ansible-opnsense icon indicating copy to clipboard operation
ansible-opnsense copied to clipboard

Published 20 hours ago verified publisher icon naturalis

NetBox integration, template config.xml using Jinja2

Open ypid opened this issue 4 years ago • 1 comments

Hi there

I have been playing with this role for a bit and start to get ideas how I want to approach it. I have settled on NetBox to define the state of the network. Now I need a way to take the state from NetBox and deploy it to OPNsense boxes. I am surprised I have not really found others that have done the same as NetBox is the perfect source for this.

It seems to me that this role gets a bit slow the more interfaces and settings you have. Also, with this project I would like to try the simplest approach I can take. I would like to avoid having an Ansible inventory layer in between NetBox and the generated config.xml. I tried it and ended up with something like this:

opn_interfaces_specific: |-
  {% macro print_config() %}
  {% for interface in interfaces|sort(attribute="id") %}
  {%   for vlan in ([interface.untagged_vlan] + interface.tagged_vlans) if vlan %}
  {%     if vlan.name == "Users" %}
  {%       set interface_name = "lan" %}
  {%     else %}
  {%       set interface_name = "opt" + (interface.id|string) %}
  {%     endif %}
    - interface: {{ interface_name }}
  {%     if vlan %}
      vlan: {{ vlan.vid }}
      vlan_parent_interface: {{ (interface.name | replace('_', '.')).split('.') | first }}
  {%     endif %}
      settings:
        - key: ipaddr
          value: {{ interface.ip_addresses[0].address.split('/') | first }}
        - key: subnet
          value: {{ interface.ip_addresses[0].address.split('/') | last }}
        - key: descr
          value: {{ interface.description }}
        - key: enable
          value: {{ 1 if interface.enabled else 0 }}
    
  {%   endfor %}
  {% endfor %}
  {% endmacro %}
  {{ print_config() | from_yaml }}

Now I end up looking into the tasks of this role to figure out which variables I need to set and at the same time I need to learn the structure of the config.xml because this roles does not seem to have docs. With NetBox however, we already have a stable inventory source (https://github.com/netbox-community/ansible_modules). My basic idea which goes in line with #39: Use Jinja2 and directly access the structure from NetBox. I am not sure how much interoperability we can provide so that others can use the same template. Maybe this role can just provide a base template and if people can use an inventory variable to add more XML to it. Or if they want to go crazy just maintain their own config.xml.j2 template. For combining the state from the device I am testing to use a lookup plugin that can get arbitrary XML child nodes using XPath. The idea is to use this lookup plugin in the config.xml.j2 to assemble the final config and potentially move more and more to NetBox and Ansible as a source instead of the device.

If I may I would like to see if others are interested in a contribution like this and generally would like to discuss integration with NetBox.

ypid avatar Jan 18 '21 22:01 ypid

I am pretty happy with how it turned out. Feel free to check it out: #41. It totally drops the intermediate Ansible inventory layer and replaced it with NetBox as I mentioned. For me, I was looking into the config.xml anyway.

And I think the way to distribute the file would be to split it up into Jinja2 macros so that users can put together their own template and still benefit from the our upstream macros to do common things. I can do that in #41 when you want.

Let me know what you think.

ypid avatar Jan 25 '21 23:01 ypid