Fix VPN deployment playbook and test

JNPRAutomate · Mar 27, 2015 · 9c04f68 · 9c04f68
1 parent 2edcb9b
commit 9c04f68
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/ansible/playbooks/templates/interfaces.set.j2 b/ansible/playbooks/templates/interfaces.set.j2
@@ -1,5 +1,5 @@
 {% for i in interfaces %}
-    {% if i.addr_type is "dhcp" %}
+    {% if i.addr_type == "dhcp" %}
 set interfaces {{ i.interface }} unit {{ i.unit }} family {{ i.family }} dhcp
     {% else %}
 set interfaces {{ i.interface }} unit {{ i.unit }} family {{ i.family }} {{ i.addr_type }} {{ i.addr }}

diff --git a/ansible/playbooks/templates/interfaces_zone.set.j2 b/ansible/playbooks/templates/interfaces_zone.set.j2
@@ -1,9 +1,9 @@
 {% for i in interfaces %}
 	{% if i.zone is defined%}
-set security zones security-zone {{ i.zone }} interfaces {{ i.interface }}
+set security zones security-zone {{ i.zone }} interfaces {{ i.interface -}}.{{ i.unit -}}
 	{% endif %}
 
 	{% if i.inbound_type %}
-set security zones security-zone {{ i.zone }} interfaces {{ i.interface }} host-inbound-traffic {{ i.inbound_type }} {{ i.system_service }}
+set security zones security-zone {{ i.zone }} interfaces {{ i.interface }}.{{ i.unit }}  host-inbound-traffic {{ i.inbound_type }} {{ i.system_service }}
 	{% endif %}
 {% endfor %}
diff --git a/ansible/playbooks/templates/vpn_ipsec.set.j2 b/ansible/playbooks/templates/vpn_ipsec.set.j2
@@ -2,5 +2,5 @@
 set security ipsec policy {{ i.ipsec_policy_name }} proposal-set {{ i.ipsec_policy_mode }}
 set security ipsec vpn {{ i.ipsec_vpn_name }} ike gateway {{ i.ike_gateway }}
 set security ipsec vpn {{ i.ipsec_vpn_name }} ike ipsec-policy {{ i.ipsec_policy_name }} 
-set security ipsec vpn {{ i.ipsec_vpn_name }} bind-interface {{ vpn.tunnel_int }}
+set security ipsec vpn {{ i.ipsec_vpn_name }} bind-interface {{ i.tunnel_int }}
 {% endfor %}
diff --git a/ansible/playbooks/vpn_config.yml b/ansible/playbooks/vpn_config.yml
@@ -11,7 +11,7 @@
     fw_policy_info: [ {'policy_name':'Allow_Policy','src_zone':'trust','dst_zone':'untrust','src_ips':['LocalNet'],'dst_ips':['PrivateNet'],'action':'permit','apps':['any']}]
     mss_entries: [ {'protocol': 'ipsec-vpn', 'mss': '1350'} ]
     interfaces: [ {'interface': 'st0', 'unit': '1', 'family': 'inet', 'addr_type': 'address', 'addr': '10.255.1.2/30', 'zone':'vpn', 'inbound_type': 'system-services', 'system_service': 'ping'} ]
-    ike: [ {'ike_name': 'ike-vpn', 'gateway_ip': '10.10.0.10', 'ext_interface': 'ge-0/0/2', 'ike_policy_name': 'ike-policy1', 'ike_policy_mode': 'mode', 'ike_policy_proposal': 'stanard', 'shared_secret': 'AwesomePassword123'} ]
+    ike: [ {'ike_name': 'ike-vpn', 'gateway_ip': '10.10.0.10', 'ext_interface': 'ge-0/0/2.0', 'ike_policy_name': 'ike-policy1', 'ike_policy_mode': 'main', 'ike_policy_proposal': 'standard', 'shared_secret': 'AwesomePassword123'} ]
     ipsec: [ {'ipsec_policy_name': 'vpn-policy1', 'ipsec_policy_mode': 'standard', 'ipsec_vpn_name': 'ipsec-vpn', 'ike_gateway': 'ike-vpn', 'tunnel_int': 'st0.1'} ]
 
 
@@ -27,7 +27,7 @@
       template: src=templates/interfaces.set.j2 dest={{build_dir}}/interfaces.set
       with_items: interfaces
 
-    - name: Apply tunnel interface
+    - name: Apply vpn tunnel interface
       junos_install_config: host={{ inventory_hostname }} user={{ junos_user }} passwd={{ junos_password }} file={{ build_dir }}/interfaces.set overwrite=no logfile=logs/{{ inventory_hostname }}.log
 
     - name: Build vpn zone