published

Ansible Config Audit and Enforcement

Code to audit and enforce a gold standard config across a range of devices

Objective

This playbook, and the accompanying roles, are designed to illustrate how Ansible could be used to audit and enforce a set of baseline configs across multiple device types. The roles contain some sample configurations that might be included in an organization's baseline config, but they can be easily extended to add additional configs as well.

Requirements

To use this code you will need:

  • Python 3.6+

Optionally, this code can be run as is in a DevNet Cisco Modeling Labs sandbox

With the above sandbox, you instead will need:

  • Cisco VPN client - Setup instructions here
  • SSH client - Using Mac/Linux directly use the OS native SSH client. For connecting using an SSH client such as PuTTY

Install and Setup

  1. Reserve a Cisco Modeling Labs sandbox at DevNet Cisco Modeling Labs sandbox
  2. Once it is ready, click on the "Output" button, and use the VPN credentials to connect with AnyConnect or OpenConnect
  3. SSH to 10.10.20.50 as the developer user with password C1sco12345
  4. Execute the following to download pre-requisites: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/CiscoDevNet/ansible-config-audit/master/setup.sh)"
  5. Execute cd ansible-config-audit to change to the correct directory
  6. Execute ansible-playbook 1_audit.yml -C -v to see the state of the config audit
  7. Optionally execute ansible-playbook 1_audit.yml -v to deploy the gold config config
  8. Re-run ansible-playbook 1_audit.yml -C -v to see the new state of the config audit

Lab Topology:

Topology Diagram

Device list:

Device List

Use Case

Ansible Config Audit and Enforcement

Code to audit and enforce a gold standard config across a range of devices.

Objective

This playbook and the accompanying roles are designed to illustrate how Ansible could be used to audit and enforce a set of baseline configs across multiple device types. The roles contain some sample configurations that might be included in an organization's baseline config, but they can be easily extended to add additional configs as well.

Requirements

To use this code you will need:

  • Python 3.6+

Optionally, this code can be run as is in a DevNet Cisco Modeling Labs sandbox.

When using the DevNet CML Sandbox, in addition you need:

  • Cisco VPN client - Setup instructions here
  • SSH client - Using Mac/Linux directly use the OS native SSH client. For connecting using an SSH client such as PuTTY

Install and Setup Ansible Config Audit

  1. Reserve a Cisco Modeling Labs sandbox at DevNet Cisco Modeling Labs sandbox.
  2. Once it is ready, click on the "Output" button, and use the VPN credentials to connect with AnyConnect or OpenConnect.
  3. SSH to 10.10.20.50 as the developer user with password C1sco12345.
  4. Execute the following to download pre-requisites: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/CiscoDevNet/ansible-config-audit/master/setup.sh)".
  5. Execute cd ansible-config-audit to change to the correct directory.
  6. Execute ansible-playbook 1_audit.yml -C -v to see the state of the config audit.
  7. Optionally execute ansible-playbook 1_audit.yml -v to deploy the gold config.
  8. Re-run ansible-playbook 1_audit.yml -C -v to see the new state of the config audit.

Lab Topology:

Device list:

Business Summary
Through automated audit, customers can eliminate a time-consuming task, while increasing frequency of audits by orders of magnitude.

Related Sandbox

DevNet Cisco Modeling Labs sandbox

View code on GitHub

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.