7
Help us understand the problem. What are the problem?

More than 3 years have passed since last update.

posted at

AWSでいろんなAnsible Network modulesを試してみるまとめ

この前、GNS3 on AWS で始めるAnsible×Cisco学習環境構築 こんな記事を書いたのですが、Cisco ios以外の他のmoduleはAWS上でできるのかなーと思い試したみたのをまとめました。

基本的にAWS MarketPlaceで各ベンダーからAMIのImageが提供されてますので、それらを起動させてPlaybookを打ち込んでみました。

今回試したのは以下です。

・Cisco IOSXr
・Juniper Junos
・Fortigate Fortios
・F5 BIG-IP

Iosxr module

CiscoのIosxrはAMI Imageで提供されており、手順もこちらに記載されています。
https://aws.amazon.com/marketplace/pp/B077GJPZ7H?qid=1534232242368&sr=0-1&ref_=srh_res_product_title&cl_spe=C

Ansibleのモジュールとしてはver 2.6では9つ提供されています。
https://docs.ansible.com/ansible/2.6/modules/list_of_network_modules.html#iosxr

ではさっそく起動させてみます。
MarketPlaceでaccept terms and subscribeしてからterraform applyを実行しました。

XRv.tf
provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region     = "${var.region}"
}

resource "aws_instance" "XRv" {

  ami           = "ami-894392f1"
  instance_type = "m4.xlarge"
  key_name = "${var.key_name}"
  monitoring    = true
  tags {
        Name = "${var.name}"
  }

  security_groups = ["ubuntu-gns3"]
  iam_instance_profile = "EC2S3Backup"
  root_block_device = {
        volume_type = "gp2"
        volume_size = "50"
  }
}

10分ぐらいしてステータスチェックが正常になったら、SSHでつないでみます。

[centos@ip-172-31-36-8 ~]$ ssh root@34.218.248.171 -i centos.pem
The authenticity of host '34.218.248.171 (34.218.248.171)' can't be established.
RSA key fingerprint is SHA256:F7+smZXhaFkv0hfHMAum0R9aV6H/wUi2NjANjgRcxhg.
RSA key fingerprint is MD5:d7:ca:8e:0e:62:4d:6e:29:c5:c9:1a:d5:af:93:2b:f2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '34.218.248.171' (RSA) to the list of known hosts.


RP/0/RP0/CPU0:ios#show version
Tue Aug 14 03:22:03.208 UTC

Cisco IOS XR Software, Version 6.3.1
Copyright (c) 2013-2017 by Cisco Systems, Inc.

Build Information:
 Built By     : ahoang
 Built On     : Wed Sep 13 18:30:01 PDT 2017
 Build Host   : iox-ucs-028
 Workspace    : /auto/srcarchive11/production/6.3.1/xrv9k/workspace
 Version      : 6.3.1
 Location     : /opt/cisco/XR/packages/

cisco IOS-XRv 9000 () processor
System uptime is 14 minutes

RP/0/RP0/CPU0:ios#

疎通も大丈夫そうなので、Playbookを書いて打ち込んみます。

[centos@ip-172-31-36-8 an]$ ansible -i hosts XRv9000 -m ping
34.218.248.171 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
[centos@ip-172-31-36-8 an]$

iosxr_factsとiosxr_commandsをやってみました。

[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts iosxr_facts.yml

PLAY [XRv9000] *********************************************************************************************************************

TASK [iosxr_facts] *****************************************************************************************************************
ok: [34.218.248.171]

TASK [debug] ***********************************************************************************************************************
ok: [34.218.248.171] => {
    "facts": {
        "ansible_facts": {
            "ansible_net_config": "Building configuration...\n!! IOS XR Configuration version = 6.3.1\n!! Last configuration change at Tue Aug 14 03:11:51 2018 by ZTP\n!\nusername root\n group root-lr\n group cisco-support\n!\ninterface TenGigE0/0/0/0\n ipv4 address 172.31.17.2 255.255.240.0\n!\nrouter static\n address-family ipv4 unicast\n  0.0.0.0/0 172.31.16.1\n !\n!\nssh server v2\nssh server vrf default\nend",
            "ansible_net_gather_subset": [
                "default",
                "config"
            ],
            "ansible_net_hostname": "System",
            "ansible_net_image": null,
            "ansible_net_version": "6.3.1"
        },
        "changed": false,
        "failed": false
    }
}

PLAY RECAP *************************************************************************************************************************
34.218.248.171             : ok=2    changed=0    unreachable=0    failed=0

[centos@ip-172-31-36-8 an]$
[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts iosxr_command.yml

PLAY [XRv9000] *********************************************************************************************************************

TASK [iosxr_command] ***************************************************************************************************************
ok: [34.218.248.171]

TASK [debug] ***********************************************************************************************************************
ok: [34.218.248.171] => {
    "facts": {
        "changed": false,
        "failed": false,
        "stdout": [
            "Cisco IOS XR Software, Version 6.3.1\nCopyright (c) 2013-2017 by Cisco Systems, Inc.\n\nBuild Information:\n Built By     : ahoang\n Built On     : Wed Sep 13 18:30:01 PDT 2017\n Build Host   : iox-ucs-028\n Workspace    : /auto/srcarchive11/production/6.3.1/xrv9k/workspace\n Version      : 6.3.1\n Location     : /opt/cisco/XR/packages/\n\ncisco IOS-XRv 9000 () processor \nSystem uptime is 41 minutes",
            "Null0 is up, line protocol is up \n  Interface state transitions: 1\n  Hardware is Null interface\n  Internet address is Unknown\n  MTU 1500 bytes, BW 0 Kbit\n     reliability 255/255, txload Unknown, rxload Unknown\n  Encapsulation Null,  loopback not set,\n  Last link flapped 00:40:45\n  Last input never, output never\n  Last clearing of \"show interface\" counters never\n  5 minute input rate 0 bits/sec, 0 packets/sec\n  5 minute output rate 0 bits/sec, 0 packets/sec\n     0 packets input, 0 bytes, 0 total input drops\n     0 drops for unrecognized upper-level protocol\n     Received 0 broadcast packets, 0 multicast packets\n     0 packets output, 0 bytes, 0 total output drops\n     Output 0 broadcast packets, 0 multicast packets\n\nTenGigE0/0/0/0 is up, line protocol is up \n  Interface state transitions: 1\n  Hardware is TenGigE, address is 02f2.9bea.2036 (bia 02f2.9bea.2036)\n  Internet address is 172.31.17.2/20\n  MTU 1514 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)\n     reliability 255/255, txload 0/255, rxload 0/255\n  Encapsulation ARPA,\n  Duplex unknown, 10000Mb/s, link type is force-up\n  output flow control is off, input flow control is off\n  loopback not set,\n  Last link flapped 00:37:05\n  ARP type ARPA, ARP timeout 04:00:00\n  Last input 00:00:00, output 00:00:00\n  Last clearing of \"show interface\" counters never\n  5 minute input rate 0 bits/sec, 0 packets/sec\n  5 minute output rate 0 bits/sec, 0 packets/sec\n     540 packets input, 54319 bytes, 0 total input drops\n     0 drops for unrecognized upper-level protocol\n     Received 0 broadcast packets, 0 multicast packets\n              0 runts, 0 giants, 0 throttles, 0 parity\n     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort\n     398 packets output, 54071 bytes, 0 total output drops\n     Output 1 broadcast packets, 0 multicast packets\n     0 output errors, 0 underruns, 0 applique, 0 resets\n     0 output buffer failures, 0 output buffers swapped out\n     0 carrier transitions"
        ],
        "stdout_lines": [
            [
                "Cisco IOS XR Software, Version 6.3.1",
                "Copyright (c) 2013-2017 by Cisco Systems, Inc.",
                "",
                "Build Information:",
                " Built By     : ahoang",
                " Built On     : Wed Sep 13 18:30:01 PDT 2017",
                " Build Host   : iox-ucs-028",
                " Workspace    : /auto/srcarchive11/production/6.3.1/xrv9k/workspace",
                " Version      : 6.3.1",
                " Location     : /opt/cisco/XR/packages/",
                "",
                "cisco IOS-XRv 9000 () processor ",
                "System uptime is 41 minutes"
            ],
            [
                "Null0 is up, line protocol is up ",
                "  Interface state transitions: 1",
                "  Hardware is Null interface",
                "  Internet address is Unknown",
                "  MTU 1500 bytes, BW 0 Kbit",
                "     reliability 255/255, txload Unknown, rxload Unknown",
                "  Encapsulation Null,  loopback not set,",
                "  Last link flapped 00:40:45",
                "  Last input never, output never",
                "  Last clearing of \"show interface\" counters never",
                "  5 minute input rate 0 bits/sec, 0 packets/sec",
                "  5 minute output rate 0 bits/sec, 0 packets/sec",
                "     0 packets input, 0 bytes, 0 total input drops",
                "     0 drops for unrecognized upper-level protocol",
                "     Received 0 broadcast packets, 0 multicast packets",
                "     0 packets output, 0 bytes, 0 total output drops",
                "     Output 0 broadcast packets, 0 multicast packets",
                "",
                "TenGigE0/0/0/0 is up, line protocol is up ",
                "  Interface state transitions: 1",
                "  Hardware is TenGigE, address is 02f2.9bea.2036 (bia 02f2.9bea.2036)",
                "  Internet address is 172.31.17.2/20",
                "  MTU 1514 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)",
                "     reliability 255/255, txload 0/255, rxload 0/255",
                "  Encapsulation ARPA,",
                "  Duplex unknown, 10000Mb/s, link type is force-up",
                "  output flow control is off, input flow control is off",
                "  loopback not set,",
                "  Last link flapped 00:37:05",
                "  ARP type ARPA, ARP timeout 04:00:00",
                "  Last input 00:00:00, output 00:00:00",
                "  Last clearing of \"show interface\" counters never",
                "  5 minute input rate 0 bits/sec, 0 packets/sec",
                "  5 minute output rate 0 bits/sec, 0 packets/sec",
                "     540 packets input, 54319 bytes, 0 total input drops",
                "     0 drops for unrecognized upper-level protocol",
                "     Received 0 broadcast packets, 0 multicast packets",
                "              0 runts, 0 giants, 0 throttles, 0 parity",
                "     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort",
                "     398 packets output, 54071 bytes, 0 total output drops",
                "     Output 1 broadcast packets, 0 multicast packets",
                "     0 output errors, 0 underruns, 0 applique, 0 resets",
                "     0 output buffer failures, 0 output buffers swapped out",
                "     0 carrier transitions"
            ]
        ]
    }
}

PLAY RECAP *************************************************************************************************************************
34.218.248.171             : ok=2    changed=0    unreachable=0    failed=0

[centos@ip-172-31-36-8 an]$

これでいろいろと遊べそうですね!
では次へ

Junos module

JuniperからはvSRXやvMXが提供されています。
今回はvMXをチョイスしてみました。
https://aws.amazon.com/marketplace/pp/B01MZI5TC1

Ansibleのモジュールとしては20個ありました。
https://docs.ansible.com/ansible/2.6/modules/list_of_network_modules.html#junos

amiのidを書き換えてterraform applyで作成します。

vMX.tf
provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region     = "${var.region}"
}

resource "aws_instance" "Juniper_vMX" {

  ami           = "ami-12eaad6a"
  instance_type = "m4.xlarge"
  key_name = "${var.key_name}"
  monitoring    = false
  tags {
        Name = "${var.name}"
  }

  security_groups = ["ubuntu-gns3"]
  iam_instance_profile = "EC2S3Backup"
  root_block_device = {
        volume_type = "gp2"
        volume_size = "35"
  }
}

10分ぐらいしてステータスチェックが正常になったら、疎通確認してみます。

[centos@ip-172-31-36-8 an]$ ansible -i hosts vMX -m ping
52.89.18.82 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
[centos@ip-172-31-36-8 an]$

Playbook実行する前に必要なパッケージを入れておきます。

[centos@ip-172-31-36-8 an]$ sudo python3.6 -m pip install ncclient jxmlease

junos_factsを実行してみると怒られました。

[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts junos_facts.yml --check

PLAY [vMX] **************************************************************************************************************************

TASK [junos_facts] ******************************************************************************************************************
fatal: [52.89.18.82]: FAILED! => {"msg": "Could not open socket to 52.89.18.82:830"}
        to retry, use: --limit @/home/centos/an/an/junos_facts.retry

PLAY RECAP **************************************************************************************************************************
52.89.18.82                : ok=0    changed=0    unreachable=0    failed=1

[centos@ip-172-31-36-8 an]$

こちらのページを参考に以下のコマンドを実行してcommitしました。
セキュリティグループで830の許可も追加しました。

jnpr@ip-172-31-38-254# set system services netconf ssh port 830
jnpr@ip-172-31-38-254# set system services ssh root-login allow
jnpr@ip-172-31-38-254# commit

もっぺんやってみます。

[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts junos_facts.yml

PLAY [vMX] **************************************************************************************************************************

TASK [junos_facts] ******************************************************************************************************************
ok: [52.89.18.82]

TASK [debug] ************************************************************************************************************************
ok: [52.89.18.82] => {
    "facts": {
        "ansible_facts": {
            "ansible_net_config": "## Last changed: 2018-08-14 06:56:38 UTC\nversion 18.1R1.9;\ngroups {\n    global {\n        system {\n            host-name ip-172-31-38-254;\n            login {\n                user jnpr {\n                    uid 2000;\n                    class super-user;\n                    \n                }\n            }\n            services {\n                ssh {\n                    root-login deny-password;\n                }\n            }\n            syslog {\n                user * {\n                    any emergency;\n                }\n                file messages {\n                    any notice;\n                    authorization info;\n                }\n                file interactive-commands {\n                    interactive-commands any;\n                }\n            }\n        }\n        interfaces {\n            fxp0 {\n                unit 0 {\n                    family inet {\n                        address 172.31.38.254/20;\n                    }\n                }\n            }\n        }\n        routing-options {\n            static {\n                route 0.0.0.0/0 {\n                    next-hop 172.31.32.1;\n                    retain;\n                    no-readvertise;\n                }\n            }\n        }\n    }\n}\napply-groups global;\nsystem\n    services {\n        ssh {\n            root-login allow;\n        }\n        netconf {\n            ssh {\n                port 830;\n            }\n        }\n    }\n}",
            "ansible_net_gather_subset": [
                "default",
                "config"
            ],
            "ansible_net_hostname": "ip-172-31-38-254",
            "ansible_net_model": "vmx",
            "ansible_net_serialnum": "VM5B72760401",
            "ansible_net_version": "18.1R1.9"
        },
        "changed": false,
        "failed": false
    }
}

PLAY RECAP **************************************************************************************************************************
52.89.18.82                : ok=2    changed=0    unreachable=0    failed=0

[centos@ip-172-31-36-8 an]$

通りました。
junos_commandもいけました。

[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts junos_command.yml

PLAY [vMX] **************************************************************************************************************************

TASK [junos_command] ****************************************************************************************************************
 [WARNING]: arguments wait_for, match, rpcs are not supported when using transport=cli

ok: [52.89.18.82]

TASK [debug] ************************************************************************************************************************
ok: [52.89.18.82] => {
    "facts.stdout_lines": [
        [
            "Hostname: ip-172-31-38-254",
            "Model: vmx",
            "Junos: 18.1R1.9",
            "JUNOS OS Kernel 64-bit  [20180308.0604c57_builder_stable_11]",
            "JUNOS OS libs [20180308.0604c57_builder_stable_11]",
            "JUNOS OS runtime [20180308.0604c57_builder_stable_11]",
            "JUNOS OS time zone information [20180308.0604c57_builder_stable_11]",
            "JUNOS network stack and utilities [20180323.181821_builder_junos_181_r1]",
            "JUNOS libs [20180323.181821_builder_junos_181_r1]",
            "JUNOS OS libs compat32 [20180308.0604c57_builder_stable_11]",
            "JUNOS OS 32-bit compatibility [20180308.0604c57_builder_stable_11]",
            "JUNOS libs compat32 [20180323.181821_builder_junos_181_r1]",
            "JUNOS runtime [20180323.181821_builder_junos_181_r1]",
            "JUNOS Packet Forwarding Engine Simulation Package [20180323.181821_builder_junos_181_r1]",
            "JUNOS sflow mx [20180323.181821_builder_junos_181_r1]",
            "JUNOS py extensions [20180323.181821_builder_junos_181_r1]",
            "JUNOS py base [20180323.181821_builder_junos_181_r1]",
            "JUNOS OS vmguest [20180308.0604c57_builder_stable_11]",
            "JUNOS OS crypto [20180308.0604c57_builder_stable_11]",
            "JUNOS mx libs compat32 [20180323.181821_builder_junos_181_r1]",
            "JUNOS mx runtime [20180323.181821_builder_junos_181_r1]",
            "JUNOS common platform support [20180323.181821_builder_junos_181_r1]",
            "JUNOS mtx network modules [20180323.181821_builder_junos_181_r1]",
            "JUNOS modules [20180323.181821_builder_junos_181_r1]",
            "JUNOS mx modules [20180323.181821_builder_junos_181_r1]",
            "JUNOS mx libs [20180323.181821_builder_junos_181_r1]",
            "JUNOS mtx Data Plane Crypto Support [20180323.181821_builder_junos_181_r1]",
            "JUNOS daemons [20180323.181821_builder_junos_181_r1]",
            "JUNOS mx daemons [20180323.181821_builder_junos_181_r1]",
            "JUNOS Simulation Linux Package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Simulation Package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Simulation Package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services URL Filter package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services TLB Service PIC package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Telemetry [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services SSL [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services SOFTWIRE [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Stateful Firewall [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services RPM [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services PCEF package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services NAT [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Mobile Subscriber Service Container package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services MobileNext Software package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Logging Report Framework package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services LL-PDF Container package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Jflow Container package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Deep Packet Inspection package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services IPSec [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services IDS [20180323.181821_builder_junos_181_r1]",
            "JUNOS IDP Services [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services HTTP Content Management package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Crypto [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Captive Portal and Content Delivery Container package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services COS [20180323.181821_builder_junos_181_r1]",
            "JUNOS AppId Services [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services Application Level Gateways [20180323.181821_builder_junos_181_r1]",
            "JUNOS Services AACL Container package [20180323.181821_builder_junos_181_r1]",
            "JUNOS Extension Toolkit [20180323.181821_builder_junos_181_r1]",
            "JUNOS Online Documentation [20180323.181821_builder_junos_181_r1]",
            "JUNOS jail runtime [20180308.0604c57_builder_stable_11]"
        ]
    ]
}

PLAY RECAP **************************************************************************************************************************
52.89.18.82                : ok=2    changed=0    unreachable=0    failed=0

[centos@ip-172-31-36-8 an]$

junos_factsはrpcでやるんですかね??
junos_commandはnetwork_cliで通るのですが、junos_factsでは "Connection type 'network_cli' is not valid for 'junos_facts' module." とのこと。
初めてjunos触ってみたのでよくわからず....後でソース見てみます。

では次へ

Fortios

Fortiosはこれを使いました。

モジュールとしては現在4つあります。
https://docs.ansible.com/ansible/2.6/modules/list_of_network_modules.html#fortios

amiのIDを変えてterraformで作ります。

fortigate.tf
provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region     = "${var.region}"
}

resource "aws_instance" "Fortigate" {

  ami           = "ami-42dc833a"
  instance_type = "t2.small"
  key_name = "${var.key_name}"
  monitoring    = false
  tags {
        Name = "${var.name}"
  }

  security_groups = ["ubuntu-gns3"]
  iam_instance_profile = "EC2S3Backup"
  root_block_device = {
        volume_type = "gp2"
        volume_size = "35"
  }
}

起動したら疎通を確認してPlaybookを実行してみます。

[centos@ip-172-31-36-8 an]$ ansible -i hosts Fortios -m ping
35.165.119.203 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
[centos@ip-172-31-36-8 an]$

おっとっと、その前に必要なパッケージを入れます。

[centos@ip-172-31-36-8 an]$ sudo python3.6 -m pip install pyfg

こちらを参考にfortios_configをやってみます。
https://qiita.com/akira6592/items/e8bd06a10d5d7462bf7f

[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts fortios_config.yml

PLAY [Fortios] **********************************************************************************************************************

TASK [fortios_config] ***************************************************************************************************************
ok: [35.165.119.203]

PLAY RECAP **************************************************************************************************************************
35.165.119.203             : ok=1    changed=0    unreachable=0    failed=0

[centos@ip-172-31-36-8 an]$ ls /tmp/35.165.119.203_config.2018-08-14\@09\:24\:37
/tmp/35.165.119.203_config.2018-08-14@09:24:37
[centos@ip-172-31-36-8 an]$

confファイルが手元にbackうpされました。
netaddrパッケージを入れて、fortios_addressをやってみます。

[centos@ip-172-31-36-8 an]$ sudo python3.6 -m pip install netaddr
省略
[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts fortios_address.yml

PLAY [Fortios] **********************************************************************************************************************

TASK [fortios_address] **************************************************************************************************************
changed: [35.165.119.203]

PLAY RECAP **************************************************************************************************************************
35.165.119.203             : ok=1    changed=1    unreachable=0    failed=0

[centos@ip-172-31-36-8 an]$

Exampleをそのまま打ち込んみて、Webで作成されたのが確認できました。

image.png

では次へ

F5

最後にBigipをやってみます。

https://aws.amazon.com/marketplace/pp/B079C44MFH?ref=cns_1clkPro
https://devcentral.f5.com/articles/deploy-big-ip-ve-in-aws-24727

モジュール数は96個!
https://docs.ansible.com/ansible/2.6/modules/list_of_network_modules.html#f5

big-ip.tf
provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region     = "${var.region}"
}

resource "aws_instance" "BIG-IP" {

  ami           = "ami-ae2702d6"
  instance_type = "t2.medium"
  key_name = "${var.key_name}"
  monitoring    = false
  tags {
        Name = "${var.name}"
  }

  security_groups = ["ubuntu-gns3"]
  iam_instance_profile = "EC2S3Backup"
  root_block_device = {
                volume_type = "gp2"
                volume_size = "45"
  }
}

terraform apply して起動したらいったんSSHでつないでパスワードを設定しました。

admin@(ip-172-31-21-206)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify auth password admin
changing password for admin
new password:
confirm password:
admin@(ip-172-31-21-206)(cfg-sync Standalone)(Active)(/Common)(tmos)# save sys config
Saving running configuration...
  /config/bigip.conf
  /config/bigip_base.conf
  /config/bigip_user.conf
Saving Ethernet mapping...done
admin@(ip-172-31-21-206)(cfg-sync Standalone)(Active)(/Common)(tmos)#

F5モジュールに必要なパッケージをインストールします。

[centos@ip-172-31-36-8 ~]$ sudo python3.6 -m pip install bigsuds f5-sdk

セキュリティグループで8443を開けておいて、Playbookを打ってみます。

[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts bigip_command.yml

PLAY [bigip] ****************************************************************************************************************

TASK [bigip_command] ********************************************************************************************************
ok: [52.41.45.65]

TASK [debug] ****************************************************************************************************************
ok: [52.41.45.65] => {
    "facts.stdout_lines": [
        [
            "Sys::Version",
            "Main Package",
            "  Product     BIG-IP",
            "  Version     13.1.1",
            "  Build       0.0.4",
            "  Edition     Final",
            "  Date        Fri Jul 20 17:55:49 PDT 2018"
        ]
    ]
}

PLAY RECAP ******************************************************************************************************************
52.41.45.65                : ok=2    changed=0    unreachable=0    failed=0

[centos@ip-172-31-36-8 an]$

bigip_commandが通りました。
ここに書いてある通りにPoolを作ってみます。

https://clouddocs.f5.com/products/orchestration/ansible/devel/
https://github.com/F5Networks/f5-ansible/blob/devel/examples/0000-getting-started/playbook.yaml

[centos@ip-172-31-36-8 an]$ ansible-playbook -i hosts bigip_pool.yml

PLAY [bigip] ****************************************************************************************************************

TASK [Create a pool] ********************************************************************************************************
changed: [52.41.45.65 -> localhost]

PLAY RECAP ******************************************************************************************************************
52.41.45.65                : ok=1    changed=1    unreachable=0    failed=0

[centos@ip-172-31-36-8 an]$

管理画面でPool listを開くと作成したものが確認できました。

image.png

まとめ

ということでIOSXr、Junos、Fortios、bigipの各インスタンスを立ち上げて簡単なPlaybookを実行してみました。

それぞれ仮想マシンイメージとしても配布されてるので、ローカルのESXiやVirtualboxで試すことももちろん可能ですがダウンロードしてインポートしてとかちょっと面倒くさいし、EC2なら気軽に試せて消すのも楽なのでいいかなーと思いました。
どうせ費用は会社もちだし

気軽に検証なり素振りできる環境を用意できるっていいなと思いました。
おしまい。

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
7
Help us understand the problem. What are the problem?