Integrating Ansible with VyOS

What is X:

1. Ansible is an open-source software provisioning, configuration management, and application-deployment tool.
2. VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.

What you need to prepare:

1. OS for your ansible (I am using ubuntu 18.04 LTS on Hyper-V with multipass) -- download multipass here
2. VyOS image (I am using vyos-1.1.8-amd64) -- download image here
3. Hypervisor for your Ansible & VyOS (I am using Hyper-V)

Implementation:

• After installing multipass, you could launch ubuntu-lts on your Hyper-V. 

	multipass launch --name ubuntu-lts
	multipass list
	multipass start ubuntu-lts

view raw gistfile1.txt hosted with ❤ by GitHub

• Install VyOS on Hyper-V

Create virtual switch 'Internal' and 'External':

	#Get Net Adapter Names
	$NetAdapterName = (Get-NetAdapter).Name
	#Create the External Hyper-V Switch
	New-VMSwitch -NetAdapterName $NetAdapterName[0] -Name 'External'
	#Create the Internal Hyper-V Switch
	New-VMSwitch -SwitchType Internal -Name 'Internal'

view raw CreateHyperVNetworkAdapters.ps1 hosted with ❤ by GitHub

Create new VM on Hyper-V:

	$Name = 'VyOS'
	$SwitchName = 'Internal'
	$HardDiskSize = 2GB
	$HDPath = 'E:\Hyper-V\Virtual Hard Disks'+'\'+$Name+'.vhdx'
	$Generation = '1'
	$ISO_Path = 'D:\ISOs\vyos-1.1.6-amd64.iso'
	New-VM -Name $Name -SwitchName $SwitchName `
	-NewVHDSizeBytes $HardDiskSize `
	-NewVHDPath $HDPath -Generation $Generation -MemoryStartupBytes 512MB
	Add-VMDvdDrive -VMName $Name -Path $ISO_Path
	Add-VMNetworkAdapter -VMName $Name -SwitchName External

view raw CreateVYOSvm.ps1 hosted with ❤ by GitHub

- Login into VyOS using user/pass: vyos/vyos
- Install VyOS by using following command: "install system"
- After installation process succeeded, unmount DVD/ISO so that booting process will be running from HDD. 

Configure interface eth0 & eth1 on VyOS:

	configure
	set interfaces ethernet eth1 address dhcp
	set interfaces ethernet eth0 address 192.168.2.1/24
	set nat source rule 10 outbound-interface eth1
	set nat source rule 10 source address 192.168.2.0/24
	set nat source rule 10 translation address masquerade
	commit
	save
	exit
	reboot
	show interfaces ethernet

view raw gistfile1.txt hosted with ❤ by GitHub

• Install Ansible on your Ubuntu

	$ sudo apt update
	$ sudo apt install software-properties-common
	$ sudo apt-add-repository --yes --update ppa:ansible/ansible
	$ sudo apt install ansible

view raw gistfile1.txt hosted with ❤ by GitHub

• Integrate Ansible <<>> VyOS

Configure SSH service:

	# 0. Generate SSH key on Ubuntu for user ubuntu
	ssh-keygen
	cat ~/.ssh/id_rsa.pub
	# 1. login into vyatta using vyos/vyos
	# 2. issue 'show interface ethernet', and look at 'External' virtual switch (mine is 192.168.1.15)
	# 3. enable SSH service on vyatta, and add SSH public key of user ubuntu (step 0) into vyos:
	configure
	set service ssh
	set system login user ubuntu authentication public-keys identifier key "<AAAAB3Nz....>"
	set system login user ubuntu authentication public-keys identifier type ssh-rsa"
	commit
	save
	# Test SSH from your ubuntu
	ssh vyos@192.168.1.15
	ansible -m ping all

view raw gistfile1.txt hosted with ❤ by GitHub

Setting up your playbook for VyOS:

	mkdir -p ansible-vyos/{backup,host_vars}
	cd ansible-vyos
	vim ansible.cfg
	###copy-paste below --- Define list of inventory of destination node(s)
	[defaults]
	inventory = ./hosts
	###end of copy-paste
	vim hosts
	###copy-paste below --- Define group name of destination node(s)
	[vyos-devices]
	vyos-1
	###end of copy-paste
	vim host_vars/vyos-1
	###copy-paste below --- IP destination, and SSH credential
	ansible_host: 192.168.1.15
	ansible_user: vyos
	ansible_ssh_pass: vyos
	ansible_connection: network_cli
	ansible_network_os: vyos
	###end of copy-paste
	vim vyos_facts.yml
	###copy-paste below --- Playbook for showing all subsets of vyos
	---
	- name: vyos facts
	connection: network_cli
	gather_facts: False
	hosts: vyos-1
	tasks:
	- name: vyos facts
	vyos_facts:
	gather_subset: all
	register: output
	###end of copy-paste
	vim vyos_command.yml
	###copy-paste below --- Playbook for showing interface with loop
	---
	- name: vyos command with loop
	connection: network_cli
	gather_facts: False
	hosts: vyos-1
	tasks:
	- name: show interface
	vyos_command:
	commands: show interface ethernet {{ item }}
	loop:
	- eth0
	- eth1
	register: output
	- name: show output
	debug:
	var: output
	###end of copy-paste
	vim vyos_backup.yml
	###copy-paste below --- Playbook for backup config locally
	- name: configure the remote device
	vyos_config:
	lines:
	- set system host-name {{ inventory_hostname }}
	- set service lldp
	- delete service dhcp-server
	- name: backup and load from file
	vyos_config:
	src: vyos.cfg
	backup: yes
	- name: render a Jinja2 template onto the VyOS router
	vyos_config:
	src: vyos_template.j2
	- name: for idempotency, use full-form commands
	vyos_config:
	lines:
	- set interface ethernet eth1 description 'OUTSIDE'
	- name: configurable backup path
	vyos_config:
	backup: yes
	backup_options:
	filename: backup.cfg
	dir_path: /home/ubuntu
	###end of copy-paste

view raw gistfile1.txt hosted with ❤ by GitHub

Running your ansible-playbook:

	### you can add option '-vvvv' for verbose
	ansible-playbook vyos_facts.yml
	ansible-playbook vyos_command.yml
	ansible-playbook vyos_backup.yml

view raw gistfile1.txt hosted with ❤ by GitHub

Sources:

https://multipass.run/

http://duffney.io/Vyos-VirtualRouter-Hyper-V

https://support.vyos.io/en/downloads/files/vyos-1-1-8-iso
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu
https://wiki.vyos.net/wiki/Remote_access
INE Video Tutorial: Ansible with Vyatta