[QUESTION] has anyone done any admin scripting using ansible?

lightaffaire

Occasional Visitor
Has anyone created script(s)/playbook(s) to use ansible to admin an asus-merlin firmware on gt-ax11000/rt-ax88u level systems ?

I see a python package on entware. Has anyone installed it and if so how much disk/ram space does it require ?

Once I have collated any relevant answers I will look at using/merging my standard ansible scripts/playbooks for setup/admin.

Thanks in advance

Iain
 

L&LD

Part of the Furniture
Pretty sure I've never heard of this in these forums before.
 

Tom D

New Around Here
It's been a while since the original post, but I stumbled across this today as I was also wondering if anyone has experience with this. I think Ansible is a good

I have set up Ansible for an RT-N66U running legacy Merlin 380.70-0 a while. The setup was quite straightforward: I already had entware on the system, and I just needed to install a number of packages to get it to work. I found a rather small set of packages that is needed to make things run, and a newer router should have even less problems to run it - see below for more info.

The reason why I was looking for ASUSWRT-Merlin and Ansible is that I Ansible now supports networking devices that do not run Python by running CLI commands through ssh. The ASUSWRT `nvram` command would be a good candidate, and a lot of basic settings could be automated without the need for entware, Python, and maybe even with the stock ASUSWRT firmware. I am thinking about setting this up, and wanted to see if there is experience and/or interest in using Ansible for ASUSWRT and small networks. I think it's a natural choice, and I like having my router configuration in a git repository alongside all other computer setup I have - although I do wonder if it's overkill...

Some details of the implementation:

I had to install these opkg packages: python-light python-logging python-openssl python-codecs openssh-sftp-server python-distutils. I even wrote a small playbook to set this up, but that this playbook does not set up of entware on the system. I don't remember why I installed python-distutils in a second call to opkg, it might work in a single call.
Code:
- name: bootstrap WRT routers
  hosts: asuswrt
  gather_facts: False

  tasks:

    - name: update entware package information
      raw: opkg update

    - name: install python for ansible
      raw: >
        opkg install
        python-light python-logging python-openssl python-codecs
        openssh-sftp-server

    - name: install python modules for ansible
      opkg:
        name: python-distutils
        state: present
        update_cache: yes

An important feature is to use the `nvram` command to change all the router settings, as an alternative to the web interface. I wrote a little shell script to help with this, and this makes it quite convenient to update e.g. DNS servers. I put this script in library/asuswrt_nvram.sh, and I'm not sure if anything else is needed.
Code:
#!/bin/sh
# wrapper for conditional setting of uci config
# compare http://wiki.openwrt.org/doc/techref/uci

# TODO: add more docs, see http://docs.ansible.com/developing_modules.html

# parameters are command, key, value
source ${1}

unquoted_key="$(echo $key | sed -e s/\'//g)"
unquoted_value="$(echo $value | sed -e s/\'//g)"

# test if we need to apply a change
case $command in
    'set')
        if [ "$(nvram get "$unquoted_key")" = "$value" ]
        then
            echo '{"changed": false}'
        else
            if [ -z "${_ansible_check_mode}" -o "${_ansible_check_mode}" = "False" ]
            then
                nvram set "${unquoted_key}=${value}"
                logger "read nvram: ${unquoted_key}="$(nvram get "${unquoted_key}")
            fi
            echo '{"changed": true, "msg": "executed: nvram set"}'
            #echo "{\"changed\": true, \"msg\": \"executed nvram set \"${unquoted_key}=${value}\"}"
        fi
        ;;

    'commit')
        #if [ -z "${_ansible_check_mode}" -o "${_ansible_check_mode}" = "False" ]
        #then
        nvram commit
        logger "commit nvram"
        #fi
        echo '{"changed": true, "msg": "executed: nvram commit"}'
        ;;
esac

However, a cleaner way would be to use Ansible network automation for this. You can reply to this thread if you are interested in more info.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top