mirror of
https://github.com/ansible-collections/community.routeros.git
synced 2025-08-03 01:34:40 +02:00
deploy: f38b01d7bb
This commit is contained in:
parent
045c3ac273
commit
29cd5249a5
15 changed files with 368 additions and 362 deletions
|
@ -134,33 +134,33 @@
|
|||
<span id="ansible-collections-community-routeros-docsite-api-guide"></span><h1>How to connect to RouterOS devices with the RouterOS API<a class="headerlink" href="#how-to-connect-to-routeros-devices-with-the-routeros-api" title="Permalink to this heading"></a></h1>
|
||||
<p>You can use the <a class="reference internal" href="../api_module.html#ansible-collections-community-routeros-api-module"><span class="std std-ref">community.routeros.api module</span></a> to connect to a RouterOS device with the RouterOS API. More specific module to modify certain entries are the <a class="reference internal" href="../api_modify_module.html#ansible-collections-community-routeros-api-modify-module"><span class="std std-ref">community.routeros.api_modify</span></a> and <a class="reference internal" href="../api_find_and_modify_module.html#ansible-collections-community-routeros-api-find-and-modify-module"><span class="std std-ref">community.routeros.api_find_and_modify</span></a> modules. The <a class="reference internal" href="../api_info_module.html#ansible-collections-community-routeros-api-info-module"><span class="std std-ref">community.routeros.api_info module</span></a> allows to retrieve information on specific predefined paths that can be used as input for the <code class="docutils literal notranslate"><span class="pre">community.routeros.api_modify</span></code> module, and the <a class="reference internal" href="../api_facts_module.html#ansible-collections-community-routeros-api-facts-module"><span class="std std-ref">community.routeros.api_facts module</span></a> allows to retrieve Ansible facts using the RouterOS API.</p>
|
||||
<p>No special setup is needed; the module needs to be run on a host that can connect to the device’s API. The most common case is that the module is run on <code class="docutils literal notranslate"><span class="pre">localhost</span></code>, either by using <code class="docutils literal notranslate"><span class="pre">hosts:</span> <span class="pre">localhost</span></code> in the playbook, or by using <code class="docutils literal notranslate"><span class="pre">delegate_to:</span> <span class="pre">localhost</span></code> for the task. The following example shows how to run the equivalent of <code class="docutils literal notranslate"><span class="pre">/ip</span> <span class="pre">address</span> <span class="pre">print</span></code>:</p>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span><span class="w"></span>
|
||||
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">RouterOS test with API</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">gather_facts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">vars</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">192.168.1.1</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">username</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test1234</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get "ip address print"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.api</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">hostname</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">hostname</span> <span class="cp">}}</span><span class="s">"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">password</span> <span class="cp">}}</span><span class="s">"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">username</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">username</span> <span class="cp">}}</span><span class="s">"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">"ip</span><span class="nv"> </span><span class="s">address"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># The following options configure TLS/SSL.</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># Depending on your setup, these options need different values:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">validate_certs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">validate_cert_hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># If you are using your own PKI, specify the path to your CA certificate here:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># ca_path: /path/to/ca-certificate.pem</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">print_path</span><span class="w"></span>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span>
|
||||
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">RouterOS test with API</span>
|
||||
<span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
|
||||
<span class="w"> </span><span class="nt">gather_facts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
|
||||
<span class="w"> </span><span class="nt">vars</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">192.168.1.1</span>
|
||||
<span class="w"> </span><span class="nt">username</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
|
||||
<span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test1234</span>
|
||||
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get "ip address print"</span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.api</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">hostname</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">hostname</span> <span class="cp">}}</span><span class="s">"</span>
|
||||
<span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">password</span> <span class="cp">}}</span><span class="s">"</span>
|
||||
<span class="w"> </span><span class="nt">username</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">username</span> <span class="cp">}}</span><span class="s">"</span>
|
||||
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">"ip</span><span class="nv"> </span><span class="s">address"</span>
|
||||
<span class="w"> </span><span class="c1"># The following options configure TLS/SSL.</span>
|
||||
<span class="w"> </span><span class="c1"># Depending on your setup, these options need different values:</span>
|
||||
<span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="nt">validate_certs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="nt">validate_cert_hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="c1"># If you are using your own PKI, specify the path to your CA certificate here:</span>
|
||||
<span class="w"> </span><span class="c1"># ca_path: /path/to/ca-certificate.pem</span>
|
||||
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">print_path</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show IP address of first interface</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">print_path.msg</span><span class="o">[</span><span class="m">0</span><span class="o">]</span><span class="nv">.address</span> <span class="cp">}}</span><span class="s">"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show IP address of first interface</span>
|
||||
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">print_path.msg</span><span class="o">[</span><span class="m">0</span><span class="o">]</span><span class="nv">.address</span> <span class="cp">}}</span><span class="s">"</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>This results in the following output:</p>
|
||||
|
@ -182,37 +182,37 @@
|
|||
<section id="using-the-community-routeros-api-module-defaults-group">
|
||||
<h2>Using the <code class="docutils literal notranslate"><span class="pre">community.routeros.api</span></code> module defaults group<a class="headerlink" href="#using-the-community-routeros-api-module-defaults-group" title="Permalink to this heading"></a></h2>
|
||||
<p>To avoid having to specify common parameters for all the API based modules in every task, you can use the <code class="docutils literal notranslate"><span class="pre">community.routeros.api</span></code> module defaults group:</p>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span><span class="w"></span>
|
||||
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">RouterOS test with API</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">gather_facts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">module_defaults</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">group/community.routeros.api</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hostname</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">192.168.1.1</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test1234</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># The following options configure TLS/SSL.</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># Depending on your setup, these options need different values</span><span class="p p-Indicator">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">validate_certs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">validate_cert_hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># If you are using your own PKI, specify the path to your CA certificate here:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># ca_path: /path/to/ca-certificate.pem</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Gather facts"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.api_facts</span><span class="p">:</span><span class="w"></span>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span>
|
||||
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">RouterOS test with API</span>
|
||||
<span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
|
||||
<span class="w"> </span><span class="nt">gather_facts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
|
||||
<span class="w"> </span><span class="nt">module_defaults</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">group/community.routeros.api</span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hostname</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">192.168.1.1</span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test1234</span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># The following options configure TLS/SSL.</span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"># Depending on your setup, these options need different values</span><span class="p p-Indicator">:</span>
|
||||
<span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="nt">validate_certs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="nt">validate_cert_hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="c1"># If you are using your own PKI, specify the path to your CA certificate here:</span>
|
||||
<span class="w"> </span><span class="c1"># ca_path: /path/to/ca-certificate.pem</span>
|
||||
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Gather facts"</span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.api_facts</span><span class="p">:</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get "ip address print"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.api</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">"ip</span><span class="nv"> </span><span class="s">address"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get "ip address print"</span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.api</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">"ip</span><span class="nv"> </span><span class="s">address"</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Change IP address to 192.168.1.1 for interface bridge</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.api_find_and_modify</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ip address</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">find</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">interface</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bridge</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">values</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">address</span><span class="p">:</span><span class="w"> </span><span class="s">"192.168.1.1/24"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Change IP address to 192.168.1.1 for interface bridge</span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.api_find_and_modify</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ip address</span>
|
||||
<span class="w"> </span><span class="nt">find</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">interface</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bridge</span>
|
||||
<span class="w"> </span><span class="nt">values</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">address</span><span class="p">:</span><span class="w"> </span><span class="s">"192.168.1.1/24"</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Here all three tasks will use the options set for the module defaults group.</p>
|
||||
|
@ -243,71 +243,71 @@
|
|||
<h3>Installing a certificate on a MikroTik router<a class="headerlink" href="#installing-a-certificate-on-a-mikrotik-router" title="Permalink to this heading"></a></h3>
|
||||
<p>Installing the certificate is best done with the SSH connection. (See the <a class="reference internal" href="ssh-guide.html#ansible-collections-community-routeros-docsite-ssh-guide"><span class="std std-ref">How to connect to RouterOS devices with SSH</span></a> guide for more information.) Once the certificate has been installed, and the HTTPS API enabled, it’s easier to work with the API, since it has a quite a few less problems, and returns data as JSON objects instead of text you first have to parse.</p>
|
||||
<p>First you have to convert the certificate and its private key to a <a class="reference external" href="https://en.wikipedia.org/wiki/PKCS_12">PKCS #12 bundle</a>. This can be done with the <a class="reference external" href="https://docs.ansible.com/ansible/devel/collections/community/crypto/openssl_pkcs12_module.html#ansible-collections-community-crypto-openssl-pkcs12-module" title="(in Ansible vdevel)"><span class="xref std std-ref">community.crypto.openssl_pkcs12</span></a>. The following playbook assumes that the certificate is available as <code class="docutils literal notranslate"><span class="pre">keys/{{</span> <span class="pre">inventory_hostname</span> <span class="pre">}}.pem</span></code>, and its private key is available as <code class="docutils literal notranslate"><span class="pre">keys/{{</span> <span class="pre">inventory_hostname</span> <span class="pre">}}.key</span></code>. It generates a random passphrase to protect the PKCS#12 file.</p>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span><span class="w"></span>
|
||||
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install certificates on devices</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">routers</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">gather_facts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">block</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">set_fact</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">random_password</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">'community.general.random_string'</span><span class="o">,</span> <span class="nv">length</span><span class="o">=</span><span class="m">32</span><span class="o">,</span> <span class="nv">override_all</span><span class="o">=</span><span class="s1">'0123456789abcdefghijklmnopqrstuvwxyz'</span><span class="o">)</span> <span class="cp">}}</span><span class="s">"</span><span class="w"></span>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span>
|
||||
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install certificates on devices</span>
|
||||
<span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">routers</span>
|
||||
<span class="w"> </span><span class="nt">gather_facts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
|
||||
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">block</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">set_fact</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">random_password</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">'community.general.random_string'</span><span class="o">,</span> <span class="nv">length</span><span class="o">=</span><span class="m">32</span><span class="o">,</span> <span class="nv">override_all</span><span class="o">=</span><span class="s1">'0123456789abcdefghijklmnopqrstuvwxyz'</span><span class="o">)</span> <span class="cp">}}</span><span class="s">"</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create PKCS#12 bundle</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">openssl_pkcs12</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.p12</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.pem</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.key</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="s">'</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="s">'</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">random_password</span> <span class="cp">}}</span><span class="s">"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s">"0600"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">changed_when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create PKCS#12 bundle</span>
|
||||
<span class="w"> </span><span class="nt">openssl_pkcs12</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.p12</span>
|
||||
<span class="w"> </span><span class="nt">certificate_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.pem</span>
|
||||
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.key</span>
|
||||
<span class="w"> </span><span class="nt">friendly_name</span><span class="p">:</span><span class="w"> </span><span class="s">'</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="s">'</span>
|
||||
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">"</span><span class="cp">{{</span> <span class="nv">random_password</span> <span class="cp">}}</span><span class="s">"</span>
|
||||
<span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s">"0600"</span>
|
||||
<span class="w"> </span><span class="nt">changed_when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
|
||||
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Copy router certificate onto router</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">ansible.netcommon.net_put</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="s">'keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="s">.p12'</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="s">'</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="s">.p12'</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Copy router certificate onto router</span>
|
||||
<span class="w"> </span><span class="nt">ansible.netcommon.net_put</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="s">'keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="s">.p12'</span>
|
||||
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="s">'</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="s">.p12'</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install router certificate and clean up</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.command</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># Import certificate:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/certificate import name=</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> file-name=</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.p12 passphrase="</span><span class="cp">{{</span> <span class="nv">random_password</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># Remove PKCS12 bundle:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/file remove </span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.p12</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="c1"># Show certificates</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/certificate print</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install router certificate and clean up</span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.command</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="c1"># Import certificate:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/certificate import name=</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> file-name=</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.p12 passphrase="</span><span class="cp">{{</span> <span class="nv">random_password</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">"</span>
|
||||
<span class="w"> </span><span class="c1"># Remove PKCS12 bundle:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/file remove </span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.p12</span>
|
||||
<span class="w"> </span><span class="c1"># Show certificates</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/certificate print</span>
|
||||
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show result of certificate import</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output.stdout_lines[0]</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show result of certificate import</span>
|
||||
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output.stdout_lines[0]</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show certificates</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output.stdout_lines[2]</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show certificates</span>
|
||||
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output.stdout_lines[2]</span>
|
||||
|
||||
<span class="w"> </span><span class="nt">always</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Wipe PKCS12 bundle</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">wipe keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.p12</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">changed_when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">always</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Wipe PKCS12 bundle</span>
|
||||
<span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">wipe keys/</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">.p12</span>
|
||||
<span class="w"> </span><span class="nt">changed_when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
|
||||
<span class="w"> </span><span class="nt">delegate_to</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Use certificate</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.command</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/ip service set www-ssl address=</span><span class="cp">{{</span> <span class="nv">admin_network</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> certificate=</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> disabled=no tls-version=only-1.2</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/ip service set api-ssl address=</span><span class="cp">{{</span> <span class="nv">admin_network</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> certificate=</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> tls-version=only-1.2</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Use certificate</span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.command</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/ip service set www-ssl address=</span><span class="cp">{{</span> <span class="nv">admin_network</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> certificate=</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> disabled=no tls-version=only-1.2</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/ip service set api-ssl address=</span><span class="cp">{{</span> <span class="nv">admin_network</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> certificate=</span><span class="cp">{{</span> <span class="nv">inventory_hostname</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain"> tls-version=only-1.2</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>The playbook also assumes that <code class="docutils literal notranslate"><span class="pre">admin_network</span></code> describes the network from which the HTTPS and API interface can be accessed. This can be for example <code class="docutils literal notranslate"><span class="pre">192.168.1.0/24</span></code>.</p>
|
||||
<p>When this playbook completed successfully, you should be able to use the HTTPS admin interface (reachable in a browser from <code class="docutils literal notranslate"><span class="pre">https://192.168.1.1/</span></code>, with the correct IP inserted), as well as the <a class="reference internal" href="../api_module.html#ansible-collections-community-routeros-api-module"><span class="std std-ref">community.routeros.api module</span></a> module with TLS and certificate validation enabled:</p>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">community.routeros.api</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">...</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">validate_certs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">validate_cert_hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">ca_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.pem</span><span class="w"></span>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">community.routeros.api</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">...</span>
|
||||
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="nt">validate_certs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="nt">validate_cert_hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
||||
<span class="w"> </span><span class="nt">ca_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca-certificate.pem</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
</section>
|
||||
|
|
|
@ -140,10 +140,10 @@
|
|||
<ol class="arabic">
|
||||
<li><p>The SSH-based modules do not support arbitrary symbols in the router’s identity. If you are having trouble connecting to your device, please make sure that your MikroTik’s identity contains only alphanumeric characters and dashes. Also make sure that the identity string is not longer than 19 characters (<a class="reference external" href="https://github.com/ansible-collections/community.routeros/issues/31">see issue for details</a>). Similar problems can happen for unsupported characters in your username.</p></li>
|
||||
<li><p>The <a class="reference internal" href="../command_module.html#ansible-collections-community-routeros-command-module"><span class="std std-ref">community.routeros.command module</span></a> does not support nesting commands and expects every command to start with a forward slash (<code class="docutils literal notranslate"><span class="pre">/</span></code>). Running the following command will produce an error:</p>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">community.routeros.command</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/ip</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">print</span><span class="w"></span>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">community.routeros.command</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/ip</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">print</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
</li>
|
||||
|
@ -154,14 +154,14 @@
|
|||
<section id="setting-up-an-inventory">
|
||||
<h2>Setting up an inventory<a class="headerlink" href="#setting-up-an-inventory" title="Permalink to this heading"></a></h2>
|
||||
<p>An example inventory <code class="docutils literal notranslate"><span class="pre">hosts</span></code> file for a RouterOS device is as follows:</p>
|
||||
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[routers]</span><span class="w"></span>
|
||||
<span class="na">router ansible_host</span><span class="o">=</span><span class="s">192.168.2.1</span><span class="w"></span>
|
||||
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[routers]</span>
|
||||
<span class="na">router ansible_host</span><span class="o">=</span><span class="s">192.168.2.1</span>
|
||||
|
||||
<span class="k">[routers:vars]</span><span class="w"></span>
|
||||
<span class="na">ansible_connection</span><span class="o">=</span><span class="s">ansible.netcommon.network_cli</span><span class="w"></span>
|
||||
<span class="na">ansible_network_os</span><span class="o">=</span><span class="s">community.routeros.routeros</span><span class="w"></span>
|
||||
<span class="na">ansible_user</span><span class="o">=</span><span class="s">admin</span><span class="w"></span>
|
||||
<span class="na">ansible_ssh_pass</span><span class="o">=</span><span class="s">test1234</span><span class="w"></span>
|
||||
<span class="k">[routers:vars]</span>
|
||||
<span class="na">ansible_connection</span><span class="o">=</span><span class="s">ansible.netcommon.network_cli</span>
|
||||
<span class="na">ansible_network_os</span><span class="o">=</span><span class="s">community.routeros.routeros</span>
|
||||
<span class="na">ansible_user</span><span class="o">=</span><span class="s">admin</span>
|
||||
<span class="na">ansible_ssh_pass</span><span class="o">=</span><span class="s">test1234</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>This tells Ansible that you have a RouterOS device called <code class="docutils literal notranslate"><span class="pre">router</span></code> with IP <code class="docutils literal notranslate"><span class="pre">192.168.2.1</span></code>. Ansible should use the <a class="reference external" href="https://docs.ansible.com/ansible/devel/collections/ansible/netcommon/network_cli_connection.html#ansible-collections-ansible-netcommon-network-cli-connection" title="(in Ansible vdevel)"><span class="xref std std-ref">ansible.netcommon.network_cli connection plugin</span></a> together with the the <a class="reference internal" href="../routeros_cliconf.html#ansible-collections-community-routeros-routeros-cliconf"><span class="std std-ref">community.routeros.routeros cliconf plugin</span></a>. The credentials are stored as <code class="docutils literal notranslate"><span class="pre">ansible_user</span></code> and <code class="docutils literal notranslate"><span class="pre">ansible_ssh_pass</span></code> in the inventory.</p>
|
||||
|
@ -169,28 +169,28 @@
|
|||
<section id="connecting-to-the-device">
|
||||
<h2>Connecting to the device<a class="headerlink" href="#connecting-to-the-device" title="Permalink to this heading"></a></h2>
|
||||
<p>With the above inventory, you can use the following playbook to execute <code class="docutils literal notranslate"><span class="pre">/system</span> <span class="pre">resource</span> <span class="pre">print</span></code> on the device</p>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span><span class="w"></span>
|
||||
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">RouterOS test with network_cli connection</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">routers</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">gather_facts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span><span class="w"></span>
|
||||
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="nn">---</span>
|
||||
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">RouterOS test with network_cli connection</span>
|
||||
<span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">routers</span>
|
||||
<span class="w"> </span><span class="nt">gather_facts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
|
||||
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Gather system resources</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.command</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/system resource print</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">system_resource_print</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Gather system resources</span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.command</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/system resource print</span>
|
||||
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">system_resource_print</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show system resources</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">system_resource_print.stdout_lines</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show system resources</span>
|
||||
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">system_resource_print.stdout_lines</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Gather facts</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.facts</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Gather facts</span>
|
||||
<span class="w"> </span><span class="nt">community.routeros.facts</span><span class="p">:</span>
|
||||
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show a fact</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">"First</span><span class="nv"> </span><span class="s">IP</span><span class="nv"> </span><span class="s">address:</span><span class="nv"> </span><span class="cp">{{</span> <span class="nv">ansible_net_all_ipv4_addresses</span><span class="o">[</span><span class="m">0</span><span class="o">]</span> <span class="cp">}}</span><span class="s">"</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show a fact</span>
|
||||
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">"First</span><span class="nv"> </span><span class="s">IP</span><span class="nv"> </span><span class="s">address:</span><span class="nv"> </span><span class="cp">{{</span> <span class="nv">ansible_net_all_ipv4_addresses</span><span class="o">[</span><span class="m">0</span><span class="o">]</span> <span class="cp">}}</span><span class="s">"</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>This results in the following output:</p>
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue