Ansible Config Audit and Enforcement
Code to audit and enforce a gold standard config across a range of devices
Objective
This playbook, and the accompanying roles, are designed to illustrate how Ansible could be used to audit and enforce a set of baseline configs across multiple device types. The roles contain some sample configurations that might be included in an organization's baseline config, but they can be easily extended to add additional configs as well.
Requirements
To use this code you will need:
Optionally, this code can be run as is in a DevNet Cisco Modeling Labs sandbox
With the above sandbox, you instead will need:
- Cisco VPN client - Setup instructions here
- SSH client - Using Mac/Linux directly use the OS native SSH client. For connecting using an SSH client such as PuTTY
Install and Setup
- Reserve a Cisco Modeling Labs sandbox at DevNet Cisco Modeling Labs sandbox
- Once it is ready, click on the "Output" button, and use the VPN credentials to connect with AnyConnect or OpenConnect
- SSH to 10.10.20.50 as the developer user with password C1sco12345
- Execute the following to download pre-requisites:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/CiscoDevNet/ansible-config-audit/master/setup.sh)"
- Execute
cd ansible-config-audit
to change to the correct directory
- Execute
ansible-playbook 1_audit.yml -C -v
to see the state of the config audit
- Optionally execute
ansible-playbook 1_audit.yml -v
to deploy the gold config config
- Re-run
ansible-playbook 1_audit.yml -C -v
to see the new state of the config audit
Lab Topology:
Device list:
Use Case
Ansible Config Audit and Enforcement
Code to audit and enforce a gold standard config across a range of devices.
Objective
This playbook and the accompanying roles are designed to illustrate how Ansible could be used to audit and enforce a set of baseline configs across multiple device types. The roles contain some sample configurations that might be included in an organization's baseline config, but they can be easily extended to add additional configs as well.
Requirements
To use this code you will need:
Optionally, this code can be run as is in a DevNet Cisco Modeling Labs sandbox.
When using the DevNet CML Sandbox, in addition you need:
- Cisco VPN client - Setup instructions here
- SSH client - Using Mac/Linux directly use the OS native SSH client. For connecting using an SSH client such as PuTTY
Install and Setup Ansible Config Audit
- Reserve a Cisco Modeling Labs sandbox at DevNet Cisco Modeling Labs sandbox.
- Once it is ready, click on the "Output" button, and use the VPN credentials to connect with AnyConnect or OpenConnect.
- SSH to 10.10.20.50 as the developer user with password C1sco12345.
- Execute the following to download pre-requisites:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/CiscoDevNet/ansible-config-audit/master/setup.sh)"
. - Execute
cd ansible-config-audit
to change to the correct directory. - Execute
ansible-playbook 1_audit.yml -C -v
to see the state of the config audit. - Optionally execute
ansible-playbook 1_audit.yml -v
to deploy the gold config. - Re-run
ansible-playbook 1_audit.yml -C -v
to see the new state of the config audit.
Lab Topology:
Device list:
Business Summary
Through automated audit, customers can eliminate a time-consuming task, while increasing frequency of audits by orders of magnitude.
Related Sandbox
DevNet Cisco Modeling Labs sandbox