Ansible Collection – cremsburg.apstra

N|Solid

Overview

The goal of this collection is to provide an easier way to interact with Juniper’s Apstra solution. While nothing will stop you from using the built-in module, you may find that working with pre-packaged modules can help simplify the development of your playbook, or it may just be easier to support as a team.

📋 Ansible version compatibility

There are significant changes to Ansible within version 3.x, and while those changes get worked out we will continue to test for Ansible 2.10.x.

It is very likely that something will break on Ansible 3.x versions as of this pre-release version of the project.

⚙️ Batteries Included

Here is a short list of modules included within the collection, expect feature parity with the Swagger before this project hits version 0.1.0

Name Description
cremsburg.apstra.blueprint Manage Blueprints
cremsburg.apstra.design Manage the Design elements
cremsburg.apstra.resources Manage the Resources elements

🚀 Executing the playbook

After installing the collections, you can call the modules by using their full name path.

test.yaml

---
- hosts: localhost
  gather_facts: False
  become: False
  tasks:
    
    - name: Manage an IP Pool Resource with two prefixes
      cremsburg.apstra.resources:
        # define server connectivity options
        server: apstra.dmz.home
        api_token: "{{ api_token }}"

        # define resource allocations
        display_name: "cicd_test"
        type: "ip-pool"
        subnets:
          - "100.1.1.0/24"
          - "100.1.2.0/24"

        # state whether you want to create or delete this resource
        state: present

Then simply run your playbook

ansible-playbook test.yaml

If you used Ansible Vault to encrypt your secrets, you need to append the --ask-vault-pass to your command.

⚠️ Very Important! ⚠️

Please make sure to manage your sensative information carfully. While the modules support the parameter of api_key, this should never be statically entered with your token in clear text.

Here are better alternatives:

Manage your API token as an environmental

export APSTRA_API_TOKEN='YOUR_PRIVATE_KEY_HERE'

you can also use APSTRA_API_KEY, if you prefer

Manage your API token as a secret with Ansible Vault

create a file to store your API token in

$ vim vault.yaml

api_token: "MY_APSTRA_API_TOKEN_HERE"

encrypt the new file

ansible-vault encrypt vault.yml

and now you’ll need to pass your vault password when using the playbook

ansible-playbook --ask-vault-pass test.yaml

Development

Want to contribute? Great!

Submit a PR and let’s work on this together 😀

GitHub

View Github