Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ansible2.9 ネットワーク対応のアップデート #ansiblejp

2,900 views

Published on

Ansible2.9 ネットワーク対応のアップデート

「Ansiblejpネットワーク部 2019.11」での発表資料です。
https://ansible-users.connpass.com/event/151107/

Published in: Technology
  • Looking For A Job? Positions available now. FT or PT. $10-$30/hr. No exp required. ➤➤ http://ishbv.com/easywriter/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Ansible2.9 ネットワーク対応のアップデート #ansiblejp

  1. 1. 株式会社 エーピーコミュニケーションズ 横地 晃(@akira6592) 2019/11/20 Ansiblejpネットワーク部 2019.11
  2. 2. はじめに l 2019/10/31 に Ansible 2.9.0 がリリースされました l ⽬⽟は Network Resource Modules の登場 l 様々な仕様変更や機能追加の中から、気になった な点をご紹介します。 2 便利 地味に 便利 ちょっと 注意
  3. 3. 本発表の位置づけ 3 全変更 解説ブログ 本発表 CHNAGELOG https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#v2-9-0 Porting Guide https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.9.html Ansible 2.9 リリース、便利機能や注意点まとめ https://tekunabe.hatenablog.jp/entry/2019/11/10/ansible29
  4. 4. ⾃⼰紹介 4 名前 横地 晃 所属 株式会社エーピーコミュニケーションズ 業務 ネットワーク⾃動化サービス関連 @akira6592 執筆・ブログなど l Ansible実践ガイド 第3版 l Software Design 2019年12⽉号 Ansible 連載 l Software Design 2018年12⽉号 Ansible 特集 l 技術ブログ(てくなべ) l 過去発表資料 2019/10/18 発売 2019/11/18 発売
  5. 5. 内容 5 l Network Resource Module l ネットワーク共通 l FortiOS l Check Point l Junos l IOS XR
  6. 6. 6 Network Resource Modules
  7. 7. 7 Network Resource Modules 追加 l 柔軟に設定変更できるモジュール ◦ 今回は主にインターフェース関連が対象 便利 引⽤元: Deep Dive into Ansible Network Resource Module https://www.ansible.com/hubfs//AnsibleFest%20ATL%20Slide%20Decks/Deep%20Dive%20into%20Ansible%20Network%20Resource%20Module%20-%20AnsibleFest%202019.pdf#page=39 モジュール名 末尾 s が多い
  8. 8. 8 eos_interfaces モジュールの使⽤例 便利 https://docs.ansible.com/ansible/latest/modules/eos_interfaces_module.html - name: merged eos_interfaces: config: - name: Ethernet1 description: changed desc enabled: True - name: Ethernet2 enabled: False state: merged • merged: マージ(デフォルト) • replaced: 置き換え • overridden: 上書き • deleted: 削除 l description、speed/duplex など インターフェースのL1設定をする 設定対象・内容
  9. 9. 9 state: merged の動作 便利 - name: merged eos_interfaces: config: - name: Ethernet1 enabled: True - name: Ethernet2 description: 'Configured by Ansible' enabled: False state: merged interface Ethernet1 description Interface 1 ! interface Ethernet2 ! interface Management1 description Management interface ip address dhcp ・事前コンフィグ ・タスク interface Ethernet1 description Interface 1 ! interface Ethernet2 description Configured by Ansible shutdown ! interface Management1 description Management interface ip address dhcp ・事後コンフィグ 【実⾏コマンド】 interface Ethernet2 shutdown description Configured by Ansible l 指定したインターフェースの設定をマージ タスク・コンフィグ引⽤元: https://docs.ansible.com/ansible/latest/modules/eos_interfaces_module.html#examples
  10. 10. - name: replaced eos_interfaces: config: - name: Ethernet1 enabled: True - name: Ethernet2 description: 'Configured by Ansible' enabled: False state: replaced 10 state: replaced の動作 便利 interface Ethernet1 description Interface 1 ! interface Ethernet2 ! interface Management1 description Management interface ip address dhcp ・事前コンフィグ interface Ethernet1 (削除) ! interface Ethernet2 description Configured by Ansible shutdown ! interface Management1 description Management interface ip address dhcp ・事後コンフィグ 【実⾏コマンド】 interface Ethernet1 no description interface Ethernet2 shutdown description Configured by Ansible ・タスク l 指定したインターフェースの設定を置き換え Ethernet1のタスクに descriptionの指定が ないので削除 タスク・コンフィグ引⽤元: https://docs.ansible.com/ansible/latest/modules/eos_interfaces_module.html#examples
  11. 11. 11 state: overridden の動き 便利 - name: overridden eos_interfaces: config: - name: Ethernet1 enabled: True - name: Ethernet2 description: 'Configured by Ansible' enabled: False state: overridden interface Ethernet1 description Interface 1 ! interface Ethernet2 ! interface Management1 description Management interface ip address dhcp ・事前コンフィグ interface Ethernet1 (削除) ! interface Ethernet2 description Configured by Ansible shutdown ! interface Management1 (削除) ip address dhcp ・事後コンフィグ 【実⾏コマンド】 interface Ethernet1 no description interface Ethernet2 shutdown description Configured by Ansible interface Management1 no shutdown no description ちょっと 注意 タスクにEthernet3 ⾃体の定義がない のでL1設定削除 l インターフェース全体の設定を上書き。指定したインターフェース 以外のL1設定はデフォルト値に変更されるので注意 ・タスク タスク・コンフィグ引⽤元: https://docs.ansible.com/ansible/latest/modules/eos_interfaces_module.html#examples Ethernet1のタスクに descriptionの指定が ないので削除
  12. 12. 12 state: deleted の動作 便利 - name: deleted eos_interfaces: config: - name: Ethernet1 state: deleted interface Ethernet1 description Interface 1 ! interface Ethernet2 ! interface Management1 description Management interface ip address dhcp ・事前コンフィグ interface Ethernet1 (削除) ! interface Ethernet2 ! interface Management1 description Management interface ip address dhcp ・事後コンフィグ 【実⾏コマンド】 interface Ethernet1 no description no shutdown Ethernet1の L1情報削除 ・タスク l 指定したインターフェースをデフォルト値に変更 タスク・コンフィグ引⽤元: https://docs.ansible.com/ansible/latest/modules/eos_interfaces_module.html#examples
  13. 13. 13 影響範囲と動作まとめ 便利 state\IF Ehternet1 Ehternet2 Management1 merged config の指定IFを 【マージ】 (何もしない) replaced config の指定IFを 【置き換え】 (何もしない) overridden config の指定IFを 【上書き】 config の指定IF以外を デフォルトに変更 deleted config の指定IFを 【削除】 (何もしない) (何もしない) l overridden のみ指定IF以外のIFにも影響あり l check モードで実⾏し、タスク戻り値の中の command で、実⾏されるコマンドを確認するのが吉 ・ここまでのサンプルを例にした影響範囲と動作のまとめ https://www.ansible.com/blog/network-features-coming-soon-in-ansible-engine-2.9 ちょっと 注意 ※個⼈の検証結果に基づく
  14. 14. 14 ネットワーク共通
  15. 15. 15 fact 収集⽅式の統⼀化 https://www.ansible.com/blog/network-features-coming-soon-in-ansible-engine-2.9 ちょっと 注意 - hosts: ios gather_facts: yes tasks: - debug: var: ansible_facts.net_version 地味に 便利 l *_facts モジュールを使わなくても、 gather_facts: yes でネットワーク機器の fact を収集可能に ◦ *_facts モジュールの gather_subset: all 相当 gather_facts を有効 (デフォルト) Ansible 2.8 までは *_facts モジュールを 利⽤しないと取得できなかった変数の例。 Ansible 2.9 では表⽰可能
  16. 16. 16 不要な接続の抑⽌ https://github.com/ansible/ansible/pull/59153 https://tekunabe.hatenablog.jp/entry/2019/11/13/ansible_network_connection ちょっと 注意 - hosts: ios gather_facts: no tasks: - name: create directory file: state: directory path: logs run_once: yes - name: show command ios_command: commands: - show version register: result 地味に 便利 l 実際にネットワーク機器に接続が必要にな るまで接続しない仕様に変更 Ansible 2.8 まではこの種のタスクでも 接続していたため、接続や認証エラーも このタイミングで出る NW機器には接続不要な タスクなので接続しない ここではじめて NW機器に接続する
  17. 17. l 代わりに ios_logging、junos_userなどの ベンダー依存モジュール [netos]_* を利⽤ 17 多くの net_* モジュールが⾮推奨に https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.9.html#deprecation-notices ちょっと 注意 net_get、net_put、net_ping モジュールは残る ・⾮推奨(Deprecated)モジュール Deprecated• net_banner • net_interface • net_l2_interface • net_l3_interface • net_linkagg • net_lldp • net_lldp_interface • net_logging • net_static_route • net_system • net_user • net_vlan • net_vrf
  18. 18. l 代わりに *_interfaces、*_vlans などの Network Resource Modules を利⽤ 18 多くの インターフェース系モジュールが⾮推奨に https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.9.html#deprecation-notices ちょっと 注意 ・⾮推奨(Deprecated)モジュール Deprecated • eos_interface • eos_l2_interface • eos_l3_interface • eos_linkagg • eos_lldp_interface • eos_vlan • ios_interface • ios_l2_interface • ios_l3_interface • ios_vlan • iosxr_interface • junos_interface • junos_l2_interface • junos_l3_interface • junos_linkagg • junos_lldp • junos_lldp_interface • junos_vlan • nxos_interface • nxos_l2_interface • nxos_l3_interface • nxos_linkagg • nxos_vlan • vyos_interface • vyos_l3_interface • vyos_linkagg • vyos_lldp • vyos_lldp_interface
  19. 19. 19 FortiOS
  20. 20. 20 httpapi コネクションプラグインに対応 l Playbook をすっきり書ける https://docs.ansible.com/ansible/latest/plugins/httpapi/fortios.htm https://tekunabe.hatenablog.jp/entry/2019/11/04/ansible_fortios_httpail 便利 # group_vars/fortios.yml ansible_user: admin ansible_password: xxxxxx ansible_network_os: fortios ansible_connection: httpapi ansible_httpapi_validate_certs: no 【補⾜】 • Python ライブラリ「fortiosapi」は不要 • 現状、Python 2 ではエラーが発⽣ - name: configure address fortios_firewall_address: state: present firewall_address: name: websv101 subnet: 10.0.0.80/32 - name: configure address group fortios_firewall_addrgrp: state: present firewall_addrgrp: name: web member: - name: websv101 タスクごとの接続 情報の指定が不要 ・変数定義 ・Playbook (抜粋)
  21. 21. 21 httpapi コネクションプラグインに対応 l 【参考】今まで(legacy mode)は各タス クに都度接続情報を指定する必要があった 便利 - name: configure address fortios_firewall_address: host: "{{ ansible_host }}" username: "{{ ansible_user }}" password: "{{ ansible_password }}" ssl_verify: no state: present firewall_address: name: websv101 subnet: 10.0.0.80/32 - name: configure address group fortios_firewall_addrgrp: host: "{{ ansible_host }}" username: "{{ ansible_user }}" password: "{{ ansible_password }}" ssl_verify: no state: present firewall_addrgrp: name: web member: - name: websv101 接続情報をタスクごとに指定 接続情報をタスクごとに指定 【補⾜】 • このように各モジュールで接続情報を指 定すると、httpapiコネクションプラグイ ンを利⽤する指定をしても、強制的に legacy mode になるので注意
  22. 22. 22 証明書検証の有無の指定が可能に l 各モジュールのssl_verify オプション(デフォルト yes) l httpapi コネクションプラグイン利⽤の場合 は ansible_httpapi_validate_certs 変数 https://tekunabe.hatenablog.jp/entry/2019/11/04/ansible_fortios_httpai - name: facts fortios_facts: host: 10.0.0.254 username: admin password: xxxxx ssl_verify: no gather_subset: - fact: 'system_interface_select' # group_vars/fortios.yml ansible_user: admin ansible_password: xxxxxx ansible_network_os: fortios ansible_connection: httpapi ansible_httpapi_validate_certs: no ・httpapi コネクションプラグイン利⽤の場合・local コネクションプラグイン利⽤の場合 無効 無効 地味に 便利
  23. 23. 23 fortios_* モジュールが 204 個追加 l 計 427 個 ◦ ほとんどが httpapi コネクションプラグインにも対応 https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html - fortios fortios_address fortios_antivirus_heuristic fortios_antivirus_profile fortios_antivirus_quarantine fortios_antivirus_settings fortios_application_custom fortios_application_group fortios_application_list fortios_application_name fortios_application_rule_settings fortios_authentication_rule fortios_authentication_scheme fortios_authentication_setting fortios_config fortios_dlp_filepattern fortios_dlp_fp_doc_source fortios_dlp_fp_sensitivity fortios_dlp_sensor fortios_dlp_settings fortios_dnsfilter_domain_filter fortios_dnsfilter_profile fortios_endpoint_control_client fortios_endpoint_control_forticlient_ems fortios_endpoint_control_forticlient_registration_sync fortios_endpoint_control_profile fortios_endpoint_control_settings fortios_extender_controller_extender fortios_firewall_address fortios_firewall_address6 fortios_firewall_address6_template fortios_firewall_addrgrp fortios_firewall_addrgrp6 fortios_firewall_auth_portal fortios_firewall_central_snat_map fortios_firewall_dnstranslation fortios_firewall_DoS_policy fortios_firewall_DoS_policy6 fortios_firewall_identity_based_route fortios_firewall_interface_policy fortios_firewall_interface_policy6 fortios_firewall_internet_service fortios_firewall_internet_service_custom fortios_firewall_internet_service_group fortios_firewall_ip_translation fortios_firewall_ipmacbinding_setting fortios_firewall_ipmacbinding_table fortios_firewall_ippool fortios_firewall_ippool6 fortios_firewall_ipv6_eh_filter fortios_firewall_ldb_monitor fortios_firewall_local_in_policy fortios_firewall_local_in_policy6 fortios_firewall_multicast_address fortios_firewall_multicast_address6 fortios_firewall_multicast_policy fortios_firewall_multicast_policy6 fortios_firewall_policy fortios_firewall_policy46 fortios_firewall_policy6 fortios_firewall_policy64 fortios_firewall_profile_group fortios_firewall_profile_protocol_options fortios_firewall_proxy_address fortios_firewall_proxy_addrgrp fortios_firewall_proxy_policy fortios_firewall_schedule_group fortios_firewall_schedule_onetime fortios_firewall_schedule_recurring fortios_firewall_service_category fortios_firewall_service_custom fortios_firewall_service_group fortios_firewall_shaper_per_ip_shaper fortios_firewall_shaper_traffic_shaper fortios_firewall_shaping_policy fortios_firewall_shaping_profile fortios_firewall_sniffer fortios_firewall_ssh_host_key fortios_firewall_ssh_local_ca fortios_firewall_ssh_local_key fortios_firewall_ssh_setting fortios_firewall_ssl_server fortios_firewall_ssl_setting fortios_firewall_ssl_ssh_profile fortios_firewall_ttl_policy fortios_firewall_vip fortios_firewall_vip46 fortios_firewall_vip6 fortios_firewall_vip64 fortios_firewall_vipgrp fortios_firewall_vipgrp46 fortios_firewall_vipgrp6 fortios_firewall_vipgrp64 fortios_firewall_wildcard_fqdn_custom fortios_firewall_wildcard_fqdn_group fortios_ftp_proxy_explicit fortios_icap_profile fortios_icap_server fortios_ips_custom fortios_ips_decoder fortios_ips_global fortios_ips_rule fortios_ips_rule_settings fortios_ips_sensor fortios_ips_settings fortios_ipv4_policy fortios_log_custom_field fortios_log_disk_filter fortios_log_disk_setting fortios_log_eventfilter fortios_log_fortianalyzer2_filter fortios_log_fortianalyzer2_setting fortios_log_fortianalyzer3_filter fortios_log_fortianalyzer3_setting fortios_log_fortianalyzer_filter fortios_log_fortianalyzer_override_filter fortios_log_fortianalyzer_override_setting fortios_log_fortianalyzer_setting fortios_log_fortiguard_filter fortios_log_fortiguard_override_filter fortios_log_fortiguard_override_setting fortios_log_fortiguard_setting fortios_log_gui_display fortios_log_memory_filter fortios_log_memory_global_setting fortios_log_memory_setting fortios_log_null_device_filter fortios_log_null_device_setting fortios_log_setting fortios_log_syslogd2_filter fortios_log_syslogd2_setting fortios_log_syslogd3_filter fortios_log_syslogd3_setting fortios_log_syslogd4_filter fortios_log_syslogd4_setting fortios_log_syslogd_filter fortios_log_syslogd_override_filter fortios_log_syslogd_override_setting fortios_log_syslogd_setting fortios_log_threat_weight fortios_log_webtrends_filter fortios_log_webtrends_setting fortios_report_chart fortios_report_dataset fortios_report_layout fortios_report_setting fortios_report_style fortios_report_theme fortios_router_access_list fortios_router_auth_path fortios_router_bfd fortios_router_bfd6 fortios_router_bgp fortios_router_multicast fortios_router_multicast6 fortios_router_multicast_flow fortios_router_ospf fortios_router_ospf6 fortios_router_policy fortios_router_policy6 fortios_router_prefix_list fortios_router_rip fortios_router_setting fortios_router_static fortios_spamfilter_profile fortios_ssh_filter_profile fortios_switch_controller_global fortios_switch_controller_lldp_profile fortios_switch_controller_lldp_settings fortios_switch_controller_mac_sync_settings fortios_switch_controller_managed_switch fortios_switch_controller_network_monitor_settings fortios_system_accprofile fortios_system_admin fortios_system_api_user fortios_system_central_management fortios_system_dhcp_server fortios_system_dns fortios_system_global fortios_system_interface fortios_system_sdn_connector fortios_system_settings fortios_system_vdom fortios_system_virtual_wan_link fortios_user_adgrp fortios_user_radius fortios_user_tacacsplus fortios_voip_profile fortios_vpn_ipsec_concentrator fortios_vpn_ipsec_forticlient fortios_vpn_ipsec_manualkey fortios_vpn_ipsec_manualkey_interface fortios_vpn_ipsec_phase1 fortios_vpn_ipsec_phase1_interface fortios_vpn_ipsec_phase2 fortios_vpn_ipsec_phase2_interface fortios_vpn_ssl_settings fortios_vpn_ssl_web_portal fortios_waf_profile fortios_wanopt_profile fortios_wanopt_settings fortios_web_proxy_explicit fortios_web_proxy_global fortios_web_proxy_profile fortios_webfilter fortios_webfilter_content fortios_webfilter_content_header fortios_webfilter_fortiguard fortios_webfilter_ftgd_local_cat fortios_webfilter_ftgd_local_rating fortios_webfilter_ips_urlfilter_cache_setting fortios_webfilter_ips_urlfilter_setting fortios_webfilter_ips_urlfilter_setting6 fortios_webfilter_override fortios_webfilter_profile fortios_webfilter_search_engine fortios_webfilter_urlfilter fortios_wireless_controller_global fortios_wireless_controller_setting fortios_wireless_controller_utm_profile fortios_wireless_controller_vap fortios_wireless_controller_wids_profile fortios_wireless_controller_wtp fortios_wireless_controller_wtp_profile fortios_alertemail_setting fortios_facts fortios_router_access_list6 fortios_router_aspath_list fortios_router_community_list fortios_router_isis fortios_router_key_chain fortios_router_prefix_list6 fortios_router_ripng fortios_router_route_map fortios_router_static6 fortios_spamfilter_bwl fortios_spamfilter_bword fortios_spamfilter_dnsbl fortios_spamfilter_fortishield fortios_spamfilter_iptrust fortios_spamfilter_mheader fortios_spamfilter_options fortios_switch_controller_802_1X_settings fortios_switch_controller_custom_command fortios_switch_controller_igmp_snooping fortios_switch_controller_qos_dot1p_map fortios_switch_controller_qos_ip_dscp_map fortios_switch_controller_qos_qos_policy fortios_switch_controller_qos_queue_policy fortios_switch_controller_quarantine fortios_switch_controller_security_policy_802_1X fortios_switch_controller_security_policy_captive_portal fortios_switch_controller_sflow fortios_switch_controller_storm_control fortios_switch_controller_stp_settings fortios_switch_controller_switch_group fortios_switch_controller_switch_interface_tag fortios_switch_controller_switch_log fortios_switch_controller_switch_profile fortios_switch_controller_system fortios_switch_controller_virtual_port_pool fortios_switch_controller_vlan fortios_system_affinity_interrupt fortios_system_affinity_packet_redistribution fortios_system_alarm fortios_system_alias fortios_system_arp_table fortios_system_auto_install fortios_system_auto_script fortios_system_automation_action fortios_system_automation_destination fortios_system_automation_stitch fortios_system_automation_trigger fortios_system_autoupdate_push_update fortios_system_autoupdate_schedule fortios_system_autoupdate_tunneling fortios_system_cluster_sync fortios_system_console fortios_system_csf fortios_system_custom_language fortios_system_ddns fortios_system_dedicated_mgmt fortios_system_dhcp6_server fortios_system_dns_database fortios_system_dns_server fortios_system_dscp_based_priority fortios_system_email_server fortios_system_external_resource fortios_system_fips_cc fortios_system_firmware_upgrade fortios_system_fm fortios_system_fortiguard fortios_system_fortimanager fortios_system_fortisandbox fortios_system_fsso_polling fortios_system_ftm_push fortios_system_geoip_override fortios_system_gre_tunnel fortios_system_ha fortios_system_ha_monitor fortios_system_ipip_tunnel fortios_system_ips_urlfilter_dns fortios_system_ips_urlfilter_dns6 fortios_system_ipv6_neighbor_cache fortios_system_ipv6_tunnel fortios_system_link_monitor fortios_system_mac_address_table fortios_system_management_tunnel fortios_system_mobile_tunnel fortios_system_nat64 fortios_system_nd_proxy fortios_system_netflow fortios_system_network_visibility fortios_system_ntp fortios_system_object_tagging fortios_system_password_policy fortios_system_password_policy_guest_admin fortios_system_pppoe_interface fortios_system_probe_response fortios_system_proxy_arp fortios_system_replacemsg_admin fortios_system_replacemsg_alertmail fortios_system_replacemsg_auth fortios_system_replacemsg_device_detection_portal fortios_system_replacemsg_ec fortios_system_replacemsg_fortiguard_wf fortios_system_replacemsg_ftp fortios_system_replacemsg_group fortios_system_replacemsg_http fortios_system_replacemsg_icap fortios_system_replacemsg_image fortios_system_replacemsg_mail fortios_system_replacemsg_nac_quar fortios_system_replacemsg_nntp fortios_system_replacemsg_spam fortios_system_replacemsg_sslvpn fortios_system_replacemsg_traffic_quota fortios_system_replacemsg_utm fortios_system_replacemsg_webproxy fortios_system_resource_limits fortios_system_session_helper fortios_system_session_ttl fortios_system_sflow fortios_system_sit_tunnel fortios_system_sms_server fortios_system_snmp_community fortios_system_snmp_sysinfo fortios_system_snmp_user fortios_system_storage fortios_system_switch_interface fortios_system_tos_based_priority fortios_system_vdom_dns fortios_system_vdom_exception fortios_system_vdom_link fortios_system_vdom_netflow fortios_system_vdom_property fortios_system_vdom_radius_server fortios_system_vdom_sflow fortios_system_virtual_wire_pair fortios_system_vxlan f ortios_system_wccp fortios_system_zone fortios_user_device fortios_user_device_access_list fortios_user_device_category fortios_user_device_group fortios_user_domain_controller fortios_user_fortitoken fortios_user_fsso fortios_user_fsso_polling fortios_user_group fortios_user_krb_keytab fortios_user_ldap fortios_user_local fortios_user_password_policy fortios_user_peer fortios_user_peergrp fortios_user_pop3 fortios_user_quarantine fortios_user_security_exempt_list fortios_user_setting fortios_vpn_certificate_ca fortios_vpn_certificate_crl fortios_vpn_certificate_local fortios_vpn_certificate_ocsp_server fortios_vpn_certificate_remote fortios_vpn_certificate_setting fortios_vpn_l2tp fortios_vpn_pptp fortios_vpn_ssl_web_host_check_software fortios_vpn_ssl_web_realm fortios_vpn_ssl_web_user_bookmark fortios_vpn_ssl_web_user_group_bookmark fortios_waf_main_class fortios_waf_signature fortios_waf_sub_class fortios_wanopt_auth_group fortios_wanopt_cache_service fortios_wanopt_content_delivery_network_rule fortios_wanopt_peer fortios_wanopt_remote_storage fortios_wanopt_webcache fortios_web_proxy_debug_url fortios_web_proxy_forward_server fortios_web_proxy_forward_server_group fortios_web_proxy_url_match fortios_web_proxy_wisp fortios_wireless_controller_ap_status fortios_wireless_controller_ble_profile fortios_wireless_controller_bonjour_profile fortios_wireless_controller_hotspot20_anqp_3gpp_cellular fortios_wireless_controller_hotspot20_anqp_ip_address_type fortios_wireless_controller_hotspot20_anqp_nai_realm fortios_wireless_controller_hotspot20_anqp_network_auth_type fortios_wireless_controller_hotspot20_anqp_roaming_consortium fortios_wireless_controller_hotspot20_anqp_venue_name fortios_wireless_controller_hotspot20_h2qp_conn_capability fortios_wireless_controller_hotspot20_h2qp_operator_name fortios_wireless_controller_hotspot20_h2qp_osu_provider fortios_wireless_controller_hotspot20_h2qp_wan_metric fortios_wireless_controller_hotspot20_hs_profile fortios_wireless_controller_hotspot20_icon fortios_wireless_controller_hotspot20_qos_map fortios_wireless_controller_inter_controller fortios_wireless_controller_qos_profile fortios_wireless_controller_timers fortios_wireless_controller_vap_group fortios_wireless_controller_wtp_group 追加 便利
  24. 24. 24 Check Point
  25. 25. 25 cp_* モジュールが 90 個追加 l 計 99 個(checkpoint_* モジュールと合計) ◦ httpapi コネクションプラグインに対応 https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#check-point • checkpoint_access_layer_facts • checkpoint_access_rule • checkpoint_access_rule_facts • checkpoint_host • checkpoint_host_facts • checkpoint_object_facts • checkpoint_run_script • checkpoint_session • checkpoint_task_facts • cp_mgmt_access_layer • cp_mgmt_access_layer_facts • cp_mgmt_access_role • cp_mgmt_access_role_facts • cp_mgmt_access_rule • cp_mgmt_access_rule_facts • cp_mgmt_address_range • cp_mgmt_address_range_facts • cp_mgmt_administrator • cp_mgmt_administrator_facts • cp_mgmt_application_site • cp_mgmt_application_site_category • cp_mgmt_application_site_category_facts • cp_mgmt_application_site_facts • cp_mgmt_application_site_group • cp_mgmt_application_site_group_facts • cp_mgmt_assign_global_assignment • cp_mgmt_discard • cp_mgmt_dns_domain • cp_mgmt_dns_domain_facts • cp_mgmt_dynamic_object • cp_mgmt_dynamic_object_facts • cp_mgmt_exception_group • cp_mgmt_exception_group_facts • cp_mgmt_global_assignment • cp_mgmt_global_assignment_facts • cp_mgmt_group • cp_mgmt_group_facts • cp_mgmt_group_with_exclusion • cp_mgmt_group_with_exclusion_facts • cp_mgmt_host • cp_mgmt_host_facts • cp_mgmt_install_policy • cp_mgmt_mds_facts • cp_mgmt_multicast_address_range • cp_mgmt_multicast_address_range_facts • cp_mgmt_network • cp_mgmt_network_facts • cp_mgmt_package • cp_mgmt_package_facts • cp_mgmt_publish • cp_mgmt_put_file • cp_mgmt_run_ips_update • cp_mgmt_run_script • cp_mgmt_security_zone • cp_mgmt_security_zone_facts • cp_mgmt_service_dce_rpc • cp_mgmt_service_dce_rpc_facts • cp_mgmt_service_group • cp_mgmt_service_group_facts • cp_mgmt_service_icmp • cp_mgmt_service_icmp6 • cp_mgmt_service_icmp6_facts • cp_mgmt_service_icmp_facts • cp_mgmt_service_other • cp_mgmt_service_other_facts • cp_mgmt_service_rpc • cp_mgmt_service_rpc_facts • cp_mgmt_service_sctp • cp_mgmt_service_sctp_facts • cp_mgmt_service_tcp • cp_mgmt_service_tcp_facts • cp_mgmt_service_udp • cp_mgmt_service_udp_facts • cp_mgmt_session_facts • cp_mgmt_simple_gateway • cp_mgmt_simple_gateway_facts • cp_mgmt_tag • cp_mgmt_tag_facts • cp_mgmt_threat_exception • cp_mgmt_threat_exception_facts • cp_mgmt_threat_indicator • cp_mgmt_threat_indicator_facts • cp_mgmt_threat_layer • cp_mgmt_threat_layer_facts • cp_mgmt_threat_profile • cp_mgmt_threat_profile_facts • cp_mgmt_threat_protection_override • cp_mgmt_threat_rule • cp_mgmt_threat_rule_facts • cp_mgmt_time • cp_mgmt_time_facts • cp_mgmt_verify_policy • cp_mgmt_vpn_community_meshed • cp_mgmt_vpn_community_meshed_facts • cp_mgmt_vpn_community_star • cp_mgmt_vpn_community_star_facts • cp_mgmt_wildcard • cp_mgmt_wildcard_facts • cp_publish 追加 便利
  26. 26. 26 Junos
  27. 27. 27 junos_config モジュールのバグ修正 l コンフィグ変更時に check_commit オプ ションの値を反映するように ◦ Ansible 2.8 から本オプション⾃体はあったが、投⼊コンフィグの 指定がある時は無視されていた RP: https://github.com/ansible/ansible/pull/61969 地味に 便利 - name: junos test junos_config: lines: - set ntp server 10.0.0.123 check_commit: yes yes の場合 commit 前に 「commit check」する
  28. 28. 28 IOS XR
  29. 29. 29 IOS XR 専⽤ページが追加 l 接続オプションの説明 ◦ network_cli、netconf ◦ 各変数の指定⽅法 ◦ 使い分け https://docs.ansible.com/ansible/latest/network/user_guide/platform_iosxr.html 便利 各モジュールの説明ページ だけでは分かりにくかった 情報いろいろ
  30. 30. 30 commit 時のバグ修正 l commit 時に prompt が表⽰されると commit できないケースのバグ修正 *1 Issue: https://github.com/ansible/ansible/issues/54878 PR: https://github.com/ansible/ansible/pull/62132 地味に 便利 RP/0/RSP0/CPU0:ROUTER(config)#commit comment configured by iosxr_config This could be a few minutes if your config is large. Confirm? [y/n][confirm] Issue(*1) から引⽤ y/n を聞かれたりするパターンに対応
  31. 31. 31 その他
  32. 32. 32 その他はブログで https://tekunabe.hatenablog.jp/entry/2019/11/10/ansible29
  33. 33. 33 まとめ
  34. 34. まとめ 34 l Ansible 2.9 では多数のモジュール追加や、 仕様変更、便利な機能追加のほかに、 ちょっとした注意点もありました。 l アップデートの際の参考になれば幸いです。 便利 地味に 便利 ちょっと 注意 • Network Resource Module 追加 • fortios が httpapi コネクションプラグイン対応 • fortios、check_point モジュール⼤量追加 • fortios で証明書検証の有無の指定が可能に • *_interface/vlan 等のモジュール等が⾮推奨に • 多くの net_* モジュールが⾮推奨に 例:
  35. 35. 参考資料 35 l Ansible 2.9 CHANGELOG l https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#v2-9-0 l Ansible 2.9 Porting Guide l https://https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.9.html l 公式ブログ Ansible 2.9 情報 l https://www.ansible.com/blog/network-features-coming-soon-in-ansible-engine-2.9 l Deep Dive into Ansible Network Resource Module l https://www.ansible.com/deep-dive-into-ansible-network-resource-module l ⽇本語解説個⼈ブログ l https://tekunabe.hatenablog.jp/entry/2019/11/10/ansible29

×