# Helper playbook for IPAM automation using Ansible # # Sets a localhost fact `ipam_provider` which in subsequent plays can be passed # as the `provider` parameter to the various Ansible modules for Infoblox NIOS # https://docs.ansible.com/ansible/latest/modules/list_of_net_tools_modules.html#nios # # Input parameters for this playbook can be supplied as Ansible variables # or environment variables. # # Example: # # - import_playbook: ipam_provider.yml # vars: # INFOBLOX_HOST: ipam.illinois.edu # INFOBLOX_WAPI_VERSION: 2.7.3 # # - hosts: localhost # tasks: # - set_fact: # my_networks: "{{ lookup('nios', 'network', return_fields=['network', 'extattrs'], provider=ipam_provider) }}" # - debug: var=my_networks # # Author: dmrz # Version: 0.3 # # Copyright (c) 2018 Board of Trustees University of Illinois --- - name: Configure IPAM provider hosts: localhost gather_facts: false vars: INFOBLOX_HOST: "{{ lookup('env','INFOBLOX_HOST') }}" INFOBLOX_WAPI_VERSION: "{{ lookup('env','INFOBLOX_WAPI_VERSION') }}" INFOBLOX_USERNAME: "{{ lookup('env','INFOBLOX_USERNAME') }}" # password may be supplied in plaintext or (ASCII) GPG-encrypted e.g. # # export INFOBLOX_PASSWORD_GPG=$(read -sp "Password: "; gpg <<<"$REPLY" -ae --default-recipient-self) # INFOBLOX_PASSWORD: "{{ lookup('env','INFOBLOX_PASSWORD') }}" INFOBLOX_PASSWORD_GPG: "{{ lookup('env','INFOBLOX_PASSWORD_GPG') }}" INFOBLOX_MAX_RESULTS: "{{ lookup('env','INFOBLOX_MAX_RESULTS') or '-1000' }}" # ignored unless jinja2_native (see below) INFOBLOX_HTTP_REQUEST_TIMEOUT: "{{ (lookup('env','INFOBLOX_HTTP_REQUEST_TIMEOUT') or '10') }}" INFOBLOX_MAX_RETRIES: "{{ lookup('env','INFOBLOX_MAX_RETRIES') or '3' }}" # check whether jinja2_native is configured (enabling e.g. `|int` to # actually produce int rather than string). # https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-jinja2-native is_jinja2_native: "{{ lookup('config', 'DEFAULT_JINJA2_NATIVE') }}" tasks: - assert: { that: "ansible_version.full is version('2.8', '>=')", quiet: true } - name: check required variables fail: msg="Required variable '{{ item }}' not set" when: not lookup('vars', item) loop: - INFOBLOX_HOST - INFOBLOX_WAPI_VERSION - when: not INFOBLOX_USERNAME block: - name: prompt for INFOBLOX_USERNAME if unset pause: prompt: "Enter INFOBLOX_USERNAME for {{ INFOBLOX_HOST }}" register: ipam_provider_prompt_INFOBLOX_USERNAME - set_fact: INFOBLOX_USERNAME: "{{ ipam_provider_prompt_INFOBLOX_USERNAME.user_input }}" - when: INFOBLOX_PASSWORD_GPG and not INFOBLOX_PASSWORD block: - name: decrypt INFOBLOX_PASSWORD_GPG if set command: gpg --decrypt args: stdin: "{{ INFOBLOX_PASSWORD_GPG }}" register: ipam_provider_decrypt_INFOBLOX_PASSWORD_GPG no_log: true changed_when: false - set_fact: INFOBLOX_PASSWORD: "{{ ipam_provider_decrypt_INFOBLOX_PASSWORD_GPG.stdout }}" no_log: true - when: not INFOBLOX_PASSWORD block: - name: prompt for INFOBLOX_PASSWORD if unset pause: prompt: "Enter INFOBLOX_PASSWORD for {{ INFOBLOX_USERNAME }}@{{ INFOBLOX_HOST }}" echo: no register: ipam_provider_prompt_INFOBLOX_PASSWORD no_log: true - set_fact: INFOBLOX_PASSWORD: "{{ ipam_provider_prompt_INFOBLOX_PASSWORD.user_input }}" no_log: true - name: set ipam_provider set_fact: ipam_provider: host: "{{ INFOBLOX_HOST }}" wapi_version: "{{ INFOBLOX_WAPI_VERSION }}" ssl_verify: yes username: "{{ INFOBLOX_USERNAME }}" password: "{{ INFOBLOX_PASSWORD }}" max_results: "{{ INFOBLOX_MAX_RESULTS }}" # must be native int, otherwise nios lookup plugin and/or modules # will fail (as of 2018-10, Ansible 2.7.1) http_request_timeout: "{{ is_jinja2_native | ternary(INFOBLOX_HTTP_REQUEST_TIMEOUT | int, omit) }}" max_retries: "{{ INFOBLOX_MAX_RETRIES }}" no_log: true