From 01cf711dc97548fcb4e022144ae13622c510c0df Mon Sep 17 00:00:00 2001 From: cicharka <93913624+cicharka@users.noreply.github.com> Date: Fri, 9 Aug 2024 17:37:13 +0200 Subject: [PATCH] Include latest changes for templates and backup and restore (#17) * add playbooks for backup & restore device templates with policies * include security changes for scorecard * bump setuptools for security scorecard * mark false positives for secret * playbooks for running config b&r * ansible lint * use galaxy versions and add note for release * update reqs * add workflow for requirements verification * updated azure reqs and docs fix * update workflows --- .ansible-lint | 6 +++ .github/workflows/galaxy-importer.yml | 6 ++- .github/workflows/linters.yml | 12 +++--- .github/workflows/release-from-tag.yml | 6 ++- .github/workflows/requirements.yml | 33 +++++++++++++++ .github/workflows/scorecard.yml | 2 +- README.md | 7 +++- docs/CONTRIBUTING.md | 8 ++++ galaxy.yml | 2 +- .../backup_device_configuration.yml | 22 ++++++++++ .../backup_restore/backup_running_config.yml | 23 +++++++++++ .../restore_device_configuration.yml | 22 ++++++++++ .../backup_restore/restore_running_config.yml | 41 +++++++++++++++++++ requirements.txt | 30 +++++++------- requirements.yml | 10 ++--- 15 files changed, 198 insertions(+), 32 deletions(-) create mode 100644 .github/workflows/requirements.yml create mode 100644 playbooks/backup_restore/backup_device_configuration.yml create mode 100644 playbooks/backup_restore/backup_running_config.yml create mode 100644 playbooks/backup_restore/restore_device_configuration.yml create mode 100644 playbooks/backup_restore/restore_running_config.yml diff --git a/.ansible-lint b/.ansible-lint index b55af87..6b90829 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -12,6 +12,7 @@ profile: production exclude_paths: - playbooks/aws/results/* - playbooks/azure/results/* + - .github/workflows/requirements.yml # parseable: true # quiet: true # strict: true @@ -21,6 +22,10 @@ verbosity: 1 mock_modules: - cisco.catalystwan.wait_for_api_server - azure.azcollection.azure_rm_account_info + - cisco.catalystwan.device_templates_recovery + - cisco.catalystwan.cli_templates + - cisco.catalystwan.device_templates + - cisco.catalystwan.devices_info # - zuul_return # # note the foo.bar is invalid as being neither a module or a collection # - fake_namespace.fake_collection.fake_module @@ -43,6 +48,7 @@ mock_roles: - cisco.catalystwan.vmanage_mode - cisco.catalystwan.health_checks + # - mocked_role # - author.role_name # old standalone galaxy role # - fake_namespace.fake_collection.fake_role # role within a collection diff --git a/.github/workflows/galaxy-importer.yml b/.github/workflows/galaxy-importer.yml index 29a959c..47ba7b4 100644 --- a/.github/workflows/galaxy-importer.yml +++ b/.github/workflows/galaxy-importer.yml @@ -12,6 +12,8 @@ on: branches: - main +permissions: read-all + jobs: galaxy-importer: runs-on: @@ -19,10 +21,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.10' diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 5b2cd98..2a8a211 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -7,6 +7,8 @@ on: branches: - main +permissions: read-all + jobs: analyze-code: runs-on: ubuntu-latest @@ -19,22 +21,22 @@ jobs: steps: - name: Check out the repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.10' - - uses: isort/isort-action@master + - uses: isort/isort-action@f14e57e1d457956c45a19c05a89cccdf087846e5 # v1.1.0 with: requirementsFiles: "requirements.txt" - name: Run check-yaml, end-of-file-fixer, trailing-whitespace - uses: pre-commit/action@v3.0.0 + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 - name: Run ansible-lint - uses: ansible/ansible-lint@main + uses: ansible/ansible-lint@95382d398ea1744bf6bfa47b030f14c38b3f6957 # v24.7.0 - name: Install detect-secrets run: pip install detect-secrets==1.4.0 diff --git a/.github/workflows/release-from-tag.yml b/.github/workflows/release-from-tag.yml index 65ab392..7155864 100644 --- a/.github/workflows/release-from-tag.yml +++ b/.github/workflows/release-from-tag.yml @@ -5,6 +5,8 @@ on: tags: - 'v*.*.*' +permissions: read-all + jobs: publish-release: runs-on: @@ -12,10 +14,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.10' diff --git a/.github/workflows/requirements.yml b/.github/workflows/requirements.yml new file mode 100644 index 0000000..0d87b5a --- /dev/null +++ b/.github/workflows/requirements.yml @@ -0,0 +1,33 @@ +# .github/workflows/requirements.yml +name: requirements.txt combatibility + +on: + pull_request: + + push: + branches: + - main + +permissions: read-all + +jobs: + install-requirements: + runs-on: ubuntu-latest + + strategy: + matrix: + python-version: ['3.10', '3.11', '3.12'] + + steps: + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + with: + python-version: ${{ matrix.python-version }} + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt --no-deps diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 532cc5c..c0ae37c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -23,7 +23,7 @@ jobs: permissions: id-token: write security-events: write - secrets: inherit + secrets: inherit # pragma: allowlist secret with: # Publish results of Scorecard analysis publish-results: true diff --git a/README.md b/README.md index 4476d8d..2cf8c4e 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,12 @@ By leveraging these Ansible resources, [ansible-collection-sdwan](https://github - Automate Deployment: Roll out and provision Cisco SD-WAN controllers and edge devices with minimal manual intervention using [SDWAN Deployment](https://github.com/cisco-open/ansible-collection-sdwan-deployment) roles. - Onboarding of Controllers and Edge Devices: Simplify the process of integrating controllers and edge devices into the Cisco SD-WAN fabric, using automated deployment with PnP (Plug-and-Play), using [ansible-collection-catalystwan](https://github.com/cisco-open/ansible-collection-catalystwan) modules and roles. -- Workflow for Upgrades: Structured workflow that automates the upgrade process for controllers and edge devices. +- Workflow for Upgrades: Structured workflow that automates the upgrade process for controllers and edge devices. See [example playbook for upgrades](./playbooks/software_upgrades_with_remote_server.yml) +- Workflows for backup and restore: + - Backup Device configuration (includes Device Templates, Policies, Feature Templates). See [backup device configuration](./playbooks/backup_restore/backup_device_configuration.yml) + - Restore Device configuration (includes Device Templates, Policies, Feature Templates). See [restore device configuration](./playbooks/backup_restore/restore_device_configuration.yml) + - Backup running config (cli templates). See [backup running config](./playbooks/backup_restore/backup_running_config.yml) + - Restore running config (cli templates). See [restore running config](./playbooks/backup_restore/restore_running_config.yml) [ansible-collection-sdwan](https://github.com/cisco-open/ansible-collection-sdwan) illustrates the power of Ansible's modularity and the significant benefits of using roles, custom modules, and collections for automating network operations. It stands as an indispensable resource for organizations looking to implement Infrastructure as Code (IaC) within their network infrastructure and embrace a more agile and DevOps-oriented approach to network management. diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index 7242cea..6c1ea03 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -26,3 +26,11 @@ Select one from [issue form](https://github.com/cisco-open/ansible-collection-sd ### Create PR When you're finished with the changes, create a pull request, also known as a PR. + +--- + +## Release process + +According to [release workflow inside .github workflows](../.github/workflows/release-from-tag.yml) collection publication to Ansible Galaxy will happen when admin of the repository will push new tag. +This tag must match version used in [galaxy.yml](../galaxy.yml) file. +Release will happen only if desired version was not published on Ansible Galaxy yet. diff --git a/galaxy.yml b/galaxy.yml index 27ccdb8..1964cc6 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: cisco name: sdwan -version: 0.1.0 +version: 0.2.0 readme: README.md authors: - Arkadiusz Cichon diff --git a/playbooks/backup_restore/backup_device_configuration.yml b/playbooks/backup_restore/backup_device_configuration.yml new file mode 100644 index 0000000..3901332 --- /dev/null +++ b/playbooks/backup_restore/backup_device_configuration.yml @@ -0,0 +1,22 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +# NOTE: This is example playbook that requires following variables: +# manager_authentication: url, username, password +# backup_dir_path + +- name: Example playbook with task to backup Device Templates with Policies and Feature Templates + hosts: localhost + gather_facts: false + vars: + manager_authentication: &manager_authentication + url: # your manager url + username: # your manager username + password: # your manager password + tasks: + - name: Perform backup of all non factory default Device Templates (no filters == backup non factory default) + cisco.catalystwan.device_templates_recovery: + mode: backup + # backup_dir_path: # path to create backup directory that will store exported configuration + manager_credentials: + <<: *manager_authentication diff --git a/playbooks/backup_restore/backup_running_config.yml b/playbooks/backup_restore/backup_running_config.yml new file mode 100644 index 0000000..f0f73fd --- /dev/null +++ b/playbooks/backup_restore/backup_running_config.yml @@ -0,0 +1,23 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +--- + +- name: Example playbook for backup of running config + hosts: localhost + gather_facts: false + vars: + manager_authentication: &manager_authentication + url: # your manager url + username: # your manager username + password: # your manager password + tasks: + - name: Backup running-config for all c8000V devices with default backup dir (in CWD) + cisco.catalystwan.devices_info: + backup: true + backup_dir_path: # your backup bath + filters: + personality: "vedge" + manager_credentials: + <<: *manager_authentication + register: backup_info diff --git a/playbooks/backup_restore/restore_device_configuration.yml b/playbooks/backup_restore/restore_device_configuration.yml new file mode 100644 index 0000000..5a113d1 --- /dev/null +++ b/playbooks/backup_restore/restore_device_configuration.yml @@ -0,0 +1,22 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +# NOTE: This is example playbook that requires following variables: +# manager_authentication: url, username, password +# backup_dir_path + +- name: Example playbook with task to restore Device Templates with Policies and Feature Templates + hosts: localhost + gather_facts: false + vars: + manager_authentication: &manager_authentication + url: # your manager url + username: # your manager username + password: # your manager password + tasks: + - name: Restore configuration from provided backup directory + cisco.catalystwan.device_templates_recovery: + mode: restore + # backup_dir_path: # path to backup directory from which templates will be imported + manager_credentials: + <<: *manager_authentication diff --git a/playbooks/backup_restore/restore_running_config.yml b/playbooks/backup_restore/restore_running_config.yml new file mode 100644 index 0000000..5257be5 --- /dev/null +++ b/playbooks/backup_restore/restore_running_config.yml @@ -0,0 +1,41 @@ +# Copyright 2024 Cisco Systems, Inc. and its affiliates +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +--- + +- name: Testing playbook to verify backup & restore operations + hosts: localhost + gather_facts: false + vars_files: + - configuration_file_dev_vars.yml + vars: + manager_authentication: &manager_authentication + url: # your manager url + username: # your manager username + password: # your manager password + tasks: + - name: Using backup files, create CLI templates for each Edge device + cisco.catalystwan.cli_templates: + state: present + template_name: "backup-template-{{ device_item.filename }}" + template_description: "Template for {{ device_item.hostname }} created from backup file." + config_file: "{{ device_item.backup_path }}" + device_model: vedge-C8000V + manager_credentials: + <<: *manager_authentication + loop: "{{ backup_info.backup_paths }}" + loop_control: + loop_var: device_item + when: backup_info.backup_paths | length > 0 + + - name: Attach backup templates to the Edge devices + cisco.catalystwan.device_templates: + state: attached + template_name: "backup-template-{{ device_item.filename }}" + hostname: "{{ device_item.hostname }}" + manager_credentials: + <<: *manager_authentication + loop: "{{ backup_info.backup_paths }}" + loop_control: + loop_var: device_item + when: backup_info.backup_paths | length > 0 diff --git a/requirements.txt b/requirements.txt index cdbf95c..b5e05fa 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,16 +3,17 @@ annotated-types==0.6.0 ansible==9.5.1 ansible-core==2.16.6 applicationinsights==0.11.10 -argcomplete==1.12.3 +argcomplete==3.3.0 args==0.1.0 attrs==21.4.0 -azure-cli-core==2.34.0 -azure-cli-telemetry==1.0.6 +azure-cli-core==2.63.0 +azure-cli-nspkg==3.0.4 +azure-cli-telemetry==1.1.0 azure-common==1.1.11 azure-containerregistry==1.1.0 azure-core==1.28.0 azure-graphrbac==0.61.1 -azure-identity==1.7.0 +azure-identity==1.16.1 azure-keyvault==4.2.0 azure-keyvault-certificates==4.7.0 azure-keyvault-keys==4.8.0 @@ -49,7 +50,7 @@ azure-mgmt-rdbms==10.0.0 azure-mgmt-recoveryservices==2.0.0 azure-mgmt-recoveryservicesbackup==3.0.0 azure-mgmt-redis==13.0.0 -azure-mgmt-resource==21.1.0 +azure-mgmt-resource==23.0.0 azure-mgmt-search==8.0.0 azure-mgmt-servicebus==7.1.0 azure-mgmt-sql==3.0.1 @@ -57,16 +58,17 @@ azure-mgmt-storage==19.0.0 azure-mgmt-trafficmanager==1.0.0b1 azure-mgmt-web==6.1.0 azure-nspkg==2.0.0 -azure-storage-blob==12.11.0 +azure-storage-blob==12.13.0 bcrypt==4.1.2 boto3==1.34.78 botocore==1.34.78 -catalystwan==0.33.4 +catalystwan==0.34.0.dev2 certifi==2024.2.2 cffi==1.16.0 charset-normalizer==3.3.2 ciscoconfparse==1.9.41 clint==0.5.1 +colorama==0.4.6 cryptography==42.0.5 Deprecated==1.2.14 dnspython==2.6.1 @@ -78,18 +80,18 @@ idna==3.7 isodate==0.6.1 Jinja2==3.1.3 jmespath==1.0.1 -knack==0.9.0 +knack==0.11.0 loguru==0.7.2 MarkupSafe==2.1.5 mccabe==0.7.0 -msal==1.23.0 -msal-extensions==0.3.1 +msal==1.30.0 +msal-extensions==1.2.0 msrest==0.7.1 msrestazure==0.6.4 netaddr==1.2.1 oauthlib==3.2.2 -packaging==23.2 -paramiko==2.12.0 +packaging==21.3 +paramiko==3.4.0 passlib==1.7.4 pkginfo==1.10.0 portalocker==1.7.1 @@ -107,12 +109,12 @@ pyparsing==3.1.2 PySocks==1.7.1 python-dateutil==2.9.0.post0 PyYAML==6.0.1 -requests==2.31.0 +requests==2.32.2 requests-oauthlib==2.0.0 requests-toolbelt==1.0.0 resolvelib==1.0.1 s3transfer==0.10.1 -setuptools==69.5.1 +setuptools==72.1.0 six==1.16.0 tabulate==0.9.0 tenacity==8.2.3 diff --git a/requirements.yml b/requirements.yml index d23bfa7..39af5fc 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,9 +3,7 @@ collections: version: 6.5.0 - name: azure.azcollection version: 1.19.0 - - name: git@github.com:cisco-open/ansible-collection-catalystwan.git - type: git - version: main - - name: git@github.com:cisco-open/ansible-collection-sdwan-deployment.git - type: git - version: main + - name: cisco.catalystwan + version: 0.2.0 + - name: cisco.sdwan_deployment + version: 0.2.0