos_config_comment: "ansible managed via edgeos_config"
edgeos_config_match: "none"
edgeos_address_group: {}
#hDHCP:
#description: "DHCP Server"
#address:
edgeos_network_group: {}
#intranet_broadcast:
#address:
edgeos_port_group: {}
#buildbot:
#ports:
#- 8010
#- 5000
edgeos_commands_options: []
edgeos_commands: []
edgeos_fw: {}
# fw-name:
# description: "dmz to fw"
# default-action: drop
# enable_default_log: True
# rules:
# - action: accept
# established: True
# related: True
# invalid: False
# new: False
#
# states: established, new, invalid, related
edgeos_ethernet: {}
#eth0:
#address:
#- 192.168.1.2/24
#description: wan
#duplex: auto
#speed: auto
edgeos_loopback: lo
edgeos_switch: {}
#switch0:
#mtu: 1500
edgeos_static_routes: []
#- route: "192.168.99.1/32"
#gateway: 192.168.10.2
#description: "vpn-gateway"
#distance: 1
edgeos_igmp_proxy: []
#- interface: eth0
#alt_subnet: 0.0.0.0
#role: upstream
#threshold: 1
edgeos_dhcp_relay: {}
#server: 1.1.1.1
#interfaces:
#- eth1
#- eth4
edgeos_domain_search: "<domain>"
edgeos_fqdn: "<domain>"
edgeos_gateway_address: 192.168.1.1
edgeos_name_server: 127.0.0.1
Raw
macros.jinja
{% macro set_rule(rule, key, index, firewall, context) %}
{% if key in rule %}
set firewall name {{ firewall }} rule {{ index }} {{ context }} {{ rule.get(key) }}
{% endif %}
{% endmacro %}
{% macro set_rule_boolean(rule, key, index, firewall, context) %}
{% if key in rule and rule.get(key) %}
set firewall name {{ firewall }} rule {{ index }} {{ context }} enable
{% endif %}
{% endmacro %}
Raw
tasks_main.yaml
---
- name: Test template
template:
src: "{{ edgeos_config_template }}"
dest: "/tmp/{{ ansible_hostname }}_config"
delegate_to: localhost
- name: Deploy configuration
edgeos_config:
src: "{{ edgeos_config_template }}"
backup: "{{ edgeos_backup }}"
save: "{{ edgeos_config_save }}"
comment: "{{ edgeos_config_comment }}"
# match: "{{ edgeos_config_match }}"
register: _result
- name: Show filtered config
debug:
msg: "{{ _result.filtered }}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment