diff --git a/common_errors.md b/common_errors.md new file mode 100644 index 0000000..72f79be --- /dev/null +++ b/common_errors.md @@ -0,0 +1,9 @@ +* Creating Application Policies + +** error in ansible-playbook +*** problem +ansible-playbook -i inventory.yml playbook/appfw_policies.yml +ERROR: junos_install_coinfig is not a legal parameter in an Ansible task or handler +*** resolution +TBD + diff --git a/docs/creatingapppolicies.md b/docs/creatingapppolicies.md index 2c0ac53..0b44cea 100644 --- a/docs/creatingapppolicies.md +++ b/docs/creatingapppolicies.md @@ -6,7 +6,7 @@ Now it is time to start using some of the more advanced firewall capabilities. T Creating Application Policies with Ansible ========================================== -Before we created basic firewall policies using Ansible. Now we will create application firewall policies. While the concept os the same there is an additional challenge. In a basic firewall policy you can add what amounts top just ports now you have to manage the applications that go over those ports. Typically you will want to apply many more specific applications that you want to block. You can also add other elements such as application groups. Because of this managing AppFW policies can be quite tedious. But as we will see +Before we created basic firewall policies using Ansible. Now we will create application firewall policies. While the concept is the same there is an additional challenge. In a basic firewall policy you can add what amounts to just ports now you have to manage the applications that go over those ports. Typically you will want to apply many more specific applications that you want to block. You can also add other elements such as application groups. Because of this managing AppFW policies can be quite tedious. But as we will see there are a variety of methods and tools we can employ to simplify the process. Reviewing the playbook ---------------------- diff --git a/proctor/AutomationDemoTopology.pptx b/proctor/AutomationDemoTopology.pptx new file mode 100644 index 0000000..30971b6 Binary files /dev/null and b/proctor/AutomationDemoTopology.pptx differ diff --git a/proctor/README.md b/proctor/README.md new file mode 100644 index 0000000..f5f66d7 --- /dev/null +++ b/proctor/README.md @@ -0,0 +1,62 @@ +Network and Security Automation Workshop : PROCTOR MODE : +======================================== + + +This directory outlines the proctor side of the vSRX based automation lab. There are number of proctor only steps to setup and manage on this side. + +Refere to the [Topology Overview](https://github.com/JNPRAutomate/JNPRAutomateDemo-Student/blob/master/docs/topologyoverview.md) as needed for the view into the proctor setup. + +Setup prior to beginning lab: +1. Headend vSRX vm. +2. NDO public vm +3. NDO private vm. +4. Reggie server + +1. HE vSRX + +cd into the 'proctor' directory - your path should be similar to this: + + sjunkin-mbp:proctor sjunkin$ pwd + /Users/sjunkin/sandbox/JNPRAutomateDemo-Student/proctor + +run the following command: + + sjunkin-mbp:proctor sjunkin$ vagrant up + +This will load the three vm's for the proctor end of the lab. + +2. NDO Public server +. +For reggie setup:- + +On your hosting systems, inside the proctor directroy: + + sjunkin-mbp:proctor sjunkin$ pwd + /Users/sjunkin/sandbox/JNPRAutomateDemo-Student/proctor + + vagrant ssh ndo_public + cd /vagrant/proctor/ansible + +run + +ansible-playbook -i inventory.yml ./playbooks/deploy_reggie.yml + +It may present an error, if so try to re-run the command. + +once that finishes: + + cd /reggie + python app.py db upgrade + python app.py db migrate + + +***** After students register on the reggie site **** +As the proctor you can go to the reggie admin site and see a list of all the students who have registered via this url : http://10.10.0.10/admin with user:pass [admin:not_verybig_secret] + + cd /vagrant/proctor/tools + vagrant@NetDevOps-Public:/vagrant/proctor/tools$ python vpn_he_mgr.py --url=http://10.10.0.10/student + +The above command will pull all of the registered students out of the reggie database and recreate and update the playbook on the server side with the new data, then execute the playbook + + +TODO- how to validate the above was successful?