While my day job is as a Network Engineer I also moonlight as a Network Engineer and consult for a couple of people. Most of that work involves VPNs for remote office connectivity. I’ve been able to get most of my clients to standardize their VPN devices on Cisco 5505’s. While the configurations are a bit different most of the items are the same. So this lends itself to a templating system. I’ve also found that at times when a client calls with frantic call saying that a device has died they find it reassuring when I can immediately dial in and upload a configuration and have them back up and running in a quick time. I went through Kirk Byer’s Python course and then got his emails about setting up Ansible. I thought that this might be a great way to build a standard config per client and keep their configurations in a template file so that I can regenerate their configurations as needed. I am also running this on my macbook pro so that I have it wherever I am.
Kirk put together some wonderful walk through’s of setting up Ansible and getting it to work:
Since I wanted to use a password for the SSH connection, I did have to load SSHPASS for OS X:
I took my standard config and put it into the templates directory after that I then modified it to handle removing DHCP and then variabilize key aspects of the config so that I could put those into the vars/main.yml and customize per site.
The issue I ran into was when trying to run the Playbook, Ansible didn’t like the PSK for the L2L VPN. I found that it needed to be enclosed in single quotes in the /vars/main.yml file. This way there wasn’t an issue with the characters in the PSK and the config would generate correctly.
After this it is a simple copy and paste and the vpn device is ready to go. The other thing that this helps with is when doing upgrades from older devices such as 501’s. I can now just modify the template that is used and I get the new config for the 5505 with very minimal error checking and a much better standardized config.