Network Automation 02 - Ansible Play book for FTP server file synchronisation

In the last post, I introduced a Ansible playbook which can collect the updated router/ switch configuration files at regular intervals. However, saving the configuration files in the Ansible server is not a particular way to store those files. Because, in this way, you will have to allow the other users to login into this Ansible server and fetch the required configuration files. This may cause performance and security issues of this Ansible server. So, in our design, we build a central FTP/Web server. And the remote Ansible Servers collect the configuration files and synchronise those files with the central server.

The topology is shown as the follow diagram:

 Prerequisite:

There are a couple of prerequisite steps we need to completed before writing our Ansible Run book.

1. Install rsync on the every server including the remote Ansible Servers and the Central Server.

yum install rsync

2. Generate the Vault File

If the Vault file has been build in the previous config collection post, then ignore this step.


3. Install the FTP server in the central server

Please check my post to describe about how to setup FTP/SFTP server.


Step 1: Configure the host file

/etc/ansible/hosts [ftp] 192.168.1.216

Step 2: Configure the host var login file

/etc/ansible/group_vars/ ansible-vault create ftp ---   ansible_ssh_pass: 123456   ansible_ssh_user: root

Step 3: Create the Site YML file

/etc/ansible/ftp.yml ---   - hosts: ftp     gather_facts: no     become: no     roles:       - ftp-sync

Step 4: Initial the Ansible role "ftp-sync"

cd/etc/ansible/roles/ ansible-galaxy init ftp-sync

Step 5: Configure the tasks in "ftp-sync" role

This task will login to the central FTP server and synchronise the files from the local folder "/etc/ansible/backup" to the central server.

cd /etc/ansible/roles/ftp-sync/tasks/ vi main.yml ---   - name: syn files     synchronize:       src: /etc/ansible/backup       dest: /var/ftp/ansible/backup set_remote_user=no

Step 6: Enable SSH key based authentication on the Ansible server to bypass the password prompt in "rsync"

Ansible will utilize "rsync" to synchronise the files between the source and destination folders.

Although Ansible has the username/password to login to the Central server, the "rsync" doesn't have those details. So in order to avoid the "password prompt" pop up, we can enable SSH key based authentication for the Ansible Server on the Central server.

Please check my other post which describe how to enable SSH key based authentication for Linux.

Step 7: Setup CRON

# crontab /etc/crontab # vi /etc/crontab */5 * * * * ansible-playbook /etc/ansible/ftp.yml # every 5 minutes

Conclusion

This Ansible playbook achieve our gold to synchronise the configuration files collected by the remote Ansible server to the central storage server. The the users can fetch the configuration files from the central server via FTP, SFTP or HTTP.