Milestone 6 Blue Network and vyOS Provisioning with Ansible

New Module Functions

New Network & Get-IP

The New-Network function creates a new virtual network and corresponding virtual port group when given a name for the virtual network and the host that it will be added on. It first creates the virtual switch, which is then stored in a variable to be used when creating the virtual port group associated with that virtual switch. The function names the switch and port group the same thing to better associate the two objects.

The screenshot below shows the results of testing of the New-Network function.

The screenshot below shows the newly created virtual network in our ESXI host, further proving that the New-Network function successfully created a virtual switch and port group.

The Get-IP function prints the first IP and MAC address of a virtual machine when given its name. The function first uses the Get-VM function to acquire the virtual machine object. Then it acquires the network adapters for the virtual machine and stores the first mac address as a variable. It then acquires the first IP address of the virtual machine and prints both. It has error handling for when the name entered does not correspond with a virtual machine on the host.

The screenshot below shows the results of testing the Get-IP function. The first instance successfully prints the first IP and MAC address of the domain controller virtual machine. The second instance has a fictional virtual machine name, which leads to the error message, indicating that the error handling implemented works properly.

PowerOn-VM & PowerOff-VM

The screenshot below shows the PowerOn-VM and PowerOff-VM functions, which power on or power off a given virtual machine by name. They work in the same manner, just inversed. First, they check the power status of the given virtual machine. If the powerstatus is already what the function is going to do, whether that be to turn it on or off, it was write a message indicating so and ends the function. Otherwise, the virtual machine is turned on or turned off.

The screenshot below shows the results of the test of the PowerOn-VM and PowerOff-VM functions. The first instance indicates that the error handling properly works on the PowerOn-VM function. The second instance indicates that the PowerOff-VM function works properly, turning off the virtual machine. The third instance indicates that the PowerOn-VM function works properly, as the turned off virtual machine is then turned back on. Although not present in the screenshot, the error handling on PowerOff-VM has been tested and works properly given it shares the same logic as the PowerOn-VM error handling.

Set-Network

The Set-Network function allows the user to change the virtual network on a network adapter of the given virtual machine. First, it acquires the given virtual machine object based on name, and then acquires all the network adapters on the virtual machine and all the virtual networks present on the host. These network adapters are then listed for the user to select one based on an index. Error handling for out of scope index values is present. Once the network adapter is selected, all the virtual networks are listed for the user to select one based on an index. Again, error handling for out of scope index values is present. The selected network adapter is then modified to be on the selected virtual network. The user is then prompted if they wish to modify another network adapter. If they return yes, the function recursively calls itself and if they return no the function exits.

The screenshot below shows the Set-Network function being tested on the newly created "FW-Blue25`` linked virtual machine. In this case, the first network adapter needs to be connected to the 480-Internal network, while the second network adapter needs to be connected to the newly created Blue-25 virtual network. The screenshot shows that the index selection, modification of the network adapter, and recursion all work.

The screenshot below shows the network adapters of FW-Blue25 on the ESXI Host, which has 480-Internal on the first network adapter and Blue25 on the second network adapter. This confirms that the function worked properly and successfully configured the virtual networks on the virtual machine's network adapters.

Create Blue-25 Firewall

Use the 480driver.ps1 to create a linked clone named "FW-Blue25" based on the "vyos.base" virtual machine using its "Base" snapshot.

The screenshot below shows the new FW-Blue25 virtual machine in the ESXI host. confirming that it was created successfully.

Ansible

Installation

Use the following commands to install Ansible on the MGMT virtual machine.

sudo apt install sshpass python3-paramiko git
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible
ansible --version

The screenshot below shows the results of using ansible to determine its version. The return of its version indicates that ansible has successfully been installed.

The commands below disables SSH key checking on Ansible creating and modifying an ansible configuration file.

cat >> ~/.ansible.cfg << EOF                                                               
[defaults]
host_key_checking = false
EOF

Inventory File

The screenshot below shows the inventory file for our FW-Blue25 virtual machine. It classifies it as part of the "vyos" group, provides the IP, hostname, and MAC address of the device, and creates many variables which will be used to automatically configure the networking on the device. Lastly, it configures ansible's python interpreter to our python3 path.

The screenshot below shows the results of running ansible using the Ping method against our FW-Blue25 inventory. The virtual machine's user is provided and the password must be entered to properly ssh into the device. The test returns a "SUCCESS" status, indicating that ansible and the created inventory file both work properly.