forked from nickrusso42518/natm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnatm_playbook.yml
81 lines (73 loc) · 3.22 KB
/
natm_playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
---
# This play encompasses all NAT routers and makes changes to the NAT config
# on each device (assumine ci_test is false).
- name: "Manage NAT configuration on IOS routers"
hosts: "ios_router"
tasks:
# When 'log' is true, execute the log preparation
- name: "INCLUDE >> Perform logging preparation if 'log' is true"
include_tasks: "tasks/log_setup.yml"
when: "log"
# Ensure inputs are correct and ready for processing
- name: "INCLUDE >> Perform preliminary error checking on inputs"
include_tasks: "tasks/pre_check.yml"
# When CI testing is false (the general case), then log into the routers,
# collect their NAT information, and make appropriate updates.
- name: "INCLUDE >> Manage NAT statements on router"
include_tasks: "tasks/manage_nat.yml"
when: "not ci_test"
# When CI testing is true, mock up a NAT table for checking later in the
# playbook based on what is specified in the group/host variables file.
- name: "INCLUDE >> Generate mock data for CI testing"
include_tasks: "tasks/mock_{{ inventory_hostname }}.yml"
when: "ci_test"
# Print the table to stdout in raw format for troubleshooting
- name: "DEBUG >> Print NAT translation table"
debug:
msg: "{{ NAT_TABLE.stdout[0] }}"
verbosity: 1
# Entries that are supposed to be present, per the state selector,
# must be present at this point. If they are not, the task fails.
- name: "SYS >> Verify present entries are present"
assert:
that:
- "item.inside_private in NAT_TABLE.stdout[0]"
- "item.outside_public in NAT_TABLE.stdout[0]"
msg: |-
NAT entry {{ item.inside_private }},{{ item.outside_public }}
with name {{ item.name }} not found when state was 'present'
when: "item.state == 'present'"
loop: "{{ static_nats }}"
loop_control:
label: >-
Present? {{ item.name }}:
{{ item.inside_private }}->{{ item.outside_public }}
# Entries that are supposed to be absent, per the state selector,
# must be absent at this point. If they are not, the task fails.
- name: "SYS >> Verify absent entries are absent"
assert:
that:
- "not item.inside_private in NAT_TABLE.stdout[0]"
- "not item.outside_public in NAT_TABLE.stdout[0]"
msg: |-
NAT entry {{ item.inside_private }},{{ item.outside_public }}
with name {{ item.name }} found when state was 'absent'
when: "item.state == 'absent'"
loop: "{{ static_nats }}"
loop_control:
label: >-
Absent? {{ item.name }}:
{{ item.inside_private }}->{{ item.outside_public }}
# If these handlers are invoked, it means that changes to the state
# table occurred, and these changes should be appropriately logged.
handlers:
# The updates will be assembled into one text blob using newlines
# and written to the screen for interested users.
- name: "LOG >> Print updates written to device to stdout"
listen: "updates exist"
debug:
msg: "{{ NAT_CONFIG.updates | join('\n') }}"
- name: "INCLUDE >> Write logs to disk if 'log' is true"
include: "tasks/log_write.yml"
when: "log"
...