updating licenses

jrogers512 · Jul 22, 2015 · 0df4856 · 0df4856
1 parent ae5e90b
commit 0df4856
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -12,3 +12,6 @@ packer_cache/
 
 # Ignore Log files
 *.log
+
+#Ignore license files
+licenses/*.txt
diff --git a/README.md b/README.md
@@ -26,6 +26,7 @@ The course is divided into multiple steps.
 	2.	[Configuring NAT with Ansible](https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/blob/master/docs/configuringnatwansible.md)
 2.	[Basic Firewall Policies](https://github.com/JNPRAutomate/JNPRAutosmateDemo-Class/blob/master/docs/basicfwpolicies.md)
 3.	[VPN connection to headend](https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/blob/master/docs/vpnconnectiontoheadend.md)
+	- Headend VPN connection
 4.	[Enabling Dynamic Routing](https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/blob/master/docs/enablingdynamicrouting.md)
 5.	[Creating VPN Firewall Policies](https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/blob/master/docs/creatingfwpolicies.md)
 6.	[Automating Licenses](https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/blob/master/docs/automatinglicense.md)

diff --git a/ansible/playbooks/idp_license.yml b/ansible/playbooks/idp_license.yml
@@ -7,10 +7,10 @@
     junos_user: "root"
     junos_password: "Juniper"
     build_dir: "/tmp/"
+    idp_license_url: "http://172.16.0.10:8888/licenses"
+    idp_license_files: ['utm.txt','appsecure.txt']
 
   tasks:
-      - name: Install appsec Licenses
-        script: ../../tools/licensetool.py  --user {{ junos_user }} --password {{ junos_password }} --host {{ inventory_hostname }} --url http://10.10.0.10/license/appsecure.txt
-
-      - name: Install utm Licenses
-        script: ../../tools/licensetool.py  --user {{ junos_user }} --password {{ junos_password }} --host {{ inventory_hostname }} --url http://10.10.0.10/license/utm.txt
+      - name: Install Licenses
+        script: ../../tools/licensetool.py  --user {{ junos_user }} --password {{ junos_password }} --host {{ inventory_hostname }} --url {{ idp_license_url }}/{{ item }}
+        with_items: idp_license_files
diff --git a/ansible/playbooks/idp_license_fetch.yml b/ansible/playbooks/idp_license_fetch.yml
@@ -7,8 +7,9 @@
     junos_user: "root"
     junos_password: "Juniper"
     build_dir: "/tmp/"
-    idp_license_url: "http://10.10.0.10/license/"
+    idp_license_url: "http://172.16.0.10:8888/licenses"
     idp_license_files: ['utm.txt','appsecure.txt']
+
   tasks:
       - name: Build fetch commands
         template: src=templates/idp_license_fetch.set.j2 dest={{build_dir}}/idp_license_fetch.set

diff --git a/ansible/playbooks/templates/idp_license_fetch.set.j2 b/ansible/playbooks/templates/idp_license_fetch.set.j2
@@ -1,3 +1,3 @@
 {% for item in idp_license_files %}
-request system license add {{ idp_license_url }}{{ item }}
+request system license add {{ idp_license_url }}/{{ item }}
 {% endfor %}
diff --git a/ansible/playbooks/vpn_config.yml b/ansible/playbooks/vpn_config.yml
@@ -9,8 +9,7 @@
     build_dir: "/tmp/"
     mss_entries: [ {'protocol': 'ipsec-vpn', 'mss': '1350'} ]
     interfaces: [
-      {'interface': 'st0', 'unit': '{{pod_id}}', 'family': 'inet', 'addr_type': 'address', 'addr': '10.255.{{pod_id}}.2/30', 'zone':'vpn', 'hit_protocols': ['ospf', 'bgp'], 'hit_services': ['ping', 'traceroute']},
-      {'interface': 'ge-0/0/2', 'unit': '0', 'family': 'inet', 'addr_type': 'dhcp', 'zone':'untrust', 'hit_services': ['ike','ping','ssh','netconf']}
+      {'interface': 'st0', 'unit': '{{pod_id}}', 'family': 'inet', 'addr_type': 'address', 'addr': '10.255.{{pod_id}}.2/30', 'zone':'vpn', 'hit_protocols': ['ospf', 'bgp'], 'hit_services': ['ping', 'traceroute']}
     ]
     ike: [ {'ike_name': 'ike-vpn', 'gateway_ip': '10.10.0.5', 'ext_interface': 'ge-0/0/2.0', 'ike_policy_name': 'ike-policy1', 'ike_policy_mode': 'main', 'ike_policy_proposal': 'standard', 'shared_secret': 'AwesomePassword123'} ]
     ipsec: [ {'ipsec_policy_name': 'vpn-policy1', 'ipsec_policy_mode': 'standard', 'ipsec_vpn_name': 'ipsec-vpn', 'ike_gateway': 'ike-vpn', 'tunnel_int': 'st0.1'} ]

diff --git a/docs/automatinglicense.md b/docs/automatinglicense.md
@@ -1,6 +1,9 @@
 Automating License and IDP Package Installation
 ===============================================
 
+//TODO: Place license files in "licenses" directory in root of the project
+//TODO: Run basic web server on ndo box
+
 When deploying IPS there are a few steps you must take on a device before it is ready to utilize an IPS policy.
 
 First a license is required to installed on the vSRX. This gives the device the ability to run IPS, AppID, and UTM. Once installed these features are enabled and ready to be used. The IPS and UTM licenses are required to be installed separately.

diff --git a/licenses/README.md b/licenses/README.md
@@ -0,0 +1,9 @@
+# License files
+
+For the lab to work please place the two license files here.
+
+
+## License file names
+
+AppSecure - appsecure.txt
+UTM - utm.txt